Skip to content

GitLab

Commit 76ab4027 authored by Przemyslaw Szczepaniak's avatar Przemyslaw Szczepaniak
Browse files

Remove unused sun.security.provider.SecureRandom code 

sun.security.provider.SecureRandom is never used on
android, we always use the implementation from
AndroidOpenSSL provider instead.

Bug: 29091543
Change-Id: I20412c0f42c7b397ef5b05e623e61c2742fb935d
(cherry picked from commit 337d8c17)
parent c2592844
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 2 additions and 1538 deletions
ojluni/src/main/java/java/security/SecureRandom.java
View file @ 76ab4027
......@@ -188,13 +188,8 @@ public class SecureRandom extends java.util.Random {
private void getDefaultPRNG(boolean setSeed, byte[] seed) {
String prng = getPrngAlgorithm();
if (prng == null) {
// bummer, get the SUN implementation
prng = "SHA1PRNG";
this.secureRandomSpi = new sun.security.provider.SecureRandom();
this.provider = Providers.getSunProvider();
if (setSeed) {
this.secureRandomSpi.engineSetSeed(seed);
}
// Android changed, should never happen
throw new IllegalStateException("No SecureRandom implementation!");
} else {
try {
SecureRandom random = SecureRandom.getInstance(prng);
......
ojluni/src/main/java/sun/security/provider/NativePRNG.java deleted 100755 → 0
View file @ c2592844
/*
* Copyright (c) 2003, 2008, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider;
import java.io.*;
import java.security.*;
import java.security.SecureRandom;
/**
* Native PRNG implementation for Solaris/Linux. It interacts with
* /dev/random and /dev/urandom, so it is only available if those
* files are present. Otherwise, SHA1PRNG is used instead of this class.
*
* getSeed() and setSeed() directly read/write /dev/random. However,
* /dev/random is only writable by root in many configurations. Because
* we cannot just ignore bytes specified via setSeed(), we keep a
* SHA1PRNG around in parallel.
*
* nextBytes() reads the bytes directly from /dev/urandom (and then
* mixes them with bytes from the SHA1PRNG for the reasons explained
* above). Reading bytes from /dev/urandom means that constantly get
* new entropy the operating system has collected. This is a notable
* advantage over the SHA1PRNG model, which acquires entropy only
* initially during startup although the VM may be running for months.
*
* Also note that we do not need any initial pure random seed from
* /dev/random. This is an advantage because on some versions of Linux
* it can be exhausted very quickly and could thus impact startup time.
*
* Finally, note that we use a singleton for the actual work (RandomIO)
* to avoid having to open and close /dev/[u]random constantly. However,
* there may me many NativePRNG instances created by the JCA framework.
*
* @since 1.5
* @author Andreas Sterbenz
*/
public final class NativePRNG extends SecureRandomSpi {
private static final long serialVersionUID = -6599091113397072932L;
// name of the pure random file (also used for setSeed())
private static final String NAME_RANDOM = "/dev/random";
// name of the pseudo random file
private static final String NAME_URANDOM = "/dev/urandom";
// singleton instance or null if not available
private static final RandomIO INSTANCE = initIO();
private static RandomIO initIO() {
return AccessController.doPrivileged(
new PrivilegedAction<RandomIO>() {
public RandomIO run() {
File randomFile = new File(NAME_RANDOM);
if (randomFile.exists() == false) {
return null;
}
File urandomFile = new File(NAME_URANDOM);
if (urandomFile.exists() == false) {
return null;
}
try {
return new RandomIO(randomFile, urandomFile);
} catch (Exception e) {
return null;
}
}
});
}
// return whether the NativePRNG is available
static boolean isAvailable() {
return INSTANCE != null;
}
// constructor, called by the JCA framework
public NativePRNG() {
super();
if (INSTANCE == null) {
throw new AssertionError("NativePRNG not available");
}
}
// set the seed
protected void engineSetSeed(byte[] seed) {
INSTANCE.implSetSeed(seed);
}
// get pseudo random bytes
protected void engineNextBytes(byte[] bytes) {
INSTANCE.implNextBytes(bytes);
}
// get true random bytes
protected byte[] engineGenerateSeed(int numBytes) {
return INSTANCE.implGenerateSeed(numBytes);
}
/**
* Nested class doing the actual work. Singleton, see INSTANCE above.
