1 /*
2 * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import java.io.*;
29 import java.net.*;
30 import java.util.Map;
31 import java.security.*;
32
33 /**
34 * Defines the entries of the SUN provider.
35 *
36 * Algorithms supported, and their names:
37 *
38 * - SHA is the message digest scheme described in FIPS 180-1.
39 * Aliases for SHA are SHA-1 and SHA1.
40 *
41 * - SHA1withDSA is the signature scheme described in FIPS 186.
42 * (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.)
43 * Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA,
44 * SHAwithDSA, DSAWithSHA1, and the object
45 * identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and
46 * "OID.1.2.840.10040.4.3".
47 *
48 * - SHA-2 is a set of message digest schemes described in FIPS 180-2.
49 * SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384,
50 * and SHA-512.
51 *
52 * - SHA-224withDSA/SHA-256withDSA are the signature schemes
53 * described in FIPS 186-3. The associated object identifiers are
54 * "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2".
55
56 * - DSA is the key generation scheme as described in FIPS 186.
57 * Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"
58 * and "OID.1.2.840.10040.4.1".
59 *
60 * - MD5 is the message digest scheme described in RFC 1321.
61 * There are no aliases for MD5.
62 *
63 * - X.509 is the certificate factory type for X.509 certificates
64 * and CRLs. Aliases for X.509 are X509.
65 *
66 * - PKIX is the certification path validation algorithm described
67 * in RFC 5280. The ValidationAlgorithm attribute notes the
68 * specification that this provider implements.
69 *
70 * - JavaPolicy is the default file-based Policy type.
71 *
72 * - JavaLoginConfig is the default file-based LoginModule Configuration type.
73 */
74
75 final class SunEntries {
76
77 private SunEntries() {
78 // empty
79 }
80
81 static void putEntries(Map<Object, Object> map) {
82
83 /*
84 * SecureRandom
85 *
86 * Register these first to speed up "new SecureRandom()",
87 * which iterates through the list of algorithms
88 */
89 // register the native PRNG, if available
90 // if user selected /dev/urandom, we put it before SHA1PRNG,
91 // otherwise after it
92 boolean nativeAvailable = NativePRNG.isAvailable();
93 boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) ||
94 seedSource.equals(URL_DEV_RANDOM);
95
96 if (nativeAvailable && useNativePRNG) {
97 map.put("SecureRandom.NativePRNG",
98 "sun.security.provider.NativePRNG");
99 }
100
101 map.put("SecureRandom.DRBG", "sun.security.provider.DRBG");
102
103 map.put("SecureRandom.SHA1PRNG",
104 "sun.security.provider.SecureRandom");
105 if (nativeAvailable && !useNativePRNG) {
106 map.put("SecureRandom.NativePRNG",
107 "sun.security.provider.NativePRNG");
108 }
109
110 if (NativePRNG.Blocking.isAvailable()) {
111 map.put("SecureRandom.NativePRNGBlocking",
112 "sun.security.provider.NativePRNG$Blocking");
113 }
114
115 if (NativePRNG.NonBlocking.isAvailable()) {
116 map.put("SecureRandom.NativePRNGNonBlocking",
117 "sun.security.provider.NativePRNG$NonBlocking");
118 }
119
120 /*
121 * Signature engines
122 */
123 map.put("Signature.SHA1withDSA",
124 "sun.security.provider.DSA$SHA1withDSA");
125 map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA");
126 map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA");
127 map.put("Signature.SHA224withDSA",
128 "sun.security.provider.DSA$SHA224withDSA");
129 map.put("Signature.SHA256withDSA",
130 "sun.security.provider.DSA$SHA256withDSA");
131
132 map.put("Signature.SHA1withDSAinP1363Format",
133 "sun.security.provider.DSA$SHA1withDSAinP1363Format");
134 map.put("Signature.NONEwithDSAinP1363Format",
135 "sun.security.provider.DSA$RawDSAinP1363Format");
136 map.put("Signature.SHA224withDSAinP1363Format",
137 "sun.security.provider.DSA$SHA224withDSAinP1363Format");
138 map.put("Signature.SHA256withDSAinP1363Format",
139 "sun.security.provider.DSA$SHA256withDSAinP1363Format");
140
141 String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
142 "|java.security.interfaces.DSAPrivateKey";
143 map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses);
144 map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses);
145 map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses);
146 map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses);
