1 /*
2 * Copyright (c) 1996, 2020, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import java.io.*;
29 import java.net.*;
30 import java.util.*;
31 import java.security.*;
32
33 import jdk.internal.util.StaticProperty;
34 import sun.security.action.GetPropertyAction;
35 import sun.security.util.SecurityProviderConstants;
36 import static sun.security.util.SecurityProviderConstants.getAliases;
37
38 /**
39 * Defines the entries of the SUN provider.
40 *
41 * Algorithms supported, and their names:
42 *
43 * - SHA is the message digest scheme described in FIPS 180-1.
44 * Aliases for SHA are SHA-1 and SHA1.
45 *
46 * - SHA1withDSA is the signature scheme described in FIPS 186.
47 * (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.)
48 * Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA,
49 * SHAwithDSA, DSAWithSHA1, and the object
50 * identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and
51 * "OID.1.2.840.10040.4.3".
52 *
53 * - SHA-2 is a set of message digest schemes described in FIPS 180-2.
54 * SHA-2 family of hash functions includes SHA-224, SHA-256, SHA-384,
55 * and SHA-512.
56 *
57 * - SHA-224withDSA/SHA-256withDSA are the signature schemes
58 * described in FIPS 186-3. The associated object identifiers are
59 * "OID.2.16.840.1.101.3.4.3.1", and "OID.2.16.840.1.101.3.4.3.2".
60 *
61 * - DSA is the key generation scheme as described in FIPS 186.
62 * Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"
63 * and "OID.1.2.840.10040.4.1".
64 *
65 * - MD5 is the message digest scheme described in RFC 1321.
66 * There are no aliases for MD5.
67 *
68 * - X.509 is the certificate factory type for X.509 certificates
69 * and CRLs. Aliases for X.509 are X509.
70 *
71 * - PKIX is the certification path validation algorithm described
72 * in RFC 5280. The ValidationAlgorithm attribute notes the
73 * specification that this provider implements.
74 *
75 * - JavaPolicy is the default file-based Policy type.
76 *
77 * - JavaLoginConfig is the default file-based LoginModule Configuration type.
78 */
79
80 public final class SunEntries {
81
82 // the default algo used by SecureRandom class for new SecureRandom() calls
83 public static final String DEF_SECURE_RANDOM_ALGO;
84
85 SunEntries(Provider p) {
86 services = new LinkedHashSet<>(50, 0.9f);
87
88 // start populating content using the specified provider
89
90 // common attribute map
91 HashMap<String, String> attrs = new HashMap<>(3);
92
93 /*
94 * SecureRandom engines
95 */
96 attrs.put("ThreadSafe", "true");
97 if (NativePRNG.isAvailable()) {
98 add(p, "SecureRandom", "NativePRNG",
99 "sun.security.provider.NativePRNG", attrs);
100 }
101 if (NativePRNG.Blocking.isAvailable()) {
102 add(p, "SecureRandom", "NativePRNGBlocking",
103 "sun.security.provider.NativePRNG$Blocking", attrs);
104 }
105 if (NativePRNG.NonBlocking.isAvailable()) {
106 add(p, "SecureRandom", "NativePRNGNonBlocking",
107 "sun.security.provider.NativePRNG$NonBlocking", attrs);
108 }
109 attrs.put("ImplementedIn", "Software");
110 add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
111 add(p, "SecureRandom", "SHA1PRNG",
112 "sun.security.provider.SecureRandom", attrs);
113
114 /*
115 * Signature engines
116 */
117 attrs.clear();
118 String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
119 "|java.security.interfaces.DSAPrivateKey";
120 attrs.put("SupportedKeyClasses", dsaKeyClasses);
121 attrs.put("ImplementedIn", "Software");
122
123 attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
124
125 addWithAlias(p, "Signature", "SHA1withDSA",
126 "sun.security.provider.DSA$SHA1withDSA", attrs);
127 addWithAlias(p, "Signature", "NONEwithDSA",