*/
private static class RandomIO {
// we buffer data we read from /dev/urandom for efficiency,
// but we limit the lifetime to avoid using stale bits
// lifetime in ms, currently 100 ms (0.1 s)
private final static long MAX_BUFFER_TIME = 100;
// size of the /dev/urandom buffer
private final static int BUFFER_SIZE = 32;
// In/OutputStream for /dev/random and /dev/urandom
private final InputStream randomIn, urandomIn;
private OutputStream randomOut;
// flag indicating if we have tried to open randomOut yet
private boolean randomOutInitialized;
// SHA1PRNG instance for mixing
// initialized lazily on demand to avoid problems during startup
private volatile sun.security.provider.SecureRandom mixRandom;
// buffer for /dev/urandom bits
private final byte[] urandomBuffer;
// number of bytes left in urandomBuffer
private int buffered;
// time we read the data into the urandomBuffer
private long lastRead;
// mutex lock for nextBytes()
private final Object LOCK_GET_BYTES = new Object();
// mutex lock for getSeed()
private final Object LOCK_GET_SEED = new Object();
// mutex lock for setSeed()
private final Object LOCK_SET_SEED = new Object();
// constructor, called only once from initIO()
private RandomIO(File randomFile, File urandomFile) throws IOException {
randomIn = new FileInputStream(randomFile);
urandomIn = new FileInputStream(urandomFile);
urandomBuffer = new byte[BUFFER_SIZE];
}
// get the SHA1PRNG for mixing
// initialize if not yet created
private sun.security.provider.SecureRandom getMixRandom() {
sun.security.provider.SecureRandom r = mixRandom;
if (r == null) {
synchronized (LOCK_GET_BYTES) {
r = mixRandom;
if (r == null) {
r = new sun.security.provider.SecureRandom();
try {
byte[] b = new byte[20];
readFully(urandomIn, b);
r.engineSetSeed(b);
} catch (IOException e) {
throw new ProviderException("init failed", e);
}
mixRandom = r;
}
}
}
return r;
}
// read data.length bytes from in
// /dev/[u]random are not normal files, so we need to loop the read.
// just keep trying as long as we are making progress
private static void readFully(InputStream in, byte[] data)
throws IOException {
int len = data.length;
int ofs = 0;
while (len > 0) {
int k = in.read(data, ofs, len);
if (k <= 0) {
throw new EOFException("/dev/[u]random closed?");
}
ofs += k;
len -= k;
}
if (len > 0) {
throw new IOException("Could not read from /dev/[u]random");
}
}
// get true random bytes, just read from /dev/random
private byte[] implGenerateSeed(int numBytes) {
synchronized (LOCK_GET_SEED) {
try {
byte[] b = new byte[numBytes];
readFully(randomIn, b);
return b;
} catch (IOException e) {
throw new ProviderException("generateSeed() failed", e);
}
}
}
// supply random bytes to the OS
// write to /dev/random if possible
// always add the seed to our mixing random
private void implSetSeed(byte[] seed) {
synchronized (LOCK_SET_SEED) {
if (randomOutInitialized == false) {
randomOutInitialized = true;
randomOut = AccessController.doPrivileged(
new PrivilegedAction<OutputStream>() {
public OutputStream run() {
try {
return new FileOutputStream(NAME_RANDOM, true);
} catch (Exception e) {
return null;
}
}
});
}
if (randomOut != null) {
try {
randomOut.write(seed);
} catch (IOException e) {
throw new ProviderException("setSeed() failed", e);
}
}
getMixRandom().engineSetSeed(seed);
}
}
// ensure that there is at least one valid byte in the buffer
// if not, read new bytes
private void ensureBufferValid() throws IOException {
long time = System.currentTimeMillis();
if ((buffered > 0) && (time - lastRead < MAX_BUFFER_TIME)) {
return;
}
lastRead = time;
readFully(urandomIn, urandomBuffer);
buffered = urandomBuffer.length;
}
// get pseudo random bytes
// read from /dev/urandom and XOR with bytes generated by the
// mixing SHA1PRNG
private void implNextBytes(byte[] data) {
synchronized (LOCK_GET_BYTES) {
try {
getMixRandom().engineNextBytes(data);
int len = data.length;
int ofs = 0;
while (len > 0) {
ensureBufferValid();
int bufferOfs = urandomBuffer.length - buffered;
while ((len > 0) && (buffered > 0)) {
data[ofs++] ^= urandomBuffer[bufferOfs++];
len--;
buffered--;
}
}
} catch (IOException e) {
throw new ProviderException("nextBytes() failed", e);
}
}
}
}
}
ojluni/src/main/java/sun/security/provider/NativeSeedGenerator.java deleted 100755 → 0
View file @ c2592844
/*
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider;
import java.io.IOException;
/**
* Native seed generator for Unix systems. Inherit everything from
* URLSeedGenerator.
