1 /*
2 * Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security;
27
28 import java.io.*;
29 import java.util.*;
30 import static java.util.Locale.ENGLISH;
31 import java.lang.ref.*;
32 import java.lang.reflect.*;
33
34 import java.security.cert.CertStoreParameters;
35 import javax.security.auth.login.Configuration;
36
37 /**
38 * This class represents a "provider" for the
39 * Java Security API, where a provider implements some or all parts of
40 * Java Security. Services that a provider may implement include:
41 *
42 * <ul>
43 *
44 * <li>Algorithms (such as DSA, RSA, MD5 or SHA-1).
45 *
46 * <li>Key generation, conversion, and management facilities (such as for
47 * algorithm-specific keys).
48 *
49 *</ul>
50 *
51 * <p>Each provider has a name and a version number, and is configured
52 * in each runtime it is installed in.
53 *
54 * <p>See <a href =
55 * "../../../technotes/guides/security/crypto/CryptoSpec.html#Provider">The Provider Class</a>
56 * in the "Java Cryptography Architecture API Specification & Reference"
57 * for information about how a particular type of provider, the
58 * cryptographic service provider, works and is installed. However,
59 * please note that a provider can be used to implement any security
60 * service in Java that uses a pluggable architecture with a choice
61 * of implementations that fit underneath.
62 *
63 * <p>Some provider implementations may encounter unrecoverable internal
64 * errors during their operation, for example a failure to communicate with a
65 * security token. A {@link ProviderException} should be used to indicate
66 * such errors.
67 *
68 * <p>The service type <code>Provider</code> is reserved for use by the
69 * security framework. Services of this type cannot be added, removed,
70 * or modified by applications.
71 * The following attributes are automatically placed in each Provider object:
72 * <table cellspacing=4>
73 * <tr><th>Name</th><th>Value</th>
74 * <tr><td><code>Provider.id name</code></td>
75 * <td><code>String.valueOf(provider.getName())</code></td>
76 * <tr><td><code>Provider.id version</code></td>
77 * <td><code>String.valueOf(provider.getVersion())</code></td>
78 * <tr><td><code>Provider.id info</code></td>
79 <td><code>String.valueOf(provider.getInfo())</code></td>
80 * <tr><td><code>Provider.id className</code></td>
81 * <td><code>provider.getClass().getName()</code></td>
82 * </table>
83 *
84 * @author Benjamin Renaud
85 * @author Andreas Sterbenz
86 */
87 public abstract class Provider extends Properties {
88
89 // Declare serialVersionUID to be compatible with JDK1.1
90 static final long serialVersionUID = -4298000515446427739L;
91
92 private static final sun.security.util.Debug debug =
93 sun.security.util.Debug.getInstance
94 ("provider", "Provider");
95
96 /**
97 * The provider name.
98 *
99 * @serial
100 */
101 private String name;
102
103 /**
104 * A description of the provider and its services.
105 *
106 * @serial
107 */
108 private String info;
109
110 /**
111 * The provider version number.
112 *
113 * @serial
114 */
115 private double version;
116
117
118 private transient Set<Map.Entry<Object,Object>> entrySet = null;
119 private transient int entrySetCallCount = 0;
120
121 private transient boolean initialized;
122
123 /**
124 * Constructs a provider with the specified name, version number,
125 * and information.
126 *
127 * @param name the provider name.
128 *
129 * @param version the provider version number.
130 *
131 * @param info a description of the provider and its services.
132 */
133 protected Provider(String name, double version, String info) {
134 this.name = name;
135 this.version = version;
136 this.info = info;
137 putId();
138 initialized = true;
139 }
140
141 /**
142 * Returns the name of this provider.
143 *
144 * @return the name of this provider.
145 */
146 public String getName() {
147 return name;
148 }
149
150 /**
151 * Returns the version number for this provider.
152 *
153 * @return the version number for this provider.
154 */
155 public double getVersion() {
156 return version;
157 }
158
159 /**
160 * Returns a human-readable description of the provider and its
161 * services. This may return an HTML page, with relevant links.
162 *
163 * @return a description of the provider and its services.
164 */
165 public String getInfo() {
166 return info;
167 }
168
169 /**
170 * Returns a string with the name and the version number
171 * of this provider.
172 *
173 * @return the string with the name and the version number
174 * for this provider.
175 */
176 public String toString() {
177 return name + " version " + version;
178 }
179
180 /*
181 * override the following methods to ensure that provider
182 * information can only be changed if the caller has the appropriate
183 * permissions.
184 */
185
186 /**
187 * Clears this provider so that it no longer contains the properties
188 * used to look up facilities implemented by the provider.
189 *
190 * <p>First, if there is a security manager, its
191 * <code>checkSecurityAccess</code> method is called with the string
192 * <code>"clearProviderProperties."+name</code> (where <code>name</code>
193 * is the provider name) to see if it's ok to clear this provider.
194 * If the default implementation of <code>checkSecurityAccess</code>
195 * is used (that is, that method is not overriden), then this results in
196 * a call to the security manager's <code>checkPermission</code> method
197 * with a <code>SecurityPermission("clearProviderProperties."+name)</code>
198 * permission.
199 *
200 * @throws SecurityException
201 * if a security manager exists and its <code>{@link
202 * java.lang.SecurityManager#checkSecurityAccess}</code> method
203 * denies access to clear this provider
204 *
205 * @since 1.2
206 */
207 public synchronized void clear() {
208 check("clearProviderProperties."+name);
209 if (debug != null) {
210 debug.println("Remove " + name + " provider properties");
211 }
212 implClear();
213 }
214
215 /**
216 * Reads a property list (key and element pairs) from the input stream.
217 *
218 * @param inStream the input stream.
219 * @exception IOException if an error occurred when reading from the
220 * input stream.
221 * @see java.util.Properties#load
222 */
223 public synchronized void load(InputStream inStream) throws IOException {
224 check("putProviderProperty."+name);
225 if (debug != null) {
226 debug.println("Load " + name + " provider properties");
227 }
228 Properties tempProperties = new Properties();
229 tempProperties.load(inStream);
230 implPutAll(tempProperties);
231 }
232
233 /**
234 * Copies all of the mappings from the specified Map to this provider.
