Mercurial > hg > openjdk > aarch64-port > jdk
changeset 10915:e0a04f91f4bd
8080102: Java 8 cannot load its cacerts in FIPS. no such provider: SunEC
Reviewed-by: valeriep
author | coffeys |
---|---|
date | Tue, 23 Jun 2015 04:07:36 -0700 |
parents | 07911e30fdfe |
children | 785d21100834 |
files | src/share/classes/sun/security/ec/ECPrivateKeyImpl.java src/share/classes/sun/security/ec/ECPublicKeyImpl.java src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java src/share/classes/sun/security/pkcs11/P11ECUtil.java src/share/classes/sun/security/pkcs11/P11Key.java src/share/classes/sun/security/util/ECUtil.java test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java |
diffstat | 7 files changed, 141 insertions(+), 53 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java Thu Jun 18 19:15:14 2015 +0300 +++ b/src/share/classes/sun/security/ec/ECPrivateKeyImpl.java Tue Jun 23 04:07:36 2015 -0700 @@ -69,7 +69,7 @@ /** * Construct a key from its encoding. Called by the ECKeyFactory. */ - ECPrivateKeyImpl(byte[] encoded) throws InvalidKeyException { + public ECPrivateKeyImpl(byte[] encoded) throws InvalidKeyException { decode(encoded); } @@ -77,7 +77,7 @@ * Construct a key from its components. Used by the * KeyFactory. */ - ECPrivateKeyImpl(BigInteger s, ECParameterSpec params) + public ECPrivateKeyImpl(BigInteger s, ECParameterSpec params) throws InvalidKeyException { this.s = s; this.params = params;
--- a/src/share/classes/sun/security/ec/ECPublicKeyImpl.java Thu Jun 18 19:15:14 2015 +0300 +++ b/src/share/classes/sun/security/ec/ECPublicKeyImpl.java Tue Jun 23 04:07:36 2015 -0700 @@ -52,7 +52,7 @@ * ECKeyFactory. */ @SuppressWarnings("deprecation") - ECPublicKeyImpl(ECPoint w, ECParameterSpec params) + public ECPublicKeyImpl(ECPoint w, ECParameterSpec params) throws InvalidKeyException { this.w = w; this.params = params; @@ -65,7 +65,7 @@ /** * Construct a key from its encoding. */ - ECPublicKeyImpl(byte[] encoded) throws InvalidKeyException { + public ECPublicKeyImpl(byte[] encoded) throws InvalidKeyException { decode(encoded); }
--- a/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Thu Jun 18 19:15:14 2015 +0300 +++ b/src/share/classes/sun/security/pkcs11/P11ECKeyFactory.java Tue Jun 23 04:07:36 2015 -0700 @@ -116,7 +116,7 @@ byte[] encoded = key.getEncoded(); try { - key = ECUtil.decodeX509ECPublicKey(encoded); + key = P11ECUtil.decodeX509ECPublicKey(encoded); } catch (InvalidKeySpecException ikse) { throw new InvalidKeyException(ikse); } @@ -145,7 +145,7 @@ byte[] encoded = key.getEncoded(); try { - key = ECUtil.decodePKCS8ECPrivateKey(encoded); + key = P11ECUtil.decodePKCS8ECPrivateKey(encoded); } catch (InvalidKeySpecException ikse) { throw new InvalidKeyException(ikse); } @@ -167,7 +167,7 @@ if (keySpec instanceof X509EncodedKeySpec) { try { byte[] encoded = ((X509EncodedKeySpec)keySpec).getEncoded(); - PublicKey key = ECUtil.decodeX509ECPublicKey(encoded); + PublicKey key = P11ECUtil.decodeX509ECPublicKey(encoded); return implTranslatePublicKey(key); } catch (InvalidKeyException e) { throw new InvalidKeySpecException @@ -197,7 +197,7 @@ if (keySpec instanceof PKCS8EncodedKeySpec) { try { byte[] encoded = ((PKCS8EncodedKeySpec)keySpec).getEncoded(); - PrivateKey key = ECUtil.decodePKCS8ECPrivateKey(encoded); + PrivateKey key = P11ECUtil.decodePKCS8ECPrivateKey(encoded); return implTranslatePrivateKey(key); } catch (GeneralSecurityException e) { throw new InvalidKeySpecException
