J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved. |
| 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 | * |
| 5 | * This code is free software; you can redistribute it and/or modify it |
| 6 | * under the terms of the GNU General Public License version 2 only, as |
| 7 | * published by the Free Software Foundation. Sun designates this |
| 8 | * particular file as subject to the "Classpath" exception as provided |
| 9 | * by Sun in the LICENSE file that accompanied this code. |
| 10 | * |
| 11 | * This code is distributed in the hope that it will be useful, but WITHOUT |
| 12 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 13 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 14 | * version 2 for more details (a copy is included in the LICENSE file that |
| 15 | * accompanied this code). |
| 16 | * |
| 17 | * You should have received a copy of the GNU General Public License version |
| 18 | * 2 along with this work; if not, write to the Free Software Foundation, |
| 19 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 20 | * |
| 21 | * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
| 22 | * CA 95054 USA or visit www.sun.com if you need additional information or |
| 23 | * have any questions. |
| 24 | */ |
| 25 | |
| 26 | package sun.security.provider; |
| 27 | |
| 28 | import java.util.Map; |
| 29 | import java.security.*; |
| 30 | |
| 31 | /** |
| 32 | * Defines the entries of the SUN provider. |
| 33 | * |
| 34 | * Algorithms supported, and their names: |
| 35 | * |
| 36 | * - SHA is the message digest scheme described in FIPS 180-1. |
| 37 | * Aliases for SHA are SHA-1 and SHA1. |
| 38 | * |
| 39 | * - SHA1withDSA is the signature scheme described in FIPS 186. |
| 40 | * (SHA used in DSA is SHA-1: FIPS 186 with Change No 1.) |
| 41 | * Aliases for SHA1withDSA are DSA, DSS, SHA/DSA, SHA-1/DSA, SHA1/DSA, |
| 42 | * SHAwithDSA, DSAWithSHA1, and the object |
| 43 | * identifier strings "OID.1.3.14.3.2.13", "OID.1.3.14.3.2.27" and |
| 44 | * "OID.1.2.840.10040.4.3". |
| 45 | * |
| 46 | * - DSA is the key generation scheme as described in FIPS 186. |
| 47 | * Aliases for DSA include the OID strings "OID.1.3.14.3.2.12" |
| 48 | * and "OID.1.2.840.10040.4.1". |
| 49 | * |
| 50 | * - MD5 is the message digest scheme described in RFC 1321. |
| 51 | * There are no aliases for MD5. |
| 52 | * |
| 53 | * - X.509 is the certificate factory type for X.509 certificates |
| 54 | * and CRLs. Aliases for X.509 are X509. |
| 55 | * |
| 56 | * - PKIX is the certification path validation algorithm described |
| 57 | * in RFC 3280. The ValidationAlgorithm attribute notes the |
| 58 | * specification that this provider implements. |
| 59 | * |
| 60 | * - LDAP is the CertStore type for LDAP repositories. The |
| 61 | * LDAPSchema attribute notes the specification defining the |
| 62 | * schema that this provider uses to find certificates and CRLs. |
| 63 | * |
| 64 | * - JavaPolicy is the default file-based Policy type. |
| 65 | * |
| 66 | * - JavaLoginConfig is the default file-based LoginModule Configuration type. |
| 67 | */ |
| 68 | |
| 69 | final class SunEntries { |
| 70 | |
| 71 | private SunEntries() { |
| 72 | // empty |
| 73 | } |
| 74 | |
| 75 | static void putEntries(Map<Object, Object> map) { |
| 76 | |
| 77 | /* |
| 78 | * SecureRandom |
| 79 | * |
| 80 | * Register these first to speed up "new SecureRandom()", |
| 81 | * which iterates through the list of algorithms |
| 82 | */ |
| 83 | // register the native PRNG, if available |
| 84 | // if user selected /dev/urandom, we put it before SHA1PRNG, |
| 85 | // otherwise after it |
| 86 | boolean nativeAvailable = NativePRNG.isAvailable(); |
| 87 | boolean useUrandom = seedSource.equals(URL_DEV_URANDOM); |
| 88 | if (nativeAvailable && useUrandom) { |
| 89 | map.put("SecureRandom.NativePRNG", |
