--- old/src/java.base/share/classes/java/security/Provider.java Mon Jun 8 21:35:03 2015
+++ new/src/java.base/share/classes/java/security/Provider.java Mon Jun 8 21:35:03 2015
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -49,7 +49,10 @@
*
*
*
Each provider has a name and a version number, and is configured
- * in each runtime it is installed in.
+ * in each runtime it is installed in. A provider normally identifies itself
+ * with a file named java.security.Provider in the resource directory
+ * META-INF/services. The file should contain a list of fully-qualified provider
+ * class names, one per line.
*
*
See The Provider Class
@@ -121,6 +124,18 @@
private transient boolean initialized;
+ private static Object newInstanceUtil(final Class> clazz,
+ final Class> ctrParamClz, final Object ctorParamObj)
+ throws Exception {
+ if (ctrParamClz == null) {
+ Constructor> con = clazz.getConstructor();
+ return con.newInstance();
+ } else {
+ Constructor> con = clazz.getConstructor(ctrParamClz);
+ return con.newInstance(ctorParamObj);
+ }
+ }
+
/**
* Constructs a provider with the specified name, version number,
* and information.
@@ -140,6 +155,34 @@
}
/**
+ * Apply the supplied configuration argument to this provider instance
+ * and return the configured provider. Note that if this provider cannot
+ * be configured in-place, a new provider will be created and returned.
+ * Therefore, callers should always use the returned provider.
+ *
+ * @implSpec
+ * The default implementation throws {@code UnsupportedOperationException}.
+ * Subclasses should override this method only if a configuration argument
+ * is supported.
+ *
+ * @param configArg the configuration information for configuring this
+ * provider.
+ *
+ * @throws UnsupportedOperationException if a configuration argument is
+ * not supported.
+ * @throws NullPointerException if the supplied configuration argument is
+ null.
+ * @throws InvalidParameterException if the supplied configuration argument
+ * is invalid.
+ * @return a provider configured with the supplied configuration argument.
+ *
+ * @since 1.9
+ */
+ public Provider configure(String configArg) {
+ throw new UnsupportedOperationException("configure is not supported");
+ }
+
+ /**
* Returns the name of this provider.
*
* @return the name of this provider.
@@ -212,8 +255,8 @@
/**
* Reads a property list (key and element pairs) from the input stream.
*
- * @param inStream the input stream.
- * @exception IOException if an error occurred when reading from the
+ * @param inStream the input stream.
+ * @exception IOException if an error occurred when reading from the
* input stream.
* @see java.util.Properties#load
*/
@@ -1579,6 +1622,7 @@
}
registered = true;
}
+ Class> ctrParamClz;
try {
EngineDescription cap = knownEngines.get(type);
if (cap == null) {
@@ -1585,33 +1629,28 @@
// unknown engine type, use generic code
// this is the code path future for non-core
// optional packages
- return newInstanceGeneric(constructorParameter);
- }
- if (cap.constructorParameterClassName == null) {
- if (constructorParameter != null) {
- throw new InvalidParameterException
- ("constructorParameter not used with " + type
- + " engines");
- }
- Class> clazz = getImplClass();
- Class>[] empty = {};
- Constructor> con = clazz.getConstructor(empty);
- return con.newInstance();
+ ctrParamClz = constructorParameter == null?
+ null : constructorParameter.getClass();
} else {
- Class> paramClass = cap.getConstructorParameterClass();
+ ctrParamClz = cap.constructorParameterClassName == null?
+ null : Class.forName(cap.constructorParameterClassName);
if (constructorParameter != null) {
- Class> argClass = constructorParameter.getClass();
- if (paramClass.isAssignableFrom(argClass) == false) {
+ if (ctrParamClz == null) {
throw new InvalidParameterException
- ("constructorParameter must be instanceof "
- + cap.constructorParameterClassName.replace('$', '.')
- + " for engine type " + type);
+ ("constructorParameter not used with " + type
+ + " engines");
+ } else {
+ Class> argClass = constructorParameter.getClass();
+ if (ctrParamClz.isAssignableFrom(argClass) == false) {
+ throw new InvalidParameterException
+ ("constructorParameter must be instanceof "
+ + cap.constructorParameterClassName.replace('$', '.')
+ + " for engine type " + type);
+ }
}
}
- Class> clazz = getImplClass();
- Constructor> cons = clazz.getConstructor(paramClass);
- return cons.newInstance(constructorParameter);
}
+ return newInstanceUtil(getImplClass(), ctrParamClz, constructorParameter);
} catch (NoSuchAlgorithmException e) {
throw e;
} catch (InvocationTargetException e) {
@@ -1654,43 +1693,6 @@
}
}
- /**
- * Generic code path for unknown engine types. Call the
- * no-args constructor if constructorParameter is null, otherwise
- * use the first matching constructor.
