changeset 54333:2a29e62446bd

8220016: Clean up redundant RSA services in the SunJSSE provider Summary: Removed duplicated RSA signature/KF/KPG support in SunJSSE Reviewed-by: xuelei
author valeriep
date Fri, 29 Mar 2019 00:39:49 +0000
parents 9a8fe0bc38c3
children f1548abd4ae0
files src/java.base/share/classes/sun/security/ssl/SunJSSE.java test/jdk/java/security/Signature/Offsets.java test/jdk/java/security/SignedObject/Chain.java test/jdk/sun/security/pkcs11/KeyStore/Basic.java test/jdk/sun/security/rsa/BrokenRSAPrivateCrtKey.java test/jdk/sun/security/ssl/rsa/BrokenRSAPrivateCrtKey.java test/jdk/sun/security/ssl/rsa/CheckProviderEntries.java test/jdk/sun/security/ssl/rsa/SignatureOffsets.java test/jdk/sun/security/ssl/rsa/SignedObjectChain.java
diffstat 9 files changed, 163 insertions(+), 103 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java	Tue Mar 26 16:09:33 2019 -0700
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java	Fri Mar 29 00:39:49 2019 +0000
@@ -27,18 +27,12 @@
 
 import java.security.*;
 import java.util.*;
-import sun.security.rsa.SunRsaSignEntries;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
 import static sun.security.provider.SunEntries.createAliases;
 
 /**
  * The JSSE provider.
  *
- * The RSA implementation has been removed from JSSE, but we still need to
- * register the same algorithms for compatibility. We just point to the RSA
- * implementation in the SunRsaSign provider. This works because all classes
- * are in the bootclasspath and therefore loaded by the same classloader.
- *
  * SunJSSE now supports an experimental FIPS compliant mode when used with an
  * appropriate FIPS certified crypto provider. In FIPS mode, we:
  *  . allow only TLS 1.0 or later
@@ -84,12 +78,6 @@
     }
 
     private void doRegister() {
-        Iterator<Provider.Service> rsaIter =
-            new SunRsaSignEntries(this).iterator();
-        while (rsaIter.hasNext()) {
-            putService(rsaIter.next());
-        }
-
         ps("Signature", "MD5andSHA1withRSA",
             "sun.security.ssl.RSASignature", null, null);
 
--- a/test/jdk/java/security/Signature/Offsets.java	Tue Mar 26 16:09:33 2019 -0700
+++ b/test/jdk/java/security/Signature/Offsets.java	Fri Mar 29 00:39:49 2019 +0000
@@ -123,8 +123,13 @@
             throw new RuntimeException("Test doesn't support this signature "
                     + "algorithm: " + algorithm);
         }
-
-        KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo, provider);
+        KeyPairGenerator kpg = null;
+        // first try matching provider, fallback to most preferred if none available
+        try {
+            kpg = KeyPairGenerator.getInstance(keyAlgo, provider);
+        } catch (NoSuchAlgorithmException nsae) {
+            kpg = KeyPairGenerator.getInstance(keyAlgo);
+        }
         kpg.initialize(keySize);
         KeyPair kp = kpg.generateKeyPair();
         PublicKey pubkey = kp.getPublic();
--- a/test/jdk/java/security/SignedObject/Chain.java	Tue Mar 26 16:09:33 2019 -0700
+++ b/test/jdk/java/security/SignedObject/Chain.java	Fri Mar 29 00:39:49 2019 +0000
@@ -1,5 +1,5 @@
 /**
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,13 +21,7 @@
  * questions.
  */
 
