8133151: Preferred provider configuration for JCE
Reviewed-by: valeriep
This commit is contained in:
Anthony Scarpino
parent
efc3a113cd
commit
274ee0ec5b
@ -70,7 +70,7 @@ $(GENDATA_JAVA_SECURITY): $(BUILD_TOOLS) $(GENDATA_JAVA_SECURITY_SRC) $(RESTRICT
|
||||
$(ECHO) "Generating java.security"
|
||||
$(MKDIR) -p $(@D)
|
||||
$(TOOL_MAKEJAVASECURITY) $(GENDATA_JAVA_SECURITY_SRC) $@ $(OPENJDK_TARGET_OS) \
|
||||
$(RESTRICTED_PKGS_SRC) || exit 1
|
||||
$(OPENJDK_TARGET_CPU_ARCH) $(RESTRICTED_PKGS_SRC) || exit 1
|
||||
|
||||
TARGETS += $(GENDATA_JAVA_SECURITY)
|
||||
|
||||
|
||||
@ -50,19 +50,21 @@ public class MakeJavaSecurity {
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
|
||||
if (args.length < 3) {
|
||||
if (args.length < 4) {
|
||||
System.err.println("Usage: java MakeJavaSecurity " +
|
||||
"[input java.security file name] " +
|
||||
"[output java.security file name] " +
|
||||
"[openjdk target os] " +
|
||||
"[openjdk target cpu architecture]" +
|
||||
"[more restricted packages file name?]");
|
||||
System.exit(1);
|
||||
|
||||
System.exit(1);
|
||||
}
|
||||
|
||||
// more restricted packages
|
||||
List<String> extraLines;
|
||||
if (args.length == 4) {
|
||||
extraLines = Files.readAllLines(Paths.get(args[3]));
|
||||
if (args.length == 5) {
|
||||
extraLines = Files.readAllLines(Paths.get(args[4]));
|
||||
} else {
|
||||
extraLines = Collections.emptyList();
|
||||
}
|
||||
@ -96,7 +98,11 @@ public class MakeJavaSecurity {
|
||||
mode = 0;
|
||||
iter.remove();
|
||||
} else if (line.startsWith("#ifdef ")) {
|
||||
mode = line.endsWith(args[2])?1:2;
|
||||
if (line.indexOf('-') > 0) {
|
||||
mode = line.endsWith(args[2]+"-"+args[3]) ? 1 : 2;
|
||||
} else {
|
||||
mode = line.endsWith(args[2]) ? 1 : 2;
|
||||
}
|
||||
iter.remove();
|
||||
} else if (line.startsWith("#ifndef ")) {
|
||||
mode = line.endsWith(args[2])?2:1;
|
||||
|
||||
@ -138,6 +138,13 @@ public class AlgorithmParameterGenerator {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the name of the algorithm this
|
||||
* parameter generator is associated with.
|
||||
* See the AlgorithmParameterGenerator section in the <a href=
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -126,6 +126,13 @@ public class AlgorithmParameters {
|
||||
* {@code init}, using an appropriate parameter specification or
|
||||
* parameter encoding.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the name of the algorithm requested.
|
||||
* See the AlgorithmParameters section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#AlgorithmParameters">
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -153,6 +153,13 @@ public class KeyFactory {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the name of the requested key algorithm.
|
||||
* See the KeyFactory section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyFactory">
|
||||
|
||||
@ -195,6 +195,13 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the standard string name of the algorithm.
|
||||
* See the KeyPairGenerator section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyPairGenerator">
|
||||
|
||||
@ -841,6 +841,13 @@ public class KeyStore {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param type the type of keystore.
|
||||
* See the KeyStore section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyStore">
|
||||
|
||||
@ -146,6 +146,13 @@ public abstract class MessageDigest extends MessageDigestSpi {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the name of the algorithm requested.
|
||||
* See the MessageDigest section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#MessageDigest">
|
||||
|
||||
@ -355,6 +355,13 @@ public abstract class Policy {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param type the specified Policy type. See the Policy section in the
|
||||
* <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#Policy">
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -268,6 +268,13 @@ public class SecureRandom extends java.util.Random {
|
||||
* This self-seeding will not occur if {@code setSeed} was
|
||||
* previously called.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the name of the RNG algorithm.