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/share/classes/sun/security/pkcs11/P11ECUtil.java Tue Jun 23 04:07:36 2015 -0700 @@ -0,0 +1,114 @@ +/* + * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.security.pkcs11; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.*; +import java.security.interfaces.*; +import java.security.spec.*; + +import sun.security.ec.ECPublicKeyImpl; +import sun.security.ec.ECPrivateKeyImpl; +import sun.security.x509.X509Key; + +final class P11ECUtil { + + static ECPublicKey decodeX509ECPublicKey(byte[] encoded) + throws InvalidKeySpecException { + X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded); + + return (ECPublicKey)ECGeneratePublic(keySpec); + } + + static byte[] x509EncodeECPublicKey(ECPoint w, + ECParameterSpec params) throws InvalidKeySpecException { + ECPublicKeySpec keySpec = new ECPublicKeySpec(w, params); + X509Key key = (X509Key)ECGeneratePublic(keySpec); + + return key.getEncoded(); + } + + static ECPrivateKey decodePKCS8ECPrivateKey(byte[] encoded) + throws InvalidKeySpecException { + PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded); + + return (ECPrivateKey)ECGeneratePrivate(keySpec); + } + + static ECPrivateKey generateECPrivateKey(BigInteger s, + ECParameterSpec params) throws InvalidKeySpecException { + ECPrivateKeySpec keySpec = new ECPrivateKeySpec(s, params); + + return (ECPrivateKey)ECGeneratePrivate(keySpec); + } + + private static PublicKey ECGeneratePublic(KeySpec keySpec) + throws InvalidKeySpecException { + try { + if (keySpec instanceof X509EncodedKeySpec) { + X509EncodedKeySpec x509Spec = (X509EncodedKeySpec)keySpec; + return new ECPublicKeyImpl(x509Spec.getEncoded()); + } else if (keySpec instanceof ECPublicKeySpec) { + ECPublicKeySpec ecSpec = (ECPublicKeySpec)keySpec; + return new ECPublicKeyImpl( + ecSpec.getW(), + ecSpec.getParams() + ); + } else { + throw new InvalidKeySpecException("Only ECPublicKeySpec " + + "and X509EncodedKeySpec supported for EC public keys"); + } + } catch (InvalidKeySpecException e) { + throw e; + } catch (GeneralSecurityException e) { + throw new InvalidKeySpecException(e); + } + } + + private static PrivateKey ECGeneratePrivate(KeySpec keySpec) + throws InvalidKeySpecException { + try { + if (keySpec instanceof PKCS8EncodedKeySpec) { + PKCS8EncodedKeySpec pkcsSpec = (PKCS8EncodedKeySpec)keySpec; + return new ECPrivateKeyImpl(pkcsSpec.getEncoded()); + } else if (keySpec instanceof ECPrivateKeySpec) { + ECPrivateKeySpec ecSpec = (ECPrivateKeySpec)keySpec; + return new ECPrivateKeyImpl(ecSpec.getS(), ecSpec.getParams()); + } else { + throw new InvalidKeySpecException("Only ECPrivateKeySpec " + + "and PKCS8EncodedKeySpec supported for EC private keys"); + } + } catch (InvalidKeySpecException e) { + throw e; + } catch (GeneralSecurityException e) { + throw new InvalidKeySpecException(e); + } + } + + private P11ECUtil() {} + +}