-import java.security.Signature;
-import java.security.SignedObject;
-import java.security.KeyPairGenerator;
-import java.security.KeyPair;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
+import java.security.*;
 import java.security.spec.*;
 import java.util.*;
 import jdk.test.lib.SigTestUtil;
@@ -197,8 +191,15 @@
             if (test.provider != Provider.Default) {
                 signature = Signature.getInstance(test.sigAlg.name,
                         test.provider.name);
-                kpg = KeyPairGenerator.getInstance(
-                    test.keyAlg.name, test.provider.name);
+                // try using the same provider first, if not, fallback
+                // to the first available impl
+                try {
+                    kpg = KeyPairGenerator.getInstance(
+                        test.keyAlg.name, test.provider.name);
+                } catch (NoSuchAlgorithmException nsae) {
+                    kpg = KeyPairGenerator.getInstance(
+                        test.keyAlg.name);
+                }
             } else {
                 signature = Signature.getInstance(test.sigAlg.name);
                 kpg = KeyPairGenerator.getInstance(test.keyAlg.name);
--- a/test/jdk/sun/security/pkcs11/KeyStore/Basic.java	Tue Mar 26 16:09:33 2019 -0700
+++ b/test/jdk/sun/security/pkcs11/KeyStore/Basic.java	Fri Mar 29 00:39:49 2019 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,7 @@
         this.provider = p;
 
         // get private keys
-        KeyFactory kf = KeyFactory.getInstance("RSA", "SunJSSE");
+        KeyFactory kf = KeyFactory.getInstance("RSA");
         KeyFactory dsaKf = KeyFactory.getInstance("DSA", "SUN");
 
         ObjectInputStream ois1 = new ObjectInputStream
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/rsa/BrokenRSAPrivateCrtKey.java	Fri Mar 29 00:39:49 2019 +0000
@@ -0,0 +1,67 @@
+/*
+ * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 4503229 8220016
+ * @summary default RSA KeyFactory can return broken RSAPrivateCrtKey objects
+ *      This test was taken directly from the bug report, which
+ *      was fixed in the crippled JSAFE provider, and needed
+ *      to be brought forward into SunRsaSign (was JSSE).
+ * @author Brad Wetmore
+ */
+
+import java.security.*;
+import java.security.interfaces.*;
+import java.security.spec.*;
+import java.math.BigInteger;
+
+public class BrokenRSAPrivateCrtKey {
+    public static void main(String[] args) throws Exception {
+        KeyPairGenerator generator =
+                KeyPairGenerator.getInstance("RSA", "SunRsaSign");
+        generator.initialize(512);
+
+        KeyPair pair = generator.generateKeyPair();
+
+        RSAPrivateCrtKey privatekey = (RSAPrivateCrtKey) pair.getPrivate();
+
+        RSAPrivateCrtKeySpec spec =
+                new RSAPrivateCrtKeySpec(privatekey.getModulus(),
+                privatekey.getPublicExponent(),
+                privatekey.getPrivateExponent(),
+                privatekey.getPrimeP(), privatekey.getPrimeQ(),
+                privatekey.getPrimeExponentP(),
+                privatekey.getPrimeExponentQ(),
+                privatekey.getCrtCoefficient());
+
+        KeyFactory factory = KeyFactory.getInstance("RSA", "SunRsaSign");
+
+        PrivateKey privatekey2 = factory.generatePrivate(spec);
+
+        BigInteger pe =
+                ((RSAPrivateCrtKey) privatekey2).getPublicExponent();
+
+        System.out.println("public exponent: " + pe);
+    }
+}
--- a/test/jdk/sun/security/ssl/rsa/BrokenRSAPrivateCrtKey.java	Tue Mar 26 16:09:33 2019 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 4503229
- * @summary default RSA KeyFactory can return broken RSAPrivateCrtKey objects
- *      This test was taken directly from the bug report, which
- *      was fixed in the crippled JSAFE provider, and needed
- *      to be brought forward into JSSE.
- * @author Brad Wetmore
- */
-
-import java.security.*;
-import java.security.interfaces.*;
-import java.security.spec.*;
-import java.math.BigInteger;
-
-public class BrokenRSAPrivateCrtKey {
-    public static void main(String[] args) throws Exception {
-        KeyPairGenerator generator =
-                KeyPairGenerator.getInstance("RSA", "SunJSSE");
-        generator.initialize(512);
-
-        KeyPair pair = generator.generateKeyPair();
-
-        RSAPrivateCrtKey privatekey = (RSAPrivateCrtKey) pair.getPrivate();
-
-        RSAPrivateCrtKeySpec spec =
-                new RSAPrivateCrtKeySpec(privatekey.getModulus(),
-                privatekey.getPublicExponent(),
-                privatekey.getPrivateExponent(),
-                privatekey.getPrimeP(), privatekey.getPrimeQ(),
-                privatekey.getPrimeExponentP(),
-                privatekey.getPrimeExponentQ(),
-                privatekey.getCrtCoefficient());
-
-        KeyFactory factory = KeyFactory.getInstance("RSA", "SunJSSE");
-
-        PrivateKey privatekey2 = factory.generatePrivate(spec);
-
-        BigInteger pe =
-                ((RSAPrivateCrtKey) privatekey2).getPublicExponent();
-
-        System.out.println("public exponent: " + pe);
-    }
-}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/ssl/rsa/CheckProviderEntries.java	Fri Mar 29 00:39:49 2019 +0000
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.*;
+import java.util.Iterator;
+import java.security.Provider.Service;
+
+/*
+ * @test
+ * @bug 8220016
+ * @summary This test checks the RSA-related services in SunJSSE provider
+ */
+public class CheckProviderEntries {
+
+    private static boolean testResult = true;
+
+    private static void error(String msg) {
+        testResult = false;
+        System.out.println(msg);
+    }
+    public static void main(String[] args) throws NoSuchAlgorithmException,
+            InvalidKeyException, SignatureException {
+        Provider p = Security.getProvider("SunJSSE");
+        Iterator<Provider.Service> iter = p.getServices().iterator();
+        while (iter.hasNext()) {
+            Service s = iter.next();
+            String type = s.getType();
+            String algo = s.getAlgorithm();
+            System.out.println("Type: " + type + " " + algo);
+            try {
+                if (algo.indexOf("RSA") != -1) {
+                    // only MD5andSHA1withRSA signature support
+                    // error out on any other RSA support
+                    if (type.equals("Signature") &&
+                        algo.equals("MD5andSHA1withRSA")) {
+                        s.newInstance(null);
+                        continue;
+                    }
+                    error("Error: unexpected RSA services");
+                }
+            } catch (NoSuchAlgorithmException | InvalidParameterException e) {
+                error("Error: cannot create obj " + e);
+            }
+        }
+        if (testResult) {
+            System.out.println("Test Passed");
+        } else {
+            throw new RuntimeException("One or more tests failed");
+        }
+    }
+}
--- a/test/jdk/sun/security/ssl/rsa/SignatureOffsets.java	Tue Mar 26 16:09:33 2019 -0700
+++ b/test/jdk/sun/security/ssl/rsa/SignatureOffsets.java	Fri Mar 29 00:39:49 2019 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,7 @@
 
