1 /* 2 * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.security; 27 28 import java.io.*; 29 import java.util.*; 30 import static java.util.Locale.ENGLISH; 31 import java.lang.ref.*; 32 import java.lang.reflect.*; 33 import java.util.function.BiConsumer; 34 import java.util.function.BiFunction; 35 import java.util.function.Function; 36 37 /** 38 * This class represents a "provider" for the 39 * Java Security API, where a provider implements some or all parts of 40 * Java Security. Services that a provider may implement include: 41 * 42 * <ul> 43 * 44 * <li>Algorithms (such as DSA, RSA, or SHA-256). 45 * 46 * <li>Key generation, conversion, and management facilities (such as for 47 * algorithm-specific keys). 48 * 49 * </ul> 50 * 51 * <p>Some provider implementations may encounter unrecoverable internal 52 * errors during their operation, for example a failure to communicate with a 53 * security token. A {@link ProviderException} should be used to indicate 54 * such errors. 55 * 56 * <p>Please note that a provider can be used to implement any security 57 * service in Java that uses a pluggable architecture with a choice 58 * of implementations that fit underneath. 59 * 60 * <p>The service type {@code Provider} is reserved for use by the 61 * security framework. Services of this type cannot be added, removed, 62 * or modified by applications. 63 * The following attributes are automatically placed in each Provider object: 64 * <table cellspacing=4> 65 * <caption><b>Attributes Automatically Placed in a Provider Object</b></caption> 66 * <tr><th>Name</th><th>Value</th> 67 * <tr><td>{@code Provider.id name}</td> 68 * <td>{@code String.valueOf(provider.getName())}</td> 69 * <tr><td>{@code Provider.id version}</td> 70 * <td>{@code String.valueOf(provider.getVersion())}</td> 71 * <tr><td>{@code Provider.id info}</td> 72 <td>{@code String.valueOf(provider.getInfo())}</td> 73 * <tr><td>{@code Provider.id className}</td> 74 * <td>{@code provider.getClass().getName()}</td> 75 * </table> 76 * 77 * <p>Each provider has a name and a version number. A provider normally 78 * identifies itself with a file named {@code java.security.Provider} 79 * in the resource directory {@code META-INF/services}. 80 * Security providers are looked up via the {@link ServiceLoader} mechanism 81 * using the {@link ClassLoader#getSystemClassLoader application class loader}. 82 * 83 * <p>Providers may be configured such that they are automatically 84 * installed and made available at runtime via the 85 * {@link Security#getProviders() Security.getProviders()} method. 86 * The mechanism for configuring and installing security providers is 87 * implementation-specific. 88 * 89 * @implNote 90 * The JDK implementation supports static registration of the security 91 * providers via the {@code conf/security/java.security} file in the Java 92 * installation directory. These providers are automatically installed by 93 * the JDK runtime, see <a href = 94 * "../../../technotes/guides/security/crypto/CryptoSpec.html#Provider">The Provider Class</a> 95 * in the "Java Cryptography Architecture API Specification & Reference" 96 * for information about how a particular type of provider, the cryptographic 97 * service provider, works and is installed. 98 * 99 * @author Benjamin Renaud 100 * @author Andreas Sterbenz 101 */ 102 public abstract class Provider extends Properties { 103 104 // Declare serialVersionUID to be compatible with JDK1.1 105 static final long serialVersionUID = -4298000515446427739L; 106 107 private static final sun.security.util.Debug debug = 108 sun.security.util.Debug.getInstance 109 ("provider", "Provider"); 110 111 /** 112 * The provider name. 113 * 114 * @serial 115 */ 116 private String name; 117 118 /** 119 * A description of the provider and its services. 120 * 121 * @serial 122 */ 123 private String info; 124 125 /** 126 * The provider version number. 127 * 128 * @serial 129 */ 130 private double version; 131 132 133 private transient Set<Map.Entry<Object,Object>> entrySet = null; 134 private transient int entrySetCallCount = 0; 135 136 private transient boolean initialized; 137 138 private static Object newInstanceUtil(final Class<?> clazz, 139 final Class<?> ctrParamClz, final Object ctorParamObj) 140 throws Exception { 141 if (ctrParamClz == null) { 142 Constructor<?> con = clazz.getConstructor(); 143 return con.newInstance(); 144 } else { 145 // Looking for the constructor with a params first and fallback 146 // to one without if not found. This is to support the enhanced 147 // SecureRandom. Before jdk9, there was no params support 148 // (only getInstance(alg)) and an impl only had the no-params 149 // constructor. Since jdk9, there is getInstance(alg,params) 150 // and an impl can contain a Impl(params) constructor. 151 try { 152 Constructor<?> con = clazz.getConstructor(ctrParamClz); 153 return con.newInstance(ctorParamObj); 154 } catch (NoSuchMethodException nsme) { 155 if (ctorParamObj == null) { 156 Constructor<?> con = clazz.getConstructor(); 157 return con.newInstance(); 158 } else { 159 throw new IllegalArgumentException(nsme); 160 } 161 } 162 } 163 } 164 165 /** 166 * Constructs a provider with the specified name, version number, 167 * and information. 168 * 169 * @param name the provider name. 170 * 171 * @param version the provider version number. 172 * 173 * @param info a description of the provider and its services. 174 */ 175 protected Provider(String name, double version, String info) { 176 this.name = name; 177 this.version = version; 178 this.info = info; 179 putId(); 180 initialized = true; 181 } 182 183 /** 184 * Apply the supplied configuration argument to this provider instance 185 * and return the configured provider. Note that if this provider cannot 186 * be configured in-place, a new provider will be created and returned. 187 * Therefore, callers should always use the returned provider. 188 * 189 * @implSpec 190 * The default implementation throws {@code UnsupportedOperationException}. 191 * Subclasses should override this method only if a configuration argument 192 * is supported. 193 * 194 * @param configArg the configuration information for configuring this 195 * provider. 196 * 197 * @throws UnsupportedOperationException if a configuration argument is 198 * not supported. 199 * @throws NullPointerException if the supplied configuration argument is 200 null. 201 * @throws InvalidParameterException if the supplied configuration argument 202 * is invalid. 203 * @return a provider configured with the supplied configuration argument. 204 * 205 * @since 9 206 */ 207 public Provider configure(String configArg) { 208 throw new UnsupportedOperationException("configure is not supported"); 209 } 210 211 /** 212 * Check if this provider instance has been configured. 213 * 214 * @implSpec 215 * The default implementation returns true. 216 * Subclasses should override this method if the provider instance requires 217 * an explicit {@code configure} call after being constructed. 218 * 219 * @return true if no further configuration is needed, false otherwise. 220 * 221 * @since 9 222 */ 223 public boolean isConfigured() { 224 return true; 225 } 226 227 228 /** 229 * Returns the name of this provider. 230 * 231 * @return the name of this provider. 232 */ 233 public String getName() { 234 return name; 235 } 236 237 /** 238 * Returns the version number for this provider. 239 * 240 * @return the version number for this provider. 241 */ 242 public double getVersion() { 243 return version; 244 } 245 246 /** 247 * Returns a human-readable description of the provider and its 248 * services. This may return an HTML page, with relevant links. 249 * 250 * @return a description of the provider and its services. 251 */ 252 public String getInfo() { 253 return info; 254 } 255 256 /** 257 * Returns a string with the name and the version number 258 * of this provider. 