- */
- private Object newInstanceGeneric(Object constructorParameter)
- throws Exception {
- Class> clazz = getImplClass();
- if (constructorParameter == null) {
- // create instance with public no-arg constructor if it exists
- try {
- Class>[] empty = {};
- Constructor> con = clazz.getConstructor(empty);
- return con.newInstance();
- } catch (NoSuchMethodException e) {
- throw new NoSuchAlgorithmException("No public no-arg "
- + "constructor found in class " + className);
- }
- }
- Class> argClass = constructorParameter.getClass();
- Constructor>[] cons = clazz.getConstructors();
- // find first public constructor that can take the
- // argument as parameter
- for (Constructor> con : cons) {
- Class>[] paramTypes = con.getParameterTypes();
- if (paramTypes.length != 1) {
- continue;
- }
- if (paramTypes[0].isAssignableFrom(argClass) == false) {
- continue;
- }
- return con.newInstance(constructorParameter);
- }
- throw new NoSuchAlgorithmException("No public constructor matching "
- + argClass.getName() + " found in class " + className);
- }
-
/**
* Test whether this Service can use the specified parameter.
* Returns false if this service cannot use the parameter. Returns
--- old/src/java.base/share/classes/java/security/Security.java Mon Jun 8 21:35:04 2015
+++ new/src/java.base/share/classes/java/security/Security.java Mon Jun 8 21:35:04 2015
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -41,7 +41,7 @@
*
*
The default values of security properties are read from an
* implementation-specific location, which is typically the properties file
- * {@code lib/security/java.security} in the Java installation directory.
+ * {@code conf/security/java.security} in the Java installation directory.
*
* @author Benjamin Renaud
*/
--- old/src/java.base/share/classes/sun/security/jca/ProviderConfig.java Mon Jun 8 21:35:05 2015
+++ new/src/java.base/share/classes/sun/security/jca/ProviderConfig.java Mon Jun 8 21:35:04 2015
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
import java.io.File;
import java.lang.reflect.*;
+import java.util.*;
import java.security.*;
@@ -33,8 +34,8 @@
import sun.security.util.PropertyExpander;
/**
- * Class representing a configured provider. Encapsulates configuration
- * (className plus optional argument), the provider loading logic, and
+ * Class representing a configured provider which encapsulates configuration
+ * (provider name + optional argument), the provider loading logic, and
* the loaded Provider object itself.
*
* @author Andreas Sterbenz
@@ -45,9 +46,8 @@
private final static sun.security.util.Debug debug =
sun.security.util.Debug.getInstance("jca", "ProviderConfig");
- // classname of the SunPKCS11-Solaris provider
- private static final String P11_SOL_NAME =
- "sun.security.pkcs11.SunPKCS11";
+ // suffix for identifying the SunPKCS11-Solaris provider
+ private static final String P11_SOL_NAME = "SunPKCS11";
// config file argument of the SunPKCS11-Solaris provider
private static final String P11_SOL_ARG =
@@ -56,15 +56,10 @@
// maximum number of times to try loading a provider before giving up
private final static int MAX_LOAD_TRIES = 30;
- // parameters for the Provider(String) constructor,
- // use by doLoadProvider()
- private final static Class>[] CL_STRING = { String.class };
+ // could be provider name (module) or provider class name (legacy)
+ private final String provName;
- // name of the provider class
- private final String className;
-
- // argument to the provider constructor,
- // empty string indicates no-arg constructor
+ // argument to the Provider.configure() call, never null
private final String argument;
// number of times we have already tried to load this provider
@@ -77,20 +72,20 @@
// used to detect recursion
private boolean isLoading;
- ProviderConfig(String className, String argument) {
- if (className.equals(P11_SOL_NAME) && argument.equals(P11_SOL_ARG)) {
+ ProviderConfig(String provName, String argument) {
+ if (provName.endsWith(P11_SOL_NAME) && argument.equals(P11_SOL_ARG)) {
checkSunPKCS11Solaris();
}
- this.className = className;
+ this.provName = provName;
this.argument = expand(argument);
}
- ProviderConfig(String className) {
- this(className, "");
+ ProviderConfig(String provName) {
+ this(provName, "");
}
ProviderConfig(Provider provider) {
- this.className = provider.getClass().getName();
+ this.provName = provider.getName();
this.argument = "";
this.provider = provider;
}
@@ -144,19 +139,20 @@
return false;
}
ProviderConfig other = (ProviderConfig)obj;
- return this.className.equals(other.className)
+ return this.provName.equals(other.provName)
&& this.argument.equals(other.argument);
+
}
public int hashCode() {
- return className.hashCode() + argument.hashCode();
+ return provName.hashCode() + argument.hashCode();
}
public String toString() {
if (hasArgument()) {
- return className + "('" + argument + "')";
+ return provName + "('" + argument + "')";
} else {
- return className;
+ return provName;
}
}
@@ -172,22 +168,34 @@
if (shouldLoad() == false) {
return null;
}
- if (isLoading) {
- // because this method is synchronized, this can only
- // happen if there is recursion.
