From 0b05ebed2ecd6ee8c5f0809194bd3f3b200a41a0 Mon Sep 17 00:00:00 2001 From: Valerie Peng Date: Thu, 13 Dec 2018 01:15:21 +0000 Subject: [PATCH] 7092821: java.security.Provider.getService() is synchronized and became scalability bottleneck Changed Provider class to use ConcurrentHashMap and default providers to use putService() Reviewed-by: weijun, mullan --- .../com/sun/crypto/provider/SunJCE.java | 1280 ++++++++--------- .../share/classes/java/security/Provider.java | 144 +- .../classes/sun/security/provider/Sun.java | 27 +- .../sun/security/provider/SunEntries.java | 380 +++-- .../provider/VerificationProvider.java | 34 +- .../classes/sun/security/rsa/SunRsaSign.java | 28 +- .../sun/security/rsa/SunRsaSignEntries.java | 163 +-- .../classes/sun/security/ssl/SunJSSE.java | 115 +- 8 files changed, 1019 insertions(+), 1152 deletions(-) diff --git a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java index eeda0f1af73..3a086cf2694 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java @@ -28,8 +28,12 @@ package com.sun.crypto.provider; import java.security.AccessController; import java.security.Provider; import java.security.SecureRandom; +import java.security.PrivilegedAction; +import java.util.HashMap; +import java.util.List; import static sun.security.util.SecurityConstants.PROVIDER_VER; - +import static sun.security.provider.SunEntries.createAliases; +import static sun.security.provider.SunEntries.createAliasesWithOid; /** * The "SunJCE" Cryptographic Service Provider. @@ -81,16 +85,6 @@ public final class SunJCE extends Provider { "(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, " + "Diffie-Hellman, HMAC, ChaCha20)"; - private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1"; - private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2"; - private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3"; - private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5"; - private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6"; - private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3"; - private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12"; - private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13"; - private static final String OID_PKCS3 = "1.2.840.113549.1.3.1"; - /* Are we debugging? -- for developers */ static final boolean debug = false; @@ -105,10 +99,105 @@ public final class SunJCE extends Provider { } static SecureRandom getRandom() { return SecureRandomHolder.RANDOM; } + private void ps(String type, String algo, String cn, + List aliases, HashMap attrs) { + putService(new Provider.Service(this, type, algo, cn, aliases, attrs)); + } + public SunJCE() { /* We are the "SunJCE" provider */ super("SunJCE", PROVIDER_VER, info); + // if there is no security manager installed, put directly into + // the provider + if (System.getSecurityManager() == null) { + putEntries(); + } else { + AccessController.doPrivileged(new PrivilegedAction() { + @Override + public Void run() { + putEntries(); + return null; + } + }); + } + if (instance == null) { + instance = this; + } + } + + void putEntries() { + // common aliases and oids + List aesAliases = createAliases("Rijndael"); + List desEdeAliases = createAliases("TripleDES"); + List arcFourAliases = createAliases("RC4"); + List sunTlsMSAliases = createAliases( + "SunTls12MasterSecret", "SunTlsExtendedMasterSecret" + ); + List sunTlsKMAliases = createAliases("SunTls12KeyMaterial"); + List sunTlsRsaPMSAliases = createAliases("SunTls12RsaPremasterSecret"); + + String aes128Oid = "2.16.840.1.101.3.4.1."; + String aes192Oid = "2.16.840.1.101.3.4.1.2"; + String aes256Oid = "2.16.840.1.101.3.4.1.4"; + + List pkcs12RC4_128Aliases = + createAliasesWithOid("1.2.840.113549.1.12.1.1"); + + List pkcs12RC4_40Aliases = + createAliasesWithOid("1.2.840.113549.1.12.1.2"); + + List pkcs12DESedeAliases = + createAliasesWithOid("1.2.840.113549.1.12.1.3"); + + List pkcs12RC2_128Aliases = + createAliasesWithOid("1.2.840.113549.1.12.1.5"); + + List pkcs12RC2_40Aliases = + createAliasesWithOid("1.2.840.113549.1.12.1.6"); + + List pkcs5MD5_DESAliases = + createAliasesWithOid("1.2.840.113549.1.5.3", "PBE"); + + List pkcs5PBKDF2Aliases = + createAliasesWithOid("1.2.840.113549.1.5.12"); + + List pkcs5PBES2Aliases = + createAliasesWithOid("1.2.840.113549.1.5.13"); + + List diffieHellmanAliases = + createAliasesWithOid("1.2.840.113549.1.3.1", "DH"); + + List chachaPolyAliases = + createAliasesWithOid("1.2.840.113549.1.9.16.3.18"); + + String macOidBase = "1.2.840.113549.2."; + List macSHA1Aliases = createAliasesWithOid(macOidBase + "7"); + List macSHA224Aliases = createAliasesWithOid(macOidBase + "8"); + List macSHA256Aliases = createAliasesWithOid(macOidBase + "9"); + List macSHA384Aliases = createAliasesWithOid(macOidBase + "10"); + List macSHA512Aliases = createAliasesWithOid(macOidBase + "11"); + + // reuse attribute map and reset before each reuse + HashMap attrs = new HashMap<>(3); + attrs.put("SupportedModes", "ECB"); + attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING" + + "|OAEPWITHMD5ANDMGF1PADDING" + + "|OAEPWITHSHA1ANDMGF1PADDING" + + "|OAEPWITHSHA-1ANDMGF1PADDING" + + "|OAEPWITHSHA-224ANDMGF1PADDING" + + "|OAEPWITHSHA-256ANDMGF1PADDING" + + "|OAEPWITHSHA-384ANDMGF1PADDING" + + "|OAEPWITHSHA-512ANDMGF1PADDING" + + "|OAEPWITHSHA-512/224ANDMGF1PADDING" + + "|OAEPWITHSHA-512/256ANDMGF1PADDING"); + attrs.put("SupportedKeyClasses", + "java.security.interfaces.RSAPublicKey" + + "|java.security.interfaces.RSAPrivateKey"); + ps("Cipher", "RSA", + "com.sun.crypto.provider.RSACipher", null, attrs); + + // common block cipher modes, pads final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" + "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" + "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64"; @@ -117,699 +206,536 @@ public final class SunJCE extends Provider { "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128"; final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING"; - AccessController.doPrivileged( - new java.security.PrivilegedAction() { - @Override - public Object run() { + attrs.clear(); + attrs.put("SupportedModes", BLOCK_MODES); + attrs.put("SupportedPaddings", BLOCK_PADS); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "DES", + "com.sun.crypto.provider.DESCipher", null, attrs); + ps("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher", + desEdeAliases, attrs); + ps("Cipher", "Blowfish", + "com.sun.crypto.provider.BlowfishCipher", null, attrs); - /* - * Cipher engines - */ - put("Cipher.RSA", "com.sun.crypto.provider.RSACipher"); - put("Cipher.RSA SupportedModes", "ECB"); - put("Cipher.RSA SupportedPaddings", - "NOPADDING|PKCS1PADDING|OAEPPADDING" - + "|OAEPWITHMD5ANDMGF1PADDING" - + "|OAEPWITHSHA1ANDMGF1PADDING" - + "|OAEPWITHSHA-1ANDMGF1PADDING" - + "|OAEPWITHSHA-224ANDMGF1PADDING" - + "|OAEPWITHSHA-256ANDMGF1PADDING" - + "|OAEPWITHSHA-384ANDMGF1PADDING" - + "|OAEPWITHSHA-512ANDMGF1PADDING" - + "|OAEPWITHSHA-512/224ANDMGF1PADDING" - + "|OAEPWITHSHA-512/256ANDMGF1PADDING"); - put("Cipher.RSA SupportedKeyClasses", - "java.security.interfaces.RSAPublicKey" + - "|java.security.interfaces.RSAPrivateKey"); + ps("Cipher", "RC2", + "com.sun.crypto.provider.RC2Cipher", null, attrs); - put("Cipher.DES", "com.sun.crypto.provider.DESCipher"); - put("Cipher.DES SupportedModes", BLOCK_MODES); - put("Cipher.DES SupportedPaddings", BLOCK_PADS); - put("Cipher.DES SupportedKeyFormats", "RAW"); + attrs.clear(); + attrs.put("SupportedModes", BLOCK_MODES128); + attrs.put("SupportedPaddings", BLOCK_PADS); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "AES", "com.sun.crypto.provider.AESCipher$General", + aesAliases, attrs); - put("Cipher.DESede", "com.sun.crypto.provider.DESedeCipher"); - put("Alg.Alias.Cipher.TripleDES", "DESede"); - put("Cipher.DESede SupportedModes", BLOCK_MODES); - put("Cipher.DESede SupportedPaddings", BLOCK_PADS); - put("Cipher.DESede SupportedKeyFormats", "RAW"); + attrs.clear(); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "AES_128/ECB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding", + createAliasesWithOid(aes128Oid+"1"), attrs); + ps("Cipher", "AES_128/CBC/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding", + createAliasesWithOid(aes128Oid+"2"), attrs); + ps("Cipher", "AES_128/OFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding", + createAliasesWithOid(aes128Oid+"3"), attrs); + ps("Cipher", "AES_128/CFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding", + createAliasesWithOid(aes128Oid+"4"), attrs); + ps("Cipher", "AES_128/GCM/NoPadding", + "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding", + createAliasesWithOid(aes128Oid+"6"), attrs); - put("Cipher.DESedeWrap", - "com.sun.crypto.provider.DESedeWrapCipher"); - put("Cipher.DESedeWrap SupportedModes", "CBC"); - put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING"); - put("Cipher.DESedeWrap SupportedKeyFormats", "RAW"); + ps("Cipher", "AES_192/ECB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding", + createAliasesWithOid(aes192Oid+"1"), attrs); + ps("Cipher", "AES_192/CBC/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding", + createAliasesWithOid(aes192Oid+"2"), attrs); + ps("Cipher", "AES_192/OFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding", + createAliasesWithOid(aes192Oid+"3"), attrs); + ps("Cipher", "AES_192/CFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding", + createAliasesWithOid(aes192Oid+"4"), attrs); + ps("Cipher", "AES_192/GCM/NoPadding", + "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding", + createAliasesWithOid(aes192Oid+"6"), attrs); - // PBES1 + ps("Cipher", "AES_256/ECB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding", + createAliasesWithOid(aes256Oid+"1"), attrs); + ps("Cipher", "AES_256/CBC/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding", + createAliasesWithOid(aes256Oid+"2"), attrs); + ps("Cipher", "AES_256/OFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding", + createAliasesWithOid(aes256Oid+"3"), attrs); + ps("Cipher", "AES_256/CFB/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding", + createAliasesWithOid(aes256Oid+"4"), attrs); + ps("Cipher", "AES_256/GCM/NoPadding", + "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding", + createAliasesWithOid(aes256Oid+"6"), attrs); - put("Cipher.PBEWithMD5AndDES", - "com.sun.crypto.provider.PBEWithMD5AndDESCipher"); - put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); + attrs.clear(); + attrs.put("SupportedModes", "CBC"); + attrs.put("SupportedPaddings", "NOPADDING"); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "DESedeWrap", + "com.sun.crypto.provider.DESedeWrapCipher", null, attrs); - put("Cipher.PBEWithMD5AndTripleDES", - "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher"); + attrs.clear(); + attrs.put("SupportedModes", "ECB"); + attrs.put("SupportedPaddings", "NOPADDING"); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "ARCFOUR", "com.sun.crypto.provider.ARCFOURCipher", + arcFourAliases, attrs); + ps("Cipher", "AESWrap", "com.sun.crypto.provider.AESWrapCipher$General", + null, attrs); + ps("Cipher", "AESWrap_128", + "com.sun.crypto.provider.AESWrapCipher$AES128", + createAliasesWithOid(aes128Oid+"5"), attrs); + ps("Cipher", "AESWrap_192", + "com.sun.crypto.provider.AESWrapCipher$AES192", + createAliasesWithOid(aes192Oid+"5"), attrs); + ps("Cipher", "AESWrap_256", + "com.sun.crypto.provider.AESWrapCipher$AES256", + createAliasesWithOid(aes256Oid+"5"), attrs); - put("Cipher.PBEWithSHA1AndDESede", - "com.sun.crypto.provider.PKCS12PBECipherCore$" + - "PBEWithSHA1AndDESede"); - put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - put("Alg.Alias.Cipher." + OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); + attrs.clear(); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Cipher", "ChaCha20", + "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only", + null, attrs); + ps("Cipher", "ChaCha20-Poly1305", + "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305", + chachaPolyAliases, attrs); - put("Cipher.PBEWithSHA1AndRC2_40", - "com.sun.crypto.provider.PKCS12PBECipherCore$" + - "PBEWithSHA1AndRC2_40"); - put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); + // PBES1 + ps("Cipher", "PBEWithMD5AndDES", + "com.sun.crypto.provider.PBEWithMD5AndDESCipher", + pkcs5MD5_DESAliases, null); + ps("Cipher", "PBEWithMD5AndTripleDES", + "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher", + null, null); + ps("Cipher", "PBEWithSHA1AndDESede", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede", + pkcs12DESedeAliases, null); + ps("Cipher", "PBEWithSHA1AndRC2_40", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40", + pkcs12RC2_40Aliases, null); + ps("Cipher", "PBEWithSHA1AndRC2_128", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128", + pkcs12RC2_128Aliases, null); + ps("Cipher", "PBEWithSHA1AndRC4_40", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40", + pkcs12RC4_40Aliases, null); - put("Cipher.PBEWithSHA1AndRC2_128", - "com.sun.crypto.provider.PKCS12PBECipherCore$" + - "PBEWithSHA1AndRC2_128"); - put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128, - "PBEWithSHA1AndRC2_128"); - put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128, - "PBEWithSHA1AndRC2_128"); + ps("Cipher", "PBEWithSHA1AndRC4_128", + "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128", + pkcs12RC4_128Aliases, null); - put("Cipher.PBEWithSHA1AndRC4_40", - "com.sun.crypto.provider.PKCS12PBECipherCore$" + - "PBEWithSHA1AndRC4_40"); - put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40, - "PBEWithSHA1AndRC4_40"); - put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40, - "PBEWithSHA1AndRC4_40"); + // PBES2 + ps("Cipher", "PBEWithHmacSHA1AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128", + null, null); - put("Cipher.PBEWithSHA1AndRC4_128", - "com.sun.crypto.provider.PKCS12PBECipherCore$" + - "PBEWithSHA1AndRC4_128"); - put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128, - "PBEWithSHA1AndRC4_128"); - put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128, - "PBEWithSHA1AndRC4_128"); + ps("Cipher", "PBEWithHmacSHA224AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128", + null, null); - //PBES2 + ps("Cipher", "PBEWithHmacSHA256AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128", + null, null); - put("Cipher.PBEWithHmacSHA1AndAES_128", - "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128"); + ps("Cipher", "PBEWithHmacSHA384AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128", + null, null); - put("Cipher.PBEWithHmacSHA224AndAES_128", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA224AndAES_128"); + ps("Cipher", "PBEWithHmacSHA512AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128", + null, null); - put("Cipher.PBEWithHmacSHA256AndAES_128", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA256AndAES_128"); + ps("Cipher", "PBEWithHmacSHA1AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256", + null, null); - put("Cipher.PBEWithHmacSHA384AndAES_128", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA384AndAES_128"); + ps("Cipher", "PBEWithHmacSHA224AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256", + null, null); - put("Cipher.PBEWithHmacSHA512AndAES_128", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA512AndAES_128"); + ps("Cipher", "PBEWithHmacSHA256AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256", + null, null); - put("Cipher.PBEWithHmacSHA1AndAES_256", - "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256"); + ps("Cipher", "PBEWithHmacSHA384AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256", + null, null); - put("Cipher.PBEWithHmacSHA224AndAES_256", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA224AndAES_256"); + ps("Cipher", "PBEWithHmacSHA512AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256", + null, null); - put("Cipher.PBEWithHmacSHA256AndAES_256", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA256AndAES_256"); + /* + * Key(pair) Generator engines + */ + ps("KeyGenerator", "DES", + "com.sun.crypto.provider.DESKeyGenerator", + null, null); + ps("KeyGenerator", "DESede", + "com.sun.crypto.provider.DESedeKeyGenerator", + desEdeAliases, null); + ps("KeyGenerator", "Blowfish", + "com.sun.crypto.provider.BlowfishKeyGenerator", + null, null); + ps("KeyGenerator", "AES", + "com.sun.crypto.provider.AESKeyGenerator", + aesAliases, null); + ps("KeyGenerator", "RC2", + "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator", + null, null); + ps("KeyGenerator", "ARCFOUR", + "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator", + arcFourAliases, null); + ps("KeyGenerator", "ChaCha20", + "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator", + null, null); + ps("KeyGenerator", "HmacMD5", + "com.sun.crypto.provider.HmacMD5KeyGenerator", + null, null); - put("Cipher.PBEWithHmacSHA384AndAES_256", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA384AndAES_256"); + ps("KeyGenerator", "HmacSHA1", + "com.sun.crypto.provider.HmacSHA1KeyGenerator", + macSHA1Aliases, null); + ps("KeyGenerator", "HmacSHA224", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224", + macSHA224Aliases, null); + ps("KeyGenerator", "HmacSHA256", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256", + macSHA256Aliases, null); + ps("KeyGenerator", "HmacSHA384", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384", + macSHA384Aliases, null); + ps("KeyGenerator", "HmacSHA512", + "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512", + macSHA512Aliases, null); - put("Cipher.PBEWithHmacSHA512AndAES_256", - "com.sun.crypto.provider.PBES2Core$" + - "HmacSHA512AndAES_256"); + ps("KeyPairGenerator", "DiffieHellman", + "com.sun.crypto.provider.DHKeyPairGenerator", + diffieHellmanAliases, null); - put("Cipher.Blowfish", - "com.sun.crypto.provider.BlowfishCipher"); - put("Cipher.Blowfish SupportedModes", BLOCK_MODES); - put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS); - put("Cipher.Blowfish SupportedKeyFormats", "RAW"); + /* + * Algorithm parameter generation engines + */ + ps("AlgorithmParameterGenerator", + "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator", + diffieHellmanAliases, null); - put("Cipher.AES", "com.sun.crypto.provider.AESCipher$General"); - put("Alg.Alias.Cipher.Rijndael", "AES"); - put("Cipher.AES SupportedModes", BLOCK_MODES128); - put("Cipher.AES SupportedPaddings", BLOCK_PADS); - put("Cipher.AES SupportedKeyFormats", "RAW"); - - put("Cipher.AES_128/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); - put("Cipher.AES_128/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); - put("Cipher.AES_128/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); - put("Cipher.AES_128/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); - put("Cipher.AES_128/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"); - - put("Cipher.AES_192/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); - put("Cipher.AES_192/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); - put("Cipher.AES_192/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); - put("Cipher.AES_192/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); - put("Cipher.AES_192/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"); - - put("Cipher.AES_256/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); - put("Cipher.AES_256/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); - put("Cipher.AES_256/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); - put("Cipher.AES_256/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); - put("Cipher.AES_256/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"); - - put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher$General"); - put("Cipher.AESWrap SupportedModes", "ECB"); - put("Cipher.AESWrap SupportedPaddings", "NOPADDING"); - put("Cipher.AESWrap SupportedKeyFormats", "RAW"); - - put("Cipher.AESWrap_128", "com.sun.crypto.provider.AESWrapCipher$AES128"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128"); - put("Cipher.AESWrap_192", "com.sun.crypto.provider.AESWrapCipher$AES192"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192"); - put("Cipher.AESWrap_256", "com.sun.crypto.provider.AESWrapCipher$AES256"); - put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256"); - put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256"); - - put("Cipher.RC2", - "com.sun.crypto.provider.RC2Cipher"); - put("Cipher.RC2 SupportedModes", BLOCK_MODES); - put("Cipher.RC2 SupportedPaddings", BLOCK_PADS); - put("Cipher.RC2 SupportedKeyFormats", "RAW"); - - put("Cipher.ARCFOUR", - "com.sun.crypto.provider.ARCFOURCipher"); - put("Alg.Alias.Cipher.RC4", "ARCFOUR"); - put("Cipher.ARCFOUR SupportedModes", "ECB"); - put("Cipher.ARCFOUR SupportedPaddings", "NOPADDING"); - put("Cipher.ARCFOUR SupportedKeyFormats", "RAW"); - - put("Cipher.ChaCha20", - "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only"); - put("Cipher.ChaCha20 SupportedKeyFormats", "RAW"); - put("Cipher.ChaCha20-Poly1305", - "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305"); - put("Cipher.ChaCha20-Poly1305 SupportedKeyFormats", "RAW"); - put("Alg.Alias.Cipher.1.2.840.113549.1.9.16.3.18", "ChaCha20-Poly1305"); - put("Alg.Alias.Cipher.OID.1.2.840.113549.1.9.16.3.18", "ChaCha20-Poly1305"); - - /* - * Key(pair) Generator engines - */ - put("KeyGenerator.DES", - "com.sun.crypto.provider.DESKeyGenerator"); - - put("KeyGenerator.DESede", - "com.sun.crypto.provider.DESedeKeyGenerator"); - put("Alg.Alias.KeyGenerator.TripleDES", "DESede"); - - put("KeyGenerator.Blowfish", - "com.sun.crypto.provider.BlowfishKeyGenerator"); - - put("KeyGenerator.AES", - "com.sun.crypto.provider.AESKeyGenerator"); - put("Alg.Alias.KeyGenerator.Rijndael", "AES"); - - put("KeyGenerator.RC2", - "com.sun.crypto.provider.KeyGeneratorCore$" + - "RC2KeyGenerator"); - put("KeyGenerator.ARCFOUR", - "com.sun.crypto.provider.KeyGeneratorCore$" + - "ARCFOURKeyGenerator"); - put("Alg.Alias.KeyGenerator.RC4", "ARCFOUR"); - - put("KeyGenerator.ChaCha20", - "com.sun.crypto.provider.KeyGeneratorCore$" + - "ChaCha20KeyGenerator"); - - put("KeyGenerator.HmacMD5", - "com.sun.crypto.provider.HmacMD5KeyGenerator"); - - put("KeyGenerator.HmacSHA1", - "com.sun.crypto.provider.HmacSHA1KeyGenerator"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1"); - - put("KeyGenerator.HmacSHA224", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224"); - - put("KeyGenerator.HmacSHA256", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256"); - - put("KeyGenerator.HmacSHA384", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384"); - - put("KeyGenerator.HmacSHA512", - "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512"); - put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512"); - put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512"); - - put("KeyPairGenerator.DiffieHellman", - "com.sun.crypto.provider.DHKeyPairGenerator"); - put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman"); - put("Alg.Alias.KeyPairGenerator.OID."