128 "sun.security.provider.DSA$RawDSA", attrs);
129
130 attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures
131
132 addWithAlias(p, "Signature", "SHA224withDSA",
133 "sun.security.provider.DSA$SHA224withDSA", attrs);
134 addWithAlias(p, "Signature", "SHA256withDSA",
135 "sun.security.provider.DSA$SHA256withDSA", attrs);
136
137 attrs.remove("KeySize");
138
139 add(p, "Signature", "SHA1withDSAinP1363Format",
140 "sun.security.provider.DSA$SHA1withDSAinP1363Format");
141 add(p, "Signature", "NONEwithDSAinP1363Format",
142 "sun.security.provider.DSA$RawDSAinP1363Format");
143 add(p, "Signature", "SHA224withDSAinP1363Format",
144 "sun.security.provider.DSA$SHA224withDSAinP1363Format");
145 add(p, "Signature", "SHA256withDSAinP1363Format",
146 "sun.security.provider.DSA$SHA256withDSAinP1363Format");
147
148 /*
149 * Key Pair Generator engines
150 */
151 attrs.clear();
152 attrs.put("ImplementedIn", "Software");
153 attrs.put("KeySize", "2048"); // for DSA KPG and APG only
154
155 String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
156 dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
157 addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
158
159 /*
160 * Algorithm Parameter Generator engines
161 */
162 addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
163 "sun.security.provider.DSAParameterGenerator", attrs);
164 attrs.remove("KeySize");
165
166 /*
167 * Algorithm Parameter engines
168 */
169 addWithAlias(p, "AlgorithmParameters", "DSA",
170 "sun.security.provider.DSAParameters", attrs);
171
172 /*
173 * Key factories
174 */
175 addWithAlias(p, "KeyFactory", "DSA",
176 "sun.security.provider.DSAKeyFactory", attrs);
177
178 /*
179 * Digest engines
180 */
181 add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
182 add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
183 addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
184 attrs);
185
186 addWithAlias(p, "MessageDigest", "SHA-224",
187 "sun.security.provider.SHA2$SHA224", attrs);
188 addWithAlias(p, "MessageDigest", "SHA-256",
189 "sun.security.provider.SHA2$SHA256", attrs);
190 addWithAlias(p, "MessageDigest", "SHA-384",
191 "sun.security.provider.SHA5$SHA384", attrs);
192 addWithAlias(p, "MessageDigest", "SHA-512",
193 "sun.security.provider.SHA5$SHA512", attrs);
194 addWithAlias(p, "MessageDigest", "SHA-512/224",
195 "sun.security.provider.SHA5$SHA512_224", attrs);
196 addWithAlias(p, "MessageDigest", "SHA-512/256",
197 "sun.security.provider.SHA5$SHA512_256", attrs);
198 addWithAlias(p, "MessageDigest", "SHA3-224",
199 "sun.security.provider.SHA3$SHA224", attrs);
200 addWithAlias(p, "MessageDigest", "SHA3-256",
201 "sun.security.provider.SHA3$SHA256", attrs);
202 addWithAlias(p, "MessageDigest", "SHA3-384",
203 "sun.security.provider.SHA3$SHA384", attrs);
204 addWithAlias(p, "MessageDigest", "SHA3-512",
205 "sun.security.provider.SHA3$SHA512", attrs);
206
207 /*
208 * Certificates
209 */
210 addWithAlias(p, "CertificateFactory", "X.509",
211 "sun.security.provider.X509Factory", attrs);
212
213 /*
214 * KeyStore
215 */
216 add(p, "KeyStore", "PKCS12",
217 "sun.security.pkcs12.PKCS12KeyStore$DualFormatPKCS12");
218 add(p, "KeyStore", "JKS",
219 "sun.security.provider.JavaKeyStore$DualFormatJKS", attrs);
220 add(p, "KeyStore", "CaseExactJKS",
221 "sun.security.provider.JavaKeyStore$CaseExactJKS", attrs);
222 add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS",
223 attrs);
224
225
226 /*
227 * CertStores
228 */
229 add(p, "CertStore", "Collection",
230 "sun.security.provider.certpath.CollectionCertStore",
231 attrs);
232 add(p, "CertStore", "com.sun.security.IndexedCollection",
233 "sun.security.provider.certpath.IndexedCollectionCertStore",