- if (debug != null) {
- debug.println("Recursion loading provider: " + this);
- new Exception("Call trace").printStackTrace();
+
+ // Create providers which are in java.base directly
+ if (provName.equals("SUN")) {
+ p = new sun.security.provider.Sun();
+ } else if (provName.equals("SunRsaSign")) {
+ p = new sun.security.rsa.SunRsaSign();
+ } else if (provName.equals("SunJCE")) {
+ p = new com.sun.crypto.provider.SunJCE();
+ } else if (provName.equals("SunJSSE")) {
+ p = new com.sun.net.ssl.internal.ssl.Provider();
+ } else {
+ if (isLoading) {
+ // because this method is synchronized, this can only
+ // happen if there is recursion.
+ if (debug != null) {
+ debug.println("Recursion loading provider: " + this);
+ new Exception("Call trace").printStackTrace();
+ }
+ return null;
}
- return null;
+ try {
+ isLoading = true;
+ tries++;
+ p = doLoadProvider();
+ } finally {
+ isLoading = false;
+ }
}
- try {
- isLoading = true;
- tries++;
- p = doLoadProvider();
- } finally {
- isLoading = false;
- }
provider = p;
return p;
}
@@ -206,55 +214,39 @@
return AccessController.doPrivileged(new PrivilegedAction() {
public Provider run() {
if (debug != null) {
- debug.println("Loading provider: " + ProviderConfig.this);
+ debug.println("Loading provider " + ProviderConfig.this);
}
+ ProviderLoader pl = new ProviderLoader();
try {
- ClassLoader cl = ClassLoader.getSystemClassLoader();
- Class> provClass;
- if (cl != null) {
- provClass = cl.loadClass(className);
- } else {
- provClass = Class.forName(className);
- }
- Object obj;
- if (hasArgument() == false) {
- obj = provClass.newInstance();
- } else {
- Constructor> cons = provClass.getConstructor(CL_STRING);
- obj = cons.newInstance(argument);
- }
- if (obj instanceof Provider) {
+ Provider p = pl.load(provName);
+ if (p != null) {
+ if (hasArgument()) {
+ p = p.configure(argument);
+ }
if (debug != null) {
- debug.println("Loaded provider " + obj);
+ debug.println("Loaded provider " + p.getName());
}
- return (Provider)obj;
} else {
if (debug != null) {
- debug.println(className + " is not a provider");
+ debug.println("Error loading provider " +
+ ProviderConfig.this);
}
disableLoad();
- return null;
}
+ return p;
} catch (Exception e) {
- Throwable t;
- if (e instanceof InvocationTargetException) {
- t = ((InvocationTargetException)e).getCause();
+ if (e instanceof ProviderException) {
+ // pass up
+ throw e;
} else {
- t = e;
- }
- if (debug != null) {
- debug.println("Error loading provider " + ProviderConfig.this);
- t.printStackTrace();
- }
- // provider indicates fatal error, pass through exception
- if (t instanceof ProviderException) {
- throw (ProviderException)t;
- }
- // provider indicates that loading should not be retried
- if (t instanceof UnsupportedOperationException) {
+ if (debug != null) {
+ debug.println("Error loading provider " +
+ ProviderConfig.this);
+ e.printStackTrace();
+ }
disableLoad();
+ return null;
}
- return null;
} catch (ExceptionInInitializerError err) {
// no sufficient permission to initialize provider class
if (debug != null) {
@@ -289,4 +281,119 @@
});
}
+ // Inner class for loading security providers listed in java.security file
+ private static final class ProviderLoader {
+ private final ServiceLoader services;
+
+ ProviderLoader() {
+ // VM should already been booted at this point, if not
+ // - Only providers in java.base should be loaded, don't use
+ // ServiceLoader
+ // - ClassLoader.getSystemClassLoader() will throw InternalError
+ services = ServiceLoader.load(java.security.Provider.class,
+ ClassLoader.getSystemClassLoader());
+ }
+
+ /**
+ * Loads the provider with the specified class name.