*
*/
class NativeSeedGenerator extends SeedGenerator.URLSeedGenerator {
NativeSeedGenerator() throws IOException {
super();
}
}
ojluni/src/main/java/sun/security/provider/SecureRandom.java deleted 100755 → 0
View file @ c2592844
/*
* Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.SecureRandomSpi;
import java.security.NoSuchAlgorithmException;
/**
* <p>This class provides a crytpographically strong pseudo-random number
* generator based on the SHA-1 hash algorithm.
*
* <p>Note that if a seed is not provided, we attempt to provide sufficient
* seed bytes to completely randomize the internal state of the generator
* (20 bytes). However, our seed generation algorithm has not been thoroughly
* studied or widely deployed.
*
* <p>Also note that when a random object is deserialized,
* <a href="#engineNextBytes(byte[])">engineNextBytes</a> invoked on the
* restored random object will yield the exact same (random) bytes as the
* original object. If this behaviour is not desired, the restored random
* object should be seeded, using
* <a href="#engineSetSeed(byte[])">engineSetSeed</a>.
*
* @author Benjamin Renaud
* @author Josh Bloch
* @author Gadi Guy
*/
public final class SecureRandom extends SecureRandomSpi
implements java.io.Serializable {
private static final long serialVersionUID = 3581829991155417889L;
private static final int DIGEST_SIZE = 20;
private transient MessageDigest digest;
private byte[] state;
private byte[] remainder;
private int remCount;
/**
* This empty constructor automatically seeds the generator. We attempt
* to provide sufficient seed bytes to completely randomize the internal
* state of the generator (20 bytes). Note, however, that our seed
* generation algorithm has not been thoroughly studied or widely deployed.
*
* <p>The first time this constructor is called in a given Virtual Machine,
* it may take several seconds of CPU time to seed the generator, depending
* on the underlying hardware. Successive calls run quickly because they
* rely on the same (internal) pseudo-random number generator for their
* seed bits.
*/
public SecureRandom() {
init(null);
}
/**
* This constructor is used to instatiate the private seeder object
* with a given seed from the SeedGenerator.
*
* @param seed the seed.
*/
private SecureRandom(byte seed[]) {
init(seed);
}
/**
* This call, used by the constructors, instantiates the SHA digest
* and sets the seed, if given.
*/
private void init(byte[] seed) {
try {
digest = MessageDigest.getInstance ("SHA");
} catch (NoSuchAlgorithmException e) {
throw new InternalError("internal error: SHA-1 not available.");
}
if (seed != null) {
engineSetSeed(seed);
}
}
/**
* Returns the given number of seed bytes, computed using the seed
* generation algorithm that this class uses to seed itself. This
* call may be used to seed other random number generators. While
* we attempt to return a "truly random" sequence of bytes, we do not
* know exactly how random the bytes returned by this call are. (See
* the empty constructor <a href = "#SecureRandom">SecureRandom</a>
* for a brief description of the underlying algorithm.)
* The prudent user will err on the side of caution and get extra
* seed bytes, although it should be noted that seed generation is
* somewhat costly.
*
* @param numBytes the number of seed bytes to generate.
*
* @return the seed bytes.
*/
public byte[] engineGenerateSeed(int numBytes) {
byte[] b = new byte[numBytes];
SeedGenerator.generateSeed(b);
return b;
}
/**
* Reseeds this random object. The given seed supplements, rather than
* replaces, the existing seed. Thus, repeated calls are guaranteed
* never to reduce randomness.
*
* @param seed the seed.
*/
synchronized public void engineSetSeed(byte[] seed) {
if (state != null) {
digest.update(state);
for (int i = 0; i < state.length; i++)
state[i] = 0;
}
state = digest.digest(seed);
}
private static void updateState(byte[] state, byte[] output) {
int last = 1;
int v = 0;
byte t = 0;
boolean zf = false;
// state(n + 1) = (state(n) + output(n) + 1) % 2^160;
for (int i = 0; i < state.length; i++) {
// Add two bytes
v = (int)state[i] + (int)output[i] + last;
// Result is lower 8 bits
t = (byte)v;
// Store result. Check for state collision.
zf = zf | (state[i] != t);
state[i] = t;
// High 8 bits are carry. Store for next iteration.
last = v >> 8;
}
// Make sure at least one bit changes!
if (!zf)
state[0]++;
}
/**
* This static object will be seeded by SeedGenerator, and used
* to seed future instances of SHA1PRNG SecureRandoms.