235 * These mappings will replace any properties that this provider had
236 * for any of the keys currently in the specified Map.
237 *
238 * @since 1.2
239 */
240 public synchronized void putAll(Map<?,?> t) {
241 check("putProviderProperty."+name);
242 if (debug != null) {
243 debug.println("Put all " + name + " provider properties");
244 }
245 implPutAll(t);
246 }
247
248 /**
249 * Returns an unmodifiable Set view of the property entries contained
250 * in this Provider.
251 *
252 * @see java.util.Map.Entry
253 * @since 1.2
254 */
255 public synchronized Set<Map.Entry<Object,Object>> entrySet() {
256 checkInitialized();
257 if (entrySet == null) {
258 if (entrySetCallCount++ == 0) // Initial call
259 entrySet = Collections.unmodifiableMap(this).entrySet();
260 else
261 return super.entrySet(); // Recursive call
262 }
263
264 // This exception will be thrown if the implementation of
265 // Collections.unmodifiableMap.entrySet() is changed such that it
266 // no longer calls entrySet() on the backing Map. (Provider's
267 // entrySet implementation depends on this "implementation detail",
268 // which is unlikely to change.
269 if (entrySetCallCount != 2)
270 throw new RuntimeException("Internal error.");
271
272 return entrySet;
273 }
274
275 /**
276 * Returns an unmodifiable Set view of the property keys contained in
277 * this provider.
278 *
279 * @since 1.2
280 */
281 public Set<Object> keySet() {
282 checkInitialized();
283 return Collections.unmodifiableSet(super.keySet());
284 }
285
286 /**
287 * Returns an unmodifiable Collection view of the property values
288 * contained in this provider.
289 *
290 * @since 1.2
291 */
292 public Collection<Object> values() {
293 checkInitialized();
294 return Collections.unmodifiableCollection(super.values());
295 }
296
297 /**
298 * Sets the <code>key</code> property to have the specified
299 * <code>value</code>.
300 *
301 * <p>First, if there is a security manager, its
302 * <code>checkSecurityAccess</code> method is called with the string
303 * <code>"putProviderProperty."+name</code>, where <code>name</code> is the
304 * provider name, to see if it's ok to set this provider's property values.
305 * If the default implementation of <code>checkSecurityAccess</code>
306 * is used (that is, that method is not overriden), then this results in
307 * a call to the security manager's <code>checkPermission</code> method
308 * with a <code>SecurityPermission("putProviderProperty."+name)</code>
309 * permission.
310 *
311 * @param key the property key.
312 *
313 * @param value the property value.
314 *
315 * @return the previous value of the specified property
316 * (<code>key</code>), or null if it did not have one.
317 *
318 * @throws SecurityException
319 * if a security manager exists and its <code>{@link
320 * java.lang.SecurityManager#checkSecurityAccess}</code> method
321 * denies access to set property values.
322 *
323 * @since 1.2
324 */
325 public synchronized Object put(Object key, Object value) {
326 check("putProviderProperty."+name);
327 if (debug != null) {
328 debug.println("Set " + name + " provider property [" +
329 key + "/" + value +"]");
330 }
331 return implPut(key, value);
332 }
333
334 /**
335 * Removes the <code>key</code> property (and its corresponding
336 * <code>value</code>).
337 *
338 * <p>First, if there is a security manager, its
339 * <code>checkSecurityAccess</code> method is called with the string
340 * <code>"removeProviderProperty."+name</code>, where <code>name</code> is
341 * the provider name, to see if it's ok to remove this provider's
342 * properties. If the default implementation of
343 * <code>checkSecurityAccess</code> is used (that is, that method is not
344 * overriden), then this results in a call to the security manager's
345 * <code>checkPermission</code> method with a
346 * <code>SecurityPermission("removeProviderProperty."+name)</code>
347 * permission.
348 *
349 * @param key the key for the property to be removed.
350 *
351 * @return the value to which the key had been mapped,
352 * or null if the key did not have a mapping.
353 *
354 * @throws SecurityException
355 * if a security manager exists and its <code>{@link
356 * java.lang.SecurityManager#checkSecurityAccess}</code> method
357 * denies access to remove this provider's properties.
358 *
359 * @since 1.2
360 */
361 public synchronized Object remove(Object key) {
362 check("removeProviderProperty."+name);
363 if (debug != null) {
364 debug.println("Remove " + name + " provider property " + key);
365 }
366 return implRemove(key);
367 }
368
369 // let javadoc show doc from superclass
370 public Object get(Object key) {
371 checkInitialized();
372 return super.get(key);
373 }
374
375 // let javadoc show doc from superclass
376 public Enumeration<Object> keys() {
377 checkInitialized();
378 return super.keys();
379 }
380
381 // let javadoc show doc from superclass
382 public Enumeration<Object> elements() {
383 checkInitialized();
384 return super.elements();
385 }
386
387 // let javadoc show doc from superclass
388 public String getProperty(String key) {
389 checkInitialized();
390 return super.getProperty(key);
391 }
392
393 private void checkInitialized() {
394 if (!initialized) {
395 throw new IllegalStateException();
396 }
397 }
398
399 private void check(String directive) {
400 checkInitialized();
401 SecurityManager security = System.getSecurityManager();
402 if (security != null) {
403 security.checkSecurityAccess(directive);
404 }
405 }
406
407 // legacy properties changed since last call to any services method?
408 private transient boolean legacyChanged;
409 // serviceMap changed since last call to getServices()
410 private transient boolean servicesChanged;
411
412 // Map<String,String>
413 private transient Map<String,String> legacyStrings;
414
415 // Map<ServiceKey,Service>
416 // used for services added via putService(), initialized on demand
417 private transient Map<ServiceKey,Service> serviceMap;
418
419 // Map<ServiceKey,Service>
420 // used for services added via legacy methods, init on demand
421 private transient Map<ServiceKey,Service> legacyMap;
422
423 // Set<Service>
424 // Unmodifiable set of all services. Initialized on demand.
