# HG changeset patch # User vinnie # Date 1415121088 0 # Node ID 6e2e762deb80269e1fb10369b4656c68ab54aa11 # Parent 286376bf2e1ea75e53cba1df45e86aef773cd51a 8056026: Debug security logging should print Provider used for each crypto operation Reviewed-by: mullan diff -r 286376bf2e1e -r 6e2e762deb80 src/share/classes/java/security/KeyPairGenerator.java --- a/src/share/classes/java/security/KeyPairGenerator.java Wed Oct 15 14:06:10 2014 +0900 +++ b/src/share/classes/java/security/KeyPairGenerator.java Tue Nov 04 17:11:28 2014 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,6 +33,7 @@ import sun.security.jca.*; import sun.security.jca.GetInstance.Instance; +import sun.security.util.Debug; /** * The KeyPairGenerator class is used to generate pairs of @@ -127,6 +128,11 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi { + private static final Debug pdebug = + Debug.getInstance("provider", "Provider"); + private static final boolean skipDebug = + Debug.isOn("engine=") && !Debug.isOn("keypairgenerator"); + private final String algorithm; // The provider @@ -168,6 +174,12 @@ kpg = new Delegate(spi, algorithm); } kpg.provider = instance.provider; + + if (!skipDebug && pdebug != null) { + pdebug.println("KeyPairGenerator." + algorithm + + " algorithm from: " + kpg.provider.getName()); + } + return kpg; } @@ -558,6 +570,11 @@ provider = instance.provider; this.serviceIterator = serviceIterator; initType = I_NONE; + + if (!skipDebug && pdebug != null) { + pdebug.println("KeyPairGenerator." + algorithm + + " algorithm from: " + provider.getName()); + } } /** diff -r 286376bf2e1e -r 6e2e762deb80 src/share/classes/java/security/KeyStore.java --- a/src/share/classes/java/security/KeyStore.java Wed Oct 15 14:06:10 2014 +0900 +++ b/src/share/classes/java/security/KeyStore.java Tue Nov 04 17:11:28 2014 +0000 @@ -34,6 +34,8 @@ import javax.security.auth.callback.*; +import sun.security.util.Debug; + /** * This class represents a storage facility for cryptographic * keys and certificates. @@ -187,6 +189,11 @@ public class KeyStore { + private static final Debug pdebug = + Debug.getInstance("provider", "Provider"); + private static final boolean skipDebug = + Debug.isOn("engine=") && !Debug.isOn("keystore"); + /* * Constant to lookup in the Security properties file to determine * the default keystore type. @@ -578,6 +585,11 @@ this.keyStoreSpi = keyStoreSpi; this.provider = provider; this.type = type; + + if (!skipDebug && pdebug != null) { + pdebug.println("KeyStore." + type.toUpperCase() + " type from: " + + this.provider.getName()); + } } /** diff -r 286376bf2e1e -r 6e2e762deb80 src/share/classes/java/security/MessageDigest.java --- a/src/share/classes/java/security/MessageDigest.java Wed Oct 15 14:06:10 2014 +0900 +++ b/src/share/classes/java/security/MessageDigest.java Tue Nov 04 17:11:28 2014 +0000 @@ -35,6 +35,8 @@ import java.nio.ByteBuffer; +import sun.security.util.Debug; + /** * This MessageDigest class provides applications the functionality of a * message digest algorithm, such as SHA-1 or SHA-256. @@ -103,6 +105,11 @@ public abstract class MessageDigest extends MessageDigestSpi { + private static final Debug pdebug = + Debug.getInstance("provider", "Provider"); + private static final boolean skipDebug = + Debug.isOn("engine=") && !Debug.isOn("messagedigest"); + private String algorithm; // The state of this digest @@ -156,18 +163,23 @@ public static MessageDigest getInstance(String algorithm) throws NoSuchAlgorithmException { try { + MessageDigest md; Object[] objs = Security.getImpl(algorithm, "MessageDigest", (String)null); if (objs[0] instanceof MessageDigest) { - MessageDigest md = (MessageDigest)objs[0]; - md.provider = (Provider)objs[1]; - return md; + md = (MessageDigest)objs[0]; } else { - MessageDigest delegate = - new Delegate((MessageDigestSpi)objs[0], algorithm); - delegate.provider = (Provider)objs[1]; - return delegate; + md = new Delegate((MessageDigestSpi)objs[0], algorithm); } + md.provider = (Provider)objs[1]; + + if (!skipDebug && pdebug != null) { + pdebug.println("MessageDigest." + algorithm + + " algorithm from: " + md.provider.getName()); + } + + return md; + } catch(NoSuchProviderException e) { throw new NoSuchAlgorithmException(algorithm + " not found"); } diff -r 286376bf2e1e -r 6e2e762deb80 src/share/classes/java/security/SecureRandom.java --- a/src/share/classes/java/security/SecureRandom.java Wed Oct 15 14:06:10 2014 +0900 +++ b/src/share/classes/java/security/SecureRandom.java Tue Nov 04 17:11:28 2014 +0000 @@ -31,6 +31,7 @@ import sun.security.jca.