1 /* 2 * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.provider; 27 28 import java.io.*; 29 import java.net.*; 30 import java.util.Map; 31 import java.security.*; 32 33 /** 34 * Defines the entries of the SUN provider. 35 * 36 * Algorithms supported, and their names: 37 * 38 * - SHA is the message digest scheme described in FIPS 180-1. 39 * Aliases for SHA are SHA-1 and SHA1. 40 * 41 * - SHA1withDSA is the signature scheme described in FIPS 186. 42 * (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.) 43 * Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA, 44 * SHAwithDSA, DSAWithSHA1, and the object 45 * identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and 46 * "OID.1.2.840.10040.4.3". 47 * 48 * - SHA-2 is a set of message digest schemes described in FIPS 180-2. 49 * SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384, 50 * and SHA-512. 51 * 52 * - SHA-224withDSA/SHA-256withDSA are the signature schemes 53 * described in FIPS 186-3. The associated object identifiers are 54 * "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2". 55 56 * - DSA is the key generation scheme as described in FIPS 186. 57 * Aliases for DSA include the OID strings "OID.1.3.14.3.2.12" 58 * and "OID.1.2.840.10040.4.1". 59 * 60 * - MD5 is the message digest scheme described in RFC 1321. 61 * There are no aliases for MD5. 62 * 63 * - X.509 is the certificate factory type for X.509 certificates 64 * and CRLs. Aliases for X.509 are X509. 65 * 66 * - PKIX is the certification path validation algorithm described 67 * in RFC 5280. The ValidationAlgorithm attribute notes the 68 * specification that this provider implements. 69 * 70 * - JavaPolicy is the default file-based Policy type. 71 * 72 * - JavaLoginConfig is the default file-based LoginModule Configuration type. 73 */ 74 75 final class SunEntries { 76 77 private SunEntries() { 78 // empty 79 } 80 81 static void putEntries(Map<Object, Object> map) { 82 83 /* 84 * SecureRandom 85 * 86 * Register these first to speed up "new SecureRandom()", 87 * which iterates through the list of algorithms 88 */ 89 // register the native PRNG, if available 90 // if user selected /dev/urandom, we put it before SHA1PRNG, 91 // otherwise after it 92 boolean nativeAvailable = NativePRNG.isAvailable(); 93 boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) || 94 seedSource.equals(URL_DEV_RANDOM); 95 96 if (nativeAvailable && useNativePRNG) { 97 map.put("SecureRandom.NativePRNG", 98 "sun.security.provider.NativePRNG"); 99 } 100 map.put("SecureRandom.SHA1PRNG", 101 "sun.security.provider.SecureRandom"); 102 if (nativeAvailable && !useNativePRNG) { 103 map.put("SecureRandom.NativePRNG", 104 "sun.security.provider.NativePRNG"); 105 } 106 107 if (NativePRNG.Blocking.isAvailable()) { 108 map.put("SecureRandom.NativePRNGBlocking", 109 "sun.security.provider.NativePRNG$Blocking"); 110 } 111 112 if (NativePRNG.NonBlocking.isAvailable()) { 113 map.put("SecureRandom.NativePRNGNonBlocking", 114 "sun.security.provider.NativePRNG$NonBlocking"); 115 } 116 117 /* 118 * Signature engines 119 */ 120 map.put("Signature.SHA1withDSA", 121 "sun.security.provider.DSA$SHA1withDSA"); 122 map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA"); 123 map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA"); 124 map.put("Signature.SHA224withDSA", 125 "sun.security.provider.DSA$SHA224withDSA"); 126 map.put("Signature.SHA256withDSA", 127 "sun.security.provider.DSA$SHA256withDSA"); 128 129 map.put("Signature.SHA1withDSAinP1363Format", 130 "sun.security.provider.DSA$SHA1withDSAinP1363Format"); 131 map.put("Signature.NONEwithDSAinP1363Format", 132 "sun.security.provider.DSA$RawDSAinP1363Format"); 133 map.put("Signature.SHA224withDSAinP1363Format", 134 "sun.security.provider.DSA$SHA224withDSAinP1363Format"); 135 map.put("Signature.SHA256withDSAinP1363Format", 136 "sun.security.provider.DSA$SHA256withDSAinP1363Format"); 137 138 String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + 139 "|java.security.interfaces.DSAPrivateKey"; 140 map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses); 141 map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses); 142 