425 private transient Set<Service> serviceSet;
426
427 // register the id attributes for this provider
428 // this is to ensure that equals() and hashCode() do not incorrectly
429 // report to different provider objects as the same
430 private void putId() {
431 // note: name and info may be null
432 super.put("Provider.id name", String.valueOf(name));
433 super.put("Provider.id version", String.valueOf(version));
434 super.put("Provider.id info", String.valueOf(info));
435 super.put("Provider.id className", this.getClass().getName());
436 }
437
438 private void readObject(ObjectInputStream in)
439 throws IOException, ClassNotFoundException {
440 Map<Object,Object> copy = new HashMap<>();
441 for (Map.Entry<Object,Object> entry : super.entrySet()) {
442 copy.put(entry.getKey(), entry.getValue());
443 }
444 defaults = null;
445 in.defaultReadObject();
446 implClear();
447 initialized = true;
448 putAll(copy);
449 }
450
451 /**
452 * Copies all of the mappings from the specified Map to this provider.
453 * Internal method to be called AFTER the security check has been
454 * performed.
455 */
456 private void implPutAll(Map t) {
457 for (Map.Entry e : ((Map<?,?>)t).entrySet()) {
458 implPut(e.getKey(), e.getValue());
459 }
460 }
461
462 private Object implRemove(Object key) {
463 if (key instanceof String) {
464 String keyString = (String)key;
465 if (keyString.startsWith("Provider.")) {
466 return null;
467 }
468 legacyChanged = true;
469 if (legacyStrings == null) {
470 legacyStrings = new LinkedHashMap<String,String>();
471 }
472 legacyStrings.remove(keyString);
473 }
474 return super.remove(key);
475 }
476
477 private Object implPut(Object key, Object value) {
478 if ((key instanceof String) && (value instanceof String)) {
479 String keyString = (String)key;
480 if (keyString.startsWith("Provider.")) {
481 return null;
482 }
483 legacyChanged = true;
484 if (legacyStrings == null) {
485 legacyStrings = new LinkedHashMap<String,String>();
486 }
487 legacyStrings.put(keyString, (String)value);
488 }
489 return super.put(key, value);
490 }
491
492 private void implClear() {
493 if (legacyStrings != null) {
494 legacyStrings.clear();
495 }
496 if (legacyMap != null) {
497 legacyMap.clear();
498 }
499 if (serviceMap != null) {
500 serviceMap.clear();
501 }
502 legacyChanged = false;
503 servicesChanged = false;
504 serviceSet = null;
505 super.clear();
506 putId();
507 }
508
509 // used as key in the serviceMap and legacyMap HashMaps
510 private static class ServiceKey {
511 private final String type;
512 private final String algorithm;
513 private final String originalAlgorithm;
514 private ServiceKey(String type, String algorithm, boolean intern) {
515 this.type = type;
516 this.originalAlgorithm = algorithm;
517 algorithm = algorithm.toUpperCase(ENGLISH);
518 this.algorithm = intern ? algorithm.intern() : algorithm;
519 }
520 public int hashCode() {
521 return type.hashCode() + algorithm.hashCode();
522 }
523 public boolean equals(Object obj) {
524 if (this == obj) {
525 return true;
526 }
527 if (obj instanceof ServiceKey == false) {
528 return false;
529 }
530 ServiceKey other = (ServiceKey)obj;
531 return this.type.equals(other.type)
532 && this.algorithm.equals(other.algorithm);
533 }
534 boolean matches(String type, String algorithm) {
535 return (this.type == type) && (this.originalAlgorithm == algorithm);
536 }
537 }
538
539 /**
540 * Ensure all the legacy String properties are fully parsed into
541 * service objects.
542 */
543 private void ensureLegacyParsed() {
544 if ((legacyChanged == false) || (legacyStrings == null)) {
545 return;
546 }
547 serviceSet = null;
548 if (legacyMap == null) {
549 legacyMap = new LinkedHashMap<ServiceKey,Service>();
550 } else {
551 legacyMap.clear();
552 }
553 for (Map.Entry<String,String> entry : legacyStrings.entrySet()) {
554 parseLegacyPut(entry.getKey(), entry.getValue());
555 }
556 removeInvalidServices(legacyMap);
557 legacyChanged = false;
558 }
559
560 /**
561 * Remove all invalid services from the Map. Invalid services can only
562 * occur if the legacy properties are inconsistent or incomplete.
