7171982: Cipher getParameters() throws RuntimeException: Cannot find SunJCE provider

Reviewed-by: vinnie, wetmore

jdk/src/share/classes/com/sun/crypto/provider/CipherCore.java

@@ -426,17 +426,13 @@ final class CipherCore {
            }
         }
         try {
-            params = AlgorithmParameters.getInstance(algName, "SunJCE");
+            params = AlgorithmParameters.getInstance(algName,
+                    SunJCE.getInstance());
+            params.init(spec);
         } catch (NoSuchAlgorithmException nsae) {
             // should never happen
             throw new RuntimeException("Cannot find " + algName +
                 " AlgorithmParameters implementation in SunJCE provider");
-        } catch (NoSuchProviderException nspe) {
-            // should never happen
-            throw new RuntimeException("Cannot find SunJCE provider");
-        }
-        try {
-            params.init(spec);
         } catch (InvalidParameterSpecException ipse) {
             // should never happen
             throw new RuntimeException(spec.getClass() + " not supported");

jdk/src/share/classes/com/sun/crypto/provider/CipherWithWrappingSpi.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -169,7 +169,8 @@ public abstract class CipherWithWrappingSpi extends CipherSpi {
 
         try {
             KeyFactory keyFactory =
-                KeyFactory.getInstance(encodedKeyAlgorithm, "SunJCE");
+                KeyFactory.getInstance(encodedKeyAlgorithm,
+                    SunJCE.getInstance());
             X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey);
             key = keyFactory.generatePublic(keySpec);
         } catch (NoSuchAlgorithmException nsae) {
@@ -191,8 +192,6 @@ public abstract class CipherWithWrappingSpi extends CipherSpi {
             }
         } catch (InvalidKeySpecException ikse) {
             // Should never happen.
-        } catch (NoSuchProviderException nspe) {
-            // Should never happen.
         }
 
         return key;
@@ -215,7 +214,8 @@ public abstract class CipherWithWrappingSpi extends CipherSpi {
 
         try {
             KeyFactory keyFactory =
-                KeyFactory.getInstance(encodedKeyAlgorithm, "SunJCE");
+                KeyFactory.getInstance(encodedKeyAlgorithm,
+                    SunJCE.getInstance());
             PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey);
             return keyFactory.generatePrivate(keySpec);
         } catch (NoSuchAlgorithmException nsae) {
@@ -237,8 +237,6 @@ public abstract class CipherWithWrappingSpi extends CipherSpi {
             }
         } catch (InvalidKeySpecException ikse) {
             // Should never happen.
-        } catch (NoSuchProviderException nspe) {
-            // Should never happen.
         }
 
         return key;

jdk/src/share/classes/com/sun/crypto/provider/ConstructKeys.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,7 +30,6 @@ import java.security.PublicKey;
 import java.security.PrivateKey;
 import java.security.KeyFactory;
 import java.security.InvalidKeyException;
-import java.security.NoSuchProviderException;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
@@ -66,7 +65,8 @@ final class ConstructKeys {
 
         try {
             KeyFactory keyFactory =
-                KeyFactory.getInstance(encodedKeyAlgorithm, "SunJCE");
+                KeyFactory.getInstance(encodedKeyAlgorithm,
+                    SunJCE.getInstance());
             X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey);
             key = keyFactory.generatePublic(keySpec);
         } catch (NoSuchAlgorithmException nsae) {
@@ -94,8 +94,6 @@ final class ConstructKeys {
                 new InvalidKeyException("Cannot construct public key");
             ike.initCause(ikse);
             throw ike;
-        } catch (NoSuchProviderException nspe) {
-            // Should never happen.
         }
 
         return key;
@@ -118,7 +116,8 @@ final class ConstructKeys {
 
         try {
             KeyFactory keyFactory =
-                KeyFactory.getInstance(encodedKeyAlgorithm, "SunJCE");
+                KeyFactory.getInstance(encodedKeyAlgorithm,
+                    SunJCE.getInstance());
             PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encodedKey);
             return keyFactory.generatePrivate(keySpec);
         } catch (NoSuchAlgorithmException nsae) {
@@ -146,8 +145,6 @@ final class ConstructKeys {
                 new InvalidKeyException("Cannot construct private key");
             ike.initCause(ikse);
             throw ike;
-        } catch (NoSuchProviderException nspe) {
-            // Should never happen.
         }
 
         return key;

