1 /*
   2  * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.provider;
  27 
  28 import java.io.*;
  29 import java.net.*;
  30 import java.util.Map;
  31 import java.security.*;
  32 
  33 /**
  34  * Defines the entries of the SUN provider.
  35  *
  36  * Algorithms supported, and their names:
  37  *
  38  * - SHA is the message digest scheme described in FIPS 180-1.
  39  *   Aliases for SHA are SHA-1 and SHA1.
  40  *
  41  * - SHA1withDSA is the signature scheme described in FIPS 186.
  42  *   (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.)
  43  *   Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA,
  44  *   SHAwithDSA, DSAWithSHA1, and the object
  45  *   identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and
  46  *   "OID.1.2.840.10040.4.3".
  47  *
  48  * - SHA-2 is a set of message digest schemes described in FIPS 180-2.
  49  *   SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384,
  50  *   and SHA-512.
  51  *
  52  * - SHA-224withDSA/SHA-256withDSA are the signature schemes
  53  *   described in FIPS 186-3. The associated object identifiers are
  54  *   "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2".
  55 
  56  * - DSA is the key generation scheme as described in FIPS 186.
  57  *   Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"
  58  *   and "OID.1.2.840.10040.4.1".
  59  *
  60  * - MD5 is the message digest scheme described in RFC 1321.
  61  *   There are no aliases for MD5.
  62  *
  63  * - X.509 is the certificate factory type for X.509 certificates
  64  *   and CRLs. Aliases for X.509 are X509.
  65  *
  66  * - PKIX is the certification path validation algorithm described
  67  *   in RFC 3280. The ValidationAlgorithm attribute notes the
  68  *   specification that this provider implements.
  69  *
  70  * - LDAP is the CertStore type for LDAP repositories. The
  71  *   LDAPSchema attribute notes the specification defining the
  72  *   schema that this provider uses to find certificates and CRLs.
  73  *
  74  * - JavaPolicy is the default file-based Policy type.
  75  *
  76  * - JavaLoginConfig is the default file-based LoginModule Configuration type.
  77  */
  78 
  79 final class SunEntries {
  80 
  81     private SunEntries() {
  82         // empty
  83     }
  84 
  85     static void putEntries(Map<Object, Object> map) {
  86 
  87         /*
  88          * SecureRandom
  89          *
  90          * Register these first to speed up "new SecureRandom()",
  91          * which iterates through the list of algorithms
  92          */
  93         // register the native PRNG, if available
  94         // if user selected /dev/urandom, we put it before SHA1PRNG,
  95         // otherwise after it
  96         boolean nativeAvailable = NativePRNG.isAvailable();
  97         boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) ||
  98             seedSource.equals(URL_DEV_RANDOM);
  99 
 100         if (nativeAvailable && useNativePRNG) {
 101             map.put("SecureRandom.NativePRNG",
 102                 "sun.security.provider.NativePRNG");
 103         }
 104         map.put("SecureRandom.SHA1PRNG",
 105              "sun.security.provider.SecureRandom");
 106         if (nativeAvailable && !useNativePRNG) {
 107             map.put("SecureRandom.NativePRNG",
 108                 "sun.security.provider.NativePRNG");
 109         }
 110 
 111         if (NativePRNG.Blocking.isAvailable()) {
 112             map.put("SecureRandom.NativePRNGBlocking",
 113                 "sun.security.provider.NativePRNG$Blocking");
 114         }
 115 
 116         if (NativePRNG.NonBlocking.isAvailable()) {
 117             map.put("SecureRandom.NativePRNGNonBlocking",
 118                 "sun.security.provider.NativePRNG$NonBlocking");
 119         }
 120 
 121         /*
 122          * Signature engines
 123          */
 124         map.put("Signature.SHA1withDSA",
 125                 "sun.security.provider.DSA$SHA1withDSA");
 126         map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA");
 127         map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA");
 128         map.put("Signature.SHA224withDSA",
 129                 "sun.security.provider.DSA$SHA224withDSA");
 130         map.put("Signature.SHA256withDSA",
 131                 "sun.security.provider.DSA$SHA256withDSA");
 132 
 133         String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
 134                 "|java.security.interfaces.DSAPrivateKey";
 135         map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses);
 136         map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses);
 137         map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses);
 138         map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses);
 139 
 140         map.put("Alg.Alias.Signature.DSA", "SHA1withDSA");
 141         map.put("Alg.Alias.Signature.DSS", "SHA1withDSA");
 142         map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
 143         map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