234 attrs);
235
236 /*
237 * Policy
238 */
239 add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile");
240
241 /*
242 * Configuration
243 */
244 add(p, "Configuration", "JavaLoginConfig",
245 "sun.security.provider.ConfigFile$Spi");
246
247 /*
248 * CertPathBuilder and CertPathValidator
249 */
250 attrs.clear();
251 attrs.put("ValidationAlgorithm", "RFC5280");
252 attrs.put("ImplementedIn", "Software");
253
254 add(p, "CertPathBuilder", "PKIX",
255 "sun.security.provider.certpath.SunCertPathBuilder",
256 attrs);
257 add(p, "CertPathValidator", "PKIX",
258 "sun.security.provider.certpath.PKIXCertPathValidator",
259 attrs);
260 }
261
262 Iterator<Provider.Service> iterator() {
263 return services.iterator();
264 }
265
266 private void add(Provider p, String type, String algo, String cn) {
267 services.add(new Provider.Service(p, type, algo, cn, null, null));
268 }
269
270 private void add(Provider p, String type, String algo, String cn,
271 HashMap<String, String> attrs) {
272 services.add(new Provider.Service(p, type, algo, cn, null, attrs));
273 }
274
275 private void addWithAlias(Provider p, String type, String algo, String cn,
276 HashMap<String, String> attrs) {
277 services.add(new Provider.Service(p, type, algo, cn,
278 getAliases(algo), attrs));
279 }
280
281 private LinkedHashSet<Provider.Service> services;
282
283 // name of the *System* property, takes precedence over PROP_RNDSOURCE
284 private static final String PROP_EGD = "java.security.egd";
285 // name of the *Security* property
286 private static final String PROP_RNDSOURCE = "securerandom.source";
287
288 private static final boolean useLegacyDSA =
289 Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty
290 ("jdk.security.legacyDSAKeyPairGenerator"));
291
292 static final String URL_DEV_RANDOM = "file:/dev/random";
293 static final String URL_DEV_URANDOM = "file:/dev/urandom";
294
295 private static final String seedSource;
296
297 static {
298 seedSource = AccessController.doPrivileged(
299 new PrivilegedAction<String>() {
300
301 @Override
302 public String run() {
303 String egdSource = System.getProperty(PROP_EGD, "");
304 if (egdSource.length() != 0) {
305 return egdSource;
306 }
307 egdSource = Security.getProperty(PROP_RNDSOURCE);
308 if (egdSource == null) {
309 return "";
310 }
311 return egdSource;
312 }
313 });
314
315 DEF_SECURE_RANDOM_ALGO = (NativePRNG.isAvailable() &&
316 (seedSource.equals(URL_DEV_URANDOM) ||
317 seedSource.equals(URL_DEV_RANDOM)) ?
318 "NativePRNG" : "DRBG");
319 }
320
321 static String getSeedSource() {
322 return seedSource;
323 }
324
325 /*
326 * Use a URI to access this File. Previous code used a URL
327 * which is less strict on syntax. If we encounter a
328 * URISyntaxException we make best efforts for backwards
329 * compatibility. e.g. space character in deviceName string.
330 *
331 * Method called within PrivilegedExceptionAction block.
332 *
333 * Moved from SeedGenerator to avoid initialization problems with
334 * signed providers.
335 */
336 static File getDeviceFile(URL device) throws IOException {
337 try {
338 URI deviceURI = device.toURI();
339 if(deviceURI.isOpaque()) {
340 // File constructor does not accept opaque URI
341 URI localDir = new File(
342 StaticProperty.userDir()).toURI();
343 String uriPath = localDir.toString() +
344 deviceURI.toString().substring(5);
345 return new File(URI.create(uriPath));
346 } else {
347 return new File(deviceURI);
348 }
349 } catch (URISyntaxException use) {
350 /*
351 * Make best effort to access this File.
352 * We can try using the URL path.
353 */
354 return new File(device.getPath());
355 }
356 }
357 }