+ *
+ * @param name the name of the provider
+ * @return the Provider, or null if it cannot be found or loaded
+ * @throws ProviderException all other exceptions are ignored
+ */
+ public Provider load(String pn) {
+ if (debug != null) {
+ debug.println("Attempt to load " + pn + " using SL");
+ }
+ Iterator iter = services.iterator();
+ while (iter.hasNext()) {
+ try {
+ Provider p = iter.next();
+ String pName = p.getName();
+ if (debug != null) {
+ debug.println("Found SL Provider named " + pName);
+ }
+ if (pName.equals(pn)) {
+ return p;
+ }
+ } catch (SecurityException | ServiceConfigurationError |
+ InvalidParameterException ex) {
+ // if provider loading fail due to security permission,
+ // log it and move on to next provider
+ if (debug != null) {
+ debug.println("Encountered " + ex +
+ " while iterating through SL, ignore and move on");
+ ex.printStackTrace();
+ }
+ }
+ }
+ // No success with ServiceLoader. Try loading provider the legacy,
+ // i.e. pre-module, way via reflection
+ try {
+ return legacyLoad(pn);
+ } catch (ProviderException pe) {
+ // pass through
+ throw pe;
+ } catch (Exception ex) {
+ // logged and ignored
+ if (debug != null) {
+ debug.println("Encountered " + ex +
+ " during legacy load of " + pn);
+ ex.printStackTrace();
+ }
+ return null;
+ }
+ }
+
+ private Provider legacyLoad(String classname) {
+
+ if (debug != null) {
+ debug.println("Loading legacy provider: " + classname);
+ }
+
+ try {
+ Class> provClass =
+ ClassLoader.getSystemClassLoader().loadClass(classname);
+
+ // only continue if the specified class extends Provider
+ if (!Provider.class.isAssignableFrom(provClass)) {
+ if (debug != null) {
+ debug.println(classname + " is not a provider");
+ }
+ return null;
+ }
+
+ Provider p = AccessController.doPrivileged
+ (new PrivilegedExceptionAction() {
+ public Provider run() throws Exception {
+ return (Provider) provClass.newInstance();
+ }
+ });
+ return p;
+ } catch (Exception e) {
+ Throwable t;
+ if (e instanceof InvocationTargetException) {
+ t = ((InvocationTargetException)e).getCause();
+ } else {
+ t = e;
+ }
+ if (debug != null) {
+ debug.println("Error loading legacy provider " + classname);
+ t.printStackTrace();
+ }
+ // provider indicates fatal error, pass through exception
+ if (t instanceof ProviderException) {
+ throw (ProviderException) t;
+ }
+ return null;
+ } catch (ExceptionInInitializerError | NoClassDefFoundError err) {
+ // no sufficient permission to access/initialize provider class
+ if (debug != null) {
+ debug.println("Error loading legacy provider " + classname);
+ err.printStackTrace();
+ }
+ return null;
+ }
+ }
+ }
}
--- old/src/java.base/share/classes/sun/security/jca/ProviderList.java Mon Jun 8 21:35:05 2015
+++ new/src/java.base/share/classes/sun/security/jca/ProviderList.java Mon Jun 8 21:35:05 2015
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -178,9 +178,9 @@
if (k == -1) {
config = new ProviderConfig(entry);
} else {
- String className = entry.substring(0, k);
+ String provName = entry.substring(0, k);
String argument = entry.substring(k + 1).trim();
- config = new ProviderConfig(className, argument);
+ config = new ProviderConfig(provName, argument);
}
// Get rid of duplicate providers.
@@ -200,10 +200,10 @@
* bootclasspath and cannot be in signed JAR files. This is to avoid
* possible recursion and deadlock during verification.
*/
- ProviderList getJarList(String[] jarClassNames) {
+ ProviderList getJarList(String[] jarProvNames) {
List newConfigs = new ArrayList<>();
- for (String className : jarClassNames) {
- ProviderConfig newConfig = new ProviderConfig(className);
+ for (String provName : jarProvNames) {
+ ProviderConfig newConfig = new ProviderConfig(provName);
for (ProviderConfig config : configs) {
// if the equivalent object is present in this provider list,
// use the old object rather than the new object.
--- old/src/java.base/share/classes/sun/security/jca/Providers.java Mon Jun 8 21:35:06 2015
+++ new/src/java.base/share/classes/sun/security/jca/Providers.java Mon Jun 8 21:35:05 2015
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -58,9 +58,13 @@
// empty
}
- // we need special handling to resolve circularities when loading
- // signed JAR files during startup. The code below is part of that.
-
+ // After the switch to modules, JDK providers are all in modules and JDK
+ // no longer needs to load signed jars during start up.
+ //
+ // However, for earlier releases, it need special handling to resolve
+ // circularities when loading signed JAR files during startup. The code
+ // below is part of that.
+ //
// Basically, before we load data from a signed JAR file, we parse
// the PKCS#7 file and verify the signature. We need a
// CertificateFactory, Signatures, etc. to do that. We have to make
@@ -75,35 +79,21 @@
// The code here is used by sun.security.util.SignatureFileVerifier.
// See there for details.
- private static final String BACKUP_PROVIDER_CLASSNAME =
- "sun.security.provider.VerificationProvider";
-
- // Hardcoded classnames of providers to use for JAR verification.
+ // Hardcoded names of providers to use for JAR verification.
// MUST NOT be on the bootclasspath and not in signed JAR files.
private static final String[] jarVerificationProviders = {
- "sun.security.provider.Sun",
- "sun.security.rsa.SunRsaSign",
- // Note: SunEC *is* in a signed JAR file, but it's not signed
- // by EC itself. So it's still safe to be listed here.
- "sun.security.ec.SunEC",
- BACKUP_PROVIDER_CLASSNAME,
+ "SUN",
+ "SunRsaSign",
+ // Note: when SunEC is in a signed JAR file, it's not signed
+ // by EC algorithms. So it's still safe to be listed here.
+ "SunEC",
};
- // Return to Sun provider or its backup.