563 */
564 private void removeInvalidServices(Map<ServiceKey,Service> map) {
565 for (Iterator t = map.entrySet().iterator(); t.hasNext(); ) {
566 Map.Entry entry = (Map.Entry)t.next();
567 Service s = (Service)entry.getValue();
568 if (s.isValid() == false) {
569 t.remove();
570 }
571 }
572 }
573
574 private String[] getTypeAndAlgorithm(String key) {
575 int i = key.indexOf(".");
576 if (i < 1) {
577 if (debug != null) {
578 debug.println("Ignoring invalid entry in provider "
579 + name + ":" + key);
580 }
581 return null;
582 }
583 String type = key.substring(0, i);
584 String alg = key.substring(i + 1);
585 return new String[] {type, alg};
586 }
587
588 private final static String ALIAS_PREFIX = "Alg.Alias.";
589 private final static String ALIAS_PREFIX_LOWER = "alg.alias.";
590 private final static int ALIAS_LENGTH = ALIAS_PREFIX.length();
591
592 private void parseLegacyPut(String name, String value) {
593 if (name.toLowerCase(ENGLISH).startsWith(ALIAS_PREFIX_LOWER)) {
594 // e.g. put("Alg.Alias.MessageDigest.SHA", "SHA-1");
595 // aliasKey ~ MessageDigest.SHA
596 String stdAlg = value;
597 String aliasKey = name.substring(ALIAS_LENGTH);
598 String[] typeAndAlg = getTypeAndAlgorithm(aliasKey);
599 if (typeAndAlg == null) {
600 return;
601 }
602 String type = getEngineName(typeAndAlg[0]);
603 String aliasAlg = typeAndAlg[1].intern();
604 ServiceKey key = new ServiceKey(type, stdAlg, true);
605 Service s = legacyMap.get(key);
606 if (s == null) {
607 s = new Service(this);
608 s.type = type;
609 s.algorithm = stdAlg;
610 legacyMap.put(key, s);
611 }
612 legacyMap.put(new ServiceKey(type, aliasAlg, true), s);
613 s.addAlias(aliasAlg);
614 } else {
615 String[] typeAndAlg = getTypeAndAlgorithm(name);
616 if (typeAndAlg == null) {
617 return;
618 }
619 int i = typeAndAlg[1].indexOf(' ');
620 if (i == -1) {
621 // e.g. put("MessageDigest.SHA-1", "sun.security.provider.SHA");
622 String type = getEngineName(typeAndAlg[0]);
623 String stdAlg = typeAndAlg[1].intern();
624 String className = value;
625 ServiceKey key = new ServiceKey(type, stdAlg, true);
626 Service s = legacyMap.get(key);
627 if (s == null) {
628 s = new Service(this);
629 s.type = type;
630 s.algorithm = stdAlg;
631 legacyMap.put(key, s);
632 }
633 s.className = className;
634 } else { // attribute
635 // e.g. put("MessageDigest.SHA-1 ImplementedIn", "Software");
636 String attributeValue = value;
637 String type = getEngineName(typeAndAlg[0]);
638 String attributeString = typeAndAlg[1];
639 String stdAlg = attributeString.substring(0, i).intern();
640 String attributeName = attributeString.substring(i + 1);
641 // kill additional spaces
642 while (attributeName.startsWith(" ")) {
643 attributeName = attributeName.substring(1);
644 }
645 attributeName = attributeName.intern();
646 ServiceKey key = new ServiceKey(type, stdAlg, true);
647 Service s = legacyMap.get(key);
648 if (s == null) {
649 s = new Service(this);
650 s.type = type;
651 s.algorithm = stdAlg;
652 legacyMap.put(key, s);
653 }
654 s.addAttribute(attributeName, attributeValue);
655 }
656 }
657 }
658
659 /**
660 * Get the service describing this Provider's implementation of the
661 * specified type of this algorithm or alias. If no such
662 * implementation exists, this method returns null. If there are two
663 * matching services, one added to this provider using
664 * {@link #putService putService()} and one added via {@link #put put()},
665 * the service added via {@link #putService putService()} is returned.
666 *
667 * @param type the type of {@link Service service} requested
668 * (for example, <code>MessageDigest</code>)
669 * @param algorithm the case insensitive algorithm name (or alternate
670 * alias) of the service requested (for example, <code>SHA-1</code>)
671 *
672 * @return the service describing this Provider's matching service
673 * or null if no such service exists
674 *
675 * @throws NullPointerException if type or algorithm is null
676 *
677 * @since 1.5
678 */
679 public synchronized Service getService(String type, String algorithm) {
680 checkInitialized();
681 // avoid allocating a new key object if possible
682 ServiceKey key = previousKey;
683 if (key.matches(type, algorithm) == false) {
684 key = new ServiceKey(type, algorithm, false);
685 previousKey = key;
686 }
687 if (serviceMap != null) {
688 Service service = serviceMap.get(key);
689 if (service != null) {
690 return service;
691 }
692 }
693 ensureLegacyParsed();
694 return (legacyMap != null) ? legacyMap.get(key) : null;
695 }
696
697 // ServiceKey from previous getService() call
698 // by re-using it if possible we avoid allocating a new object
699 // and the toUpperCase() call.
700 // re-use will occur e.g. as the framework traverses the provider
701 // list and queries each provider with the same values until it finds
702 // a matching service
703 private static volatile ServiceKey previousKey =
704 new ServiceKey("", "", false);
705
706 /**
707 * Get an unmodifiable Set of all services supported by
708 * this Provider.
709 *
710 * @return an unmodifiable Set of all services supported by
711 * this Provider
712 *
713 * @since 1.5
714 */
715 public synchronized Set<Service> getServices() {
716 checkInitialized();
717 if (legacyChanged || servicesChanged) {
718 serviceSet = null;
719 }
720 if (serviceSet == null) {
721 ensureLegacyParsed();
722 Set<Service> set = new LinkedHashSet<>();
723 if (serviceMap != null) {
724 set.addAll(serviceMap.values());
725 }
726 if (legacyMap != null) {
727 set.addAll(legacyMap.values());
728 }
729 serviceSet = Collections.unmodifiableSet(set);
730 servicesChanged = false;
731 }
732 return serviceSet;
733 }
734
735 /**
736 * Add a service. If a service of the same type with the same algorithm
737 * name exists and it was added using {@link #putService putService()},
738 * it is replaced by the new service.
739 * This method also places information about this service
740 * in the provider's Hashtable values in the format described in the
741 * <a href="../../../technotes/guides/security/crypto/CryptoSpec.html">
742 * Java Cryptography Architecture API Specification & Reference </a>.
743 *
744 * <p>Also, if there is a security manager, its
745 * <code>checkSecurityAccess</code> method is called with the string
746 * <code>"putProviderProperty."+name</code>, where <code>name</code> is
747 * the provider name, to see if it's ok to set this provider's property
748 * values. If the default implementation of <code>checkSecurityAccess</code>
749 * is used (that is, that method is not overriden), then this results in
750 * a call to the security manager's <code>checkPermission</code> method with
751 * a <code>SecurityPermission("putProviderProperty."+name)</code>
752 * permission.
753 *
754 * @param s the Service to add
755 *
756 * @throws SecurityException
757 * if a security manager exists and its <code>{@link
758 * java.lang.SecurityManager#checkSecurityAccess}</code> method denies
759 * access to set property values.