jdk/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java

@@ -389,17 +389,13 @@ public final class DESedeWrapCipher extends CipherSpi {
         if (iv != null) {
             String algo = cipherKey.getAlgorithm();
             try {
-                params = AlgorithmParameters.getInstance(algo, "SunJCE");
+                params = AlgorithmParameters.getInstance(algo,
+                    SunJCE.getInstance());
+                params.init(new IvParameterSpec(iv));
             } catch (NoSuchAlgorithmException nsae) {
                 // should never happen
                 throw new RuntimeException("Cannot find " + algo +
                     " AlgorithmParameters implementation in SunJCE provider");
-            } catch (NoSuchProviderException nspe) {
-                // should never happen
-                throw new RuntimeException("Cannot find SunJCE provider");
-            }
-            try {
-                params.init(new IvParameterSpec(iv));
             } catch (InvalidParameterSpecException ipse) {
                 // should never happen
                 throw new RuntimeException("IvParameterSpec not supported");

jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java

@@ -151,7 +151,8 @@ extends AlgorithmParameterGeneratorSpi {
                 dhParamSpec = new DHParameterSpec(dsaParamSpec.getP(),
                                                   dsaParamSpec.getG());
             }
-            algParams = AlgorithmParameters.getInstance("DH", "SunJCE");
+            algParams = AlgorithmParameters.getInstance("DH",
+                    SunJCE.getInstance());
             algParams.init(dhParamSpec);
         } catch (InvalidParameterSpecException e) {
             // this should never happen
@@ -159,11 +160,7 @@ extends AlgorithmParameterGeneratorSpi {
         } catch (NoSuchAlgorithmException e) {
             // this should never happen, because we provide it
             throw new RuntimeException(e.getMessage());
-        } catch (NoSuchProviderException e) {
-            // this should never happen, because we provide it
-            throw new RuntimeException(e.getMessage());
         }
-
         return algParams;
     }
 }

jdk/src/share/classes/com/sun/crypto/provider/KeyProtector.java

@@ -81,8 +81,6 @@ final class KeyProtector {
     // key protector
     private char[] password;
 
-    private static final Provider PROV = Security.getProvider("SunJCE");
-
     KeyProtector(char[] password) {
         if (password == null) {
            throw new IllegalArgumentException("password can't be null");
@@ -119,7 +117,7 @@ final class KeyProtector {
         // wrap encrypted private key in EncryptedPrivateKeyInfo
         // (as defined in PKCS#8)
         AlgorithmParameters pbeParams =
-            AlgorithmParameters.getInstance("PBE", PROV);
+            AlgorithmParameters.getInstance("PBE", SunJCE.getInstance());
         pbeParams.init(pbeSpec);
 
         AlgorithmId encrAlg = new AlgorithmId
@@ -299,7 +297,7 @@ final class KeyProtector {
 
         PBEWithMD5AndTripleDESCipher cipherSpi;
         cipherSpi = new PBEWithMD5AndTripleDESCipher();
-        cipher = new CipherForKeyProtector(cipherSpi, PROV,
+        cipher = new CipherForKeyProtector(cipherSpi, SunJCE.getInstance(),
                                            "PBEWithMD5AndTripleDES");
         cipher.init(Cipher.ENCRYPT_MODE, sKey, pbeSpec);
         return new SealedObjectForKeyProtector(key, cipher);
@@ -330,8 +328,9 @@ final class KeyProtector {
             }
             PBEWithMD5AndTripleDESCipher cipherSpi;
             cipherSpi = new PBEWithMD5AndTripleDESCipher();
-            Cipher cipher = new CipherForKeyProtector(cipherSpi, PROV,
+            Cipher cipher = new CipherForKeyProtector(cipherSpi,
-                                                   "PBEWithMD5AndTripleDES");
+                                                      SunJCE.getInstance(),
+                                                      "PBEWithMD5AndTripleDES");
             cipher.init(Cipher.DECRYPT_MODE, skey, params);
             return (Key)soForKeyProtector.getObject(cipher);
         } catch (NoSuchAlgorithmException ex) {