|
||||
* See the SecureRandom section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom">
|
||||
|
||||
@ -203,6 +203,13 @@ public abstract class Signature extends SignatureSpi {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the standard name of the algorithm requested.
|
||||
* See the Signature section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#Signature">
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -142,6 +142,13 @@ public class CertPathBuilder {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the name of the requested {@code CertPathBuilder}
|
||||
* algorithm. See the CertPathBuilder section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathBuilder">
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -143,6 +143,13 @@ public class CertPathValidator {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the name of the requested {@code CertPathValidator}
|
||||
* algorithm. See the CertPathValidator section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathValidator">
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -201,6 +201,13 @@ public class CertStore {
|
||||
* Note that the specified {@code CertStoreParameters} object is
|
||||
* cloned.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param type the name of the requested {@code CertStore} type.
|
||||
* See the CertStore section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertStore">
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -163,6 +163,13 @@ public class CertificateFactory {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param type the name of the requested certificate type.
|
||||
* See the CertificateFactory section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory">
|
||||
|
||||
@ -478,6 +478,13 @@ public class Cipher {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param transformation the name of the transformation, e.g.,
|
||||
* <i>DES/CBC/PKCS5Padding</i>.
|
||||
* See the Cipher section in the <a href=
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -112,6 +112,13 @@ public class ExemptionMechanism {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the standard name of the requested exemption
|
||||
* mechanism.
|
||||
* See the ExemptionMechanism section in the
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -150,6 +150,13 @@ public class KeyAgreement {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the standard name of the requested key agreement
|
||||
* algorithm.
|
||||
* See the KeyAgreement section in the <a href=
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -202,6 +202,13 @@ public class KeyGenerator {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the standard name of the requested key algorithm.
|
||||
* See the KeyGenerator section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyGenerator">
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -152,6 +152,13 @@ public class Mac implements Cloneable {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the standard name of the requested MAC algorithm.
|
||||
* See the Mac section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#Mac">
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -137,6 +137,13 @@ public class SecretKeyFactory {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the standard name of the requested secret-key
|
||||
* algorithm.
|
||||
* See the SecretKeyFactory section in the <a href=
|
||||
|
||||
@ -116,6 +116,13 @@ public class KeyManagerFactory {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the standard name of the requested algorithm.
|
||||
* See the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
|
||||
|
||||
@ -136,6 +136,13 @@ public class SSLContext {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param protocol the standard name of the requested protocol.
|
||||
* See the SSLContext section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#SSLContext">
|
||||
|
||||
@ -130,6 +130,13 @@ public class TrustManagerFactory {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the standard name of the requested trust management
|
||||
* algorithm. See the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/jsse/JSSERefGuide.html">
|
||||
|
||||
@ -311,6 +311,13 @@ public abstract class Configuration {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param type the specified Configuration type. See the Configuration
|
||||
* section in the <a href=
|
||||
* "{@docRoot}/../technotes/guides/security/StandardNames.html#Configuration">
|
||||
|
||||
@ -27,8 +27,11 @@ package sun.security.jca;
|
||||
|
||||
import java.util.*;
|
||||
|
||||
import java.security.*;
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.Provider;
|
||||
import java.security.Provider.Service;
|
||||
import java.security.Security;
|
||||
|
||||
/**
|
||||
* List of Providers. Used to represent the provider preferences.