+OID_PKCS3, - "DiffieHellman"); - put("Alg.Alias.KeyPairGenerator."+OID_PKCS3, - "DiffieHellman"); - - /* - * Algorithm parameter generation engines - */ - put("AlgorithmParameterGenerator.DiffieHellman", - "com.sun.crypto.provider.DHParameterGenerator"); - put("Alg.Alias.AlgorithmParameterGenerator.DH", - "DiffieHellman"); - put("Alg.Alias.AlgorithmParameterGenerator.OID."+OID_PKCS3, - "DiffieHellman"); - put("Alg.Alias.AlgorithmParameterGenerator."+OID_PKCS3, - "DiffieHellman"); - - /* - * Key Agreement engines - */ - put("KeyAgreement.DiffieHellman", - "com.sun.crypto.provider.DHKeyAgreement"); - put("Alg.Alias.KeyAgreement.DH", "DiffieHellman"); - put("Alg.Alias.KeyAgreement.OID."+OID_PKCS3, "DiffieHellman"); - put("Alg.Alias.KeyAgreement."+OID_PKCS3, "DiffieHellman"); - - put("KeyAgreement.DiffieHellman SupportedKeyClasses", - "javax.crypto.interfaces.DHPublicKey" + + /* + * Key Agreement engines + */ + attrs.clear(); + attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" + "|javax.crypto.interfaces.DHPrivateKey"); + ps("KeyAgreement", "DiffieHellman", + "com.sun.crypto.provider.DHKeyAgreement", + diffieHellmanAliases, attrs); + + /* + * Algorithm Parameter engines + */ + ps("AlgorithmParameters", "DiffieHellman", + "com.sun.crypto.provider.DHParameters", + diffieHellmanAliases, null); - /* - * Algorithm Parameter engines - */ - put("AlgorithmParameters.DiffieHellman", - "com.sun.crypto.provider.DHParameters"); - put("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS3, - "DiffieHellman"); - put("Alg.Alias.AlgorithmParameters."+OID_PKCS3, - "DiffieHellman"); - - put("AlgorithmParameters.DES", - "com.sun.crypto.provider.DESParameters"); - - put("AlgorithmParameters.DESede", - "com.sun.crypto.provider.DESedeParameters"); - put("Alg.Alias.AlgorithmParameters.TripleDES", "DESede"); - - put("AlgorithmParameters.PBE", - "com.sun.crypto.provider.PBEParameters"); - - put("AlgorithmParameters.PBEWithMD5AndDES", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - put("Alg.Alias.AlgorithmParameters."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - - put("AlgorithmParameters.PBEWithMD5AndTripleDES", - "com.sun.crypto.provider.PBEParameters"); - - put("AlgorithmParameters.PBEWithSHA1AndDESede", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - put("Alg.Alias.AlgorithmParameters."+OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - - put("AlgorithmParameters.PBEWithSHA1AndRC2_40", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - - put("AlgorithmParameters.PBEWithSHA1AndRC2_128", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128, - "PBEWithSHA1AndRC2_128"); - put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128, - "PBEWithSHA1AndRC2_128"); - - put("AlgorithmParameters.PBEWithSHA1AndRC4_40", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40, - "PBEWithSHA1AndRC4_40"); - put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40, - "PBEWithSHA1AndRC4_40"); - - put("AlgorithmParameters.PBEWithSHA1AndRC4_128", - "com.sun.crypto.provider.PBEParameters"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128, - "PBEWithSHA1AndRC4_128"); - put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128, - "PBEWithSHA1AndRC4_128"); - - put("AlgorithmParameters.PBES2", - "com.sun.crypto.provider.PBES2Parameters$General"); - put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2, - "PBES2"); - put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2, - "PBES2"); - - put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128"); - - put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128"); - - put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128"); - - put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128"); - - put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128"); - - put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256"); - - put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256"); - - put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256"); - - put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256"); - - put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256", - "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256"); - - put("AlgorithmParameters.Blowfish", - "com.sun.crypto.provider.BlowfishParameters"); - - put("AlgorithmParameters.AES", - "com.sun.crypto.provider.AESParameters"); - put("Alg.Alias.AlgorithmParameters.Rijndael", "AES"); - put("AlgorithmParameters.GCM", - "com.sun.crypto.provider.GCMParameters"); - - - put("AlgorithmParameters.RC2", - "com.sun.crypto.provider.RC2Parameters"); - - put("AlgorithmParameters.OAEP", - "com.sun.crypto.provider.OAEPParameters"); - - put("AlgorithmParameters.ChaCha20-Poly1305", - "com.sun.crypto.provider.ChaCha20Poly1305Parameters"); - - /* - * Key factories - */ - put("KeyFactory.DiffieHellman", - "com.sun.crypto.provider.DHKeyFactory"); - put("Alg.Alias.KeyFactory.DH", "DiffieHellman"); - put("Alg.Alias.KeyFactory.OID."+OID_PKCS3, - "DiffieHellman"); - put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman"); - - /* - * Secret-key factories - */ - put("SecretKeyFactory.DES", - "com.sun.crypto.provider.DESKeyFactory"); - - put("SecretKeyFactory.DESede", - "com.sun.crypto.provider.DESedeKeyFactory"); - put("Alg.Alias.SecretKeyFactory.TripleDES", "DESede"); - - put("SecretKeyFactory.PBEWithMD5AndDES", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES" - ); - put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - put("Alg.Alias.SecretKeyFactory."+OID_PKCS5_MD5_DES, - "PBEWithMD5AndDES"); - - put("Alg.Alias.SecretKeyFactory.PBE", - "PBEWithMD5AndDES"); - - /* - * Internal in-house crypto algorithm used for - * the JCEKS keystore type. Since this was developed - * internally, there isn't an OID corresponding to this - * algorithm. - */ - put("SecretKeyFactory.PBEWithMD5AndTripleDES", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithMD5AndTripleDES" - ); - - put("SecretKeyFactory.PBEWithSHA1AndDESede", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede" - ); - put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede, - "PBEWithSHA1AndDESede"); - - put("SecretKeyFactory.PBEWithSHA1AndRC2_40", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40" - ); - put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40, - "PBEWithSHA1AndRC2_40"); - - put("SecretKeyFactory.PBEWithSHA1AndRC2_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128" - ); - put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128, - "PBEWithSHA1AndRC2_128"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128, - "PBEWithSHA1AndRC2_128"); - - put("SecretKeyFactory.PBEWithSHA1AndRC4_40", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40" - ); - - put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40, - "PBEWithSHA1AndRC4_40"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40, - "PBEWithSHA1AndRC4_40"); - - put("SecretKeyFactory.PBEWithSHA1AndRC4_128", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128" - ); - - put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128, - "PBEWithSHA1AndRC4_128"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128, - "PBEWithSHA1AndRC4_128"); - - put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA1AndAES_128"); - - put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA224AndAES_128"); - - put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA256AndAES_128"); - - put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA384AndAES_128"); - - put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA512AndAES_128"); - - put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA1AndAES_256"); - - put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA224AndAES_256"); - - put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA256AndAES_256"); - - put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA384AndAES_256"); - - put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$" + - "PBEWithHmacSHA512AndAES_256"); - - // PBKDF2 - - put("SecretKeyFactory.PBKDF2WithHmacSHA1", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA1"); - put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2, - "PBKDF2WithHmacSHA1"); - put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2, - "PBKDF2WithHmacSHA1"); - - put("SecretKeyFactory.PBKDF2WithHmacSHA224", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA224"); - put("SecretKeyFactory.PBKDF2WithHmacSHA256", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA256"); - put("SecretKeyFactory.PBKDF2WithHmacSHA384", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA384"); - put("SecretKeyFactory.PBKDF2WithHmacSHA512", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA512"); - - /* - * MAC - */ - put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5"); - put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1"); - put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); - put("Mac.HmacSHA224", - "com.sun.crypto.provider.HmacCore$HmacSHA224"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224"); - put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224"); - put("Mac.HmacSHA256", - "com.sun.crypto.provider.HmacCore$HmacSHA256"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256"); - put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); - put("Mac.HmacSHA384", - "com.sun.crypto.provider.HmacCore$HmacSHA384"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384"); - put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); - put("Mac.HmacSHA512", - "com.sun.crypto.provider.HmacCore$HmacSHA512"); - put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512"); - put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); - - // TODO: aliases with OIDs - put("Mac.HmacSHA512/224", - "com.sun.crypto.provider.HmacCore$HmacSHA512_224"); - put("Mac.HmacSHA512/256", - "com.sun.crypto.provider.HmacCore$HmacSHA512_256"); - - put("Mac.HmacPBESHA1", - "com.sun.crypto.provider.HmacPKCS12PBESHA1"); - - // PBMAC1 - - put("Mac.PBEWithHmacSHA1", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA1"); - put("Mac.PBEWithHmacSHA224", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA224"); - put("Mac.PBEWithHmacSHA256", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA256"); - put("Mac.PBEWithHmacSHA384", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA384"); - put("Mac.PBEWithHmacSHA512", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA512"); - - put("Mac.SslMacMD5", - "com.sun.crypto.provider.SslMacCore$SslMacMD5"); - put("Mac.SslMacSHA1", - "com.sun.crypto.provider.SslMacCore$SslMacSHA1"); - - put("Mac.HmacMD5 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA1 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA224 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA256 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA384 SupportedKeyFormats", "RAW"); - put("Mac.HmacSHA512 SupportedKeyFormats", "RAW"); - put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW"); - put("Mac.PBEWithHmacSHA1 SupportedKeyFormatS", "RAW"); - put("Mac.PBEWithHmacSHA224 SupportedKeyFormats", "RAW"); - put("Mac.PBEWithHmacSHA256 SupportedKeyFormats", "RAW"); - put("Mac.PBEWithHmacSHA384 SupportedKeyFormats", "RAW"); - put("Mac.PBEWithHmacSHA512 SupportedKeyFormats", "RAW"); - put("Mac.SslMacMD5 SupportedKeyFormats", "RAW"); - put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW"); - - /* - * KeyStore - */ - put("KeyStore.JCEKS", "com.sun.crypto.provider.JceKeyStore"); - - /* - * SSL/TLS mechanisms - * - * These are strictly internal implementations and may - * be changed at any time. These names were chosen - * because PKCS11/SunPKCS11 does not yet have TLS1.2 - * mechanisms, and it will cause calls to come here. - */ - put("KeyGenerator.SunTlsPrf", - "com.sun.crypto.provider.TlsPrfGenerator$V10"); - put("KeyGenerator.SunTls12Prf", - "com.sun.crypto.provider.TlsPrfGenerator$V12"); - - put("KeyGenerator.SunTlsMasterSecret", - "com.sun.crypto.provider.TlsMasterSecretGenerator"); - put("Alg.Alias.KeyGenerator.SunTls12MasterSecret", - "SunTlsMasterSecret"); - put("Alg.Alias.KeyGenerator.SunTlsExtendedMasterSecret", - "SunTlsMasterSecret"); - - put("KeyGenerator.SunTlsKeyMaterial", - "com.sun.crypto.provider.TlsKeyMaterialGenerator"); - put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial", - "SunTlsKeyMaterial"); - - put("KeyGenerator.SunTlsRsaPremasterSecret", - "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator"); - put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret", - "SunTlsRsaPremasterSecret"); - - return null; - } - }); - - if (instance == null) { - instance = this; - } + ps("AlgorithmParameters", "DES", + "com.sun.crypto.provider.DESParameters", + null, null); + + ps("AlgorithmParameters", "DESede", + "com.sun.crypto.provider.DESedeParameters", + desEdeAliases, null); + + ps("AlgorithmParameters", "PBEWithMD5AndDES", + "com.sun.crypto.provider.PBEParameters", + pkcs5MD5_DESAliases, null); + + ps("AlgorithmParameters", "PBEWithMD5AndTripleDES", + "com.sun.crypto.provider.PBEParameters", + null, null); + + ps("AlgorithmParameters", "PBEWithSHA1AndDESede", + "com.sun.crypto.provider.PBEParameters", + pkcs12DESedeAliases, null); + + ps("AlgorithmParameters", "PBEWithSHA1AndRC2_40", + "com.sun.crypto.provider.PBEParameters", + pkcs12RC2_40Aliases, null); + + ps("AlgorithmParameters", "PBEWithSHA1AndRC2_128", + "com.sun.crypto.provider.PBEParameters", + pkcs12RC2_128Aliases, null); + + ps("AlgorithmParameters", "PBEWithSHA1AndRC4_40", + "com.sun.crypto.provider.PBEParameters", + pkcs12RC4_40Aliases, null); + + ps("AlgorithmParameters", "PBEWithSHA1AndRC4_128", + "com.sun.crypto.provider.PBEParameters", + pkcs12RC4_128Aliases, null); + + ps("AlgorithmParameters", "PBES2", + "com.sun.crypto.provider.PBES2Parameters$General", + pkcs5PBES2Aliases, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_128", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_128", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_128", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_128", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_128", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_256", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_256", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_256", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_256", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256", + null, null); + + ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_256", + "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256", + null, null); + + ps("AlgorithmParameters", "Blowfish", + "com.sun.crypto.provider.BlowfishParameters", + null, null); + + ps("AlgorithmParameters", "AES", + "com.sun.crypto.provider.AESParameters", + aesAliases, null); + + ps("AlgorithmParameters", "GCM", + "com.sun.crypto.provider.GCMParameters", + null, null); + + ps("AlgorithmParameters", "RC2", + "com.sun.crypto.provider.RC2Parameters", + null, null); + + ps("AlgorithmParameters", "OAEP", + "com.sun.crypto.provider.OAEPParameters", + null, null); + + ps("AlgorithmParameters", "ChaCha20-Poly1305", + "com.sun.crypto.provider.ChaCha20Poly1305Parameters", + chachaPolyAliases, null); + + /* + * Key factories + */ + ps("KeyFactory", "DiffieHellman", + "com.sun.crypto.provider.DHKeyFactory", + diffieHellmanAliases, null); + + /* + * Secret-key factories + */ + ps("SecretKeyFactory", "DES", + "com.sun.crypto.provider.DESKeyFactory", + null, null); + + ps("SecretKeyFactory", "DESede", + "com.sun.crypto.provider.DESedeKeyFactory", + desEdeAliases, null); + + ps("SecretKeyFactory", "PBEWithMD5AndDES", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES", + pkcs5MD5_DESAliases, null); + + /* + * Internal in-house crypto algorithm used for + * the JCEKS keystore type. Since this was developed + * internally, there isn't an OID corresponding to this + * algorithm. + */ + ps("SecretKeyFactory", "PBEWithMD5AndTripleDES", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES", + null, null); + + ps("SecretKeyFactory", "PBEWithSHA1AndDESede", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede", + pkcs12DESedeAliases, null); + + ps("SecretKeyFactory", "PBEWithSHA1AndRC2_40", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40", + pkcs12RC2_40Aliases, null); + + ps("SecretKeyFactory", "PBEWithSHA1AndRC2_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128", + pkcs12RC2_128Aliases, null); + + ps("SecretKeyFactory", "PBEWithSHA1AndRC4_40", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40", + pkcs12RC4_40Aliases,null); + + ps("SecretKeyFactory", "PBEWithSHA1AndRC4_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128", + pkcs12RC4_128Aliases, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256", + null, null); + + ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256", + null, null); + + // PBKDF2 + ps("SecretKeyFactory", "PBKDF2WithHmacSHA1", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA1", + pkcs5PBKDF2Aliases, null); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA224", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA224", + null, null); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA256", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA256", + null, null); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA384", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA384", + null, null); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA512", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA512", + null, null); + + /* + * MAC + */ + attrs.clear(); + attrs.put("SupportedKeyFormats", "RAW"); + ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs); + ps("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1", + macSHA1Aliases, attrs); + ps("Mac", "HmacSHA224", "com.sun.crypto.provider.HmacCore$HmacSHA224", + macSHA224Aliases, attrs); + ps("Mac", "HmacSHA256", "com.sun.crypto.provider.HmacCore$HmacSHA256", + macSHA256Aliases, attrs); + ps("Mac", "HmacSHA384", "com.sun.crypto.provider.HmacCore$HmacSHA384", + macSHA384Aliases, attrs); + ps("Mac", "HmacSHA512", "com.sun.crypto.provider.HmacCore$HmacSHA512", + macSHA512Aliases, attrs); + // TODO: aliases with OIDs + ps("Mac", "HmacSHA512/224", + "com.sun.crypto.provider.HmacCore$HmacSHA512_224", + null, attrs); + ps("Mac", "HmacSHA512/256", + "com.sun.crypto.provider.HmacCore$HmacSHA512_256", + null, attrs); + ps("Mac", "HmacPBESHA1", "com.sun.crypto.provider.HmacPKCS12PBESHA1", + null, attrs); + // PBMAC1 + ps("Mac", "PBEWithHmacSHA1", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs); + ps("Mac", "PBEWithHmacSHA224", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs); + ps("Mac", "PBEWithHmacSHA256", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs); + ps("Mac", "PBEWithHmacSHA384", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs); + ps("Mac", "PBEWithHmacSHA512", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs); + ps("Mac", "SslMacMD5", + "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs); + ps("Mac", "SslMacSHA1", + "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs); + + /* + * KeyStore + */ + ps("KeyStore", "JCEKS", + "com.sun.crypto.provider.JceKeyStore", + null, null); + + /* + * SSL/TLS mechanisms + * + * These are strictly internal implementations and may + * be changed at any time. These names were chosen + * because PKCS11/SunPKCS11 does not yet have TLS1.2 + * mechanisms, and it will cause calls to come here. + */ + ps("KeyGenerator", "SunTlsPrf", + "com.sun.crypto.provider.TlsPrfGenerator$V10", + null, null); + ps("KeyGenerator", "SunTls12Prf", + "com.sun.crypto.provider.TlsPrfGenerator$V12", + null, null); + + ps("KeyGenerator", "SunTlsMasterSecret", + "com.sun.crypto.provider.TlsMasterSecretGenerator", + createAliases("SunTls12MasterSecret", + "SunTlsExtendedMasterSecret"), null); + + ps("KeyGenerator", "SunTlsKeyMaterial", + "com.sun.crypto.provider.TlsKeyMaterialGenerator", + createAliases("SunTls12KeyMaterial"), null); + + ps("KeyGenerator", "SunTlsRsaPremasterSecret", + "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator", + createAliases("SunTls12RsaPremasterSecret"), null); } // Return the instance of this class or create one if needed. diff --git a/src/java.base/share/classes/java/security/Provider.java b/src/java.base/share/classes/java/security/Provider.java index 324de1bf9a4..3ebd72104ee 100644 --- a/src/java.base/share/classes/java/security/Provider.java +++ b/src/java.base/share/classes/java/security/Provider.java @@ -33,6 +33,7 @@ import java.lang.reflect.