1 /* 2 * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider; 27 28 import java.io.*; 29 import java.net.*; 30 import java.util.Map; 31 import java.security.*; 32 import sun.security.action.GetPropertyAction; 33 34 /** 35 * Defines the entries of the SUN provider. 36 * 37 * Algorithms supported, and their names: 38 * 39 * - SHA is the message digest scheme described in FIPS 180-1. 40 * Aliases for SHA are SHA-1 and SHA1. 41 * 42 * - SHA1withDSA is the signature scheme described in FIPS 186. 43 * (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.) 44 * Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA, 45 * SHAwithDSA, DSAWithSHA1, and the object 46 * identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and 47 * "OID.1.2.840.10040.4.3". 48 * 49 * - SHA-2 is a set of message digest schemes described in FIPS 180-2. 50 * SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384, 51 * and SHA-512. 52 * 53 * - SHA-224withDSA/SHA-256withDSA are the signature schemes 54 * described in FIPS 186-3. The associated object identifiers are 55 * "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2". 56 57 * - DSA is the key generation scheme as described in FIPS 186. 58 * Aliases for DSA include the OID strings "OID.1.3.14.3.2.12" 59 * and "OID.1.2.840.10040.4.1". 60 * 61 * - MD5 is the message digest scheme described in RFC 1321. 62 * There are no aliases for MD5. 63 * 64 * - X.509 is the certificate factory type for X.509 certificates 65 * and CRLs. Aliases for X.509 are X509. 66 * 67 * - PKIX is the certification path validation algorithm described 68 * in RFC 3280. The ValidationAlgorithm attribute notes the 69 * specification that this provider implements. 70 * 71 * - LDAP is the CertStore type for LDAP repositories. The 72 * LDAPSchema attribute notes the specification defining the 73 * schema that this provider uses to find certificates and CRLs. 74 * 75 * - JavaPolicy is the default file-based Policy type. 76 * 77 * - JavaLoginConfig is the default file-based LoginModule Configuration type. 78 */ 79 80 final class SunEntries { 81 82 private static final boolean useLegacyDSA = 83 Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty 84 ("jdk.security.legacyDSAKeyPairGenerator")); 85 86 private SunEntries() { 87 // empty 88 } 89 90 static void putEntries(Map<Object, Object> map) { 91 92 /* 93 * SecureRandom 94 * 95 * Register these first to speed up "new SecureRandom()", 96 * which iterates through the list of algorithms 97 */ 98 // register the native PRNG, if available 99 // if user selected /dev/urandom, we put it before SHA1PRNG, 100 // otherwise after it 101 boolean nativeAvailable = NativePRNG.isAvailable(); 102 boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) || 103 seedSource.equals(URL_DEV_RANDOM); 104 105 if (nativeAvailable && useNativePRNG) { 106 map.put("SecureRandom.NativePRNG", 107 "sun.security.provider.NativePRNG"); 108 } 109 map.put("SecureRandom.SHA1PRNG", 110 "sun.security.provider.SecureRandom"); 111 if (nativeAvailable && !useNativePRNG) { 112 map.put("SecureRandom.NativePRNG", 113 "sun.security.provider.NativePRNG"); 114 } 115 116 if (NativePRNG.Blocking.isAvailable()) { 117 map.put("SecureRandom.NativePRNGBlocking", 118 "sun.security.provider.NativePRNG$Blocking"); 119 } 120 121 if (NativePRNG.NonBlocking.isAvailable()) { 122 map.put("SecureRandom.NativePRNGNonBlocking", 123 "sun.security.provider.NativePRNG$NonBlocking"); 124 } 125 126 /* 127 * Signature engines 128 */ 129 map.put("Signature.SHA1withDSA", 130 "sun.security.provider.DSA$SHA1withDSA"); 131 map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA"); 132 map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA"); 133 map.put("Signature.SHA224withDSA", 134 "sun.security.provider.DSA$SHA224withDSA"); 135 map.put("Signature.SHA256withDSA", 136 "sun.security.provider.DSA$SHA256withDSA"); 137 138 String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + 139 "|java.security.interfaces.DSAPrivateKey"; 140 map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses); 141 map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses); 142 map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses); 143 