1 /* 2 * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider; 27 28 import java.io.*; 29 import java.net.*; 30 import java.util.Map; 31 import java.security.*; 32 33 /** 34 * Defines the entries of the SUN provider. 35 * 36 * Algorithms supported, and their names: 37 * 38 * - SHA is the message digest scheme described in FIPS 180-1. 39 * Aliases for SHA are SHA-1 and SHA1. 40 * 41 * - SHA1withDSA is the signature scheme described in FIPS 186. 42 * (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.) 43 * Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA, 44 * SHAwithDSA, DSAWithSHA1, and the object 45 * identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and 46 * "OID.1.2.840.10040.4.3". 47 * 48 * - SHA-2 is a set of message digest schemes described in FIPS 180-2. 49 * SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384, 50 * and SHA-512. 51 * 52 * - SHA-224withDSA/SHA-256withDSA are the signature schemes 53 * described in FIPS 186-3. The associated object identifiers are 54 * "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2". 55 56 * - DSA is the key generation scheme as described in FIPS 186. 57 * Aliases for DSA include the OID strings "OID.1.3.14.3.2.12" 58 * and "OID.1.2.840.10040.4.1". 59 * 60 * - MD5 is the message digest scheme described in RFC 1321. 61 * There are no aliases for MD5. 62 * 63 * - X.509 is the certificate factory type for X.509 certificates 64 * and CRLs. Aliases for X.509 are X509. 65 * 66 * - PKIX is the certification path validation algorithm described 67 * in RFC 3280. The ValidationAlgorithm attribute notes the 68 * specification that this provider implements. 69 * 70 * - LDAP is the CertStore type for LDAP repositories. The 71 * LDAPSchema attribute notes the specification defining the 72 * schema that this provider uses to find certificates and CRLs. 73 * 74 * - JavaPolicy is the default file-based Policy type. 75 * 76 * - JavaLoginConfig is the default file-based LoginModule Configuration type. 77 */ 78 79 final class SunEntries { 80 81 private SunEntries() { 82 // empty 83 } 84 85 static void putEntries(Map<Object, Object> map) { 86 87 /* 88 * SecureRandom 89 * 90 * Register these first to speed up "new SecureRandom()", 91 * which iterates through the list of algorithms 92 */ 93 // register the native PRNG, if available 94 // if user selected /dev/urandom, we put it before SHA1PRNG, 95 // otherwise after it 96 boolean nativeAvailable = NativePRNG.isAvailable(); 97 boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) || 98 seedSource.equals(URL_DEV_RANDOM); 99 100 if (nativeAvailable && useNativePRNG) { 101 map.put("SecureRandom.NativePRNG", 102 "sun.security.provider.NativePRNG"); 103 } 104 map.put("SecureRandom.SHA1PRNG", 105 "sun.security.provider.SecureRandom"); 106 if (nativeAvailable && !useNativePRNG) { 107 map.put("SecureRandom.NativePRNG", 108 "sun.security.provider.NativePRNG"); 109 } 110 111 if (NativePRNG.Blocking.isAvailable()) { 112 map.put("SecureRandom.NativePRNGBlocking", 113 "sun.security.provider.NativePRNG$Blocking"); 114 } 115 116 if (NativePRNG.NonBlocking.isAvailable()) { 117 map.put("SecureRandom.NativePRNGNonBlocking", 118 "sun.security.provider.NativePRNG$NonBlocking"); 119 } 120 121 /* 122 * Signature engines 123 */ 124 map.put("Signature.SHA1withDSA", 125 "sun.security.provider.DSA$SHA1withDSA"); 126 map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA"); 127 map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA"); 128 map.put("Signature.SHA224withDSA", 129 "sun.security.provider.DSA$SHA224withDSA"); 130 map.put("Signature.SHA256withDSA", 131 "sun.security.provider.DSA$SHA256withDSA"); 132 133 String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + 134 "|java.security.interfaces.DSAPrivateKey"; 135 map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses); 136 map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses); 137 map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses); 138 map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses); 139 140 map.put("Alg.Alias.Signature.DSA", "SHA1withDSA"); 141 