+ // Return Sun provider.
// This method should only be called by
// sun.security.util.ManifestEntryVerifier and java.security.SecureRandom.
public static Provider getSunProvider() {
- try {
- Class> clazz = Class.forName(jarVerificationProviders[0]);
- return (Provider)clazz.newInstance();
- } catch (Exception e) {
- try {
- Class> clazz = Class.forName(BACKUP_PROVIDER_CLASSNAME);
- return (Provider)clazz.newInstance();
- } catch (Exception ee) {
- throw new RuntimeException("Sun provider not found", e);
- }
- }
+ return new sun.security.provider.Sun();
}
/**
@@ -115,6 +105,16 @@
public static Object startJarVerification() {
ProviderList currentList = getProviderList();
ProviderList jarList = currentList.getJarList(jarVerificationProviders);
+ if (jarList.getProvider("SUN") == null) {
+ // add backup provider
+ Provider p;
+ try {
+ p = new sun.security.provider.VerificationProvider();
+ } catch (Exception e) {
+ throw new RuntimeException("Missing provider for jar verification", e);
+ }
+ ProviderList.add(jarList, p);
+ }
// return the old thread-local provider list, usually null
return beginThreadProviderList(jarList);
}
--- old/src/java.base/share/classes/sun/security/tools/keytool/Main.java Mon Jun 8 21:35:06 2015
+++ new/src/java.base/share/classes/sun/security/tools/keytool/Main.java Mon Jun 8 21:35:06 2015
@@ -729,13 +729,7 @@
}
String provArg = provider.snd;
- Object obj;
- if (provArg == null) {
- obj = provClass.newInstance();
- } else {
- Constructor> c = provClass.getConstructor(PARAM_STRING);
- obj = c.newInstance(provArg);
- }
+ Object obj = provClass.newInstance();
if (!(obj instanceof Provider)) {
MessageFormat form = new MessageFormat
(rb.getString("provName.not.a.provider"));
@@ -742,6 +736,9 @@
Object[] source = {provName};
throw new Exception(form.format(source));
}
+ if (provArg != null) {
+ obj = ((Provider) obj).configure(provArg);
+ }
Security.addProvider((Provider)obj);
}
}
--- old/src/java.base/share/conf/security/java.policy Mon Jun 8 21:35:07 2015
+++ new/src/java.base/share/conf/security/java.policy Mon Jun 8 21:35:07 2015
@@ -46,6 +46,7 @@
grant codeBase "jrt:/jdk.crypto.pkcs11" {
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.misc.*";
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
// needs "security.pkcs11.allowSingleThreadedModules"
--- old/src/java.base/share/conf/security/java.security Mon Jun 8 21:35:08 2015
+++ new/src/java.base/share/conf/security/java.security Mon Jun 8 21:35:07 2015
@@ -66,26 +66,31 @@
# List of providers and their preference orders (see above):
#
#ifdef solaris
-security.provider.tbd=com.oracle.security.ucrypto.UcryptoProvider ${java.home}/conf/security/ucrypto-solaris.cfg
-security.provider.tbd=sun.security.pkcs11.SunPKCS11 ${java.home}/conf/security/sunpkcs11-solaris.cfg
+security.provider.tbd=OracleUcrypto
+security.provider.tbd=SunPKCS11 ${java.home}/conf/security/sunpkcs11-solaris.cfg