jdk/src/share/classes/com/sun/crypto/provider/PBECipherCore.java

@@ -169,16 +169,12 @@ final class PBECipherCore {
         PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
         try {
             params = AlgorithmParameters.getInstance("PBEWithMD5And" +
-                (algo.equalsIgnoreCase("DES")? "DES":"TripleDES"), "SunJCE");
+                (algo.equalsIgnoreCase("DES")? "DES":"TripleDES"),
+                    SunJCE.getInstance());
+            params.init(pbeSpec);
         } catch (NoSuchAlgorithmException nsae) {
             // should never happen
             throw new RuntimeException("SunJCE called, but not configured");
-        } catch (NoSuchProviderException nspe) {
-            // should never happen
-            throw new RuntimeException("SunJCE called, but not configured");
-        }
-        try {
-            params.init(pbeSpec);
         } catch (InvalidParameterSpecException ipse) {
             // should never happen
             throw new RuntimeException("PBEParameterSpec not supported");

jdk/src/share/classes/com/sun/crypto/provider/PBES1Core.java

@@ -169,16 +169,12 @@ final class PBES1Core {
         PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
         try {
             params = AlgorithmParameters.getInstance("PBEWithMD5And" +
-                (algo.equalsIgnoreCase("DES")? "DES":"TripleDES"), "SunJCE");
+                (algo.equalsIgnoreCase("DES")? "DES":"TripleDES"),
+                SunJCE.getInstance());
+            params.init(pbeSpec);
         } catch (NoSuchAlgorithmException nsae) {
             // should never happen
             throw new RuntimeException("SunJCE called, but not configured");
-        } catch (NoSuchProviderException nspe) {
-            // should never happen
-            throw new RuntimeException("SunJCE called, but not configured");
-        }
-        try {
-            params.init(pbeSpec);
         } catch (InvalidParameterSpecException ipse) {
             // should never happen
             throw new RuntimeException("PBEParameterSpec not supported");

jdk/src/share/classes/com/sun/crypto/provider/PBES2Core.java

@@ -25,11 +25,9 @@
 
 package com.sun.crypto.provider;
 
-import java.io.UnsupportedEncodingException;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.*;
-import javax.crypto.interfaces.*;
 import javax.crypto.spec.*;
 
 /**
@@ -145,16 +143,12 @@ abstract class PBES2Core extends CipherSpi {
         }
         PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount, ivSpec);
         try {
-            params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
+            params = AlgorithmParameters.getInstance(pbeAlgo,
+                SunJCE.getInstance());
+            params.init(pbeSpec);
         } catch (NoSuchAlgorithmException nsae) {
             // should never happen
             throw new RuntimeException("SunJCE called, but not configured");
-        } catch (NoSuchProviderException nspe) {
-            // should never happen
-            throw new RuntimeException("SunJCE called, but not configured");
-        }
-        try {
-            params.init(pbeSpec);
         } catch (InvalidParameterSpecException ipse) {
             // should never happen
             throw new RuntimeException("PBEParameterSpec not supported");

jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,7 +33,6 @@ import java.util.Arrays;
 import java.security.KeyRep;
 import java.security.GeneralSecurityException;
 import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
 import java.security.spec.InvalidKeySpecException;
 import javax.crypto.Mac;
 import javax.crypto.SecretKey;
@@ -106,17 +105,12 @@ final class PBKDF2KeyImpl implements javax.crypto.interfaces.PBEKey {
             throw new InvalidKeySpecException("Key length is negative");
         }
         try {
-            this.prf = Mac.getInstance(prfAlgo, "SunJCE");
+            this.prf = Mac.getInstance(prfAlgo, SunJCE.getInstance());
         } catch (NoSuchAlgorithmException nsae) {
             // not gonna happen; re-throw just in case
             InvalidKeySpecException ike = new InvalidKeySpecException();
             ike.initCause(nsae);
             throw ike;
-        } catch (NoSuchProviderException nspe) {
-            // Again, not gonna happen; re-throw just in case
-            InvalidKeySpecException ike = new InvalidKeySpecException();
-            ike.initCause(nspe);
-            throw ike;
         }
         this.key = deriveKey(prf, passwdBytes, salt, iterCount, keyLength);
     }

jdk/src/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java

@@ -25,7 +25,6 @@
 
 package com.sun.crypto.provider;
 