| 90 | "sun.security.provider.NativePRNG"); |
| 91 | } |
| 92 | map.put("SecureRandom.SHA1PRNG", |
| 93 | "sun.security.provider.SecureRandom"); |
| 94 | if (nativeAvailable && !useUrandom) { |
| 95 | map.put("SecureRandom.NativePRNG", |
| 96 | "sun.security.provider.NativePRNG"); |
| 97 | } |
| 98 | |
| 99 | /* |
| 100 | * Signature engines |
| 101 | */ |
| 102 | map.put("Signature.SHA1withDSA", "sun.security.provider.DSA$SHA1withDSA"); |
| 103 | map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA"); |
| 104 | map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA"); |
| 105 | |
| 106 | String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + |
| 107 | "|java.security.interfaces.DSAPrivateKey"; |
| 108 | map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses); |
| 109 | map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses); |
| 110 | |
| 111 | map.put("Alg.Alias.Signature.DSA", "SHA1withDSA"); |
| 112 | map.put("Alg.Alias.Signature.DSS", "SHA1withDSA"); |
| 113 | map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); |
| 114 | map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA"); |
| 115 | map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA"); |
| 116 | map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA"); |
| 117 | map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); |
| 118 | map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3", |
| 119 | "SHA1withDSA"); |
| 120 | map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); |
| 121 | map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA"); |
| 122 | map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA"); |
| 123 | |
| 124 | /* |
| 125 | * Key Pair Generator engines |
| 126 | */ |
| 127 | map.put("KeyPairGenerator.DSA", |
| 128 | "sun.security.provider.DSAKeyPairGenerator"); |
| 129 | map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); |
| 130 | map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); |
| 131 | map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); |
| 132 | |
| 133 | /* |
| 134 | * Digest engines |
| 135 | */ |
| 136 | map.put("MessageDigest.MD2", "sun.security.provider.MD2"); |
| 137 | map.put("MessageDigest.MD5", "sun.security.provider.MD5"); |
| 138 | map.put("MessageDigest.SHA", "sun.security.provider.SHA"); |
| 139 | |
| 140 | map.put("Alg.Alias.MessageDigest.SHA-1", "SHA"); |
| 141 | map.put("Alg.Alias.MessageDigest.SHA1", "SHA"); |
| 142 | |
| 143 | map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2"); |
| 144 | map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384"); |
| 145 | map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512"); |
| 146 | |
| 147 | /* |
| 148 | * Algorithm Parameter Generator engines |
| 149 | */ |
| 150 | map.put("AlgorithmParameterGenerator.DSA", |
| 151 | "sun.security.provider.DSAParameterGenerator"); |
| 152 | |
| 153 | /* |
| 154 | * Algorithm Parameter engines |
| 155 | */ |
| 156 | map.put("AlgorithmParameters.DSA", |
| 157 | "sun.security.provider.DSAParameters"); |
| 158 | map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA"); |
| 159 | map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA"); |
| 160 | |
| 161 | /* |
| 162 | * Key factories |
| 163 | */ |
| 164 | map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory"); |
| 165 | map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA"); |
| 166 | map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); |
| 167 | |
| 168 | /* |
| 169 | * Certificates |
| 170 | */ |
| 171 | map.put("CertificateFactory.X.509", |
| 172 | "sun.security.provider.X509Factory"); |
| 173 | map.put("Alg.Alias.CertificateFactory.X509", "X.509"); |
| 174 | |
| 175 | /* |
| 176 | * KeyStore |
| 177 | */ |
| 178 | map.put("KeyStore.JKS", "sun.security.provider.JavaKeyStore$JKS"); |
| 179 | map.put("KeyStore.CaseExactJKS", |