#endif
-security.provider.tbd=sun.security.provider.Sun
-security.provider.tbd=sun.security.rsa.SunRsaSign
-security.provider.tbd=sun.security.ec.SunEC
-security.provider.tbd=com.sun.net.ssl.internal.ssl.Provider
-security.provider.tbd=com.sun.crypto.provider.SunJCE
-security.provider.tbd=sun.security.jgss.SunProvider
-security.provider.tbd=com.sun.security.sasl.Provider
-security.provider.tbd=org.jcp.xml.dsig.internal.dom.XMLDSigRI
-security.provider.tbd=sun.security.smartcardio.SunPCSC
-security.provider.tbd=sun.security.provider.certpath.ldap.JdkLDAP
+security.provider.tbd=SUN
+security.provider.tbd=SunRsaSign
+security.provider.tbd=SunEC
+security.provider.tbd=SunJSSE
+security.provider.tbd=SunJCE
+security.provider.tbd=SunJGSS
+security.provider.tbd=SunSASL
+security.provider.tbd=XMLDSig
+security.provider.tbd=SunPCSC
+security.provider.tbd=JdkLDAP
+security.provider.tbd=JdkSASL
#ifdef windows
-security.provider.tbd=sun.security.mscapi.SunMSCAPI
+security.provider.tbd=SunMSCAPI
#endif
#ifdef macosx
-security.provider.tbd=apple.security.AppleProvider
+security.provider.tbd=Apple
#endif
+#ifndef solaris
+security.provider.tbd=SunPKCS11
+#endif
+
#
# Sun Provider SecureRandom seed source.
#
--- old/src/java.naming/share/classes/sun/security/provider/certpath/ldap/JdkLDAP.java Mon Jun 8 21:35:09 2015
+++ new/src/java.naming/share/classes/sun/security/provider/certpath/ldap/JdkLDAP.java Mon Jun 8 21:35:08 2015
@@ -27,11 +27,7 @@
import java.util.HashMap;
import java.util.List;
-import java.security.Provider;
-import java.security.NoSuchAlgorithmException;
-import java.security.InvalidParameterException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.ProviderException;
+import java.security.*;
import java.security.cert.CertStoreParameters;
/**
@@ -75,16 +71,22 @@
public JdkLDAP() {
super("JdkLDAP", 1.9d, "JdkLDAP Provider (implements LDAP CertStore)");
- HashMap attrs = new HashMap<>(2);
- attrs.put("LDAPSchema", "RFC2587");
- attrs.put("ImplementedIn", "Software");
+ final Provider p = this;
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Void run() {
+ HashMap attrs = new HashMap<>(2);
+ attrs.put("LDAPSchema", "RFC2587");
+ attrs.put("ImplementedIn", "Software");
- /*
- * CertStore
- * attrs: LDAPSchema, ImplementedIn
- */
- putService(new ProviderService(this, "CertStore",
- "LDAP", "sun.security.provider.certpath.ldap.LDAPCertStore",
- null, attrs));
+ /*
+ * CertStore
+ * attrs: LDAPSchema, ImplementedIn
+ */
+ putService(new ProviderService(p, "CertStore",
+ "LDAP", "sun.security.provider.certpath.ldap.LDAPCertStore",
+ null, attrs));
+ return null;
+ }
+ });
}
}
--- old/src/java.security.jgss/share/classes/sun/security/jgss/SunProvider.java Mon Jun 8 21:35:09 2015
+++ new/src/java.security.jgss/share/classes/sun/security/jgss/SunProvider.java Mon Jun 8 21:35:09 2015
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,12 @@
import java.security.Provider;
import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidParameterException;
+import java.security.ProviderException;
+import sun.security.jgss.krb5.Krb5MechFactory;
+import sun.security.jgss.spnego.SpNegoMechFactory;
/**
* Defines the Sun JGSS provider.
@@ -58,6 +64,39 @@
"(Kerberos v5, SPNEGO)";
// "(Kerberos v5, Dummy GSS-API Mechanism)";
+ private static final class ProviderService extends Provider.Service {
+ ProviderService(Provider p, String type, String algo, String cn) {
+ super(p, type, algo, cn, null, null);
+ }
+
+ @Override
+ public Object newInstance(Object ctrParamObj)
+ throws NoSuchAlgorithmException {
+ String type = getType();
+ if (ctrParamObj != null) {
+ throw new InvalidParameterException
+ ("constructorParameter not used with " + type +
+ " engines");
+ }
+ String algo = getAlgorithm();
+ try {
+ if (type.equals("GssApiMechanism")) {
+ if (algo.equals("1.2.840.113554.1.2.2")) {
+ return new Krb5MechFactory();
+ } else if (algo.equals("1.3.6.1.5.5.2")) {
+ return new SpNegoMechFactory();
+ }
+ }
+ } catch (Exception ex) {
+ throw new NoSuchAlgorithmException
+ ("Error constructing " + type + " for " +
+ algo + " using SunJGSS", ex);
+ }
+ throw new ProviderException("No impl for " + algo +
+ " " + type);
+ }
+ }
+
public static final SunProvider INSTANCE = new SunProvider();
public SunProvider() {
@@ -64,17 +103,15 @@
/* We are the Sun JGSS provider */
super("SunJGSS", 1.9d, INFO);
- AccessController.doPrivileged(
- new java.security.PrivilegedAction() {
+ final Provider p = this;
+ AccessController.doPrivileged(new PrivilegedAction() {
public Void run() {
- put("GssApiMechanism.1.2.840.113554.1.2.2",
- "sun.security.jgss.krb5.Krb5MechFactory");
- put("GssApiMechanism.1.3.6.1.5.5.2",
- "sun.security.jgss.spnego.SpNegoMechFactory");
- /*
- put("GssApiMechanism.1.3.6.1.4.1.42.2.26.1.2",
- "sun.security.jgss.dummy.DummyMechFactory");
- */
+ putService(new ProviderService(p, "GssApiMechanism",
+ "1.2.840.113554.1.2.2",
+ "sun.security.jgss.krb5.Krb5MechFactory"));
+ putService(new ProviderService(p, "GssApiMechanism",
+ "1.3.6.1.5.5.2",
+ "sun.security.jgss.spnego.SpNegoMechFactory"));
return null;
}
});
--- old/src/java.security.sasl/share/classes/com/sun/security/sasl/Provider.java Mon Jun 8 21:35:10 2015
+++ new/src/java.security.sasl/share/classes/com/sun/security/sasl/Provider.java Mon Jun 8 21:35:10 2015
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,9 @@
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.NoSuchAlgorithmException;
+import java.security.InvalidParameterException;
+import java.security.ProviderException;
/**
* The SASL provider.