147
148 map.put("Alg.Alias.Signature.DSA", "SHA1withDSA");
149 map.put("Alg.Alias.Signature.DSS", "SHA1withDSA");
150 map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
151 map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
152 map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
153 map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
154 map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
155 map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3",
156 "SHA1withDSA");
157 map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
158 map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");
159 map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");
160 map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1",
161 "SHA224withDSA");
162 map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA");
163 map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2",
164 "SHA256withDSA");
165 map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA");
166
167 /*
168 * Key Pair Generator engines
169 */
170 map.put("KeyPairGenerator.DSA",
171 "sun.security.provider.DSAKeyPairGenerator");
172 map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
173 map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
174 map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
175
176 /*
177 * Digest engines
178 */
179 map.put("MessageDigest.MD2", "sun.security.provider.MD2");
180 map.put("MessageDigest.MD5", "sun.security.provider.MD5");
181 map.put("MessageDigest.SHA", "sun.security.provider.SHA");
182
183 map.put("Alg.Alias.MessageDigest.SHA-1", "SHA");
184 map.put("Alg.Alias.MessageDigest.SHA1", "SHA");
185 map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA");
186 map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA");
187
188 map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224");
189 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224");
190 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4",
191 "SHA-224");
192
193 map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256");
194 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256");
195 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1",
196 "SHA-256");
197 map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384");
198 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384");
199 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2",
200 "SHA-384");
201 map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512");
202 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512");
203 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3",
204 "SHA-512");
205 map.put("MessageDigest.SHA-512/224", "sun.security.provider.SHA5$SHA512_224");
206 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224");
207 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5",
208 "SHA-512/224");
209 map.put("MessageDigest.SHA-512/256", "sun.security.provider.SHA5$SHA512_256");
210 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256");
211 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6",
212 "SHA-512/256");
213
214 /*
215 * Algorithm Parameter Generator engines
216 */
217 map.put("AlgorithmParameterGenerator.DSA",
218 "sun.security.provider.DSAParameterGenerator");
219
220 /*
221 * Algorithm Parameter engines
222 */
223 map.put("AlgorithmParameters.DSA",
224 "sun.security.provider.DSAParameters");
225 map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA");
226 map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA");
227 map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA");
228
229 /*
230 * Key factories
231 */
232 map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory");
233 map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA");
234 map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
235 map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");
236
237 /*
238 * Certificates
239 */
240 map.put("CertificateFactory.X.509",
241 "sun.security.provider.X509Factory");
242 map.put("Alg.Alias.CertificateFactory.X509", "X.509");
243
244 /*
245 * KeyStore
246 */
247 map.put("KeyStore.PKCS12",
248 "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12");
249 map.put("KeyStore.JKS",
250 "sun.security.provider.JavaKeyStore$DualFormatJKS");
251 map.put("KeyStore.CaseExactJKS",