259 * 260 * @return the string with the name and the version number 261 * for this provider. 262 */ 263 public String toString() { 264 return name + " version " + version; 265 } 266 267 /* 268 * override the following methods to ensure that provider 269 * information can only be changed if the caller has the appropriate 270 * permissions. 271 */ 272 273 /** 274 * Clears this provider so that it no longer contains the properties 275 * used to look up facilities implemented by the provider. 276 * 277 * <p>If a security manager is enabled, its {@code checkSecurityAccess} 278 * method is called with the string {@code "clearProviderProperties."+name} 279 * (where {@code name} is the provider name) to see if it's ok to clear 280 * this provider. 281 * 282 * @throws SecurityException 283 * if a security manager exists and its {@link 284 * java.lang.SecurityManager#checkSecurityAccess} method 285 * denies access to clear this provider 286 * 287 * @since 1.2 288 */ 289 @Override 290 public synchronized void clear() { 291 check("clearProviderProperties."+name); 292 if (debug != null) { 293 debug.println("Remove " + name + " provider properties"); 294 } 295 implClear(); 296 } 297 298 /** 299 * Reads a property list (key and element pairs) from the input stream. 300 * 301 * @param inStream the input stream. 302 * @exception IOException if an error occurred when reading from the 303 * input stream. 304 * @see java.util.Properties#load 305 */ 306 @Override 307 public synchronized void load(InputStream inStream) throws IOException { 308 check("putProviderProperty."+name); 309 if (debug != null) { 310 debug.println("Load " + name + " provider properties"); 311 } 312 Properties tempProperties = new Properties(); 313 tempProperties.load(inStream); 314 implPutAll(tempProperties); 315 } 316 317 /** 318 * Copies all of the mappings from the specified Map to this provider. 319 * These mappings will replace any properties that this provider had 320 * for any of the keys currently in the specified Map. 321 * 322 * @since 1.2 323 */ 324 @Override 325 public synchronized void putAll(Map<?,?> t) { 326 check("putProviderProperty."+name); 327 if (debug != null) { 328 debug.println("Put all " + name + " provider properties"); 329 } 330 implPutAll(t); 331 } 332 333 /** 334 * Returns an unmodifiable Set view of the property entries contained 335 * in this Provider. 336 * 337 * @see java.util.Map.Entry 338 * @since 1.2 339 */ 340 @Override 341 public synchronized Set<Map.Entry<Object,Object>> entrySet() { 342 checkInitialized(); 343 if (entrySet == null) { 344 if (entrySetCallCount++ == 0) // Initial call 345 entrySet = Collections.unmodifiableMap(this).entrySet(); 346 else 347 return super.entrySet(); // Recursive call 348 } 349 350 // This exception will be thrown if the implementation of 351 // Collections.unmodifiableMap.entrySet() is changed such that it 352 // no longer calls entrySet() on the backing Map. (Provider's 353 // entrySet implementation depends on this "implementation detail", 354 // which is unlikely to change. 355 if (entrySetCallCount != 2) 356 throw new RuntimeException("Internal error."); 357 358 return entrySet; 359 } 360 361 /** 362 * Returns an unmodifiable Set view of the property keys contained in 363 * this provider. 364 * 365 * @since 1.2 366 */ 367 @Override 368 public Set<Object> keySet() { 369 checkInitialized(); 370 return Collections.unmodifiableSet(super.keySet()); 371 } 372 373 /** 374 * Returns an unmodifiable Collection view of the property values 375 * contained in this provider. 376 * 377 * @since 1.2 378 */ 379 @Override 380 public Collection<Object> values() { 381 checkInitialized(); 382 return Collections.unmodifiableCollection(super.values()); 383 } 384 385 /** 386 * Sets the {@code key} property to have the specified 387 * {@code value}. 388 * 389 * <p>If a security manager is enabled, its {@code checkSecurityAccess} 390 * method is called with the string {@code "putProviderProperty."+name}, 391 * where {@code name} is the provider name, to see if it's ok to set this 392 * provider's property values. 393 * 394 * @throws SecurityException 395 * if a security manager exists and its {@link 396 * java.lang.SecurityManager#checkSecurityAccess} method 397 * denies access to set property values. 398 * 399 * @since 1.2 400 */ 401 @Override 402 public synchronized Object put(Object key, Object value) { 403 check("putProviderProperty."+name); 404 if (debug != null) { 405 debug.println("Set " + name + " provider property [" + 406 key + "/" + value +"]"); 407 } 408 return implPut(key, value); 409 } 410 411 /** 412 * If the specified key is not already associated with a value (or is mapped 413 * to {@code null}) associates it with the given value and returns 414 * {@code null}, else returns the current value. 415 * 416 * <p>If a security manager is enabled, its {@code checkSecurityAccess} 417 * method is called with the string {@code "putProviderProperty."+name}, 418 * where {@code name} is the provider name, to see if it's ok to set this 419 * provider's property values. 420 * 421 * @throws SecurityException 422 * if a security manager exists and its {@link 423 * java.lang.SecurityManager#checkSecurityAccess} method 424 * denies access to set property values. 425 * 426 * @since 1.8 427 */ 428 @Override 429 public synchronized Object putIfAbsent(Object key, Object value) { 430 check("putProviderProperty."+name); 431 if (debug != null) { 432 debug.println("Set " + name + " provider property [" + 433 key + "/" + value +"]"); 434 } 435 return implPutIfAbsent(key, value); 436 } 437 438 /** 439 * Removes the {@code key} property (and its corresponding 440 * {@code value}). 441 * 442 * <p>If a security manager is enabled, its {@code checkSecurityAccess} 443 * method is called with the string {@code "removeProviderProperty."+name}, 444 * where {@code name} is the provider name, to see if it's ok to remove this 445 * provider's properties. 446 * 447 * @throws SecurityException 448 * if a security manager exists and its {@link 449 * java.lang.SecurityManager#checkSecurityAccess} method 450 * denies access to remove this provider's properties. 451 * 452 * @since 1.2 453 */ 454 @Override 455 public synchronized Object remove(Object key) { 456 check("removeProviderProperty."+name); 457 if (debug != null) { 458 debug.println("Remove " + name + " provider property " + key); 459 } 460 return implRemove(key); 461 } 462 463 /** 464 * Removes the entry for the specified key only if it is currently 465 * mapped to the specified value. 466 * 467 * <p>If a security manager is enabled, its {@code checkSecurityAccess} 468 * method is called with the string {@code "removeProviderProperty."+name}, 469 * where {@code name} is the provider name, to see if it's ok to remove this 470 * provider's properties. 471 * 472 * @throws SecurityException 473 * if a security manager exists and its {@link 474 * java.lang.SecurityManager#checkSecurityAccess} method 475 * denies access to remove this provider's properties. 476 * 477 * @since 1.8 478 */ 479 @Override 480 public synchronized boolean remove(Object key, Object value) { 481 check("removeProviderProperty."+name); 482 if (debug != null) { 483 debug.println("Remove " + name + " provider property " + key); 484 } 485 return implRemove(key, value); 486 } 487 488 /** 489 * Replaces the entry for the specified key only if currently 490 * mapped to the specified value. 491 * 492 * <p>If a security manager is enabled, its {@code checkSecurityAccess} 493 * method is called with the string {@code "putProviderProperty."+name}, 494 * where {@code name} is the provider name, to see if it's ok to set this 495 * provider's property values. 496 * 497 * @throws SecurityException 498 * if a security manager exists and its {@link 499 * java.lang.SecurityManager#checkSecurityAccess} method 500 * denies access to set property values. 