1 /*
2 * Copyright (c) 1996, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import java.io.*;
29 import java.net.*;
30 import java.util.Map;
31 import java.security.*;
32 import sun.security.action.GetPropertyAction;
33
34 /**
35 * Defines the entries of the SUN provider.
36 *
37 * Algorithms supported, and their names:
38 *
39 * - SHA is the message digest scheme described in FIPS 180-1.
40 * Aliases for SHA are SHA-1 and SHA1.
41 *
42 * - SHA1withDSA is the signature scheme described in FIPS 186.
43 * (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.)
44 * Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA,
45 * SHAwithDSA, DSAWithSHA1, and the object
46 * identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and
47 * "OID.1.2.840.10040.4.3".
48 *
49 * - SHA-2 is a set of message digest schemes described in FIPS 180-2.
50 * SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384,
51 * and SHA-512.
52 *
53 * - SHA-224withDSA/SHA-256withDSA are the signature schemes
54 * described in FIPS 186-3. The associated object identifiers are
55 * "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2".
56
57 * - DSA is the key generation scheme as described in FIPS 186.
58 * Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"
59 * and "OID.1.2.840.10040.4.1".
60 *
61 * - MD5 is the message digest scheme described in RFC 1321.
62 * There are no aliases for MD5.
63 *
64 * - X.509 is the certificate factory type for X.509 certificates
65 * and CRLs. Aliases for X.509 are X509.
66 *
67 * - PKIX is the certification path validation algorithm described
68 * in RFC 3280. The ValidationAlgorithm attribute notes the
69 * specification that this provider implements.
70 *
71 * - LDAP is the CertStore type for LDAP repositories. The
72 * LDAPSchema attribute notes the specification defining the
73 * schema that this provider uses to find certificates and CRLs.
74 *
75 * - JavaPolicy is the default file-based Policy type.
76 *
77 * - JavaLoginConfig is the default file-based LoginModule Configuration type.
78 */
79
80 final class SunEntries {
81
82 private static final boolean useLegacyDSA =
83 Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty
84 ("jdk.security.legacyDSAKeyPairGenerator"));
85
86 private SunEntries() {
87 // empty
88 }
89
90 static void putEntries(Map<Object, Object> map) {
91
92 /*
93 * SecureRandom
94 *
95 * Register these first to speed up "new SecureRandom()",
96 * which iterates through the list of algorithms
97 */
98 // register the native PRNG, if available
99 // if user selected /dev/urandom, we put it before SHA1PRNG,
100 // otherwise after it
101 boolean nativeAvailable = NativePRNG.isAvailable();
102 boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) ||
103 seedSource.equals(URL_DEV_RANDOM);
104
105 if (nativeAvailable && useNativePRNG) {
106 map.put("SecureRandom.NativePRNG",
107 "sun.security.provider.NativePRNG");
108 }
109 map.put("SecureRandom.SHA1PRNG",
110 "sun.security.provider.SecureRandom");
111 if (nativeAvailable && !useNativePRNG) {
112 map.put("SecureRandom.NativePRNG",
113 "sun.security.provider.NativePRNG");
114 }
115
116 if (NativePRNG.Blocking.isAvailable()) {
117 map.put("SecureRandom.NativePRNGBlocking",
118 "sun.security.provider.NativePRNG$Blocking");
119 }
120
121 if (NativePRNG.NonBlocking.isAvailable()) {
122 map.put("SecureRandom.NativePRNGNonBlocking",
123 "sun.security.provider.NativePRNG$NonBlocking");
124 }
125
126 /*
127 * Signature engines
128 */
129 map.put("Signature.SHA1withDSA",
130 "sun.security.provider.DSA$SHA1withDSA");
131 map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA");
132 map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA");
133 map.put("Signature.SHA224withDSA",
134 "sun.security.provider.DSA$SHA224withDSA");
135 map.put("Signature.SHA256withDSA",
136 "sun.security.provider.DSA$SHA256withDSA");
137
138 String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
139 "|java.security.interfaces.DSAPrivateKey";
140 map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses);
141 map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses);
142 map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses);
143 map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses);
144
145 map.put("Alg.Alias.Signature.DSA", "SHA1withDSA");
146 map.put("Alg.Alias.Signature.DSS", "SHA1withDSA");
147 map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
148 map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
149 map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
150 map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
151 map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
152 map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3",
153 "SHA1withDSA");
154 map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
155 map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");
156 map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");
157 map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1",
158 "SHA224withDSA");
159 map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA");
160 map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2",
161 "SHA256withDSA");
162 map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA");
163
164 /*
165 * Key Pair Generator engines
166 */
167 String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
168 dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
169 map.put("KeyPairGenerator.DSA", dsaKPGImplClass);
170 map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
171 map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
172 map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
173
174 /*
175 * Digest engines
176 */
177 map.put("MessageDigest.MD2", "sun.security.provider.MD2");
178 map.put("MessageDigest.MD5", "sun.security.provider.MD5");
179 map.put("MessageDigest.SHA", "sun.security.provider.SHA");
180
181 map.put("Alg.Alias.MessageDigest.SHA-1", "SHA");
182 map.put("Alg.Alias.MessageDigest.SHA1", "SHA");
183 map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA");
184 map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA");
185
186 map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224");
187 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224");
188 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4",