map.put("Alg.Alias.Signature.DSS", "SHA1withDSA"); 142 map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); 143 map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA"); 144 map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA"); 145 map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA"); 146 map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); 147 map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3", 148 "SHA1withDSA"); 149 map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); 150 map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA"); 151 map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA"); 152 map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1", 153 "SHA224withDSA"); 154 map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA"); 155 map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2", 156 "SHA256withDSA"); 157 map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA"); 158 159 /* 160 * Key Pair Generator engines 161 */ 162 map.put("KeyPairGenerator.DSA", 163 "sun.security.provider.DSAKeyPairGenerator"); 164 map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); 165 map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); 166 map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); 167 168 /* 169 * Digest engines 170 */ 171 map.put("MessageDigest.MD2", "sun.security.provider.MD2"); 172 map.put("MessageDigest.MD5", "sun.security.provider.MD5"); 173 map.put("MessageDigest.SHA", "sun.security.provider.SHA"); 174 175 map.put("Alg.Alias.MessageDigest.SHA-1", "SHA"); 176 map.put("Alg.Alias.MessageDigest.SHA1", "SHA"); 177 map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA"); 178 map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA"); 179 180 map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224"); 181 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224"); 182 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", 183 "SHA-224"); 184 185 map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256"); 186 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); 187 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", 188 "SHA-256"); 189 map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384"); 190 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); 191 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", 192 "SHA-384"); 193 map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512"); 194 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); 195 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", 196 "SHA-512"); 197 198 /* 199 * Algorithm Parameter Generator engines 200 */ 201 map.put("AlgorithmParameterGenerator.DSA", 202 "sun.security.provider.DSAParameterGenerator"); 203 204 /* 205 * Algorithm Parameter engines 206 */ 207 map.put("AlgorithmParameters.DSA", 208 "sun.security.provider.DSAParameters"); 209 map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA"); 210 map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA"); 211 map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA"); 212 213 /* 214 * Key factories 215 */ 216 map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory"); 217 map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA"); 218 map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); 219 map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA"); 220 221 /* 222 * Certificates 223 */ 224 map.put("CertificateFactory.X.509", 225 "sun.security.provider.X509Factory"); 226 map.put("Alg.Alias.CertificateFactory.X509", "X.509"); 227 228 /* 229 * KeyStore 230 */ 231 map.put("KeyStore.JKS", 232 "sun.security.provider.JavaKeyStore$DualFormatJKS"); 233 map.put("KeyStore.CaseExactJKS", 234 "sun.security.provider.JavaKeyStore$CaseExactJKS"); 235 map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS"); 236 237 /* 238 * Policy 239 */ 240 map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile"); 241 242 /* 243 * Configuration 244 */ 245 map.put("Configuration.JavaLoginConfig", 246 "sun.security.provider.ConfigFile$Spi"); 247 248 /* 249 * CertPathBuilder 250 */ 251 map.put("CertPathBuilder.PKIX", 252 "sun.security.provider.certpath.SunCertPathBuilder"); 253 map.put("CertPathBuilder.PKIX ValidationAlgorithm", 254 "RFC3280"); 255 256 /* 257 * CertPathValidator 258 */ 259 map.put("CertPathValidator.PKIX", 260 "sun.security.provider.certpath.PKIXCertPathValidator"); 261 map.put("CertPathValidator.PKIX ValidationAlgorithm", 262 "RFC3280"); 263 264 /* 265 * CertStores 266 */ 267 map.put("CertStore.LDAP", 268 "sun.security.provider.certpath.ldap.LDAPCertStore"); 269 map.put("CertStore.LDAP LDAPSchema", "RFC2587"); 270 map.put("CertStore.Collection", 271 "sun.security.provider.certpath.CollectionCertStore"); 272 map.put("CertStore.com.sun.security.IndexedCollection", 273 "sun.security.provider.certpath.IndexedCollectionCertStore"); 274 275 /* 276 * KeySize 277 */ 278 map.put("Signature.NONEwithDSA KeySize", "1024"); 279 map.put("Signature.SHA1withDSA KeySize", "1024"); 280 map.put("Signature.SHA224withDSA KeySize", "2048"); 281 map.put("Signature.SHA256withDSA KeySize", "2048"); 282 283 map.put("KeyPairGenerator.DSA KeySize", "2048"); 284 map.put("AlgorithmParameterGenerator.DSA KeySize", "2048"); 285 286 /* 287 * Implementation type: software or hardware 288 */ 289 map.put("Signature.SHA1withDSA ImplementedIn", "Software"); 290 map.put("KeyPairGenerator.DSA ImplementedIn", "Software"); 291 map.put("MessageDigest.MD5 ImplementedIn", "Software"); 292 map.put("MessageDigest.SHA ImplementedIn", "Software"); 293 map.put("AlgorithmParameterGenerator.DSA ImplementedIn", 294 "Software"); 295 map.put("AlgorithmParameters.DSA ImplementedIn", "Software"); 296 map.put("KeyFactory.DSA ImplementedIn", "Software"); 297 map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); 298 map.put("CertificateFactory.X.509 ImplementedIn", "Software"); 299 map.put("KeyStore.JKS ImplementedIn", "Software"); 300 map.put("CertPathValidator.PKIX ImplementedIn", "Software"); 301 map.put("CertPathBuilder.PKIX ImplementedIn", "Software"); 302 map.put("CertStore.LDAP ImplementedIn", "Software"); 303 map.put("CertStore.Collection ImplementedIn", "Software"); 304 map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn", 305 "Software"); 306 307 } 308 309 // name of the *System* property, takes precedence over PROP_RNDSOURCE 310 private final static String PROP_EGD = "java.security.egd"; 311 // name of the *Security* property 312 private final static String PROP_RNDSOURCE = "securerandom.source"; 313 314 final static String URL_DEV_RANDOM = "file:/dev/random"; 315 final static String URL_DEV_URANDOM = "file:/dev/urandom"; 316 317 private static final String seedSource; 318 319 static { 320 seedSource = AccessController.doPrivileged( 321 new PrivilegedAction<String>() { 322 323 @Override 324 public String run() { 325 String egdSource = System.getProperty(PROP_EGD, ""); 326 if (egdSource.length() != 0) { 327 return egdSource; 328 } 329 egdSource = Security.getProperty(PROP_RNDSOURCE); 330 if (egdSource == null) { 331 return ""; 332 } 333 return egdSource; 334 } 335 }); 336 } 337 338 static String getSeedSource() { 339 return seedSource; 340 } 341 342 /* 343 * Use a URI to access this File. Previous code used a URL 344 * which is less strict on syntax. If we encounter a 345 * URISyntaxException we make best efforts for backwards 346 * compatibility. e.g. space character in deviceName string. 347 * 348 * Method called within PrivilegedExceptionAction block. 349 * 350 * Moved from SeedGenerator to avoid initialization problems with 351 * signed providers. 352 */ 353 static File getDeviceFile(URL device) throws IOException { 354 try { 355 URI deviceURI = device.toURI(); 356 if(deviceURI.isOpaque()) { 357 // File constructor does not accept opaque URI 358 URI localDir = new File( 359 System.getProperty("user.dir")).toURI(); 360 String uriPath = localDir.toString() + 361 deviceURI.toString().substring(5); 362 return new File(URI.create(uriPath)); 363 } else { 364 return new File(deviceURI); 365 } 366 } catch (URISyntaxException use) { 367 /* 368 * Make best effort to access this File. 369 * We can try using the URL path. 370 */ 371 return new File(device.getPath()); 372 } 373 } 374 }