*; import java.util.function.BiConsumer; import java.util.function.BiFunction; import java.util.function.Function; +import java.util.concurrent.ConcurrentHashMap; /** * This class represents a "provider" for the @@ -225,6 +226,7 @@ public abstract class Provider extends Properties { this.version = version; this.versionStr = Double.toString(version); this.info = info; + this.serviceMap = new ConcurrentHashMap<>(); putId(); initialized = true; } @@ -262,6 +264,7 @@ public abstract class Provider extends Properties { this.versionStr = versionStr; this.version = parseVersionStr(versionStr); this.info = info; + this.serviceMap = new ConcurrentHashMap<>(); putId(); initialized = true; } @@ -852,10 +855,7 @@ public abstract class Provider extends Properties { // legacy properties changed since last call to any services method? private transient boolean legacyChanged; // serviceMap changed since last call to getServices() - private transient boolean servicesChanged; - - // Map - private transient Map legacyStrings; + private volatile transient boolean servicesChanged; // Map // used for services added via putService(), initialized on demand @@ -905,22 +905,18 @@ public abstract class Provider extends Properties { // otherwise, set version based on versionStr this.version = parseVersionStr(this.versionStr); } + this.serviceMap = new ConcurrentHashMap<>(); implClear(); initialized = true; putAll(copy); } - private boolean checkLegacy(Object key) { + private static boolean isProviderInfo(Object key) { String keyString = (String)key; if (keyString.startsWith("Provider.")) { - return false; + return true; } - - legacyChanged = true; - if (legacyStrings == null) { - legacyStrings = new LinkedHashMap<>(); - } - return true; + return false; } /** @@ -936,20 +932,20 @@ public abstract class Provider extends Properties { private Object implRemove(Object key) { if (key instanceof String) { - if (!checkLegacy(key)) { + if (isProviderInfo(key)) { return null; } - legacyStrings.remove((String)key); + legacyChanged = true; } return super.remove(key); } private boolean implRemove(Object key, Object value) { if (key instanceof String && value instanceof String) { - if (!checkLegacy(key)) { + if (isProviderInfo(key)) { return false; } - legacyStrings.remove((String)key, value); + legacyChanged = true; } return super.remove(key, value); } @@ -957,21 +953,20 @@ public abstract class Provider extends Properties { private boolean implReplace(Object key, Object oldValue, Object newValue) { if ((key instanceof String) && (oldValue instanceof String) && (newValue instanceof String)) { - if (!checkLegacy(key)) { + if (isProviderInfo(key)) { return false; } - legacyStrings.replace((String)key, (String)oldValue, - (String)newValue); + legacyChanged = true; } return super.replace(key, oldValue, newValue); } private Object implReplace(Object key, Object value) { if ((key instanceof String) && (value instanceof String)) { - if (!checkLegacy(key)) { + if (isProviderInfo(key)) { return null; } - legacyStrings.replace((String)key, (String)value); + legacyChanged = true; } return super.replace(key, value); } @@ -980,12 +975,6 @@ public abstract class Provider extends Properties { private void implReplaceAll(BiFunction function) { legacyChanged = true; - if (legacyStrings == null) { - legacyStrings = new LinkedHashMap<>(); - } else { - legacyStrings.replaceAll((BiFunction) function); - } super.replaceAll(function); } @@ -993,11 +982,10 @@ public abstract class Provider extends Properties { private Object implMerge(Object key, Object value, BiFunction remappingFunction) { if ((key instanceof String) && (value instanceof String)) { - if (!checkLegacy(key)) { + if (isProviderInfo(key)) { return null; } - legacyStrings.merge((String)key, (String)value, - (BiFunction) remappingFunction); + legacyChanged = true; } return super.merge(key, value, remappingFunction); } @@ -1006,11 +994,10 @@ public abstract class Provider extends Properties { private Object implCompute(Object key, BiFunction remappingFunction) { if (key instanceof String) { - if (!checkLegacy(key)) { + if (isProviderInfo(key)) { return null; } - legacyStrings.compute((String) key, - (BiFunction) remappingFunction); + legacyChanged = true; } return super.compute(key, remappingFunction); } @@ -1019,11 +1006,10 @@ public abstract class Provider extends Properties { private Object implComputeIfAbsent(Object key, Function mappingFunction) { if (key instanceof String) { - if (!checkLegacy(key)) { + if (isProviderInfo(key)) { return null; } - legacyStrings.computeIfAbsent((String) key, - (Function) mappingFunction); + legacyChanged = true; } return super.computeIfAbsent(key, mappingFunction); } @@ -1032,45 +1018,39 @@ public abstract class Provider extends Properties { private Object implComputeIfPresent(Object key, BiFunction remappingFunction) { if (key instanceof String) { - if (!checkLegacy(key)) { + if (isProviderInfo(key)) { return null; } - legacyStrings.computeIfPresent((String) key, - (BiFunction) remappingFunction); + legacyChanged = true; } return super.computeIfPresent(key, remappingFunction); } private Object implPut(Object key, Object value) { if ((key instanceof String) && (value instanceof String)) { - if (!checkLegacy(key)) { + if (isProviderInfo(key)) { return null; } - legacyStrings.put((String)key, (String)value); + legacyChanged = true; } return super.put(key, value); } private Object implPutIfAbsent(Object key, Object value) { if ((key instanceof String) && (value instanceof String)) { - if (!checkLegacy(key)) { + if (isProviderInfo(key)) { return null; } - legacyStrings.putIfAbsent((String)key, (String)value); + legacyChanged = true; } return super.putIfAbsent(key, value); } private void implClear() { - if (legacyStrings != null) { - legacyStrings.clear(); - } if (legacyMap != null) { legacyMap.clear(); } - if (serviceMap != null) { - serviceMap.clear(); - } + serviceMap.clear(); legacyChanged = false; servicesChanged = false; serviceSet = null; @@ -1090,13 +1070,13 @@ public abstract class Provider extends Properties { this.algorithm = intern ? algorithm.intern() : algorithm; } public int hashCode() { - return type.hashCode() + algorithm.hashCode(); + return Objects.hash(type, algorithm); } public boolean equals(Object obj) { if (this == obj) { return true; } - if (obj instanceof ServiceKey == false) { + if (!(obj instanceof ServiceKey)) { return false; } ServiceKey other = (ServiceKey)obj; @@ -1113,16 +1093,16 @@ public abstract class Provider extends Properties { * service objects. */ private void ensureLegacyParsed() { - if ((legacyChanged == false) || (legacyStrings == null)) { + if (legacyChanged == false) { return; } serviceSet = null; if (legacyMap == null) { - legacyMap = new LinkedHashMap<>(); + legacyMap = new ConcurrentHashMap<>(); } else { legacyMap.clear(); } - for (Map.Entry entry : legacyStrings.entrySet()) { + for (Map.Entry entry : super.entrySet()) { parseLegacyPut(entry.getKey(), entry.getValue()); } removeInvalidServices(legacyMap); @@ -1161,7 +1141,15 @@ public abstract class Provider extends Properties { private static final String ALIAS_PREFIX_LOWER = "alg.alias."; private static final int ALIAS_LENGTH = ALIAS_PREFIX.length(); - private void parseLegacyPut(String name, String value) { + private void parseLegacyPut(Object k, Object v) { + if (!(k instanceof String) || !(v instanceof String)) { + return; + } + String name = (String) k; + String value = (String) v; + if (isProviderInfo(name)) { + return; + } if (name.toLowerCase(ENGLISH).startsWith(ALIAS_PREFIX_LOWER)) { // e.g. put("Alg.Alias.MessageDigest.SHA", "SHA-1"); // aliasKey ~ MessageDigest.SHA @@ -1248,22 +1236,28 @@ public abstract class Provider extends Properties { * * @since 1.5 */ - public synchronized Service getService(String type, String algorithm) { + public Service getService(String type, String algorithm) { checkInitialized(); - // avoid allocating a new key object if possible + + // avoid allocating a new ServiceKey object if possible ServiceKey key = previousKey; if (key.matches(type, algorithm) == false) { key = new ServiceKey(type, algorithm, false); previousKey = key; } - if (serviceMap != null) { - Service service = serviceMap.get(key); - if (service != null) { - return service; + if (!serviceMap.isEmpty()) { + Service s = serviceMap.get(key); + if (s != null) { + return s; } } - ensureLegacyParsed(); - return (legacyMap != null) ? legacyMap.get(key) : null; + synchronized (this) { + ensureLegacyParsed(); + } + if (legacyMap != null && !legacyMap.isEmpty()) { + return legacyMap.get(key); + } + return null; } // ServiceKey from previous getService() call @@ -1292,10 +1286,10 @@ public abstract class Provider extends Properties { if (serviceSet == null) { ensureLegacyParsed(); Set set = new LinkedHashSet<>(); - if (serviceMap != null) { + if (!serviceMap.isEmpty()) { set.addAll(serviceMap.values()); } - if (legacyMap != null) { + if (legacyMap != null && !legacyMap.isEmpty()) { set.addAll(legacyMap.values()); } serviceSet = Collections.unmodifiableSet(set); @@ -1333,7 +1327,7 @@ public abstract class Provider extends Properties { * * @since 1.5 */ - protected synchronized void putService(Service s) { + protected void putService(Service s) { check("putProviderProperty." + name); if (debug != null) { debug.println(name + ".putService(): " + s); @@ -1345,20 +1339,18 @@ public abstract class Provider extends Properties { throw new IllegalArgumentException ("service.getProvider() must match this Provider object"); } - if (serviceMap == null) { - serviceMap = new LinkedHashMap<>(); - } - servicesChanged = true; String type = s.getType(); String algorithm = s.getAlgorithm(); ServiceKey key = new ServiceKey(type, algorithm, true); - // remove existing service implRemoveService(serviceMap.get(key)); serviceMap.put(key, s); for (String alias : s.getAliases()) { serviceMap.put(new ServiceKey(type, alias, true), s); } - putPropertyStrings(s); + servicesChanged = true; + synchronized (this) { + putPropertyStrings(s); + } } /** @@ -1425,7 +1417,7 @@ public abstract class Provider extends Properties { * * @since 1.5 */ - protected synchronized void removeService(Service s) { + protected void removeService(Service s) { check("removeProviderProperty." + name); if (debug != null) { debug.println(name + ".removeService(): " + s); @@ -1437,7 +1429,7 @@ public abstract class Provider extends Properties { } private void implRemoveService(Service s) { - if ((s == null) || (serviceMap == null)) { + if ((s == null) || serviceMap.isEmpty()) { return; } String type = s.getType(); @@ -1452,7 +1444,9 @@ public abstract class Provider extends Properties { for (String alias : s.getAliases()) { serviceMap.remove(new ServiceKey(type, alias, false)); } - removePropertyStrings(s); + synchronized (this) { + removePropertyStrings(s); + } } // Wrapped String that behaves in a case insensitive way for equals/hashCode diff --git a/src/java.base/share/classes/sun/security/provider/Sun.java b/src/java.base/share/classes/sun/security/provider/Sun.java index 4de677d4b87..3d7fcc75912 100644 --- a/src/java.base/share/classes/sun/security/provider/Sun.java +++ b/src/java.base/share/classes/sun/security/provider/Sun.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,7 +28,6 @@ package sun.security.provider; import java.util.*; import java.security.