@@ -34,12 +37,10 @@
* - PLAIN
* - CRAM-MD5
* - DIGEST-MD5
- * - GSSAPI/Kerberos v5
* - NTLM
* And server support for
* - CRAM-MD5
* - DIGEST-MD5
- * - GSSAPI/Kerberos v5
* - NTLM
*/
@@ -49,38 +50,78 @@
private static final String info = "Sun SASL provider" +
"(implements client mechanisms for: " +
- "DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5, NTLM;" +
- " server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5, NTLM)";
+ "DIGEST-MD5, EXTERNAL, PLAIN, CRAM-MD5, NTLM;" +
+ " server mechanisms for: DIGEST-MD5, CRAM-MD5, NTLM)";
+ private static final class ProviderService
+ extends java.security.Provider.Service {
+ ProviderService(java.security.Provider p, String type, String algo,
+ String cn) {
+ super(p, type, algo, cn, null, null);
+ }
+
+ @Override
+ public Object newInstance(Object ctrParamObj)
+ throws NoSuchAlgorithmException {
+ String type = getType();
+ if (ctrParamObj != null) {
+ throw new InvalidParameterException
+ ("constructorParameter not used with " + type + " engines");
+ }
+
+ String algo = getAlgorithm();
+ try {
+ // DIGEST-MD5, NTLM uses same impl class for client and server
+ if (algo.equals("DIGEST-MD5")) {
+ return new com.sun.security.sasl.digest.FactoryImpl();
+ }
+ if (algo.equals("NTLM")) {
+ return new com.sun.security.sasl.ntlm.FactoryImpl();
+ }
+ if (type.equals("SaslClientFactory")) {
+ if (algo.equals("EXTERNAL") || algo.equals("PLAIN") ||
+ algo.equals("CRAM-MD5")) {
+ return new com.sun.security.sasl.ClientFactoryImpl();
+ }
+ } else if (type.equals("SaslServerFactory")) {
+ if (algo.equals("CRAM-MD5")) {
+ return new com.sun.security.sasl.ServerFactoryImpl();
+ }
+ }
+ } catch (Exception ex) {
+ throw new NoSuchAlgorithmException("Error constructing " +
+ type + " for " + algo + " using SunSASL", ex);
+ }
+ throw new ProviderException("No impl for " + algo +
+ " " + type);
+ }
+ }
+
public Provider() {
super("SunSASL", 1.9d, info);
+ final Provider p = this;
AccessController.doPrivileged(new PrivilegedAction() {
public Void run() {
// Client mechanisms
- put("SaslClientFactory.DIGEST-MD5",
- "com.sun.security.sasl.digest.FactoryImpl");
- put("SaslClientFactory.NTLM",
- "com.sun.security.sasl.ntlm.FactoryImpl");
- put("SaslClientFactory.GSSAPI",
- "com.sun.security.sasl.gsskerb.FactoryImpl");
+ putService(new ProviderService(p, "SaslClientFactory",
+ "DIGEST-MD5", "com.sun.security.sasl.digest.FactoryImpl"));
+ putService(new ProviderService(p, "SaslClientFactory",
+ "NTLM", "com.sun.security.sasl.ntlm.FactoryImpl"));
+ putService(new ProviderService(p, "SaslClientFactory",
+ "EXTERNAL", "com.sun.security.sasl.ClientFactoryImpl"));
+ putService(new ProviderService(p, "SaslClientFactory",
+ "PLAIN", "com.sun.security.sasl.ClientFactoryImpl"));
+ putService(new ProviderService(p, "SaslClientFactory",
+ "CRAM-MD5", "com.sun.security.sasl.ClientFactoryImpl"));
- put("SaslClientFactory.EXTERNAL",
- "com.sun.security.sasl.ClientFactoryImpl");
- put("SaslClientFactory.PLAIN",
- "com.sun.security.sasl.ClientFactoryImpl");
- put("SaslClientFactory.CRAM-MD5",
- "com.sun.security.sasl.ClientFactoryImpl");
-
// Server mechanisms
- put("SaslServerFactory.CRAM-MD5",
- "com.sun.security.sasl.ServerFactoryImpl");
- put("SaslServerFactory.GSSAPI",
- "com.sun.security.sasl.gsskerb.FactoryImpl");
- put("SaslServerFactory.DIGEST-MD5",
- "com.sun.security.sasl.digest.FactoryImpl");
- put("SaslServerFactory.NTLM",
- "com.sun.security.sasl.ntlm.FactoryImpl");
+ putService(new ProviderService(p, "SaslServerFactory",
+ "CRAM-MD5", "com.sun.security.sasl.ServerFactoryImpl"));
+ putService(new ProviderService(p, "SaslServerFactory",
+ "DIGEST-MD5", "com.sun.security.sasl.digest.FactoryImpl"));
+ putService(new ProviderService(p, "SaslServerFactory",
+ "NTLM", "com.sun.security.sasl.ntlm.FactoryImpl"));
return null;
}
});
--- old/src/java.security.sasl/share/classes/javax/security/sasl/Sasl.java Mon Jun 8 21:35:11 2015
+++ new/src/java.security.sasl/share/classes/javax/security/sasl/Sasl.java Mon Jun 8 21:35:10 2015
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -33,7 +33,10 @@
import java.util.Set;
import java.util.HashSet;