189 "SHA-224");
190
191 map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256");
192 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256");
193 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1",
194 "SHA-256");
195 map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384");
196 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384");
197 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2",
198 "SHA-384");
199 map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512");
200 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512");
201 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3",
202 "SHA-512");
203
204 /*
205 * Algorithm Parameter Generator engines
206 */
207 map.put("AlgorithmParameterGenerator.DSA",
208 "sun.security.provider.DSAParameterGenerator");
209
210 /*
211 * Algorithm Parameter engines
212 */
213 map.put("AlgorithmParameters.DSA",
214 "sun.security.provider.DSAParameters");
215 map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA");
216 map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA");
217 map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA");
218
219 /*
220 * Key factories
221 */
222 map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory");
223 map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA");
224 map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
225 map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");
226
227 /*
228 * Certificates
229 */
230 map.put("CertificateFactory.X.509",
231 "sun.security.provider.X509Factory");
232 map.put("Alg.Alias.CertificateFactory.X509", "X.509");
233
234 /*
235 * KeyStore
236 */
237 map.put("KeyStore.JKS",
238 "sun.security.provider.JavaKeyStore$DualFormatJKS");
239 map.put("KeyStore.CaseExactJKS",
240 "sun.security.provider.JavaKeyStore$CaseExactJKS");
241 map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS");
242
243 /*
244 * Policy
245 */
246 map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile");
247
248 /*
249 * Configuration
250 */
251 map.put("Configuration.JavaLoginConfig",
252 "sun.security.provider.ConfigFile$Spi");
253
254 /*
255 * CertPathBuilder
256 */
257 map.put("CertPathBuilder.PKIX",
258 "sun.security.provider.certpath.SunCertPathBuilder");
259 map.put("CertPathBuilder.PKIX ValidationAlgorithm",
260 "RFC3280");
261
262 /*
263 * CertPathValidator
264 */
265 map.put("CertPathValidator.PKIX",
266 "sun.security.provider.certpath.PKIXCertPathValidator");
267 map.put("CertPathValidator.PKIX ValidationAlgorithm",
268 "RFC3280");
269
270 /*
271 * CertStores
272 */
273 map.put("CertStore.LDAP",
274 "sun.security.provider.certpath.ldap.LDAPCertStore");
275 map.put("CertStore.LDAP LDAPSchema", "RFC2587");
276 map.put("CertStore.Collection",
277 "sun.security.provider.certpath.CollectionCertStore");
278 map.put("CertStore.com.sun.security.IndexedCollection",
279 "sun.security.provider.certpath.IndexedCollectionCertStore");
280
281 /*
282 * KeySize
283 */
284 map.put("Signature.NONEwithDSA KeySize", "1024");
285 map.put("Signature.SHA1withDSA KeySize", "1024");
286 map.put("Signature.SHA224withDSA KeySize", "2048");
287 map.put("Signature.SHA256withDSA KeySize", "2048");
288
289 map.put("KeyPairGenerator.DSA KeySize", "2048");
290 map.put("AlgorithmParameterGenerator.DSA KeySize", "2048");
291
292 /*
293 * Implementation type: software or hardware
294 */
295 map.put("Signature.SHA1withDSA ImplementedIn", "Software");
296 map.put("KeyPairGenerator.DSA ImplementedIn", "Software");
297 map.put("MessageDigest.MD5 ImplementedIn", "Software");
298 map.put("MessageDigest.SHA ImplementedIn", "Software");
299 map.put("AlgorithmParameterGenerator.DSA ImplementedIn",
300 "Software");
301 map.put("AlgorithmParameters.DSA ImplementedIn", "Software");
302 map.put("KeyFactory.DSA ImplementedIn", "Software");
303 map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software");
304 map.put("CertificateFactory.X.509 ImplementedIn", "Software");
305 map.put("KeyStore.JKS ImplementedIn", "Software");
306 map.put("CertPathValidator.PKIX ImplementedIn", "Software");
307 map.put("CertPathBuilder.PKIX ImplementedIn", "Software");
308 map.put("CertStore.LDAP ImplementedIn", "Software");
309 map.put("CertStore.Collection ImplementedIn", "Software");
310 map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn",
311 "Software");
312
313 }
314
315 // name of the *System* property, takes precedence over PROP_RNDSOURCE
316 private final static String PROP_EGD = "java.security.egd";
317 // name of the *Security* property
318 private final static String PROP_RNDSOURCE = "securerandom.source";
319
320 final static String URL_DEV_RANDOM = "file:/dev/random";
321 final static String URL_DEV_URANDOM = "file:/dev/urandom";
322
323 private static final String seedSource;
324
325 static {
326 seedSource = AccessController.doPrivileged(
327 new PrivilegedAction<String>() {
328
329 @Override
330 public String run() {
331 String egdSource = System.getProperty(PROP_EGD, "");
332 if (egdSource.length() != 0) {
333 return egdSource;
334 }
335 egdSource = Security.getProperty(PROP_RNDSOURCE);
336 if (egdSource == null) {
337 return "";
338 }
339 return egdSource;
340 }
341 });
342 }
343
344 static String getSeedSource() {
345 return seedSource;
346 }
347
348 /*
349 * Use a URI to access this File. Previous code used a URL
350 * which is less strict on syntax. If we encounter a
351 * URISyntaxException we make best efforts for backwards
352 * compatibility. e.g. space character in deviceName string.
353 *
354 * Method called within PrivilegedExceptionAction block.
355 *
356 * Moved from SeedGenerator to avoid initialization problems with
357 * signed providers.
358 */
359 static File getDeviceFile(URL device) throws IOException {
360 try {
361 URI deviceURI = device.toURI();
362 if(deviceURI.isOpaque()) {
363 // File constructor does not accept opaque URI
364 URI localDir = new File(
365 System.getProperty("user.dir")).toURI();
366 String uriPath = localDir.toString() +
367 deviceURI.toString().substring(5);
368 return new File(URI.create(uriPath));
369 } else {
370 return new File(deviceURI);
371 }
372 } catch (URISyntaxException use) {
373 /*
374 * Make best effort to access this File.
375 * We can try using the URL path.
376 */
377 return new File(device.getPath());
378 }
379 }
380 }