501 * 502 * @since 1.8 503 */ 504 @Override 505 public synchronized boolean replace(Object key, Object oldValue, 506 Object newValue) { 507 check("putProviderProperty." + name); 508 509 if (debug != null) { 510 debug.println("Replace " + name + " provider property " + key); 511 } 512 return implReplace(key, oldValue, newValue); 513 } 514 515 /** 516 * Replaces the entry for the specified key only if it is 517 * currently mapped to some value. 518 * 519 * <p>If a security manager is enabled, its {@code checkSecurityAccess} 520 * method is called with the string {@code "putProviderProperty."+name}, 521 * where {@code name} is the provider name, to see if it's ok to set this 522 * provider's property values. 523 * 524 * @throws SecurityException 525 * if a security manager exists and its {@link 526 * java.lang.SecurityManager#checkSecurityAccess} method 527 * denies access to set property values. 528 * 529 * @since 1.8 530 */ 531 @Override 532 public synchronized Object replace(Object key, Object value) { 533 check("putProviderProperty." + name); 534 535 if (debug != null) { 536 debug.println("Replace " + name + " provider property " + key); 537 } 538 return implReplace(key, value); 539 } 540 541 /** 542 * Replaces each entry's value with the result of invoking the given 543 * function on that entry, in the order entries are returned by an entry 544 * set iterator, until all entries have been processed or the function 545 * throws an exception. 546 * 547 * <p>If a security manager is enabled, its {@code checkSecurityAccess} 548 * method is called with the string {@code "putProviderProperty."+name}, 549 * where {@code name} is the provider name, to see if it's ok to set this 550 * provider's property values. 551 * 552 * @throws SecurityException 553 * if a security manager exists and its {@link 554 * java.lang.SecurityManager#checkSecurityAccess} method 555 * denies access to set property values. 556 * 557 * @since 1.8 558 */ 559 @Override 560 public synchronized void replaceAll(BiFunction<? super Object, ? super Object, ? extends Object> function) { 561 check("putProviderProperty." + name); 562 563 if (debug != null) { 564 debug.println("ReplaceAll " + name + " provider property "); 565 } 566 implReplaceAll(function); 567 } 568 569 /** 570 * Attempts to compute a mapping for the specified key and its 571 * current mapped value (or {@code null} if there is no current 572 * mapping). 573 * 574 * <p>If a security manager is enabled, its {@code checkSecurityAccess} 575 * method is called with the strings {@code "putProviderProperty."+name} 576 * and {@code "removeProviderProperty."+name}, where {@code name} is the 577 * provider name, to see if it's ok to set this provider's property values 578 * and remove this provider's properties. 579 * 580 * @throws SecurityException 581 * if a security manager exists and its {@link 582 * java.lang.SecurityManager#checkSecurityAccess} method 583 * denies access to set property values or remove properties. 584 * 585 * @since 1.8 586 */ 587 @Override 588 public synchronized Object compute(Object key, 589 BiFunction<? super Object, ? super Object, ? extends Object> remappingFunction) { 590 check("putProviderProperty." + name); 591 check("removeProviderProperty" + name); 592 593 if (debug != null) { 594 debug.println("Compute " + name + " provider property " + key); 595 } 596 return implCompute(key, remappingFunction); 597 } 598 599 /** 600 * If the specified key is not already associated with a value (or 601 * is mapped to {@code null}), attempts to compute its value using 602 * the given mapping function and enters it into this map unless 603 * {@code null}. 604 * 605 * <p>If a security manager is enabled, its {@code checkSecurityAccess} 606 * method is called with the strings {@code "putProviderProperty."+name} 607 * and {@code "removeProviderProperty."+name}, where {@code name} is the 608 * provider name, to see if it's ok to set this provider's property values 609 * and remove this provider's properties. 610 * 611 * @throws SecurityException 612 * if a security manager exists and its {@link 613 * java.lang.SecurityManager#checkSecurityAccess} method 614 * denies access to set property values and remove properties. 615 * 616 * @since 1.8 617 */ 618 @Override 619 public synchronized Object computeIfAbsent(Object key, Function<? super Object, ? extends Object> mappingFunction) { 620 check("putProviderProperty." + name); 621 check("removeProviderProperty" + name); 622 623 if (debug != null) { 624 debug.println("ComputeIfAbsent " + name + " provider property " + 625 key); 626 } 627 return implComputeIfAbsent(key, mappingFunction); 628 } 629 630 /** 631 * If the value for the specified key is present and non-null, attempts to 632 * compute a new mapping given the key and its current mapped value. 633 * 634 * <p>If a security manager is enabled, its {@code checkSecurityAccess} 635 * method is called with the strings {@code "putProviderProperty."+name} 636 * and {@code "removeProviderProperty."+name}, where {@code name} is the 637 * provider name, to see if it's ok to set this provider's property values 638 * and remove this provider's properties. 639 * 640 * @throws SecurityException 641 * if a security manager exists and its {@link 642 * java.lang.SecurityManager#checkSecurityAccess} method 643 * denies access to set property values or remove properties. 644 * 645 * @since 1.8 646 */ 647 @Override 648 public synchronized Object computeIfPresent(Object key, BiFunction<? super Object, ? super Object, ? extends Object> remappingFunction) { 649 check("putProviderProperty." + name); 650 check("removeProviderProperty" + name); 651 652 if (debug != null) { 653 debug.println("ComputeIfPresent " + name + " provider property " + 654 key); 655 } 656 return implComputeIfPresent(key, remappingFunction); 657 } 658 659 /** 660 * If the specified key is not already associated with a value or is 661 * associated with null, associates it with the given value. Otherwise, 662 * replaces the value with the results of the given remapping function, 663 * or removes if the result is null. This method may be of use when 664 * combining multiple mapped values for a key. 665 * 666 * <p>If a security manager is enabled, its {@code checkSecurityAccess} 667 * method is called with the strings {@code "putProviderProperty."+name} 668 * and {@code "removeProviderProperty."+name}, where {@code name} is the 669 * provider name, to see if it's ok to set this provider's property values 670 * and remove this provider's properties. 671 * 672 * @throws SecurityException 673 * if a security manager exists and its {@link 674 * java.lang.SecurityManager#checkSecurityAccess} method 675 * denies access to set property values or remove properties. 676 * 677 * @since 1.8 678 */ 679 @Override 680 public synchronized Object merge(Object key, Object value, BiFunction<? super Object, ? super Object, ? extends Object> remappingFunction) { 681 check("putProviderProperty." + name); 682 check("removeProviderProperty" + name); 683 684 if (debug != null) { 685 debug.println("Merge " + name + " provider property " + key); 686 } 687 return implMerge(key, value, remappingFunction); 688 } 689 690 // let javadoc show doc from superclass 691 @Override 692 public Object get(Object key) { 693 checkInitialized(); 694 return super.get(key); 695 } 696 /** 697 * @since 1.8 698 */ 699 @Override 700 public synchronized Object getOrDefault(Object key, Object defaultValue) { 701 checkInitialized(); 702 return super.getOrDefault(key, defaultValue); 703 } 704 705 /** 706 * @since 1.8 707 */ 708 @Override 709 public synchronized void forEach(BiConsumer<? super Object, ? super Object> action) { 710 checkInitialized(); 711 super.forEach(action); 712 } 713 714 // let javadoc show doc from superclass 715 @Override 716 public Enumeration<Object> keys() { 717 checkInitialized(); 718 return super.keys(); 719 } 720 721 // let javadoc show doc from superclass 722 @Override 723 public Enumeration<Object> elements() { 724 checkInitialized(); 725 return super.elements(); 726 } 727 728 // let javadoc show doc from superclass 729 public String getProperty(String key) { 730 checkInitialized(); 731 return super.getProperty(key); 732 } 733 734 private void checkInitialized() { 735 if (!initialized) { 736 throw new IllegalStateException(); 737 } 738 } 739 740 private void check(String directive) { 741 checkInitialized(); 742 SecurityManager security = System.getSecurityManager(); 743 if (security != null) { 744 security.checkSecurityAccess(directive); 745 } 746 } 747 748 // legacy properties changed since last call to any services method? 