*
* Bloch, Effective Java Second Edition: Item 71
*/
private static class SeederHolder {
private static final SecureRandom seeder;
static {
/*
* Call to SeedGenerator.generateSeed() to add additional
* seed material (likely from the Native implementation).
*/
seeder = new SecureRandom(SeedGenerator.getSystemEntropy());
byte [] b = new byte[DIGEST_SIZE];
SeedGenerator.generateSeed(b);
seeder.engineSetSeed(b);
}
}
/**
* Generates a user-specified number of random bytes.
*
* @param bytes the array to be filled in with random bytes.
*/
public synchronized void engineNextBytes(byte[] result) {
int index = 0;
int todo;
byte[] output = remainder;
if (state == null) {
byte[] seed = new byte[DIGEST_SIZE];
SeederHolder.seeder.engineNextBytes(seed);
state = digest.digest(seed);
}
// Use remainder from last time
int r = remCount;
if (r > 0) {
// How many bytes?
todo = (result.length - index) < (DIGEST_SIZE - r) ?
(result.length - index) : (DIGEST_SIZE - r);
// Copy the bytes, zero the buffer
for (int i = 0; i < todo; i++) {
result[i] = output[r];
output[r++] = 0;
}
remCount += todo;
index += todo;
}
// If we need more bytes, make them.
while (index < result.length) {
// Step the state
digest.update(state);
output = digest.digest();
updateState(state, output);
// How many bytes?
todo = (result.length - index) > DIGEST_SIZE ?
DIGEST_SIZE : result.length - index;
// Copy the bytes, zero the buffer
for (int i = 0; i < todo; i++) {
result[index++] = output[i];
output[i] = 0;
}
remCount += todo;
}
// Store remainder for next time
remainder = output;
remCount %= DIGEST_SIZE;
}
/*
* readObject is called to restore the state of the random object from
* a stream. We have to create a new instance of MessageDigest, because
* it is not included in the stream (it is marked "transient").
*
* Note that the engineNextBytes() method invoked on the restored random
* object will yield the exact same (random) bytes as the original.
* If you do not want this behaviour, you should re-seed the restored
* random object, using engineSetSeed().
*/
private void readObject(java.io.ObjectInputStream s)
throws IOException, ClassNotFoundException {
s.defaultReadObject ();
try {
digest = MessageDigest.getInstance ("SHA");
} catch (NoSuchAlgorithmException e) {
throw new InternalError("internal error: SHA-1 not available.");
}
}
}
ojluni/src/main/java/sun/security/provider/SunEntries.java deleted 100755 → 0
View file @ c2592844
/*
* Copyright (c) 1996, 2006, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider;
import java.util.Map;
import java.security.*;
/**
* Defines the entries of the SUN provider.
*
* Algorithms supported, and their names:
*
* - SHA is the message digest scheme described in FIPS 180-1.
* Aliases for SHA are SHA-1 and SHA1.
*
* - SHA1withDSA is the signature scheme described in FIPS 186.
* (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.)
* Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA,
* SHAwithDSA, DSAWithSHA1, and the object
* identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and
* "OID.1.2.840.10040.4.3".
*
* - DSA is the key generation scheme as described in FIPS 186.
* Aliases for DSA include the OID strings "OID.1.3.14.3.2.12"
* and "OID.1.2.840.10040.4.1".
*
* - MD5 is the message digest scheme described in RFC 1321.
* There are no aliases for MD5.
*
* - X.509 is the certificate factory type for X.509 certificates
* and CRLs. Aliases for X.509 are X509.
*
* - PKIX is the certification path validation algorithm described
* in RFC 3280. The ValidationAlgorithm attribute notes the
* specification that this provider implements.
*
* - LDAP is the CertStore type for LDAP repositories. The
* LDAPSchema attribute notes the specification defining the
* schema that this provider uses to find certificates and CRLs.
*
* - JavaPolicy is the default file-based Policy type.
*
* - JavaLoginConfig is the default file-based LoginModule Configuration type.