| 180 | "sun.security.provider.JavaKeyStore$CaseExactJKS"); |
| 181 | |
| 182 | /* |
| 183 | * Policy |
| 184 | */ |
| 185 | map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile"); |
| 186 | |
| 187 | /* |
| 188 | * Configuration |
| 189 | */ |
| 190 | map.put("Configuration.JavaLoginConfig", |
| 191 | "sun.security.provider.ConfigSpiFile"); |
| 192 | |
| 193 | /* |
| 194 | * CertPathBuilder |
| 195 | */ |
| 196 | map.put("CertPathBuilder.PKIX", |
| 197 | "sun.security.provider.certpath.SunCertPathBuilder"); |
| 198 | map.put("CertPathBuilder.PKIX ValidationAlgorithm", |
| 199 | "RFC3280"); |
| 200 | |
| 201 | /* |
| 202 | * CertPathValidator |
| 203 | */ |
| 204 | map.put("CertPathValidator.PKIX", |
| 205 | "sun.security.provider.certpath.PKIXCertPathValidator"); |
| 206 | map.put("CertPathValidator.PKIX ValidationAlgorithm", |
| 207 | "RFC3280"); |
| 208 | |
| 209 | /* |
| 210 | * CertStores |
| 211 | */ |
| 212 | map.put("CertStore.LDAP", |
| 213 | "sun.security.provider.certpath.LDAPCertStore"); |
| 214 | map.put("CertStore.LDAP LDAPSchema", "RFC2587"); |
| 215 | map.put("CertStore.Collection", |
| 216 | "sun.security.provider.certpath.CollectionCertStore"); |
| 217 | map.put("CertStore.com.sun.security.IndexedCollection", |
| 218 | "sun.security.provider.certpath.IndexedCollectionCertStore"); |
| 219 | |
| 220 | /* |
| 221 | * KeySize |
| 222 | */ |
| 223 | map.put("Signature.SHA1withDSA KeySize", "1024"); |
| 224 | map.put("KeyPairGenerator.DSA KeySize", "1024"); |
| 225 | map.put("AlgorithmParameterGenerator.DSA KeySize", "1024"); |
| 226 | |
| 227 | /* |
| 228 | * Implementation type: software or hardware |
| 229 | */ |
| 230 | map.put("Signature.SHA1withDSA ImplementedIn", "Software"); |
| 231 | map.put("KeyPairGenerator.DSA ImplementedIn", "Software"); |
| 232 | map.put("MessageDigest.MD5 ImplementedIn", "Software"); |
| 233 | map.put("MessageDigest.SHA ImplementedIn", "Software"); |
| 234 | map.put("AlgorithmParameterGenerator.DSA ImplementedIn", |
| 235 | "Software"); |
| 236 | map.put("AlgorithmParameters.DSA ImplementedIn", "Software"); |
| 237 | map.put("KeyFactory.DSA ImplementedIn", "Software"); |
| 238 | map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); |
| 239 | map.put("CertificateFactory.X.509 ImplementedIn", "Software"); |
| 240 | map.put("KeyStore.JKS ImplementedIn", "Software"); |
| 241 | map.put("CertPathValidator.PKIX ImplementedIn", "Software"); |
| 242 | map.put("CertPathBuilder.PKIX ImplementedIn", "Software"); |
| 243 | map.put("CertStore.LDAP ImplementedIn", "Software"); |
| 244 | map.put("CertStore.Collection ImplementedIn", "Software"); |
| 245 | map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn", |
| 246 | "Software"); |
| 247 | |
| 248 | } |
| 249 | |
| 250 | // name of the *System* property, takes precedence over PROP_RNDSOURCE |
| 251 | private final static String PROP_EGD = "java.security.egd"; |
| 252 | // name of the *Security* property |
| 253 | private final static String PROP_RNDSOURCE = "securerandom.source"; |
| 254 | |
| 255 | final static String URL_DEV_RANDOM = "file:/dev/random"; |
| 256 | final static String URL_DEV_URANDOM = "file:/dev/urandom"; |
| 257 | |
| 258 | private static final String seedSource; |
| 259 | |
| 260 | static { |
| 261 | seedSource = AccessController.doPrivileged( |
| 262 | new PrivilegedAction<String>() { |
| 263 | |
| 264 | public String run() { |
| 265 | String egdSource = System.getProperty(PROP_EGD, ""); |
| 266 | if (egdSource.length() != 0) { |
| 267 | return egdSource; |
| 268 | } |
| 269 | egdSource = Security.getProperty(PROP_RNDSOURCE); |
| 270 | if (egdSource == null) { |
| 271 | return ""; |
| 272 | } |
| 273 | return egdSource; |
| 274 | } |
| 275 | }); |
| 276 | } |
| 277 | |
| 278 | static String getSeedSource() { |
| 279 | return seedSource; |
| 280 | } |
| 281 | |
| 282 | } |