749 private transient boolean legacyChanged; 750 // serviceMap changed since last call to getServices() 751 private transient boolean servicesChanged; 752 753 // Map<String,String> 754 private transient Map<String,String> legacyStrings; 755 756 // Map<ServiceKey,Service> 757 // used for services added via putService(), initialized on demand 758 private transient Map<ServiceKey,Service> serviceMap; 759 760 // Map<ServiceKey,Service> 761 // used for services added via legacy methods, init on demand 762 private transient Map<ServiceKey,Service> legacyMap; 763 764 // Set<Service> 765 // Unmodifiable set of all services. Initialized on demand. 766 private transient Set<Service> serviceSet; 767 768 // register the id attributes for this provider 769 // this is to ensure that equals() and hashCode() do not incorrectly 770 // report to different provider objects as the same 771 private void putId() { 772 // note: name and info may be null 773 super.put("Provider.id name", String.valueOf(name)); 774 super.put("Provider.id version", String.valueOf(version)); 775 super.put("Provider.id info", String.valueOf(info)); 776 super.put("Provider.id className", this.getClass().getName()); 777 } 778 779 private void readObject(ObjectInputStream in) 780 throws IOException, ClassNotFoundException { 781 Map<Object,Object> copy = new HashMap<>(); 782 for (Map.Entry<Object,Object> entry : super.entrySet()) { 783 copy.put(entry.getKey(), entry.getValue()); 784 } 785 defaults = null; 786 in.defaultReadObject(); 787 implClear(); 788 initialized = true; 789 putAll(copy); 790 } 791 792 private boolean checkLegacy(Object key) { 793 String keyString = (String)key; 794 if (keyString.startsWith("Provider.")) { 795 return false; 796 } 797 798 legacyChanged = true; 799 if (legacyStrings == null) { 800 legacyStrings = new LinkedHashMap<>(); 801 } 802 return true; 803 } 804 805 /** 806 * Copies all of the mappings from the specified Map to this provider. 807 * Internal method to be called AFTER the security check has been 808 * performed. 809 */ 810 private void implPutAll(Map<?,?> t) { 811 for (Map.Entry<?,?> e : t.entrySet()) { 812 implPut(e.getKey(), e.getValue()); 813 } 814 } 815 816 private Object implRemove(Object key) { 817 if (key instanceof String) { 818 if (!checkLegacy(key)) { 819 return null; 820 } 821 legacyStrings.remove((String)key); 822 } 823 return super.remove(key); 824 } 825 826 private boolean implRemove(Object key, Object value) { 827 if (key instanceof String && value instanceof String) { 828 if (!checkLegacy(key)) { 829 return false; 830 } 831 legacyStrings.remove((String)key, value); 832 } 833 return super.remove(key, value); 834 } 835 836 private boolean implReplace(Object key, Object oldValue, Object newValue) { 837 if ((key instanceof String) && (oldValue instanceof String) && 838 (newValue instanceof String)) { 839 if (!checkLegacy(key)) { 840 return false; 841 } 842 legacyStrings.replace((String)key, (String)oldValue, 843 (String)newValue); 844 } 845 return super.replace(key, oldValue, newValue); 846 } 847 848 private Object implReplace(Object key, Object value) { 849 if ((key instanceof String) && (value instanceof String)) { 850 if (!checkLegacy(key)) { 851 return null; 852 } 853 legacyStrings.replace((String)key, (String)value); 854 } 855 return super.replace(key, value); 856 } 857 858 @SuppressWarnings("unchecked") // Function must actually operate over strings 859 private void implReplaceAll(BiFunction<? super Object, ? super Object, ? extends Object> function) { 860 legacyChanged = true; 861 if (legacyStrings == null) { 862 legacyStrings = new LinkedHashMap<>(); 863 } else { 864 legacyStrings.replaceAll((BiFunction<? super String, ? super String, ? extends String>) function); 865 } 866 super.replaceAll(function); 867 } 868 869 @SuppressWarnings("unchecked") // Function must actually operate over strings 870 private Object implMerge(Object key, Object value, BiFunction<? super Object, ? super Object, ? extends Object> remappingFunction) { 871 if ((key instanceof String) && (value instanceof String)) { 872 if (!checkLegacy(key)) { 873 return null; 874 } 875 legacyStrings.merge((String)key, (String)value, 876 (BiFunction<? super String, ? super String, ? extends String>) remappingFunction); 877 } 878 return super.merge(key, value, remappingFunction); 879 } 880 881 @SuppressWarnings("unchecked") // Function must actually operate over strings 882 private Object implCompute(Object key, BiFunction<? super Object, ? super Object, ? extends Object> remappingFunction) { 883 if (key instanceof String) { 884 if (!checkLegacy(key)) { 885 return null; 886 } 887 legacyStrings.computeIfAbsent((String) key, 888 (Function<? super String, ? extends String>) remappingFunction); 889 } 890 return super.compute(key, remappingFunction); 891 } 892 893 @SuppressWarnings("unchecked") // Function must actually operate over strings 894 private Object implComputeIfAbsent(Object key, Function<? super Object, ? extends Object> mappingFunction) { 895 if (key instanceof String) { 896 if (!checkLegacy(key)) { 897 return null; 898 } 899 legacyStrings.computeIfAbsent((String) key, 900 (Function<? super String, ? extends String>) mappingFunction); 901 } 902 return super.computeIfAbsent(key, mappingFunction); 903 } 904 905 @SuppressWarnings("unchecked") // Function must actually operate over strings 906 private Object implComputeIfPresent(Object key, BiFunction<? super Object, ? super Object, ? extends Object> remappingFunction) { 907 if (key instanceof String) { 908 if (!checkLegacy(key)) { 909 return null; 910 } 911 legacyStrings.computeIfPresent((String) key, 912 (BiFunction<? super String, ? super String, ? extends String>) remappingFunction); 913 } 914 return super.computeIfPresent(key, remappingFunction); 915 } 916 917 private Object implPut(Object key, Object value) { 918 if ((key instanceof String) && (value instanceof String)) { 919 if (!checkLegacy(key)) { 920 return null; 921 } 922 legacyStrings.put((String)key, (String)value); 923 } 924 return super.put(key, value); 925 } 926 927 private Object implPutIfAbsent(Object key, Object value) { 928 if ((key instanceof String) && (value instanceof String)) { 929 if (!checkLegacy(key)) { 930 return null; 931 } 932 legacyStrings.putIfAbsent((String)key, (String)value); 933 } 934 return super.putIfAbsent(key, value); 935 } 936 937 private void implClear() { 938 if (legacyStrings != null) { 939 legacyStrings.clear(); 940 } 941 if (legacyMap != null) { 942 legacyMap.clear(); 943 } 944 if (serviceMap != null) { 945 serviceMap.clear(); 946 } 947 legacyChanged = false; 948 servicesChanged = false; 949 serviceSet = null; 950 super.clear(); 951 putId(); 952 } 953 954 // used as key in the serviceMap and legacyMap HashMaps 955 private static class ServiceKey { 956 private final String type; 957 private final String algorithm; 958 private final String originalAlgorithm; 959 private ServiceKey(String type, String algorithm, boolean intern) { 960 this.type = type; 961 this.originalAlgorithm = algorithm; 962 algorithm = algorithm.toUpperCase(ENGLISH); 963 this.algorithm = intern ? algorithm.intern() : algorithm; 964 } 965 public int hashCode() { 966 return type.hashCode() + algorithm.hashCode(); 967 } 968 public boolean equals(Object obj) { 969 if (this == obj) { 970 return true; 971 } 972 if (obj instanceof ServiceKey == false) { 973 return false; 974 } 975 ServiceKey other = (ServiceKey)obj; 976 return this.type.equals(other.type) 977 && this.algorithm.equals(other.algorithm); 978 } 979 boolean matches(String type, String algorithm) { 980 return (this.type == type) && (this.originalAlgorithm == algorithm); 981 } 982 } 983 984 /** 985 * Ensure all the legacy String properties are fully parsed into 986 * service objects. 