*/
final class SunEntries {
private SunEntries() {
// empty
}
static void putEntries(Map<Object, Object> map) {
/*
* SecureRandom
*
* Register these first to speed up "new SecureRandom()",
* which iterates through the list of algorithms
*/
// register the native PRNG, if available
// if user selected /dev/urandom, we put it before SHA1PRNG,
// otherwise after it
boolean nativeAvailable = NativePRNG.isAvailable();
boolean useUrandom = seedSource.equals(URL_DEV_URANDOM);
if (nativeAvailable && useUrandom) {
map.put("SecureRandom.NativePRNG",
"sun.security.provider.NativePRNG");
}
map.put("SecureRandom.SHA1PRNG",
"sun.security.provider.SecureRandom");
if (nativeAvailable && !useUrandom) {
map.put("SecureRandom.NativePRNG",
"sun.security.provider.NativePRNG");
}
/*
* Signature engines
*/
map.put("Signature.SHA1withDSA", "sun.security.provider.DSA$SHA1withDSA");
map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA");
map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA");
String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
"|java.security.interfaces.DSAPrivateKey";
map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses);
map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses);
map.put("Alg.Alias.Signature.DSA", "SHA1withDSA");
map.put("Alg.Alias.Signature.DSS", "SHA1withDSA");
map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA");
map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA");
map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA");
map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA");
map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA");
map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3",
"SHA1withDSA");
map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA");
map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA");
map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA");
/*
* Key Pair Generator engines
*/
map.put("KeyPairGenerator.DSA",
"sun.security.provider.DSAKeyPairGenerator");
map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA");
map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA");
map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA");
/*
* Digest engines
*/
map.put("MessageDigest.MD2", "sun.security.provider.MD2");
map.put("MessageDigest.MD5", "sun.security.provider.MD5");
map.put("MessageDigest.SHA", "sun.security.provider.SHA");
map.put("Alg.Alias.MessageDigest.SHA-1", "SHA");
map.put("Alg.Alias.MessageDigest.SHA1", "SHA");
map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2");
map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384");
map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512");
/*
* Algorithm Parameter Generator engines
*/
map.put("AlgorithmParameterGenerator.DSA",
"sun.security.provider.DSAParameterGenerator");
/*
* Algorithm Parameter engines
*/
map.put("AlgorithmParameters.DSA",
"sun.security.provider.DSAParameters");
map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA");
map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA");
/*
* Key factories
*/
map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory");
map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA");
map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA");
/*
* Certificates
*/
map.put("CertificateFactory.X.509",
"sun.security.provider.X509Factory");
map.put("Alg.Alias.CertificateFactory.X509", "X.509");
/*
* KeyStore
*/
map.put("KeyStore.JKS", "sun.security.provider.JavaKeyStore$JKS");
map.put("KeyStore.CaseExactJKS",
"sun.security.provider.JavaKeyStore$CaseExactJKS");
/*
* Policy
*/
map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile");
/*
* Configuration
*/
map.put("Configuration.JavaLoginConfig",
"sun.security.provider.ConfigSpiFile");
/*
* CertPathBuilder
*/
map.put("CertPathBuilder.PKIX",
"sun.security.provider.certpath.SunCertPathBuilder");
map.put("CertPathBuilder.PKIX ValidationAlgorithm",
"RFC3280");
/*
* CertPathValidator
*/
map.put("CertPathValidator.PKIX",
"sun.security.provider.certpath.PKIXCertPathValidator");
map.put("CertPathValidator.PKIX ValidationAlgorithm",
"RFC3280");
/*
* CertStores
*/
map.put("CertStore.LDAP",
"sun.security.provider.certpath.ldap.LDAPCertStore");
map.put("CertStore.LDAP LDAPSchema", "RFC2587");
map.put("CertStore.Collection",
"sun.security.provider.certpath.CollectionCertStore");
map.put("CertStore.com.sun.security.IndexedCollection",
"sun.security.provider.certpath.IndexedCollectionCertStore");
/*
* KeySize
*/
map.put("Signature.SHA1withDSA KeySize", "1024");
