changeset 10858:e0a04f91f4bd

8080102: Java 8 cannot load its cacerts in FIPS. no such provider: SunEC Reviewed-by: valeriep
author coffeys
date Tue, 23 Jun 2015 04:07:36 -0700
parents 07911e30fdfe
children 785d21100834
files src/share/classes/sun/security/ec/ECPrivateKeyImpl.java src/share/classes/sun/security/ec/ECPublicKeyImpl.java src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java src/share/classes/sun/security/pkcs11/P11ECUtil.java src/share/classes/sun/security/pkcs11/P11Key.java src/share/classes/sun/security/util/ECUtil.java test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
diffstat 7 files changed, 141 insertions(+), 53 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java	Thu Jun 18 19:15:14 2015 +0300
+++ b/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java	Tue Jun 23 04:07:36 2015 -0700
@@ -69,7 +69,7 @@
     /**
      * Construct a key from its encoding. Called by the ECKeyFactory.
      */
-    ECPrivateKeyImpl(byte[] encoded) throws InvalidKeyException {
+    public ECPrivateKeyImpl(byte[] encoded) throws InvalidKeyException {
         decode(encoded);
     }
 
@@ -77,7 +77,7 @@
      * Construct a key from its components. Used by the
      * KeyFactory.
      */
-    ECPrivateKeyImpl(BigInteger s, ECParameterSpec params)
+    public ECPrivateKeyImpl(BigInteger s, ECParameterSpec params)
             throws InvalidKeyException {
         this.s = s;
         this.params = params;
--- a/src/share/classes/sun/security/ec/ECPublicKeyImpl.java	Thu Jun 18 19:15:14 2015 +0300
+++ b/src/share/classes/sun/security/ec/ECPublicKeyImpl.java	Tue Jun 23 04:07:36 2015 -0700
@@ -52,7 +52,7 @@
      * ECKeyFactory.
      */
     @SuppressWarnings("deprecation")
-    ECPublicKeyImpl(ECPoint w, ECParameterSpec params)
+    public ECPublicKeyImpl(ECPoint w, ECParameterSpec params)
             throws InvalidKeyException {
         this.w = w;
         this.params = params;
@@ -65,7 +65,7 @@
     /**
      * Construct a key from its encoding.
      */
-    ECPublicKeyImpl(byte[] encoded) throws InvalidKeyException {
+    public ECPublicKeyImpl(byte[] encoded) throws InvalidKeyException {
         decode(encoded);
     }
 
--- a/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java	Thu Jun 18 19:15:14 2015 +0300
+++ b/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java	Tue Jun 23 04:07:36 2015 -0700
@@ -116,7 +116,7 @@
                 byte[] encoded = key.getEncoded();
 
                 try {
-                    key = ECUtil.decodeX509ECPublicKey(encoded);
+                    key = P11ECUtil.decodeX509ECPublicKey(encoded);
                 } catch (InvalidKeySpecException ikse) {
                     throw new InvalidKeyException(ikse);
                 }
@@ -145,7 +145,7 @@
                 byte[] encoded = key.getEncoded();
 