map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses); 144 145 map.put("Alg.Alias.Signature.DSA", "SHA1withDSA"); 146 map.put("Alg.Alias.Signature.DSS", "SHA1withDSA"); 147 map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); 148 map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA"); 149 map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA"); 150 map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA"); 151 map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); 152 map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3", 153 "SHA1withDSA"); 154 map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); 155 map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA"); 156 map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA"); 157 map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1", 158 "SHA224withDSA"); 159 map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA"); 160 map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2", 161 "SHA256withDSA"); 162 map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA"); 163 164 /* 165 * Key Pair Generator engines 166 */ 167 String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; 168 dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); 169 map.put("KeyPairGenerator.DSA", dsaKPGImplClass); 170 map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); 171 map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); 172 map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); 173 174 /* 175 * Digest engines 176 */ 177 map.put("MessageDigest.MD2", "sun.security.provider.MD2"); 178 map.put("MessageDigest.MD5", "sun.security.provider.MD5"); 179 map.put("MessageDigest.SHA", "sun.security.provider.SHA"); 180 181 map.put("Alg.Alias.MessageDigest.SHA-1", "SHA"); 182 map.put("Alg.Alias.MessageDigest.SHA1", "SHA"); 183 map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA"); 184 map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA"); 185 186 map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224"); 187 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224"); 188 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", 189 "SHA-224"); 190 191 map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256"); 192 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); 193 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", 194 "SHA-256"); 195 map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384"); 196 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); 197 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", 198 "SHA-384"); 199 map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512"); 200 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); 201 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", 202 "SHA-512"); 203 204 /* 205 * Algorithm Parameter Generator engines 206 */ 207 map.put("AlgorithmParameterGenerator.DSA", 208 "sun.security.provider.DSAParameterGenerator"); 209 210 /* 211 * Algorithm Parameter engines 212 */ 213 map.put("AlgorithmParameters.DSA", 214 "sun.security.provider.DSAParameters"); 215 map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA"); 216 map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA"); 217 map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA"); 218 219 /* 220 * Key factories 221 */ 222 map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory"); 223 map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA"); 224 map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); 225 map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA"); 226 227 /* 228 * Certificates 229 */ 230 map.put("CertificateFactory.X.509", 231 "sun.security.provider.X509Factory"); 232 map.put("Alg.Alias.CertificateFactory.X509", "X.509"); 233 234 /* 235 * KeyStore 236 */ 237 map.put("KeyStore.JKS", 238 "sun.security.provider.JavaKeyStore$DualFormatJKS"); 239 map.put("KeyStore.CaseExactJKS", 240 "sun.security.provider.JavaKeyStore$CaseExactJKS"); 241 map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS"); 242 243 /* 244 * Policy 245 */ 246 map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile"); 247 248 /* 249 * Configuration 250 */ 251 map.put("Configuration.JavaLoginConfig", 252 "sun.security.provider.ConfigFile$Spi"); 