 /*
  * @test
- * @bug 8050374
+ * @bug 8050374 8220016
  * @key randomness
  * @summary This test validates signature verification
  *          Signature.verify(byte[], int, int). The test uses RandomFactory to
@@ -37,10 +37,7 @@
  * @library /test/lib
  * @build jdk.test.lib.RandomFactory
  * @compile ../../../../java/security/Signature/Offsets.java
- * @run main SignatureOffsets SunJSSE MD2withRSA
- * @run main SignatureOffsets SunJSSE MD5withRSA
- * @run main SignatureOffsets SunJSSE SHA1withRSA
- * @run main SignatureOffsets SunJSSE MD5andSHA1withRSA
+ * @run main SignatureOffsets SunJSSE    MD5andSHA1withRSA
  */
 public class SignatureOffsets {
 
--- a/test/jdk/sun/security/ssl/rsa/SignedObjectChain.java	Tue Mar 26 16:09:33 2019 -0700
+++ b/test/jdk/sun/security/ssl/rsa/SignedObjectChain.java	Fri Mar 29 00:39:49 2019 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@
  * @compile ../../../../java/security/SignedObject/Chain.java
  * @run main SignedObjectChain
  */
+
 public class SignedObjectChain {
 
     private static class Test extends Chain.Test {
@@ -40,9 +41,6 @@
     }
 
     private static final Test[] tests = {
-        new Test(Chain.SigAlg.MD2withRSA),
-        new Test(Chain.SigAlg.MD5withRSA),
-        new Test(Chain.SigAlg.SHA1withRSA),
         new Test(Chain.SigAlg.MD5andSHA1withRSA),
     };