987 */ 988 private void ensureLegacyParsed() { 989 if ((legacyChanged == false) || (legacyStrings == null)) { 990 return; 991 } 992 serviceSet = null; 993 if (legacyMap == null) { 994 legacyMap = new LinkedHashMap<>(); 995 } else { 996 legacyMap.clear(); 997 } 998 for (Map.Entry<String,String> entry : legacyStrings.entrySet()) { 999 parseLegacyPut(entry.getKey(), entry.getValue()); 1000 } 1001 removeInvalidServices(legacyMap); 1002 legacyChanged = false; 1003 } 1004 1005 /** 1006 * Remove all invalid services from the Map. Invalid services can only 1007 * occur if the legacy properties are inconsistent or incomplete. 1008 */ 1009 private void removeInvalidServices(Map<ServiceKey,Service> map) { 1010 for (Iterator<Map.Entry<ServiceKey, Service>> t = 1011 map.entrySet().iterator(); t.hasNext(); ) { 1012 Service s = t.next().getValue(); 1013 if (s.isValid() == false) { 1014 t.remove(); 1015 } 1016 } 1017 } 1018 1019 private String[] getTypeAndAlgorithm(String key) { 1020 int i = key.indexOf('.'); 1021 if (i < 1) { 1022 if (debug != null) { 1023 debug.println("Ignoring invalid entry in provider " 1024 + name + ":" + key); 1025 } 1026 return null; 1027 } 1028 String type = key.substring(0, i); 1029 String alg = key.substring(i + 1); 1030 return new String[] {type, alg}; 1031 } 1032 1033 private static final String ALIAS_PREFIX = "Alg.Alias."; 1034 private static final String ALIAS_PREFIX_LOWER = "alg.alias."; 1035 private static final int ALIAS_LENGTH = ALIAS_PREFIX.length(); 1036 1037 private void parseLegacyPut(String name, String value) { 1038 if (name.toLowerCase(ENGLISH).startsWith(ALIAS_PREFIX_LOWER)) { 1039 // e.g. put("Alg.Alias.MessageDigest.SHA", "SHA-1"); 1040 // aliasKey ~ MessageDigest.SHA 1041 String stdAlg = value; 1042 String aliasKey = name.substring(ALIAS_LENGTH); 1043 String[] typeAndAlg = getTypeAndAlgorithm(aliasKey); 1044 if (typeAndAlg == null) { 1045 return; 1046 } 1047 String type = getEngineName(typeAndAlg[0]); 1048 String aliasAlg = typeAndAlg[1].intern(); 1049 ServiceKey key = new ServiceKey(type, stdAlg, true); 1050 Service s = legacyMap.get(key); 1051 if (s == null) { 1052 s = new Service(this); 1053 s.type = type; 1054 s.algorithm = stdAlg; 1055 legacyMap.put(key, s); 1056 } 1057 legacyMap.put(new ServiceKey(type, aliasAlg, true), s); 1058 s.addAlias(aliasAlg); 1059 } else { 1060 String[] typeAndAlg = getTypeAndAlgorithm(name); 1061 if (typeAndAlg == null) { 1062 return; 1063 } 1064 int i = typeAndAlg[1].indexOf(' '); 1065 if (i == -1) { 1066 // e.g. put("MessageDigest.SHA-1", "sun.security.provider.SHA"); 1067 String type = getEngineName(typeAndAlg[0]); 1068 String stdAlg = typeAndAlg[1].intern(); 1069 String className = value; 1070 ServiceKey key = new ServiceKey(type, stdAlg, true); 1071 Service s = legacyMap.get(key); 1072 if (s == null) { 1073 s = new Service(this); 1074 s.type = type; 1075 s.algorithm = stdAlg; 1076 legacyMap.put(key, s); 1077 } 1078 s.className = className; 1079 } else { // attribute 1080 // e.g. put("MessageDigest.SHA-1 ImplementedIn", "Software"); 1081 String attributeValue = value; 1082 String type = getEngineName(typeAndAlg[0]); 1083 String attributeString = typeAndAlg[1]; 1084 String stdAlg = attributeString.substring(0, i).intern(); 1085 String attributeName = attributeString.substring(i + 1); 1086 // kill additional spaces 1087 while (attributeName.startsWith(" ")) { 1088 attributeName = attributeName.substring(1); 1089 } 1090 attributeName = attributeName.intern(); 1091 ServiceKey key = new ServiceKey(type, stdAlg, true); 1092 Service s = legacyMap.get(key); 1093 if (s == null) { 1094 s = new Service(this); 1095 s.type = type; 1096 s.algorithm = stdAlg; 1097 legacyMap.put(key, s); 1098 } 1099 s.addAttribute(attributeName, attributeValue); 1100 } 1101 } 1102 } 1103 1104 /** 1105 * Get the service describing this Provider's implementation of the 1106 * specified type of this algorithm or alias. If no such 1107 * implementation exists, this method returns null. If there are two 1108 * matching services, one added to this provider using 1109 * {@link #putService putService()} and one added via {@link #put put()}, 1110 * the service added via {@link #putService putService()} is returned. 1111 * 1112 * @param type the type of {@link Service service} requested 1113 * (for example, {@code MessageDigest}) 1114 * @param algorithm the case insensitive algorithm name (or alternate 1115 * alias) of the service requested (for example, {@code SHA-1}) 1116 * 1117 * @return the service describing this Provider's matching service 1118 * or null if no such service exists 1119 * 1120 * @throws NullPointerException if type or algorithm is null 1121 * 1122 * @since 1.5 1123 */ 1124 public synchronized Service getService(String type, String algorithm) { 1125 checkInitialized(); 1126 // avoid allocating a new key object if possible 1127 ServiceKey key = previousKey; 1128 if (key.matches(type, algorithm) == false) { 1129 key = new ServiceKey(type, algorithm, false); 1130 previousKey = key; 1131 } 1132 if (serviceMap != null) { 1133 Service service = serviceMap.get(key); 1134 if (service != null) { 1135 return service; 1136 } 1137 } 1138 ensureLegacyParsed(); 1139 return (legacyMap != null) ? legacyMap.get(key) : null; 1140 } 1141 1142 // ServiceKey from previous getService() call 1143 // by re-using it if possible we avoid allocating a new object 1144 // and the toUpperCase() call. 1145 // re-use will occur e.g. as the framework traverses the provider 1146 // list and queries each provider with the same values until it finds 1147 // a matching service 1148 private static volatile ServiceKey previousKey = 1149 new ServiceKey("", "", false); 1150 1151 /** 1152 * Get an unmodifiable Set of all services supported by 1153 * this Provider. 1154 * 1155 * @return an unmodifiable Set of all services supported by 1156 * this Provider 1157 * 1158 * @since 1.5 1159 */ 1160 public synchronized Set<Service> getServices() { 1161 checkInitialized(); 1162 if (legacyChanged || servicesChanged) { 1163 serviceSet = null; 1164 } 1165 if (serviceSet == null) { 1166 ensureLegacyParsed(); 1167 Set<Service> set = new LinkedHashSet<>(); 1168 if (serviceMap != null) { 1169 set.addAll(serviceMap.values()); 1170 } 1171 if (legacyMap != null) { 1172 set.addAll(legacyMap.values()); 1173 } 1174 serviceSet = Collections.unmodifiableSet(set); 1175 servicesChanged = false; 1176 } 1177 return serviceSet; 1178 } 1179 1180 /** 1181 * Add a service. If a service of the same type with the same algorithm 1182 * name exists and it was added using {@link #putService putService()}, 1183 * it is replaced by the new service. 1184 * This method also places information about this service 1185 * in the provider's Hashtable values in the format described in the 1186 * <a href="../../../technotes/guides/security/crypto/CryptoSpec.html"> 1187 * Java Cryptography Architecture API Specification & Reference </a>. 1188 * 1189 * <p>Also, if there is a security manager, its 1190 * {@code checkSecurityAccess} method is called with the string 1191 * {@code "putProviderProperty."+name}, where {@code name} is 1192 * the provider name, to see if it's ok to set this provider's property 1193 * values. If the default implementation of {@code checkSecurityAccess} 1194 * is used (that is, that method is not overriden), then this results in 1195 * a call to the security manager's {@code checkPermission} method with 1196 * a {@code SecurityPermission("putProviderProperty."