8220016: Clean up redundant RSA services in the SunJSSE provider
Removed duplicated RSA signature/KF/KPG support in SunJSSE Reviewed-by: xuelei
This commit is contained in:
parent
b0f6b1086a
commit
e90036145a
src/java.base/share/classes/sun/security/ssl
test/jdk
java/security
sun/security
@ -27,18 +27,12 @@ package sun.security.ssl;
|
||||
|
||||
import java.security.*;
|
||||
import java.util.*;
|
||||
import sun.security.rsa.SunRsaSignEntries;
|
||||
import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
||||
import static sun.security.provider.SunEntries.createAliases;
|
||||
|
||||
/**
|
||||
* The JSSE provider.
|
||||
*
|
||||
* The RSA implementation has been removed from JSSE, but we still need to
|
||||
* register the same algorithms for compatibility. We just point to the RSA
|
||||
* implementation in the SunRsaSign provider. This works because all classes
|
||||
* are in the bootclasspath and therefore loaded by the same classloader.
|
||||
*
|
||||
* SunJSSE now supports an experimental FIPS compliant mode when used with an
|
||||
* appropriate FIPS certified crypto provider. In FIPS mode, we:
|
||||
* . allow only TLS 1.0 or later
|
||||
@ -84,12 +78,6 @@ public class SunJSSE extends java.security.Provider {
|
||||
}
|
||||
|
||||
private void doRegister() {
|
||||
Iterator<Provider.Service> rsaIter =
|
||||
new SunRsaSignEntries(this).iterator();
|
||||
while (rsaIter.hasNext()) {
|
||||
putService(rsaIter.next());
|
||||
}
|
||||
|
||||
ps("Signature", "MD5andSHA1withRSA",
|
||||
"sun.security.ssl.RSASignature", null, null);
|
||||
|
||||
|
@ -123,8 +123,13 @@ public class Offsets {
|
||||
throw new RuntimeException("Test doesn't support this signature "
|
||||
+ "algorithm: " + algorithm);
|
||||
}
|
||||
|
||||
KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo, provider);
|
||||
KeyPairGenerator kpg = null;
|
||||
// first try matching provider, fallback to most preferred if none available
|
||||
try {
|
||||
kpg = KeyPairGenerator.getInstance(keyAlgo, provider);
|
||||
} catch (NoSuchAlgorithmException nsae) {
|
||||
kpg = KeyPairGenerator.getInstance(keyAlgo);
|
||||
}
|
||||
kpg.initialize(keySize);
|
||||
KeyPair kp = kpg.generateKeyPair();
|
||||
PublicKey pubkey = kp.getPublic();
|
||||
|
@ -1,5 +1,5 @@
|
||||
/**
|
||||
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -21,13 +21,7 @@
|
||||
* questions.
|
||||
*/
|
||||
|
||||
import java.security.Signature;
|
||||
import java.security.SignedObject;
|
||||
import java.security.KeyPairGenerator;
|
||||
import java.security.KeyPair;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.*;
|
||||
import java.security.spec.*;
|
||||
import java.util.*;
|
||||
import jdk.test.lib.SigTestUtil;
|
||||
@ -197,8 +191,15 @@ public class Chain {
|
||||
if (test.provider != Provider.Default) {
|
||||
signature = Signature.getInstance(test.sigAlg.name,
|
||||
test.provider.name);
|
||||
kpg = KeyPairGenerator.getInstance(
|
||||
test.keyAlg.name, test.provider.name);
|
||||
// try using the same provider first, if not, fallback
|
||||
// to the first available impl
|
||||
try {
|
||||
kpg = KeyPairGenerator.getInstance(
|
||||
test.keyAlg.name, test.provider.name);
|
||||
} catch (NoSuchAlgorithmException nsae) {
|
||||
kpg = KeyPairGenerator.getInstance(
|
||||
test.keyAlg.name);
|
||||
}
|
||||
} else {
|
||||
signature = Signature.getInstance(test.sigAlg.name);
|
||||
kpg = KeyPairGenerator.getInstance(test.keyAlg.name);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -111,7 +111,7 @@ public class Basic extends PKCS11Test {
|
||||
this.provider = p;
|
||||
|
||||
// get private keys
|
||||
KeyFactory kf = KeyFactory.getInstance("RSA", "SunJSSE");
|
||||
KeyFactory kf = KeyFactory.getInstance("RSA");
|
||||
KeyFactory dsaKf = KeyFactory.getInstance("DSA", "SUN");
|
||||
|
||||
ObjectInputStream ois1 = new ObjectInputStream
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -23,11 +23,11 @@
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @bug 4503229
|
||||
* @bug 4503229 8220016
|
||||
* @summary default RSA KeyFactory can return broken RSAPrivateCrtKey objects
|
||||
* This test was taken directly from the bug report, which
|
||||
* was fixed in the crippled JSAFE provider, and needed
|
||||
* to be brought forward into JSSE.
|
||||
* to be brought forward into SunRsaSign (was JSSE).