760 * @throws NullPointerException if s is null
761 *
762 * @since 1.5
763 */
764 protected synchronized void putService(Service s) {
765 check("putProviderProperty." + name);
766 if (debug != null) {
767 debug.println(name + ".putService(): " + s);
768 }
769 if (s == null) {
770 throw new NullPointerException();
771 }
772 if (s.getProvider() != this) {
773 throw new IllegalArgumentException
774 ("service.getProvider() must match this Provider object");
775 }
776 if (serviceMap == null) {
777 serviceMap = new LinkedHashMap<ServiceKey,Service>();
778 }
779 servicesChanged = true;
780 String type = s.getType();
781 String algorithm = s.getAlgorithm();
782 ServiceKey key = new ServiceKey(type, algorithm, true);
783 // remove existing service
784 implRemoveService(serviceMap.get(key));
785 serviceMap.put(key, s);
786 for (String alias : s.getAliases()) {
787 serviceMap.put(new ServiceKey(type, alias, true), s);
788 }
789 putPropertyStrings(s);
790 }
791
792 /**
793 * Put the string properties for this Service in this Provider's
794 * Hashtable.
795 */
796 private void putPropertyStrings(Service s) {
797 String type = s.getType();
798 String algorithm = s.getAlgorithm();
799 // use super() to avoid permission check and other processing
800 super.put(type + "." + algorithm, s.getClassName());
801 for (String alias : s.getAliases()) {
802 super.put(ALIAS_PREFIX + type + "." + alias, algorithm);
803 }
804 for (Map.Entry<UString,String> entry : s.attributes.entrySet()) {
805 String key = type + "." + algorithm + " " + entry.getKey();
806 super.put(key, entry.getValue());
807 }
808 }
809
810 /**
811 * Remove the string properties for this Service from this Provider's
812 * Hashtable.
813 */
814 private void removePropertyStrings(Service s) {
815 String type = s.getType();
816 String algorithm = s.getAlgorithm();
817 // use super() to avoid permission check and other processing
818 super.remove(type + "." + algorithm);
819 for (String alias : s.getAliases()) {
820 super.remove(ALIAS_PREFIX + type + "." + alias);
821 }
822 for (Map.Entry<UString,String> entry : s.attributes.entrySet()) {
823 String key = type + "." + algorithm + " " + entry.getKey();
824 super.remove(key);
825 }
826 }
827
828 /**
829 * Remove a service previously added using
830 * {@link #putService putService()}. The specified service is removed from
831 * this provider. It will no longer be returned by
832 * {@link #getService getService()} and its information will be removed
833 * from this provider's Hashtable.
834 *
835 * <p>Also, if there is a security manager, its
836 * <code>checkSecurityAccess</code> method is called with the string
837 * <code>"removeProviderProperty."+name</code>, where <code>name</code> is
838 * the provider name, to see if it's ok to remove this provider's
839 * properties. If the default implementation of
840 * <code>checkSecurityAccess</code> is used (that is, that method is not
841 * overriden), then this results in a call to the security manager's
842 * <code>checkPermission</code> method with a
843 * <code>SecurityPermission("removeProviderProperty."+name)</code>
844 * permission.
845 *
846 * @param s the Service to be removed
847 *
848 * @throws SecurityException
849 * if a security manager exists and its <code>{@link
850 * java.lang.SecurityManager#checkSecurityAccess}</code> method denies
851 * access to remove this provider's properties.
852 * @throws NullPointerException if s is null
853 *
854 * @since 1.5
855 */
856 protected synchronized void removeService(Service s) {
857 check("removeProviderProperty." + name);
858 if (debug != null) {
859 debug.println(name + ".removeService(): " + s);
860 }
861 if (s == null) {
862 throw new NullPointerException();
863 }
864 implRemoveService(s);
865 }
866
867 private void implRemoveService(Service s) {
868 if ((s == null) || (serviceMap == null)) {
869 return;
870 }
871 String type = s.getType();
872 String algorithm = s.getAlgorithm();
873 ServiceKey key = new ServiceKey(type, algorithm, false);
874 Service oldService = serviceMap.get(key);
875 if (s != oldService) {
876 return;
877 }
878 servicesChanged = true;
879 serviceMap.remove(key);
880 for (String alias : s.getAliases()) {
881 serviceMap.remove(new ServiceKey(type, alias, false));
882 }
883 removePropertyStrings(s);
884 }
885
886 // Wrapped String that behaves in a case insensitive way for equals/hashCode
887 private static class UString {
888 final String string;
889 final String lowerString;
890
891 UString(String s) {
892 this.string = s;
893 this.lowerString = s.toLowerCase(ENGLISH);
894 }
895
896 public int hashCode() {
897 return lowerString.hashCode();
898 }
899
900 public boolean equals(Object obj) {
901 if (this == obj) {
902 return true;
903 }
904 if (obj instanceof UString == false) {
905 return false;
906 }
907 UString other = (UString)obj;
908 return lowerString.equals(other.lowerString);
909 }
910
911 public String toString() {
912 return string;
913 }
914 }
915
916 // describe relevant properties of a type of engine
917 private static class EngineDescription {
918 final String name;
919 final boolean supportsParameter;
920 final String constructorParameterClassName;
921 private volatile Class constructorParameterClass;
922
923 EngineDescription(String name, boolean sp, String paramName) {
924 this.name = name;
925 this.supportsParameter = sp;
926 this.constructorParameterClassName = paramName;
927 }
928 Class getConstructorParameterClass() throws ClassNotFoundException {
929 Class clazz = constructorParameterClass;
930 if (clazz == null) {
931 clazz = Class.forName(constructorParameterClassName);
932 constructorParameterClass = clazz;
933 }
934 return clazz;
935 }
936 }
937
938 // built in knowledge of the engine types shipped as part of the JDK
939 private static final Map<String,EngineDescription> knownEngines;
940
941 private static void addEngine(String name, boolean sp, String paramName) {
942 EngineDescription ed = new EngineDescription(name, sp, paramName);
943 // also index by canonical name to avoid toLowerCase() for some lookups
944 knownEngines.put(name.toLowerCase(ENGLISH), ed);
945 knownEngines.put(name, ed);
946 }
947
948 static {
949 knownEngines = new HashMap<String,EngineDescription>();
950 // JCA
951 addEngine("AlgorithmParameterGenerator", false, null);
952 addEngine("AlgorithmParameters", false, null);
953 addEngine("KeyFactory", false, null);
954 addEngine("KeyPairGenerator", false, null);