*; -import sun.security.action.PutAllAction; import static sun.security.util.SecurityConstants.PROVIDER_VER; @@ -51,17 +50,27 @@ public final class Sun extends Provider { /* We are the SUN provider */ super("SUN", PROVIDER_VER, INFO); + Provider p = this; + Iterator serviceIter = new SunEntries(p).iterator(); + // if there is no security manager installed, put directly into - // the provider. Otherwise, create a temporary map and use a - // doPrivileged() call at the end to transfer the contents + // the provider if (System.getSecurityManager() == null) { - SunEntries.putEntries(this); + putEntries(serviceIter); } else { - // use LinkedHashMap to preserve the order of the PRNGs - Map map = new LinkedHashMap<>(); - SunEntries.putEntries(map); - AccessController.doPrivileged(new PutAllAction(this, map)); + AccessController.doPrivileged(new PrivilegedAction() { + @Override + public Void run() { + putEntries(serviceIter); + return null; + } + }); } } + void putEntries(Iterator i) { + while (i.hasNext()) { + putService(i.next()); + } + } } diff --git a/src/java.base/share/classes/sun/security/provider/SunEntries.java b/src/java.base/share/classes/sun/security/provider/SunEntries.java index 872c14b7b55..905fa03ea40 100644 --- a/src/java.base/share/classes/sun/security/provider/SunEntries.java +++ b/src/java.base/share/classes/sun/security/provider/SunEntries.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,7 +27,7 @@ package sun.security.provider; import java.io.*; import java.net.*; -import java.util.Map; +import java.util.*; import java.security.*; import jdk.internal.util.StaticProperty; @@ -75,17 +75,28 @@ import sun.security.action.GetPropertyAction; * - JavaLoginConfig is the default file-based LoginModule Configuration type. */ -final class SunEntries { +public final class SunEntries { - private static final boolean useLegacyDSA = - Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty - ("jdk.security.legacyDSAKeyPairGenerator")); - - private SunEntries() { - // empty + // create an aliases List from the specified aliases + public static List createAliases(String ... aliases) { + return Arrays.asList(aliases); } - static void putEntries(Map map) { + // create an aliases List from the specified oid followed by other aliases + public static List createAliasesWithOid(String ... oids) { + String[] result = Arrays.copyOf(oids, oids.length + 1); + result[result.length - 1] = "OID." + oids[0]; + return Arrays.asList(result); + } + + // extend LinkedHashSet to preserve the ordering (needed by SecureRandom?) + SunEntries(Provider p) { + services = new LinkedHashSet<>(50, 0.9f); + + // start populating content using the specified provider + + // common attribute map + HashMap attrs = new HashMap<>(3); /* * SecureRandom @@ -100,266 +111,217 @@ final class SunEntries { boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) || seedSource.equals(URL_DEV_RANDOM); + attrs.put("ThreadSafe", "true"); if (nativeAvailable && useNativePRNG) { - map.put("SecureRandom.NativePRNG", - "sun.security.provider.NativePRNG"); - map.put("SecureRandom.NativePRNG ThreadSafe", "true"); + add(p, "SecureRandom", "NativePRNG", + "sun.security.provider.NativePRNG", null, attrs); } - - map.put("SecureRandom.DRBG", "sun.security.provider.DRBG"); - map.put("SecureRandom.DRBG ThreadSafe", "true"); - - map.put("SecureRandom.SHA1PRNG", - "sun.security.provider.SecureRandom"); - - map.put("SecureRandom.SHA1PRNG ThreadSafe", "true"); + attrs.put("ImplementedIn", "Software"); + add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", null, attrs); + add(p, "SecureRandom", "SHA1PRNG", + "sun.security.provider.SecureRandom", null, attrs); + attrs.remove("ImplementedIn"); if (nativeAvailable && !useNativePRNG) { - map.put("SecureRandom.NativePRNG", - "sun.security.provider.NativePRNG"); - map.put("SecureRandom.NativePRNG ThreadSafe", "true"); + add(p, "SecureRandom", "NativePRNG", "sun.security.provider.NativePRNG", + null, attrs); } if (NativePRNG.Blocking.isAvailable()) { - map.put("SecureRandom.NativePRNGBlocking", - "sun.security.provider.NativePRNG$Blocking"); - map.put("SecureRandom.NativePRNGBlocking ThreadSafe", "true"); + add(p, "SecureRandom", "NativePRNGBlocking", + "sun.security.provider.NativePRNG$Blocking", null, attrs); } - if (NativePRNG.NonBlocking.isAvailable()) { - map.put("SecureRandom.NativePRNGNonBlocking", - "sun.security.provider.NativePRNG$NonBlocking"); - map.put("SecureRandom.NativePRNGNonBlocking ThreadSafe", "true"); + add(p, "SecureRandom", "NativePRNGNonBlocking", + "sun.security.provider.NativePRNG$NonBlocking", null, attrs); } /* * Signature engines */ - map.put("Signature.SHA1withDSA", - "sun.security.provider.DSA$SHA1withDSA"); - map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA"); - map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA"); - map.put("Signature.SHA224withDSA", - "sun.security.provider.DSA$SHA224withDSA"); - map.put("Signature.SHA256withDSA", - "sun.security.provider.DSA$SHA256withDSA"); - - map.put("Signature.SHA1withDSAinP1363Format", - "sun.security.provider.DSA$SHA1withDSAinP1363Format"); - map.put("Signature.NONEwithDSAinP1363Format", - "sun.security.provider.DSA$RawDSAinP1363Format"); - map.put("Signature.SHA224withDSAinP1363Format", - "sun.security.provider.DSA$SHA224withDSAinP1363Format"); - map.put("Signature.SHA256withDSAinP1363Format", - "sun.security.provider.DSA$SHA256withDSAinP1363Format"); - + attrs.clear(); String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + "|java.security.interfaces.DSAPrivateKey"; - map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses); - map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses); - map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses); - map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses); + attrs.put("SupportedKeyClasses", dsaKeyClasses); + attrs.put("ImplementedIn", "Software"); - map.put("Alg.Alias.Signature.DSA", "SHA1withDSA"); - map.put("Alg.Alias.Signature.DSS", "SHA1withDSA"); - map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); - map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA"); - map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA"); - map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA"); - map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3", - "SHA1withDSA"); - map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); - map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA"); - map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA"); - map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1", - "SHA224withDSA"); - map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA"); - map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2", - "SHA256withDSA"); - map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA"); + attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures + + add(p, "Signature", "SHA1withDSA", + "sun.security.provider.DSA$SHA1withDSA", + createAliasesWithOid("1.2.840.10040.4.3", "DSA", "DSS", "SHA/DSA", + "SHA-1/DSA", "SHA1/DSA", "SHAwithDSA", "DSAWithSHA1", + "1.3.14.3.2.13", "1.3.14.3.2.27"), attrs); + add(p, "Signature", "NONEwithDSA", "sun.security.provider.DSA$RawDSA", + createAliases("RawDSA"), attrs); + + attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures + + add(p, "Signature", "SHA224withDSA", + "sun.security.provider.DSA$SHA224withDSA", + createAliasesWithOid("2.16.840.1.101.3.4.3.1"), attrs); + add(p, "Signature", "SHA256withDSA", + "sun.security.provider.DSA$SHA256withDSA", + createAliasesWithOid("2.16.840.1.101.3.4.3.2"), attrs); + + attrs.remove("KeySize"); + + add(p, "Signature", "SHA1withDSAinP1363Format", + "sun.security.provider.DSA$SHA1withDSAinP1363Format", + null, null); + add(p, "Signature", "NONEwithDSAinP1363Format", + "sun.security.provider.DSA$RawDSAinP1363Format", + null, null); + add(p, "Signature", "SHA224withDSAinP1363Format", + "sun.security.provider.DSA$SHA224withDSAinP1363Format", + null, null); + add(p, "Signature", "SHA256withDSAinP1363Format", + "sun.security.provider.DSA$SHA256withDSAinP1363Format", + null, null); /* * Key Pair Generator engines */ + attrs.clear(); + attrs.put("ImplementedIn", "Software"); + attrs.put("KeySize", "2048"); // for DSA KPG and APG only + + String dsaOid = "1.2.840.10040.4.1"; + List dsaAliases = createAliasesWithOid(dsaOid, "1.3.14.3.2.12"); String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); - map.put("KeyPairGenerator.DSA", dsaKPGImplClass); - map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); - map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); - map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); - - /* - * Digest engines - */ - map.put("MessageDigest.MD2", "sun.security.provider.MD2"); - map.put("MessageDigest.MD5", "sun.security.provider.MD5"); - map.put("MessageDigest.SHA", "sun.security.provider.SHA"); - - map.put("Alg.Alias.MessageDigest.SHA-1", "SHA"); - map.put("Alg.Alias.MessageDigest.SHA1", "SHA"); - map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA"); - map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA"); - - map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", - "SHA-224"); - - map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", - "SHA-256"); - map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", - "SHA-384"); - map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", - "SHA-512"); - map.put("MessageDigest.SHA-512/224", "sun.security.provider.SHA5$SHA512_224"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5", - "SHA-512/224"); - map.put("MessageDigest.SHA-512/256", "sun.security.provider.SHA5$SHA512_256"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6", - "SHA-512/256"); - - map.put("MessageDigest.SHA3-224", "sun.security.provider.SHA3$SHA224"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.7", "SHA3-224"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.7", - "SHA3-224"); - - map.put("MessageDigest.SHA3-256", "sun.security.provider.SHA3$SHA256"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.8", "SHA3-256"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.8", - "SHA3-256"); - map.put("MessageDigest.SHA3-384", "sun.security.provider.SHA3$SHA384"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.9", "SHA3-384"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.9", - "SHA3-384"); - map.put("MessageDigest.SHA3-512", "sun.security.provider.SHA3$SHA512"); - map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.10", "SHA3-512"); - map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.10", - "SHA3-512"); - + add(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, dsaAliases, attrs); /* * Algorithm Parameter Generator engines */ - map.put("AlgorithmParameterGenerator.DSA", - "sun.security.provider.DSAParameterGenerator"); + add(p, "AlgorithmParameterGenerator", "DSA", + "sun.security.provider.DSAParameterGenerator", dsaAliases, attrs); + attrs.remove("KeySize"); /* * Algorithm Parameter engines */ - map.put("AlgorithmParameters.DSA", - "sun.security.provider.DSAParameters"); - map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA"); - map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA"); - map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA"); + add(p, "AlgorithmParameters", "DSA", + "sun.security.provider.DSAParameters", dsaAliases, attrs); /* * Key