-import java.io.UnsupportedEncodingException;
 import java.math.BigInteger;
 import java.security.*;
 import java.security.spec.*;
@@ -232,14 +231,13 @@ final class PKCS12PBECipherCore {
         }
         PBEParameterSpec pbeSpec = new PBEParameterSpec(salt, iCount);
         try {
-            params = AlgorithmParameters.getInstance(pbeAlgo, "SunJCE");
+            params = AlgorithmParameters.getInstance(pbeAlgo,
-        } catch (GeneralSecurityException gse) {
+                SunJCE.getInstance());
+            params.init(pbeSpec);
+        } catch (NoSuchAlgorithmException nsae) {
             // should never happen
             throw new RuntimeException(
                 "SunJCE provider is not configured properly");
-        }
-        try {
-            params.init(pbeSpec);
         } catch (InvalidParameterSpecException ipse) {
             // should never happen
             throw new RuntimeException("PBEParameterSpec not supported");

jdk/src/share/classes/com/sun/crypto/provider/RSACipher.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -178,16 +178,14 @@ public final class RSACipher extends CipherSpi {
         if (spec != null) {
             try {
                 AlgorithmParameters params =
-                    AlgorithmParameters.getInstance("OAEP", "SunJCE");
+                    AlgorithmParameters.getInstance("OAEP",
+                        SunJCE.getInstance());
                 params.init(spec);
                 return params;
             } catch (NoSuchAlgorithmException nsae) {
                 // should never happen
                 throw new RuntimeException("Cannot find OAEP " +
                     " AlgorithmParameters implementation in SunJCE provider");
-            } catch (NoSuchProviderException nspe) {
-                // should never happen
-                throw new RuntimeException("Cannot find SunJCE provider");
             } catch (InvalidParameterSpecException ipse) {
                 // should never happen
                 throw new RuntimeException("OAEPParameterSpec not supported");

jdk/src/share/classes/com/sun/crypto/provider/SealedObjectForKeyProtector.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,14 +46,15 @@ final class SealedObjectForKeyProtector extends SealedObject {
         AlgorithmParameters params = null;
         if (super.encodedParams != null) {
             try {
-                params = AlgorithmParameters.getInstance("PBE", "SunJCE");
+                params = AlgorithmParameters.getInstance("PBE",
+                    SunJCE.getInstance());
                 params.init(super.encodedParams);
-            } catch (NoSuchProviderException nspe) {
-                // eat.
             } catch (NoSuchAlgorithmException nsae) {
-                //eat.
+                throw new RuntimeException(
-            } catch (IOException ioe) {
+                    "SunJCE provider is not configured properly");
-                //eat.
+            } catch (IOException io) {
+                throw new RuntimeException("Parameter failure: "+
+                    io.getMessage());
             }
         }
         return params;

jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java

@@ -91,6 +91,10 @@ public final class SunJCE extends Provider {
     /* Are we debugging? -- for developers */
     static final boolean debug = false;
 
+    // Instance of this provider, so we don't have to call the provider list
+    // to find ourselves or run the risk of not being in the list.
+    private static volatile SunJCE instance = null;
+
     // lazy initialize SecureRandom to avoid potential recursion if Sun
     // provider has not been installed yet
     private static class SecureRandomHolder {
@@ -770,5 +774,17 @@ public final class SunJCE extends Provider {
                     return null;
                 }
             });
+
+        if (instance == null) {
+            instance = this;
+        }
+    }
+
+    // Return the instance of this class or create one if needed.
+    static SunJCE getInstance() {
+        if (instance == null) {
+            return new SunJCE();
+        }
+        return instance;
     }
 }

jdk/test/com/sun/crypto/provider/Cipher/UTIL/SunJCEGetInstance.java

@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7171982
+ * @summary Test that SunJCE.getInstance() is retrieving a provider when
+ * SunJCE has been removed from the provider list.
+ */
+
+import java.security.Security;
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+
+
+public class SunJCEGetInstance {
+    public static void main(String[] args) throws Exception {
+        Cipher jce;
+
+        try{
+            // Remove SunJCE from Provider list
+            Security.removeProvider("SunJCE");
+
+            // Create our own instance of SunJCE provider.  Purposefully not
+            // using SunJCE.getInstance() so we can have our own instance
+            // for the test.
+            jce = Cipher.getInstance("AES/CBC/PKCS5Padding",
+                new com.sun.crypto.provider.SunJCE());
+
+            jce.init(Cipher.ENCRYPT_MODE,
+                new SecretKeySpec("1234567890abcedf".getBytes(), "AES"));
+            jce.doFinal("PlainText".getBytes());
+        } catch (Exception e) {
+            System.err.println("Setup failure:  ");
+            throw e;
+        }
+
+        // Get parameters which will call SunJCE.getInstance().  Failure
+        // would occur on this line.
+        try {
+            jce.getParameters().getEncoded();
+
+        } catch (Exception e) {
+            System.err.println("Test Failure");
+            throw e;
+        }
+        System.out.println("Passed");
+    }
+}