map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses); 143 map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses); 144 145 map.put("Alg.Alias.Signature.DSA", "SHA1withDSA"); 146 map.put("Alg.Alias.Signature.DSS", "SHA1withDSA"); 147 map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); 148 map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA"); 149 map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA"); 150 map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA"); 151 map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); 152 map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3", 153 "SHA1withDSA"); 154 map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); 155 map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA"); 156 map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA"); 157 map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1", 158 "SHA224withDSA"); 159 map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA"); 160 map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2", 161 "SHA256withDSA"); 162 map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA"); 163 164 /* 165 * Key Pair Generator engines 166 */ 167 map.put("KeyPairGenerator.DSA", 168 "sun.security.provider.DSAKeyPairGenerator"); 169 map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); 170 map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); 171 map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); 172 173 /* 174 * Digest engines 175 */ 176 map.put("MessageDigest.MD2", "sun.security.provider.MD2"); 177 map.put("MessageDigest.MD5", "sun.security.provider.MD5"); 178 map.put("MessageDigest.SHA", "sun.security.provider.SHA"); 179 180 map.put("Alg.Alias.MessageDigest.SHA-1", "SHA"); 181 map.put("Alg.Alias.MessageDigest.SHA1", "SHA"); 182 map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA"); 183 map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA"); 184 185 map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224"); 186 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224"); 187 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", 188 "SHA-224"); 189 190 map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256"); 191 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); 192 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", 193 "SHA-256"); 194 map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384"); 195 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); 196 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", 197 "SHA-384"); 198 map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512"); 199 map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); 200 map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", 201 "SHA-512"); 202 203 /* 204 * Algorithm Parameter Generator engines 205 */ 206 map.put("AlgorithmParameterGenerator.DSA", 207 "sun.security.provider.DSAParameterGenerator"); 208 209 /* 210 * Algorithm Parameter engines 211 */ 212 map.put("AlgorithmParameters.DSA", 213 "sun.security.provider.DSAParameters"); 214 map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA"); 215 map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA"); 216 map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA"); 217 218 /* 219 * Key factories 220 */ 221 map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory"); 222 map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA"); 223 map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); 224 map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA"); 225 226 /* 227 * Certificates 228 */ 229 map.put("CertificateFactory.X.509", 230 "sun.security.provider.X509Factory"); 231 map.put("Alg.Alias.CertificateFactory.X509", "X.509"); 232 233 /* 234 * KeyStore 235 */ 236 map.put("KeyStore.PKCS12", 237 "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12"); 238 map.put("KeyStore.JKS", 239 "sun.security.provider.JavaKeyStore$DualFormatJKS"); 240 map.put("KeyStore.CaseExactJKS", 241 "sun.security.provider.JavaKeyStore$CaseExactJKS"); 242 map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS"); 243 244 /* 245 * Policy 246 */ 247 