|
||||
@ -65,6 +68,9 @@ public final class ProviderList {
|
||||
// constant for an ProviderList with no elements
|
||||
static final ProviderList EMPTY = new ProviderList(PC0, true);
|
||||
|
||||
// list of all jdk.security.provider.preferred entries
|
||||
static private PreferredList preferredPropList = null;
|
||||
|
||||
// dummy provider object to use during initialization
|
||||
// used to avoid explicit null checks in various places
|
||||
private static final Provider EMPTY_PROVIDER =
|
||||
@ -162,11 +168,10 @@ public final class ProviderList {
|
||||
*/
|
||||
private ProviderList() {
|
||||
List<ProviderConfig> configList = new ArrayList<>();
|
||||
for (int i = 1; true; i++) {
|
||||
String entry = Security.getProperty("security.provider." + i);
|
||||
if (entry == null) {
|
||||
break;
|
||||
}
|
||||
String entry;
|
||||
int i = 1;
|
||||
|
||||
while ((entry = Security.getProperty("security.provider." + i)) != null) {
|
||||
entry = entry.trim();
|
||||
if (entry.length() == 0) {
|
||||
System.err.println("invalid entry for " +
|
||||
@ -187,10 +192,36 @@ public final class ProviderList {
|
||||
if (configList.contains(config) == false) {
|
||||
configList.add(config);
|
||||
}
|
||||
i++;
|
||||
}
|
||||
configs = configList.toArray(PC0);
|
||||
|
||||
// Load config entries for use when getInstance is called
|
||||
entry = Security.getProperty("jdk.security.provider.preferred");
|
||||
if (entry != null && (entry = entry.trim()).length() > 0) {
|
||||
String[] entries = entry.split(",");
|
||||
if (ProviderList.preferredPropList == null) {
|
||||
ProviderList.preferredPropList = new PreferredList();
|
||||
}
|
||||
|
||||
for (String e : entries) {
|
||||
i = e.indexOf(':');
|
||||
if (i < 0) {
|
||||
if (debug != null) {
|
||||
debug.println("invalid preferred entry skipped. " +
|
||||
"Missing colon delimiter \"" + e + "\"");
|
||||
}
|
||||
continue;
|
||||
}
|
||||
ProviderList.preferredPropList.add(new PreferredEntry(
|
||||
e.substring(0, i).trim(), e.substring(i + 1).trim()));
|
||||
}
|
||||
}
|
||||
|
||||
if (debug != null) {
|
||||
debug.println("provider configuration: " + configList);
|
||||
debug.println("config configuration: " +
|
||||
ProviderList.preferredPropList);
|
||||
}
|
||||
}
|
||||
|
||||
@ -327,7 +358,22 @@ public final class ProviderList {
|
||||
* algorithm.
|
||||
*/
|
||||
public Service getService(String type, String name) {
|
||||
for (int i = 0; i < configs.length; i++) {
|
||||
ArrayList<PreferredEntry> pList = null;
|
||||
int i;
|
||||
|
||||
// Preferred provider list
|
||||
if (preferredPropList != null &&
|
||||
(pList = preferredPropList.getAll(type, name)) != null) {
|
||||
for (i = 0; i < pList.size(); i++) {
|
||||
Provider p = getProvider(pList.get(i).provider);
|
||||
Service s = p.getService(type, name);
|
||||
if (s != null) {
|
||||
return s;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
for (i = 0; i < configs.length; i++) {
|
||||
Provider p = getProvider(i);
|
||||
Service s = p.getService(type, name);
|
||||
if (s != null) {
|
||||
@ -394,7 +440,11 @@ public final class ProviderList {
|
||||
private List<Service> services;
|
||||
|
||||
// index into config[] of the next provider we need to query
|
||||
private int providerIndex;
|
||||
private int providerIndex = 0;
|
||||
|
||||
// Matching preferred provider list for this ServiceList
|
||||
ArrayList<PreferredEntry> preferredList = null;
|
||||
private int preferredIndex = 0;
|
||||
|
||||
ServiceList(String type, String algorithm) {
|
||||
this.type = type;
|
||||
@ -421,6 +471,14 @@ public final class ProviderList {
|
||||
}
|
||||
|
||||
private Service tryGet(int index) {
|
||||
Provider p;
|
||||
|
||||
// If preferred providers are configured, check for matches with
|
||||
// the requested service.