 144         map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
 145         map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
 146         map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
 147         map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3",
 148                 "SHA1withDSA");
 149         map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
 150         map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");
 151         map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");
 152         map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1",
 153                 "SHA224withDSA");
 154         map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA");
 155         map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2",
 156                 "SHA256withDSA");
 157         map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA");
 158 
 159         /*
 160          *  Key Pair Generator engines
 161          */
 162         map.put("KeyPairGenerator.DSA",
 163             "sun.security.provider.DSAKeyPairGenerator");
 164         map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
 165         map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
 166         map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
 167 
 168         /*
 169          * Digest engines
 170          */
 171         map.put("MessageDigest.MD2", "sun.security.provider.MD2");
 172         map.put("MessageDigest.MD5", "sun.security.provider.MD5");
 173         map.put("MessageDigest.SHA", "sun.security.provider.SHA");
 174 
 175         map.put("Alg.Alias.MessageDigest.SHA-1", "SHA");
 176         map.put("Alg.Alias.MessageDigest.SHA1", "SHA");
 177         map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA");
 178         map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA");
 179 
 180         map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224");
 181         map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224");
 182         map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4",
 183                 "SHA-224");
 184 
 185         map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256");
 186         map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256");
 187         map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1",
 188                 "SHA-256");
 189         map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384");
 190         map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384");
 191         map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2",
 192                 "SHA-384");
 193         map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512");
 194         map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512");
 195         map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3",
 196                 "SHA-512");
 197 
 198         /*
 199          * Algorithm Parameter Generator engines
 200          */
 201         map.put("AlgorithmParameterGenerator.DSA",
 202             "sun.security.provider.DSAParameterGenerator");
 203 
 204         /*
 205          * Algorithm Parameter engines
 206          */
 207         map.put("AlgorithmParameters.DSA",
 208             "sun.security.provider.DSAParameters");
 209         map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA");
 210         map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA");
 211         map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA");
 212 
 213         /*
 214          * Key factories
 215          */
 216         map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory");
 217         map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA");
 218         map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
 219         map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");
 220 
 221         /*
 222          * Certificates
 223          */
 224         map.put("CertificateFactory.X.509",
 225             "sun.security.provider.X509Factory");
 226         map.put("Alg.Alias.CertificateFactory.X509", "X.509");
 227 
 228         /*
 229          * KeyStore
 230          */
 231         map.put("KeyStore.JKS", "sun.security.provider.JavaKeyStore$JKS");
 232         map.put("KeyStore.CaseExactJKS",
 233                         "sun.security.provider.JavaKeyStore$CaseExactJKS");
 234         map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS");
 235 
 236         /*
 237          * Policy
 238          */
 239         map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile");
 240 
 241         /*
 242          * Configuration
 243          */
 244         map.put("Configuration.JavaLoginConfig",
 245                         "sun.security.provider.ConfigFile$Spi");
 246 
 247         /*
 248          * CertPathBuilder
 249          */
 250         map.put("CertPathBuilder.PKIX",
 251             "sun.security.provider.certpath.SunCertPathBuilder");
 252         map.put("CertPathBuilder.PKIX ValidationAlgorithm",
 253             "RFC3280");
 254 
 255         /*
