< prev index next >

src/share/classes/sun/security/ssl/JsseJce.java

Print this page
rev 11548 : 8133070: Hot lock on BulkCipher.isAvailable
Reviewed-by: mullan
Contributed-by: xuelei.fan@oracle.com, kungu.mjh@alibaba-inc.com


  38 import java.security.Provider;
  39 
  40 // need internal Sun classes for FIPS tricks
  41 import sun.security.jca.Providers;
  42 import sun.security.jca.ProviderList;
  43 
  44 import sun.security.util.ECUtil;
  45 
  46 import static sun.security.ssl.SunJSSE.cryptoProvider;
  47 
  48 /**
  49  * This class contains a few static methods for interaction with the JCA/JCE
  50  * to obtain implementations, etc.
  51  *
  52  * @author  Andreas Sterbenz
  53  */
  54 final class JsseJce {
  55 
  56     private final static ProviderList fipsProviderList;
  57 
  58     // Flag indicating whether EC crypto is available.
  59     // If null, then we have not checked yet.
  60     // If yes, then all the EC based crypto we need is available.
  61     private static Boolean ecAvailable;
  62 
  63     // Flag indicating whether Kerberos crypto is available.
  64     // If true, then all the Kerberos-based crypto we need is available.
  65     private final static boolean kerberosAvailable;
  66     static {
  67         boolean temp;
  68         try {
  69             AccessController.doPrivileged(
  70                 new PrivilegedExceptionAction<Void>() {
  71                     @Override
  72                     public Void run() throws Exception {
  73                         // Test for Kerberos using the bootstrap class loader
  74                         Class.forName("sun.security.krb5.PrincipalName", true,
  75                                 null);
  76                         return null;
  77                     }
  78                 });
  79             temp = true;
  80 
  81         } catch (Exception e) {
  82             temp = false;


 178      * hashing where the application provides the SHA-1 hash of the data.
 179      */
 180     final static String SIGNATURE_RAWECDSA = "NONEwithECDSA";
 181     /**
 182      * JCA identifier string for Raw RSA, i.e. a RSA PKCS#1 v1.5 signature
 183      * without hashing where the application provides the hash of the data.
 184      * Used for RSA client authentication with a 36 byte hash.
 185      */
 186     final static String SIGNATURE_RAWRSA = "NONEwithRSA";
 187     /**
 188      * JCA identifier string for the SSL/TLS style RSA Signature. I.e.
 189      * an signature using RSA with PKCS#1 v1.5 padding signing a
 190      * concatenation of an MD5 and SHA-1 digest.
 191      */
 192     final static String SIGNATURE_SSLRSA = "MD5andSHA1withRSA";
 193 
 194     private JsseJce() {
 195         // no instantiation of this class
 196     }
 197 
 198     synchronized static boolean isEcAvailable() {
 199         if (ecAvailable == null) {
 200             try {
 201                 JsseJce.getSignature(SIGNATURE_ECDSA);
 202                 JsseJce.getSignature(SIGNATURE_RAWECDSA);
 203                 JsseJce.getKeyAgreement("ECDH");
 204                 JsseJce.getKeyFactory("EC");
 205                 JsseJce.getKeyPairGenerator("EC");
 206                 ecAvailable = true;
 207             } catch (Exception e) {
 208                 ecAvailable = false;
 209             }
 210         }
 211         return ecAvailable;
 212     }
 213 
 214     synchronized static void clearEcAvailable() {
 215         ecAvailable = null;
 216     }
 217 
 218     static boolean isKerberosAvailable() {
 219         return kerberosAvailable;
 220     }
 221 
 222     /**
 223      * Return an JCE cipher implementation for the specified algorithm.
 224      */
 225     static Cipher getCipher(String transformation)
 226             throws NoSuchAlgorithmException {
 227         try {
 228             if (cryptoProvider == null) {
 229                 return Cipher.getInstance(transformation);
 230             } else {
 231                 return Cipher.getInstance(transformation, cryptoProvider);
 232             }
 233         } catch (NoSuchPaddingException e) {
 234             throw new NoSuchAlgorithmException(e);
 235         }


 397     static byte[] encodePoint(ECPoint point, EllipticCurve curve) {
 398         return ECUtil.encodePoint(point, curve);
 399     }
 400 
 401     // In FIPS mode, set thread local providers; otherwise a no-op.
 402     // Must be paired with endFipsProvider.
 403     static Object beginFipsProvider() {
 404         if (fipsProviderList == null) {
 405             return null;
 406         } else {
 407             return Providers.beginThreadProviderList(fipsProviderList);
 408         }
 409     }
 410 
 411     static void endFipsProvider(Object o) {
 412         if (fipsProviderList != null) {
 413             Providers.endThreadProviderList((ProviderList)o);
 414         }
 415     }
 416 























