From 8081077ff5f9d87e245e6279f5cfcea0f3eaf625 Mon Sep 17 00:00:00 2001 From: Stephen Flores Date: Thu, 30 Aug 2012 14:40:57 -0700 Subject: [PATCH] 6995421: Eliminate the static dependency to sun.security.ec.ECKeyFactory Reviewed-by: mullan, vinnie --- jdk/make/sun/security/ec/Makefile | 1 - jdk/make/sun/security/other/Makefile | 1 - .../classes/sun/security/ec/ECKeyFactory.java | 45 ++++++++----------- .../classes/sun/security/ec/ECParameters.java | 6 +-- .../sun/security/ec/ECPublicKeyImpl.java | 7 ++- .../classes/sun/security/ec/SunECEntries.java | 1 + .../sun/security/pkcs11/P11ECKeyFactory.java | 4 +- .../sun/security/x509/AlgorithmId.java | 21 +++------ jdk/test/sun/security/ec/TestEC.java | 10 ++++- .../security/pkcs11/ec/ReadCertificates.java | 5 ++- .../sun/security/pkcs11/ec/ReadPKCS12.java | 5 ++- jdk/test/sun/security/pkcs11/ec/TestECDH.java | 5 ++- .../sun/security/pkcs11/ec/TestECDSA.java | 5 ++- 13 files changed, 62 insertions(+), 54 deletions(-) diff --git a/jdk/make/sun/security/ec/Makefile b/jdk/make/sun/security/ec/Makefile index 0e92dd59cff..660d8bbd0f8 100644 --- a/jdk/make/sun/security/ec/Makefile +++ b/jdk/make/sun/security/ec/Makefile @@ -128,7 +128,6 @@ AUTO_FILES_JAVA_DIRS = $(PKGDIR) # Exclude the sources that get built by ../other/Makefile # AUTO_JAVA_PRUNE = \ - ECKeyFactory.java \ ECParameters.java \ ECPrivateKeyImpl.java \ ECPublicKeyImpl.java \ diff --git a/jdk/make/sun/security/other/Makefile b/jdk/make/sun/security/other/Makefile index cc869aec2e3..c0ee97711dd 100644 --- a/jdk/make/sun/security/other/Makefile +++ b/jdk/make/sun/security/other/Makefile @@ -53,7 +53,6 @@ AUTO_FILES_JAVA_DIRS = \ # EC classes used by the packages above # FILES_java += \ - sun/security/ec/ECKeyFactory.java \ sun/security/ec/ECParameters.java \ sun/security/ec/ECPrivateKeyImpl.java \ sun/security/ec/ECPublicKeyImpl.java \ diff --git a/jdk/src/share/classes/sun/security/ec/ECKeyFactory.java b/jdk/src/share/classes/sun/security/ec/ECKeyFactory.java index cd35c91d14b..16ee6778169 100644 --- a/jdk/src/share/classes/sun/security/ec/ECKeyFactory.java +++ b/jdk/src/share/classes/sun/security/ec/ECKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -51,33 +51,21 @@ import java.security.spec.*; */ public final class ECKeyFactory extends KeyFactorySpi { - // Used by translateKey() and the SunPKCS11 provider - public final static KeyFactory INSTANCE; + // Used by translateKey() + private static KeyFactory instance; - // Internal provider object we can obtain the KeyFactory and - // AlgorithmParameters from. Used by ECParameters and AlgorithmId. - // This can go away once we have EC always available in the SUN provider. - // Used by ECParameters and AlgorithmId. - public final static Provider ecInternalProvider; - - static { - final Provider p = new Provider("SunEC-Internal", 1.0d, null) { - private static final long serialVersionUID = 970685700309471261L; - }; - AccessController.doPrivileged(new PrivilegedAction() { - public Void run() { - p.put("KeyFactory.EC", "sun.security.ec.ECKeyFactory"); - p.put("AlgorithmParameters.EC", "sun.security.ec.ECParameters"); - p.put("Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1", "EC"); - return null; + private static KeyFactory getInstance() { + if (instance == null) { + try { + instance = KeyFactory.getInstance("EC", "SunEC"); + } catch (NoSuchProviderException e) { + throw new RuntimeException(e); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); } - }); - try { - INSTANCE = KeyFactory.getInstance("EC", p); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); } - ecInternalProvider = p; + + return instance; } public ECKeyFactory() { @@ -102,7 +90,12 @@ public final class ECKeyFactory extends KeyFactorySpi { checkKey(ecKey); return ecKey; } else { - return (ECKey)INSTANCE.translateKey(key); + /* + * We don't call the engineTranslateKey method directly + * because KeyFactory.translateKey adds code to loop through + * all key factories. + */ + return (ECKey)getInstance().translateKey(key); } } diff --git a/jdk/src/share/classes/sun/security/ec/ECParameters.java b/jdk/src/share/classes/sun/security/ec/ECParameters.java index 614ba3f4675..56037ada939 100644 --- a/jdk/src/share/classes/sun/security/ec/ECParameters.java +++ b/jdk/src/share/classes/sun/security/ec/ECParameters.