252 "sun.security.provider.JavaKeyStore$CaseExactJKS");
253 map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS");
254
255 /*
256 * Policy
257 */
258 map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile");
259
260 /*
261 * Configuration
262 */
263 map.put("Configuration.JavaLoginConfig",
264 "sun.security.provider.ConfigFile$Spi");
265
266 /*
267 * CertPathBuilder
268 */
269 map.put("CertPathBuilder.PKIX",
270 "sun.security.provider.certpath.SunCertPathBuilder");
271 map.put("CertPathBuilder.PKIX ValidationAlgorithm",
272 "RFC5280");
273
274 /*
275 * CertPathValidator
276 */
277 map.put("CertPathValidator.PKIX",
278 "sun.security.provider.certpath.PKIXCertPathValidator");
279 map.put("CertPathValidator.PKIX ValidationAlgorithm",
280 "RFC5280");
281
282 /*
283 * CertStores
284 */
285 map.put("CertStore.Collection",
286 "sun.security.provider.certpath.CollectionCertStore");
287 map.put("CertStore.com.sun.security.IndexedCollection",
288 "sun.security.provider.certpath.IndexedCollectionCertStore");
289
290 /*
291 * KeySize
292 */
293 map.put("Signature.NONEwithDSA KeySize", "1024");
294 map.put("Signature.SHA1withDSA KeySize", "1024");
295 map.put("Signature.SHA224withDSA KeySize", "2048");
296 map.put("Signature.SHA256withDSA KeySize", "2048");
297
298 map.put("KeyPairGenerator.DSA KeySize", "2048");
299 map.put("AlgorithmParameterGenerator.DSA KeySize", "2048");
300
301 /*
302 * Implementation type: software or hardware
303 */
304 map.put("Signature.SHA1withDSA ImplementedIn", "Software");
305 map.put("KeyPairGenerator.DSA ImplementedIn", "Software");
306 map.put("MessageDigest.MD5 ImplementedIn", "Software");
307 map.put("MessageDigest.SHA ImplementedIn", "Software");
308 map.put("AlgorithmParameterGenerator.DSA ImplementedIn",
309 "Software");
310 map.put("AlgorithmParameters.DSA ImplementedIn", "Software");
311 map.put("KeyFactory.DSA ImplementedIn", "Software");
312 map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software");
313 map.put("CertificateFactory.X.509 ImplementedIn", "Software");
314 map.put("KeyStore.JKS ImplementedIn", "Software");
315 map.put("CertPathValidator.PKIX ImplementedIn", "Software");
316 map.put("CertPathBuilder.PKIX ImplementedIn", "Software");
317 map.put("CertStore.Collection ImplementedIn", "Software");
318 map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn",
319 "Software");
320
321 }
322
323 // name of the *System* property, takes precedence over PROP_RNDSOURCE
324 private static final String PROP_EGD = "java.security.egd";
325 // name of the *Security* property
326 private static final String PROP_RNDSOURCE = "securerandom.source";
327
328 static final String URL_DEV_RANDOM = "file:/dev/random";
329 static final String URL_DEV_URANDOM = "file:/dev/urandom";
330
331 private static final String seedSource;
332
333 static {
334 seedSource = AccessController.doPrivileged(
335 new PrivilegedAction<String>() {
336
337 @Override
338 public String run() {
339 String egdSource = System.getProperty(PROP_EGD, "");
340 if (egdSource.length() != 0) {
341 return egdSource;
342 }
343 egdSource = Security.getProperty(PROP_RNDSOURCE);
344 if (egdSource == null) {
345 return "";
346 }
347 return egdSource;
348 }
349 });
350 }
351
352 static String getSeedSource() {
353 return seedSource;
354 }
355
356 /*
357 * Use a URI to access this File. Previous code used a URL
358 * which is less strict on syntax. If we encounter a
359 * URISyntaxException we make best efforts for backwards
360 * compatibility. e.g. space character in deviceName string.
361 *
362 * Method called within PrivilegedExceptionAction block.
363 *
364 * Moved from SeedGenerator to avoid initialization problems with
365 * signed providers.
366 */
367 static File getDeviceFile(URL device) throws IOException {
368 try {
369 URI deviceURI = device.toURI();
370 if(deviceURI.isOpaque()) {
371 // File constructor does not accept opaque URI
372 URI localDir = new File(
373 System.getProperty("user.dir")).toURI();
374 String uriPath = localDir.toString() +
375 deviceURI.toString().substring(5);
376 return new File(URI.create(uriPath));
377 } else {
378 return new File(deviceURI);
379 }
380 } catch (URISyntaxException use) {
381 /*
382 * Make best effort to access this File.
383 * We can try using the URL path.
384 */
385 return new File(device.getPath());
386 }
387 }
388 }