                 try {
-                    key = ECUtil.decodePKCS8ECPrivateKey(encoded);
+                    key = P11ECUtil.decodePKCS8ECPrivateKey(encoded);
                 } catch (InvalidKeySpecException ikse) {
                     throw new InvalidKeyException(ikse);
                 }
@@ -167,7 +167,7 @@
         if (keySpec instanceof X509EncodedKeySpec) {
             try {
                 byte[] encoded = ((X509EncodedKeySpec)keySpec).getEncoded();
-                PublicKey key = ECUtil.decodeX509ECPublicKey(encoded);
+                PublicKey key = P11ECUtil.decodeX509ECPublicKey(encoded);
                 return implTranslatePublicKey(key);
             } catch (InvalidKeyException e) {
                 throw new InvalidKeySpecException
@@ -197,7 +197,7 @@
         if (keySpec instanceof PKCS8EncodedKeySpec) {
             try {
                 byte[] encoded = ((PKCS8EncodedKeySpec)keySpec).getEncoded();
-                PrivateKey key = ECUtil.decodePKCS8ECPrivateKey(encoded);
+                PrivateKey key = P11ECUtil.decodePKCS8ECPrivateKey(encoded);
                 return implTranslatePrivateKey(key);
             } catch (GeneralSecurityException e) {
                 throw new InvalidKeySpecException
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/share/classes/sun/security/pkcs11/P11ECUtil.java	Tue Jun 23 04:07:36 2015 -0700
@@ -0,0 +1,114 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.pkcs11;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.*;
+import java.security.interfaces.*;
+import java.security.spec.*;
+
+import sun.security.ec.ECPublicKeyImpl;
+import sun.security.ec.ECPrivateKeyImpl;
+import sun.security.x509.X509Key;
+
+final class P11ECUtil {
+
+    static ECPublicKey decodeX509ECPublicKey(byte[] encoded)
+            throws InvalidKeySpecException {
+        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
+
+        return (ECPublicKey)ECGeneratePublic(keySpec);
+    }
+
+    static byte[] x509EncodeECPublicKey(ECPoint w,
+            ECParameterSpec params) throws InvalidKeySpecException {
+        ECPublicKeySpec keySpec = new ECPublicKeySpec(w, params);
+        X509Key key = (X509Key)ECGeneratePublic(keySpec);
+
+        return key.getEncoded();
+    }
+
+    static ECPrivateKey decodePKCS8ECPrivateKey(byte[] encoded)
+            throws InvalidKeySpecException {
+        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
+
+        return (ECPrivateKey)ECGeneratePrivate(keySpec);
+    }
+
+    static ECPrivateKey generateECPrivateKey(BigInteger s,
+            ECParameterSpec params) throws InvalidKeySpecException {
+        ECPrivateKeySpec keySpec = new ECPrivateKeySpec(s, params);
+
+        return (ECPrivateKey)ECGeneratePrivate(keySpec);
+    }
+
+    private static PublicKey ECGeneratePublic(KeySpec keySpec)
+            throws InvalidKeySpecException {
+        try {
+            if (keySpec instanceof X509EncodedKeySpec) {
+               X509EncodedKeySpec x509Spec = (X509EncodedKeySpec)keySpec;
+                return new ECPublicKeyImpl(x509Spec.getEncoded());
+            } else if (keySpec instanceof ECPublicKeySpec) {
+                ECPublicKeySpec ecSpec = (ECPublicKeySpec)keySpec;
+                return new ECPublicKeyImpl(
+                    ecSpec.getW(),
+                    ecSpec.getParams()
+                );
+            } else {
+                throw new InvalidKeySpecException("Only ECPublicKeySpec "
+                    + "and X509EncodedKeySpec supported for EC public keys");
+            }
+        } catch (InvalidKeySpecException e) {
+            throw e;
+        } catch (GeneralSecurityException e) {
+            throw new InvalidKeySpecException(e);
+        }
+    }
+
+    private static PrivateKey ECGeneratePrivate(KeySpec keySpec)
+            throws InvalidKeySpecException {
+        try {
+            if (keySpec instanceof PKCS8EncodedKeySpec) {
+                PKCS8EncodedKeySpec pkcsSpec = (PKCS8EncodedKeySpec)keySpec;
+                return new ECPrivateKeyImpl(pkcsSpec.getEncoded());
+            } else if (keySpec instanceof ECPrivateKeySpec) {
+                ECPrivateKeySpec ecSpec = (ECPrivateKeySpec)keySpec;
+                return new ECPrivateKeyImpl(ecSpec.getS(), ecSpec.getParams());
+            } else {
+                throw new InvalidKeySpecException("Only ECPrivateKeySpec "
+                    + "and PKCS8EncodedKeySpec supported for EC private keys");
+            }
+        } catch (InvalidKeySpecException e) {
+            throw e;
+        } catch (GeneralSecurityException e) {
+            throw new InvalidKeySpecException(e);
+        }
+    }
+
+    private P11ECUtil() {}
+
+}
--- a/src/share/classes/sun/security/pkcs11/P11Key.java	Thu Jun 18 19:15:14 2015 +0300
+++ b/src/share/classes/sun/security/pkcs11/P11Key.java	Tue Jun 23 04:07:36 2015 -0700
@@ -47,7 +47,6 @@
 
 import sun.security.util.DerValue;
 import sun.security.util.Length;
-import sun.security.util.ECUtil;
 
 /**
  * Key implementation classes.
@@ -993,7 +992,7 @@
             if (encoded == null) {
                 fetchValues();
                 try {
-                    Key key = ECUtil.generateECPrivateKey(s, params);
+                    Key key = P11ECUtil.generateECPrivateKey(s, params);
                     encoded = key.getEncoded();
                 } catch (InvalidKeySpecException e) {
                     throw new ProviderException(e);
@@ -1067,7 +1066,7 @@
             if (encoded == null) {
                 fetchValues();
                 try {
-                    return ECUtil.x509EncodeECPublicKey(w, params);
+                    return P11ECUtil.x509EncodeECPublicKey(w, params);
                 } catch (InvalidKeySpecException e) {
                     throw new ProviderException(e);
                 }
--- a/src/share/classes/sun/security/util/ECUtil.java	Thu Jun 18 19:15:14 2015 +0300
+++ b/src/share/classes/sun/security/util/ECUtil.java	Tue Jun 23 04:07:36 2015 -0700
@@ -89,47 +89,6 @@
         return Arrays.copyOfRange(b, i, b.length);
     }
 
-    private static KeyFactory getKeyFactory() {
-        try {
-            return KeyFactory.getInstance("EC", "SunEC");
-        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
-            throw new RuntimeException(e);
-        }
-    }
-
-    public static ECPublicKey decodeX509ECPublicKey(byte[] encoded)
-            throws InvalidKeySpecException {
-        KeyFactory keyFactory = getKeyFactory();
-        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
-
-        return (ECPublicKey)keyFactory.generatePublic(keySpec);
-    }
-
-    public static byte[] x509EncodeECPublicKey(ECPoint w,
-            ECParameterSpec params) throws InvalidKeySpecException {
-        KeyFactory keyFactory = getKeyFactory();
-        ECPublicKeySpec keySpec = new ECPublicKeySpec(w, params);
-        X509Key key = (X509Key)keyFactory.generatePublic(keySpec);
-
-        return key.getEncoded();
-    }
-
-    public static ECPrivateKey decodePKCS8ECPrivateKey(byte[] encoded)
-            throws InvalidKeySpecException {
-        KeyFactory keyFactory = getKeyFactory();
-        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
-
-        return (ECPrivateKey)keyFactory.generatePrivate(keySpec);
-    }
-
-    public static ECPrivateKey generateECPrivateKey(BigInteger s,
-            ECParameterSpec params) throws InvalidKeySpecException {
-        KeyFactory keyFactory = getKeyFactory();
-        ECPrivateKeySpec keySpec = new ECPrivateKeySpec(s, params);
-
-        return (ECPrivateKey)keyFactory.generatePrivate(keySpec);
-    }
-
     private static AlgorithmParameters getECParameters(Provider p) {
         try {
             if (p != null) {
--- a/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java	Thu Jun 18 19:15:14 2015 +0300
+++ b/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java	Tue Jun 23 04:07:36 2015 -0700
@@ -28,7 +28,7 @@
 
 /*
  * @test
- * @bug 6405536
+ * @bug 6405536 8080102
  * @summary Verify that all ciphersuites work (incl. ECC using NSS crypto)
  * @author Andreas Sterbenz
  * @library ..
@@ -49,13 +49,29 @@
 
         cmdArgs = args;
         main(new ClientJSSEServerJSSE());
+        // now test without SunEC Provider
+        System.setProperty("testWithoutSunEC", "true");
+        main(new ClientJSSEServerJSSE());
+
     }
 
     public void main(Provider p) throws Exception {
+        String testWithoutSunEC = System.getProperty("testWithoutSunEC");
         if (p.getService("KeyFactory", "EC") == null) {
             System.out.println("Provider does not support EC, skipping");
             return;
         }
+
+
+        if (testWithoutSunEC != null) {
+            Provider sunec = Security.getProvider("SunEC");
+            if (sunec == null) {
+                System.out.println("SunEC provider not present. Skipping test");
+                 return;
+            }
+            Security.removeProvider(sunec.getName());
+        }
+
         Providers.setAt(p, 1);
         CipherTest.main(new JSSEFactory(), cmdArgs);
         Security.removeProvider(p.getName());