 417 }


  38 import java.security.Provider;
  39 
  40 // need internal Sun classes for FIPS tricks
  41 import sun.security.jca.Providers;
  42 import sun.security.jca.ProviderList;
  43 
  44 import sun.security.util.ECUtil;
  45 
  46 import static sun.security.ssl.SunJSSE.cryptoProvider;
  47 
  48 /**
  49  * This class contains a few static methods for interaction with the JCA/JCE
  50  * to obtain implementations, etc.
  51  *
  52  * @author  Andreas Sterbenz
  53  */
  54 final class JsseJce {
  55 
  56     private final static ProviderList fipsProviderList;
  57 





  58     // Flag indicating whether Kerberos crypto is available.
  59     // If true, then all the Kerberos-based crypto we need is available.
  60     private final static boolean kerberosAvailable;
  61     static {
  62         boolean temp;
  63         try {
  64             AccessController.doPrivileged(
  65                 new PrivilegedExceptionAction<Void>() {
  66                     @Override
  67                     public Void run() throws Exception {
  68                         // Test for Kerberos using the bootstrap class loader
  69                         Class.forName("sun.security.krb5.PrincipalName", true,
  70                                 null);
  71                         return null;
  72                     }
  73                 });
  74             temp = true;
  75 
  76         } catch (Exception e) {
  77             temp = false;


 173      * hashing where the application provides the SHA-1 hash of the data.
 174      */
 175     final static String SIGNATURE_RAWECDSA = "NONEwithECDSA";
 176     /**
 177      * JCA identifier string for Raw RSA, i.e. a RSA PKCS#1 v1.5 signature
 178      * without hashing where the application provides the hash of the data.
 179      * Used for RSA client authentication with a 36 byte hash.
 180      */
 181     final static String SIGNATURE_RAWRSA = "NONEwithRSA";
 182     /**
 183      * JCA identifier string for the SSL/TLS style RSA Signature. I.e.
 184      * an signature using RSA with PKCS#1 v1.5 padding signing a
 185      * concatenation of an MD5 and SHA-1 digest.
 186      */
 187     final static String SIGNATURE_SSLRSA = "MD5andSHA1withRSA";
 188 
 189     private JsseJce() {
 190         // no instantiation of this class
 191     }
 192 
 193     static boolean isEcAvailable() {
 194         return EcAvailability.isAvailable;
















 195     }
 196 
 197     static boolean isKerberosAvailable() {
 198         return kerberosAvailable;
 199     }
 200 
 201     /**
 202      * Return an JCE cipher implementation for the specified algorithm.
 203      */
 204     static Cipher getCipher(String transformation)
 205             throws NoSuchAlgorithmException {
 206         try {
 207             if (cryptoProvider == null) {
 208                 return Cipher.getInstance(transformation);
 209             } else {
 210                 return Cipher.getInstance(transformation, cryptoProvider);
 211             }
 212         } catch (NoSuchPaddingException e) {
 213             throw new NoSuchAlgorithmException(e);
 214         }


 376     static byte[] encodePoint(ECPoint point, EllipticCurve curve) {
 377         return ECUtil.encodePoint(point, curve);
 378     }
 379 
 380     // In FIPS mode, set thread local providers; otherwise a no-op.
 381     // Must be paired with endFipsProvider.
 382     static Object beginFipsProvider() {
 383         if (fipsProviderList == null) {
 384             return null;
 385         } else {
 386             return Providers.beginThreadProviderList(fipsProviderList);
 387         }
 388     }
 389 
 390     static void endFipsProvider(Object o) {
 391         if (fipsProviderList != null) {
 392             Providers.endThreadProviderList((ProviderList)o);
 393         }
 394     }
 395 
 396 
 397     // lazy initialization holder class idiom for static default parameters
 398     //
 399     // See Effective Java Second Edition: Item 71.
 400     private static class EcAvailability {
 401         // Is EC crypto available?
 402         private final static boolean isAvailable;
 403 
 404         static {
 405             boolean mediator = true;
 406             try {
 407                 JsseJce.getSignature(SIGNATURE_ECDSA);
 408                 JsseJce.getSignature(SIGNATURE_RAWECDSA);
 409                 JsseJce.getKeyAgreement("ECDH");
 410                 JsseJce.getKeyFactory("EC");
 411                 JsseJce.getKeyPairGenerator("EC");
 412             } catch (Exception e) {
 413                 mediator = false;
 414             }
 415 
 416             isAvailable = mediator;
 417         }
 418     }
 419 }
< prev index next >