+name)} 1197 * permission. 1198 * 1199 * @param s the Service to add 1200 * 1201 * @throws SecurityException 1202 * if a security manager exists and its {@link 1203 * java.lang.SecurityManager#checkSecurityAccess} method denies 1204 * access to set property values. 1205 * @throws NullPointerException if s is null 1206 * 1207 * @since 1.5 1208 */ 1209 protected synchronized void putService(Service s) { 1210 check("putProviderProperty." + name); 1211 if (debug != null) { 1212 debug.println(name + ".putService(): " + s); 1213 } 1214 if (s == null) { 1215 throw new NullPointerException(); 1216 } 1217 if (s.getProvider() != this) { 1218 throw new IllegalArgumentException 1219 ("service.getProvider() must match this Provider object"); 1220 } 1221 if (serviceMap == null) { 1222 serviceMap = new LinkedHashMap<>(); 1223 } 1224 servicesChanged = true; 1225 String type = s.getType(); 1226 String algorithm = s.getAlgorithm(); 1227 ServiceKey key = new ServiceKey(type, algorithm, true); 1228 // remove existing service 1229 implRemoveService(serviceMap.get(key)); 1230 serviceMap.put(key, s); 1231 for (String alias : s.getAliases()) { 1232 serviceMap.put(new ServiceKey(type, alias, true), s); 1233 } 1234 putPropertyStrings(s); 1235 } 1236 1237 /** 1238 * Put the string properties for this Service in this Provider's 1239 * Hashtable. 1240 */ 1241 private void putPropertyStrings(Service s) { 1242 String type = s.getType(); 1243 String algorithm = s.getAlgorithm(); 1244 // use super() to avoid permission check and other processing 1245 super.put(type + "." + algorithm, s.getClassName()); 1246 for (String alias : s.getAliases()) { 1247 super.put(ALIAS_PREFIX + type + "." + alias, algorithm); 1248 } 1249 for (Map.Entry<UString,String> entry : s.attributes.entrySet()) { 1250 String key = type + "." + algorithm + " " + entry.getKey(); 1251 super.put(key, entry.getValue()); 1252 } 1253 } 1254 1255 /** 1256 * Remove the string properties for this Service from this Provider's 1257 * Hashtable. 1258 */ 1259 private void removePropertyStrings(Service s) { 1260 String type = s.getType(); 1261 String algorithm = s.getAlgorithm(); 1262 // use super() to avoid permission check and other processing 1263 super.remove(type + "." + algorithm); 1264 for (String alias : s.getAliases()) { 1265 super.remove(ALIAS_PREFIX + type + "." + alias); 1266 } 1267 for (Map.Entry<UString,String> entry : s.attributes.entrySet()) { 1268 String key = type + "." + algorithm + " " + entry.getKey(); 1269 super.remove(key); 1270 } 1271 } 1272 1273 /** 1274 * Remove a service previously added using 1275 * {@link #putService putService()}. The specified service is removed from 1276 * this provider. It will no longer be returned by 1277 * {@link #getService getService()} and its information will be removed 1278 * from this provider's Hashtable. 1279 * 1280 * <p>Also, if there is a security manager, its 1281 * {@code checkSecurityAccess} method is called with the string 1282 * {@code "removeProviderProperty."+name}, where {@code name} is 1283 * the provider name, to see if it's ok to remove this provider's 1284 * properties. If the default implementation of 1285 * {@code checkSecurityAccess} is used (that is, that method is not 1286 * overriden), then this results in a call to the security manager's 1287 * {@code checkPermission} method with a 1288 * {@code SecurityPermission("removeProviderProperty."+name)} 1289 * permission. 1290 * 1291 * @param s the Service to be removed 1292 * 1293 * @throws SecurityException 1294 * if a security manager exists and its {@link 1295 * java.lang.SecurityManager#checkSecurityAccess} method denies 1296 * access to remove this provider's properties. 1297 * @throws NullPointerException if s is null 1298 * 1299 * @since 1.5 1300 */ 1301 protected synchronized void removeService(Service s) { 1302 check("removeProviderProperty." + name); 1303 if (debug != null) { 1304 debug.println(name + ".removeService(): " + s); 1305 } 1306 if (s == null) { 1307 throw new NullPointerException(); 1308 } 1309 implRemoveService(s); 1310 } 1311 1312 private void implRemoveService(Service s) { 1313 if ((s == null) || (serviceMap == null)) { 1314 return; 1315 } 1316 String type = s.getType(); 1317 String algorithm = s.getAlgorithm(); 1318 ServiceKey key = new ServiceKey(type, algorithm, false); 1319 Service oldService = serviceMap.get(key); 1320 if (s != oldService) { 1321 return; 1322 } 1323 servicesChanged = true; 1324 serviceMap.remove(key); 1325 for (String alias : s.getAliases()) { 1326 serviceMap.remove(new ServiceKey(type, alias, false)); 1327 } 1328 removePropertyStrings(s); 1329 } 1330 1331 // Wrapped String that behaves in a case insensitive way for equals/hashCode 1332 private static class UString { 1333 final String string; 1334 final String lowerString; 1335 1336 UString(String s) { 1337 this.string = s; 1338 this.lowerString = s.toLowerCase(ENGLISH); 1339 } 1340 1341 public int hashCode() { 1342 return lowerString.hashCode(); 1343 } 1344 1345 public boolean equals(Object obj) { 1346 if (this == obj) { 1347 return true; 1348 } 1349 if (obj instanceof UString == false) { 1350 return false; 1351 } 1352 UString other = (UString)obj; 1353 return lowerString.equals(other.lowerString); 1354 } 1355 1356 public String toString() { 1357 return string; 1358 } 1359 } 1360 1361 // describe relevant properties of a type of engine 1362 private static class EngineDescription { 1363 final String name; 1364 final boolean supportsParameter; 1365 final String constructorParameterClassName; 1366 private volatile Class<?> constructorParameterClass; 1367 1368 EngineDescription(String name, boolean sp, String paramName) { 1369 this.name = name; 1370 this.supportsParameter = sp; 1371 this.constructorParameterClassName = paramName; 1372 } 1373 Class<?> getConstructorParameterClass() throws ClassNotFoundException { 1374 Class<?> clazz = constructorParameterClass; 1375 if (clazz == null) { 1376 clazz = Class.forName(constructorParameterClassName); 1377 constructorParameterClass = clazz; 1378 } 1379 return clazz; 1380 } 1381 } 1382 1383 // built in knowledge of the engine types shipped as part of the JDK 1384 private static final Map<String,EngineDescription> knownEngines; 1385 1386 private static void addEngine(String name, boolean sp, String paramName) { 1387 EngineDescription ed = new EngineDescription(name, sp, paramName); 1388 // also index by canonical name to avoid toLowerCase() for some lookups 1389 knownEngines.put(name.toLowerCase(ENGLISH), ed); 1390 knownEngines.put(name, ed); 1391 } 1392 1393 static { 1394 knownEngines = new HashMap<>(); 1395 // JCA 1396 addEngine("AlgorithmParameterGenerator", false, null); 1397 addEngine("AlgorithmParameters", false, null); 1398 addEngine("KeyFactory", false, null); 1399 addEngine("KeyPairGenerator", false, null); 1400 addEngine("KeyStore", false, null); 1401 addEngine("MessageDigest", false, null); 1402 addEngine("SecureRandom", false, 1403 "java.security.SecureRandomInstantiateParameters"); 1404 addEngine("Signature", true, null); 1405 addEngine("CertificateFactory", false, null); 1406 addEngine("CertPathBuilder", false, null); 1407 addEngine("CertPathValidator", false, null); 1408 addEngine("CertStore", false, 1409 "java.security.cert.CertStoreParameters"); 1410 // JCE 1411 addEngine("Cipher", true, null); 1412 addEngine("ExemptionMechanism", false, null); 1413 addEngine("Mac", true, null); 1414 addEngine("KeyAgreement", true, null); 1415 addEngine("KeyGenerator", false, null); 1416 addEngine("SecretKeyFactory", false, null); 1417 // JSSE 1418 addEngine("KeyManagerFactory", false, null); 1419 addEngine("SSLContext", false, null); 1420 addEngine("TrustManagerFactory", false, null); 1421 // JGSS 1422 addEngine("GssApiMechanism", false, null); 1423 // SASL 1424 addEngine("SaslClientFactory", false, null); 1425 addEngine("SaslServerFactory", false, null); 1426 // POLICY 1427 addEngine("Policy", false, 1428 "java.security.Policy$Parameters"); 1429 // CONFIGURATION 1430 addEngine("Configuration", false, 1431 "javax.security.auth.login.Configuration$Parameters"); 1432 // XML DSig 1433 addEngine("XMLSignatureFactory", false, null); 1434 addEngine("KeyInfoFactory", false, null); 1435 addEngine("TransformService", false, null); 1436 // Smart Card I/O 1437 addEngine("TerminalFactory", false, 1438 "java.lang.Object"); 1439 } 1440 1441 // get the "standard" (mixed-case) engine name for arbitary case engine name 1442 // if there is no known engine by that name, return s 1443 private static String getEngineName(String s) { 1444 // try original case first, usually correct 1445 EngineDescription e = knownEngines.get(s); 1446 if (e == null) { 1447 e = knownEngines.get(s.toLowerCase(ENGLISH)); 1448 } 1449 return (e == null) ? s : e.name; 1450 } 1451 1452 /** 1453 * The description of a security service. It encapsulates the properties 1454 * of a service and contains a factory method to obtain new implementation 1455 * instances of this service. 