|
||||
if (preferredPropList != null && preferredList == null) {
|
||||
preferredList = preferredPropList.getAll(this);
|
||||
}
|
||||
|
||||
while (true) {
|
||||
if ((index == 0) && (firstService != null)) {
|
||||
return firstService;
|
||||
@ -430,8 +488,27 @@ public final class ProviderList {
|
||||
if (providerIndex >= configs.length) {
|
||||
return null;
|
||||
}
|
||||
// check all algorithms in this provider before moving on
|
||||
Provider p = getProvider(providerIndex++);
|
||||
|
||||
// If there were matches with a preferred provider, iterate
|
||||
// through the list first before going through the
|
||||
// ordered list (java.security.provider.#)
|
||||
if (preferredList != null &&
|
||||
preferredIndex < preferredList.size()) {
|
||||
PreferredEntry entry = preferredList.get(preferredIndex++);
|
||||
// Look for the provider name in the PreferredEntry
|
||||
p = getProvider(entry.provider);
|
||||
if (p == null) {
|
||||
if (debug != null) {
|
||||
debug.println("No provider found with name: " +
|
||||
entry.provider);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
// check all algorithms in this provider before moving on
|
||||
p = getProvider(providerIndex++);
|
||||
}
|
||||
|
||||
if (type != null) {
|
||||
// simple lookup
|
||||
Service s = p.getService(type, algorithm);
|
||||
@ -502,4 +579,119 @@ public final class ProviderList {
|
||||
}
|
||||
}
|
||||
|
||||
// Provider list defined by jdk.security.provider.preferred entry
|
||||
static final class PreferredList {
|
||||
ArrayList<PreferredEntry> list = new ArrayList<PreferredEntry>();
|
||||
|
||||
/*
|
||||
* Return a list of all preferred entries that match the passed
|
||||
* ServiceList.
|
||||
*/
|
||||
ArrayList<PreferredEntry> getAll(ServiceList s) {
|
||||
if (s.ids == null) {
|
||||
return getAll(s.type, s.algorithm);
|
||||
|
||||
}
|
||||
|
||||
ArrayList<PreferredEntry> l = new ArrayList<PreferredEntry>();
|
||||
for (ServiceId id : s.ids) {
|
||||
implGetAll(l, id.type, id.algorithm);
|
||||
}
|
||||
|
||||
return l;
|
||||
}
|
||||
|
||||
/*
|
||||
* Return a list of all preferred entries that match the passed
|
||||
* type and algorithm.
|
||||
*/
|
||||
ArrayList<PreferredEntry> getAll(String type, String algorithm) {
|
||||
ArrayList<PreferredEntry> l = new ArrayList<PreferredEntry>();
|
||||
implGetAll(l, type, algorithm);
|
||||
return l;
|
||||
}
|
||||
|
||||
/*
|
||||
* Compare each preferred entry against the passed type and
|
||||
* algorithm, putting any matches in the passed ArrayList.
|
||||
*/
|
||||
private void implGetAll(ArrayList<PreferredEntry> l, String type,
|
||||
String algorithm) {
|
||||
PreferredEntry e;
|
||||
|
||||
for (int i = 0; i < size(); i++) {
|
||||
e = list.get(i);
|
||||
if (e.match(type, algorithm)) {
|
||||
l.add(e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public PreferredEntry get(int i) {
|
||||
return list.get(i);
|
||||
}
|
||||
|
||||
public int size() {
|
||||
return list.size();
|
||||
}
|
||||
|
||||
public boolean add(PreferredEntry e) {
|
||||
return list.add(e);
|
||||
}
|
||||
|
||||
public String toString() {
|
||||
String s = "";
|
||||
for (PreferredEntry e: list) {
|
||||
s += e.toString();
|
||||
}
|
||||
return s;
|
||||
}
|
||||
}
|
||||
|
||||
// Individual preferred property entry from jdk.security.provider.preferred
|
||||
private class PreferredEntry {
|
||||
String type = null;
|
||||
String algorithm;
|
||||
String provider;
|
||||
|
||||
PreferredEntry(String t, String p) {
|
||||
int i = t.indexOf('.');
|
||||
if (i > 0) {
|
||||
type = t.substring(0, i);
|
||||
algorithm = t.substring(i + 1);
|
||||
} else {
|
||||
algorithm = t;
|
||||
}
|
||||
|
||||
provider = p;
|
||||
}
|
||||
|
||||
boolean match(String t, String a) {
|
||||
if (debug != null) {
|
||||
debug.println("Config match: " + toString() + " == [" + t +
|
||||
", " + a + "]");
|
||||
}
|
||||
|
||||
// Compare service type if configured
|
||||
if (type != null && type.compareToIgnoreCase(t) != 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Compare the algorithm string.