factories */ - map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory"); - map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA"); - map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); - map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA"); + add(p, "KeyFactory", "DSA", "sun.security.provider.DSAKeyFactory", + dsaAliases, attrs); + + /* + * Digest engines + */ + add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", null, attrs); + add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", null, attrs); + add(p, "MessageDigest", "SHA", "sun.security.provider.SHA", + createAliasesWithOid("1.3.14.3.2.26", "SHA-1", "SHA1"), attrs); + + String sha2BaseOid = "2.16.840.1.101.3.4.2"; + add(p, "MessageDigest", "SHA-224", "sun.security.provider.SHA2$SHA224", + createAliasesWithOid(sha2BaseOid + ".4"), attrs); + add(p, "MessageDigest", "SHA-256", "sun.security.provider.SHA2$SHA256", + createAliasesWithOid(sha2BaseOid + ".1"), attrs); + add(p, "MessageDigest", "SHA-384", "sun.security.provider.SHA5$SHA384", + createAliasesWithOid(sha2BaseOid + ".2"), attrs); + add(p, "MessageDigest", "SHA-512", "sun.security.provider.SHA5$SHA512", + createAliasesWithOid(sha2BaseOid + ".3"), attrs); + add(p, "MessageDigest", "SHA-512/224", + "sun.security.provider.SHA5$SHA512_224", + createAliasesWithOid(sha2BaseOid + ".5"), attrs); + add(p, "MessageDigest", "SHA-512/256", + "sun.security.provider.SHA5$SHA512_256", + createAliasesWithOid(sha2BaseOid + ".6"), attrs); + add(p, "MessageDigest", "SHA3-224", "sun.security.provider.SHA3$SHA224", + createAliasesWithOid(sha2BaseOid + ".7"), attrs); + add(p, "MessageDigest", "SHA3-256", "sun.security.provider.SHA3$SHA256", + createAliasesWithOid(sha2BaseOid + ".8"), attrs); + add(p, "MessageDigest", "SHA3-384", "sun.security.provider.SHA3$SHA384", + createAliasesWithOid(sha2BaseOid + ".9"), attrs); + add(p, "MessageDigest", "SHA3-512", "sun.security.provider.SHA3$SHA512", + createAliasesWithOid(sha2BaseOid + ".10"), attrs); /* * Certificates */ - map.put("CertificateFactory.X.509", - "sun.security.provider.X509Factory"); - map.put("Alg.Alias.CertificateFactory.X509", "X.509"); + add(p, "CertificateFactory", "X.509", + "sun.security.provider.X509Factory", + createAliases("X509"), attrs); /* * KeyStore */ - map.put("KeyStore.PKCS12", - "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12"); - map.put("KeyStore.JKS", - "sun.security.provider.JavaKeyStore$DualFormatJKS"); - map.put("KeyStore.CaseExactJKS", - "sun.security.provider.JavaKeyStore$CaseExactJKS"); - map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS"); + add(p, "KeyStore", "PKCS12", + "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12", + null, null); + add(p, "KeyStore", "JKS", + "sun.security.provider.JavaKeyStore$DualFormatJKS", + null, attrs); + add(p, "KeyStore", "CaseExactJKS", + "sun.security.provider.JavaKeyStore$CaseExactJKS", + null, attrs); + add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS", + null, attrs); - /* - * Policy - */ - map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile"); - - /* - * Configuration - */ - map.put("Configuration.JavaLoginConfig", - "sun.security.provider.ConfigFile$Spi"); - - /* - * CertPathBuilder - */ - map.put("CertPathBuilder.PKIX", - "sun.security.provider.certpath.SunCertPathBuilder"); - map.put("CertPathBuilder.PKIX ValidationAlgorithm", - "RFC5280"); - - /* - * CertPathValidator - */ - map.put("CertPathValidator.PKIX", - "sun.security.provider.certpath.PKIXCertPathValidator"); - map.put("CertPathValidator.PKIX ValidationAlgorithm", - "RFC5280"); /* * CertStores */ - map.put("CertStore.Collection", - "sun.security.provider.certpath.CollectionCertStore"); - map.put("CertStore.com.sun.security.IndexedCollection", - "sun.security.provider.certpath.IndexedCollectionCertStore"); + add(p, "CertStore", "Collection", + "sun.security.provider.certpath.CollectionCertStore", + null, attrs); + add(p, "CertStore", "com.sun.security.IndexedCollection", + "sun.security.provider.certpath.IndexedCollectionCertStore", + null, attrs); /* - * KeySize + * Policy */ - map.put("Signature.NONEwithDSA KeySize", "1024"); - map.put("Signature.SHA1withDSA KeySize", "1024"); - map.put("Signature.SHA224withDSA KeySize", "2048"); - map.put("Signature.SHA256withDSA KeySize", "2048"); - - map.put("KeyPairGenerator.DSA KeySize", "2048"); - map.put("AlgorithmParameterGenerator.DSA KeySize", "2048"); + add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile", + null, null); /* - * Implementation type: software or hardware + * Configuration */ - map.put("Signature.SHA1withDSA ImplementedIn", "Software"); - map.put("KeyPairGenerator.DSA ImplementedIn", "Software"); - map.put("MessageDigest.MD5 ImplementedIn", "Software"); - map.put("MessageDigest.SHA ImplementedIn", "Software"); - map.put("AlgorithmParameterGenerator.DSA ImplementedIn", - "Software"); - map.put("AlgorithmParameters.DSA ImplementedIn", "Software"); - map.put("KeyFactory.DSA ImplementedIn", "Software"); - map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); - map.put("SecureRandom.DRBG ImplementedIn", "Software"); - map.put("CertificateFactory.X.509 ImplementedIn", "Software"); - map.put("KeyStore.JKS ImplementedIn", "Software"); - map.put("CertPathValidator.PKIX ImplementedIn", "Software"); - map.put("CertPathBuilder.PKIX ImplementedIn", "Software"); - map.put("CertStore.Collection ImplementedIn", "Software"); - map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn", - "Software"); + add(p, "Configuration", "JavaLoginConfig", + "sun.security.provider.ConfigFile$Spi", null, null); + /* + * CertPathBuilder and CertPathValidator + */ + attrs.clear(); + attrs.put("ValidationAlgorithm", "RFC5280"); + attrs.put("ImplementedIn", "Software"); + + add(p, "CertPathBuilder", "PKIX", + "sun.security.provider.certpath.SunCertPathBuilder", + null, attrs); + add(p, "CertPathValidator", "PKIX", + "sun.security.provider.certpath.PKIXCertPathValidator", + null, attrs); } + Iterator iterator() { + return services.iterator(); + } + + private void add(Provider p, String type, String algo, String cn, + List aliases, HashMap attrs) { + services.add(new Provider.Service(p, type, algo, cn, aliases, attrs)); + } + + private LinkedHashSet services; + // name of the *System* property, takes precedence over PROP_RNDSOURCE private static final String PROP_EGD = "java.security.egd"; // name of the *Security* property private static final String PROP_RNDSOURCE = "securerandom.source"; + private static final boolean useLegacyDSA = + Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty + ("jdk.security.legacyDSAKeyPairGenerator")); + static final String URL_DEV_RANDOM = "file:/dev/random"; static final String URL_DEV_URANDOM = "file:/dev/urandom"; diff --git a/src/java.base/share/classes/sun/security/provider/VerificationProvider.java b/src/java.base/share/classes/sun/security/provider/VerificationProvider.java index f4016a867f7..485e08605f1 100644 --- a/src/java.base/share/classes/sun/security/provider/VerificationProvider.java +++ b/src/java.base/share/classes/sun/security/provider/VerificationProvider.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,8 +28,6 @@ package sun.security.provider; import java.util.*; import java.security.*; -import sun.security.action.PutAllAction; - import sun.security.rsa.SunRsaSignEntries; import static sun.security.util.SecurityConstants.PROVIDER_VER; @@ -70,18 +68,30 @@ public final class VerificationProvider extends Provider { return; } + Provider p = this; + Iterator sunIter = new SunEntries(p).iterator(); + Iterator rsaIter = + new SunRsaSignEntries(p).iterator(); + // if there is no security manager installed, put directly into - // the provider. Otherwise, create a temporary map and use a - // doPrivileged() call at the end to transfer the contents + // the provider if (System.getSecurityManager() == null) { - SunEntries.putEntries(this); - SunRsaSignEntries.putEntries(this); + putEntries(sunIter); + putEntries(rsaIter); } else { - // use LinkedHashMap to preserve the order of the PRNGs - Map map = new LinkedHashMap<>(); - SunEntries.putEntries(map); - SunRsaSignEntries.putEntries(map); - AccessController.doPrivileged(new PutAllAction(this, map)); + AccessController.doPrivileged(new PrivilegedAction() { + public Void run() { + putEntries(sunIter); + putEntries(rsaIter); + return null; + } + }); + } + } + + void putEntries(Iterator i) { + while (i.hasNext()) { + putService(i.next()); } } diff --git a/src/java.base/share/classes/sun/security/rsa/SunRsaSign.java b/src/java.base/share/classes/sun/security/rsa/SunRsaSign.java index e80634c369b..2586a6a12cf 100644 --- a/src/java.base/share/classes/sun/security/rsa/SunRsaSign.java +++ b/src/java.base/share/classes/sun/security/rsa/SunRsaSign.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,7 +29,6 @@ import java.util.*; import java.security.*; -import sun.security.action.PutAllAction; import static sun.security.util.SecurityConstants.PROVIDER_VER; /** @@ -46,17 +45,24 @@ public final class SunRsaSign extends Provider { public SunRsaSign() { super("SunRsaSign", PROVIDER_VER, "Sun RSA signature provider"); - // if there is no security manager installed, put directly into - // the provider. Otherwise, create a temporary map and use a - // doPrivileged() call at the end to transfer the contents + Provider p = this; + Iterator serviceIter = new SunRsaSignEntries(p).iterator(); + if (System.getSecurityManager() == null) { - SunRsaSignEntries.putEntries(this); + putEntries(serviceIter); } else { - // use LinkedHashMap to preserve the order of the PRNGs - Map map = new HashMap<>(); - SunRsaSignEntries.putEntries(map); - AccessController.doPrivileged(new PutAllAction(this, map)); + AccessController.doPrivileged(new PrivilegedAction() { + @Override + public Void run() { + putEntries(serviceIter); + return null; + } + }); + } + } + void putEntries(Iterator i) { + while (i.hasNext()) { + putService(i.next()); } } - } diff --git a/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java b/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java index a5592d55495..a5cab587d28 100644 --- a/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java +++ b/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java @@ -25,7 +25,9 @@ package sun.security.rsa; -import java.util.Map; +import java.util.