*; import sun.security.jca.GetInstance.Instance; +import sun.security.util.Debug; /** * This class provides a cryptographically strong random number @@ -91,6 +92,11 @@ public class SecureRandom extends java.util.Random { + private static final Debug pdebug = + Debug.getInstance("provider", "Provider"); + private static final boolean skipDebug = + Debug.isOn("engine=") && !Debug.isOn("securerandom"); + /** * The provider. * @@ -233,6 +239,11 @@ this.secureRandomSpi = secureRandomSpi; this.provider = provider; this.algorithm = algorithm; + + if (!skipDebug && pdebug != null) { + pdebug.println("SecureRandom." + algorithm + + " algorithm from: " + this.provider.getName()); + } } /** diff -r 286376bf2e1e -r 6e2e762deb80 src/share/classes/java/security/Signature.java --- a/src/share/classes/java/security/Signature.java Wed Oct 15 14:06:10 2014 +0900 +++ b/src/share/classes/java/security/Signature.java Tue Nov 04 17:11:28 2014 +0000 @@ -121,6 +121,11 @@ private static final Debug debug = Debug.getInstance("jca", "Signature"); + private static final Debug pdebug = + Debug.getInstance("provider", "Provider"); + private static final boolean skipDebug = + Debug.isOn("engine=") && !Debug.isOn("signature"); + /* * The algorithm for this signature object. * This value is used to map an OID to the particular algorithm. @@ -450,6 +455,11 @@ throws InvalidKeyException { engineInitVerify(publicKey); state = VERIFY; + + if (!skipDebug && pdebug != null) { + pdebug.println("Signature." + algorithm + + " verification algorithm from: " + this.provider.getName()); + } } /** @@ -494,6 +504,11 @@ PublicKey publicKey = certificate.getPublicKey(); engineInitVerify(publicKey); state = VERIFY; + + if (!skipDebug && pdebug != null) { + pdebug.println("Signature." + algorithm + + " verification algorithm from: " + this.provider.getName()); + } } /** @@ -510,6 +525,11 @@ throws InvalidKeyException { engineInitSign(privateKey); state = SIGN; + + if (!skipDebug && pdebug != null) { + pdebug.println("Signature." + algorithm + + " signing algorithm from: " + this.provider.getName()); + } } /** @@ -528,6 +548,11 @@ throws InvalidKeyException { engineInitSign(privateKey, random); state = SIGN; + + if (!skipDebug && pdebug != null) { + pdebug.println("Signature." + algorithm + + " signing algorithm from: " + this.provider.getName()); + } } /** diff -r 286376bf2e1e -r 6e2e762deb80 src/share/classes/javax/crypto/Cipher.java --- a/src/share/classes/javax/crypto/Cipher.java Wed Oct 15 14:06:10 2014 +0900 +++ b/src/share/classes/javax/crypto/Cipher.java Tue Nov 04 17:11:28 2014 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -156,6 +156,11 @@ private static final Debug debug = Debug.getInstance("jca", "Cipher"); + private static final Debug pdebug = + Debug.getInstance("provider", "Provider"); + private static final boolean skipDebug = + Debug.isOn("engine=") && !Debug.isOn("cipher"); + /** * Constant used to initialize cipher to encryption mode. */ @@ -1100,6 +1105,21 @@ } } + private static String getOpmodeString(int opmode) { + switch (opmode) { + case ENCRYPT_MODE: + return "encryption"; + case DECRYPT_MODE: + return "decryption"; + case WRAP_MODE: + return "key wrapping"; + case UNWRAP_MODE: + return "key unwrapping"; + default: + return ""; + } + } + /** * Initializes this cipher with a key. * @@ -1219,6 +1239,12 @@ initialized = true; this.opmode = opmode; + + if (!skipDebug && pdebug != null) { + pdebug.println("Cipher." + transformation + " " + + getOpmodeString(opmode) + " algorithm from: " + + this.provider.getName()); + } } /** @@ -1350,6 +1376,12 @@ initialized = true; this.opmode = opmode; + + if (!skipDebug && pdebug != null) { + pdebug.println("Cipher." + transformation + " " + + getOpmodeString(opmode) + " algorithm from: " + + this.provider.getName()); + } } /** @@ -1481,6 +1513,12 @@ initialized = true; this.opmode = opmode; + + if (!skipDebug && pdebug != null) { + pdebug.println("Cipher." + transformation + " " + + getOpmodeString(opmode) + " algorithm from: " + + this.provider.getName()); + } } /** @@ -1659,6 +1697,12 @@ initialized = true; this.opmode = opmode; + + if (!skipDebug && pdebug != null) { + pdebug.println("Cipher." + transformation + " " + + getOpmodeString(opmode) + " algorithm from: " + + this.provider.getName()); + } } /** diff -r 286376bf2e1e -r 6e2e762deb80 