955 addEngine("KeyStore", false, null);
956 addEngine("MessageDigest", false, null);
957 addEngine("SecureRandom", false, null);
958 addEngine("Signature", true, null);
959 addEngine("CertificateFactory", false, null);
960 addEngine("CertPathBuilder", false, null);
961 addEngine("CertPathValidator", false, null);
962 addEngine("CertStore", false,
963 "java.security.cert.CertStoreParameters");
964 // JCE
965 addEngine("Cipher", true, null);
966 addEngine("ExemptionMechanism", false, null);
967 addEngine("Mac", true, null);
968 addEngine("KeyAgreement", true, null);
969 addEngine("KeyGenerator", false, null);
970 addEngine("SecretKeyFactory", false, null);
971 // JSSE
972 addEngine("KeyManagerFactory", false, null);
973 addEngine("SSLContext", false, null);
974 addEngine("TrustManagerFactory", false, null);
975 // JGSS
976 addEngine("GssApiMechanism", false, null);
977 // SASL
978 addEngine("SaslClientFactory", false, null);
979 addEngine("SaslServerFactory", false, null);
980 // POLICY
981 addEngine("Policy", false,
982 "java.security.Policy$Parameters");
983 // CONFIGURATION
984 addEngine("Configuration", false,
985 "javax.security.auth.login.Configuration$Parameters");
986 // XML DSig
987 addEngine("XMLSignatureFactory", false, null);
988 addEngine("KeyInfoFactory", false, null);
989 addEngine("TransformService", false, null);
990 // Smart Card I/O
991 addEngine("TerminalFactory", false,
992 "java.lang.Object");
993 }
994
995 // get the "standard" (mixed-case) engine name for arbitary case engine name
996 // if there is no known engine by that name, return s
997 private static String getEngineName(String s) {
998 // try original case first, usually correct
999 EngineDescription e = knownEngines.get(s);
1000 if (e == null) {
1001 e = knownEngines.get(s.toLowerCase(ENGLISH));
1002 }
1003 return (e == null) ? s : e.name;
1004 }
1005
1006 /**
1007 * The description of a security service. It encapsulates the properties
1008 * of a service and contains a factory method to obtain new implementation
1009 * instances of this service.
1010 *
1011 * <p>Each service has a provider that offers the service, a type,
1012 * an algorithm name, and the name of the class that implements the
1013 * service. Optionally, it also includes a list of alternate algorithm
1014 * names for this service (aliases) and attributes, which are a map of
1015 * (name, value) String pairs.
1016 *
1017 * <p>This class defines the methods {@link #supportsParameter
1018 * supportsParameter()} and {@link #newInstance newInstance()}
1019 * which are used by the Java security framework when it searches for
1020 * suitable services and instantes them. The valid arguments to those
1021 * methods depend on the type of service. For the service types defined
1022 * within Java SE, see the
1023 * <a href="../../../technotes/guides/security/crypto/CryptoSpec.html">
1024 * Java Cryptography Architecture API Specification & Reference </a>
1025 * for the valid values.
1026 * Note that components outside of Java SE can define additional types of
1027 * services and their behavior.
1028 *
1029 * <p>Instances of this class are immutable.
1030 *
1031 * @since 1.5
1032 */
1033 public static class Service {
1034
1035 private String type, algorithm, className;
1036 private final Provider provider;
1037 private List<String> aliases;
1038 private Map<UString,String> attributes;
1039
1040 // Reference to the cached implementation Class object
1041 private volatile Reference<Class> classRef;
1042
1043 // flag indicating whether this service has its attributes for
1044 // supportedKeyFormats or supportedKeyClasses set
1045 // if null, the values have not been initialized
1046 // if TRUE, at least one of supportedFormats/Classes is non null
1047 private volatile Boolean hasKeyAttributes;
1048
1049 // supported encoding formats
1050 private String[] supportedFormats;
1051
1052 // names of the supported key (super) classes
1053 private Class[] supportedClasses;
1054
1055 // whether this service has been registered with the Provider
1056 private boolean registered;
1057
1058 private static final Class[] CLASS0 = new Class[0];
1059
1060 // this constructor and these methods are used for parsing
1061 // the legacy string properties.
1062
1063 private Service(Provider provider) {
1064 this.provider = provider;
1065 aliases = Collections.<String>emptyList();
1066 attributes = Collections.<UString,String>emptyMap();
1067 }
1068
1069 private boolean isValid() {
1070 return (type != null) && (algorithm != null) && (className != null);
1071 }
1072
1073 private void addAlias(String alias) {
1074 if (aliases.isEmpty()) {
1075 aliases = new ArrayList<String>(2);
1076 }
1077 aliases.add(alias);
1078 }
1079
1080 void addAttribute(String type, String value) {
1081 if (attributes.isEmpty()) {
1082 attributes = new HashMap<UString,String>(8);
1083 }
1084 attributes.put(new UString(type), value);
1085 }
1086
1087 /**
1088 * Construct a new service.
1089 *
1090 * @param provider the provider that offers this service
1091 * @param type the type of this service
1092 * @param algorithm the algorithm name
1093 * @param className the name of the class implementing this service
1094 * @param aliases List of aliases or null if algorithm has no aliases
1095 * @param attributes Map of attributes or null if this implementation
1096 * has no attributes
1097 *
1098 * @throws NullPointerException if provider, type, algorithm, or
1099 * className is null
1100 */
1101 public Service(Provider provider, String type, String algorithm,
1102 String className, List<String> aliases,
1103 Map<String,String> attributes) {
1104 if ((provider == null) || (type == null) ||
1105 (algorithm == null) || (className == null)) {
1106 throw new NullPointerException();
1107 }
1108 this.provider = provider;
1109 this.type = getEngineName(type);
1110 this.algorithm = algorithm;
1111 this.className = className;
1112 if (aliases == null) {
1113 this.aliases = Collections.<String>emptyList();
1114 } else {
1115 this.aliases = new ArrayList<String>(aliases);
1116 }
1117 if (attributes == null) {
1118 this.attributes = Collections.<UString,String>emptyMap();
1119 } else {
1120 this.attributes = new HashMap<UString,String>();
1121 for (Map.Entry<String,String> entry : attributes.entrySet()) {
1122 this.attributes.put(new UString(entry.getKey()), entry.getValue());
1123 }
1124 }
1125 }
1126
1127 /**
1128 * Get the type of this service. For example, <code>MessageDigest</code>.