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -276,8 +276,8 @@ public final class ECParameters extends AlgorithmParametersSpi { static AlgorithmParameters getAlgorithmParameters(ECParameterSpec spec) throws InvalidKeyException { try { - AlgorithmParameters params = AlgorithmParameters.getInstance - ("EC", ECKeyFactory.ecInternalProvider); + AlgorithmParameters params = + AlgorithmParameters.getInstance("EC", "SunEC"); params.init(spec); return params; } catch (GeneralSecurityException e) { diff --git a/jdk/src/share/classes/sun/security/ec/ECPublicKeyImpl.java b/jdk/src/share/classes/sun/security/ec/ECPublicKeyImpl.java index aae485c1241..0dcf4b030a9 100644 --- a/jdk/src/share/classes/sun/security/ec/ECPublicKeyImpl.java +++ b/jdk/src/share/classes/sun/security/ec/ECPublicKeyImpl.java @@ -96,8 +96,13 @@ public final class ECPublicKeyImpl extends X509Key implements ECPublicKey { */ @SuppressWarnings("deprecation") protected void parseKeyBits() throws InvalidKeyException { + AlgorithmParameters algParams = this.algid.getParameters(); + if (algParams == null) { + throw new InvalidKeyException("EC domain parameters must be " + + "encoded in the algorithm identifier"); + } + try { - AlgorithmParameters algParams = this.algid.getParameters(); params = algParams.getParameterSpec(ECParameterSpec.class); w = ECParameters.decodePoint(key, params.getCurve()); } catch (IOException e) { diff --git a/jdk/src/share/classes/sun/security/ec/SunECEntries.java b/jdk/src/share/classes/sun/security/ec/SunECEntries.java index 6d2cb65a77a..e359ccc79f1 100644 --- a/jdk/src/share/classes/sun/security/ec/SunECEntries.java +++ b/jdk/src/share/classes/sun/security/ec/SunECEntries.java @@ -54,6 +54,7 @@ final class SunECEntries { */ map.put("AlgorithmParameters.EC", "sun.security.ec.ECParameters"); map.put("Alg.Alias.AlgorithmParameters.EllipticCurve", "EC"); + map.put("Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1", "EC"); map.put("AlgorithmParameters.EC KeySize", "256"); diff --git a/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java b/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java index ef6cf3a1ef5..a4c48e76d44 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java +++ b/jdk/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -304,7 +304,7 @@ final class P11ECKeyFactory extends P11KeyFactory { } KeyFactory implGetSoftwareFactory() throws GeneralSecurityException { - return sun.security.ec.ECKeyFactory.INSTANCE; + return KeyFactory.getInstance("EC", "SunEC"); } } diff --git a/jdk/src/share/classes/sun/security/x509/AlgorithmId.java b/jdk/src/share/classes/sun/security/x509/AlgorithmId.java index d4ca7959970..7124920956d 100644 --- a/jdk/src/share/classes/sun/security/x509/AlgorithmId.java +++ b/jdk/src/share/classes/sun/security/x509/AlgorithmId.java @@ -120,21 +120,14 @@ public class AlgorithmId implements Serializable, DerEncoder { try { algParams = AlgorithmParameters.getInstance(algidString); } catch (NoSuchAlgorithmException e) { - try { - // Try the internal EC code so that we can fully parse EC - // keys even if the provider is not registered. - // This code can go away once we have EC in the SUN provider. - algParams = AlgorithmParameters.getInstance(algidString, - sun.security.ec.ECKeyFactory.ecInternalProvider); - } catch (NoSuchAlgorithmException ee) { - /* - * This algorithm parameter type is not supported, so we cannot - * parse the parameters. - */ - algParams = null; - return; - } + /* + * This algorithm parameter type is not supported, so we cannot + * parse the parameters. + */ + algParams = null; + return; } + // Decode (parse) the parameters algParams.init(params.toByteArray()); } diff --git a/jdk/test/sun/security/ec/TestEC.java b/jdk/test/sun/security/ec/TestEC.java index c23980d14ff..41d0f0361da 100644 --- a/jdk/test/sun/security/ec/TestEC.java +++ b/jdk/test/sun/security/ec/TestEC.