diff --git a/7092821-java.security.Provider.getService-is-synchro.patch b/7092821-java.security.Provider.getService-is-synchro.patch new file mode 100644 index 0000000000000000000000000000000000000000..81bd24504fb43e43407946310f8c287742ef55b9 --- /dev/null +++ b/7092821-java.security.Provider.getService-is-synchro.patch @@ -0,0 +1,4784 @@ +From 834e8792532d89505e5cabfdbca0de3481b5c8ed Mon Sep 17 00:00:00 2001 +From: z00558301 +Date: Wed, 8 Jun 2022 09:38:47 +0800 +Subject: [PATCH 06/10] 7092821: java.security.Provider.getService() is + synchronized and became scalability bottleneck + +Bug url: https://bugs.openjdk.java.net/browse/JDK-7092821 +--- + .../com/sun/crypto/provider/SunJCE.java | 1300 ++++++++--------- + .../security/AlgorithmParameterGenerator.java | 5 +- + .../share/classes/java/security/Provider.java | 129 +- + .../classes/java/security/SecureRandom.java | 70 +- + .../share/classes/javax/crypto/Cipher.java | 8 +- + .../classes/javax/crypto/JceSecurity.java | 2 - + .../classes/javax/crypto/KeyAgreement.java | 4 +- + .../classes/javax/crypto/KeyGenerator.java | 4 +- + .../classes/sun/security/provider/Sun.java | 25 +- + .../sun/security/provider/SunEntries.java | 333 ++--- + .../provider/VerificationProvider.java | 28 +- + .../classes/sun/security/rsa/SunRsaSign.java | 25 +- + .../sun/security/rsa/SunRsaSignEntries.java | 171 +-- + .../classes/sun/security/ssl/SunJSSE.java | 136 +- + .../Provider/BaseProviderValidator.java | 76 + + .../security/Provider/GetServiceRace.java | 98 ++ + .../security/Provider/LegacyPutAlias.java | 86 ++ + .../Provider/ProviderValidationUtil.java | 270 ++++ + .../security/Provider/SunJCEValidator.java | 574 ++++++++ + .../security/Provider/SunJSSEValidator.java | 137 ++ + .../Provider/SunRsaSignValidator.java | 154 ++ + .../java/security/Provider/SunValidator.java | 263 ++++ + .../security/SecureRandom/DefaultAlgo.java | 117 ++ + .../provider/GetServiceBenchmark.java | 83 ++ + 24 files changed, 2965 insertions(+), 1133 deletions(-) + create mode 100644 jdk/test/java/security/Provider/BaseProviderValidator.java + create mode 100644 jdk/test/java/security/Provider/GetServiceRace.java + create mode 100644 jdk/test/java/security/Provider/LegacyPutAlias.java + create mode 100644 jdk/test/java/security/Provider/ProviderValidationUtil.java + create mode 100644 jdk/test/java/security/Provider/SunJCEValidator.java + create mode 100644 jdk/test/java/security/Provider/SunJSSEValidator.java + create mode 100644 jdk/test/java/security/Provider/SunRsaSignValidator.java + create mode 100644 jdk/test/java/security/Provider/SunValidator.java + create mode 100644 jdk/test/java/security/SecureRandom/DefaultAlgo.java + create mode 100644 jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java + +diff --git a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java +index efe8031fe..472439b86 100644 +--- a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java ++++ b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java +@@ -28,6 +28,10 @@ package com.sun.crypto.provider; + import java.security.AccessController; + import java.security.Provider; + import java.security.SecureRandom; ++import java.security.PrivilegedAction; ++import java.util.Arrays; ++import java.util.HashMap; ++import java.util.List; + + + /** +@@ -78,16 +82,6 @@ public final class SunJCE extends Provider { + "(implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, " + + "Diffie-Hellman, HMAC)"; + +- private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1"; +- private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2"; +- private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3"; +- private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5"; +- private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6"; +- private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3"; +- private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12"; +- private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13"; +- private static final String OID_PKCS3 = "1.2.840.113549.1.3.1"; +- + /* Are we debugging? -- for developers */ + static final boolean debug = false; + +@@ -102,10 +96,116 @@ public final class SunJCE extends Provider { + } + static SecureRandom getRandom() { return SecureRandomHolder.RANDOM; } + ++ ++ // create an aliases List from the specified aliases ++ public static List createAliases(String ... aliases) { ++ return Arrays.asList(aliases); ++ } ++ ++ // create an aliases List from the specified oid followed by other aliases ++ public static List createAliasesWithOid(String ... oids) { ++ String[] result = Arrays.copyOf(oids, oids.length + 1); ++ result[result.length - 1] = "OID." + oids[0]; ++ return Arrays.asList(result); ++ } ++ ++ private void ps(String type, String algo, String cn, ++ List aliases, HashMap attrs) { ++ putService(new Provider.Service(this, type, algo, cn, aliases, attrs)); ++ } ++ + public SunJCE() { + /* We are the "SunJCE" provider */ + super("SunJCE", 1.8d, info); + ++ // if there is no security manager installed, put directly into ++ // the provider ++ if (System.getSecurityManager() == null) { ++ putEntries(); ++ } else { ++ AccessController.doPrivileged(new PrivilegedAction() { ++ @Override ++ public Void run() { ++ putEntries(); ++ return null; ++ } ++ }); ++ } ++ if (instance == null) { ++ instance = this; ++ } ++ } ++ ++ void putEntries() { ++ // common aliases and oids ++ List aesAliases = createAliases("Rijndael"); ++ List desEdeAliases = createAliases("TripleDES"); ++ List arcFourAliases = createAliases("RC4"); ++ List sunTlsMSAliases = createAliases( ++ "SunTls12MasterSecret", "SunTlsExtendedMasterSecret" ++ ); ++ List sunTlsKMAliases = createAliases("SunTls12KeyMaterial"); ++ List sunTlsRsaPMSAliases = createAliases("SunTls12RsaPremasterSecret"); ++ ++ String aes128Oid = "2.16.840.1.101.3.4.1."; ++ String aes192Oid = "2.16.840.1.101.3.4.1.2"; ++ String aes256Oid = "2.16.840.1.101.3.4.1.4"; ++ ++ List pkcs12RC4_128Aliases = ++ createAliasesWithOid("1.2.840.113549.1.12.1.1"); ++ ++ List pkcs12RC4_40Aliases = ++ createAliasesWithOid("1.2.840.113549.1.12.1.2"); ++ ++ List pkcs12DESedeAliases = ++ createAliasesWithOid("1.2.840.113549.1.12.1.3"); ++ ++ List pkcs12RC2_128Aliases = ++ createAliasesWithOid("1.2.840.113549.1.12.1.5"); ++ ++ List pkcs12RC2_40Aliases = ++ createAliasesWithOid("1.2.840.113549.1.12.1.6"); ++ ++ List pkcs5MD5_DESAliases = ++ createAliasesWithOid("1.2.840.113549.1.5.3", "PBE"); ++ ++ List pkcs5PBKDF2Aliases = ++ createAliasesWithOid("1.2.840.113549.1.5.12"); ++ ++ List pkcs5PBES2Aliases = ++ createAliasesWithOid("1.2.840.113549.1.5.13"); ++ ++ List diffieHellmanAliases = ++ createAliasesWithOid("1.2.840.113549.1.3.1", "DH"); ++ ++ String macOidBase = "1.2.840.113549.2."; ++ List macSHA1Aliases = createAliasesWithOid(macOidBase + "7"); ++ List macSHA224Aliases = createAliasesWithOid(macOidBase + "8"); ++ List macSHA256Aliases = createAliasesWithOid(macOidBase + "9"); ++ List macSHA384Aliases = createAliasesWithOid(macOidBase + "10"); ++ List macSHA512Aliases = createAliasesWithOid(macOidBase + "11"); ++ ++ // reuse attribute map and reset before each reuse ++ HashMap attrs = new HashMap<>(3); ++ attrs.put("SupportedModes", "ECB"); ++ attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING" ++ + "|OAEPWITHMD5ANDMGF1PADDING" ++ + "|OAEPWITHSHA1ANDMGF1PADDING" ++ + "|OAEPWITHSHA-1ANDMGF1PADDING" ++ + "|OAEPWITHSHA-224ANDMGF1PADDING" ++ + "|OAEPWITHSHA-256ANDMGF1PADDING" ++ + "|OAEPWITHSHA-384ANDMGF1PADDING" ++ + "|OAEPWITHSHA-512ANDMGF1PADDING" ++ + "|OAEPWITHSHA-512/224ANDMGF1PADDING" ++ + "|OAEPWITHSHA-512/256ANDMGF1PADDING"); ++ attrs.put("SupportedKeyClasses", ++ "java.security.interfaces.RSAPublicKey" + ++ "|java.security.interfaces.RSAPrivateKey"); ++ ps("Cipher", "RSA", ++ "com.sun.crypto.provider.RSACipher", null, attrs); ++ ++ // common block cipher modes, pads ++ + final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" + + "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" + + "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64"; +@@ -114,676 +214,516 @@ public final class SunJCE extends Provider { + "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128"; + final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING"; + +- AccessController.doPrivileged( +- new java.security.PrivilegedAction() { +- public Object run() { +- +- /* +- * Cipher engines +- */ +- put("Cipher.RSA", "com.sun.crypto.provider.RSACipher"); +- put("Cipher.RSA SupportedModes", "ECB"); +- put("Cipher.RSA SupportedPaddings", +- "NOPADDING|PKCS1PADDING|OAEPPADDING" +- + "|OAEPWITHMD5ANDMGF1PADDING" +- + "|OAEPWITHSHA1ANDMGF1PADDING" +- + "|OAEPWITHSHA-1ANDMGF1PADDING" +- + "|OAEPWITHSHA-224ANDMGF1PADDING" +- + "|OAEPWITHSHA-256ANDMGF1PADDING" +- + "|OAEPWITHSHA-384ANDMGF1PADDING" +- + "|OAEPWITHSHA-512ANDMGF1PADDING" +- + "|OAEPWITHSHA-512/224ANDMGF1PADDING" +- + "|OAEPWITHSHA-512/256ANDMGF1PADDING"); +- put("Cipher.RSA SupportedKeyClasses", +- "java.security.interfaces.RSAPublicKey" + +- "|java.security.interfaces.RSAPrivateKey"); +- +- put("Cipher.DES", "com.sun.crypto.provider.DESCipher"); +- put("Cipher.DES SupportedModes", BLOCK_MODES); +- put("Cipher.DES SupportedPaddings", BLOCK_PADS); +- put("Cipher.DES SupportedKeyFormats", "RAW"); +- +- put("Cipher.DESede", "com.sun.crypto.provider.DESedeCipher"); +- put("Alg.Alias.Cipher.TripleDES", "DESede"); +- put("Cipher.DESede SupportedModes", BLOCK_MODES); +- put("Cipher.DESede SupportedPaddings", BLOCK_PADS); +- put("Cipher.DESede SupportedKeyFormats", "RAW"); +- +- put("Cipher.DESedeWrap", +- "com.sun.crypto.provider.DESedeWrapCipher"); +- put("Cipher.DESedeWrap SupportedModes", "CBC"); +- put("Cipher.DESedeWrap SupportedPaddings", "NOPADDING"); +- put("Cipher.DESedeWrap SupportedKeyFormats", "RAW"); +- +- // PBES1 +- +- put("Cipher.PBEWithMD5AndDES", +- "com.sun.crypto.provider.PBEWithMD5AndDESCipher"); +- put("Alg.Alias.Cipher.OID."+OID_PKCS5_MD5_DES, +- "PBEWithMD5AndDES"); +- put("Alg.Alias.Cipher."+OID_PKCS5_MD5_DES, +- "PBEWithMD5AndDES"); +- +- put("Cipher.PBEWithMD5AndTripleDES", +- "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher"); +- +- put("Cipher.PBEWithSHA1AndDESede", +- "com.sun.crypto.provider.PKCS12PBECipherCore$" + +- "PBEWithSHA1AndDESede"); +- put("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede, +- "PBEWithSHA1AndDESede"); +- put("Alg.Alias.Cipher." + OID_PKCS12_DESede, +- "PBEWithSHA1AndDESede"); +- +- put("Cipher.PBEWithSHA1AndRC2_40", +- "com.sun.crypto.provider.PKCS12PBECipherCore$" + +- "PBEWithSHA1AndRC2_40"); +- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40, +- "PBEWithSHA1AndRC2_40"); +- put("Alg.Alias.Cipher." + OID_PKCS12_RC2_40, +- "PBEWithSHA1AndRC2_40"); +- +- put("Cipher.PBEWithSHA1AndRC2_128", +- "com.sun.crypto.provider.PKCS12PBECipherCore$" + +- "PBEWithSHA1AndRC2_128"); +- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128, +- "PBEWithSHA1AndRC2_128"); +- put("Alg.Alias.Cipher." + OID_PKCS12_RC2_128, +- "PBEWithSHA1AndRC2_128"); +- +- put("Cipher.PBEWithSHA1AndRC4_40", +- "com.sun.crypto.provider.PKCS12PBECipherCore$" + +- "PBEWithSHA1AndRC4_40"); +- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40, +- "PBEWithSHA1AndRC4_40"); +- put("Alg.Alias.Cipher." + OID_PKCS12_RC4_40, +- "PBEWithSHA1AndRC4_40"); +- +- put("Cipher.PBEWithSHA1AndRC4_128", +- "com.sun.crypto.provider.PKCS12PBECipherCore$" + +- "PBEWithSHA1AndRC4_128"); +- put("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128, +- "PBEWithSHA1AndRC4_128"); +- put("Alg.Alias.Cipher." + OID_PKCS12_RC4_128, +- "PBEWithSHA1AndRC4_128"); +- +- //PBES2 +- +- put("Cipher.PBEWithHmacSHA1AndAES_128", +- "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128"); +- +- put("Cipher.PBEWithHmacSHA224AndAES_128", +- "com.sun.crypto.provider.PBES2Core$" + +- "HmacSHA224AndAES_128"); +- +- put("Cipher.PBEWithHmacSHA256AndAES_128", +- "com.sun.crypto.provider.PBES2Core$" + +- "HmacSHA256AndAES_128"); +- +- put("Cipher.PBEWithHmacSHA384AndAES_128", +- "com.sun.crypto.provider.PBES2Core$" + +- "HmacSHA384AndAES_128"); +- +- put("Cipher.PBEWithHmacSHA512AndAES_128", +- "com.sun.crypto.provider.PBES2Core$" + +- "HmacSHA512AndAES_128"); +- +- put("Cipher.PBEWithHmacSHA1AndAES_256", +- "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256"); +- +- put("Cipher.PBEWithHmacSHA224AndAES_256", +- "com.sun.crypto.provider.PBES2Core$" + +- "HmacSHA224AndAES_256"); +- +- put("Cipher.PBEWithHmacSHA256AndAES_256", +- "com.sun.crypto.provider.PBES2Core$" + +- "HmacSHA256AndAES_256"); +- +- put("Cipher.PBEWithHmacSHA384AndAES_256", +- "com.sun.crypto.provider.PBES2Core$" + +- "HmacSHA384AndAES_256"); +- +- put("Cipher.PBEWithHmacSHA512AndAES_256", +- "com.sun.crypto.provider.PBES2Core$" + +- "HmacSHA512AndAES_256"); +- +- put("Cipher.Blowfish", +- "com.sun.crypto.provider.BlowfishCipher"); +- put("Cipher.Blowfish SupportedModes", BLOCK_MODES); +- put("Cipher.Blowfish SupportedPaddings", BLOCK_PADS); +- put("Cipher.Blowfish SupportedKeyFormats", "RAW"); +- +- put("Cipher.AES", "com.sun.crypto.provider.AESCipher$General"); +- put("Alg.Alias.Cipher.Rijndael", "AES"); +- put("Cipher.AES SupportedModes", BLOCK_MODES128); +- put("Cipher.AES SupportedPaddings", BLOCK_PADS); +- put("Cipher.AES SupportedKeyFormats", "RAW"); +- +- put("Cipher.AES_128/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); +- put("Cipher.AES_128/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); +- put("Cipher.AES_128/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); +- put("Cipher.AES_128/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); +- put("Cipher.AES_128/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"); +- +- put("Cipher.AES_192/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); +- put("Cipher.AES_192/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); +- put("Cipher.AES_192/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); +- put("Cipher.AES_192/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); +- put("Cipher.AES_192/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"); +- +- put("Cipher.AES_256/ECB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); +- put("Cipher.AES_256/CBC/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); +- put("Cipher.AES_256/OFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); +- put("Cipher.AES_256/CFB/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); +- put("Cipher.AES_256/GCM/NoPadding", "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"); +- +- put("Cipher.AESWrap", "com.sun.crypto.provider.AESWrapCipher$General"); +- put("Cipher.AESWrap SupportedModes", "ECB"); +- put("Cipher.AESWrap SupportedPaddings", "NOPADDING"); +- put("Cipher.AESWrap SupportedKeyFormats", "RAW"); +- +- put("Cipher.AESWrap_128", "com.sun.crypto.provider.AESWrapCipher$AES128"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128"); +- put("Cipher.AESWrap_192", "com.sun.crypto.provider.AESWrapCipher$AES192"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192"); +- put("Cipher.AESWrap_256", "com.sun.crypto.provider.AESWrapCipher$AES256"); +- put("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256"); +- put("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256"); +- +- put("Cipher.RC2", +- "com.sun.crypto.provider.RC2Cipher"); +- put("Cipher.RC2 SupportedModes", BLOCK_MODES); +- put("Cipher.RC2 SupportedPaddings", BLOCK_PADS); +- put("Cipher.RC2 SupportedKeyFormats", "RAW"); +- +- put("Cipher.ARCFOUR", +- "com.sun.crypto.provider.ARCFOURCipher"); +- put("Alg.Alias.Cipher.RC4", "ARCFOUR"); +- put("Cipher.ARCFOUR SupportedModes", "ECB"); +- put("Cipher.ARCFOUR SupportedPaddings", "NOPADDING"); +- put("Cipher.ARCFOUR SupportedKeyFormats", "RAW"); +- +- /* +- * Key(pair) Generator engines +- */ +- put("KeyGenerator.DES", +- "com.sun.crypto.provider.DESKeyGenerator"); +- +- put("KeyGenerator.DESede", +- "com.sun.crypto.provider.DESedeKeyGenerator"); +- put("Alg.Alias.KeyGenerator.TripleDES", "DESede"); +- +- put("KeyGenerator.Blowfish", +- "com.sun.crypto.provider.BlowfishKeyGenerator"); +- +- put("KeyGenerator.AES", +- "com.sun.crypto.provider.AESKeyGenerator"); +- put("Alg.Alias.KeyGenerator.Rijndael", "AES"); +- +- put("KeyGenerator.RC2", +- "com.sun.crypto.provider.KeyGeneratorCore$" + +- "RC2KeyGenerator"); +- put("KeyGenerator.ARCFOUR", +- "com.sun.crypto.provider.KeyGeneratorCore$" + +- "ARCFOURKeyGenerator"); +- put("Alg.Alias.KeyGenerator.RC4", "ARCFOUR"); +- +- put("KeyGenerator.HmacMD5", +- "com.sun.crypto.provider.HmacMD5KeyGenerator"); +- +- put("KeyGenerator.HmacSHA1", +- "com.sun.crypto.provider.HmacSHA1KeyGenerator"); +- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1"); +- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1"); +- +- put("KeyGenerator.HmacSHA224", +- "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224"); +- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224"); +- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224"); +- +- put("KeyGenerator.HmacSHA256", +- "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256"); +- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256"); +- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256"); +- +- put("KeyGenerator.HmacSHA384", +- "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384"); +- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384"); +- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384"); +- +- put("KeyGenerator.HmacSHA512", +- "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512"); +- put("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512"); +- put("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512"); +- +- put("KeyPairGenerator.DiffieHellman", +- "com.sun.crypto.provider.DHKeyPairGenerator"); +- put("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman"); +- put("Alg.Alias.KeyPairGenerator.OID."+OID_PKCS3, +- "DiffieHellman"); +- put("Alg.Alias.KeyPairGenerator."+OID_PKCS3, +- "DiffieHellman"); +- +- /* +- * Algorithm parameter generation engines +- */ +- put("AlgorithmParameterGenerator.DiffieHellman", +- "com.sun.crypto.provider.DHParameterGenerator"); +- put("Alg.Alias.AlgorithmParameterGenerator.DH", +- "DiffieHellman"); +- put("Alg.Alias.AlgorithmParameterGenerator.OID."+OID_PKCS3, +- "DiffieHellman"); +- put("Alg.Alias.AlgorithmParameterGenerator."+OID_PKCS3, +- "DiffieHellman"); +- +- /* +- * Key Agreement engines +- */ +- put("KeyAgreement.DiffieHellman", +- "com.sun.crypto.provider.DHKeyAgreement"); +- put("Alg.Alias.KeyAgreement.DH", "DiffieHellman"); +- put("Alg.Alias.KeyAgreement.OID."+OID_PKCS3, "DiffieHellman"); +- put("Alg.Alias.KeyAgreement."+OID_PKCS3, "DiffieHellman"); +- +- put("KeyAgreement.DiffieHellman SupportedKeyClasses", +- "javax.crypto.interfaces.DHPublicKey" + +- "|javax.crypto.interfaces.DHPrivateKey"); +- +- /* +- * Algorithm Parameter engines +- */ +- put("AlgorithmParameters.DiffieHellman", +- "com.sun.crypto.provider.DHParameters"); +- put("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman"); +- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS3, +- "DiffieHellman"); +- put("Alg.Alias.AlgorithmParameters."+OID_PKCS3, +- "DiffieHellman"); +- +- put("AlgorithmParameters.DES", +- "com.sun.crypto.provider.DESParameters"); +- +- put("AlgorithmParameters.DESede", +- "com.sun.crypto.provider.DESedeParameters"); +- put("Alg.Alias.AlgorithmParameters.TripleDES", "DESede"); +- +- put("AlgorithmParameters.PBE", +- "com.sun.crypto.provider.PBEParameters"); +- +- put("AlgorithmParameters.PBEWithMD5AndDES", +- "com.sun.crypto.provider.PBEParameters"); +- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_MD5_DES, +- "PBEWithMD5AndDES"); +- put("Alg.Alias.AlgorithmParameters."+OID_PKCS5_MD5_DES, +- "PBEWithMD5AndDES"); +- +- put("AlgorithmParameters.PBEWithMD5AndTripleDES", +- "com.sun.crypto.provider.PBEParameters"); +- +- put("AlgorithmParameters.PBEWithSHA1AndDESede", +- "com.sun.crypto.provider.PBEParameters"); +- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_DESede, +- "PBEWithSHA1AndDESede"); +- put("Alg.Alias.AlgorithmParameters."+OID_PKCS12_DESede, +- "PBEWithSHA1AndDESede"); +- +- put("AlgorithmParameters.PBEWithSHA1AndRC2_40", +- "com.sun.crypto.provider.PBEParameters"); +- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_40, +- "PBEWithSHA1AndRC2_40"); +- put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40, +- "PBEWithSHA1AndRC2_40"); +- +- put("AlgorithmParameters.PBEWithSHA1AndRC2_128", +- "com.sun.crypto.provider.PBEParameters"); +- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC2_128, +- "PBEWithSHA1AndRC2_128"); +- put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128, +- "PBEWithSHA1AndRC2_128"); +- +- put("AlgorithmParameters.PBEWithSHA1AndRC4_40", +- "com.sun.crypto.provider.PBEParameters"); +- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_40, +- "PBEWithSHA1AndRC4_40"); +- put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40, +- "PBEWithSHA1AndRC4_40"); +- +- put("AlgorithmParameters.PBEWithSHA1AndRC4_128", +- "com.sun.crypto.provider.PBEParameters"); +- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS12_RC4_128, +- "PBEWithSHA1AndRC4_128"); +- put("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128, +- "PBEWithSHA1AndRC4_128"); +- +- put("AlgorithmParameters.PBES2", +- "com.sun.crypto.provider.PBES2Parameters$General"); +- put("Alg.Alias.AlgorithmParameters.OID."+OID_PKCS5_PBES2, +- "PBES2"); +- put("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2, +- "PBES2"); +- +- put("AlgorithmParameters.PBEWithHmacSHA1AndAES_128", +- "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128"); +- +- put("AlgorithmParameters.PBEWithHmacSHA224AndAES_128", +- "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128"); +- +- put("AlgorithmParameters.PBEWithHmacSHA256AndAES_128", +- "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128"); +- +- put("AlgorithmParameters.PBEWithHmacSHA384AndAES_128", +- "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128"); +- +- put("AlgorithmParameters.PBEWithHmacSHA512AndAES_128", +- "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128"); +- +- put("AlgorithmParameters.PBEWithHmacSHA1AndAES_256", +- "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256"); +- +- put("AlgorithmParameters.PBEWithHmacSHA224AndAES_256", +- "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256"); +- +- put("AlgorithmParameters.PBEWithHmacSHA256AndAES_256", +- "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256"); +- +- put("AlgorithmParameters.PBEWithHmacSHA384AndAES_256", +- "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256"); +- +- put("AlgorithmParameters.PBEWithHmacSHA512AndAES_256", +- "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256"); +- +- put("AlgorithmParameters.Blowfish", +- "com.sun.crypto.provider.BlowfishParameters"); +- +- put("AlgorithmParameters.AES", +- "com.sun.crypto.provider.AESParameters"); +- put("Alg.Alias.AlgorithmParameters.Rijndael", "AES"); +- put("AlgorithmParameters.GCM", +- "com.sun.crypto.provider.GCMParameters"); +- +- +- put("AlgorithmParameters.RC2", +- "com.sun.crypto.provider.RC2Parameters"); +- +- put("AlgorithmParameters.OAEP", +- "com.sun.crypto.provider.OAEPParameters"); +- +- /* +- * Key factories +- */ +- put("KeyFactory.DiffieHellman", +- "com.sun.crypto.provider.DHKeyFactory"); +- put("Alg.Alias.KeyFactory.DH", "DiffieHellman"); +- put("Alg.Alias.KeyFactory.OID."+OID_PKCS3, +- "DiffieHellman"); +- put("Alg.Alias.KeyFactory."+OID_PKCS3, "DiffieHellman"); +- +- /* +- * Secret-key factories +- */ +- put("SecretKeyFactory.DES", +- "com.sun.crypto.provider.DESKeyFactory"); +- +- put("SecretKeyFactory.DESede", +- "com.sun.crypto.provider.DESedeKeyFactory"); +- put("Alg.Alias.SecretKeyFactory.TripleDES", "DESede"); +- +- put("SecretKeyFactory.PBEWithMD5AndDES", +- "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES" +- ); +- put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS5_MD5_DES, +- "PBEWithMD5AndDES"); +- put("Alg.Alias.SecretKeyFactory."+OID_PKCS5_MD5_DES, +- "PBEWithMD5AndDES"); +- +- put("Alg.Alias.SecretKeyFactory.PBE", +- "PBEWithMD5AndDES"); +- +- /* +- * Internal in-house crypto algorithm used for +- * the JCEKS keystore type. Since this was developed +- * internally, there isn't an OID corresponding to this +- * algorithm. +- */ +- put("SecretKeyFactory.PBEWithMD5AndTripleDES", +- "com.sun.crypto.provider.PBEKeyFactory$" + +- "PBEWithMD5AndTripleDES" +- ); +- +- put("SecretKeyFactory.PBEWithSHA1AndDESede", +- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede" +- ); +- put("Alg.Alias.SecretKeyFactory.OID."