import java.util.Collections;
+import java.security.InvalidParameterException;
+import java.security.NoSuchAlgorithmException;
import java.security.Provider;
+import java.security.Provider.Service;
import java.security.Security;
/**
@@ -360,7 +363,7 @@
SaslClient mech = null;
SaslClientFactory fac;
- String className;
+ Service service;
String mechName;
for (int i = 0; i < mechanisms.length; i++) {
@@ -370,31 +373,32 @@
} else if (mechName.length() == 0) {
continue;
}
- String mechFilter = "SaslClientFactory." + mechName;
- Provider[] provs = Security.getProviders(mechFilter);
- for (int j = 0; provs != null && j < provs.length; j++) {
- className = provs[j].getProperty(mechFilter);
- if (className == null) {
- // Case is ignored
- continue;
- }
+ String type = "SaslClientFactory";
+ Provider[] provs = Security.getProviders(type + "." + mechName);
+ if (provs != null) {
+ for (Provider p : provs) {
+ service = p.getService(type, mechName);
+ if (service == null) {
+ // no such service exists
+ continue;
+ }
- fac = (SaslClientFactory) loadFactory(provs[j], className);
- if (fac != null) {
- mech = fac.createSaslClient(
- new String[]{mechanisms[i]}, authorizationId,
- protocol, serverName, props, cbh);
- if (mech != null) {
- return mech;
+ fac = (SaslClientFactory) loadFactory(service);
+ if (fac != null) {
+ mech = fac.createSaslClient(
+ new String[]{mechanisms[i]}, authorizationId,
+ protocol, serverName, props, cbh);
+ if (mech != null) {
+ return mech;
+ }
}
}
}
}
-
return null;
}
- private static Object loadFactory(Provider p, String className)
+ private static Object loadFactory(Service service)
throws SaslException {
try {
/*
@@ -406,18 +410,9 @@
* have "getClassLoader" permission, or a SecurityException
* will be thrown.
*/
- ClassLoader cl = p.getClass().getClassLoader();
- Class> implClass;
- implClass = Class.forName(className, true, cl);
- return implClass.newInstance();
- } catch (ClassNotFoundException e) {
- throw new SaslException("Cannot load class " + className, e);
- } catch (InstantiationException e) {
- throw new SaslException("Cannot instantiate class " + className, e);
- } catch (IllegalAccessException e) {
- throw new SaslException("Cannot access class " + className, e);
- } catch (SecurityException e) {
- throw new SaslException("Cannot access class " + className, e);
+ return service.newInstance(null);
+ } catch (InvalidParameterException | NoSuchAlgorithmException e) {
+ throw new SaslException("Cannot instantiate service " + service, e);
}
}
@@ -503,7 +498,7 @@
SaslServer mech = null;
SaslServerFactory fac;
- String className;
+ Service service;
if (mechanism == null) {
throw new NullPointerException("Mechanism name cannot be null");
@@ -511,24 +506,25 @@
return null;
}
- String mechFilter = "SaslServerFactory." + mechanism;
- Provider[] provs = Security.getProviders(mechFilter);
- for (int j = 0; provs != null && j < provs.length; j++) {
- className = provs[j].getProperty(mechFilter);
- if (className == null) {
- throw new SaslException("Provider does not support " +
- mechFilter);
- }
- fac = (SaslServerFactory) loadFactory(provs[j], className);
- if (fac != null) {
- mech = fac.createSaslServer(
- mechanism, protocol, serverName, props, cbh);
- if (mech != null) {
- return mech;
+ String type = "SaslServerFactory";
+ Provider[] provs = Security.getProviders(type + "." + mechanism);
+ if (provs != null) {
+ for (Provider p : provs) {
+ service = p.getService(type, mechanism);
+ if (service == null) {
+ throw new SaslException("Provider does not support " +
+ mechanism + " " + type);
}
+ fac = (SaslServerFactory) loadFactory(service);
+ if (fac != null) {
+ mech = fac.createSaslServer(
+ mechanism, protocol, serverName, props, cbh);
+ if (mech != null) {
+ return mech;
+ }
+ }
}
}
-
return null;
}
@@ -582,36 +578,21 @@
return result;
}
-
- Provider[] providers = Security.getProviders();
- HashSet classes = new HashSet();
+ Provider[] provs = Security.getProviders();
Object fac;
- for (int i = 0; i < providers.length; i++) {
- classes.clear();
+ for (Provider p : provs) {
- // Check the keys for each provider.
- for (Enumeration