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,6 +33,7 @@ * @run main TestEC */ +import java.security.NoSuchProviderException; import java.security.Provider; import java.security.Security; @@ -62,7 +63,12 @@ public class TestEC { } public static void main0(String[] args) throws Exception { - Provider p = new sun.security.ec.SunEC(); + Provider p = Security.getProvider("SunEC"); + + if (p == null) { + throw new NoSuchProviderException("Can't get SunEC provider"); + } + System.out.println("Running tests with " + p.getName() + " provider...\n"); long start = System.currentTimeMillis(); diff --git a/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java b/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java index 2aa38a9f505..eba81c6d3ea 100644 --- a/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java +++ b/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java @@ -63,6 +63,10 @@ public class ReadCertificates extends PKCS11Test { System.out.println("Provider does not support ECDSA, skipping..."); return; } + + /* + * PKCS11Test.main will remove this provider if needed + */ Providers.setAt(p, 1); random = new SecureRandom(); @@ -132,7 +136,6 @@ public class ReadCertificates extends PKCS11Test { } } - Security.removeProvider(p.getName()); System.out.println("OK"); } diff --git a/jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java b/jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java index 979783eace7..6acc667aaf3 100644 --- a/jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java +++ b/jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java @@ -53,6 +53,10 @@ public class ReadPKCS12 extends PKCS11Test { System.out.println("Provider does not support ECDSA, skipping..."); return; } + + /* + * PKCS11Test.main will remove this provider if needed + */ Providers.setAt(p, 1); CertificateFactory factory = CertificateFactory.getInstance("X.509"); @@ -147,7 +151,6 @@ public class ReadPKCS12 extends PKCS11Test { out.close(); } - Security.removeProvider(p.getName()); System.out.println("OK"); } diff --git a/jdk/test/sun/security/pkcs11/ec/TestECDH.java b/jdk/test/sun/security/pkcs11/ec/TestECDH.java index 3182cff27d9..aa26d5c6d43 100644 --- a/jdk/test/sun/security/pkcs11/ec/TestECDH.java +++ b/jdk/test/sun/security/pkcs11/ec/TestECDH.java @@ -60,6 +60,10 @@ public class TestECDH extends PKCS11Test { System.out.println("Provider does not support ECDH, skipping"); return; } + + /* + * PKCS11Test.main will remove this provider if needed + */ Providers.setAt(p, 1); if (false) { @@ -77,7 +81,6 @@ public class TestECDH extends PKCS11Test { test(p, pub192a, priv192a, pub192b, priv192b, secret192); test(p, pub163a, priv163a, pub163b, priv163b, secret163); - Security.removeProvider(p.getName()); System.out.println("OK"); } diff --git a/jdk/test/sun/security/pkcs11/ec/TestECDSA.java b/jdk/test/sun/security/pkcs11/ec/TestECDSA.java index 0514d1d575e..6f5325aae9e 100644 --- a/jdk/test/sun/security/pkcs11/ec/TestECDSA.java +++ b/jdk/test/sun/security/pkcs11/ec/TestECDSA.java @@ -116,6 +116,10 @@ public class TestECDSA extends PKCS11Test { System.out.println("ECDSA not supported, skipping"); return; } + + /* + * PKCS11Test.main will remove this provider if needed + */ Providers.setAt(provider, 1); if (false) { @@ -137,7 +141,6 @@ public class TestECDSA extends PKCS11Test { test(provider, pub521, priv521, sig521); test(provider, pub571, priv571, sig571); - Security.removeProvider(provider.getName()); long stop = System.currentTimeMillis(); System.out.println("All tests passed (" + (stop - start) + " ms)."); }