|
||||
if (a.compareToIgnoreCase(algorithm) == 0) {
|
||||
if (debug != null) {
|
||||
debug.println("Config entry found: " + toString());
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
// No match
|
||||
return false;
|
||||
}
|
||||
|
||||
public String toString() {
|
||||
return "[" + type + ", " + algorithm + " : " + provider + "] ";
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -90,6 +90,31 @@ security.provider.tbd=apple.security.AppleProvider
|
||||
security.provider.tbd=sun.security.pkcs11.SunPKCS11
|
||||
#endif
|
||||
|
||||
#
|
||||
# A list of preferred providers for specific algorithms. These providers will
|
||||
# be searched for matching algorithms before the list of registered providers.
|
||||
# Entries containing errors (parsing, etc) will be ignored. Use the
|
||||
# -Djava.security.debug=jca property to debug these errors.
|
||||
#
|
||||
# The property is a comma-separated list of serviceType.algorithm:provider
|
||||
# entries. The serviceType (example: "MessageDigest") is optional, and if
|
||||
# not specified, the algorithm applies to all service types that support it.
|
||||
# The algorithm is the standard algorithm name or transformation.
|
||||
# Transformations can be specified in their full standard name
|
||||
# (ex: AES/CBC/PKCS5Padding), or as partial matches (ex: AES, AES/CBC).
|
||||
# The provider is the name of the provider. Any provider that does not
|
||||
# also appear in the registered list will be ignored.
|
||||
#
|
||||
# Example:
|
||||
# jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \
|
||||
# MessageDigest.SHA-256:SUN
|
||||
#ifdef solaris-sparc
|
||||
jdk.security.provider.preferred=AES:SunJCE, SHA-256:SUN, SHA-384:SUN, SHA-512:SUN
|
||||
#endif
|
||||
#ifdef solaris-x86
|
||||
jdk.security.provider.preferred=AES:SunJCE, RSA:SunRsaSign
|
||||
#endif
|
||||
|
||||
|
||||
#
|
||||
# Sun Provider SecureRandom seed source.
|
||||
|
||||
@ -310,6 +310,13 @@ public class Sasl {
|
||||
* for information about how to install and configure security service
|
||||
* providers.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param mechanisms The non-null list of mechanism names to try. Each is the
|
||||
* IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
|
||||
* @param authorizationId The possibly null protocol-dependent
|
||||
@ -452,6 +459,13 @@ public class Sasl {
|
||||
* for information about how to install and configure security
|
||||
* service providers.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param mechanism The non-null mechanism name. It must be an
|
||||
* IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
|
||||
* @param protocol The non-null string name of the protocol for which
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -229,6 +229,13 @@ public final class TerminalFactory {
|
||||
* specified parameters Object. The type of parameters
|
||||
* needed may vary between different types of <code>TerminalFactory</code>s.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param type the type of the requested TerminalFactory
|
||||
* @param params the parameters to pass to the TerminalFactorySpi
|
||||
* implementation, or null if no parameters are needed
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -136,6 +136,13 @@ public abstract class TransformService implements Transform {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param algorithm the URI of the algorithm
|
||||
* @param mechanismType the type of the XML processing mechanism and
|
||||
* representation
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -173,6 +173,13 @@ public abstract class XMLSignatureFactory {
|
||||
* <p>Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param mechanismType the type of the XML processing mechanism and
|
||||
* representation. See the <a
|
||||
* href="../../../../../technotes/guides/security/xmldsig/overview.html#Service%20Provider">
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -129,6 +129,13 @@ public abstract class KeyInfoFactory {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @param mechanismType the type of the XML processing mechanism and
|
||||
* representation. See the <a
|
||||
* href="../../../../../../technotes/guides/security/xmldsig/overview.html#Service%20Provider">
|
||||
@ -263,6 +270,13 @@ public abstract class KeyInfoFactory {
|
||||
* <p> Note that the list of registered providers may be retrieved via
|
||||
* the {@link Security#getProviders() Security.getProviders()} method.
|
||||
*
|
||||
* @implNote
|
||||
* The JDK Reference Implementation additionally uses the
|
||||
* {@code jdk.security.provider.preferred} property to determine
|
||||
* the preferred provider order for the specified algorithm. This
|
||||
* may be different than the order of providers returned by
|
||||
* {@link Security#getProviders() Security.getProviders()}.
|
||||
*
|
||||
* @return a new <code>KeyInfoFactory</code>
|
||||
* @throws NoSuchMechanismException if no <code>Provider</code> supports a
|
||||
* <code>KeyInfoFactory</code> implementation for the DOM mechanism
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user