map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile"); 248 249 /* 250 * Configuration 251 */ 252 map.put("Configuration.JavaLoginConfig", 253 "sun.security.provider.ConfigFile$Spi"); 254 255 /* 256 * CertPathBuilder 257 */ 258 map.put("CertPathBuilder.PKIX", 259 "sun.security.provider.certpath.SunCertPathBuilder"); 260 map.put("CertPathBuilder.PKIX ValidationAlgorithm", 261 "RFC5280"); 262 263 /* 264 * CertPathValidator 265 */ 266 map.put("CertPathValidator.PKIX", 267 "sun.security.provider.certpath.PKIXCertPathValidator"); 268 map.put("CertPathValidator.PKIX ValidationAlgorithm", 269 "RFC5280"); 270 271 /* 272 * CertStores 273 */ 274 map.put("CertStore.Collection", 275 "sun.security.provider.certpath.CollectionCertStore"); 276 map.put("CertStore.com.sun.security.IndexedCollection", 277 "sun.security.provider.certpath.IndexedCollectionCertStore"); 278 279 /* 280 * KeySize 281 */ 282 map.put("Signature.NONEwithDSA KeySize", "1024"); 283 map.put("Signature.SHA1withDSA KeySize", "1024"); 284 map.put("Signature.SHA224withDSA KeySize", "2048"); 285 map.put("Signature.SHA256withDSA KeySize", "2048"); 286 287 map.put("KeyPairGenerator.DSA KeySize", "2048"); 288 map.put("AlgorithmParameterGenerator.DSA KeySize", "2048"); 289 290 /* 291 * Implementation type: software or hardware 292 */ 293 map.put("Signature.SHA1withDSA ImplementedIn", "Software"); 294 map.put("KeyPairGenerator.DSA ImplementedIn", "Software"); 295 map.put("MessageDigest.MD5 ImplementedIn", "Software"); 296 map.put("MessageDigest.SHA ImplementedIn", "Software"); 297 map.put("AlgorithmParameterGenerator.DSA ImplementedIn", 298 "Software"); 299 map.put("AlgorithmParameters.DSA ImplementedIn", "Software"); 300 map.put("KeyFactory.DSA ImplementedIn", "Software"); 301 map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); 302 map.put("CertificateFactory.X.509 ImplementedIn", "Software"); 303 map.put("KeyStore.JKS ImplementedIn", "Software"); 304 map.put("CertPathValidator.PKIX ImplementedIn", "Software"); 305 map.put("CertPathBuilder.PKIX ImplementedIn", "Software"); 306 map.put("CertStore.Collection ImplementedIn", "Software"); 307 map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn", 308 "Software"); 309 310 } 311 312 // name of the *System* property, takes precedence over PROP_RNDSOURCE 313 private static final String PROP_EGD = "java.security.egd"; 314 // name of the *Security* property 315 private static final String PROP_RNDSOURCE = "securerandom.source"; 316 317 static final String URL_DEV_RANDOM = "file:/dev/random"; 318 static final String URL_DEV_URANDOM = "file:/dev/urandom"; 319 320 private static final String seedSource; 321 322 static { 323 seedSource = AccessController.doPrivileged( 324 new PrivilegedAction<String>() { 325 326 @Override 327 public String run() { 328 String egdSource = System.getProperty(PROP_EGD, ""); 329 if (egdSource.length() != 0) { 330 return egdSource; 331 } 332 egdSource = Security.getProperty(PROP_RNDSOURCE); 333 if (egdSource == null) { 334 return ""; 335 } 336 return egdSource; 337 } 338 }); 339 } 340 341 static String getSeedSource() { 342 return seedSource; 343 } 344 345 /* 346 * Use a URI to access this File. Previous code used a URL 347 * which is less strict on syntax. If we encounter a 348 * URISyntaxException we make best efforts for backwards 349 * compatibility. e.g. space character in deviceName string. 350 * 351 * Method called within PrivilegedExceptionAction block. 352 * 353 * Moved from SeedGenerator to avoid initialization problems with 354 * signed providers. 355 */ 356 static File getDeviceFile(URL device) throws IOException { 357 try { 358 URI deviceURI = device.toURI(); 359 if(deviceURI.isOpaque()) { 360 // File constructor does not accept opaque URI 361 URI localDir = new File( 362 System.getProperty("user.dir")).toURI(); 363 String uriPath = localDir.toString() + 364 deviceURI.toString().substring(5); 365 return new File(URI.create(uriPath)); 366 } else { 367 return new File(deviceURI); 368 } 369 } catch (URISyntaxException use) { 370 /* 371 * Make best effort to access this File. 372 * We can try using the URL path. 373 */ 374 return new File(device.getPath()); 375 } 376 } 377 }