 256          * CertPathValidator
 257          */
 258         map.put("CertPathValidator.PKIX",
 259             "sun.security.provider.certpath.PKIXCertPathValidator");
 260         map.put("CertPathValidator.PKIX ValidationAlgorithm",
 261             "RFC3280");
 262 
 263         /*
 264          * CertStores
 265          */
 266         map.put("CertStore.LDAP",
 267             "sun.security.provider.certpath.ldap.LDAPCertStore");
 268         map.put("CertStore.LDAP LDAPSchema", "RFC2587");
 269         map.put("CertStore.Collection",
 270             "sun.security.provider.certpath.CollectionCertStore");
 271         map.put("CertStore.com.sun.security.IndexedCollection",
 272             "sun.security.provider.certpath.IndexedCollectionCertStore");
 273 
 274         /*
 275          * KeySize
 276          */
 277         map.put("Signature.NONEwithDSA KeySize", "1024");
 278         map.put("Signature.SHA1withDSA KeySize", "1024");
 279         map.put("Signature.SHA224withDSA KeySize", "2048");
 280         map.put("Signature.SHA256withDSA KeySize", "2048");
 281 
 282         map.put("KeyPairGenerator.DSA KeySize", "2048");
 283         map.put("AlgorithmParameterGenerator.DSA KeySize", "2048");
 284 
 285         /*
 286          * Implementation type: software or hardware
 287          */
 288         map.put("Signature.SHA1withDSA ImplementedIn", "Software");
 289         map.put("KeyPairGenerator.DSA ImplementedIn", "Software");
 290         map.put("MessageDigest.MD5 ImplementedIn", "Software");
 291         map.put("MessageDigest.SHA ImplementedIn", "Software");
 292         map.put("AlgorithmParameterGenerator.DSA ImplementedIn",
 293             "Software");
 294         map.put("AlgorithmParameters.DSA ImplementedIn", "Software");
 295         map.put("KeyFactory.DSA ImplementedIn", "Software");
 296         map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software");
 297         map.put("CertificateFactory.X.509 ImplementedIn", "Software");
 298         map.put("KeyStore.JKS ImplementedIn", "Software");
 299         map.put("CertPathValidator.PKIX ImplementedIn", "Software");
 300         map.put("CertPathBuilder.PKIX ImplementedIn", "Software");
 301         map.put("CertStore.LDAP ImplementedIn", "Software");
 302         map.put("CertStore.Collection ImplementedIn", "Software");
 303         map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn",
 304             "Software");
 305 
 306     }
 307 
 308     // name of the *System* property, takes precedence over PROP_RNDSOURCE
 309     private final static String PROP_EGD = "java.security.egd";
 310     // name of the *Security* property
 311     private final static String PROP_RNDSOURCE = "securerandom.source";
 312 
 313     final static String URL_DEV_RANDOM = "file:/dev/random";
 314     final static String URL_DEV_URANDOM = "file:/dev/urandom";
 315 
 316     private static final String seedSource;
 317 
 318     static {
 319         seedSource = AccessController.doPrivileged(
 320                 new PrivilegedAction<String>() {
 321 
 322             @Override
 323             public String run() {
 324                 String egdSource = System.getProperty(PROP_EGD, "");
 325                 if (egdSource.length() != 0) {
 326                     return egdSource;
 327                 }
 328                 egdSource = Security.getProperty(PROP_RNDSOURCE);
 329                 if (egdSource == null) {
 330                     return "";
 331                 }
 332                 return egdSource;
 333             }
 334         });
 335     }
 336 
 337     static String getSeedSource() {
 338         return seedSource;
 339     }
 340 
 341     /*
 342      * Use a URI to access this File. Previous code used a URL
 343      * which is less strict on syntax. If we encounter a
 344      * URISyntaxException we make best efforts for backwards
 345      * compatibility. e.g. space character in deviceName string.
 346      *
 347      * Method called within PrivilegedExceptionAction block.
 348      *
 349      * Moved from SeedGenerator to avoid initialization problems with
 350      * signed providers.
 351      */
 352     static File getDeviceFile(URL device) throws IOException {
 353         try {
 354             URI deviceURI = device.toURI();
 355             if(deviceURI.isOpaque()) {
 356                 // File constructor does not accept opaque URI
 357                 URI localDir = new File(
 358                     System.getProperty("user.dir")).toURI();
 359                 String uriPath = localDir.toString() +
 360                                      deviceURI.toString().substring(5);
 361                 return new File(URI.create(uriPath));
 362             } else {
 363                 return new File(deviceURI);
 364             }
 365         } catch (URISyntaxException use) {
 366             /*
 367              * Make best effort to access this File.
 368              * We can try using the URL path.
 369              */
 370             return new File(device.getPath());
 371         }
 372     }
 373 }