1456 * 1457 * <p>Each service has a provider that offers the service, a type, 1458 * an algorithm name, and the name of the class that implements the 1459 * service. Optionally, it also includes a list of alternate algorithm 1460 * names for this service (aliases) and attributes, which are a map of 1461 * (name, value) String pairs. 1462 * 1463 * <p>This class defines the methods {@link #supportsParameter 1464 * supportsParameter()} and {@link #newInstance newInstance()} 1465 * which are used by the Java security framework when it searches for 1466 * suitable services and instantiates them. The valid arguments to those 1467 * methods depend on the type of service. For the service types defined 1468 * within Java SE, see the 1469 * <a href="../../../technotes/guides/security/crypto/CryptoSpec.html"> 1470 * Java Cryptography Architecture API Specification & Reference </a> 1471 * for the valid values. 1472 * Note that components outside of Java SE can define additional types of 1473 * services and their behavior. 1474 * 1475 * <p>Instances of this class are immutable. 1476 * 1477 * @since 1.5 1478 */ 1479 public static class Service { 1480 1481 private String type, algorithm, className; 1482 private final Provider provider; 1483 private List<String> aliases; 1484 private Map<UString,String> attributes; 1485 1486 // Reference to the cached implementation Class object 1487 private volatile Reference<Class<?>> classRef; 1488 1489 // flag indicating whether this service has its attributes for 1490 // supportedKeyFormats or supportedKeyClasses set 1491 // if null, the values have not been initialized 1492 // if TRUE, at least one of supportedFormats/Classes is non null 1493 private volatile Boolean hasKeyAttributes; 1494 1495 // supported encoding formats 1496 private String[] supportedFormats; 1497 1498 // names of the supported key (super) classes 1499 private Class<?>[] supportedClasses; 1500 1501 // whether this service has been registered with the Provider 1502 private boolean registered; 1503 1504 private static final Class<?>[] CLASS0 = new Class<?>[0]; 1505 1506 // this constructor and these methods are used for parsing 1507 // the legacy string properties. 1508 1509 private Service(Provider provider) { 1510 this.provider = provider; 1511 aliases = Collections.<String>emptyList(); 1512 attributes = Collections.<UString,String>emptyMap(); 1513 } 1514 1515 private boolean isValid() { 1516 return (type != null) && (algorithm != null) && (className != null); 1517 } 1518 1519 private void addAlias(String alias) { 1520 if (aliases.isEmpty()) { 1521 aliases = new ArrayList<>(2); 1522 } 1523 aliases.add(alias); 1524 } 1525 1526 void addAttribute(String type, String value) { 1527 if (attributes.isEmpty()) { 1528 attributes = new HashMap<>(8); 1529 } 1530 attributes.put(new UString(type), value); 1531 } 1532 1533 /** 1534 * Construct a new service. 1535 * 1536 * @param provider the provider that offers this service 1537 * @param type the type of this service 1538 * @param algorithm the algorithm name 1539 * @param className the name of the class implementing this service 1540 * @param aliases List of aliases or null if algorithm has no aliases 1541 * @param attributes Map of attributes or null if this implementation 1542 * has no attributes 1543 * 1544 * @throws NullPointerException if provider, type, algorithm, or 1545 * className is null 1546 */ 1547 public Service(Provider provider, String type, String algorithm, 1548 String className, List<String> aliases, 1549 Map<String,String> attributes) { 1550 if ((provider == null) || (type == null) || 1551 (algorithm == null) || (className == null)) { 1552 throw new NullPointerException(); 1553 } 1554 this.provider = provider; 1555 this.type = getEngineName(type); 1556 this.algorithm = algorithm; 1557 this.className = className; 1558 if (aliases == null) { 1559 this.aliases = Collections.<String>emptyList(); 1560 } else { 1561 this.aliases = new ArrayList<>(aliases); 1562 } 1563 if (attributes == null) { 1564 this.attributes = Collections.<UString,String>emptyMap(); 1565 } else { 1566 this.attributes = new HashMap<>(); 1567 for (Map.Entry<String,String> entry : attributes.entrySet()) { 1568 this.attributes.put(new UString(entry.getKey()), entry.getValue()); 1569 } 1570 } 1571 } 1572 1573 /** 1574 * Get the type of this service. For example, {@code MessageDigest}. 1575 * 1576 * @return the type of this service 1577 */ 1578 public final String getType() { 1579 return type; 1580 } 1581 1582 /** 1583 * Return the name of the algorithm of this service. For example, 1584 * {@code SHA-1}. 1585 * 1586 * @return the algorithm of this service 1587 */ 1588 public final String getAlgorithm() { 1589 return algorithm; 1590 } 1591 1592 /** 1593 * Return the Provider of this service. 1594 * 1595 * @return the Provider of this service 1596 */ 1597 public final Provider getProvider() { 1598 return provider; 1599 } 1600 1601 /** 1602 * Return the name of the class implementing this service. 1603 * 1604 * @return the name of the class implementing this service 1605 */ 1606 public final String getClassName() { 1607 return className; 1608 } 1609 1610 // internal only 1611 private final List<String> getAliases() { 1612 return aliases; 1613 } 1614 1615 /** 1616 * Return the value of the specified attribute or null if this 1617 * attribute is not set for this Service. 1618 * 1619 * @param name the name of the requested attribute 1620 * 1621 * @return the value of the specified attribute or null if the 1622 * attribute is not present 1623 * 1624 * @throws NullPointerException if name is null 1625 */ 1626 public final String getAttribute(String name) { 1627 if (name == null) { 1628 throw new NullPointerException(); 1629 } 1630 return attributes.get(new UString(name)); 1631 } 1632 1633 /** 1634 * Return a new instance of the implementation described by this 1635 * service. The security provider framework uses this method to 1636 * construct implementations. Applications will typically not need 1637 * to call it. 1638 * 1639 * <p>The default implementation uses reflection to invoke the 1640 * standard constructor for this type of service. 1641 * Security providers can override this method to implement 1642 * instantiation in a different way. 1643 * For details and the values of constructorParameter that are 1644 * valid for the various types of services see the 1645 * <a href="../../../technotes/guides/security/crypto/CryptoSpec.html"> 1646 * Java Cryptography Architecture API Specification & 1647 * Reference</a>. 1648 * 1649 * @param constructorParameter the value to pass to the constructor, 1650 * or null if this type of service does not use a constructorParameter. 1651 * 1652 * @return a new implementation of this service 1653 * 1654 * @throws InvalidParameterException if the value of 1655 * constructorParameter is invalid for this type of service. 