253 254 /* 255 * CertPathBuilder 256 */ 257 map.put("CertPathBuilder.PKIX", 258 "sun.security.provider.certpath.SunCertPathBuilder"); 259 map.put("CertPathBuilder.PKIX ValidationAlgorithm", 260 "RFC3280"); 261 262 /* 263 * CertPathValidator 264 */ 265 map.put("CertPathValidator.PKIX", 266 "sun.security.provider.certpath.PKIXCertPathValidator"); 267 map.put("CertPathValidator.PKIX ValidationAlgorithm", 268 "RFC3280"); 269 270 /* 271 * CertStores 272 */ 273 map.put("CertStore.LDAP", 274 "sun.security.provider.certpath.ldap.LDAPCertStore"); 275 map.put("CertStore.LDAP LDAPSchema", "RFC2587"); 276 map.put("CertStore.Collection", 277 "sun.security.provider.certpath.CollectionCertStore"); 278 map.put("CertStore.com.sun.security.IndexedCollection", 279 "sun.security.provider.certpath.IndexedCollectionCertStore"); 280 281 /* 282 * KeySize 283 */ 284 map.put("Signature.NONEwithDSA KeySize", "1024"); 285 map.put("Signature.SHA1withDSA KeySize", "1024"); 286 map.put("Signature.SHA224withDSA KeySize", "2048"); 287 map.put("Signature.SHA256withDSA KeySize", "2048"); 288 289 map.put("KeyPairGenerator.DSA KeySize", "2048"); 290 map.put("AlgorithmParameterGenerator.DSA KeySize", "2048"); 291 292 /* 293 * Implementation type: software or hardware 294 */ 295 map.put("Signature.SHA1withDSA ImplementedIn", "Software"); 296 map.put("KeyPairGenerator.DSA ImplementedIn", "Software"); 297 map.put("MessageDigest.MD5 ImplementedIn", "Software"); 298 map.put("MessageDigest.SHA ImplementedIn", "Software"); 299 map.put("AlgorithmParameterGenerator.DSA ImplementedIn", 300 "Software"); 301 map.put("AlgorithmParameters.DSA ImplementedIn", "Software"); 302 map.put("KeyFactory.DSA ImplementedIn", "Software"); 303 map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); 304 map.put("CertificateFactory.X.509 ImplementedIn", "Software"); 305 map.put("KeyStore.JKS ImplementedIn", "Software"); 306 map.put("CertPathValidator.PKIX ImplementedIn", "Software"); 307 map.put("CertPathBuilder.PKIX ImplementedIn", "Software"); 308 map.put("CertStore.LDAP ImplementedIn", "Software"); 309 map.put("CertStore.Collection ImplementedIn", "Software"); 310 map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn", 311 "Software"); 312 313 } 314 315 // name of the *System* property, takes precedence over PROP_RNDSOURCE 316 private final static String PROP_EGD = "java.security.egd"; 317 // name of the *Security* property 318 private final static String PROP_RNDSOURCE = "securerandom.source"; 319 320 final static String URL_DEV_RANDOM = "file:/dev/random"; 321 final static String URL_DEV_URANDOM = "file:/dev/urandom"; 322 323 private static final String seedSource; 324 325 static { 326 seedSource = AccessController.doPrivileged( 327 new PrivilegedAction<String>() { 328 329 @Override 330 public String run() { 331 String egdSource = System.getProperty(PROP_EGD, ""); 332 if (egdSource.length() != 0) { 333 return egdSource; 334 } 335 egdSource = Security.getProperty(PROP_RNDSOURCE); 336 if (egdSource == null) { 337 return ""; 338 } 339 return egdSource; 340 } 341 }); 342 } 343 344 static String getSeedSource() { 345 return seedSource; 346 } 347 348 /* 349 * Use a URI to access this File. Previous code used a URL 350 * which is less strict on syntax. If we encounter a 351 * URISyntaxException we make best efforts for backwards 352 * compatibility. e.g. space character in deviceName string. 353 * 354 * Method called within PrivilegedExceptionAction block. 355 * 356 * Moved from SeedGenerator to avoid initialization problems with 357 * signed providers. 358 */ 359 static File getDeviceFile(URL device) throws IOException { 360 try { 361 URI deviceURI = device.toURI(); 362 if(deviceURI.isOpaque()) { 363 // File constructor does not accept opaque URI 364 URI localDir = new File( 365 System.getProperty("user.dir")).toURI(); 366 String uriPath = localDir.toString() + 367 deviceURI.toString().substring(5); 368 return new File(URI.create(uriPath)); 369 } else { 370 return new File(deviceURI); 371 } 372 } catch (URISyntaxException use) { 373 /* 374 * Make best effort to access this File. 375 * We can try using the URL path. 376 */ 377 return new File(device.getPath()); 378 } 379 } 380 }