+OID_PKCS12_DESede, +- "PBEWithSHA1AndDESede"); +- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede, +- "PBEWithSHA1AndDESede"); +- +- put("SecretKeyFactory.PBEWithSHA1AndRC2_40", +- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40" +- ); +- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40, +- "PBEWithSHA1AndRC2_40"); +- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40, +- "PBEWithSHA1AndRC2_40"); +- +- put("SecretKeyFactory.PBEWithSHA1AndRC2_128", +- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128" +- ); +- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128, +- "PBEWithSHA1AndRC2_128"); +- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128, +- "PBEWithSHA1AndRC2_128"); +- +- put("SecretKeyFactory.PBEWithSHA1AndRC4_40", +- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40" +- ); +- +- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40, +- "PBEWithSHA1AndRC4_40"); +- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40, +- "PBEWithSHA1AndRC4_40"); +- +- put("SecretKeyFactory.PBEWithSHA1AndRC4_128", +- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128" +- ); +- +- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128, +- "PBEWithSHA1AndRC4_128"); +- put("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128, +- "PBEWithSHA1AndRC4_128"); +- +- put("SecretKeyFactory.PBEWithHmacSHA1AndAES_128", +- "com.sun.crypto.provider.PBEKeyFactory$" + +- "PBEWithHmacSHA1AndAES_128"); +- +- put("SecretKeyFactory.PBEWithHmacSHA224AndAES_128", +- "com.sun.crypto.provider.PBEKeyFactory$" + +- "PBEWithHmacSHA224AndAES_128"); +- +- put("SecretKeyFactory.PBEWithHmacSHA256AndAES_128", +- "com.sun.crypto.provider.PBEKeyFactory$" + +- "PBEWithHmacSHA256AndAES_128"); +- +- put("SecretKeyFactory.PBEWithHmacSHA384AndAES_128", +- "com.sun.crypto.provider.PBEKeyFactory$" + +- "PBEWithHmacSHA384AndAES_128"); +- +- put("SecretKeyFactory.PBEWithHmacSHA512AndAES_128", +- "com.sun.crypto.provider.PBEKeyFactory$" + +- "PBEWithHmacSHA512AndAES_128"); +- +- put("SecretKeyFactory.PBEWithHmacSHA1AndAES_256", +- "com.sun.crypto.provider.PBEKeyFactory$" + +- "PBEWithHmacSHA1AndAES_256"); +- +- put("SecretKeyFactory.PBEWithHmacSHA224AndAES_256", +- "com.sun.crypto.provider.PBEKeyFactory$" + +- "PBEWithHmacSHA224AndAES_256"); +- +- put("SecretKeyFactory.PBEWithHmacSHA256AndAES_256", +- "com.sun.crypto.provider.PBEKeyFactory$" + +- "PBEWithHmacSHA256AndAES_256"); +- +- put("SecretKeyFactory.PBEWithHmacSHA384AndAES_256", +- "com.sun.crypto.provider.PBEKeyFactory$" + +- "PBEWithHmacSHA384AndAES_256"); +- +- put("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", +- "com.sun.crypto.provider.PBEKeyFactory$" + +- "PBEWithHmacSHA512AndAES_256"); +- +- // PBKDF2 +- +- put("SecretKeyFactory.PBKDF2WithHmacSHA1", +- "com.sun.crypto.provider.PBKDF2Core$HmacSHA1"); +- put("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2, +- "PBKDF2WithHmacSHA1"); +- put("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2, +- "PBKDF2WithHmacSHA1"); +- +- put("SecretKeyFactory.PBKDF2WithHmacSHA224", +- "com.sun.crypto.provider.PBKDF2Core$HmacSHA224"); +- put("SecretKeyFactory.PBKDF2WithHmacSHA256", +- "com.sun.crypto.provider.PBKDF2Core$HmacSHA256"); +- put("SecretKeyFactory.PBKDF2WithHmacSHA384", +- "com.sun.crypto.provider.PBKDF2Core$HmacSHA384"); +- put("SecretKeyFactory.PBKDF2WithHmacSHA512", +- "com.sun.crypto.provider.PBKDF2Core$HmacSHA512"); +- +- /* +- * MAC +- */ +- put("Mac.HmacMD5", "com.sun.crypto.provider.HmacMD5"); +- put("Mac.HmacSHA1", "com.sun.crypto.provider.HmacSHA1"); +- put("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1"); +- put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); +- put("Mac.HmacSHA224", +- "com.sun.crypto.provider.HmacCore$HmacSHA224"); +- put("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224"); +- put("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224"); +- put("Mac.HmacSHA256", +- "com.sun.crypto.provider.HmacCore$HmacSHA256"); +- put("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256"); +- put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); +- put("Mac.HmacSHA384", +- "com.sun.crypto.provider.HmacCore$HmacSHA384"); +- put("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384"); +- put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); +- put("Mac.HmacSHA512", +- "com.sun.crypto.provider.HmacCore$HmacSHA512"); +- put("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512"); +- put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); +- +- put("Mac.HmacPBESHA1", +- "com.sun.crypto.provider.HmacPKCS12PBESHA1"); +- +- // PBMAC1 +- +- put("Mac.PBEWithHmacSHA1", +- "com.sun.crypto.provider.PBMAC1Core$HmacSHA1"); +- put("Mac.PBEWithHmacSHA224", +- "com.sun.crypto.provider.PBMAC1Core$HmacSHA224"); +- put("Mac.PBEWithHmacSHA256", +- "com.sun.crypto.provider.PBMAC1Core$HmacSHA256"); +- put("Mac.PBEWithHmacSHA384", +- "com.sun.crypto.provider.PBMAC1Core$HmacSHA384"); +- put("Mac.PBEWithHmacSHA512", +- "com.sun.crypto.provider.PBMAC1Core$HmacSHA512"); +- +- put("Mac.SslMacMD5", +- "com.sun.crypto.provider.SslMacCore$SslMacMD5"); +- put("Mac.SslMacSHA1", +- "com.sun.crypto.provider.SslMacCore$SslMacSHA1"); +- +- put("Mac.HmacMD5 SupportedKeyFormats", "RAW"); +- put("Mac.HmacSHA1 SupportedKeyFormats", "RAW"); +- put("Mac.HmacSHA224 SupportedKeyFormats", "RAW"); +- put("Mac.HmacSHA256 SupportedKeyFormats", "RAW"); +- put("Mac.HmacSHA384 SupportedKeyFormats", "RAW"); +- put("Mac.HmacSHA512 SupportedKeyFormats", "RAW"); +- put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW"); +- put("Mac.PBEWithHmacSHA1 SupportedKeyFormatS", "RAW"); +- put("Mac.PBEWithHmacSHA224 SupportedKeyFormats", "RAW"); +- put("Mac.PBEWithHmacSHA256 SupportedKeyFormats", "RAW"); +- put("Mac.PBEWithHmacSHA384 SupportedKeyFormats", "RAW"); +- put("Mac.PBEWithHmacSHA512 SupportedKeyFormats", "RAW"); +- put("Mac.SslMacMD5 SupportedKeyFormats", "RAW"); +- put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW"); +- +- /* +- * KeyStore +- */ +- put("KeyStore.JCEKS", "com.sun.crypto.provider.JceKeyStore"); +- +- /* +- * SSL/TLS mechanisms +- * +- * These are strictly internal implementations and may +- * be changed at any time. These names were chosen +- * because PKCS11/SunPKCS11 does not yet have TLS1.2 +- * mechanisms, and it will cause calls to come here. +- */ +- put("KeyGenerator.SunTlsPrf", +- "com.sun.crypto.provider.TlsPrfGenerator$V10"); +- put("KeyGenerator.SunTls12Prf", +- "com.sun.crypto.provider.TlsPrfGenerator$V12"); +- +- put("KeyGenerator.SunTlsMasterSecret", +- "com.sun.crypto.provider.TlsMasterSecretGenerator"); +- put("Alg.Alias.KeyGenerator.SunTls12MasterSecret", +- "SunTlsMasterSecret"); +- put("Alg.Alias.KeyGenerator.SunTlsExtendedMasterSecret", +- "SunTlsMasterSecret"); +- +- put("KeyGenerator.SunTlsKeyMaterial", +- "com.sun.crypto.provider.TlsKeyMaterialGenerator"); +- put("Alg.Alias.KeyGenerator.SunTls12KeyMaterial", +- "SunTlsKeyMaterial"); +- +- put("KeyGenerator.SunTlsRsaPremasterSecret", +- "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator"); +- put("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret", +- "SunTlsRsaPremasterSecret"); +- +- return null; +- } +- }); +- +- if (instance == null) { +- instance = this; +- } ++ attrs.clear(); ++ attrs.put("SupportedModes", BLOCK_MODES); ++ attrs.put("SupportedPaddings", BLOCK_PADS); ++ attrs.put("SupportedKeyFormats", "RAW"); ++ ps("Cipher", "DES", ++ "com.sun.crypto.provider.DESCipher", null, attrs); ++ ps("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher", ++ desEdeAliases, attrs); ++ ps("Cipher", "Blowfish", ++ "com.sun.crypto.provider.BlowfishCipher", null, attrs); ++ ++ ps("Cipher", "RC2", ++ "com.sun.crypto.provider.RC2Cipher", null, attrs); ++ ++ attrs.clear(); ++ attrs.put("SupportedModes", BLOCK_MODES128); ++ attrs.put("SupportedPaddings", BLOCK_PADS); ++ attrs.put("SupportedKeyFormats", "RAW"); ++ ps("Cipher", "AES", "com.sun.crypto.provider.AESCipher$General", ++ aesAliases, attrs); ++ ++ attrs.clear(); ++ attrs.put("SupportedKeyFormats", "RAW"); ++ ps("Cipher", "AES_128/ECB/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding", ++ createAliasesWithOid(aes128Oid+"1"), attrs); ++ ps("Cipher", "AES_128/CBC/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding", ++ createAliasesWithOid(aes128Oid+"2"), attrs); ++ ps("Cipher", "AES_128/OFB/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding", ++ createAliasesWithOid(aes128Oid+"3"), attrs); ++ ps("Cipher", "AES_128/CFB/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding", ++ createAliasesWithOid(aes128Oid+"4"), attrs); ++ ps("Cipher", "AES_128/GCM/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES128_GCM_NoPadding", ++ createAliasesWithOid(aes128Oid+"6"), attrs); ++ ++ ps("Cipher", "AES_192/ECB/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding", ++ createAliasesWithOid(aes192Oid+"1"), attrs); ++ ps("Cipher", "AES_192/CBC/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding", ++ createAliasesWithOid(aes192Oid+"2"), attrs); ++ ps("Cipher", "AES_192/OFB/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding", ++ createAliasesWithOid(aes192Oid+"3"), attrs); ++ ps("Cipher", "AES_192/CFB/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding", ++ createAliasesWithOid(aes192Oid+"4"), attrs); ++ ps("Cipher", "AES_192/GCM/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES192_GCM_NoPadding", ++ createAliasesWithOid(aes192Oid+"6"), attrs); ++ ++ ps("Cipher", "AES_256/ECB/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding", ++ createAliasesWithOid(aes256Oid+"1"), attrs); ++ ps("Cipher", "AES_256/CBC/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding", ++ createAliasesWithOid(aes256Oid+"2"), attrs); ++ ps("Cipher", "AES_256/OFB/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding", ++ createAliasesWithOid(aes256Oid+"3"), attrs); ++ ps("Cipher", "AES_256/CFB/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding", ++ createAliasesWithOid(aes256Oid+"4"), attrs); ++ ps("Cipher", "AES_256/GCM/NoPadding", ++ "com.sun.crypto.provider.AESCipher$AES256_GCM_NoPadding", ++ createAliasesWithOid(aes256Oid+"6"), attrs); ++ ++ attrs.clear(); ++ attrs.put("SupportedModes", "CBC"); ++ attrs.put("SupportedPaddings", "NOPADDING"); ++ attrs.put("SupportedKeyFormats", "RAW"); ++ ps("Cipher", "DESedeWrap", ++ "com.sun.crypto.provider.DESedeWrapCipher", null, attrs); ++ ++ attrs.clear(); ++ attrs.put("SupportedModes", "ECB"); ++ attrs.put("SupportedPaddings", "NOPADDING"); ++ attrs.put("SupportedKeyFormats", "RAW"); ++ ps("Cipher", "ARCFOUR", "com.sun.crypto.provider.ARCFOURCipher", ++ arcFourAliases, attrs); ++ ps("Cipher", "AESWrap", "com.sun.crypto.provider.AESWrapCipher$General", ++ null, attrs); ++ ps("Cipher", "AESWrap_128", ++ "com.sun.crypto.provider.AESWrapCipher$AES128", ++ createAliasesWithOid(aes128Oid+"5"), attrs); ++ ps("Cipher", "AESWrap_192", ++ "com.sun.crypto.provider.AESWrapCipher$AES192", ++ createAliasesWithOid(aes192Oid+"5"), attrs); ++ ps("Cipher", "AESWrap_256", ++ "com.sun.crypto.provider.AESWrapCipher$AES256", ++ createAliasesWithOid(aes256Oid+"5"), attrs); ++ ++ attrs.clear(); ++ attrs.put("SupportedKeyFormats", "RAW"); ++ ++ // PBES1 ++ ps("Cipher", "PBEWithMD5AndDES", ++ "com.sun.crypto.provider.PBEWithMD5AndDESCipher", ++ pkcs5MD5_DESAliases, null); ++ ps("Cipher", "PBEWithMD5AndTripleDES", ++ "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher", ++ null, null); ++ ps("Cipher", "PBEWithSHA1AndDESede", ++ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede", ++ pkcs12DESedeAliases, null); ++ ps("Cipher", "PBEWithSHA1AndRC2_40", ++ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40", ++ pkcs12RC2_40Aliases, null); ++ ps("Cipher", "PBEWithSHA1AndRC2_128", ++ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128", ++ pkcs12RC2_128Aliases, null); ++ ps("Cipher", "PBEWithSHA1AndRC4_40", ++ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40", ++ pkcs12RC4_40Aliases, null); ++ ++ ps("Cipher", "PBEWithSHA1AndRC4_128", ++ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128", ++ pkcs12RC4_128Aliases, null); ++ ++ // PBES2 ++ ps("Cipher", "PBEWithHmacSHA1AndAES_128", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128", ++ null, null); ++ ++ ps("Cipher", "PBEWithHmacSHA224AndAES_128", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128", ++ null, null); ++ ++ ps("Cipher", "PBEWithHmacSHA256AndAES_128", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128", ++ null, null); ++ ++ ps("Cipher", "PBEWithHmacSHA384AndAES_128", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128", ++ null, null); ++ ++ ps("Cipher", "PBEWithHmacSHA512AndAES_128", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128", ++ null, null); ++ ++ ps("Cipher", "PBEWithHmacSHA1AndAES_256", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256", ++ null, null); ++ ++ ps("Cipher", "PBEWithHmacSHA224AndAES_256", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256", ++ null, null); ++ ++ ps("Cipher", "PBEWithHmacSHA256AndAES_256", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256", ++ null, null); ++ ++ ps("Cipher", "PBEWithHmacSHA384AndAES_256", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256", ++ null, null); ++ ++ ps("Cipher", "PBEWithHmacSHA512AndAES_256", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256", ++ null, null); ++ ++ /* ++ * Key(pair) Generator engines ++ */ ++ ps("KeyGenerator", "DES", ++ "com.sun.crypto.provider.DESKeyGenerator", ++ null, null); ++ ps("KeyGenerator", "DESede", ++ "com.sun.crypto.provider.DESedeKeyGenerator", ++ desEdeAliases, null); ++ ps("KeyGenerator", "Blowfish", ++ "com.sun.crypto.provider.BlowfishKeyGenerator", ++ null, null); ++ ps("KeyGenerator", "AES", ++ "com.sun.crypto.provider.AESKeyGenerator", ++ aesAliases, null); ++ ps("KeyGenerator", "RC2", ++ "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator", ++ null, null); ++ ps("KeyGenerator", "ARCFOUR", ++ "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator", ++ arcFourAliases, null); ++ ps("KeyGenerator", "HmacMD5", ++ "com.sun.crypto.provider.HmacMD5KeyGenerator", ++ null, null); ++ ++ ps("KeyGenerator", "HmacSHA1", ++ "com.sun.crypto.provider.HmacSHA1KeyGenerator", ++ macSHA1Aliases, null); ++ ps("KeyGenerator", "HmacSHA224", ++ "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA224", ++ macSHA224Aliases, null); ++ ps("KeyGenerator", "HmacSHA256", ++ "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA256", ++ macSHA256Aliases, null); ++ ps("KeyGenerator", "HmacSHA384", ++ "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA384", ++ macSHA384Aliases, null); ++ ps("KeyGenerator", "HmacSHA512", ++ "com.sun.crypto.provider.KeyGeneratorCore$HmacSHA2KG$SHA512", ++ macSHA512Aliases, null); ++ ++ ps("KeyPairGenerator", "DiffieHellman", ++ "com.sun.crypto.provider.DHKeyPairGenerator", ++ diffieHellmanAliases, null); ++ ++ /* ++ * Algorithm parameter generation engines ++ */ ++ ps("AlgorithmParameterGenerator", ++ "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator", ++ diffieHellmanAliases, null); ++ ++ /* ++ * Key Agreement engines ++ */ ++ attrs.clear(); ++ attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" + ++ "|javax.crypto.interfaces.DHPrivateKey"); ++ ps("KeyAgreement", "DiffieHellman", ++ "com.sun.crypto.provider.DHKeyAgreement", ++ diffieHellmanAliases, attrs); ++ ++ /* ++ * Algorithm Parameter engines ++ */ ++ ps("AlgorithmParameters", "DiffieHellman", ++ "com.sun.crypto.provider.DHParameters", ++ diffieHellmanAliases, null); ++ ++ ps("AlgorithmParameters", "DES", ++ "com.sun.crypto.provider.DESParameters", ++ null, null); ++ ++ ps("AlgorithmParameters", "DESede", ++ "com.sun.crypto.provider.DESedeParameters", ++ desEdeAliases, null); ++ ++ ps("AlgorithmParameters", "PBEWithMD5AndDES", ++ "com.sun.crypto.provider.PBEParameters", ++ pkcs5MD5_DESAliases, null); ++ ++ ps("AlgorithmParameters", "PBEWithMD5AndTripleDES", ++ "com.sun.crypto.provider.PBEParameters", ++ null, null); ++ ++ ps("AlgorithmParameters", "PBEWithSHA1AndDESede", ++ "com.sun.crypto.provider.PBEParameters", ++ pkcs12DESedeAliases, null); ++ ++ ps("AlgorithmParameters", "PBEWithSHA1AndRC2_40", ++ "com.sun.crypto.provider.PBEParameters", ++ pkcs12RC2_40Aliases, null); ++ ++ ps("AlgorithmParameters", "PBEWithSHA1AndRC2_128", ++ "com.sun.crypto.provider.PBEParameters", ++ pkcs12RC2_128Aliases, null); ++ ++ ps("AlgorithmParameters", "PBEWithSHA1AndRC4_40", ++ "com.sun.crypto.provider.PBEParameters", ++ pkcs12RC4_40Aliases, null); ++ ++ ps("AlgorithmParameters", "PBEWithSHA1AndRC4_128", ++ "com.sun.crypto.provider.PBEParameters", ++ pkcs12RC4_128Aliases, null); ++ ++ ps("AlgorithmParameters", "PBES2", ++ "com.sun.crypto.provider.PBES2Parameters$General", ++ pkcs5PBES2Aliases, null); ++ ++ ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_128", ++ "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_128", ++ null, null); ++ ++ ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_128", ++ "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_128", ++ null, null); ++ ++ ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_128", ++ "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_128", ++ null, null); ++ ++ ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_128", ++ "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_128", ++ null, null); ++ ++ ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_128", ++ "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128", ++ null, null); ++ ++ ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_256", ++ "com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256", ++ null, null); ++ ++ ps("AlgorithmParameters", "PBEWithHmacSHA224AndAES_256", ++ "com.sun.crypto.provider.PBES2Parameters$HmacSHA224AndAES_256", ++ null, null); ++ ++ ps("AlgorithmParameters", "PBEWithHmacSHA256AndAES_256", ++ "com.sun.crypto.provider.PBES2Parameters$HmacSHA256AndAES_256", ++ null, null); ++ ++ ps("AlgorithmParameters", "PBEWithHmacSHA384AndAES_256", ++ "com.sun.crypto.provider.PBES2Parameters$HmacSHA384AndAES_256", ++ null, null); ++ ++ ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_256", ++ "com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256", ++ null, null); ++ ++ ps("AlgorithmParameters", "Blowfish", ++ "com.sun.crypto.provider.BlowfishParameters", ++ null, null); ++ ++ ps("AlgorithmParameters", "AES", ++ "com.sun.crypto.provider.AESParameters", ++ aesAliases, null); ++ ++ ps("AlgorithmParameters", "GCM", ++ "com.sun.crypto.provider.GCMParameters", ++ null, null); ++ ++ ps("AlgorithmParameters", "RC2", ++ "com.sun.crypto.provider.RC2Parameters", ++ null, null); ++ ++ ps("AlgorithmParameters", "OAEP", ++ "com.sun.crypto.provider.OAEPParameters", ++ null, null); ++ ++ /* ++ * Key factories ++ */ ++ ps("KeyFactory", "DiffieHellman", ++ "com.sun.crypto.provider.DHKeyFactory", ++ diffieHellmanAliases, null); ++ ++ /* ++ * Secret-key factories ++ */ ++ ps("SecretKeyFactory", "DES", ++ "com.sun.crypto.provider.DESKeyFactory", ++ null, null); ++ ++ ps("SecretKeyFactory", "DESede", ++ "com.sun.crypto.provider.DESedeKeyFactory", ++ desEdeAliases, null); ++ ++ ps("SecretKeyFactory", "PBEWithMD5AndDES", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES", ++ pkcs5MD5_DESAliases, null); ++ ++ /* ++ * Internal in-house crypto algorithm used for ++ * the JCEKS keystore type. Since this was developed ++ * internally, there isn't an OID corresponding to this ++ * algorithm. ++ */ ++ ps("SecretKeyFactory", "PBEWithMD5AndTripleDES", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES", ++ null, null); ++ ++ ps("SecretKeyFactory", "PBEWithSHA1AndDESede", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede", ++ pkcs12DESedeAliases, null); ++ ++ ps("SecretKeyFactory", "PBEWithSHA1AndRC2_40", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40", ++ pkcs12RC2_40Aliases, null); ++ ++ ps("SecretKeyFactory", "PBEWithSHA1AndRC2_128", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128", ++ pkcs12RC2_128Aliases, null); ++ ++ ps("SecretKeyFactory", "PBEWithSHA1AndRC4_40", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40", ++ pkcs12RC4_40Aliases,null); ++ ++ ps("SecretKeyFactory", "PBEWithSHA1AndRC4_128", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128", ++ pkcs12RC4_128Aliases, null); ++ ++ ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128", ++ null, null); ++ ++ ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128", ++ null, null); ++ ++ ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128", ++ null, null); ++ ++ ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128", ++ null, null); ++ ++ ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128", ++ null, null); ++ ++ ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256", ++ null, null); ++ ++ ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256", ++ null, null); ++ ++ ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256", ++ null, null); ++ ++ ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256", ++ null, null); ++ ++ ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256", ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256", ++ null, null); ++ ++ // PBKDF2 ++ ps("SecretKeyFactory", "PBKDF2WithHmacSHA1", ++ "com.sun.crypto.provider.PBKDF2Core$HmacSHA1", ++ pkcs5PBKDF2Aliases, null); ++ ps("SecretKeyFactory", "PBKDF2WithHmacSHA224", ++ "com.sun.crypto.provider.PBKDF2Core$HmacSHA224", ++ null, null); ++ ps("SecretKeyFactory", "PBKDF2WithHmacSHA256", ++ "com.sun.crypto.provider.PBKDF2Core$HmacSHA256", ++ null, null); ++ ps("SecretKeyFactory", "PBKDF2WithHmacSHA384", ++ "com.sun.crypto.provider.PBKDF2Core$HmacSHA384", ++ null, null); ++ ps("SecretKeyFactory", "PBKDF2WithHmacSHA512", ++ "com.sun.crypto.provider.PBKDF2Core$HmacSHA512", ++ null, null); ++ ++ /* ++ * MAC ++ */ ++ attrs.clear(); ++ attrs.put("SupportedKeyFormats", "RAW"); ++ ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs); ++ ps("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1", ++ macSHA1Aliases, attrs); ++ ps("Mac", "HmacSHA224", "com.sun.crypto.provider.HmacCore$HmacSHA224", ++ macSHA224Aliases, attrs); ++ ps("Mac", "HmacSHA256", "com.sun.crypto.provider.HmacCore$HmacSHA256", ++ macSHA256Aliases, attrs); ++ ps("Mac", "HmacSHA384", "com.sun.crypto.provider.HmacCore$HmacSHA384", ++ macSHA384Aliases, attrs); ++ ps("Mac", "HmacSHA512", "com.sun.crypto.provider.HmacCore$HmacSHA512", ++ macSHA512Aliases, attrs); ++ // TODO: aliases with OIDs ++ ps("Mac", "HmacPBESHA1", "com.sun.crypto.provider.HmacPKCS12PBESHA1", ++ null, attrs); ++ // PBMAC1 ++ ps("Mac", "PBEWithHmacSHA1", ++ "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs); ++ ps("Mac", "PBEWithHmacSHA224", ++ "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs); ++ ps("Mac", "PBEWithHmacSHA256", ++ "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs); ++ ps("Mac", "PBEWithHmacSHA384", ++ "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs); ++ ps("Mac", "PBEWithHmacSHA512", ++ "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs); ++ ps("Mac", "SslMacMD5", ++ "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs); ++ ps("Mac", "SslMacSHA1", ++ "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs); ++ ++ /* ++ * KeyStore ++ */ ++ ps("KeyStore", "JCEKS", ++ "com.sun.crypto.provider.JceKeyStore", ++ null, null); ++ ++ /* ++ * SSL/TLS mechanisms ++ * ++ * These are strictly internal implementations and may ++ * be changed at any time. These names were chosen ++ * because PKCS11/SunPKCS11 does not yet have TLS1.2 ++ * mechanisms, and it will cause calls to come here. ++ */ ++ ps("KeyGenerator", "SunTlsPrf", ++ "com.sun.crypto.provider.TlsPrfGenerator$V10", ++ null, null); ++ ps("KeyGenerator", "SunTls12Prf", ++ "com.sun.crypto.provider.TlsPrfGenerator$V12", ++ null, null); ++ ++ ps("KeyGenerator", "SunTlsMasterSecret", ++ "com.sun.crypto.provider.TlsMasterSecretGenerator", ++ createAliases("SunTls12MasterSecret", ++ "SunTlsExtendedMasterSecret"), null); ++ ps("KeyGenerator", "SunTlsKeyMaterial", ++ "com.sun.crypto.provider.TlsKeyMaterialGenerator", ++ createAliases("SunTls12KeyMaterial"), null); ++ ++ ps("KeyGenerator", "SunTlsRsaPremasterSecret", ++ "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator", ++ createAliases("SunTls12RsaPremasterSecret"), null); + } + + // Return the instance of this class or create one if needed. +diff --git a/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java b/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java +index 7f9c7cbf4..b8cb61a56 100644 +--- a/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java ++++ b/jdk/src/share/classes/java/security/AlgorithmParameterGenerator.java +@@ -26,6 +26,7 @@ + package java.security; + + import java.security.spec.AlgorithmParameterSpec; ++import sun.security.jca.JCAUtil; + + /** + * The {@code AlgorithmParameterGenerator} class is used to generate a +@@ -282,7 +283,7 @@ public class AlgorithmParameterGenerator { + * @param size the size (number of bits). + */ + public final void init(int size) { +- paramGenSpi.engineInit(size, new SecureRandom()); ++ paramGenSpi.engineInit(size, JCAUtil.getSecureRandom()); + } + + /** +@@ -313,7 +314,7 @@ public class AlgorithmParameterGenerator { + */ + public final void init(AlgorithmParameterSpec genParamSpec) + throws InvalidAlgorithmParameterException { +- paramGenSpi.engineInit(genParamSpec, new SecureRandom()); ++ paramGenSpi.engineInit(genParamSpec, JCAUtil.getSecureRandom()); + } + + /** +diff --git a/jdk/src/share/classes/java/security/Provider.java b/jdk/src/share/classes/java/security/Provider.java +index 1eadb0e62..34f5ab22b 100644 +--- a/jdk/src/share/classes/java/security/Provider.java ++++ b/jdk/src/share/classes/java/security/Provider.java +@@ -30,6 +30,7 @@ import java.util.*; + import static java.util.Locale.ENGLISH; + import java.lang.ref.*; + import java.lang.reflect.