1656 * @throws NoSuchAlgorithmException if instantiation failed for 1657 * any other reason. 1658 */ 1659 public Object newInstance(Object constructorParameter) 1660 throws NoSuchAlgorithmException { 1661 if (registered == false) { 1662 if (provider.getService(type, algorithm) != this) { 1663 throw new NoSuchAlgorithmException 1664 ("Service not registered with Provider " 1665 + provider.getName() + ": " + this); 1666 } 1667 registered = true; 1668 } 1669 Class<?> ctrParamClz; 1670 try { 1671 EngineDescription cap = knownEngines.get(type); 1672 if (cap == null) { 1673 // unknown engine type, use generic code 1674 // this is the code path future for non-core 1675 // optional packages 1676 ctrParamClz = constructorParameter == null? 1677 null : constructorParameter.getClass(); 1678 } else { 1679 ctrParamClz = cap.constructorParameterClassName == null? 1680 null : Class.forName(cap.constructorParameterClassName); 1681 if (constructorParameter != null) { 1682 if (ctrParamClz == null) { 1683 throw new InvalidParameterException 1684 ("constructorParameter not used with " + type 1685 + " engines"); 1686 } else { 1687 Class<?> argClass = constructorParameter.getClass(); 1688 if (ctrParamClz.isAssignableFrom(argClass) == false) { 1689 throw new InvalidParameterException 1690 ("constructorParameter must be instanceof " 1691 + cap.constructorParameterClassName.replace('$', '.') 1692 + " for engine type " + type); 1693 } 1694 } 1695 } 1696 } 1697 // constructorParameter can be null if not provided 1698 return newInstanceUtil(getImplClass(), ctrParamClz, constructorParameter); 1699 } catch (NoSuchAlgorithmException e) { 1700 throw e; 1701 } catch (InvocationTargetException e) { 1702 throw new NoSuchAlgorithmException 1703 ("Error constructing implementation (algorithm: " 1704 + algorithm + ", provider: " + provider.getName() 1705 + ", class: " + className + ")", e.getCause()); 1706 } catch (Exception e) { 1707 throw new NoSuchAlgorithmException 1708 ("Error constructing implementation (algorithm: " 1709 + algorithm + ", provider: " + provider.getName() 1710 + ", class: " + className + ")", e); 1711 } 1712 } 1713 1714 // return the implementation Class object for this service 1715 private Class<?> getImplClass() throws NoSuchAlgorithmException { 1716 try { 1717 Reference<Class<?>> ref = classRef; 1718 Class<?> clazz = (ref == null) ? null : ref.get(); 1719 if (clazz == null) { 1720 ClassLoader cl = provider.getClass().getClassLoader(); 1721 if (cl == null) { 1722 clazz = Class.forName(className); 1723 } else { 1724 clazz = cl.loadClass(className); 1725 } 1726 if (!Modifier.isPublic(clazz.getModifiers())) { 1727 throw new NoSuchAlgorithmException 1728 ("class configured for " + type + " (provider: " + 1729 provider.getName() + ") is not public."); 1730 } 1731 classRef = new WeakReference<>(clazz); 1732 } 1733 return clazz; 1734 } catch (ClassNotFoundException e) { 1735 throw new NoSuchAlgorithmException 1736 ("class configured for " + type + " (provider: " + 1737 provider.getName() + ") cannot be found.", e); 1738 } 1739 } 1740 1741 /** 1742 * Test whether this Service can use the specified parameter. 1743 * Returns false if this service cannot use the parameter. Returns 1744 * true if this service can use the parameter, if a fast test is 1745 * infeasible, or if the status is unknown. 1746 * 1747 * <p>The security provider framework uses this method with 1748 * some types of services to quickly exclude non-matching 1749 * implementations for consideration. 1750 * Applications will typically not need to call it. 1751 * 1752 * <p>For details and the values of parameter that are valid for the 1753 * various types of services see the top of this class and the 1754 * <a href="../../../technotes/guides/security/crypto/CryptoSpec.html"> 1755 * Java Cryptography Architecture API Specification & 1756 * Reference</a>. 1757 * Security providers can override it to implement their own test. 1758 * 1759 * @param parameter the parameter to test 1760 * 1761 * @return false if this service cannot use the specified 1762 * parameter; true if it can possibly use the parameter 1763 * 1764 * @throws InvalidParameterException if the value of parameter is 1765 * invalid for this type of service or if this method cannot be 1766 * used with this type of service 1767 */ 1768 public boolean supportsParameter(Object parameter) { 1769 EngineDescription cap = knownEngines.get(type); 1770 if (cap == null) { 1771 // unknown engine type, return true by default 1772 return true; 1773 } 1774 if (cap.supportsParameter == false) { 1775 throw new InvalidParameterException("supportsParameter() not " 1776 + "used with " + type + " engines"); 1777 } 1778 // allow null for keys without attributes for compatibility 1779 if ((parameter != null) && (parameter instanceof Key == false)) { 1780 throw new InvalidParameterException 1781 ("Parameter must be instanceof Key for engine " + type); 1782 } 1783 if (hasKeyAttributes() == false) { 1784 return true; 1785 } 1786 if (parameter == null) { 1787 return false; 1788 } 1789 Key key = (Key)parameter; 1790 if (supportsKeyFormat(key)) { 1791 return true; 1792 } 1793 if (supportsKeyClass(key)) { 1794 return true; 1795 } 1796 return false; 1797 } 1798 1799 /** 1800 * Return whether this service has its Supported* properties for 1801 * keys defined. Parses the attributes if not yet initialized. 1802 */ 1803 private boolean hasKeyAttributes() { 1804 Boolean b = hasKeyAttributes; 1805 if (b == null) { 1806 synchronized (this) { 1807 String s; 1808 s = getAttribute("SupportedKeyFormats"); 1809 if (s != null) { 1810 supportedFormats = s.split("\\|"); 1811 } 1812 s = getAttribute("SupportedKeyClasses"); 1813 if (s != null) { 1814 String[] classNames = s.split("\\|"); 1815 List<Class<?>> classList = 1816 new ArrayList<>(classNames.length); 1817 for (String className : classNames) { 1818 Class<?> clazz = getKeyClass(className); 1819 if (clazz != null) { 1820 classList.add(clazz); 1821 } 1822 } 1823 supportedClasses = classList.toArray(CLASS0); 1824 } 1825 boolean bool = (supportedFormats != null) 1826 || (supportedClasses != null); 1827 b = Boolean.valueOf(bool); 1828 hasKeyAttributes = b; 1829 } 1830 } 1831 return b.booleanValue(); 1832 } 1833 1834 // get the key class object of the specified name 1835 private Class<?> getKeyClass(String name) { 1836 try { 1837 return Class.forName(name); 1838 } catch (ClassNotFoundException e) { 1839 // ignore 1840 } 1841 try { 1842 ClassLoader cl = provider.getClass().getClassLoader(); 1843 if (cl != null) { 1844 return cl.loadClass(name); 1845 } 1846 } catch (ClassNotFoundException e) { 1847 // ignore 1848 } 1849 return null; 1850 } 1851 1852 private boolean supportsKeyFormat(Key key) { 1853 if (supportedFormats == null) { 1854 return false; 1855 } 1856 String format = key.getFormat(); 1857 if (format == null) { 1858 return false; 1859 } 1860 for (String supportedFormat : supportedFormats) { 1861 if (supportedFormat.equals(format)) { 1862 return true; 1863 } 1864 } 1865 return false; 1866 } 1867 1868 private boolean supportsKeyClass(Key key) { 1869 if (supportedClasses == null) { 1870 return false; 1871 } 1872 Class<?> keyClass = key.getClass(); 1873 for (Class<?> clazz : supportedClasses) { 1874 if (clazz.isAssignableFrom(keyClass)) { 1875 return true; 1876 } 1877 } 1878 return false; 1879 } 1880 1881 /** 1882 * Return a String representation of this service. 1883 * 1884 * @return a String representation of this service. 1885 */ 1886 public String toString() { 1887 String aString = aliases.isEmpty() 1888 ? "" : "\r\n aliases: " + aliases.toString(); 1889 String attrs = attributes.isEmpty() 1890 ? "" : "\r\n attributes: " + attributes.toString(); 1891 return provider.getName() + ": " + type + "." + algorithm 1892 + " -> " + className + aString + attrs + "\r\n"; 1893 } 1894 1895 } 1896 1897 }