*; +import java.security.Provider; +import static sun.security.provider.SunEntries.createAliasesWithOid; /** * Defines the entries of the SunRsaSign provider. @@ -34,102 +36,81 @@ import java.util.Map; */ public final class SunRsaSignEntries { - private SunRsaSignEntries() { - // empty + private void add(Provider p, String type, String algo, String cn, + List aliases, HashMap attrs) { + services.add(new Provider.Service(p, type, algo, cn, aliases, attrs)); } - public static void putEntries(Map map) { + // extend LinkedHashSet for consistency with SunEntries + // used by sun.security.provider.VerificationProvider + public SunRsaSignEntries(Provider p) { + services = new LinkedHashSet<>(20, 0.9f); - // main algorithms - map.put("KeyFactory.RSA", - "sun.security.rsa.RSAKeyFactory$Legacy"); - map.put("KeyPairGenerator.RSA", - "sun.security.rsa.RSAKeyPairGenerator$Legacy"); - map.put("Signature.MD2withRSA", - "sun.security.rsa.RSASignature$MD2withRSA"); - map.put("Signature.MD5withRSA", - "sun.security.rsa.RSASignature$MD5withRSA"); - map.put("Signature.SHA1withRSA", - "sun.security.rsa.RSASignature$SHA1withRSA"); - map.put("Signature.SHA224withRSA", - "sun.security.rsa.RSASignature$SHA224withRSA"); - map.put("Signature.SHA256withRSA", - "sun.security.rsa.RSASignature$SHA256withRSA"); - map.put("Signature.SHA384withRSA", - "sun.security.rsa.RSASignature$SHA384withRSA"); - map.put("Signature.SHA512withRSA", - "sun.security.rsa.RSASignature$SHA512withRSA"); - map.put("Signature.SHA512/224withRSA", - "sun.security.rsa.RSASignature$SHA512_224withRSA"); - map.put("Signature.SHA512/256withRSA", - "sun.security.rsa.RSASignature$SHA512_256withRSA"); + // start populating content using the specified provider - map.put("KeyFactory.RSASSA-PSS", - "sun.security.rsa.RSAKeyFactory$PSS"); - map.put("KeyPairGenerator.RSASSA-PSS", - "sun.security.rsa.RSAKeyPairGenerator$PSS"); - map.put("Signature.RSASSA-PSS", - "sun.security.rsa.RSAPSSSignature"); - map.put("AlgorithmParameters.RSASSA-PSS", - "sun.security.rsa.PSSParameters"); + // common oids + String rsaOid = "1.2.840.113549.1.1"; + List rsaAliases = createAliasesWithOid(rsaOid); + List rsapssAliases = createAliasesWithOid(rsaOid + ".10"); + String sha1withRSAOid2 = "1.3.14.3.2.29"; - // attributes for supported key classes - String rsaKeyClasses = "java.security.interfaces.RSAPublicKey" + - "|java.security.interfaces.RSAPrivateKey"; - map.put("Signature.MD2withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA512/224withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.SHA512/256withRSA SupportedKeyClasses", rsaKeyClasses); - map.put("Signature.RSASSA-PSS SupportedKeyClasses", rsaKeyClasses); + // common attribute map + HashMap attrs = new HashMap<>(3); + attrs.put("SupportedKeyClasses", + "java.security.interfaces.RSAPublicKey" + + "|java.security.interfaces.RSAPrivateKey"); - // aliases - map.put("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA"); - map.put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA"); + add(p, "KeyFactory", "RSA", + "sun.security.rsa.RSAKeyFactory$Legacy", + rsaAliases, null); + add(p, "KeyPairGenerator", "RSA", + "sun.security.rsa.RSAKeyPairGenerator$Legacy", + rsaAliases, null); + add(p, "Signature", "MD2withRSA", + "sun.security.rsa.RSASignature$MD2withRSA", + createAliasesWithOid(rsaOid + ".2"), attrs); + add(p, "Signature", "MD5withRSA", + "sun.security.rsa.RSASignature$MD5withRSA", + createAliasesWithOid(rsaOid + ".4"), attrs); + add(p, "Signature", "SHA1withRSA", + "sun.security.rsa.RSASignature$SHA1withRSA", + createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2), attrs); + add(p, "Signature", "SHA224withRSA", + "sun.security.rsa.RSASignature$SHA224withRSA", + createAliasesWithOid(rsaOid + ".14"), attrs); + add(p, "Signature", "SHA256withRSA", + "sun.security.rsa.RSASignature$SHA256withRSA", + createAliasesWithOid(rsaOid + ".11"), attrs); + add(p, "Signature", "SHA384withRSA", + "sun.security.rsa.RSASignature$SHA384withRSA", + createAliasesWithOid(rsaOid + ".12"), attrs); + add(p, "Signature", "SHA512withRSA", + "sun.security.rsa.RSASignature$SHA512withRSA", + createAliasesWithOid(rsaOid + ".13"), attrs); + add(p, "Signature", "SHA512/224withRSA", + "sun.security.rsa.RSASignature$SHA512_224withRSA", + createAliasesWithOid(rsaOid + ".15"), attrs); + add(p, "Signature", "SHA512/256withRSA", + "sun.security.rsa.RSASignature$SHA512_256withRSA", + createAliasesWithOid(rsaOid + ".16"), attrs); - map.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA"); - map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA"); - map.put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.14", "SHA224withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA"); - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.15", "SHA512/224withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.15", "SHA512/224withRSA"); - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.16", "SHA512/256withRSA"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.16", "SHA512/256withRSA"); - - map.put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.10", "RSASSA-PSS"); - map.put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); - - map.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.10", "RSASSA-PSS"); - map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); - - map.put("Alg.Alias.Signature.1.2.840.113549.1.1.10", "RSASSA-PSS"); - map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); - - map.put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.10", "RSASSA-PSS"); - map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); + add(p, "KeyFactory", "RSASSA-PSS", + "sun.security.rsa.RSAKeyFactory$PSS", + rsapssAliases, null); + add(p, "KeyPairGenerator", "RSASSA-PSS", + "sun.security.rsa.RSAKeyPairGenerator$PSS", + rsapssAliases, null); + add(p, "Signature", "RSASSA-PSS", + "sun.security.rsa.RSAPSSSignature", + rsapssAliases, attrs); + add(p, "AlgorithmParameters", "RSASSA-PSS", + "sun.security.rsa.PSSParameters", + rsapssAliases, null); } + + public Iterator iterator() { + return services.iterator(); + } + + private LinkedHashSet services; } diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java index b84567c3d9c..c50ba93ecfc 100644 --- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java +++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java @@ -26,7 +26,10 @@ package sun.security.ssl; import java.security.*; +import java.util.*; +import sun.security.rsa.SunRsaSignEntries; import static sun.security.util.SecurityConstants.PROVIDER_VER; +import static sun.security.provider.SunEntries.createAliases; /** * The JSSE provider. @@ -157,86 +160,62 @@ public abstract class SunJSSE extends java.security.Provider { }); } + private void ps(String type, String algo, String cn, + List aliases, HashMap attrs) { + putService(new Provider.Service(this, type, algo, cn, aliases, attrs)); + } + private void doRegister(boolean isfips) { if (isfips == false) { - put("KeyFactory.RSA", - "sun.security.rsa.RSAKeyFactory$Legacy"); - put("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA"); - put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA"); - - put("KeyPairGenerator.RSA", - "sun.security.rsa.RSAKeyPairGenerator$Legacy"); - put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA"); - put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA"); - - put("Signature.MD2withRSA", - "sun.security.rsa.RSASignature$MD2withRSA"); - put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA"); - put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", - "MD2withRSA"); - - put("Signature.MD5withRSA", - "sun.security.rsa.RSASignature$MD5withRSA"); - put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); - put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", - "MD5withRSA"); - - put("Signature.SHA1withRSA", - "sun.security.rsa.RSASignature$SHA1withRSA"); - put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); - put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", - "SHA1withRSA"); - put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); - put("Alg.Alias.Signature.OID.1.3.14.3.2.29", "SHA1withRSA"); - + Iterator rsaIter = + new SunRsaSignEntries(this).iterator(); + while (rsaIter.hasNext()) { + putService(rsaIter.next()); + } } - put("Signature.MD5andSHA1withRSA", - "sun.security.ssl.RSASignature"); + ps("Signature", "MD5andSHA1withRSA", + "sun.security.ssl.RSASignature", null, null); - put("KeyManagerFactory.SunX509", - "sun.security.ssl.KeyManagerFactoryImpl$SunX509"); - put("KeyManagerFactory.NewSunX509", - "sun.security.ssl.KeyManagerFactoryImpl$X509"); - put("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509"); + ps("KeyManagerFactory", "SunX509", + "sun.security.ssl.KeyManagerFactoryImpl$SunX509", null, null); + ps("KeyManagerFactory", "NewSunX509", + "sun.security.ssl.KeyManagerFactoryImpl$X509", + createAliases("PKIX"), null); - put("TrustManagerFactory.SunX509", - "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory"); - put("TrustManagerFactory.PKIX", - "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory"); - put("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX"); - put("Alg.Alias.TrustManagerFactory.X509", "PKIX"); - put("Alg.Alias.TrustManagerFactory.X.509", "PKIX"); + ps("TrustManagerFactory", "SunX509", + "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory", null, null); + ps("TrustManagerFactory", "PKIX", + "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory", + createAliases("SunPKIX", "X509", "X.509"), null); - put("SSLContext.TLSv1", - "sun.security.ssl.SSLContextImpl$TLS10Context"); - put("SSLContext.TLSv1.1", - "sun.security.ssl.SSLContextImpl$TLS11Context"); - put("SSLContext.TLSv1.2", - "sun.security.ssl.SSLContextImpl$TLS12Context"); - put("SSLContext.TLSv1.3", - "sun.security.ssl.SSLContextImpl$TLS13Context"); - put("SSLContext.TLS", - "sun.security.ssl.SSLContextImpl$TLSContext"); - if (isfips == false) { - put("Alg.Alias.SSLContext.SSL", "TLS"); - put("Alg.Alias.SSLContext.SSLv3", "TLSv1"); - } + ps("SSLContext", "TLSv1", + "sun.security.ssl.SSLContextImpl$TLS10Context", + (isfips? null : createAliases("SSLv3")), null); + ps("SSLContext", "TLSv1.1", + "sun.security.ssl.SSLContextImpl$TLS11Context", null, null); + ps("SSLContext", "TLSv1.2", + "sun.security.ssl.SSLContextImpl$TLS12Context", null, null); + ps("SSLContext", "TLSv1.3", + "sun.security.ssl.SSLContextImpl$TLS13Context", null, null); + ps("SSLContext", "TLS", + "sun.security.ssl.SSLContextImpl$TLSContext", + (isfips? null : createAliases("SSL")), null); - put("SSLContext.DTLSv1.0", - "sun.security.ssl.SSLContextImpl$DTLS10Context"); - put("SSLContext.DTLSv1.2", - "sun.security.ssl.SSLContextImpl$DTLS12Context"); - put("SSLContext.DTLS", - "sun.security.ssl.SSLContextImpl$DTLSContext"); + ps("SSLContext", "DTLSv1.0", + "sun.security.ssl.SSLContextImpl$DTLS10Context", null, null); + ps("SSLContext", "DTLSv1.2", + "sun.security.ssl.SSLContextImpl$DTLS12Context", null, null); + ps("SSLContext", "DTLS", + "sun.security.ssl.SSLContextImpl$DTLSContext", null, null); - put("SSLContext.Default", - "sun.security.ssl.SSLContextImpl$DefaultSSLContext"); + ps("SSLContext", "Default", + "sun.security.ssl.SSLContextImpl$DefaultSSLContext", null, null); /* * KeyStore */ - put("KeyStore.PKCS12", - "sun.security.pkcs12.PKCS12KeyStore"); + ps("KeyStore", "PKCS12", + "sun.security.pkcs12.PKCS12KeyStore", null, null); } // com.sun.net.ssl.internal.ssl.Provider has been deprecated since JDK 9