*; ++import java.util.concurrent.ConcurrentHashMap; + import java.util.function.BiConsumer; + import java.util.function.BiFunction; + import java.util.function.Function; +@@ -135,6 +136,7 @@ public abstract class Provider extends Properties { + this.name = name; + this.version = version; + this.info = info; ++ this.serviceMap = new ConcurrentHashMap<>(); + putId(); + initialized = true; + } +@@ -662,15 +664,20 @@ public abstract class Provider extends Properties { + // legacy properties changed since last call to any services method? + private transient boolean legacyChanged; + // serviceMap changed since last call to getServices() +- private transient boolean servicesChanged; ++ private volatile transient boolean servicesChanged; + +- // Map ++ // Map used to keep track of legacy registration + private transient Map legacyStrings; + + // Map + // used for services added via putService(), initialized on demand + private transient Map serviceMap; + ++ // For backward compatibility, the registration ordering of ++ // SecureRandom (RNG) algorithms needs to be preserved for ++ // "new SecureRandom()" calls when this provider is used ++ private transient Set prngAlgos; ++ + // Map + // used for services added via legacy methods, init on demand + private transient Map legacyMap; +@@ -698,11 +705,13 @@ public abstract class Provider extends Properties { + } + defaults = null; + in.defaultReadObject(); ++ this.serviceMap = new ConcurrentHashMap<>(); + implClear(); + initialized = true; + putAll(copy); + } + ++ // check whether to update 'legacyString' with the specified key + private boolean checkLegacy(Object key) { + String keyString = (String)key; + if (keyString.startsWith("Provider.")) { +@@ -711,7 +720,7 @@ public abstract class Provider extends Properties { + + legacyChanged = true; + if (legacyStrings == null) { +- legacyStrings = new LinkedHashMap(); ++ legacyStrings = new LinkedHashMap<>(); + } + return true; + } +@@ -742,7 +751,7 @@ public abstract class Provider extends Properties { + if (!checkLegacy(key)) { + return false; + } +- legacyStrings.remove((String)key, value); ++ legacyStrings.remove((String)key, (String)value); + } + return super.remove(key, value); + } +@@ -772,7 +781,7 @@ public abstract class Provider extends Properties { + private void implReplaceAll(BiFunction function) { + legacyChanged = true; + if (legacyStrings == null) { +- legacyStrings = new LinkedHashMap(); ++ legacyStrings = new LinkedHashMap<>(); + } else { + legacyStrings.replaceAll((BiFunction) function); + } +@@ -796,8 +805,8 @@ public abstract class Provider extends Properties { + if (!checkLegacy(key)) { + return null; + } +- legacyStrings.computeIfAbsent((String) key, +- (Function) remappingFunction); ++ legacyStrings.compute((String) key, ++ (BiFunction) remappingFunction); + } + return super.compute(key, remappingFunction); + } +@@ -851,12 +860,11 @@ public abstract class Provider extends Properties { + if (legacyMap != null) { + legacyMap.clear(); + } +- if (serviceMap != null) { +- serviceMap.clear(); +- } ++ serviceMap.clear(); + legacyChanged = false; + servicesChanged = false; + serviceSet = null; ++ prngAlgos = null; + super.clear(); + putId(); + } +@@ -873,13 +881,13 @@ public abstract class Provider extends Properties { + this.algorithm = intern ? algorithm.intern() : algorithm; + } + public int hashCode() { +- return type.hashCode() + algorithm.hashCode(); ++ return Objects.hash(type, algorithm); + } + public boolean equals(Object obj) { + if (this == obj) { + return true; + } +- if (obj instanceof ServiceKey == false) { ++ if (!(obj instanceof ServiceKey)) { + return false; + } + ServiceKey other = (ServiceKey)obj; +@@ -901,7 +909,7 @@ public abstract class Provider extends Properties { + } + serviceSet = null; + if (legacyMap == null) { +- legacyMap = new LinkedHashMap(); ++ legacyMap = new ConcurrentHashMap<>(); + } else { + legacyMap.clear(); + } +@@ -957,7 +965,10 @@ public abstract class Provider extends Properties { + String type = getEngineName(typeAndAlg[0]); + String aliasAlg = typeAndAlg[1].intern(); + ServiceKey key = new ServiceKey(type, stdAlg, true); +- Service s = legacyMap.get(key); ++ Service s = serviceMap.get(key); ++ if (s == null) { ++ s = legacyMap.get(key); ++ } + if (s == null) { + s = new Service(this); + s.type = type; +@@ -986,6 +997,10 @@ public abstract class Provider extends Properties { + legacyMap.put(key, s); + } + s.className = className; ++ ++ if (type.equals("SecureRandom")) { ++ updateSecureRandomEntries(true, s.algorithm); ++ } + } else { // attribute + // e.g. put("MessageDigest.SHA-1 ImplementedIn", "Software"); + String attributeValue = value; +@@ -1031,7 +1046,7 @@ public abstract class Provider extends Properties { + * + * @since 1.5 + */ +- public synchronized Service getService(String type, String algorithm) { ++ public Service getService(String type, String algorithm) { + checkInitialized(); + // avoid allocating a new key object if possible + ServiceKey key = previousKey; +@@ -1039,14 +1054,19 @@ public abstract class Provider extends Properties { + key = new ServiceKey(type, algorithm, false); + previousKey = key; + } +- if (serviceMap != null) { +- Service service = serviceMap.get(key); +- if (service != null) { +- return service; ++ if (!serviceMap.isEmpty()) { ++ Service s = serviceMap.get(key); ++ if (s != null) { ++ return s; ++ } ++ } ++ synchronized (this){ ++ ensureLegacyParsed(); ++ if (legacyMap != null && !legacyMap.isEmpty()) { ++ return legacyMap.get(key); + } + } +- ensureLegacyParsed(); +- return (legacyMap != null) ? legacyMap.get(key) : null; ++ return null; + } + + // ServiceKey from previous getService() call +@@ -1075,10 +1095,10 @@ public abstract class Provider extends Properties { + if (serviceSet == null) { + ensureLegacyParsed(); + Set set = new LinkedHashSet<>(); +- if (serviceMap != null) { ++ if (!serviceMap.isEmpty()) { + set.addAll(serviceMap.values()); + } +- if (legacyMap != null) { ++ if (legacyMap != null && !legacyMap.isEmpty()) { + set.addAll(legacyMap.values()); + } + serviceSet = Collections.unmodifiableSet(set); +@@ -1116,7 +1136,7 @@ public abstract class Provider extends Properties { + * + * @since 1.5 + */ +- protected synchronized void putService(Service s) { ++ protected void putService(Service s) { + check("putProviderProperty." + name); + if (debug != null) { + debug.println(name + ".putService(): " + s); +@@ -1128,20 +1148,58 @@ public abstract class Provider extends Properties { + throw new IllegalArgumentException + ("service.getProvider() must match this Provider object"); + } +- if (serviceMap == null) { +- serviceMap = new LinkedHashMap(); +- } +- servicesChanged = true; + String type = s.getType(); + String algorithm = s.getAlgorithm(); + ServiceKey key = new ServiceKey(type, algorithm, true); +- // remove existing service + implRemoveService(serviceMap.get(key)); + serviceMap.put(key, s); + for (String alias : s.getAliases()) { + serviceMap.put(new ServiceKey(type, alias, true), s); + } +- putPropertyStrings(s); ++ servicesChanged = true; ++ synchronized (this) { ++ putPropertyStrings(s); ++ if (type.equals("SecureRandom")) { ++ updateSecureRandomEntries(true, s.algorithm); ++ } ++ } ++ } ++ ++ // keep tracks of the registered secure random algos and store them in order ++ private void updateSecureRandomEntries(boolean doAdd, String s) { ++ Objects.requireNonNull(s); ++ if (doAdd) { ++ if (prngAlgos == null) { ++ prngAlgos = new LinkedHashSet(); ++ } ++ prngAlgos.add(s); ++ } else { ++ prngAlgos.remove(s); ++ } ++ ++ if (debug != null) { ++ debug.println((doAdd? "Add":"Remove") + " SecureRandom algo " + s); ++ } ++ } ++ ++ // used by new SecureRandom() to find out the default SecureRandom ++ // service for this provider ++ synchronized Service getDefaultSecureRandomService() { ++ checkInitialized(); ++ ++ if (legacyChanged) { ++ prngAlgos = null; ++ ensureLegacyParsed(); ++ } ++ ++ if (prngAlgos != null && !prngAlgos.isEmpty()) { ++ // IMPORTANT: use the Service obj returned by getService(...) call ++ // as providers may override putService(...)/getService(...) and ++ // return their own Service objects ++ return getService("SecureRandom", prngAlgos.iterator().next()); ++ } ++ ++ return null; + } + + /** +@@ -1208,7 +1266,7 @@ public abstract class Provider extends Properties { + * + * @since 1.5 + */ +- protected synchronized void removeService(Service s) { ++ protected void removeService(Service s) { + check("removeProviderProperty." + name); + if (debug != null) { + debug.println(name + ".removeService(): " + s); +@@ -1220,7 +1278,7 @@ public abstract class Provider extends Properties { + } + + private void implRemoveService(Service s) { +- if ((s == null) || (serviceMap == null)) { ++ if ((s == null) || serviceMap.isEmpty()) { + return; + } + String type = s.getType(); +@@ -1235,7 +1293,12 @@ public abstract class Provider extends Properties { + for (String alias : s.getAliases()) { + serviceMap.remove(new ServiceKey(type, alias, false)); + } +- removePropertyStrings(s); ++ synchronized (this) { ++ removePropertyStrings(s); ++ if (type.equals("SecureRandom")) { ++ updateSecureRandomEntries(false, s.algorithm); ++ } ++ } + } + + // Wrapped String that behaves in a case insensitive way for equals/hashCode +diff --git a/jdk/src/share/classes/java/security/SecureRandom.java b/jdk/src/share/classes/java/security/SecureRandom.java +index 6848be5a2..05ff79191 100644 +--- a/jdk/src/share/classes/java/security/SecureRandom.java ++++ b/jdk/src/share/classes/java/security/SecureRandom.java +@@ -32,6 +32,7 @@ import java.security.Provider.Service; + + import sun.security.jca.*; + import sun.security.jca.GetInstance.Instance; ++import sun.security.provider.SunEntries; + import sun.security.util.Debug; + + /** +@@ -191,35 +192,50 @@ public class SecureRandom extends java.util.Random { + } + + private void getDefaultPRNG(boolean setSeed, byte[] seed) { +- String prng = getPrngAlgorithm(); +- if (prng == null) { +- // bummer, get the SUN implementation +- prng = "SHA1PRNG"; ++ Service prngService = null; ++ String prngAlgorithm = null; ++ for (Provider p : Providers.getProviderList().providers()) { ++ // SUN provider uses the SunEntries.DEF_SECURE_RANDOM_ALGO ++ // as the default SecureRandom algorithm; for other providers, ++ // Provider.getDefaultSecureRandom() will use the 1st ++ // registered SecureRandom algorithm ++ if (p.getName().equals("SUN")) { ++ prngAlgorithm = SunEntries.DEF_SECURE_RANDOM_ALGO; ++ prngService = p.getService("SecureRandom", prngAlgorithm); ++ break; ++ } else { ++ prngService = p.getDefaultSecureRandomService(); ++ if (prngService != null) { ++ prngAlgorithm = prngService.getAlgorithm(); ++ break; ++ } ++ } ++ } ++ // per javadoc, if none of the Providers support a RNG algorithm, ++ // then an implementation-specific default is returned. ++ if (prngService == null) { ++ prngAlgorithm = "SHA1PRNG"; + this.secureRandomSpi = new sun.security.provider.SecureRandom(); + this.provider = Providers.getSunProvider(); +- if (setSeed) { +- this.secureRandomSpi.engineSetSeed(seed); +- } + } else { + try { +- SecureRandom random = SecureRandom.getInstance(prng); +- this.secureRandomSpi = random.getSecureRandomSpi(); +- this.provider = random.getProvider(); +- if (setSeed) { +- this.secureRandomSpi.engineSetSeed(seed); +- } ++ this.secureRandomSpi = (SecureRandomSpi) prngService.newInstance(null); ++ this.provider = prngService.getProvider(); + } catch (NoSuchAlgorithmException nsae) { +- // never happens, because we made sure the algorithm exists ++ // should not happen + throw new RuntimeException(nsae); + } + } ++ if (setSeed) { ++ this.secureRandomSpi.engineSetSeed(seed); ++ } + // JDK 1.1 based implementations subclass SecureRandom instead of + // SecureRandomSpi. They will also go through this code path because + // they must call a SecureRandom constructor as it is their superclass. + // If we are dealing with such an implementation, do not set the + // algorithm value as it would be inaccurate. + if (getClass() == SecureRandom.class) { +- this.algorithm = prng; ++ this.algorithm = prngAlgorithm; + } + } + +@@ -386,13 +402,6 @@ public class SecureRandom extends java.util.Random { + instance.provider, algorithm); + } + +- /** +- * Returns the SecureRandomSpi of this SecureRandom object. +- */ +- SecureRandomSpi getSecureRandomSpi() { +- return secureRandomSpi; +- } +- + /** + * Returns the provider of this SecureRandom object. + * +@@ -548,23 +557,6 @@ public class SecureRandom extends java.util.Random { + return retVal; + } + +- /** +- * Gets a default PRNG algorithm by looking through all registered +- * providers. Returns the first PRNG algorithm of the first provider that +- * has registered a SecureRandom implementation, or null if none of the +- * registered providers supplies a SecureRandom implementation. +- */ +- private static String getPrngAlgorithm() { +- for (Provider p : Providers.getProviderList().providers()) { +- for (Service s : p.getServices()) { +- if (s.getType().equals("SecureRandom")) { +- return s.getAlgorithm(); +- } +- } +- } +- return null; +- } +- + /* + * Lazily initialize since Pattern.compile() is heavy. + * Effective Java (2nd Edition), Item 71. +diff --git a/jdk/src/share/classes/javax/crypto/Cipher.java b/jdk/src/share/classes/javax/crypto/Cipher.java +index d3d09d7e2..93c177e77 100644 +--- a/jdk/src/share/classes/javax/crypto/Cipher.java ++++ b/jdk/src/share/classes/javax/crypto/Cipher.java +@@ -1186,7 +1186,7 @@ public class Cipher { + * by the underlying {@code CipherSpi}. + */ + public final void init(int opmode, Key key) throws InvalidKeyException { +- init(opmode, key, JceSecurity.RANDOM); ++ init(opmode, key, JCAUtil.getSecureRandom()); + } + + /** +@@ -1327,7 +1327,7 @@ public class Cipher { + public final void init(int opmode, Key key, AlgorithmParameterSpec params) + throws InvalidKeyException, InvalidAlgorithmParameterException + { +- init(opmode, key, params, JceSecurity.RANDOM); ++ init(opmode, key, params, JCAUtil.getSecureRandom()); + } + + /** +@@ -1470,7 +1470,7 @@ public class Cipher { + public final void init(int opmode, Key key, AlgorithmParameters params) + throws InvalidKeyException, InvalidAlgorithmParameterException + { +- init(opmode, key, params, JceSecurity.RANDOM); ++ init(opmode, key, params, JCAUtil.getSecureRandom()); + } + + /** +@@ -1618,7 +1618,7 @@ public class Cipher { + public final void init(int opmode, Certificate certificate) + throws InvalidKeyException + { +- init(opmode, certificate, JceSecurity.RANDOM); ++ init(opmode, certificate, JCAUtil.getSecureRandom()); + } + + /** +diff --git a/jdk/src/share/classes/javax/crypto/JceSecurity.java b/jdk/src/share/classes/javax/crypto/JceSecurity.java +index e7e3a99f5..1186dc351 100644 +--- a/jdk/src/share/classes/javax/crypto/JceSecurity.java ++++ b/jdk/src/share/classes/javax/crypto/JceSecurity.java +@@ -49,8 +49,6 @@ import sun.security.util.Debug; + + final class JceSecurity { + +- static final SecureRandom RANDOM = new SecureRandom(); +- + // The defaultPolicy and exemptPolicy will be set up + // in the static initializer. + private static CryptoPermissions defaultPolicy = null; +diff --git a/jdk/src/share/classes/javax/crypto/KeyAgreement.java b/jdk/src/share/classes/javax/crypto/KeyAgreement.java +index 513fc501e..4e16bcacb 100644 +--- a/jdk/src/share/classes/javax/crypto/KeyAgreement.java ++++ b/jdk/src/share/classes/javax/crypto/KeyAgreement.java +@@ -438,7 +438,7 @@ public class KeyAgreement { + * has an incompatible algorithm type. + */ + public final void init(Key key) throws InvalidKeyException { +- init(key, JceSecurity.RANDOM); ++ init(key, JCAUtil.getSecureRandom()); + } + + /** +@@ -506,7 +506,7 @@ public class KeyAgreement { + public final void init(Key key, AlgorithmParameterSpec params) + throws InvalidKeyException, InvalidAlgorithmParameterException + { +- init(key, params, JceSecurity.RANDOM); ++ init(key, params, JCAUtil.getSecureRandom()); + } + + /** +diff --git a/jdk/src/share/classes/javax/crypto/KeyGenerator.java b/jdk/src/share/classes/javax/crypto/KeyGenerator.java +index 2a26da5e5..71fa64715 100644 +--- a/jdk/src/share/classes/javax/crypto/KeyGenerator.java ++++ b/jdk/src/share/classes/javax/crypto/KeyGenerator.java +@@ -427,7 +427,7 @@ public class KeyGenerator { + public final void init(AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException + { +- init(params, JceSecurity.RANDOM); ++ init(params, JCAUtil.getSecureRandom()); + } + + /** +@@ -491,7 +491,7 @@ public class KeyGenerator { + * supported. + */ + public final void init(int keysize) { +- init(keysize, JceSecurity.RANDOM); ++ init(keysize, JCAUtil.getSecureRandom()); + } + + /** +diff --git a/jdk/src/share/classes/sun/security/provider/Sun.java b/jdk/src/share/classes/sun/security/provider/Sun.java +index 07ef2ff4a..75b411605 100644 +--- a/jdk/src/share/classes/sun/security/provider/Sun.java ++++ b/jdk/src/share/classes/sun/security/provider/Sun.java +@@ -28,7 +28,6 @@ package sun.security.provider; + import java.util.*; + import java.security.*; + +-import sun.security.action.PutAllAction; + + /** + * The SUN Security Provider. +@@ -49,17 +48,27 @@ public final class Sun extends Provider { + /* We are the SUN provider */ + super("SUN", 1.8d, INFO); + ++ Provider p = this; ++ Iterator serviceIter = new SunEntries(p).iterator(); ++ + // if there is no security manager installed, put directly into +- // the provider. Otherwise, create a temporary map and use a +- // doPrivileged() call at the end to transfer the contents ++ // the provider. + if (System.getSecurityManager() == null) { +- SunEntries.putEntries(this); ++ putEntries(serviceIter); + } else { +- // use LinkedHashMap to preserve the order of the PRNGs +- Map map = new LinkedHashMap<>(); +- SunEntries.putEntries(map); +- AccessController.doPrivileged(new PutAllAction(this, map)); ++ AccessController.doPrivileged(new PrivilegedAction() { ++ @Override ++ public Void run() { ++ putEntries(serviceIter); ++ return null; ++ } ++ }); + } + } + ++ void putEntries(Iterator i) { ++ while (i.hasNext()) { ++ putService(i.next()); ++ } ++ } + } +diff --git a/jdk/src/share/classes/sun/security/provider/SunEntries.java b/jdk/src/share/classes/sun/security/provider/SunEntries.java +index d85697841..fb61d40b0 100644 +--- a/jdk/src/share/classes/sun/security/provider/SunEntries.java ++++ b/jdk/src/share/classes/sun/security/provider/SunEntries.java +@@ -27,7 +27,7 @@ package sun.security.provider; + + import java.io.*; + import java.net.*; +-import java.util.Map; ++import java.util.*; + import java.security.*; + import sun.security.action.GetPropertyAction; + +@@ -77,255 +77,222 @@ import sun.security.action.GetPropertyAction; + * - JavaLoginConfig is the default file-based LoginModule Configuration type. + */ + +-final class SunEntries { ++public final class SunEntries { + +- private static final boolean useLegacyDSA = +- Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty +- ("jdk.security.legacyDSAKeyPairGenerator")); ++ // the default algo used by SecureRandom class for new SecureRandom() calls ++ public static final String DEF_SECURE_RANDOM_ALGO; ++ ++ // create an aliases List from the specified aliases ++ public static List createAliases(String ... aliases) { ++ return Arrays.asList(aliases); ++ } + +- private SunEntries() { +- // empty ++ // create an aliases List from the specified oid followed by other aliases ++ public static List createAliasesWithOid(String ... oids) { ++ String[] result = Arrays.copyOf(oids, oids.length + 1); ++ result[result.length - 1] = "OID." + oids[0]; ++ return Arrays.asList(result); + } + +- static void putEntries(Map map) { ++ SunEntries(Provider p) { ++ services = new LinkedHashSet<>(50, 0.9f); ++ ++ // start populating content using the specified provider ++ ++ // common attribute map ++ HashMap attrs = new HashMap<>(3); + + /* +- * SecureRandom +- * +- * Register these first to speed up "new SecureRandom()", +- * which iterates through the list of algorithms ++ * SecureRandom engines + */ +- // register the native PRNG, if available +- // if user selected /dev/urandom, we put it before SHA1PRNG, +- // otherwise after it +- boolean nativeAvailable = NativePRNG.isAvailable(); +- boolean useNativePRNG = seedSource.equals(URL_DEV_URANDOM) || +- seedSource.equals(URL_DEV_RANDOM); +- +- if (nativeAvailable && useNativePRNG) { +- map.put("SecureRandom.NativePRNG", +- "sun.security.provider.NativePRNG"); +- } + +- map.put("SecureRandom.SHA1PRNG", +- "sun.security.provider.SecureRandom"); +- if (nativeAvailable && !useNativePRNG) { +- map.put("SecureRandom.NativePRNG", +- "sun.security.provider.NativePRNG"); ++ if (NativePRNG.isAvailable()) { ++ add(p, "SecureRandom", "NativePRNG", ++ "sun.security.provider.NativePRNG", ++ null, attrs); + } + + if (NativePRNG.Blocking.isAvailable()) { +- map.put("SecureRandom.NativePRNGBlocking", +- "sun.security.provider.NativePRNG$Blocking"); ++ add(p, "SecureRandom", "NativePRNGBlocking", ++ "sun.security.provider.NativePRNG$Blocking", null, attrs); + } + + if (NativePRNG.NonBlocking.isAvailable()) { +- map.put("SecureRandom.NativePRNGNonBlocking", +- "sun.security.provider.NativePRNG$NonBlocking"); ++ add(p, "SecureRandom", "NativePRNGNonBlocking", ++ "sun.security.provider.NativePRNG$NonBlocking", null, attrs); + } + ++ attrs.put("ImplementedIn", "Software"); ++ add(p, "SecureRandom", "SHA1PRNG", ++ "sun.security.provider.SecureRandom", null, attrs); ++ + /* + * Signature engines + */ +- map.put("Signature.SHA1withDSA", +- "sun.security.provider.DSA$SHA1withDSA"); +- map.put("Signature.NONEwithDSA", "sun.security.provider.DSA$RawDSA"); +- map.put("Alg.Alias.Signature.RawDSA", "NONEwithDSA"); +- map.put("Signature.SHA224withDSA", +- "sun.security.provider.DSA$SHA224withDSA"); +- map.put("Signature.SHA256withDSA", +- "sun.security.provider.DSA$SHA256withDSA"); +- ++ attrs.clear(); + String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + + "|java.security.interfaces.DSAPrivateKey"; +- map.put("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses); +- map.put("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses); +- map.put("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses); +- map.put("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses); +- +- map.put("Alg.Alias.Signature.DSA", "SHA1withDSA"); +- map.put("Alg.Alias.Signature.DSS", "SHA1withDSA"); +- map.put("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); +- map.put("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA"); +- map.put("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA"); +- map.put("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA"); +- map.put("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); +- map.put("Alg.Alias.Signature.OID.1.2.840.10040.4.3", +- "SHA1withDSA"); +- map.put("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); +- map.put("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA"); +- map.put("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA"); +- map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1", +- "SHA224withDSA"); +- map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA"); +- map.put("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2", +- "SHA256withDSA"); +- map.put("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA"); ++ attrs.put("SupportedKeyClasses", dsaKeyClasses); ++ attrs.put("ImplementedIn", "Software"); ++ ++ attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures ++ ++ add(p, "Signature", "SHA1withDSA", ++ "sun.security.provider.DSA$SHA1withDSA", ++ createAliasesWithOid("1.2.840.10040.4.3", "DSA", "DSS", ++ "SHA/DSA", "SHA-1/DSA", "SHA1/DSA", "SHAwithDSA", ++ "DSAWithSHA1", "1.3.14.3.2.13", "1.3.14.3.2.27"), attrs); ++ add(p, "Signature", "NONEwithDSA", "sun.security.provider.DSA$RawDSA", ++ createAliases("RawDSA"), attrs); ++ ++ attrs.put("KeySize", "2048"); // for SHA224 and SHA256 DSA signatures ++ ++ add(p, "Signature", "SHA224withDSA", ++ "sun.security.provider.DSA$SHA224withDSA", ++ createAliasesWithOid("2.16.840.1.101.3.4.3.1"), attrs); ++ add(p, "Signature", "SHA256withDSA", ++ "sun.security.provider.DSA$SHA256withDSA", ++ createAliasesWithOid("2.16.840.1.101.3.4.3.2"), attrs); ++ ++ attrs.remove("KeySize"); + + /* + * Key Pair Generator engines + */ ++ attrs.clear(); ++ attrs.put("ImplementedIn", "Software"); ++ attrs.put("KeySize", "2048"); // for DSA KPG and APG only ++ ++ String dsaOid = "1.2.840.10040.4.1"; ++ List dsaAliases = createAliasesWithOid(dsaOid, "1.3.14.3.2.12"); + String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; + dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); +- map.put("KeyPairGenerator.DSA", dsaKPGImplClass); +- map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); +- map.put("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); +- map.put("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); +- +- /* +- * Digest engines +- */ +- map.put("MessageDigest.MD2", "sun.security.provider.MD2"); +- map.put("MessageDigest.MD5", "sun.security.provider.MD5"); +- map.put("MessageDigest.SHA", "sun.security.provider.SHA"); +- +- map.put("Alg.Alias.MessageDigest.SHA-1", "SHA"); +- map.put("Alg.Alias.MessageDigest.SHA1", "SHA"); +- map.put("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA"); +- map.put("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA"); +- +- map.put("MessageDigest.SHA-224", "sun.security.provider.SHA2$SHA224"); +- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224"); +- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", +- "SHA-224"); +- +- map.put("MessageDigest.SHA-256", "sun.security.provider.SHA2$SHA256"); +- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); +- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", +- "SHA-256"); +- map.put("MessageDigest.SHA-384", "sun.security.provider.SHA5$SHA384"); +- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); +- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", +- "SHA-384"); +- map.put("MessageDigest.SHA-512", "sun.security.provider.SHA5$SHA512"); +- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); +- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", +- "SHA-512"); +- map.put("MessageDigest.SHA-512/224", "sun.security.provider.SHA5$SHA512_224"); +- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224"); +- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5", +- "SHA-512/224"); +- map.put("MessageDigest.SHA-512/256", "sun.security.provider.SHA5$SHA512_256"); +- map.put("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256"); +- map.put("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6", +- "SHA-512/256"); ++ add(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, dsaAliases, attrs); + + /* + * Algorithm Parameter Generator engines + */ +- map.put("AlgorithmParameterGenerator.DSA", +- "sun.security.provider.DSAParameterGenerator"); ++ add(p, "AlgorithmParameterGenerator", "DSA", ++ "sun.security.provider.DSAParameterGenerator", dsaAliases, ++ attrs); ++ attrs.remove("KeySize"); + + /* + * Algorithm Parameter engines + */ +- map.put("AlgorithmParameters.DSA", +- "sun.security.provider.DSAParameters"); +- map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA"); +- map.put("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA"); +- map.put("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA"); ++ add(p, "AlgorithmParameters", "DSA", ++ "sun.security.provider.DSAParameters", dsaAliases, attrs); + + /* + * Key factories + */ +- map.put("KeyFactory.DSA", "sun.security.provider.DSAKeyFactory"); +- map.put("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA"); +- map.put("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); +- map.put("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA"); ++ add(p, "KeyFactory", "DSA", "sun.security.provider.DSAKeyFactory", ++ dsaAliases, attrs); + + /* +- * Certificates ++ * Digest engines + */ +- map.put("CertificateFactory.X.509", +- "sun.security.provider.X509Factory"); +- map.put("Alg.Alias.CertificateFactory.X509", "X.509"); ++ add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", null, attrs); ++ add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", null, attrs); ++ add(p, "MessageDigest", "SHA", "sun.security.provider.SHA", ++ createAliasesWithOid("1.3.14.3.2.26", "SHA-1", "SHA1"), attrs); ++ ++ String sha2BaseOid = "2.16.840.1.101.3.4.2"; ++ add(p, "MessageDigest", "SHA-224", "sun.security.provider.SHA2$SHA224", ++ createAliasesWithOid(sha2BaseOid + ".4"), attrs); ++ add(p, "MessageDigest", "SHA-256", "sun.security.provider.SHA2$SHA256", ++ createAliasesWithOid(sha2BaseOid + ".1"), attrs); ++ add(p, "MessageDigest", "SHA-384", "sun.security.provider.SHA5$SHA384", ++ createAliasesWithOid(sha2BaseOid + ".2"), attrs); ++ add(p, "MessageDigest", "SHA-512", "sun.security.provider.SHA5$SHA512", ++ createAliasesWithOid(sha2BaseOid + ".3"), attrs); ++ add(p, "MessageDigest", "SHA-512/224", ++ "sun.security.provider.SHA5$SHA512_224", ++ createAliasesWithOid(sha2BaseOid + ".5"), attrs); ++ add(p, "MessageDigest", "SHA-512/256", ++ "sun.security.provider.SHA5$SHA512_256", ++ createAliasesWithOid(sha2BaseOid + ".6"), attrs); + +- /* +- * KeyStore +- */ +- map.put("KeyStore.JKS", +- "sun.security.provider.JavaKeyStore$DualFormatJKS"); +- map.put("KeyStore.CaseExactJKS", +- "sun.security.provider.JavaKeyStore$CaseExactJKS"); +- map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS"); + + /* +- * Policy ++ * Certificates + */ +- map.put("Policy.JavaPolicy", "sun.security.provider.PolicySpiFile"); ++ add(p, "CertificateFactory", "X.509", ++ "sun.security.provider.X509Factory", ++ createAliases("X509"), attrs); + + /* +- * Configuration ++ * KeyStore + */ +- map.put("Configuration.JavaLoginConfig", +- "sun.security.provider.ConfigFile$Spi"); ++ add(p, "KeyStore", "JKS", ++ "sun.security.provider.JavaKeyStore$DualFormatJKS", ++ null, attrs); ++ add(p, "KeyStore", "CaseExactJKS", ++ "sun.security.provider.JavaKeyStore$CaseExactJKS", ++ null, attrs); ++ add(p, "KeyStore", "DKS", "sun.security.provider.DomainKeyStore$DKS", ++ null, attrs); + + /* +- * CertPathBuilder ++ * CertStores + */ +- map.put("CertPathBuilder.PKIX", +- "sun.security.provider.certpath.SunCertPathBuilder"); +- map.put("CertPathBuilder.PKIX ValidationAlgorithm", +- "RFC5280"); ++ attrs.put("LDAPSchema", "RFC2587"); ++ add(p, "CertStore", "LDAP", ++ "sun.security.provider.certpath.ldap.LDAPCertStore", null, attrs); ++ attrs.remove("LDAPSchema"); ++ add(p, "CertStore", "Collection", ++ "sun.security.provider.certpath.CollectionCertStore", ++ null, attrs); ++ add(p, "CertStore", "com.sun.security.IndexedCollection", ++ "sun.security.provider.certpath.IndexedCollectionCertStore", ++ null, attrs); + + /* +- * CertPathValidator ++ * Policy + */ +- map.put("CertPathValidator.PKIX", +- "sun.security.provider.certpath.PKIXCertPathValidator"); +- map.put("CertPathValidator.PKIX ValidationAlgorithm", +- "RFC5280"); ++ add(p, "Policy", "JavaPolicy", "sun.security.provider.PolicySpiFile", ++ null, null); + + /* +- * CertStores ++ * Configuration + */ +- map.put("CertStore.LDAP", +- "sun.security.provider.certpath.ldap.LDAPCertStore"); +- map.put("CertStore.LDAP LDAPSchema", "RFC2587"); +- map.put("CertStore.Collection", +- "sun.security.provider.certpath.CollectionCertStore"); +- map.put("CertStore.com.sun.security.IndexedCollection", +- "sun.security.provider.certpath.IndexedCollectionCertStore"); ++ add(p, "Configuration", "JavaLoginConfig", ++ "sun.security.provider.ConfigFile$Spi", null, null); + + /* +- * KeySize ++ * CertPathBuilder and CertPathValidator + */ +- map.put("Signature.NONEwithDSA KeySize", "1024"); +- map.put("Signature.SHA1withDSA KeySize", "1024"); +- map.put("Signature.SHA224withDSA KeySize", "2048"); +- map.put("Signature.SHA256withDSA KeySize", "2048"); +- +- map.put("KeyPairGenerator.DSA KeySize", "2048"); +- map.put("AlgorithmParameterGenerator.DSA KeySize", "2048"); ++ attrs.clear(); ++ attrs.put("ValidationAlgorithm", "RFC5280"); ++ attrs.put("ImplementedIn", "Software"); ++ add(p, "CertPathBuilder", "PKIX", ++ "sun.security.provider.certpath.SunCertPathBuilder", ++ null, attrs); ++ add(p, "CertPathValidator", "PKIX", ++ "sun.security.provider.certpath.PKIXCertPathValidator", ++ null, attrs); ++ } + +- /* +- * Implementation type: software or hardware +- */ +- map.put("Signature.SHA1withDSA ImplementedIn", "Software"); +- map.put("KeyPairGenerator.DSA ImplementedIn", "Software"); +- map.put("MessageDigest.MD5 ImplementedIn", "Software"); +- map.put("MessageDigest.SHA ImplementedIn", "Software"); +- map.put("AlgorithmParameterGenerator.DSA ImplementedIn", +- "Software"); +- map.put("AlgorithmParameters.DSA ImplementedIn", "Software"); +- map.put("KeyFactory.DSA ImplementedIn", "Software"); +- map.put("SecureRandom.SHA1PRNG ImplementedIn", "Software"); +- map.put("CertificateFactory.X.509 ImplementedIn", "Software"); +- map.put("KeyStore.JKS ImplementedIn", "Software"); +- map.put("CertPathValidator.PKIX ImplementedIn", "Software"); +- map.put("CertPathBuilder.PKIX ImplementedIn", "Software"); +- map.put("CertStore.LDAP ImplementedIn", "Software"); +- map.put("CertStore.Collection ImplementedIn", "Software"); +- map.put("CertStore.com.sun.security.IndexedCollection ImplementedIn", +- "Software"); ++ Iterator iterator() { ++ return services.iterator(); ++ } + ++ private void add(Provider p, String type, String algo, String cn, ++ List aliases, HashMap attrs) { ++ services.add(new Provider.Service(p, type, algo, cn, aliases, attrs)); + } + ++ private LinkedHashSet services; ++ + // name of the *System* property, takes precedence over PROP_RNDSOURCE + private final static String PROP_EGD = "java.security.egd"; + // name of the *Security* property + private final static String PROP_RNDSOURCE = "securerandom.source"; + ++ private static final boolean useLegacyDSA = ++ Boolean.parseBoolean(GetPropertyAction.privilegedGetProperty ++ ("jdk.security.legacyDSAKeyPairGenerator")); ++ + final static String URL_DEV_RANDOM = "file:/dev/random"; + final static String URL_DEV_URANDOM = "file:/dev/urandom"; + +@@ -348,6 +315,12 @@ final class SunEntries { + return egdSource; + } + }); ++ ++ DEF_SECURE_RANDOM_ALGO = (NativePRNG.isAvailable() && ++ (seedSource.equals(URL_DEV_URANDOM) || ++ seedSource.equals(URL_DEV_RANDOM)) ? ++ "NativePRNG" : "SHA1PRNG"); ++ + } + + static String getSeedSource() { +diff --git a/jdk/src/share/classes/sun/security/provider/VerificationProvider.java b/jdk/src/share/classes/sun/security/provider/VerificationProvider.java +index 296b03437..d76d81999 100644 +--- a/jdk/src/share/classes/sun/security/provider/VerificationProvider.java ++++ b/jdk/src/share/classes/sun/security/provider/VerificationProvider.java +@@ -28,8 +28,6 @@ package sun.security.provider; + import java.util.*; + import java.security.*; + +-import sun.security.action.PutAllAction; +- + import sun.security.rsa.SunRsaSignEntries; + + /** +@@ -68,19 +66,29 @@ public final class VerificationProvider extends Provider { + return; + } + ++ Provider p = this; ++ Iterator sunIter = new SunEntries(p).iterator(); ++ Iterator rsaIter = new SunRsaSignEntries(p).iterator(); + // if there is no security manager installed, put directly into +- // the provider. Otherwise, create a temporary map and use a +- // doPrivileged() call at the end to transfer the contents ++ // the provider. + if (System.getSecurityManager() == null) { +- SunEntries.putEntries(this); +- SunRsaSignEntries.putEntries(this); ++ putEntries(sunIter); ++ putEntries(rsaIter); + } else { + // use LinkedHashMap to preserve the order of the PRNGs +- Map map = new LinkedHashMap<>(); +- SunEntries.putEntries(map); +- SunRsaSignEntries.putEntries(map); +- AccessController.doPrivileged(new PutAllAction(this, map)); ++ AccessController.doPrivileged(new PrivilegedAction() { ++ public Void run() { ++ putEntries(sunIter); ++ putEntries(rsaIter); ++ return null; ++ } ++ }); + } + } + ++ void putEntries(Iterator i) { ++ while (i.hasNext()) { ++ putService(i.next()); ++ } ++ } + } +diff --git a/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java b/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java +index 65ae02a08..3c3d0f693 100644 +--- a/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java ++++ b/jdk/src/share/classes/sun/security/rsa/SunRsaSign.java +@@ -29,7 +29,6 @@ import java.util.*; + + import java.security.*; + +-import sun.security.action.PutAllAction; + + /** + * Provider class for the RSA signature provider. Supports RSA keyfactory, +@@ -45,17 +44,25 @@ public final class SunRsaSign extends Provider { + public SunRsaSign() { + super("SunRsaSign", 1.8d, "Sun RSA signature provider"); + +- // if there is no security manager installed, put directly into +- // the provider. Otherwise, create a temporary map and use a +- // doPrivileged() call at the end to transfer the contents ++ Provider p = this; ++ Iterator serviceIter = new SunRsaSignEntries(p).iterator(); ++ + if (System.getSecurityManager() == null) { +- SunRsaSignEntries.putEntries(this); ++ putEntries(serviceIter); + } else { +- // use LinkedHashMap to preserve the order of the PRNGs +- Map map = new HashMap<>(); +- SunRsaSignEntries.putEntries(map); +- AccessController.doPrivileged(new PutAllAction(this, map)); ++ AccessController.doPrivileged(new PrivilegedAction() { ++ @Override ++ public Void run() { ++ putEntries(serviceIter); ++ return null; ++ } ++ }); + } + } + ++ void putEntries(Iterator i) { ++ while (i.hasNext()) { ++ putService(i.next()); ++ } ++ } + } +diff --git a/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java b/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java +index 6af5fdf85..f8de9eccc 100644 +--- a/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java ++++ b/jdk/src/share/classes/sun/security/rsa/SunRsaSignEntries.java +@@ -25,7 +25,9 @@ + + package sun.security.rsa; + +-import java.util.Map; ++import java.util.*; ++import java.security.Provider; ++import static sun.security.provider.SunEntries.createAliasesWithOid; + + /** + * Defines the entries of the SunRsaSign provider. +@@ -34,102 +36,81 @@ import java.util.Map; + */ + public final class SunRsaSignEntries { + +- private SunRsaSignEntries() { +- // empty ++ private void add(Provider p, String type, String algo, String cn, ++ List aliases, HashMap attrs) { ++ services.add(new Provider.Service(p, type, algo, cn, aliases, attrs)); + } + +- public static void putEntries(Map map) { +- +- // main algorithms +- map.put("KeyFactory.RSA", +- "sun.security.rsa.RSAKeyFactory$Legacy"); +- map.put("KeyPairGenerator.RSA", +- "sun.security.rsa.RSAKeyPairGenerator$Legacy"); +- map.put("Signature.MD2withRSA", +- "sun.security.rsa.RSASignature$MD2withRSA"); +- map.put("Signature.MD5withRSA", +- "sun.security.rsa.RSASignature$MD5withRSA"); +- map.put("Signature.SHA1withRSA", +- "sun.security.rsa.RSASignature$SHA1withRSA"); +- map.put("Signature.SHA224withRSA", +- "sun.security.rsa.RSASignature$SHA224withRSA"); +- map.put("Signature.SHA256withRSA", +- "sun.security.rsa.RSASignature$SHA256withRSA"); +- map.put("Signature.SHA384withRSA", +- "sun.security.rsa.RSASignature$SHA384withRSA"); +- map.put("Signature.SHA512withRSA", +- "sun.security.rsa.RSASignature$SHA512withRSA"); +- map.put("Signature.SHA512/224withRSA", +- "sun.security.rsa.RSASignature$SHA512_224withRSA"); +- map.put("Signature.SHA512/256withRSA", +- "sun.security.rsa.RSASignature$SHA512_256withRSA"); +- +- map.put("KeyFactory.RSASSA-PSS", +- "sun.security.rsa.RSAKeyFactory$PSS"); +- map.put("KeyPairGenerator.RSASSA-PSS", +- "sun.security.rsa.RSAKeyPairGenerator$PSS"); +- map.put("Signature.RSASSA-PSS", +- "sun.security.rsa.RSAPSSSignature"); +- map.put("AlgorithmParameters.RSASSA-PSS", +- "sun.security.rsa.PSSParameters"); +- +- // attributes for supported key classes +- String rsaKeyClasses = "java.security.interfaces.RSAPublicKey" + +- "|java.security.interfaces.RSAPrivateKey"; +- map.put("Signature.MD2withRSA SupportedKeyClasses", rsaKeyClasses); +- map.put("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses); +- map.put("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses); +- map.put("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses); +- map.put("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses); +- map.put("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses); +- map.put("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses); +- map.put("Signature.SHA512/224withRSA SupportedKeyClasses", rsaKeyClasses); +- map.put("Signature.SHA512/256withRSA SupportedKeyClasses", rsaKeyClasses); +- map.put("Signature.RSASSA-PSS SupportedKeyClasses", rsaKeyClasses); +- +- // aliases +- map.put("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA"); +- map.put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA"); +- +- map.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA"); +- map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA"); +- +- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA"); +- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA"); +- +- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); +- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA"); +- +- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); +- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA"); +- map.put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); +- +- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.14", "SHA224withRSA"); +- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA"); +- +- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA"); +- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA"); +- +- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA"); +- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA"); +- +- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA"); +- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA"); +- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.15", "SHA512/224withRSA"); +- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.15", "SHA512/224withRSA"); +- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.16", "SHA512/256withRSA"); +- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.16", "SHA512/256withRSA"); +- +- map.put("Alg.Alias.KeyFactory.1.2.840.113549.1.1.10", "RSASSA-PSS"); +- map.put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); +- +- map.put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.10", "RSASSA-PSS"); +- map.put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); +- +- map.put("Alg.Alias.Signature.1.2.840.113549.1.1.10", "RSASSA-PSS"); +- map.put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); ++ // extend LinkedHashSet for consistency with SunEntries ++ // used by sun.security.provider.VerificationProvider ++ public SunRsaSignEntries(Provider p) { ++ services = new LinkedHashSet<>(20, 0.9f); ++ ++ // start populating content using the specified provider ++ ++ // common oids ++ String rsaOid = "1.2.840.113549.1.1"; ++ List rsaAliases = createAliasesWithOid(rsaOid); ++ List rsapssAliases = createAliasesWithOid(rsaOid + ".10"); ++ String sha1withRSAOid2 = "1.3.14.3.2.29"; ++ ++ // common attribute map ++ HashMap attrs = new HashMap<>(3); ++ attrs.put("SupportedKeyClasses", ++ "java.security.interfaces.RSAPublicKey" + ++ "|java.security.interfaces.RSAPrivateKey"); ++ ++ add(p, "KeyFactory", "RSA", ++ "sun.security.rsa.RSAKeyFactory$Legacy", ++ rsaAliases, null); ++ add(p, "KeyPairGenerator", "RSA", ++ "sun.security.rsa.RSAKeyPairGenerator$Legacy", ++ rsaAliases, null); ++ add(p, "Signature", "MD2withRSA", ++ "sun.security.rsa.RSASignature$MD2withRSA", ++ createAliasesWithOid(rsaOid + ".2"), attrs); ++ add(p, "Signature", "MD5withRSA", ++ "sun.security.rsa.RSASignature$MD5withRSA", ++ createAliasesWithOid(rsaOid + ".4"), attrs); ++ add(p, "Signature", "SHA1withRSA", ++ "sun.security.rsa.RSASignature$SHA1withRSA", ++ createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2), attrs); ++ add(p, "Signature", "SHA224withRSA", ++ "sun.security.rsa.RSASignature$SHA224withRSA", ++ createAliasesWithOid(rsaOid + ".14"), attrs); ++ add(p, "Signature", "SHA256withRSA", ++ "sun.security.rsa.RSASignature$SHA256withRSA", ++ createAliasesWithOid(rsaOid + ".11"), attrs); ++ add(p, "Signature", "SHA384withRSA", ++ "sun.security.rsa.RSASignature$SHA384withRSA", ++ createAliasesWithOid(rsaOid + ".12"), attrs); ++ add(p, "Signature", "SHA512withRSA", ++ "sun.security.rsa.RSASignature$SHA512withRSA", ++ createAliasesWithOid(rsaOid + ".13"), attrs); ++ add(p, "Signature", "SHA512/224withRSA", ++ "sun.security.rsa.RSASignature$SHA512_224withRSA", ++ createAliasesWithOid(rsaOid + ".15"), attrs); ++ add(p, "Signature", "SHA512/256withRSA", ++ "sun.security.rsa.RSASignature$SHA512_256withRSA", ++ createAliasesWithOid(rsaOid + ".16"), attrs); ++ ++ add(p, "KeyFactory", "RSASSA-PSS", ++ "sun.security.rsa.RSAKeyFactory$PSS", ++ rsapssAliases, null); ++ add(p, "KeyPairGenerator", "RSASSA-PSS", ++ "sun.security.rsa.RSAKeyPairGenerator$PSS", ++ rsapssAliases, null); ++ add(p, "Signature", "RSASSA-PSS", ++ "sun.security.rsa.RSAPSSSignature", ++ rsapssAliases, attrs); ++ add(p, "AlgorithmParameters", "RSASSA-PSS", ++ "sun.security.rsa.PSSParameters", ++ rsapssAliases, null); ++ } + +- map.put("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.10", "RSASSA-PSS"); +- map.put("Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); ++ public Iterator iterator() { ++ return services.iterator(); + } ++ ++ private LinkedHashSet services; + } +diff --git a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java +index 2845dc379..58b791c99 100644 +--- a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java ++++ b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java +@@ -26,9 +26,12 @@ + + package sun.security.ssl; + +-import static sun.security.util.SecurityConstants.PROVIDER_VER; +- + import java.security.*; ++import java.util.*; ++ ++import static sun.security.provider.SunEntries.createAliasesWithOid; ++import static sun.security.util.SecurityConstants.PROVIDER_VER; ++import static sun.security.provider.SunEntries.createAliases; + + /** + * The JSSE provider. +@@ -159,79 +162,78 @@ public abstract class SunJSSE extends java.security.Provider { + }); + } + ++ private void ps(String type, String algo, String cn, ++ List aliases, HashMap attrs) { ++ putService(new Provider.Service(this, type, algo, cn, aliases, attrs)); ++ } ++ ++ + private void doRegister(boolean isfips) { + if (isfips == false) { +- put("KeyFactory.RSA", +- "sun.security.rsa.RSAKeyFactory$Legacy"); +- put("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA"); +- put("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA"); +- +- put("KeyPairGenerator.RSA", +- "sun.security.rsa.RSAKeyPairGenerator$Legacy"); +- put("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA"); +- put("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA"); +- +- put("Signature.MD2withRSA", +- "sun.security.rsa.RSASignature$MD2withRSA"); +- put("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA"); +- put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", +- "MD2withRSA"); +- +- put("Signature.MD5withRSA", +- "sun.security.rsa.RSASignature$MD5withRSA"); +- put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); +- put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", +- "MD5withRSA"); +- +- put("Signature.SHA1withRSA", +- "sun.security.rsa.RSASignature$SHA1withRSA"); +- put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); +- put("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", +- "SHA1withRSA"); +- put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); +- put("Alg.Alias.Signature.OID.1.3.14.3.2.29", "SHA1withRSA"); ++ // common oids ++ String rsaOid = "1.2.840.113549.1.1"; ++ List rsaAliases = createAliasesWithOid(rsaOid); ++ String sha1withRSAOid2 = "1.3.14.3.2.29"; ++ ++ // common attribute map ++ HashMap attrs = new HashMap<>(3); ++ attrs.put("SupportedKeyClasses", ++ "java.security.interfaces.RSAPublicKey" + ++ "|java.security.interfaces.RSAPrivateKey"); ++ ++ ps("KeyFactory", "RSA", ++ "sun.security.rsa.RSAKeyFactory$Legacy", ++ rsaAliases, null); ++ ps("KeyPairGenerator", "RSA", ++ "sun.security.rsa.RSAKeyPairGenerator$Legacy", ++ rsaAliases, null); ++ ps("Signature", "MD2withRSA", ++ "sun.security.rsa.RSASignature$MD2withRSA", ++ createAliasesWithOid(rsaOid + ".2"), attrs); ++ ps("Signature", "MD5withRSA", ++ "sun.security.rsa.RSASignature$MD5withRSA", ++ createAliasesWithOid(rsaOid + ".4"), attrs); ++ ps("Signature", "SHA1withRSA", ++ "sun.security.rsa.RSASignature$SHA1withRSA", ++ createAliasesWithOid(rsaOid + ".5", sha1withRSAOid2, "OID." + sha1withRSAOid2), attrs); + + } +- put("Signature.MD5andSHA1withRSA", +- "sun.security.ssl.RSASignature"); +- +- put("KeyManagerFactory.SunX509", +- "sun.security.ssl.KeyManagerFactoryImpl$SunX509"); +- put("KeyManagerFactory.NewSunX509", +- "sun.security.ssl.KeyManagerFactoryImpl$X509"); +- put("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509"); +- +- put("TrustManagerFactory.SunX509", +- "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory"); +- put("TrustManagerFactory.PKIX", +- "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory"); +- put("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX"); +- put("Alg.Alias.TrustManagerFactory.X509", "PKIX"); +- put("Alg.Alias.TrustManagerFactory.X.509", "PKIX"); +- +- put("SSLContext.TLSv1", +- "sun.security.ssl.SSLContextImpl$TLS10Context"); +- put("SSLContext.TLSv1.1", +- "sun.security.ssl.SSLContextImpl$TLS11Context"); +- put("SSLContext.TLSv1.2", +- "sun.security.ssl.SSLContextImpl$TLS12Context"); +- put("SSLContext.TLSv1.3", +- "sun.security.ssl.SSLContextImpl$TLS13Context"); +- put("SSLContext.TLS", +- "sun.security.ssl.SSLContextImpl$TLSContext"); +- if (isfips == false) { +- put("Alg.Alias.SSLContext.SSL", "TLS"); +- put("Alg.Alias.SSLContext.SSLv3", "TLSv1"); +- } +- +- put("SSLContext.Default", +- "sun.security.ssl.SSLContextImpl$DefaultSSLContext"); ++ ps("Signature", "MD5andSHA1withRSA", ++ "sun.security.ssl.RSASignature", null, null); ++ ++ ps("KeyManagerFactory", "SunX509", ++ "sun.security.ssl.KeyManagerFactoryImpl$SunX509", null, null); ++ ps("KeyManagerFactory", "NewSunX509", ++ "sun.security.ssl.KeyManagerFactoryImpl$X509", ++ createAliases("PKIX"), null); ++ ++ ps("TrustManagerFactory", "SunX509", ++ "sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory", null, null); ++ ps("TrustManagerFactory", "PKIX", ++ "sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory", ++ createAliases("SunPKIX", "X509", "X.509"), null); ++ ++ ps("SSLContext", "TLSv1", ++ "sun.security.ssl.SSLContextImpl$TLS10Context", ++ (isfips? null : createAliases("SSLv3")), null); ++ ps("SSLContext", "TLSv1.1", ++ "sun.security.ssl.SSLContextImpl$TLS11Context", null, null); ++ ps("SSLContext", "TLSv1.2", ++ "sun.security.ssl.SSLContextImpl$TLS12Context", null, null); ++ ps("SSLContext", "TLSv1.3", ++ "sun.security.ssl.SSLContextImpl$TLS13Context", null, null); ++ ps("SSLContext", "TLS", ++ "sun.security.ssl.SSLContextImpl$TLSContext", ++ (isfips? null : createAliases("SSL")), null); ++ ++ ps("SSLContext", "Default", ++ "sun.security.ssl.SSLContextImpl$DefaultSSLContext", null, null); + + /* + * KeyStore + */ +- put("KeyStore.PKCS12", +- "sun.security.pkcs12.PKCS12KeyStore"); ++ ps("KeyStore", "PKCS12", ++ "sun.security.pkcs12.PKCS12KeyStore", null, null); + } + + private void subclassCheck() { +diff --git a/jdk/test/java/security/Provider/BaseProviderValidator.java b/jdk/test/java/security/Provider/BaseProviderValidator.java +new file mode 100644 +index 000000000..510529baa +--- /dev/null ++++ b/jdk/test/java/security/Provider/BaseProviderValidator.java +@@ -0,0 +1,76 @@ ++/* ++ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Huawei designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Huawei in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional ++ * information or have any questions. ++ */ ++ ++/* ++ * @test ++ * @bug 7092821 ++ * @library ../testlibrary ++ * @summary make sure that Sun providers do not miss any algorithms after ++ * modifying the frameworks underneath ++ * @author Henry Yang ++ */ ++ ++import java.security.Provider; ++import java.security.Provider.Service; ++ ++/** ++ * Base class for a provider validator ++ * ++ * @author Henry Yang ++ * @since 2022-05-05 ++ */ ++public abstract class BaseProviderValidator { ++ String providerName; ++ Provider provider; ++ ++ public BaseProviderValidator() { ++ provider = getDefaultProvider(); ++ providerName = provider.getName(); ++ } ++ ++ abstract Provider getDefaultProvider(); ++ ++ abstract boolean validate() throws Exception; ++ ++ Service getService(String type, String algo) { ++ return ProviderValidationUtil.getService(provider, type, algo); ++ } ++ ++ boolean checkService(String serviceName) { ++ String[] typeAndAlg = ProviderValidationUtil.getTypeAndAlgorithm(serviceName); ++ if(typeAndAlg == null || typeAndAlg.length < 2){ ++ throw new RuntimeException("service name is not in a right formation"); ++ } ++ return ProviderValidationUtil.checkService(provider, typeAndAlg[0], typeAndAlg[1]); ++ } ++ ++ boolean checkAlias(String aliasFullName, String serviceShortName) { ++ return ProviderValidationUtil.checkAlias(provider, aliasFullName, serviceShortName); ++ } ++ ++ boolean checkAttribute(String attrName, String attrValue) { ++ String[] nameAndAttr = attrName.split("\\s+"); ++ return ProviderValidationUtil.checkAttribute(provider, nameAndAttr[0], nameAndAttr[1], attrValue); ++ } ++} +diff --git a/jdk/test/java/security/Provider/GetServiceRace.java b/jdk/test/java/security/Provider/GetServiceRace.java +new file mode 100644 +index 000000000..b5b47b5d9 +--- /dev/null ++++ b/jdk/test/java/security/Provider/GetServiceRace.java +@@ -0,0 +1,98 @@ ++/* ++ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* ++ * @test ++ * @bug 8231387 ++ * @library ../testlibrary ++ * @summary make sure getService() avoids a race ++ * @author Tianmin Shi ++ */ ++ ++import java.security.Provider; ++ ++public class GetServiceRace { ++ ++ private static final Provider testProvider; ++ static { ++ testProvider = new Provider("MyProvider", 1.0, "test") { ++ }; ++ testProvider.put("CertificateFactory.Fixed", "MyCertificateFactory"); ++ } ++ ++ private static final int NUMBER_OF_RETRIEVERS = 3; ++ private static final int TEST_TIME_MS = 1000; ++ ++ public static boolean testFailed = false; ++ ++ public static void main(String[] args) throws Exception { ++ Updater updater = new Updater(); ++ updater.start(); ++ Retriever [] retrievers = new Retriever[NUMBER_OF_RETRIEVERS]; ++ for (int i=0; i Test Passed"); ++ } ++ ++ private static void validate(Provider p, String algo, String alias) { ++ Provider.Service s = p.getService("SecureRandom", alias); ++ if (s == null) { ++ throw new RuntimeException("Failed alias " + alias + " check, " + ++ "exp: " + algo + ", got null"); ++ } ++ if (!algo.equals(s.getAlgorithm())) { ++ throw new RuntimeException("Failed alias " + alias + " check, " + ++ "exp: " + algo + ", got " + s.getAlgorithm()); ++ } ++ } ++ ++ ++ private static final String SR_IMPLCLASS = ++ "sun.security.provider.SecureRandom"; ++ private static class CustomProvider extends Provider { ++ private static class CustomService extends Provider.Service { ++ CustomService(Provider p, String type, String algo, String cName) { ++ super(p, type, algo, cName, null, null); ++ } ++ } ++ ++ CustomProvider() { ++ super("CP", 1.0, "test provider that registers two services, " + ++ "one with put and one with putService"); ++ ++ putService(new CustomService(this, "SecureRandom", ++ MODERN_ALGO, SR_IMPLCLASS)); ++ put("SecureRandom." + LEGACY_ALGO, SR_IMPLCLASS); ++ } ++ } ++} +diff --git a/jdk/test/java/security/Provider/ProviderValidationUtil.java b/jdk/test/java/security/Provider/ProviderValidationUtil.java +new file mode 100644 +index 000000000..8c4ef89c7 +--- /dev/null ++++ b/jdk/test/java/security/Provider/ProviderValidationUtil.java +@@ -0,0 +1,270 @@ ++/* ++ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Huawei designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Huawei in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional ++ * information or have any questions. ++ */ ++ ++/* ++ * @test ++ * @bug 7092821 ++ * @library ../testlibrary ++ * @summary make sure that Sun providers do not miss any algorithms after ++ * modifying the frameworks underneath ++ * @author Henry Yang ++ */ ++ ++import static java.util.Locale.ENGLISH; ++ ++import java.lang.reflect.InvocationTargetException; ++import java.lang.reflect.Method; ++import java.security.Provider; ++import java.security.Provider.Service; ++import java.util.Collections; ++import java.util.HashSet; ++import java.util.List; ++import java.util.Set; ++ ++/** ++ * utils for provider validator ++ * ++ * @author Henry Yang ++ * @since 2022-05-05 ++ */ ++public class ProviderValidationUtil { ++ private static final String ALIAS_PREFIX_LOWER = "alg.alias."; ++ private static final int ALIAS_LENGTH = ALIAS_PREFIX_LOWER.length(); ++ ++ /** ++ * get a service from a provider for a specific algorithm ++ * ++ * @param provider the provider to get a service ++ * @param type algorithm type ++ * @param algo algorithm name ++ * @return the service of the specific algorithm ++ */ ++ public static Service getService(Provider provider, String type, String algo) { ++ Service service = provider.getService(type, algo); ++ if (service == null) { ++ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, algo)); ++ } ++ return service; ++ } ++ ++ /** ++ * checks if the provider offers services for a specific algorithm ++ * ++ * @param provider the provider to check ++ * @param type algorithm type ++ * @param algo algorithm name ++ * @return true if passed this check ++ */ ++ public static boolean checkService(Provider provider, String type, String algo) { ++ Service service = getService(provider, type, algo); ++ String className = service.getClassName(); ++ if (className == null) { ++ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, algo)); ++ } ++ try { ++ Class.forName(className); ++ } catch (ClassNotFoundException e) { ++ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, algo)); ++ } ++ return true; ++ } ++ ++ private static List getAlias(Service service) { ++ try { ++ Method method = Service.class.getDeclaredMethod("getAliases"); ++ method.setAccessible(true); ++ List aliases = (List) method.invoke(service, null); ++ return aliases; ++ } catch (NoSuchMethodException | InvocationTargetException | IllegalAccessException e) { ++ e.printStackTrace(); ++ } ++ return Collections.emptyList(); ++ } ++ ++ /** ++ * check if the provider associates the alias name to the service ++ * ++ * @param provider the provider to check ++ * @param aliasFullName alias ++ * @param serviceShortName service name for short ++ * @return true if passed this check ++ */ ++ public static boolean checkAlias(Provider provider, String aliasFullName, String serviceShortName) { ++ if (aliasFullName.toLowerCase(ENGLISH).startsWith(ALIAS_PREFIX_LOWER)) { ++ // for example, in provider defination put("Alg.Alias.MessageDigest.SHA", "SHA-1"); ++ // Alg.Alias.MessageDigest.SHA for the aliasFullNanme and SHA-1 for serviceShortName ++ // the aliasKey is MessageDigest.SHA ++ String aliasKey = aliasFullName.substring(ALIAS_LENGTH); ++ String[] typeAndAlg = getTypeAndAlgorithm(aliasKey); ++ if (typeAndAlg == null || typeAndAlg.length < 2) { ++ throw new NameMalFormatException("alias name and type cannot be null"); ++ } ++ String type = typeAndAlg[0]; ++ String aliasAlg = typeAndAlg[1].intern(); ++ Service aliasService = provider.getService(type, aliasAlg); ++ if (aliasService == null) { ++ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, aliasAlg)); ++ } ++ Service service = provider.getService(type, serviceShortName); ++ if (service == null) { ++ throw new ServiceNotFoundException(provider.getName(), getServiceName(type, serviceShortName)); ++ } ++ if (service != aliasService || !checkAliasInService(service, aliasAlg)) { ++ throw new AliasNotMatchedException( ++ getServiceName(type, aliasAlg), getServiceName(type, serviceShortName)); ++ } ++ } else { ++ throw new NameMalFormatException("Alias name is not in a proper format"); ++ } ++ return true; ++ } ++ ++ private static boolean checkAliasInService(Service service, String... aliasArray) { ++ List aliases = getAlias(service); ++ Set aliasesSet = new HashSet<>(); ++ aliasesSet.addAll(aliases); ++ for (String aliasName : aliasArray) { ++ if (!aliasesSet.contains(aliasName)) { ++ return false; ++ } ++ } ++ return true; ++ } ++ ++ /** ++ * check if the service has a specific attribute with the correct value in the provider ++ * ++ * @param provider the provider to check ++ * @param serviceName service name ++ * @param attrName attribute name ++ * @param attrValue attribute value ++ * @return true if passed this check ++ */ ++ public static boolean checkAttribute(Provider provider, String serviceName, String attrName, String attrValue) { ++ String[] typeAndAlg = getTypeAndAlgorithm(serviceName); ++ if (typeAndAlg == null || typeAndAlg.length < 2) { ++ throw new NameMalFormatException("service name is not in a right formation"); ++ } ++ Service service = getService(provider, typeAndAlg[0], typeAndAlg[1]); ++ return checkAttribute(service, attrName, attrValue); ++ } ++ ++ private static boolean checkAttribute(Service service, String attrName, String attrValue) { ++ if (!attrValue.equals(service.getAttribute(attrName))) { ++ throw new AttributeNotFoundException(service.getType(), service.getAlgorithm(), attrName, attrValue); ++ } ++ return true; ++ } ++ ++ private static String getServiceName(String type, String algo) { ++ return type + "." + algo; ++ } ++ ++ /** ++ * seperate algorithm key with type and name ++ * ++ * @param key algorithm full name ++ * @return string array with algorithm type and name ++ */ ++ public static String[] getTypeAndAlgorithm(String key) { ++ int index = key.indexOf('.'); ++ if (index < 1) { ++ return new String[0]; ++ } ++ String type = key.substring(0, index); ++ String alg = key.substring(index + 1); ++ return new String[] {type, alg}; ++ } ++ ++ /** ++ * throws this exception if we cannot find the service in the provider ++ * ++ * @author Henry Yang ++ * @since 2022-05-05 ++ */ ++ public static class ServiceNotFoundException extends RuntimeException { ++ public ServiceNotFoundException(String provider, String serviceName) { ++ this("faild to find " + serviceName + " in " + provider + " provider"); ++ } ++ ++ public ServiceNotFoundException(String message) { ++ super(message); ++ } ++ } ++ ++ /** ++ * throws this exception if we cannot find the attribute in the service ++ * or the attribute value is not correct ++ * ++ * @author Henry Yang ++ * @since 2022-05-05 ++ */ ++ public static class AttributeNotFoundException extends RuntimeException { ++ public AttributeNotFoundException(String type, String algo, String attrName, String attrValue) { ++ this( ++ "faild " ++ + type ++ + "." ++ + algo ++ + " '" ++ + attrName ++ + "' attribute check, " ++ + "the correct value should be '" ++ + attrValue ++ + "'"); ++ } ++ ++ public AttributeNotFoundException(String message) { ++ super(message); ++ } ++ } ++ ++ /** ++ * throws this exception if we cannot find the alias name in the provider ++ * ++ * @author Henry Yang ++ * @since 2022-05-05 ++ */ ++ public static class AliasNotMatchedException extends RuntimeException { ++ public AliasNotMatchedException(String aliasName, String serviceName) { ++ this("faild to find alias name " + aliasName + " in " + serviceName); ++ } ++ ++ public AliasNotMatchedException(String message) { ++ super(message); ++ } ++ } ++ ++ /** ++ * throws this exception if the name is in a malformation ++ * ++ * @author Henry Yang ++ * @since 2022-05-05 ++ */ ++ public static class NameMalFormatException extends RuntimeException { ++ public NameMalFormatException(String message) { ++ super(message); ++ } ++ } ++} +diff --git a/jdk/test/java/security/Provider/SunJCEValidator.java b/jdk/test/java/security/Provider/SunJCEValidator.java +new file mode 100644 +index 000000000..314abb380 +--- /dev/null ++++ b/jdk/test/java/security/Provider/SunJCEValidator.java +@@ -0,0 +1,574 @@ ++/* ++ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Huawei designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Huawei in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional ++ * information or have any questions. ++ */ ++ ++/* ++ * @test ++ * @bug 7092821 ++ * @library ../testlibrary ++ * @summary make sure that Sun providers do not miss any algorithms after ++ * modifying the frameworks underneath ++ * @author Henry Yang ++ */ ++ ++/* ++ *- @TestCaseID:Provider/SunJCEValidator.java ++ *- @TestCaseName:Provider/SunJCEValidator.java ++ *- @TestCaseType:Function test ++ *- @RequirementID:AR.SR.IREQ02758058.001.001 ++ *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck ++ *- @Condition:JDK8u302及以后 ++ *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异(以openJDK8u302为准) ++ * -#step:比较openJDK8u302 SunJceProvider与此特性修改后的SunJceProvider所提供的service是否一致 ++ *- @Expect:正常运行 ++ *- @Priority:Level 1 ++ */ ++ ++import com.sun.crypto.provider.SunJCE; ++ ++import java.security.Provider; ++ ++/** ++ * validator for SunJCE provider, make sure we do not miss any algorithm ++ * after the modification. ++ * ++ * @author Henry Yang ++ * @since 2022-05-05 ++ */ ++public class SunJCEValidator extends BaseProviderValidator { ++ private static final String OID_PKCS12_RC4_128 = "1.2.840.113549.1.12.1.1"; ++ private static final String OID_PKCS12_RC4_40 = "1.2.840.113549.1.12.1.2"; ++ private static final String OID_PKCS12_DESede = "1.2.840.113549.1.12.1.3"; ++ private static final String OID_PKCS12_RC2_128 = "1.2.840.113549.1.12.1.5"; ++ private static final String OID_PKCS12_RC2_40 = "1.2.840.113549.1.12.1.6"; ++ private static final String OID_PKCS5_MD5_DES = "1.2.840.113549.1.5.3"; ++ private static final String OID_PKCS5_PBKDF2 = "1.2.840.113549.1.5.12"; ++ private static final String OID_PKCS5_PBES2 = "1.2.840.113549.1.5.13"; ++ private static final String OID_PKCS3 = "1.2.840.113549.1.3.1"; ++ ++ public static void main(String[] args) throws Exception { ++ SunJCEValidator validator = new SunJCEValidator(); ++ validator.validate(); ++ } ++ ++ @Override ++ Provider getDefaultProvider() { ++ return new SunJCE(); ++ } ++ ++ @Override ++ boolean validate() throws Exception { ++ final String BLOCK_MODES = ++ "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" ++ + "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" ++ + "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64"; ++ final String BLOCK_MODES128 = ++ BLOCK_MODES ++ + "|GCM|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" ++ + "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128"; ++ final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING"; ++ ++ /* ++ * Cipher engines ++ */ ++ checkService("Cipher.RSA"); ++ checkAttribute("Cipher.RSA SupportedModes", "ECB"); ++ checkAttribute( ++ "Cipher.RSA SupportedPaddings", ++ "NOPADDING|PKCS1PADDING|OAEPPADDING" ++ + "|OAEPWITHMD5ANDMGF1PADDING" ++ + "|OAEPWITHSHA1ANDMGF1PADDING" ++ + "|OAEPWITHSHA-1ANDMGF1PADDING" ++ + "|OAEPWITHSHA-224ANDMGF1PADDING" ++ + "|OAEPWITHSHA-256ANDMGF1PADDING" ++ + "|OAEPWITHSHA-384ANDMGF1PADDING" ++ + "|OAEPWITHSHA-512ANDMGF1PADDING" ++ + "|OAEPWITHSHA-512/224ANDMGF1PADDING" ++ + "|OAEPWITHSHA-512/256ANDMGF1PADDING"); ++ checkAttribute( ++ "Cipher.RSA SupportedKeyClasses", ++ "java.security.interfaces.RSAPublicKey" + "|java.security.interfaces.RSAPrivateKey"); ++ ++ checkService("Cipher.DES"); ++ checkAttribute("Cipher.DES SupportedModes", BLOCK_MODES); ++ checkAttribute("Cipher.DES SupportedPaddings", BLOCK_PADS); ++ checkAttribute("Cipher.DES SupportedKeyFormats", "RAW"); ++ ++ checkService("Cipher.DESede"); ++ checkAlias("Alg.Alias.Cipher.TripleDES", "DESede"); ++ checkAttribute("Cipher.DESede SupportedModes", BLOCK_MODES); ++ checkAttribute("Cipher.DESede SupportedPaddings", BLOCK_PADS); ++ checkAttribute("Cipher.DESede SupportedKeyFormats", "RAW"); ++ ++ checkService("Cipher.DESedeWrap"); ++ checkAttribute("Cipher.DESedeWrap SupportedModes", "CBC"); ++ checkAttribute("Cipher.DESedeWrap SupportedPaddings", "NOPADDING"); ++ checkAttribute("Cipher.DESedeWrap SupportedKeyFormats", "RAW"); ++ System.out.println("Cipher engines check passed"); ++ ++ // PBES1 ++ checkService("Cipher.PBEWithMD5AndDES"); ++ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES"); ++ checkAlias("Alg.Alias.Cipher." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES"); ++ ++ checkService("Cipher.PBEWithMD5AndTripleDES"); ++ ++ checkService("Cipher.PBEWithSHA1AndDESede"); ++ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede"); ++ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede"); ++ ++ checkService("Cipher.PBEWithSHA1AndRC2_40"); ++ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40"); ++ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40"); ++ ++ checkService("Cipher.PBEWithSHA1AndRC2_128"); ++ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128"); ++ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128"); ++ ++ checkService("Cipher.PBEWithSHA1AndRC4_40"); ++ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40"); ++ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40"); ++ ++ checkService("Cipher.PBEWithSHA1AndRC4_128"); ++ checkAlias("Alg.Alias.Cipher.OID." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128"); ++ checkAlias("Alg.Alias.Cipher." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128"); ++ System.out.println("PBES1 check passed"); ++ ++ // PBES2 ++ ++ checkService("Cipher.PBEWithHmacSHA1AndAES_128"); ++ ++ checkService("Cipher.PBEWithHmacSHA224AndAES_128"); ++ ++ checkService("Cipher.PBEWithHmacSHA256AndAES_128"); ++ ++ checkService("Cipher.PBEWithHmacSHA384AndAES_128"); ++ ++ checkService("Cipher.PBEWithHmacSHA512AndAES_128"); ++ ++ checkService("Cipher.PBEWithHmacSHA1AndAES_256"); ++ ++ checkService("Cipher.PBEWithHmacSHA224AndAES_256"); ++ ++ checkService("Cipher.PBEWithHmacSHA256AndAES_256"); ++ ++ checkService("Cipher.PBEWithHmacSHA384AndAES_256"); ++ ++ checkService("Cipher.PBEWithHmacSHA512AndAES_256"); ++ ++ checkService("Cipher.Blowfish"); ++ checkAttribute("Cipher.Blowfish SupportedModes", BLOCK_MODES); ++ checkAttribute("Cipher.Blowfish SupportedPaddings", BLOCK_PADS); ++ checkAttribute("Cipher.Blowfish SupportedKeyFormats", "RAW"); ++ ++ checkService("Cipher.AES"); ++ checkAlias("Alg.Alias.Cipher.Rijndael", "AES"); ++ checkAttribute("Cipher.AES SupportedModes", BLOCK_MODES128); ++ checkAttribute("Cipher.AES SupportedPaddings", BLOCK_PADS); ++ checkAttribute("Cipher.AES SupportedKeyFormats", "RAW"); ++ ++ checkService("Cipher.AES_128/ECB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding"); ++ checkService("Cipher.AES_128/CBC/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding"); ++ checkService("Cipher.AES_128/OFB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding"); ++ checkService("Cipher.AES_128/CFB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding"); ++ checkService("Cipher.AES_128/GCM/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.6", "AES_128/GCM/NoPadding"); ++ ++ checkService("Cipher.AES_192/ECB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding"); ++ checkService("Cipher.AES_192/CBC/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding"); ++ checkService("Cipher.AES_192/OFB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding"); ++ checkService("Cipher.AES_192/CFB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding"); ++ checkService("Cipher.AES_192/GCM/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.26", "AES_192/GCM/NoPadding"); ++ ++ checkService("Cipher.AES_256/ECB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding"); ++ checkService("Cipher.AES_256/CBC/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding"); ++ checkService("Cipher.AES_256/OFB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding"); ++ checkService("Cipher.AES_256/CFB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding"); ++ checkService("Cipher.AES_256/GCM/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.46", "AES_256/GCM/NoPadding"); ++ ++ checkService("Cipher.AESWrap"); ++ checkAttribute("Cipher.AESWrap SupportedModes", "ECB"); ++ checkAttribute("Cipher.AESWrap SupportedPaddings", "NOPADDING"); ++ checkAttribute("Cipher.AESWrap SupportedKeyFormats", "RAW"); ++ ++ checkService("Cipher.AESWrap_128"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.5", "AESWrap_128"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.5", "AESWrap_128"); ++ checkService("Cipher.AESWrap_192"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.25", "AESWrap_192"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.25", "AESWrap_192"); ++ checkService("Cipher.AESWrap_256"); ++ checkAlias("Alg.Alias.Cipher.2.16.840.1.101.3.4.1.45", "AESWrap_256"); ++ checkAlias("Alg.Alias.Cipher.OID.2.16.840.1.101.3.4.1.45", "AESWrap_256"); ++ ++ checkService("Cipher.RC2"); ++ checkAttribute("Cipher.RC2 SupportedModes", BLOCK_MODES); ++ checkAttribute("Cipher.RC2 SupportedPaddings", BLOCK_PADS); ++ checkAttribute("Cipher.RC2 SupportedKeyFormats", "RAW"); ++ ++ checkService("Cipher.ARCFOUR"); ++ checkAlias("Alg.Alias.Cipher.RC4", "ARCFOUR"); ++ checkAttribute("Cipher.ARCFOUR SupportedModes", "ECB"); ++ checkAttribute("Cipher.ARCFOUR SupportedPaddings", "NOPADDING"); ++ checkAttribute("Cipher.ARCFOUR SupportedKeyFormats", "RAW"); ++ System.out.println("PBES2 check passed"); ++ ++ /* ++ * Key(pair) Generator engines ++ */ ++ checkService("KeyGenerator.DES"); ++ ++ checkService("KeyGenerator.DESede"); ++ checkAlias("Alg.Alias.KeyGenerator.TripleDES", "DESede"); ++ ++ checkService("KeyGenerator.Blowfish"); ++ ++ checkService("KeyGenerator.AES"); ++ checkAlias("Alg.Alias.KeyGenerator.Rijndael", "AES"); ++ ++ checkService("KeyGenerator.RC2"); ++ checkService("KeyGenerator.ARCFOUR"); ++ checkAlias("Alg.Alias.KeyGenerator.RC4", "ARCFOUR"); ++ ++ checkService("KeyGenerator.HmacMD5"); ++ ++ checkService("KeyGenerator.HmacSHA1"); ++ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.7", "HmacSHA1"); ++ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.7", "HmacSHA1"); ++ ++ checkService("KeyGenerator.HmacSHA224"); ++ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.8", "HmacSHA224"); ++ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.8", "HmacSHA224"); ++ ++ checkService("KeyGenerator.HmacSHA256"); ++ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.9", "HmacSHA256"); ++ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.9", "HmacSHA256"); ++ ++ checkService("KeyGenerator.HmacSHA384"); ++ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.10", "HmacSHA384"); ++ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.10", "HmacSHA384"); ++ ++ checkService("KeyGenerator.HmacSHA512"); ++ checkAlias("Alg.Alias.KeyGenerator.OID.1.2.840.113549.2.11", "HmacSHA512"); ++ checkAlias("Alg.Alias.KeyGenerator.1.2.840.113549.2.11", "HmacSHA512"); ++ ++ checkService("KeyPairGenerator.DiffieHellman"); ++ checkAlias("Alg.Alias.KeyPairGenerator.DH", "DiffieHellman"); ++ checkAlias("Alg.Alias.KeyPairGenerator.OID." + OID_PKCS3, "DiffieHellman"); ++ checkAlias("Alg.Alias.KeyPairGenerator." + OID_PKCS3, "DiffieHellman"); ++ System.out.println("Key(pair) Generator engines check passed"); ++ ++ /* ++ * Algorithm parameter generation engines ++ */ ++ checkService("AlgorithmParameterGenerator.DiffieHellman"); ++ checkAlias("Alg.Alias.AlgorithmParameterGenerator.DH", "DiffieHellman"); ++ checkAlias("Alg.Alias.AlgorithmParameterGenerator.OID." + OID_PKCS3, "DiffieHellman"); ++ checkAlias("Alg.Alias.AlgorithmParameterGenerator." + OID_PKCS3, "DiffieHellman"); ++ System.out.println("Algorithm parameter generation engines check passed"); ++ ++ /* ++ * Key Agreement engines ++ */ ++ checkService("KeyAgreement.DiffieHellman"); ++ checkAlias("Alg.Alias.KeyAgreement.DH", "DiffieHellman"); ++ checkAlias("Alg.Alias.KeyAgreement.OID." + OID_PKCS3, "DiffieHellman"); ++ checkAlias("Alg.Alias.KeyAgreement." + OID_PKCS3, "DiffieHellman"); ++ ++ checkAttribute( ++ "KeyAgreement.DiffieHellman SupportedKeyClasses", ++ "javax.crypto.interfaces.DHPublicKey" + "|javax.crypto.interfaces.DHPrivateKey"); ++ System.out.println("Key Agreement engines check passed"); ++ ++ /* ++ * Algorithm Parameter engines ++ */ ++ checkService("AlgorithmParameters.DiffieHellman"); ++ checkAlias("Alg.Alias.AlgorithmParameters.DH", "DiffieHellman"); ++ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS3, "DiffieHellman"); ++ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS3, "DiffieHellman"); ++ ++ checkService("AlgorithmParameters.DES"); ++ ++ checkService("AlgorithmParameters.DESede"); ++ checkAlias("Alg.Alias.AlgorithmParameters.TripleDES", "DESede"); ++ ++ checkService("AlgorithmParameters.PBE"); ++ ++ checkService("AlgorithmParameters.PBEWithMD5AndDES"); ++ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES"); ++ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES"); ++ ++ checkService("AlgorithmParameters.PBEWithMD5AndTripleDES"); ++ ++ checkService("AlgorithmParameters.PBEWithSHA1AndDESede"); ++ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede"); ++ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede"); ++ ++ checkService("AlgorithmParameters.PBEWithSHA1AndRC2_40"); ++ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40"); ++ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40"); ++ ++ checkService("AlgorithmParameters.PBEWithSHA1AndRC2_128"); ++ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128"); ++ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128"); ++ ++ checkService("AlgorithmParameters.PBEWithSHA1AndRC4_40"); ++ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40"); ++ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40"); ++ ++ checkService("AlgorithmParameters.PBEWithSHA1AndRC4_128"); ++ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128"); ++ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128"); ++ ++ checkService("AlgorithmParameters.PBES2"); ++ checkAlias("Alg.Alias.AlgorithmParameters.OID." + OID_PKCS5_PBES2, "PBES2"); ++ checkAlias("Alg.Alias.AlgorithmParameters." + OID_PKCS5_PBES2, "PBES2"); ++ ++ checkService("AlgorithmParameters.PBEWithHmacSHA1AndAES_128"); ++ ++ checkService("AlgorithmParameters.PBEWithHmacSHA224AndAES_128"); ++ ++ checkService("AlgorithmParameters.PBEWithHmacSHA256AndAES_128"); ++ ++ checkService("AlgorithmParameters.PBEWithHmacSHA384AndAES_128"); ++ ++ checkService("AlgorithmParameters.PBEWithHmacSHA512AndAES_128"); ++ ++ checkService("AlgorithmParameters.PBEWithHmacSHA1AndAES_256"); ++ ++ checkService("AlgorithmParameters.PBEWithHmacSHA224AndAES_256"); ++ ++ checkService("AlgorithmParameters.PBEWithHmacSHA256AndAES_256"); ++ ++ checkService("AlgorithmParameters.PBEWithHmacSHA384AndAES_256"); ++ ++ checkService("AlgorithmParameters.PBEWithHmacSHA512AndAES_256"); ++ ++ checkService("AlgorithmParameters.Blowfish"); ++ ++ checkService("AlgorithmParameters.AES"); ++ checkAlias("Alg.Alias.AlgorithmParameters.Rijndael", "AES"); ++ checkService("AlgorithmParameters.GCM"); ++ ++ checkService("AlgorithmParameters.RC2"); ++ ++ checkService("AlgorithmParameters.OAEP"); ++ System.out.println("Algorithm Parameter engines check passed"); ++ ++ /* ++ * Key factories ++ */ ++ checkService("KeyFactory.DiffieHellman"); ++ checkAlias("Alg.Alias.KeyFactory.DH", "DiffieHellman"); ++ checkAlias("Alg.Alias.KeyFactory.OID." + OID_PKCS3, "DiffieHellman"); ++ checkAlias("Alg.Alias.KeyFactory." + OID_PKCS3, "DiffieHellman"); ++ System.out.println("Key factories check passed"); ++ ++ /* ++ * Secret-key factories ++ */ ++ checkService("SecretKeyFactory.DES"); ++ ++ checkService("SecretKeyFactory.DESede"); ++ checkAlias("Alg.Alias.SecretKeyFactory.TripleDES", "DESede"); ++ ++ checkService("SecretKeyFactory.PBEWithMD5AndDES"); ++ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES"); ++ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS5_MD5_DES, "PBEWithMD5AndDES"); ++ ++ checkAlias("Alg.Alias.SecretKeyFactory.PBE", "PBEWithMD5AndDES"); ++ ++ /* ++ * Internal in-house crypto algorithm used for ++ * the JCEKS keystore type. Since this was developed ++ * internally, there isn't an OID corresponding to this ++ * algorithm. ++ */ ++ checkService("SecretKeyFactory.PBEWithMD5AndTripleDES"); ++ ++ checkService("SecretKeyFactory.PBEWithSHA1AndDESede"); ++ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede"); ++ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_DESede, "PBEWithSHA1AndDESede"); ++ ++ checkService("SecretKeyFactory.PBEWithSHA1AndRC2_40"); ++ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40"); ++ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_40, "PBEWithSHA1AndRC2_40"); ++ ++ checkService("SecretKeyFactory.PBEWithSHA1AndRC2_128"); ++ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128"); ++ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC2_128, "PBEWithSHA1AndRC2_128"); ++ ++ checkService("SecretKeyFactory.PBEWithSHA1AndRC4_40"); ++ ++ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40"); ++ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_40, "PBEWithSHA1AndRC4_40"); ++ ++ checkService("SecretKeyFactory.PBEWithSHA1AndRC4_128"); ++ ++ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128"); ++ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS12_RC4_128, "PBEWithSHA1AndRC4_128"); ++ ++ checkService("SecretKeyFactory.PBEWithHmacSHA1AndAES_128"); ++ ++ checkService("SecretKeyFactory.PBEWithHmacSHA224AndAES_128"); ++ ++ checkService("SecretKeyFactory.PBEWithHmacSHA256AndAES_128"); ++ ++ checkService("SecretKeyFactory.PBEWithHmacSHA384AndAES_128"); ++ ++ checkService("SecretKeyFactory.PBEWithHmacSHA512AndAES_128"); ++ ++ checkService("SecretKeyFactory.PBEWithHmacSHA1AndAES_256"); ++ ++ checkService("SecretKeyFactory.PBEWithHmacSHA224AndAES_256"); ++ ++ checkService("SecretKeyFactory.PBEWithHmacSHA256AndAES_256"); ++ ++ checkService("SecretKeyFactory.PBEWithHmacSHA384AndAES_256"); ++ ++ checkService("SecretKeyFactory.PBEWithHmacSHA512AndAES_256"); ++ System.out.println("crypto algorithm for JCEKS keystore check passed "); ++ ++ // PBKDF2 ++ ++ checkService("SecretKeyFactory.PBKDF2WithHmacSHA1"); ++ checkAlias("Alg.Alias.SecretKeyFactory.OID." + OID_PKCS5_PBKDF2, "PBKDF2WithHmacSHA1"); ++ checkAlias("Alg.Alias.SecretKeyFactory." + OID_PKCS5_PBKDF2, "PBKDF2WithHmacSHA1"); ++ ++ checkService("SecretKeyFactory.PBKDF2WithHmacSHA224"); ++ checkService("SecretKeyFactory.PBKDF2WithHmacSHA256"); ++ checkService("SecretKeyFactory.PBKDF2WithHmacSHA384"); ++ checkService("SecretKeyFactory.PBKDF2WithHmacSHA512"); ++ ++ System.out.println("PBKDF2 check passed"); ++ ++ /* ++ * MAC ++ */ ++ checkService("Mac.HmacMD5"); ++ checkService("Mac.HmacSHA1"); ++ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.7", "HmacSHA1"); ++ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); ++ checkService("Mac.HmacSHA224"); ++ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.8", "HmacSHA224"); ++ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.8", "HmacSHA224"); ++ checkService("Mac.HmacSHA256"); ++ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.9", "HmacSHA256"); ++ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); ++ checkService("Mac.HmacSHA384"); ++ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.10", "HmacSHA384"); ++ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); ++ checkService("Mac.HmacSHA512"); ++ checkAlias("Alg.Alias.Mac.OID.1.2.840.113549.2.11", "HmacSHA512"); ++ checkAlias("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); ++ checkService("Mac.HmacPBESHA1"); ++ ++ System.out.println("MAC check passed"); ++ ++ // PBMAC1 ++ ++ checkService("Mac.PBEWithHmacSHA1"); ++ checkService("Mac.PBEWithHmacSHA224"); ++ checkService("Mac.PBEWithHmacSHA256"); ++ checkService("Mac.PBEWithHmacSHA384"); ++ checkService("Mac.PBEWithHmacSHA512"); ++ ++ checkService("Mac.SslMacMD5"); ++ checkService("Mac.SslMacSHA1"); ++ ++ checkAttribute("Mac.HmacMD5 SupportedKeyFormats", "RAW"); ++ checkAttribute("Mac.HmacSHA1 SupportedKeyFormats", "RAW"); ++ checkAttribute("Mac.HmacSHA224 SupportedKeyFormats", "RAW"); ++ checkAttribute("Mac.HmacSHA256 SupportedKeyFormats", "RAW"); ++ checkAttribute("Mac.HmacSHA384 SupportedKeyFormats", "RAW"); ++ checkAttribute("Mac.HmacSHA512 SupportedKeyFormats", "RAW"); ++ checkAttribute("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW"); ++ checkAttribute("Mac.PBEWithHmacSHA1 SupportedKeyFormatS", "RAW"); ++ checkAttribute("Mac.PBEWithHmacSHA224 SupportedKeyFormats", "RAW"); ++ checkAttribute("Mac.PBEWithHmacSHA256 SupportedKeyFormats", "RAW"); ++ checkAttribute("Mac.PBEWithHmacSHA384 SupportedKeyFormats", "RAW"); ++ checkAttribute("Mac.PBEWithHmacSHA512 SupportedKeyFormats", "RAW"); ++ checkAttribute("Mac.SslMacMD5 SupportedKeyFormats", "RAW"); ++ checkAttribute("Mac.SslMacSHA1 SupportedKeyFormats", "RAW"); ++ System.out.println("PBMAC1 check passed"); ++ ++ /* ++ * KeyStore ++ */ ++ checkService("KeyStore.JCEKS"); ++ System.out.println("KeyStore check passed"); ++ ++ /* ++ * SSL/TLS mechanisms ++ * ++ * These are strictly internal implementations and may ++ * be changed at any time. These names were chosen ++ * because PKCS11/SunPKCS11 does not yet have TLS1.2 ++ * mechanisms, and it will cause calls to come here. ++ */ ++ checkService("KeyGenerator.SunTlsPrf"); ++ checkService("KeyGenerator.SunTls12Prf"); ++ ++ checkService("KeyGenerator.SunTlsMasterSecret"); ++ checkAlias("Alg.Alias.KeyGenerator.SunTls12MasterSecret", "SunTlsMasterSecret"); ++ checkAlias("Alg.Alias.KeyGenerator.SunTlsExtendedMasterSecret", "SunTlsMasterSecret"); ++ ++ checkService("KeyGenerator.SunTlsKeyMaterial"); ++ checkAlias("Alg.Alias.KeyGenerator.SunTls12KeyMaterial", "SunTlsKeyMaterial"); ++ ++ checkService("KeyGenerator.SunTlsRsaPremasterSecret"); ++ checkAlias("Alg.Alias.KeyGenerator.SunTls12RsaPremasterSecret", "SunTlsRsaPremasterSecret"); ++ System.out.println("SSL/TLS mechanisms check passed"); ++ return true; ++ } ++} +diff --git a/jdk/test/java/security/Provider/SunJSSEValidator.java b/jdk/test/java/security/Provider/SunJSSEValidator.java +new file mode 100644 +index 000000000..5817c3b7f +--- /dev/null ++++ b/jdk/test/java/security/Provider/SunJSSEValidator.java +@@ -0,0 +1,137 @@ ++/* ++ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Huawei designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Huawei in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional ++ * information or have any questions. ++ */ ++ ++/* ++ * @test ++ * @bug 7092821 ++ * @library ../testlibrary ++ * @summary make sure that Sun providers do not miss any algorithms after ++ * modifying the frameworks underneath ++ * @author Henry Yang ++ */ ++ ++/* ++ *- @TestCaseID:Provider/SunJSSEValidator.java ++ *- @TestCaseName:Provider/SunJSSEValidator.java ++ *- @TestCaseType:Function test ++ *- @RequirementID:AR.SR.IREQ02758058.001.001 ++ *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck ++ *- @Condition:JDK8u302及以后 ++ *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异(以openJDK8u302为准) ++ * -#step:比较openJDK8u302 SunJSSEProvider与此特性修改后的SunJSSEProvider所提供的service是否一致 ++ *- @Expect:正常运行 ++ *- @Priority:Level 1 ++ */ ++ ++import java.security.Provider; ++import java.util.Locale; ++ ++/** ++ * validator for SunJSSE provider, make sure we do not miss any algorithm ++ * after the modification. ++ * ++ * @author Henry Yang ++ * @since 2022-05-05 ++ */ ++public class SunJSSEValidator extends BaseProviderValidator { ++ private boolean fips = false; ++ ++ public static void main(String[] args) throws Exception { ++ SunJSSEValidator validator = new SunJSSEValidator(); ++ if (args != null && args.length > 0) { ++ String fipsStr = args[0].toLowerCase(Locale.ENGLISH); ++ if (!"true".equals(fipsStr) && !"false".equals(fipsStr)) { ++ throw new RuntimeException("Fips mode argument should be a boolean value"); ++ } ++ validator.setFips(Boolean.parseBoolean(fipsStr)); ++ } ++ validator.validate(); ++ } ++ ++ public void setFips(boolean isFips) { ++ this.fips = isFips; ++ } ++ ++ @Override ++ Provider getDefaultProvider() { ++ return new com.sun.net.ssl.internal.ssl.Provider(); ++ } ++ ++ @Override ++ boolean validate() throws Exception { ++ if (fips == false) { ++ checkService("KeyFactory.RSA"); ++ checkAlias("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA"); ++ checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA"); ++ ++ checkService("KeyPairGenerator.RSA"); ++ checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA"); ++ checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA"); ++ ++ checkService("Signature.MD2withRSA"); ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA"); ++ ++ checkService("Signature.MD5withRSA"); ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA"); ++ ++ checkService("Signature.SHA1withRSA"); ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA"); ++ checkAlias("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.3.14.3.2.29", "SHA1withRSA"); ++ } ++ checkService("Signature.MD5andSHA1withRSA"); ++ ++ checkService("KeyManagerFactory.SunX509"); ++ checkService("KeyManagerFactory.NewSunX509"); ++ checkAlias("Alg.Alias.KeyManagerFactory.PKIX", "NewSunX509"); ++ ++ checkService("TrustManagerFactory.SunX509"); ++ checkService("TrustManagerFactory.PKIX"); ++ checkAlias("Alg.Alias.TrustManagerFactory.SunPKIX", "PKIX"); ++ checkAlias("Alg.Alias.TrustManagerFactory.X509", "PKIX"); ++ checkAlias("Alg.Alias.TrustManagerFactory.X.509", "PKIX"); ++ ++ checkService("SSLContext.TLSv1"); ++ checkService("SSLContext.TLSv1.1"); ++ checkService("SSLContext.TLSv1.2"); ++ checkService("SSLContext.TLSv1.3"); ++ checkService("SSLContext.TLS"); ++ if (fips == false) { ++ checkAlias("Alg.Alias.SSLContext.SSL", "TLS"); ++ checkAlias("Alg.Alias.SSLContext.SSLv3", "TLSv1"); ++ } ++ ++ checkService("SSLContext.Default"); ++ ++ /* ++ * KeyStore ++ */ ++ checkService("KeyStore.PKCS12"); ++ System.out.println("SunJSSE check passed"); ++ return true; ++ } ++} +diff --git a/jdk/test/java/security/Provider/SunRsaSignValidator.java b/jdk/test/java/security/Provider/SunRsaSignValidator.java +new file mode 100644 +index 000000000..66fb33a44 +--- /dev/null ++++ b/jdk/test/java/security/Provider/SunRsaSignValidator.java +@@ -0,0 +1,154 @@ ++/* ++ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Huawei designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Huawei in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional ++ * information or have any questions. ++ */ ++ ++/* ++ * @test ++ * @bug 7092821 ++ * @library ../testlibrary ++ * @summary make sure that Sun providers do not miss any algorithms after ++ * modifying the frameworks underneath ++ * @author Henry Yang ++ */ ++ ++/* ++ *- @TestCaseID:Provider/SunRsaSignValidator.java ++ *- @TestCaseName:Provider/SunRsaSignValidator.java ++ *- @TestCaseType:Function test ++ *- @RequirementID:AR.SR.IREQ02758058.001.001 ++ *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck ++ *- @Condition:JDK8u302及以后 ++ *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异(以openJDK8u302为准) ++ * -#step:比较openJDK8u302 SunRsaSignProvider与此特性修改后的SunRsaSignProvider所提供的service是否一致 ++ *- @Expect:正常运行 ++ *- @Priority:Level 1 ++ */ ++ ++import sun.security.rsa.SunRsaSign; ++ ++import java.security.Provider; ++ ++/** ++ * validator for SunRsaSign provider, make sure we do not miss any algorithm ++ * after the modification. ++ * ++ * @author Henry Yang ++ * @since 2022-05-05 ++ */ ++public class SunRsaSignValidator extends BaseProviderValidator { ++ public static void main(String[] args) throws Exception { ++ SunRsaSignValidator validator = new SunRsaSignValidator(); ++ validator.validate(); ++ } ++ ++ @Override ++ Provider getDefaultProvider() { ++ return new SunRsaSign(); ++ } ++ ++ @Override ++ boolean validate() throws Exception { ++ // main algorithms ++ checkService("KeyFactory.RSA"); ++ checkService("KeyPairGenerator.RSA"); ++ checkService("Signature.MD2withRSA"); ++ checkService("Signature.MD5withRSA"); ++ checkService("Signature.SHA1withRSA"); ++ checkService("Signature.SHA224withRSA"); ++ checkService("Signature.SHA256withRSA"); ++ checkService("Signature.SHA384withRSA"); ++ checkService("Signature.SHA512withRSA"); ++ checkService("Signature.SHA512/224withRSA"); ++ checkService("Signature.SHA512/256withRSA"); ++ ++ checkService("KeyFactory.RSASSA-PSS"); ++ checkService("KeyPairGenerator.RSASSA-PSS"); ++ checkService("Signature.RSASSA-PSS"); ++ checkService("AlgorithmParameters.RSASSA-PSS"); ++ ++ System.out.println("service check passed"); ++ ++ // attributes for supported key classes ++ String rsaKeyClasses = "java.security.interfaces.RSAPublicKey" + "|java.security.interfaces.RSAPrivateKey"; ++ checkAttribute("Signature.MD2withRSA SupportedKeyClasses", rsaKeyClasses); ++ checkAttribute("Signature.MD5withRSA SupportedKeyClasses", rsaKeyClasses); ++ checkAttribute("Signature.SHA1withRSA SupportedKeyClasses", rsaKeyClasses); ++ checkAttribute("Signature.SHA224withRSA SupportedKeyClasses", rsaKeyClasses); ++ checkAttribute("Signature.SHA256withRSA SupportedKeyClasses", rsaKeyClasses); ++ checkAttribute("Signature.SHA384withRSA SupportedKeyClasses", rsaKeyClasses); ++ checkAttribute("Signature.SHA512withRSA SupportedKeyClasses", rsaKeyClasses); ++ checkAttribute("Signature.SHA512/224withRSA SupportedKeyClasses", rsaKeyClasses); ++ checkAttribute("Signature.SHA512/256withRSA SupportedKeyClasses", rsaKeyClasses); ++ checkAttribute("Signature.RSASSA-PSS SupportedKeyClasses", rsaKeyClasses); ++ ++ System.out.println("attribute check passed"); ++ ++ // aliases ++ checkAlias("Alg.Alias.KeyFactory.1.2.840.113549.1.1", "RSA"); ++ checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1", "RSA"); ++ ++ checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1", "RSA"); ++ checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1", "RSA"); ++ ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.2", "MD2withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.2", "MD2withRSA"); ++ ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.4", "MD5withRSA"); ++ ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.5", "SHA1withRSA"); ++ checkAlias("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); ++ ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.14", "SHA224withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.14", "SHA224withRSA"); ++ ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.11", "SHA256withRSA"); ++ ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.12", "SHA384withRSA"); ++ ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.13", "SHA512withRSA"); ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.15", "SHA512/224withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.15", "SHA512/224withRSA"); ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.16", "SHA512/256withRSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.16", "SHA512/256withRSA"); ++ ++ checkAlias("Alg.Alias.KeyFactory.1.2.840.113549.1.1.10", "RSASSA-PSS"); ++ checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); ++ ++ checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.10", "RSASSA-PSS"); ++ checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); ++ ++ checkAlias("Alg.Alias.Signature.1.2.840.113549.1.1.10", "RSASSA-PSS"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); ++ ++ checkAlias("Alg.Alias.AlgorithmParameters.1.2.840.113549.1.1.10", "RSASSA-PSS"); ++ checkAlias("Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.1.1.10", "RSASSA-PSS"); ++ ++ System.out.println("check alias passed"); ++ return true; ++ } ++} +diff --git a/jdk/test/java/security/Provider/SunValidator.java b/jdk/test/java/security/Provider/SunValidator.java +new file mode 100644 +index 000000000..3f4b81222 +--- /dev/null ++++ b/jdk/test/java/security/Provider/SunValidator.java +@@ -0,0 +1,263 @@ ++/* ++ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Huawei designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Huawei in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional ++ * information or have any questions. ++ */ ++ ++/* ++ * @test ++ * @bug 7092821 ++ * @library ../testlibrary ++ * @summary make sure that Sun providers do not miss any algorithms after ++ * modifying the frameworks underneath ++ * @author Henry Yang ++ */ ++ ++/* ++ *- @TestCaseID:Provider/SunValidator.java ++ *- @TestCaseName:Provider/SunValidator.java ++ *- @TestCaseType:Function test ++ *- @RequirementID:AR.SR.IREQ02758058.001.001 ++ *- @RequirementName: java.security.Provider.getService() is synchronized and became scalability bottleneck ++ *- @Condition:JDK8u302及以后 ++ *- @Brief:测试相应provider更改底层架构以后所提供的service是否与原先有差异(以openJDK8u302为准) ++ * -#step:比较openJDK8u302 SunProvider与此特性修改后的SunProvider所提供的service是否一致 ++ *- @Expect:正常运行 ++ *- @Priority:Level 1 ++ */ ++ ++import sun.security.provider.NativePRNG; ++import sun.security.provider.Sun; ++ ++import java.lang.reflect.Method; ++import java.security.Provider; ++ ++/** ++ * validator for Sun provider, make sure we do not miss any algorithm ++ * after the modification. ++ * ++ * @author Henry Yang ++ * @since 2022-05-05 ++ */ ++public class SunValidator extends BaseProviderValidator { ++ public static void main(String[] args) throws Exception { ++ SunValidator validator = new SunValidator(); ++ validator.validate(); ++ } ++ ++ @Override ++ Provider getDefaultProvider() { ++ return new Sun(); ++ } ++ ++ @Override ++ public boolean validate() throws Exception { ++ Method nativeAvailableMethod = NativePRNG.class.getDeclaredMethod("isAvailable"); ++ nativeAvailableMethod.setAccessible(true); ++ boolean nativeAvailable = (Boolean) nativeAvailableMethod.invoke(null); ++ if (nativeAvailable) { ++ checkService("SecureRandom.NativePRNG"); ++ } ++ ++ checkService("SecureRandom.SHA1PRNG"); ++ ++ /* ++ * Signature engines ++ */ ++ checkService("Signature.SHA1withDSA"); ++ checkService("Signature.NONEwithDSA"); ++ checkAlias("Alg.Alias.Signature.RawDSA", "NONEwithDSA"); ++ checkService("Signature.SHA224withDSA"); ++ checkService("Signature.SHA256withDSA"); ++ ++ String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" + "|java.security.interfaces.DSAPrivateKey"; ++ checkAttribute("Signature.SHA1withDSA SupportedKeyClasses", dsaKeyClasses); ++ checkAttribute("Signature.NONEwithDSA SupportedKeyClasses", dsaKeyClasses); ++ checkAttribute("Signature.SHA224withDSA SupportedKeyClasses", dsaKeyClasses); ++ checkAttribute("Signature.SHA256withDSA SupportedKeyClasses", dsaKeyClasses); ++ ++ checkAlias("Alg.Alias.Signature.DSA", "SHA1withDSA"); ++ checkAlias("Alg.Alias.Signature.DSS", "SHA1withDSA"); ++ checkAlias("Alg.Alias.Signature.SHA/DSA", "SHA1withDSA"); ++ checkAlias("Alg.Alias.Signature.SHA-1/DSA", "SHA1withDSA"); ++ checkAlias("Alg.Alias.Signature.SHA1/DSA", "SHA1withDSA"); ++ checkAlias("Alg.Alias.Signature.SHAwithDSA", "SHA1withDSA"); ++ checkAlias("Alg.Alias.Signature.DSAWithSHA1", "SHA1withDSA"); ++ checkAlias("Alg.Alias.Signature.OID.1.2.840.10040.4.3", "SHA1withDSA"); ++ checkAlias("Alg.Alias.Signature.1.2.840.10040.4.3", "SHA1withDSA"); ++ checkAlias("Alg.Alias.Signature.1.3.14.3.2.13", "SHA1withDSA"); ++ checkAlias("Alg.Alias.Signature.1.3.14.3.2.27", "SHA1withDSA"); ++ checkAlias("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1", "SHA224withDSA"); ++ checkAlias("Alg.Alias.Signature.2.16.840.1.101.3.4.3.1", "SHA224withDSA"); ++ checkAlias("Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2", "SHA256withDSA"); ++ checkAlias("Alg.Alias.Signature.2.16.840.1.101.3.4.3.2", "SHA256withDSA"); ++ System.out.println("Signature engines check passed"); ++ ++ /* ++ * Key Pair Generator engines ++ */ ++ checkService("KeyPairGenerator.DSA"); ++ checkAlias("Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1", "DSA"); ++ checkAlias("Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1", "DSA"); ++ checkAlias("Alg.Alias.KeyPairGenerator.1.3.14.3.2.12", "DSA"); ++ System.out.println("Key Pair Generator engines check passed"); ++ ++ /* ++ * Digest engines ++ */ ++ checkService("MessageDigest.MD2"); ++ checkService("MessageDigest.MD5"); ++ checkService("MessageDigest.SHA"); ++ ++ checkAlias("Alg.Alias.MessageDigest.SHA-1", "SHA"); ++ checkAlias("Alg.Alias.MessageDigest.SHA1", "SHA"); ++ checkAlias("Alg.Alias.MessageDigest.1.3.14.3.2.26", "SHA"); ++ checkAlias("Alg.Alias.MessageDigest.OID.1.3.14.3.2.26", "SHA"); ++ ++ checkService("MessageDigest.SHA-224"); ++ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4", "SHA-224"); ++ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4", "SHA-224"); ++ ++ checkService("MessageDigest.SHA-256"); ++ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1", "SHA-256"); ++ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1", "SHA-256"); ++ checkService("MessageDigest.SHA-384"); ++ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2", "SHA-384"); ++ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2", "SHA-384"); ++ checkService("MessageDigest.SHA-512"); ++ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3", "SHA-512"); ++ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3", "SHA-512"); ++ checkService("MessageDigest.SHA-512/224"); ++ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.5", "SHA-512/224"); ++ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.5", "SHA-512/224"); ++ checkService("MessageDigest.SHA-512/256"); ++ checkAlias("Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.6", "SHA-512/256"); ++ checkAlias("Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.6", "SHA-512/256"); ++ System.out.println("Digest engines check passed"); ++ ++ /* ++ * Algorithm Parameter Generator engines ++ */ ++ checkService("AlgorithmParameterGenerator.DSA"); ++ System.out.println("Algorithm Parameter Generator engines check passed"); ++ ++ /* ++ * Algorithm Parameter engines ++ */ ++ checkService("AlgorithmParameters.DSA"); ++ checkAlias("Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1", "DSA"); ++ checkAlias("Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1", "DSA"); ++ checkAlias("Alg.Alias.AlgorithmParameters.1.3.14.3.2.12", "DSA"); ++ System.out.println("Algorithm Parameter engines check passed"); ++ ++ /* ++ * Key factories ++ */ ++ checkService("KeyFactory.DSA"); ++ checkAlias("Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1", "DSA"); ++ checkAlias("Alg.Alias.KeyFactory.1.2.840.10040.4.1", "DSA"); ++ checkAlias("Alg.Alias.KeyFactory.1.3.14.3.2.12", "DSA"); ++ System.out.println("Key factories check passed"); ++ ++ /* ++ * Certificates ++ */ ++ checkService("CertificateFactory.X.509"); ++ checkAlias("Alg.Alias.CertificateFactory.X509", "X.509"); ++ System.out.println("Certificates check passed"); ++ ++ /* ++ * KeyStore ++ */ ++ checkService("KeyStore.JKS"); ++ checkService("KeyStore.CaseExactJKS"); ++ checkService("KeyStore.DKS"); ++ System.out.println("KeyStore check passed"); ++ ++ /* ++ * Policy ++ */ ++ checkService("Policy.JavaPolicy"); ++ System.out.println("Policy check passed"); ++ ++ /* ++ * Configuration ++ */ ++ checkService("Configuration.JavaLoginConfig"); ++ System.out.println("Configuration check passed"); ++ ++ /* ++ * CertPathBuilder ++ */ ++ checkService("CertPathBuilder.PKIX"); ++ checkAttribute("CertPathBuilder.PKIX ValidationAlgorithm", "RFC5280"); ++ System.out.println("CertPathBuilder check passed"); ++ ++ /* ++ * CertPathValidator ++ */ ++ checkService("CertPathValidator.PKIX"); ++ checkAttribute("CertPathValidator.PKIX ValidationAlgorithm", "RFC5280"); ++ System.out.println("CertPathValidator check passed"); ++ ++ /* ++ * CertStores ++ */ ++ checkService("CertStore.LDAP"); ++ checkAttribute("CertStore.LDAP LDAPSchema", "RFC2587"); ++ checkService("CertStore.Collection"); ++ checkService("CertStore.com.sun.security.IndexedCollection"); ++ System.out.println("CertStores check passed"); ++ ++ /* ++ * KeySize ++ */ ++ checkAttribute("Signature.NONEwithDSA KeySize", "1024"); ++ checkAttribute("Signature.SHA1withDSA KeySize", "1024"); ++ checkAttribute("Signature.SHA224withDSA KeySize", "2048"); ++ checkAttribute("Signature.SHA256withDSA KeySize", "2048"); ++ ++ checkAttribute("KeyPairGenerator.DSA KeySize", "2048"); ++ checkAttribute("AlgorithmParameterGenerator.DSA KeySize", "2048"); ++ System.out.println("KeySize attribute check passed"); ++ ++ /* ++ * Implementation type: software or hardware ++ */ ++ checkAttribute("Signature.SHA1withDSA ImplementedIn", "Software"); ++ checkAttribute("KeyPairGenerator.DSA