src/share/classes/javax/crypto/KeyAgreement.java --- a/src/share/classes/javax/crypto/KeyAgreement.java Wed Oct 15 14:06:10 2014 +0900 +++ b/src/share/classes/javax/crypto/KeyAgreement.java Tue Nov 04 17:11:28 2014 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -78,6 +78,11 @@ private static final Debug debug = Debug.getInstance("jca", "KeyAgreement"); + private static final Debug pdebug = + Debug.getInstance("provider", "Provider"); + private static final boolean skipDebug = + Debug.isOn("engine=") && !Debug.isOn("keyagreement"); + // The provider private Provider provider; @@ -467,6 +472,11 @@ throw new InvalidKeyException(e); } } + + if (!skipDebug && pdebug != null) { + pdebug.println("KeyAgreement." + algorithm + " algorithm from: " + + this.provider.getName()); + } } /** @@ -523,6 +533,11 @@ } else { chooseProvider(I_PARAMS, key, params, random); } + + if (!skipDebug && pdebug != null) { + pdebug.println("KeyAgreement." + algorithm + " algorithm from: " + + this.provider.getName()); + } } /** diff -r 286376bf2e1e -r 6e2e762deb80 src/share/classes/javax/crypto/KeyGenerator.java --- a/src/share/classes/javax/crypto/KeyGenerator.java Wed Oct 15 14:06:10 2014 +0900 +++ b/src/share/classes/javax/crypto/KeyGenerator.java Tue Nov 04 17:11:28 2014 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -33,6 +33,7 @@ import sun.security.jca.*; import sun.security.jca.GetInstance.Instance; +import sun.security.util.Debug; /** * This class provides the functionality of a secret (symmetric) key generator. @@ -109,6 +110,11 @@ public class KeyGenerator { + private static final Debug pdebug = + Debug.getInstance("provider", "Provider"); + private static final boolean skipDebug = + Debug.isOn("engine=") && !Debug.isOn("keygenerator"); + // see java.security.KeyPairGenerator for failover notes private final static int I_NONE = 1; @@ -146,6 +152,11 @@ this.spi = keyGenSpi; this.provider = provider; this.algorithm = algorithm; + + if (!skipDebug && pdebug != null) { + pdebug.println("KeyGenerator." + algorithm + " algorithm from: " + + this.provider.getName()); + } } private KeyGenerator(String algorithm) throws NoSuchAlgorithmException { @@ -158,6 +169,11 @@ throw new NoSuchAlgorithmException (algorithm + " KeyGenerator not available"); } + + if (!skipDebug && pdebug != null) { + pdebug.println("KeyGenerator." + algorithm + " algorithm from: " + + this.provider.getName()); + } } /** diff -r 286376bf2e1e -r 6e2e762deb80 src/share/classes/javax/crypto/Mac.java --- a/src/share/classes/javax/crypto/Mac.java Wed Oct 15 14:06:10 2014 +0900 +++ b/src/share/classes/javax/crypto/Mac.java Tue Nov 04 17:11:28 2014 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -77,6 +77,11 @@ private static final Debug debug = Debug.getInstance("jca", "Mac"); + private static final Debug pdebug = + Debug.getInstance("provider", "Provider"); + private static final boolean skipDebug = + Debug.isOn("engine=") && !Debug.isOn("mac"); + // The provider private Provider provider; @@ -413,6 +418,11 @@ throw new InvalidKeyException("init() failed", e); } initialized = true; + + if (!skipDebug && pdebug != null) { + pdebug.println("Mac." + algorithm + " algorithm from: " + + this.provider.getName()); + } } /** @@ -435,6 +445,11 @@ chooseProvider(key, params); } initialized = true; + + if (!skipDebug && pdebug != null) { + pdebug.println("Mac." + algorithm + " algorithm from: " + + this.provider.getName()); + } } /** diff -r 286376bf2e1e -r 6e2e762deb80 src/share/classes/sun/security/util/Debug.java --- a/src/share/classes/sun/security/util/Debug.java Wed Oct 15 14:06:10 2014 +0900 +++ b/src/share/classes/sun/security/util/Debug.java Tue Nov 04 17:11:28 2014 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -96,7 +96,15 @@ System.err.println("codebase="); System.err.println(" only dump output if specified codebase"); System.err.println(" is being checked"); - + System.err.println(); + System.err.println("The following can be used with provider:"); + System.err.println(); + System.err.println("engine="); + System.err.println(" only dump output for the specified list"); + System.err.println(" of JCA engines. Supported values:"); + System.err.println(" Cipher, KeyAgreement, KeyGenerator,"); + System.err.println(" KeyPairGenerator, KeyStore, Mac,"); + System.err.println(" MessageDigest, SecureRandom, Signature."); System.err.println(); System.err.println("Note: Separate multiple options with a comma"); System.exit(0);