|
||||
* @author Brad Wetmore
|
||||
*/
|
||||
|
||||
@ -39,7 +39,7 @@ import java.math.BigInteger;
|
||||
public class BrokenRSAPrivateCrtKey {
|
||||
public static void main(String[] args) throws Exception {
|
||||
KeyPairGenerator generator =
|
||||
KeyPairGenerator.getInstance("RSA", "SunJSSE");
|
||||
KeyPairGenerator.getInstance("RSA", "SunRsaSign");
|
||||
generator.initialize(512);
|
||||
|
||||
KeyPair pair = generator.generateKeyPair();
|
||||
@ -55,7 +55,7 @@ public class BrokenRSAPrivateCrtKey {
|
||||
privatekey.getPrimeExponentQ(),
|
||||
privatekey.getCrtCoefficient());
|
||||
|
||||
KeyFactory factory = KeyFactory.getInstance("RSA", "SunJSSE");
|
||||
KeyFactory factory = KeyFactory.getInstance("RSA", "SunRsaSign");
|
||||
|
||||
PrivateKey privatekey2 = factory.generatePrivate(spec);
|
||||
|
71
test/jdk/sun/security/ssl/rsa/CheckProviderEntries.java
Normal file
71
test/jdk/sun/security/ssl/rsa/CheckProviderEntries.java
Normal file
@ -0,0 +1,71 @@
|
||||
/*
|
||||
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
import java.security.*;
|
||||
import java.util.Iterator;
|
||||
import java.security.Provider.Service;
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @bug 8220016
|
||||
* @summary This test checks the RSA-related services in SunJSSE provider
|
||||
*/
|
||||
public class CheckProviderEntries {
|
||||
|
||||
private static boolean testResult = true;
|
||||
|
||||
private static void error(String msg) {
|
||||
testResult = false;
|
||||
System.out.println(msg);
|
||||
}
|
||||
public static void main(String[] args) throws NoSuchAlgorithmException,
|
||||
InvalidKeyException, SignatureException {
|
||||
Provider p = Security.getProvider("SunJSSE");
|
||||
Iterator<Provider.Service> iter = p.getServices().iterator();
|
||||
while (iter.hasNext()) {
|
||||
Service s = iter.next();
|
||||
String type = s.getType();
|
||||
String algo = s.getAlgorithm();
|
||||
System.out.println("Type: " + type + " " + algo);
|
||||
try {
|
||||
if (algo.indexOf("RSA") != -1) {
|
||||
// only MD5andSHA1withRSA signature support
|
||||
// error out on any other RSA support
|
||||
if (type.equals("Signature") &&
|
||||
algo.equals("MD5andSHA1withRSA")) {
|
||||
s.newInstance(null);
|
||||
continue;
|
||||
}
|
||||
error("Error: unexpected RSA services");
|
||||
}
|
||||
} catch (NoSuchAlgorithmException | InvalidParameterException e) {
|
||||
error("Error: cannot create obj " + e);
|
||||
}
|
||||
}
|
||||
if (testResult) {
|
||||
System.out.println("Test Passed");
|
||||
} else {
|
||||
throw new RuntimeException("One or more tests failed");
|
||||
}
|
||||
}
|
||||
}
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -27,7 +27,7 @@ import java.security.SignatureException;
|
||||
|
||||
/*
|
||||
* @test
|
||||
* @bug 8050374
|
||||
* @bug 8050374 8220016
|
||||
* @key randomness
|
||||
* @summary This test validates signature verification
|
||||
* Signature.verify(byte[], int, int). The test uses RandomFactory to
|
||||
@ -37,10 +37,7 @@ import java.security.SignatureException;
|
||||
* @library /test/lib
|
||||
* @build jdk.test.lib.RandomFactory
|
||||
* @compile ../../../../java/security/Signature/Offsets.java
|
||||
* @run main SignatureOffsets SunJSSE MD2withRSA
|
||||
* @run main SignatureOffsets SunJSSE MD5withRSA
|
||||
* @run main SignatureOffsets SunJSSE SHA1withRSA
|
||||
* @run main SignatureOffsets SunJSSE MD5andSHA1withRSA
|
||||
* @run main SignatureOffsets SunJSSE MD5andSHA1withRSA
|
||||
*/
|
||||
public class SignatureOffsets {
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -30,6 +30,7 @@
|
||||
* @compile ../../../../java/security/SignedObject/Chain.java
|
||||
* @run main SignedObjectChain
|
||||
*/
|
||||
|
||||
public class SignedObjectChain {
|
||||
|
||||
private static class Test extends Chain.Test {
|
||||
@ -40,9 +41,6 @@ public class SignedObjectChain {
|
||||
}
|
||||
|
||||
private static final Test[] tests = {
|
||||
new Test(Chain.SigAlg.MD2withRSA),
|
||||
new Test(Chain.SigAlg.MD5withRSA),
|
||||
new Test(Chain.SigAlg.SHA1withRSA),
|
||||
new Test(Chain.SigAlg.MD5andSHA1withRSA),
|
||||
};
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user