ImplementedIn", "Software"); ++ checkAttribute("MessageDigest.MD5 ImplementedIn", "Software"); ++ checkAttribute("MessageDigest.SHA ImplementedIn", "Software"); ++ checkAttribute("AlgorithmParameterGenerator.DSA ImplementedIn", "Software"); ++ checkAttribute("AlgorithmParameters.DSA ImplementedIn", "Software"); ++ checkAttribute("KeyFactory.DSA ImplementedIn", "Software"); ++ checkAttribute("SecureRandom.SHA1PRNG ImplementedIn", "Software"); ++ checkAttribute("CertificateFactory.X.509 ImplementedIn", "Software"); ++ checkAttribute("KeyStore.JKS ImplementedIn", "Software"); ++ checkAttribute("CertPathValidator.PKIX ImplementedIn", "Software"); ++ checkAttribute("CertPathBuilder.PKIX ImplementedIn", "Software"); ++ checkAttribute("CertStore.LDAP ImplementedIn", "Software"); ++ checkAttribute("CertStore.Collection ImplementedIn", "Software"); ++ checkAttribute("CertStore.com.sun.security.IndexedCollection ImplementedIn", "Software"); ++ System.out.println("Implementation type attribute check passed"); ++ return true; ++ } ++} +diff --git a/jdk/test/java/security/SecureRandom/DefaultAlgo.java b/jdk/test/java/security/SecureRandom/DefaultAlgo.java +new file mode 100644 +index 000000000..ce786f7a2 +--- /dev/null ++++ b/jdk/test/java/security/SecureRandom/DefaultAlgo.java +@@ -0,0 +1,117 @@ ++/* ++ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import static java.lang.System.out; ++import java.security.Provider; ++import java.security.Security; ++import java.security.SecureRandom; ++import java.security.Provider.Service; ++import java.util.Objects; ++import java.util.Arrays; ++import sun.security.provider.SunEntries; ++ ++/** ++ * @test ++ * @bug 8228613 ++ * @summary Ensure that the default SecureRandom algo used is based ++ * on the registration ordering, and falls to next provider ++ * if none are found ++ * @modules java.base/sun.security.provider ++ */ ++public class DefaultAlgo { ++ ++ public static void main(String[] args) throws Exception { ++ String[] algos = { "A", "B", "C" }; ++ test3rdParty(algos); ++ // reverse the order and re-check ++ String[] algosReversed = { "C", "B", "A" }; ++ test3rdParty(algosReversed); ++ } ++ ++ private static void test3rdParty(String[] algos) { ++ Provider[] provs = { ++ new SampleLegacyProvider(algos), ++ new SampleServiceProvider(algos) ++ }; ++ for (Provider p : provs) { ++ checkDefault(p, algos); ++ } ++ } ++ ++ // validate the specified SecureRandom obj to be from the specified ++ // provider and matches the specified algorithm ++ private static void validate(SecureRandom sr, String pName, String algo) { ++ if (!sr.getProvider().getName().equals(pName)) { ++ throw new RuntimeException("Failed provider check, exp: " + ++ pName + ", got " + sr.getProvider().getName()); ++ } ++ if (!sr.getAlgorithm().equals(algo)) { ++ throw new RuntimeException("Failed algo check, exp: " + ++ algo + ", got " + sr.getAlgorithm()); ++ } ++ } ++ ++ private static void checkDefault(Provider p, String ... algos) { ++ out.println(p.getName() + " with " + Arrays.toString(algos)); ++ int pos = Security.insertProviderAt(p, 1); ++ String pName = p.getName(); ++ boolean isLegacy = pName.equals("SampleLegacy"); ++ try { ++ if (isLegacy) { ++ for (String s : algos) { ++ validate(new SecureRandom(), pName, s); ++ p.remove("SecureRandom." + s); ++ out.println("removed " + s); ++ } ++ validate(new SecureRandom(), "SUN", ++ SunEntries.DEF_SECURE_RANDOM_ALGO); ++ } else { ++ validate(new SecureRandom(), pName, algos[0]); ++ } ++ out.println("=> Test Passed"); ++ } finally { ++ if (pos != -1) { ++ Security.removeProvider(p.getName()); ++ } ++ } ++ } ++ ++ private static class SampleLegacyProvider extends Provider { ++ SampleLegacyProvider(String[] listOfSupportedRNGs) { ++ super("SampleLegacy", 1.0, "test provider using legacy put"); ++ for (String s : listOfSupportedRNGs) { ++ put("SecureRandom." + s, "sun.security.provider.SecureRandom"); ++ } ++ } ++ } ++ ++ private static class SampleServiceProvider extends Provider { ++ SampleServiceProvider(String[] listOfSupportedRNGs) { ++ super("SampleService", 1.0, "test provider using putService"); ++ for (String s : listOfSupportedRNGs) { ++ putService(new Provider.Service(this, "SecureRandom", s, ++ "sun.security.provider.SecureRandom", null, null)); ++ } ++ } ++ } ++} +\ No newline at end of file +diff --git a/jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java b/jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java +new file mode 100644 +index 000000000..93cd887d6 +--- /dev/null ++++ b/jdk/test/micro/org/openeuler/bench/security/provider/GetServiceBenchmark.java +@@ -0,0 +1,83 @@ ++/* ++ * Copyright (c) 2022, Huawei Technologies Co., Ltd. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Huawei designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Huawei in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please visit https://gitee.com/openeuler/bishengjdk-8 if you need additional ++ * information or have any questions. ++ */ ++ ++/* ++ * - @TestCaseID:provider/GetServiceBenchmark.java ++ * - @TestCaseName:provider/GetServiceBenchmark.java ++ * - @TestCaseType:Performance test ++ * - @RequirementID:AR.SR.IREQ02758058.001.001 ++ * - @RequirementName:java.security.Provider.getService() is synchronized and became scalability bottleneck ++ * - @Condition:JDK8u302及以后 ++ * - @Brief:测试provider.getService的性能 ++ * -#step:创建jmh的maven项目mvn archetype:generate -DinteractiveMode=false -DarchetypeGroupId=org.openjdk.jmh -DarchetypeArtifactId=jmh-java-benchmark-archetype -DgroupId=org.openeuler.bench.security.provider -DartifactId=provider-benchmark -Dversion=1.0 ++ * -#step2:删除项目中的多余文件rm -rf provider-benchmark/src/main/java/org/openeuler/bench/security/provider/MyBenchmark.java ++ * -#step3:将本文件拷贝进项目目录cp GetServiceBenchmark.java provider-benchmark/src/main/java/org/openeuler/bench/security/provider/ ++ * -#step4:构建项目mvn install ++ * -#step5:运行测试java -jar target/benchmarks.jar GetServiceBenchmark ++ * - @Expect:正常运行 ++ * - @Priority:Level 1 ++ */ ++ ++package org.openeuler.bench.security.provider; ++ ++import com.sun.crypto.provider.SunJCE; ++ ++import org.openjdk.jmh.annotations.Benchmark; ++import org.openjdk.jmh.annotations.BenchmarkMode; ++import org.openjdk.jmh.annotations.Fork; ++import org.openjdk.jmh.annotations.Measurement; ++import org.openjdk.jmh.annotations.Mode; ++import org.openjdk.jmh.annotations.Scope; ++import org.openjdk.jmh.annotations.State; ++import org.openjdk.jmh.annotations.Threads; ++import org.openjdk.jmh.annotations.Warmup; ++ ++import java.security.Provider; ++import java.util.concurrent.TimeUnit; ++ ++/** ++ * Benchmark to test the performance of provider.getService in ++ * high concurrency scenarios. ++ * ++ * @author Henry Yang ++ * @since 2022-05-05 ++ */ ++@BenchmarkMode(Mode.Throughput) ++@Fork(1) ++@Threads(2000) ++@Warmup(iterations = 3, time = 3, timeUnit = TimeUnit.SECONDS) ++@Measurement(iterations = 5, time = 3, timeUnit = TimeUnit.SECONDS) ++@State(Scope.Benchmark) ++public class GetServiceBenchmark { ++ private Provider provider = new SunJCE(); ++ ++ @Benchmark ++ public void getService() { ++ try { ++ provider.getService("Cipher", "RSA"); ++ } catch (Exception e) { ++ e.printStackTrace(); ++ } ++ } ++} +-- +2.22.0 + diff --git a/8067941-TESTBUG-Fix-tests-for-OS-with-64K-page-size.patch b/8067941-TESTBUG-Fix-tests-for-OS-with-64K-page-size.patch new file mode 100644 index 0000000000000000000000000000000000000000..3f428476463513b57725151b82347dda7ed036e3 --- /dev/null +++ b/8067941-TESTBUG-Fix-tests-for-OS-with-64K-page-size.patch @@ -0,0 +1,170 @@ +From c97998519552b7d8287125e46a3db2f29293784f Mon Sep 17 00:00:00 2001 +From: xiezhaokun +Date: Wed, 8 Jun 2022 10:32:52 +0800 +Subject: [PATCH 08/10] 8067941: [TESTBUG] Fix tests for OS with 64K page size + +--- + hotspot/src/share/vm/memory/metaspace.cpp | 8 +++++--- + hotspot/test/compiler/6865265/StackOverflowBug.java | 2 +- + hotspot/test/compiler/8009761/Test8009761.java | 2 +- + .../exceptions/TestRecursiveReplacedException.java | 2 +- + .../compiler/uncommontrap/StackOverflowGuardPagesOff.java | 2 +- + .../compiler/uncommontrap/TestStackBangMonitorOwned.java | 2 +- + hotspot/test/compiler/uncommontrap/TestStackBangRbp.java | 2 +- + hotspot/test/gc/arguments/TestMaxHeapSizeTools.java | 2 +- + hotspot/test/gc/g1/TestHumongousAllocInitialMark.java | 4 +++- + 9 files changed, 15 insertions(+), 11 deletions(-) + +diff --git a/hotspot/src/share/vm/memory/metaspace.cpp b/hotspot/src/share/vm/memory/metaspace.cpp +index 600bcfd1..2912f41b 100644 +--- a/hotspot/src/share/vm/memory/metaspace.cpp ++++ b/hotspot/src/share/vm/memory/metaspace.cpp +@@ -3937,11 +3937,13 @@ class TestVirtualSpaceNodeTest { + assert(cm.sum_free_chunks() == 2*MediumChunk, "sizes should add up"); + } + +- { // 4 pages of VSN is committed, some is used by chunks ++ const size_t page_chunks = 4 * (size_t)os::vm_page_size() / BytesPerWord; ++ // This doesn't work for systems with vm_page_size >= 16K. ++ if (page_chunks < MediumChunk) { ++ // 4 pages of VSN is committed, some is used by chunks + ChunkManager cm(SpecializedChunk, SmallChunk, MediumChunk); + VirtualSpaceNode vsn(vsn_test_size_bytes); +- const size_t page_chunks = 4 * (size_t)os::vm_page_size() / BytesPerWord; +- assert(page_chunks < MediumChunk, "Test expects medium chunks to be at least 4*page_size"); ++ + vsn.initialize(); + vsn.expand_by(page_chunks, page_chunks); + vsn.get_chunk_vs(SmallChunk); +diff --git a/hotspot/test/compiler/6865265/StackOverflowBug.java b/hotspot/test/compiler/6865265/StackOverflowBug.java +index 295a6b41..c5d0f3b6 100644 +--- a/hotspot/test/compiler/6865265/StackOverflowBug.java ++++ b/hotspot/test/compiler/6865265/StackOverflowBug.java +@@ -28,7 +28,7 @@ + * @summary JVM crashes with "missing exception handler" error + * @author volker.simonis@sap.com + * +- * @run main/othervm -XX:CompileThreshold=100 -Xbatch -Xss248k StackOverflowBug ++ * @run main/othervm -XX:CompileThreshold=100 -Xbatch -Xss512k StackOverflowBug + */ + + +diff --git a/hotspot/test/compiler/8009761/Test8009761.java b/hotspot/test/compiler/8009761/Test8009761.java +index 401458b6..b41f49fd 100644 +--- a/hotspot/test/compiler/8009761/Test8009761.java ++++ b/hotspot/test/compiler/8009761/Test8009761.java +@@ -25,7 +25,7 @@ + * @test + * @bug 8009761 + * @summary Deoptimization on sparc doesn't set Llast_SP correctly in the interpreter frames it creates +- * @run main/othervm -XX:CompileCommand=exclude,Test8009761::m2 -XX:-UseOnStackReplacement -XX:-BackgroundCompilation -Xss256K Test8009761 ++ * @run main/othervm -XX:CompileCommand=exclude,Test8009761::m2 -XX:-UseOnStackReplacement -XX:-BackgroundCompilation -Xss512K Test8009761 + * + */ + +diff --git a/hotspot/test/compiler/exceptions/TestRecursiveReplacedException.java b/hotspot/test/compiler/exceptions/TestRecursiveReplacedException.java +index 996d82a0..950ed18c 100644 +--- a/hotspot/test/compiler/exceptions/TestRecursiveReplacedException.java ++++ b/hotspot/test/compiler/exceptions/TestRecursiveReplacedException.java +@@ -25,7 +25,7 @@ + * @test + * @bug 8054224 + * @summary Recursive method compiled by C1 is unable to catch StackOverflowError +- * @run main/othervm -Xcomp -XX:CompileOnly=Test.run -XX:+TieredCompilation -XX:TieredStopAtLevel=2 -Xss256K TestRecursiveReplacedException ++ * @run main/othervm -Xcomp -XX:CompileOnly=Test.run -XX:+TieredCompilation -XX:TieredStopAtLevel=2 -Xss512K TestRecursiveReplacedException + * + */ + +diff --git a/hotspot/test/compiler/uncommontrap/StackOverflowGuardPagesOff.java b/hotspot/test/compiler/uncommontrap/StackOverflowGuardPagesOff.java +index 4ad409bb..835283c0 100644 +--- a/hotspot/test/compiler/uncommontrap/StackOverflowGuardPagesOff.java ++++ b/hotspot/test/compiler/uncommontrap/StackOverflowGuardPagesOff.java +@@ -25,7 +25,7 @@ + * @test + * @bug 8029383 + * @summary stack overflow if callee is marked for deoptimization causes crash +- * @run main/othervm -XX:TieredStopAtLevel=1 -XX:-BackgroundCompilation -XX:CompileCommand=dontinline,StackOverflowGuardPagesOff::m1 -XX:CompileCommand=exclude,StackOverflowGuardPagesOff::m2 -Xss256K -XX:-UseOnStackReplacement StackOverflowGuardPagesOff ++ * @run main/othervm -XX:TieredStopAtLevel=1 -XX:-BackgroundCompilation -XX:CompileCommand=dontinline,StackOverflowGuardPagesOff::m1 -XX:CompileCommand=exclude,StackOverflowGuardPagesOff::m2 -Xss512K -XX:-UseOnStackReplacement StackOverflowGuardPagesOff + * + */ + +diff --git a/hotspot/test/compiler/uncommontrap/TestStackBangMonitorOwned.java b/hotspot/test/compiler/uncommontrap/TestStackBangMonitorOwned.java +index 3d93d7d5..c07a995d 100644 +--- a/hotspot/test/compiler/uncommontrap/TestStackBangMonitorOwned.java ++++ b/hotspot/test/compiler/uncommontrap/TestStackBangMonitorOwned.java +@@ -25,7 +25,7 @@ + * @test + * @bug 8032410 + * @summary Stack overflow at deoptimization doesn't release owned monitors +- * @run main/othervm -XX:-BackgroundCompilation -XX:CompileCommand=dontinline,TestStackBangMonitorOwned::m1 -XX:CompileCommand=exclude,TestStackBangMonitorOwned::m2 -Xss256K -XX:-UseOnStackReplacement TestStackBangMonitorOwned ++ * @run main/othervm -XX:-BackgroundCompilation -XX:CompileCommand=dontinline,TestStackBangMonitorOwned::m1 -XX:CompileCommand=exclude,TestStackBangMonitorOwned::m2 -Xss512K -XX:-UseOnStackReplacement TestStackBangMonitorOwned + * + */ + public class TestStackBangMonitorOwned { +diff --git a/hotspot/test/compiler/uncommontrap/TestStackBangRbp.java b/hotspot/test/compiler/uncommontrap/TestStackBangRbp.java +index 38d4e206..9b96951a 100644 +--- a/hotspot/test/compiler/uncommontrap/TestStackBangRbp.java ++++ b/hotspot/test/compiler/uncommontrap/TestStackBangRbp.java +@@ -25,7 +25,7 @@ + * @test + * @bug 8028308 + * @summary rbp not restored when stack overflow is thrown from deopt/uncommon trap blobs +- * @run main/othervm -XX:-BackgroundCompilation -XX:CompileCommand=dontinline,TestStackBangRbp::m1 -XX:CompileCommand=exclude,TestStackBangRbp::m2 -Xss256K -XX:-UseOnStackReplacement TestStackBangRbp ++ * @run main/othervm -XX:-BackgroundCompilation -XX:CompileCommand=dontinline,TestStackBangRbp::m1 -XX:CompileCommand=exclude,TestStackBangRbp::m2 -Xss512K -XX:-UseOnStackReplacement TestStackBangRbp + * + */ + public class TestStackBangRbp { +diff --git a/hotspot/test/gc/arguments/TestMaxHeapSizeTools.java b/hotspot/test/gc/arguments/TestMaxHeapSizeTools.java +index b5859b5c..99ed508d 100644 +--- a/hotspot/test/gc/arguments/TestMaxHeapSizeTools.java ++++ b/hotspot/test/gc/arguments/TestMaxHeapSizeTools.java +@@ -112,7 +112,7 @@ class TestMaxHeapSizeTools { + } + + private static void checkInvalidMinInitialHeapCombinations(String gcflag) throws Exception { +- expectError(new String[] { gcflag, "-Xms8M", "-XX:InitialHeapSize=4M", "-version" }); ++ expectError(new String[] { gcflag, "-Xms64M", "-XX:InitialHeapSize=32M", "-version" }); + } + + private static void checkValidMinInitialHeapCombinations(String gcflag) throws Exception { +diff --git a/hotspot/test/gc/g1/TestHumongousAllocInitialMark.java b/hotspot/test/gc/g1/TestHumongousAllocInitialMark.java +index 473ce666..b6e5c3d6 100644 +--- a/hotspot/test/gc/g1/TestHumongousAllocInitialMark.java ++++ b/hotspot/test/gc/g1/TestHumongousAllocInitialMark.java +@@ -31,7 +31,9 @@ + import com.oracle.java.testlibrary.*; + + public class TestHumongousAllocInitialMark { +- private static final int heapSize = 200; // MB ++ // Heap sizes < 224 MB are increased to 224 MB if vm_page_size == 64K to ++ // fulfill alignment constraints. ++ private static final int heapSize = 224; // MB + private static final int heapRegionSize = 1; // MB + private static final int initiatingHeapOccupancyPercent = 50; // % + +diff --git a/hotspot/test/runtime/6929067/invoke.c b/hotspot/test/runtime/6929067/invoke.c +index 8dde2cd6..cf8014be 100644 +--- a/hotspot/test/runtime/6929067/invoke.c ++++ b/hotspot/test/runtime/6929067/invoke.c +@@ -68,7 +68,7 @@ floobydust (void *p) + int + main (int argc, const char** argv) + { +- options[0].optionString = "-Xss320k"; ++ options[0].optionString = "-Xss512k"; + + vm_args.version = JNI_VERSION_1_2; + vm_args.ignoreUnrecognized = JNI_TRUE; +diff --git a/hotspot/test/runtime/InitialThreadOverflow/invoke.cxx b/hotspot/test/runtime/InitialThreadOverflow/invoke.cxx +index 55213c0f..2bca88f1 100644 +--- a/hotspot/test/runtime/InitialThreadOverflow/invoke.cxx ++++ b/hotspot/test/runtime/InitialThreadOverflow/invoke.cxx +@@ -48,7 +48,7 @@ floobydust (void *p) { + int + main (int argc, const char** argv) { + JavaVMOption options[1]; +- options[0].optionString = (char*) "-Xss320k"; ++ options[0].optionString = (char*) "-Xss512k"; + + JavaVMInitArgs vm_args; + vm_args.version = JNI_VERSION_1_2; diff --git a/8173339-AArch64-Fix-minimum-stack-size-computations.patch b/8173339-AArch64-Fix-minimum-stack-size-computations.patch new file mode 100644 index 0000000000000000000000000000000000000000..e9a08f8d791cdf07772146817a197850dd197bc8 --- /dev/null +++ b/8173339-AArch64-Fix-minimum-stack-size-computations.patch @@ -0,0 +1,29 @@ +From 85a351276984f56d817560db8b5b837254ec2994 Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Tue, 7 Jun 2022 20:10:03 +0800 +Subject: [PATCH 05/10] 8173339: AArch64: Fix minimum stack size computations + +Bug url: https://bugs.openjdk.java.net/browse/JDK-8173339 +--- + hotspot/src/cpu/aarch64/vm/globals_aarch64.hpp | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/hotspot/src/cpu/aarch64/vm/globals_aarch64.hpp b/hotspot/src/cpu/aarch64/vm/globals_aarch64.hpp +index 6610cc4fb..7c6b24879 100644 +--- a/hotspot/src/cpu/aarch64/vm/globals_aarch64.hpp ++++ b/hotspot/src/cpu/aarch64/vm/globals_aarch64.hpp +@@ -56,7 +56,10 @@ define_pd_global(intx, InlineFrequencyCount, 100); + define_pd_global(intx, StackYellowPages, 2); + define_pd_global(intx, StackRedPages, 1); + +-define_pd_global(intx, StackShadowPages, 4 DEBUG_ONLY(+5)); ++// Java_java_net_SocketOutputStream_socketWrite0() uses a 64k buffer on the ++// stack if compiled for unix and LP64. To pass stack overflow tests we need ++// 20 shadow pages. ++define_pd_global(intx, StackShadowPages, 20 DEBUG_ONLY(+5)); + + define_pd_global(intx, PreInflateSpin, 10); + +-- +2.22.0 + diff --git a/8194154.patch b/8194154.patch index 0adbad3e0f5aa4cf01e72b87e0f1957539147602..c5589c8d7e36aea78f5b736b9b4c879ca3f377d6 100644 --- a/8194154.patch +++ b/8194154.patch @@ -18,7 +18,7 @@ index fb0fef636..a6ef2d3a6 100644 +++ b/jdk/src/solaris/classes/java/io/UnixFileSystem.java @@ -1,5 +1,5 @@ /* -- * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * @@ -59,7 +59,7 @@ index caa47f80c..1844a662a 100644 +++ b/jdk/src/windows/classes/java/io/WinNTFileSystem.java @@ -1,5 +1,5 @@ /* -- * Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved. +- * Copyright (c) 2001, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * @@ -70,8 +70,8 @@ index caa47f80c..1844a662a 100644 private final char semicolon; + private final String userDir; - public WinNTFileSystem() { - slash = AccessController.doPrivileged( + // Whether to enable alternative data streams (ADS) by suppressing + // checking the path for invalid characters, in particular ":". @@ -47,6 +48,8 @@ class WinNTFileSystem extends FileSystem { semicolon = AccessController.doPrivileged( new GetPropertyAction("path.separator")).charAt(0); diff --git a/8268819-SA-Remove-libthread_db-dependency-on-Linux.patch b/8268819-SA-Remove-libthread_db-dependency-on-Linux.patch index 77849a111712c40620012c1e4fca2ec31eafca85..2cb61f57d04001bc03d00bcdde983d44da21ecd9 100644 --- a/8268819-SA-Remove-libthread_db-dependency-on-Linux.patch +++ b/8268819-SA-Remove-libthread_db-dependency-on-Linux.patch @@ -3,11 +3,6 @@ From: d30023828 Date: Wed, 9 Feb 2022 18:32:05 +0800 Subject: [PATCH 3/8] 8268819: SA: Remove libthread_db dependency on Linux -DTS/AR: DTS2022020914784 -Summary:hotspot:SA: Remove libthread_db dependency on Linux -LLT:NA -Patch Type:backport -Bug url:https://bugs.openjdk.java.net/browse/JDK-8268819 --- .../agent/src/os/linux/LinuxDebuggerLocal.c | 3 +- hotspot/agent/src/os/linux/Makefile | 6 +- diff --git a/Fix-compile-and-runtime-failures-for-minimal1-versio.patch b/Fix-compile-and-runtime-failures-for-minimal1-versio.patch new file mode 100644 index 0000000000000000000000000000000000000000..0cdb49e5e6882372094b8bf3eed7d204a90150f6 --- /dev/null +++ b/Fix-compile-and-runtime-failures-for-minimal1-versio.patch @@ -0,0 +1,211 @@ +From d915916d5a7f3280270ea4207e4d3892ffa7de04 Mon Sep 17 00:00:00 2001 +Date: Mon, 11 Apr 2022 17:14:06 +0800 +Subject: [PATCH] Fix compile and runtime failures for minimal1 version + +Reference: NA +Summary: < JDK> : Fix compile and runtime failures for minimal1 version +--- + .../src/share/vm/classfile/systemDictionary.cpp | 30 ++++++++++------------ + .../parallelScavenge/psMarkSweep.hpp | 2 +- + hotspot/src/share/vm/prims/jvm.cpp | 12 +++++++++ + hotspot/src/share/vm/prims/jvmtiImpl.hpp | 8 +++--- + hotspot/src/share/vm/runtime/memprofiler.cpp | 2 +- + hotspot/src/share/vm/utilities/taskqueue.cpp | 2 ++ + hotspot/src/share/vm/utilities/taskqueue.hpp | 4 +-- + .../com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.c | 1 - + 8 files changed, 36 insertions(+), 25 deletions(-) + +diff --git a/hotspot/src/share/vm/classfile/systemDictionary.cpp b/hotspot/src/share/vm/classfile/systemDictionary.cpp +index 0d11abfa..794ee9b1 100644 +--- a/hotspot/src/share/vm/classfile/systemDictionary.cpp ++++ b/hotspot/src/share/vm/classfile/systemDictionary.cpp +@@ -1093,19 +1093,6 @@ Klass* SystemDictionary::parse_stream(Symbol* class_name, + return k(); + } + +-static char* convert_into_package_name(char* name) { +- char* index = strrchr(name, '/'); +- if (index == NULL) { +- return NULL; +- } else { +- *index = '\0'; // chop to just the package name +- while ((index = strchr(name, '/')) != NULL) { +- *index = '.'; // replace '/' with '.' in package name +- } +- return name; +- } +-} +- + static bool is_prohibited_package_slow(Symbol* class_name) { + // Caller has ResourceMark + int length; +@@ -1252,6 +1239,18 @@ void SystemDictionary::set_shared_dictionary(HashtableBucket* t, int le + _shared_dictionary = new Dictionary(_nof_buckets, t, number_of_entries); + } + ++static char* convert_into_package_name(char* name) { ++ char* index = strrchr(name, '/'); ++ if (index == NULL) { ++ return NULL; ++ } else { ++ *index = '\0'; // chop to just the package name ++ while ((index = strchr(name, '/')) != NULL) { ++ *index = '.'; // replace '/' with '.' in package name ++ } ++ return name; ++ } ++} + + // If there is a shared dictionary, then find the entry for the + // given shared system class, if any. +@@ -1267,7 +1266,6 @@ Klass* SystemDictionary::find_shared_class(Symbol* class_name) { + } + } + +- + // Load a class from the shared spaces (found through the shared system + // dictionary). Force the superclass and all interfaces to be loaded. + // Update the class definition to include sibling classes and no +diff --git a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psMarkSweep.hpp b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psMarkSweep.hpp +index 01666ea4d..deeca7bb5 100644 +--- a/hotspot/src/share/vm/gc_implementation/parallelScavenge/psMarkSweep.hpp ++++ b/hotspot/src/share/vm/gc_implementation/parallelScavenge/psMarkSweep.hpp +@@ -77,7 +77,7 @@ class PSMarkSweep : public MarkSweep { + + // Reset time since last full gc + static void reset_millis_since_last_gc(); +- static void ps_marksweep_init(); ++ static void ps_marksweep_init() NOT_ALL_GCS_RETURN; + + public: + static inline PSMarkSweep* the_ps_mark() { return (PSMarkSweep*)_the_ps_mark; } +diff --git a/hotspot/src/share/vm/prims/jvm.cpp b/hotspot/src/share/vm/prims/jvm.cpp +index c27a534ef..f75501dba 100644 +--- a/hotspot/src/share/vm/prims/jvm.cpp ++++ b/hotspot/src/share/vm/prims/jvm.cpp +@@ -3303,20 +3303,32 @@ JVM_END + + JVM_ENTRY(void, JVM_AdaptiveHeapSetG1PeriodicGCInterval(JNIEnv *env, jclass klass, jint interval)) + JVMWrapper("JVM_AdaptiveHeapSetG1PeriodicGCInterval"); ++#if INCLUDE_ALL_GCS + G1PeriodicGCInterval = interval; ++#endif + JVM_END + JVM_ENTRY(jint, JVM_AdaptiveHeapGetG1PeriodicGCInterval(JNIEnv *env, jclass klass)) + JVMWrapper("JVM_AdaptiveHeapGetG1PeriodicGCInterval"); ++#if INCLUDE_ALL_GCS + return G1PeriodicGCInterval; ++#else ++ return -1; ++#endif + JVM_END + + JVM_ENTRY(void, JVM_AdaptiveHeapSetG1PeriodicGCLoadThreshold(JNIEnv *env, jclass clazz, jint loadThreshold)) + JVMWrapper("JVM_AdaptiveHeapSetG1PeriodicGCLoadThreshold"); ++#if INCLUDE_ALL_GCS + G1PeriodicGCLoadThreshold = loadThreshold; ++#endif + JVM_END + JVM_ENTRY(jint, JVM_AdaptiveHeapGetG1PeriodicGCLoadThreshold(JNIEnv *env, jclass clazz)) + JVMWrapper("JVM_AdaptiveHeapgetG1PeriodicGCLoadThreshold"); ++#if INCLUDE_ALL_GCS + return G1PeriodicGCLoadThreshold; ++#else ++ return -1; ++#endif + JVM_END + + JVM_ENTRY(void, JVM_Yield(JNIEnv *env, jclass threadClass)) +diff --git a/hotspot/src/share/vm/prims/jvmtiImpl.hpp b/hotspot/src/share/vm/prims/jvmtiImpl.hpp +index d74789451..ec721ca20 100644 +--- a/hotspot/src/share/vm/prims/jvmtiImpl.hpp ++++ b/hotspot/src/share/vm/prims/jvmtiImpl.hpp +@@ -493,9 +493,9 @@ class JvmtiDeferredEvent VALUE_OBJ_CLASS_SPEC { + // Actually posts the event. + void post() NOT_JVMTI_RETURN; + // Sweeper support to keep nmethods from being zombied while in the queue. +- void nmethods_do(CodeBlobClosure* cf); ++ void nmethods_do(CodeBlobClosure* cf) NOT_JVMTI_RETURN; + // GC support to keep nmethod from being unloaded while in the queue. +- void oops_do(OopClosure* f, CodeBlobClosure* cf); ++ void oops_do(OopClosure* f, CodeBlobClosure* cf) NOT_JVMTI_RETURN; + }; + + /** +@@ -534,9 +534,9 @@ class JvmtiDeferredEventQueue : AllStatic { + static void enqueue(const JvmtiDeferredEvent& event) NOT_JVMTI_RETURN; + static JvmtiDeferredEvent dequeue() NOT_JVMTI_RETURN_(JvmtiDeferredEvent()); + // Sweeper support to keep nmethods from being zombied while in the queue. +- static void nmethods_do(CodeBlobClosure* cf); ++ static void nmethods_do(CodeBlobClosure* cf) NOT_JVMTI_RETURN; + // GC support to keep nmethod from being unloaded while in the queue. +- static void oops_do(OopClosure* f, CodeBlobClosure* cf); ++ static void oops_do(OopClosure* f, CodeBlobClosure* cf) NOT_JVMTI_RETURN; + + // Used to enqueue events without using a lock, for times (such as during + // safepoint) when we can't or don't want to lock the Service_lock. +diff --git a/hotspot/src/share/vm/runtime/memprofiler.cpp b/hotspot/src/share/vm/runtime/memprofiler.cpp +index ddb22601f..a956c5252 100644 +--- a/hotspot/src/share/vm/runtime/memprofiler.cpp ++++ b/hotspot/src/share/vm/runtime/memprofiler.cpp +@@ -126,7 +126,7 @@ void MemProfiler::do_trace() { + + fprintf(_log_fp, UINTX_FORMAT_W(6) ",", CodeCache::capacity() / K); + +- fprintf(_log_fp, UINTX_FORMAT_W(6) "," UINTX_FORMAT_W(6) "," UINTX_FORMAT_W(6) "\n", ++ fprintf(_log_fp, UINTX_FORMAT_W(6) "," UINTX_FORMAT_W(6) ",%6ld\n", + handles_memory_usage / K, + resource_memory_usage / K, + 0L); +diff --git a/hotspot/src/share/vm/utilities/taskqueue.cpp b/hotspot/src/share/vm/utilities/taskqueue.cpp +index 120c65a60..7c6849c63 100644 +--- a/hotspot/src/share/vm/utilities/taskqueue.cpp ++++ b/hotspot/src/share/vm/utilities/taskqueue.cpp +@@ -273,10 +273,12 @@ void ParallelTaskTerminator::reset_for_reuse(int n_threads) { + _n_threads = n_threads; + } + ++#if INCLUDE_ALL_GCS + TaskTerminator::TaskTerminator(uint n_threads, TaskQueueSetSuper* queue_set) : + _terminator(UseOWSTTaskTerminator ? new OWSTTaskTerminator(n_threads, queue_set) + : new ParallelTaskTerminator(n_threads, queue_set)) { + } ++#endif + + TaskTerminator::~TaskTerminator() { + if (_terminator != NULL) { +diff --git a/hotspot/src/share/vm/utilities/taskqueue.hpp b/hotspot/src/share/vm/utilities/taskqueue.hpp +index 959d0dd21..284675708 100644 +--- a/hotspot/src/share/vm/utilities/taskqueue.hpp ++++ b/hotspot/src/share/vm/utilities/taskqueue.hpp +@@ -763,7 +763,7 @@ private: + TaskTerminator(const TaskTerminator& o) { } + TaskTerminator& operator=(TaskTerminator& o) { return *this; } + public: +- TaskTerminator(uint n_threads, TaskQueueSetSuper* queue_set); ++ TaskTerminator(uint n_threads, TaskQueueSetSuper* queue_set) NOT_ALL_GCS_RETURN; + ~TaskTerminator(); + + // Move assignment +@@ -929,4 +929,4 @@ typedef OverflowTaskQueue RegionTaskQueue; + typedef GenericTaskQueueSet RegionTaskQueueSet; + + +-#endif // SHARE_VM_UTILITIES_TASKQUEUE_HPP +\ No newline at end of file ++#endif // SHARE_VM_UTILITIES_TASKQUEUE_HPP +diff --git a/jdk/src/share/native/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.c b/jdk/src/share/native/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.c +index 99bfff885..0e365d7aa 100644 +--- a/jdk/src/share/native/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.c ++++ b/jdk/src/share/native/com/huawei/jvm/gc/AdaptiveHeapMXBeanImpl.c +@@ -31,7 +31,6 @@ static JNINativeMethod methods[] = { + {"getG1PeriodicGCIntervalImpl", "()I", (void *)&JVM_AdaptiveHeapGetG1PeriodicGCInterval}, + {"setG1PeriodicGCLoadThresholdImpl", "(I)V", (void *)&JVM_AdaptiveHeapSetG1PeriodicGCLoadThreshold}, + {"getG1PeriodicGCLoadThresholdImpl", "()I", (void *)&JVM_AdaptiveHeapGetG1PeriodicGCLoadThreshold}, +- + }; + + JNIEXPORT void JNICALL +-- +2.12.3 + diff --git a/add-missing-test-case.patch b/add-missing-test-case.patch index e432247c8161497406d216d9d8cf56f375419caf..d17f6cacfb0e60c2a784c63146be16169422a765 100644 --- a/add-missing-test-case.patch +++ b/add-missing-test-case.patch @@ -125,7 +125,7 @@ index 00000000..9b614024 --- /dev/null +++ b/version.txt @@ -0,0 +1 @@ -+8.292.8.0.13 ++8.332.9.0.13 -- 2.23.0 diff --git a/change-sa-jdi.jar-make-file-for-BEP.PATCH b/change-sa-jdi.jar-make-file-for-BEP.PATCH new file mode 100644 index 0000000000000000000000000000000000000000..21db586a7f5c20349f465230df7a43b40cd33bf0 --- /dev/null +++ b/change-sa-jdi.jar-make-file-for-BEP.PATCH @@ -0,0 +1,38 @@ +From 980b919fde4e1353a9ff989fb78031a48d395ec0 Mon Sep 17 00:00:00 2001 +From: zhangyipeng +Date: Fri, 6 May 2022 15:23:26 +0800 +Subject: [PATCH 02/10] change sa-jdi.jar make file for BEP + +--- + hotspot/make/linux/makefiles/sa.make | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/hotspot/make/linux/makefiles/sa.make b/hotspot/make/linux/makefiles/sa.make +index cdcb16a1a..6388d95c9 100644 +--- a/hotspot/make/linux/makefiles/sa.make ++++ b/hotspot/make/linux/makefiles/sa.make +@@ -50,6 +50,7 @@ SA_CLASSPATH = $(BOOT_JAVA_HOME)/lib/tools.jar + MODULELIB_PATH= $(BOOT_JAVA_HOME)/lib/modules + + AGENT_FILES_LIST := $(GENERATED)/agent.classes.list ++SA_CLASSDIR_JAR_CONTENTS := $(GENERATED)/sa.jar_contents + + SA_CLASSDIR = $(GENERATED)/saclasses + +@@ -104,8 +105,11 @@ $(GENERATED)/sa-jdi.jar:: $(AGENT_FILES) + $(QUIETLY) rm -f $(SA_CLASSDIR)/sun/jvm/hotspot/ui/resources/* + $(QUIETLY) cp $(AGENT_SRC_DIR)/sun/jvm/hotspot/ui/resources/*.png $(SA_CLASSDIR)/sun/jvm/hotspot/ui/resources/ + $(QUIETLY) cp -r $(AGENT_SRC_DIR)/images/* $(SA_CLASSDIR)/ +- $(QUIETLY) $(REMOTE) $(RUN.JAR) cf $@ -C $(SA_CLASSDIR)/ . +- $(QUIETLY) $(REMOTE) $(RUN.JAR) uf $@ -C $(AGENT_SRC_DIR) META-INF/services/com.sun.jdi.connect.Connector ++ $(QUIETLY) rm -f $(SA_CLASSDIR_JAR_CONTENTS) && touch $(SA_CLASSDIR_JAR_CONTENTS) ++ $(QUIETLY) find $(SA_CLASSDIR) -type f | sed 's|$(SA_CLASSDIR)/||g' >> $(SA_CLASSDIR_JAR_CONTENTS) ++ $(QUIETLY) cd $(AGENT_SRC_DIR) && $(REMOTE) $(RUN.JAR) cf $@ META-INF/services/com.sun.jdi.connect.Connector ++ $(QUIETLY) cd $(SA_CLASSDIR) && $(REMOTE) $(RUN.JAR) uf $@ @$(SA_CLASSDIR_JAR_CONTENTS) ++ $(QUIETLY) cd $(TOPDIR) + $(QUIETLY) $(REMOTE) $(RUN.JAVAH) -classpath $(SA_CLASSDIR) -d $(GENERATED) -jni sun.jvm.hotspot.debugger.x86.X86ThreadContext + $(QUIETLY) $(REMOTE) $(RUN.JAVAH) -classpath $(SA_CLASSDIR) -d $(GENERATED) -jni sun.jvm.hotspot.debugger.amd64.AMD64ThreadContext + $(QUIETLY) $(REMOTE) $(RUN.JAVAH) -classpath $(SA_CLASSDIR) -d $(GENERATED) -jni sun.jvm.hotspot.debugger.aarch64.AARCH64ThreadContext +-- +2.22.0 + diff --git a/fix-make-bugs-when-git-and-hg-not-exist.patch b/fix-make-bugs-when-git-and-hg-not-exist.patch new file mode 100644 index 0000000000000000000000000000000000000000..61c8892b3057da8b981e6044c40ba6bafc2f17b1 --- /dev/null +++ b/fix-make-bugs-when-git-and-hg-not-exist.patch @@ -0,0 +1,27 @@ +From a447db8644fe785db481a425fe3efa62cb11122f Mon Sep 17 00:00:00 2001 +Date: Mon, 25 Apr 2022 17:12:39 +0800 +Subject: [PATCH] Fix make bugs when git and hg not exist + +--- + make/common/MakeBase.gmk | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/make/common/MakeBase.gmk b/make/common/MakeBase.gmk +index 2ba3d04..c97a42a 100644 +--- a/make/common/MakeBase.gmk ++++ b/make/common/MakeBase.gmk +@@ -318,9 +318,9 @@ SCM_TIP_FILECMD := $(PRINTF) "$(SCM):%s" \ + # Emit the scm:id pair to $@ + define GetSourceTips + $(CD) $(SRC_ROOT) ; \ +- if [ -d $(SCM_DIR) -a "$(SCM_VERSION)" != "" ] ; then \ ++ if [ -d "$(SCM_DIR)" -a "$(SCM_VERSION)" != "" ] ; then \ + $(ID_COMMAND) >> $@ ; \ +- elif [ -f $(SCM_TIP_FILENAME) ] ; then \ ++ elif [ -f "$(SCM_TIP_FILENAME)" ] ; then \ + $(SCM_TIP_FILECMD) >> $@ ; \ + fi; + $(PRINTF) "\n" >> $@ +-- +1.8.3.1 + diff --git a/fix_X509TrustManagerImpl_symantec_distrust.patch b/fix_X509TrustManagerImpl_symantec_distrust.patch new file mode 100644 index 0000000000000000000000000000000000000000..5ff273d601590b1792daf6e352851a4fb7718929 --- /dev/null +++ b/fix_X509TrustManagerImpl_symantec_distrust.patch @@ -0,0 +1,77 @@ +diff --git a/jdk/make/data/cacerts/geotrustglobalca b/jdk/make/data/cacerts/geotrustglobalca +new file mode 100644 +index 000000000..7f8bf9a66 +--- /dev/null ++++ b/jdk/make/data/cacerts/geotrustglobalca +@@ -0,0 +1,27 @@ ++Owner: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US ++Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US ++Serial number: 23456 ++Valid from: Tue May 21 04:00:00 GMT 2002 until: Sat May 21 04:00:00 GMT 2022 ++Signature algorithm name: SHA1withRSA ++Subject Public Key Algorithm: 2048-bit RSA key ++Version: 3 ++-----BEGIN CERTIFICATE----- ++MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT ++MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i ++YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG ++EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg ++R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 ++9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq ++fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv ++iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU ++1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ ++bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW ++MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA ++ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l ++uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn ++Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS ++tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF ++PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un ++hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV ++5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== ++-----END CERTIFICATE----- +diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +index 54e1bfa0d..c1423dc5b 100644 +--- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java ++++ b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java +@@ -53,12 +53,12 @@ public class VerifyCACerts { + + File.separator + "security" + File.separator + "cacerts"; + + // The numbers of certs now. +- private static final int COUNT = 83; ++ private static final int COUNT = 84; + + // SHA-256 of cacerts, can be generated with + // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 + private static final String CHECKSUM +- = "2D:04:88:6C:52:53:54:EB:38:2D:BC:E0:AF:B7:82:F4:9E:32:A8:1A:1B:A3:AE:CF:25:CB:C2:F6:0F:4E:E1:20"; ++ = "D3:05:21:64:FA:D7:CD:29:E8:CB:57:E7:47:ED:79:9B:47:D8:0E:75:2D:CA:83:BB:86:AF:D9:43:FD:3E:17:85"; + + // map of cert alias to SHA-256 fingerprint + @SuppressWarnings("serial") +@@ -111,7 +111,9 @@ public class VerifyCACerts { + "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2"); + put("digicerthighassuranceevrootca [jdk]", + "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF"); +- put("geotrustprimaryca [jdk]", ++ put("geotrustglobalca [jdk]", ++ "FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A"); ++ put("geotrustprimaryca [jdk]", + "37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C"); + put("geotrustprimarycag2 [jdk]", + "5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66"); +@@ -237,7 +239,12 @@ public class VerifyCACerts { + // Exception list to 90 days expiry policy + // No error will be reported if certificate in this list expires + @SuppressWarnings("serial") +- private static final HashSet EXPIRY_EXC_ENTRIES = new HashSet(); ++ private static final HashSet EXPIRY_EXC_ENTRIES = new HashSet() { ++ { ++ // Valid until: Sat May 21 04:00:00 GMT 2022 ++ add("geotrustglobalca [jdk]"); ++ } ++ }; + + // Ninety days in milliseconds + private static final long NINETY_DAYS = 7776000000L; diff --git a/jdk8u-jdk8u322-b06.tar.xz b/jdk8u-jdk8u332-b09.tar.xz similarity index 82% rename from jdk8u-jdk8u322-b06.tar.xz rename to jdk8u-jdk8u332-b09.tar.xz index 03b30c0cf15b36aef487601269528822ff5cba98..3e51ad8d51c90c7bbb1e5a5c5ecde2c6fc35aef5 100644 Binary files a/jdk8u-jdk8u322-b06.tar.xz and b/jdk8u-jdk8u332-b09.tar.xz differ diff --git a/openjdk-1.8.0.spec b/openjdk-1.8.0.spec index 6571b1a8bf966fa415faea07576e142d0d23b6eb..cfef13a06acd9b31cdafd86571dd7e00534b9c42 100644 --- a/openjdk-1.8.0.spec +++ b/openjdk-1.8.0.spec @@ -146,13 +146,13 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global repo jdk8u -%global revision jdk8u322-b06 +%global revision jdk8u332-b09 %global full_revision %{repo}-%{revision} # Define IcedTea version used for SystemTap tapsets and desktop files %global icedteaver 3.15.0 -%global updatever 322 -%global buildver b06 +%global updatever 332 +%global buildver b09 # priority must be 7 digits in total. The expression is workarounding tip %global priority 1800%{updatever} @@ -820,7 +820,7 @@ Requires: nss-softokn%{?_isa} %{NSSSOFTOKN_BUILDTIME_VERSION} # tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it, # not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be # considered as regression -Requires: copy-jdk-configs >= 3.3 +Requires: copy-jdk-configs >= 3.9 OrderWithRequires: copy-jdk-configs # for printing support Requires: cups-libs @@ -916,7 +916,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} -Release: 4 +Release: 6 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1030,8 +1030,6 @@ Patch115: 8243670.patch Patch118: Fix-LineBuffer-vappend-when-buffer-too-small.patch Patch121: Remove-unused-GenericTaskQueueSet-T-F-tasks.patch Patch122: optimize-jmap-F-dump-xxx.patch -Patch123: recreate-.java_pid-file-when-deleted-for-attach-mechanism.patch -Patch124: Support-Git-commit-ID-in-the-SOURCE-field-of-the-release.patch Patch125: Extend-CDS-to-support-app-class-metadata-sharing.patch Patch127: add-DumpSharedSpace-guarantee-when-create-anonymous-classes.patch @@ -1099,13 +1097,11 @@ Patch202: Fix-RSACipher-memory-usage.patch Patch203: fix-lock-ordering-issue-when-calling-JVMTI-GetLoaded.patch Patch204: 8069191.patch Patch205: fix_g1uncommit_ygc_expand_crash.patch -Patch206: 8167014-jdeps-failed-with-Missing-message-warn-skippen-entry.patch Patch207: fix_bug_in_keypairgenerator.patch Patch208: C1-assert-is_virtual-failed-type-check.patch Patch209: 8197387-Run-the-jcmd-tool-as-the-root-user-to-access.patch Patch210: create-jfr-dump-file-with-pid-or-timestamp-if-specif.patch Patch212: enhance-the-TimeZone-s-path-solution-on-Euler.patch -Patch213: fix-wrong-commitID-in-release-file.patch Patch214: fix-appcds-s-option-AppCDSLockFile.patch Patch215: PS-introduce-UsePSRelaxedForwardee-to-enable-using-r.patch Patch216: Parallel-Full-GC-for-G1.patch @@ -1136,6 +1132,15 @@ Patch239: print-fd-and-file-path-when-a-zip-invalid-loc-header.patch Patch240: 8207011-Remove-uses-of-the-register-storage-class-specifier.patch Patch241: 8268819-SA-Remove-libthread_db-dependency-on-Linux.patch +# 8u332 +Patch242: fix-make-bugs-when-git-and-hg-not-exist.patch +Patch243: Fix-compile-and-runtime-failures-for-minimal1-versio.patch +Patch244: fix_X509TrustManagerImpl_symantec_distrust.patch +Patch245: change-sa-jdi.jar-make-file-for-BEP.PATCH +Patch246: 7092821-java.security.Provider.getService-is-synchro.patch +Patch247: 8173339-AArch64-Fix-minimum-stack-size-computations.patch +Patch248: 8067941-TESTBUG-Fix-tests-for-OS-with-64K-page-size.patch + ############################################# # # Upstreamable patches @@ -1522,8 +1527,6 @@ pushd %{top_level_dir_name} %patch118 -p1 %patch121 -p1 %patch122 -p1 -%patch123 -p1 -%patch124 -p1 %patch125 -p1 %patch127 -p1 %patch133 -p1 @@ -1582,13 +1585,11 @@ pushd %{top_level_dir_name} %patch203 -p1 %patch204 -p1 %patch205 -p1 -%patch206 -p1 %patch207 -p1 %patch208 -p1 %patch209 -p1 %patch210 -p1 %patch212 -p1 -%patch213 -p1 %patch214 -p1 %patch215 -p1 %patch216 -p1 @@ -1614,6 +1615,13 @@ pushd %{top_level_dir_name} %patch239 -p1 %patch240 -p1 %patch241 -p1 +%patch242 -p1 +%patch243 -p1 +%patch244 -p1 +%patch245 -p1 +%patch246 -p1 +%patch247 -p1 +%patch248 -p1 popd # System library fixes @@ -2064,7 +2072,13 @@ done -- whether copy-jdk-configs is installed or not. If so, then configs are copied -- (copy_jdk_configs from %%{_libexecdir} used) or not copied at all local posix = require "posix" -local debug = false + +if (os.getenv("debug") == "true") then + debug = true; + print("cjc: in spec debug is on") +else + debug = false; +end SOURCE1 = "%{rpm_state_dir}/copy_jdk_configs.lua" SOURCE2 = "%{_libexecdir}/copy_jdk_configs.lua" @@ -2093,8 +2107,9 @@ else end end -- run content of included file with fake args +cjc = require "copy_jdk_configs.lua" arg = {"--currentjvm", "%{uniquesuffix %{nil}}", "--jvmdir", "%{_jvmdir %{nil}}", "--origname", "%{name}", "--origjavaver", "%{javaver}", "--arch", "%{_arch}", "--temp", "%{rpm_state_dir}/%{name}.%{_arch}"} -require "copy_jdk_configs.lua" +cjc.mainProgram(arg) %post %{post_script %{nil}} @@ -2231,10 +2246,38 @@ require "copy_jdk_configs.lua" %endif %changelog +* Mon Jul 4 2022 kuenking111 - 1:1.8.0.332-b09.6 +- add 8067941-TESTBUG-Fix-tests-for-OS-with-64K-page-size.patch + +* Mon Jul 4 2022 kuenking111 - 1:1.8.0.332-b09.5 +- add 8173339-AArch64-Fix-minimum-stack-size-computations.patch + +* Mon Jul 4 2022 kuenking111 - 1:1.8.0.332-b09.4 +- add 7092821-java.security.Provider.getService-is-synchro.patch + +* Fri Jun 30 2022 kuenking111 - 1:1.8.0.332-b09.3 +- add change-sa-jdi.jar-make-file-for-BEP.PATCH + +* Thu Apr 28 2022 kuenking111 - 1:1.8.0.332-b09.2 +- add fix_X509TrustManagerImpl_symantec_distrust.patch + +* Wed Apr 27 2022 kuenking111 - 1:1.8.0.332-b09.1 +- add Fix-compile-and-runtime-failures-for-minimal1-versio.patch + +* Wed Apr 27 2022 kuenking111 - 1:1.8.0.332-b09.0 +- deleted Support-Git-commit-ID-in-the-SOURCE-field-of-the-release.patch +- deleted 8167014-jdeps-failed-with-Missing-message-warn-skippen-entry.patch +- deleted fix-wrong-commitID-in-release-file.patch +- deleted recreate-.java_pid-file-when-deleted-for-attach-mechanism.patch +- modified update-cacerts-and-VerifyCACerts.java-test.patch +- modified 8194154.patch +- modified add-missing-test-case.patch +- add fix-make-bugs-when-git-and-hg-not-exist.patch + * Wed Mar 2 2022 kuenking111 - 1:1.8.0.322-b06.4 - add 8268819-SA-Remove-libthread_db-dependency-on-Linux.patch -* Thu Mar 1 2022 kuenking111 - 1:1.8.0.322-b06.3 +* Tue Mar 1 2022 kuenking111 - 1:1.8.0.322-b06.3 - modified 8233280-Remove-GCLockerInvokesConcurrent-relative-logic-for-G1.patch * Wed Feb 16 2022 kuenking111 - 1:1.8.0.322-b06.2 @@ -2262,6 +2305,8 @@ require "copy_jdk_configs.lua" - deleted Delete-expired-certificate-globalsignr2ca.patch - deleted inline-optimize-for-aarch64.patch +* Wed Jan 05 2021 noah - 1:1.8.0.312-b07.11 +- adapted to newst cjc to fix issue with rpm 4.17 * Tue Dec 21 2021 kuenking111 - 1:1.8.0.312-b07.10 - delete stack protection @@ -2293,7 +2338,7 @@ require "copy_jdk_configs.lua" * Tue Nov 23 2021 lijingwei - 1:1.8.0.312-b07.1 - correct spec file release number typo -* Mon Nov 11 2021 kuenking111 - 1:1.8.0.312-b07.0 +* Mon Nov 1 2021 kuenking111 - 1:1.8.0.312-b07.0 - update to 8u312-b07(ga) - delete 8194246.patch - delete 8214418-half-closed-SSLEngine-status-may-cause-appli.patch @@ -2349,10 +2394,10 @@ require "copy_jdk_configs.lua" - delete fix-crash-in-JVMTI-debug.patch - other adaptations to jdk8u302 -* Thu Jul 12 2021 noah - 1:1.8.0.292-b10.19 +* Mon Jul 12 2021 noah - 1:1.8.0.292-b10.19 - add Fix-RSACipher-memory-usage.patch -* Thu Jul 12 2021 kuenking111 - 1:1.8.0.292-b10.18 +* Mon Jul 12 2021 kuenking111 - 1:1.8.0.292-b10.18 - fix run SPECjvm2008 failed on 32 bit system * Thu Jul 8 2021 noah - 1:1.8.0.292-b10.17 @@ -2376,7 +2421,7 @@ require "copy_jdk_configs.lua" * Sat Jun 12 2021 kuenking111 - 1:1.8.0.292-b10.11 - add g1gc-numa-aware-Implementation.patch -* Wed Jun 10 2021 hu_bo_dao - 1:1.8.0.292-b10.10 +* Fri Jun 11 2021 hu_bo_dao - 1:1.8.0.292-b10.10 - add support_CMS_parallel_inspection.patch * Wed Jun 9 2021 noah - 1:1.8.0.292-b10.9 @@ -2397,13 +2442,13 @@ require "copy_jdk_configs.lua" * Thu May 27 2021 kuenking111 - 1:1.8.0.292-b10.4 - add 8264640.patch -* Fri May 20 2021 kuenking111 - 1:1.8.0.292-b10.3 +* Fri May 21 2021 kuenking111 - 1:1.8.0.292-b10.3 - add 8266929_huawei_add_oid_mapping_common_sig_types.patch -* Fri May 20 2021 kuenking111 - 1:1.8.0.292-b10.2 +* Fri May 21 2021 kuenking111 - 1:1.8.0.292-b10.2 - add 8266187_Memory_leak_in_appendBootClassPath.patch -* Fri May 20 2021 kuenking111 - 1:1.8.0.292-b10.1 +* Fri May 21 2021 kuenking111 - 1:1.8.0.292-b10.1 - add 8247691_incorrect_handling_of_VM_exceptions_in_C1_deopt_stub.patch * Tue May 18 2021 eapen - 1:1.8.0.292-b10.0 diff --git a/update-cacerts-and-VerifyCACerts.java-test.patch b/update-cacerts-and-VerifyCACerts.java-test.patch index e98895573d7f24ac1232bb22c368420624372274..424d2f552982a1c075673ec11a2466a51f457c0e 100644 --- a/update-cacerts-and-VerifyCACerts.java-test.patch +++ b/update-cacerts-and-VerifyCACerts.java-test.patch @@ -3,6 +3,8 @@ From: zhangyipeng Date: Tue, 20 Apr 2021 10:40:35 +0800 Subject: [PATCH] [Huawei]update cacerts and VerifyCACerts.java test +Offering: Cloud Compiler JDK + Signed-off-by: Wang Kun --- jdk/make/data/cacerts/addtrustexternalca | 32 ----------------- @@ -10,6 +12,7 @@ Signed-off-by: Wang Kun jdk/make/data/cacerts/luxtrustglobalrootca | 28 --------------- jdk/make/data/cacerts/quovadisrootca | 41 ---------------------- jdk/make/data/cacerts/utnuserfirstobjectca | 33 ----------------- + jdk/make/data/cacerts/geotrustglobalca | 27 ------------------- .../sun/security/lib/cacerts/VerifyCACerts.java | 29 ++------------------- 8 files changed, 3 insertions(+), 192 deletions(-) delete mode 100644 jdk/make/data/cacerts/addtrustexternalca @@ -19,6 +22,7 @@ Signed-off-by: Wang Kun delete mode 100644 jdk/make/data/cacerts/thawtepremiumserverca delete mode 100644 jdk/make/data/cacerts/utnuserfirstobjectca delete mode 100644 jdk/make/data/cacerts/verisigntsaca + delete mode 100644 jdk/make/data/cacerts/geotrustglobalca diff --git a/jdk/make/data/cacerts/addtrustexternalca b/jdk/make/data/cacerts/addtrustexternalca deleted file mode 100644 @@ -216,6 +220,39 @@ index 80a0b5c..0000000 -81OtbLUrohKqGU8J2l7nk8aOFAj+8DCAGKCGhU3IfdeLA/5u1fedFqySLKAj5ZyR -Uh+U3xeUc8OzwcFxBSAAeL0TUh2oPs0AH8g= ------END CERTIFICATE----- +diff --git a/jdk/make/data/cacerts/geotrustglobalca b/jdk/make/data/cacerts/geotrustglobalca +deleted file mode 100644 +index 7f8bf9a6..00000000 +--- a/jdk/make/data/cacerts/geotrustglobalca ++++ /dev/null +@@ -1,27 +0,0 @@ +-Owner: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US +-Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US +-Serial number: 23456 +-Valid from: Tue May 21 04:00:00 GMT 2002 until: Sat May 21 04:00:00 GMT 2022 +-Signature algorithm name: SHA1withRSA +-Subject Public Key Algorithm: 2048-bit RSA key +-Version: 3 +------BEGIN CERTIFICATE----- +-MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +-MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +-YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +-EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +-R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +-9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +-fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +-iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +-1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +-bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +-MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +-ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +-uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +-Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +-tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +-PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +-hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +-5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== +------END CERTIFICATE----- diff --git a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java b/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java index dd107fc..791ddb6 100644 --- a/jdk/test/sun/security/lib/cacerts/VerifyCACerts.java @@ -225,13 +262,13 @@ index dd107fc..791ddb6 100644 // The numbers of certs now. - private static final int COUNT = 89; -+ private static final int COUNT = 84; ++ private static final int COUNT = 83; // SHA-256 of cacerts, can be generated with // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95 private static final String CHECKSUM - = "CC:AD:BB:49:70:97:3F:42:AD:73:91:A0:A2:C4:B8:AA:D1:95:59:F3:B3:22:09:2A:1F:2C:AB:04:47:08:EF:AA"; -+ = "D3:05:21:64:FA:D7:CD:29:E8:CB:57:E7:47:ED:79:9B:47:D8:0E:75:2D:CA:83:BB:86:AF:D9:43:FD:3E:17:85"; ++ = "2D:04:88:6C:52:53:54:EB:38:2D:BC:E0:AF:B7:82:F4:9E:32:A8:1A:1B:A3:AE:CF:25:CB:C2:F6:0F:4E:E1:20"; // map of cert alias to SHA-256 fingerprint @SuppressWarnings("serial") @@ -248,6 +285,15 @@ index dd107fc..791ddb6 100644 put("baltimorecybertrustca [jdk]", "16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB"); put("digicertglobalrootca [jdk]", +@@ -111,8 +111,6 @@ public class VerifyCACerts { + "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2"); + put("digicerthighassuranceevrootca [jdk]", + "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF"); +- put("geotrustglobalca [jdk]", +- "FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A"); + put("geotrustprimaryca [jdk]", + "37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C"); + put("geotrustprimarycag2 [jdk]", @@ -163,10 +147,6 @@ public class VerifyCACerts { "5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE"); put("letsencryptisrgx1 [jdk]", @@ -259,7 +305,7 @@ index dd107fc..791ddb6 100644 put("quovadisrootca1g3 [jdk]", "8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74"); put("quovadisrootca2 [jdk]", -@@ -267,20 +247,7 @@ public class VerifyCACerts { +@@ -267,22 +247,7 @@ public class VerifyCACerts { // Exception list to 90 days expiry policy // No error will be reported if certificate in this list expires @SuppressWarnings("serial") @@ -275,6 +321,8 @@ index dd107fc..791ddb6 100644 - add("luxtrustglobalrootca [jdk]"); - // Valid until: Wed Mar 17 11:33:33 PDT 2021 - add("quovadisrootca [jdk]"); +- // Valid until: Sat May 21 04:00:00 GMT 2022 +- add("geotrustglobalca [jdk]"); - } - }; + private static final HashSet EXPIRY_EXC_ENTRIES = new HashSet(); @@ -282,5 +330,4 @@ index dd107fc..791ddb6 100644 // Ninety days in milliseconds private static final long NINETY_DAYS = 7776000000L; -- -1.8.3.1 - +2.19.0