map.put("KeyPairGenerator.DSA KeySize", "1024");
map.put("AlgorithmParameterGenerator.DSA KeySize", "1024");
/*
* Implementation type: software or hardware
*/
map.put("Signature.SHA1withDSA ImplementedIn", "Software");
map.put("KeyPairGenerator.DSA ImplementedIn", "Software");
map.put("MessageDigest.MD5 ImplementedIn", "Software");
map.put("MessageDigest.SHA ImplementedIn", "Software");
map.put("AlgorithmParameterGenerator.DSA ImplementedIn",
"Software");
map.put("AlgorithmParameters.DSA ImplementedIn", "Software");
map.put("KeyFactory.DSA ImplementedIn", "Software");
map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software");
map.put("CertificateFactory.X.509 ImplementedIn", "Software");
map.put("KeyStore.JKS ImplementedIn", "Software");
map.put("CertPathValidator.PKIX ImplementedIn", "Software");
map.put("CertPathBuilder.PKIX ImplementedIn", "Software");
map.put("CertStore.LDAP ImplementedIn", "Software");
map.put("CertStore.Collection ImplementedIn", "Software");
map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn",
"Software");
}
// name of the *System* property, takes precedence over PROP_RNDSOURCE
private final static String PROP_EGD = "java.security.egd";
// name of the *Security* property
private final static String PROP_RNDSOURCE = "securerandom.source";
final static String URL_DEV_RANDOM = "file:/dev/random";
final static String URL_DEV_URANDOM = "file:/dev/urandom";
private static final String seedSource;
static {
seedSource = AccessController.doPrivileged(
new PrivilegedAction<String>() {
public String run() {
String egdSource = System.getProperty(PROP_EGD, "");
if (egdSource.length() != 0) {
return egdSource;
}
egdSource = Security.getProperty(PROP_RNDSOURCE);
if (egdSource == null) {
return "";
}
return egdSource;
}
});
}
static String getSeedSource() {
return seedSource;
}
}
ojluni/src/main/java/sun/security/provider/VerificationProvider.java deleted 100755 → 0
View file @ c2592844
/*
* Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider;
import java.util.*;
import java.security.*;
import sun.security.action.PutAllAction;
import sun.security.rsa.SunRsaSignEntries;
/**
* Provider used for verification of signed JAR files *if* the Sun and
* SunRsaSign main classes have been removed. Otherwise, this provider is not
* necessary and registers no algorithms. This functionality only exists to
* support a use case required by a specific customer and is not generally
* supported.
*
* @since 1.7
* @author Andreas Sterbenz
*/
public final class VerificationProvider extends Provider {
private static final long serialVersionUID = 7482667077568930381L;
private static final boolean ACTIVE;
static {
boolean b;
try {
Class.forName("sun.security.provider.Sun");
Class.forName("sun.security.rsa.SunRsaSign");
b = false;
} catch (ClassNotFoundException e) {
b = true;
}
ACTIVE = b;
}
public VerificationProvider() {
super("SunJarVerification", 1.7, "Jar Verification Provider");
// register all algorithms normally registered by the Sun and SunRsaSign
// providers, but only if they are missing
if (ACTIVE == false) {
return;
}
// if there is no security manager installed, put directly into
// the provider. Otherwise, create a temporary map and use a
// doPrivileged() call at the end to transfer the contents
if (System.getSecurityManager() == null) {
SunEntries.putEntries(this);
SunRsaSignEntries.putEntries(this);
} else {
// use LinkedHashMap to preserve the order of the PRNGs
Map<Object, Object> map = new LinkedHashMap<>();
SunEntries.putEntries(map);
SunRsaSignEntries.putEntries(map);
AccessController.doPrivileged(new PutAllAction(this, map));
}
}
}
openjdk_java_files.mk
View file @ 76ab4027
......@@ -1300,12 +1300,6 @@ openjdk_java_files := \
ojluni/src/main/java/sun/security/provider/certpath/Vertex.java \
ojluni/src/main/java/sun/security/provider/certpath/X509CertPath.java \
ojluni/src/main/java/sun/security/provider/certpath/X509CertificatePair.java \
ojluni/src/main/java/sun/security/provider/NativePRNG.java \
ojluni/src/main/java/sun/security/provider/NativeSeedGenerator.java \
ojluni/src/main/java/sun/security/provider/SecureRandom.java \
ojluni/src/main/java/sun/security/provider/SeedGenerator.java \
ojluni/src/main/java/sun/security/provider/SunEntries.java \
ojluni/src/main/java/sun/security/provider/VerificationProvider.java \
ojluni/src/main/java/sun/security/provider/X509Factory.java \
ojluni/src/main/java/sun/security/rsa/SunRsaSignEntries.java \
ojluni/src/main/java/sun/security/ssl/Alerts.java \
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment