changeset 14937:3a1457267440

8159180: Remove default setting for jdk.security.provider.preferred Reviewed-by: xuelei
author ascarpino
date Sat, 02 Jul 2016 13:51:20 -0700
parents 5244d6e80b86
children b6c9d1c6c6d4
files src/java.base/share/conf/security/java.security test/sun/security/jca/PreferredProviderNegativeTest.java test/sun/security/jca/PreferredProviderTest.java
diffstat 3 files changed, 24 insertions(+), 25 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/conf/security/java.security	Fri Jul 01 15:13:00 2016 -0700
+++ b/src/java.base/share/conf/security/java.security	Sat Jul 02 13:51:20 2016 -0700
@@ -116,15 +116,7 @@
 # Example:
 #   jdk.security.provider.preferred=AES/GCM/NoPadding:SunJCE, \
 #         MessageDigest.SHA-256:SUN, Group.HmacSHA2:SunJCE
-#ifdef solaris-sparc
-jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, \
-      HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE
-#endif
-#ifdef solaris-x86
-jdk.security.provider.preferred=AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, \
-      HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE, RSA:SunRsaSign, \
-      SHA1withRSA:SunRsaSign, Group.SHA2RSA:SunRsaSign
-#endif
+#jdk.security.provider.preferred=
 
 
 #
--- a/test/sun/security/jca/PreferredProviderNegativeTest.java	Fri Jul 01 15:13:00 2016 -0700
+++ b/test/sun/security/jca/PreferredProviderNegativeTest.java	Sat Jul 02 13:51:20 2016 -0700
@@ -62,7 +62,7 @@
             }
         } else {
             if (!cipher.getProvider().getName().equals(arrays[1])) {
-                throw new RuntimeException("Test Faild:The provider could be "
+                throw new RuntimeException("Test Failed:The provider could be "
                         + "set by valid provider.");
             }
         }
@@ -73,13 +73,13 @@
      * Test that the setting of the security property after Cipher.getInstance()
      * does not influence previously loaded instances
      */
-    public static void afterJCESet(String value)
+    public static void afterJCESet(String value, String expected)
             throws NoSuchAlgorithmException, NoSuchPaddingException {
         String[] arrays = value.split(":");
         Cipher cipher = Cipher.getInstance(arrays[0]);
 
         Security.setProperty(SEC_PREF_PROP, value);
-        if (!cipher.getProvider().getName().equals("SunJCE")) {
+        if (!cipher.getProvider().getName().equals(expected)) {
             throw new RuntimeException("Test Failed:The security property can't"
                     + " be updated after JCE load.");
         }
@@ -105,25 +105,28 @@
     public static void main(String[] args)
             throws NoSuchAlgorithmException, NoSuchPaddingException {
 
+        String expected;
+        String value = args[1];
+        // If OS is solaris, expect OracleUcrypto, otherwise SunJCE
+        if (System.getProperty("os.name").toLowerCase().contains("sun")) {
+            expected = "OracleUcrypto";
+        } else {
+            expected = "SunJCE";
+        }
+
         if (args.length >= 2) {
             switch (args[0]) {
                 case "preSet":
                     boolean negativeProvider = Boolean.valueOf(args[2]);
-                    boolean solaris = System.getProperty("os.name")
-                            .toLowerCase().contains("sun");
-                    String value = args[1];
-                    if (args[1].split(":").length < 2) {
-                        if (solaris) {
-                            value += ":OracleUcrypto";
-                        } else {
-                            value += ":SunJCE";
-                        }
+                    if (!args[1].contains(":")) {
+                        value += ":" + expected;
                     }
                     PreferredProviderNegativeTest.preJCESet(
                             value, negativeProvider);
                     break;
                 case "afterSet":
-                    PreferredProviderNegativeTest.afterJCESet(args[1]);
+                    PreferredProviderNegativeTest.afterJCESet(args[1],
+                            expected);
                     break;
                 case "invalidAlg":
                     PreferredProviderNegativeTest.invalidAlg(args[1]);
--- a/test/sun/security/jca/PreferredProviderTest.java	Fri Jul 01 15:13:00 2016 -0700
+++ b/test/sun/security/jca/PreferredProviderTest.java	Sat Jul 02 13:51:20 2016 -0700
@@ -38,6 +38,7 @@
  * @bug 8076359 8133151 8145344 8150512 8155847
  * @summary Test the value for new jdk.security.provider.preferred
  *          security property
+ * @run main/othervm PreferredProviderTest
  */
 public class PreferredProviderTest {
 
@@ -59,12 +60,14 @@
             verifyDigestProvider(os, type, Arrays.asList(
                     new DataTuple("SHA-256", "SUN")));
         } else {
-            //For solaris the preferred algorithm/provider is already set in
-            //java.security file which will be verified.
+            //Solaris has different providers that support the same algorithm
+            //which makes for better testing.
             switch (type) {
                 case "sparcv9":
                     preferredProp = "AES:SunJCE, SHA1:SUN, Group.SHA2:SUN, " +
                             "HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE";
+                    Security.setProperty(
+                            "jdk.security.provider.preferred", preferredProp);
                     verifyPreferredProviderProperty(os, type, preferredProp);
 
                     verifyDigestProvider(os, type, Arrays.asList(
@@ -89,7 +92,8 @@
                             "HmacSHA1:SunJCE, Group.HmacSHA2:SunJCE, " +
                             "RSA:SunRsaSign, SHA1withRSA:SunRsaSign, " +
                             "Group.SHA2RSA:SunRsaSign";
-
+                    Security.setProperty(
+                            "jdk.security.provider.preferred", preferredProp);
                     verifyPreferredProviderProperty(os, type, preferredProp);
 
                     verifyKeyFactoryProvider(os, type, Arrays.asList(