1129 *
1130 * @return the type of this service
1131 */
1132 public final String getType() {
1133 return type;
1134 }
1135
1136 /**
1137 * Return the name of the algorithm of this service. For example,
1138 * <code>SHA-1</code>.
1139 *
1140 * @return the algorithm of this service
1141 */
1142 public final String getAlgorithm() {
1143 return algorithm;
1144 }
1145
1146 /**
1147 * Return the Provider of this service.
1148 *
1149 * @return the Provider of this service
1150 */
1151 public final Provider getProvider() {
1152 return provider;
1153 }
1154
1155 /**
1156 * Return the name of the class implementing this service.
1157 *
1158 * @return the name of the class implementing this service
1159 */
1160 public final String getClassName() {
1161 return className;
1162 }
1163
1164 // internal only
1165 private final List<String> getAliases() {
1166 return aliases;
1167 }
1168
1169 /**
1170 * Return the value of the specified attribute or null if this
1171 * attribute is not set for this Service.
1172 *
1173 * @param name the name of the requested attribute
1174 *
1175 * @return the value of the specified attribute or null if the
1176 * attribute is not present
1177 *
1178 * @throws NullPointerException if name is null
1179 */
1180 public final String getAttribute(String name) {
1181 if (name == null) {
1182 throw new NullPointerException();
1183 }
1184 return attributes.get(new UString(name));
1185 }
1186
1187 /**
1188 * Return a new instance of the implementation described by this
1189 * service. The security provider framework uses this method to
1190 * construct implementations. Applications will typically not need
1191 * to call it.
1192 *
1193 * <p>The default implementation uses reflection to invoke the
1194 * standard constructor for this type of service.
1195 * Security providers can override this method to implement
1196 * instantiation in a different way.
1197 * For details and the values of constructorParameter that are
1198 * valid for the various types of services see the
1199 * <a href="../../../technotes/guides/security/crypto/CryptoSpec.html">
1200 * Java Cryptography Architecture API Specification &
1201 * Reference</a>.
1202 *
1203 * @param constructorParameter the value to pass to the constructor,
1204 * or null if this type of service does not use a constructorParameter.
1205 *
1206 * @return a new implementation of this service
1207 *
1208 * @throws InvalidParameterException if the value of
1209 * constructorParameter is invalid for this type of service.
1210 * @throws NoSuchAlgorithmException if instantation failed for
1211 * any other reason.
1212 */
1213 public Object newInstance(Object constructorParameter)
1214 throws NoSuchAlgorithmException {
1215 if (registered == false) {
1216 if (provider.getService(type, algorithm) != this) {
1217 throw new NoSuchAlgorithmException
1218 ("Service not registered with Provider "
1219 + provider.getName() + ": " + this);
1220 }
1221 registered = true;
1222 }
1223 try {
1224 EngineDescription cap = knownEngines.get(type);
1225 if (cap == null) {
1226 // unknown engine type, use generic code
1227 // this is the code path future for non-core
1228 // optional packages
1229 return newInstanceGeneric(constructorParameter);
1230 }
1231 if (cap.constructorParameterClassName == null) {
1232 if (constructorParameter != null) {
1233 throw new InvalidParameterException
1234 ("constructorParameter not used with " + type
1235 + " engines");
1236 }
1237 Class clazz = getImplClass();
1238 return clazz.newInstance();
1239 } else {
1240 Class paramClass = cap.getConstructorParameterClass();
1241 if (constructorParameter != null) {
1242 Class argClass = constructorParameter.getClass();
1243 if (paramClass.isAssignableFrom(argClass) == false) {
1244 throw new InvalidParameterException
1245 ("constructorParameter must be instanceof "
1246 + cap.constructorParameterClassName.replace('$', '.')
1247 + " for engine type " + type);
1248 }
1249 }
1250 Class clazz = getImplClass();
1251 Constructor cons = clazz.getConstructor(paramClass);
1252 return cons.newInstance(constructorParameter);
1253 }
1254 } catch (NoSuchAlgorithmException e) {
1255 throw e;
1256 } catch (InvocationTargetException e) {
1257 throw new NoSuchAlgorithmException
1258 ("Error constructing implementation (algorithm: "
1259 + algorithm + ", provider: " + provider.getName()
1260 + ", class: " + className + ")", e.getCause());
1261 } catch (Exception e) {
1262 throw new NoSuchAlgorithmException
1263 ("Error constructing implementation (algorithm: "
1264 + algorithm + ", provider: " + provider.getName()
1265 + ", class: " + className + ")", e);
1266 }
1267 }
1268
1269 // return the implementation Class object for this service
1270 private Class getImplClass() throws NoSuchAlgorithmException {
1271 try {
1272 Reference<Class> ref = classRef;
1273 Class clazz = (ref == null) ? null : ref.get();
1274 if (clazz == null) {
1275 ClassLoader cl = provider.getClass().getClassLoader();
1276 if (cl == null) {
1277 clazz = Class.forName(className);
1278 } else {
1279 clazz = cl.loadClass(className);
1280 }
1281 classRef = new WeakReference<Class>(clazz);
1282 }
1283 return clazz;
1284 } catch (ClassNotFoundException e) {
1285 throw new NoSuchAlgorithmException
1286 ("class configured for " + type + "(provider: " +
1287 provider.getName() + ")" + "cannot be found.", e);
1288 }
1289 }
1290
1291 /**
1292 * Generic code path for unknown engine types. Call the
1293 * no-args constructor if constructorParameter is null, otherwise
1294 * use the first matching constructor.
1295 */
1296 private Object newInstanceGeneric(Object constructorParameter)
1297 throws Exception {
1298 Class clazz = getImplClass();
1299 if (constructorParameter == null) {
1300 Object o = clazz.newInstance();
1301 return o;
1302 }
1303 Class argClass = constructorParameter.getClass();
1304 Constructor[] cons = clazz.getConstructors();
1305 // find first public constructor that can take the
1306 // argument as parameter
1307 for (int i = 0; i < cons.length; i++) {
1308 Constructor con = cons[i];
1309 Class[] paramTypes = con.getParameterTypes();
1310 if (paramTypes.length != 1) {
1311 continue;
1312 }
1313 if (paramTypes[0].isAssignableFrom(argClass) == false) {
1314 continue;
1315 }
1316 Object o = con.newInstance(new Object[] {constructorParameter});
1317 return o;
1318 }
1319 throw new NoSuchAlgorithmException("No constructor matching "
1320 + argClass.getName() + " found in class " + className);
1321 }
1322
1323 /**
1324 * Test whether this Service can use the specified parameter.
1325 * Returns false if this service cannot use the parameter. Returns
1326 * true if this service can use the parameter, if a fast test is
1327 * infeasible, or if the status is unknown.
1328 *
1329 * <p>The security provider framework uses this method with
1330 * some types of services to quickly exclude non-matching
1331 * implementations for consideration.
1332 * Applications will typically not need to call it.
1333 *
1334 * <p>For details and the values of parameter that are valid for the
1335 * various types of services see the top of this class and the
1336 * <a href="../../../technotes/guides/security/crypto/CryptoSpec.html">
1337 * Java Cryptography Architecture API Specification &
1338 * Reference</a>.
1339 * Security providers can override it to implement their own test.
1340 *
1341 * @param parameter the parameter to test
1342 *
1343 * @return false if this this service cannot use the specified
1344 * parameter; true if it can possibly use the parameter
1345 *
1346 * @throws InvalidParameterException if the value of parameter is
1347 * invalid for this type of service or if this method cannot be
1348 * used with this type of service
1349 */
1350 public boolean supportsParameter(Object parameter) {
1351 EngineDescription cap = knownEngines.get(type);
1352 if (cap == null) {
1353 // unknown engine type, return true by default
1354 return true;
1355 }
1356 if (cap.supportsParameter == false) {
1357 throw new InvalidParameterException("supportsParameter() not "
1358 + "used with " + type + " engines");
1359 }
1360 // allow null for keys without attributes for compatibility
1361 if ((parameter != null) && (parameter instanceof Key == false)) {
1362 throw new InvalidParameterException
1363 ("Parameter must be instanceof Key for engine " + type);
1364 }
1365 if (hasKeyAttributes() == false) {
1366 return true;
1367 }
1368 if (parameter == null) {
1369 return false;
1370 }
1371 Key key = (Key)parameter;
1372 if (supportsKeyFormat(key)) {
1373 return true;
1374 }
1375 if (supportsKeyClass(key)) {
1376 return true;
1377 }
1378 return false;
1379 }
1380
1381 /**
1382 * Return whether this service has its Supported* properties for
1383 * keys defined. Parses the attributes if not yet initialized.
1384 */
1385 private boolean hasKeyAttributes() {
1386 Boolean b = hasKeyAttributes;
1387 if (b == null) {
1388 synchronized (this) {
1389 String s;
1390 s = getAttribute("SupportedKeyFormats");
1391 if (s != null) {
1392 supportedFormats = s.split("\\|");
1393 }
1394 s = getAttribute("SupportedKeyClasses");
1395 if (s != null) {
1396 String[] classNames = s.split("\\|");
1397 List<Class> classList =
1398 new ArrayList<>(classNames.length);
1399 for (String className : classNames) {
1400 Class clazz = getKeyClass(className);
1401 if (clazz != null) {
1402 classList.add(clazz);
1403 }
1404 }
1405 supportedClasses = classList.toArray(CLASS0);
1406 }
1407 boolean bool = (supportedFormats != null)
1408 || (supportedClasses != null);
1409 b = Boolean.valueOf(bool);
1410 hasKeyAttributes = b;
1411 }
1412 }
1413 return b.booleanValue();
1414 }
1415
1416 // get the key class object of the specified name
1417 private Class getKeyClass(String name) {
1418 try {
1419 return Class.forName(name);
1420 } catch (ClassNotFoundException e) {
1421 // ignore
1422 }
1423 try {
1424 ClassLoader cl = provider.getClass().getClassLoader();
1425 if (cl != null) {
1426 return cl.loadClass(name);
1427 }
1428 } catch (ClassNotFoundException e) {
1429 // ignore
1430 }
1431 return null;
1432 }
1433
1434 private boolean supportsKeyFormat(Key key) {
1435 if (supportedFormats == null) {
1436 return false;
1437 }
1438 String format = key.getFormat();
1439 if (format == null) {
1440 return false;
1441 }
1442 for (String supportedFormat : supportedFormats) {
1443 if (supportedFormat.equals(format)) {
1444 return true;
1445 }
1446 }
1447 return false;
1448 }
1449
1450 private boolean supportsKeyClass(Key key) {
1451 if (supportedClasses == null) {
1452 return false;
1453 }
1454 Class keyClass = key.getClass();
1455 for (Class clazz : supportedClasses) {
1456 if (clazz.isAssignableFrom(keyClass)) {
1457 return true;
1458 }
1459 }
1460 return false;
1461 }
1462
1463 /**
1464 * Return a String representation of this service.
1465 *
1466 * @return a String representation of this service.
1467 */
1468 public String toString() {
1469 String aString = aliases.isEmpty()
1470 ? "" : "\r\n aliases: " + aliases.toString();
1471 String attrs = attributes.isEmpty()
1472 ? "" : "\r\n attributes: " + attributes.toString();
1473 return provider.getName() + ": " + type + "." + algorithm
1474 + " -> " + className + aString + attrs + "\r\n";
1475 }
1476
1477 }
1478
1479 }