--- a/src/share/classes/sun/security/pkcs11/P11Key.java Thu Jun 18 19:15:14 2015 +0300 +++ b/src/share/classes/sun/security/pkcs11/P11Key.java Tue Jun 23 04:07:36 2015 -0700 @@ -47,7 +47,6 @@ import sun.security.util.DerValue; import sun.security.util.Length; -import sun.security.util.ECUtil; /** * Key implementation classes. @@ -993,7 +992,7 @@ if (encoded == null) { fetchValues(); try { - Key key = ECUtil.generateECPrivateKey(s, params); + Key key = P11ECUtil.generateECPrivateKey(s, params); encoded = key.getEncoded(); } catch (InvalidKeySpecException e) { throw new ProviderException(e); @@ -1067,7 +1066,7 @@ if (encoded == null) { fetchValues(); try { - return ECUtil.x509EncodeECPublicKey(w, params); + return P11ECUtil.x509EncodeECPublicKey(w, params); } catch (InvalidKeySpecException e) { throw new ProviderException(e); }
--- a/src/share/classes/sun/security/util/ECUtil.java Thu Jun 18 19:15:14 2015 +0300 +++ b/src/share/classes/sun/security/util/ECUtil.java Tue Jun 23 04:07:36 2015 -0700 @@ -89,47 +89,6 @@ return Arrays.copyOfRange(b, i, b.length); } - private static KeyFactory getKeyFactory() { - try { - return KeyFactory.getInstance("EC", "SunEC"); - } catch (NoSuchAlgorithmException | NoSuchProviderException e) { - throw new RuntimeException(e); - } - } - - public static ECPublicKey decodeX509ECPublicKey(byte[] encoded) - throws InvalidKeySpecException { - KeyFactory keyFactory = getKeyFactory(); - X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded); - - return (ECPublicKey)keyFactory.generatePublic(keySpec); - } - - public static byte[] x509EncodeECPublicKey(ECPoint w, - ECParameterSpec params) throws InvalidKeySpecException { - KeyFactory keyFactory = getKeyFactory(); - ECPublicKeySpec keySpec = new ECPublicKeySpec(w, params); - X509Key key = (X509Key)keyFactory.generatePublic(keySpec); - - return key.getEncoded(); - } - - public static ECPrivateKey decodePKCS8ECPrivateKey(byte[] encoded) - throws InvalidKeySpecException { - KeyFactory keyFactory = getKeyFactory(); - PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded); - - return (ECPrivateKey)keyFactory.generatePrivate(keySpec); - } - - public static ECPrivateKey generateECPrivateKey(BigInteger s, - ECParameterSpec params) throws InvalidKeySpecException { - KeyFactory keyFactory = getKeyFactory(); - ECPrivateKeySpec keySpec = new ECPrivateKeySpec(s, params); - - return (ECPrivateKey)keyFactory.generatePrivate(keySpec); - } - private static AlgorithmParameters getECParameters(Provider p) { try { if (p != null) {
--- a/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Thu Jun 18 19:15:14 2015 +0300 +++ b/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Tue Jun 23 04:07:36 2015 -0700 @@ -28,7 +28,7 @@ /* * @test - * @bug 6405536 + * @bug 6405536 8080102 * @summary Verify that all ciphersuites work (incl. ECC using NSS crypto) * @author Andreas Sterbenz * @library .. @@ -49,13 +49,29 @@ cmdArgs = args; main(new ClientJSSEServerJSSE()); + // now test without SunEC Provider + System.setProperty("testWithoutSunEC", "true"); + main(new ClientJSSEServerJSSE()); + } public void main(Provider p) throws Exception { + String testWithoutSunEC = System.getProperty("testWithoutSunEC"); if (p.getService("KeyFactory", "EC") == null) { System.out.println("Provider does not support EC, skipping"); return; } + + + if (testWithoutSunEC != null) { + Provider sunec = Security.getProvider("SunEC"); + if (sunec == null) { + System.out.println("SunEC provider not present. Skipping test"); + return; + } + Security.removeProvider(sunec.getName()); + } + Providers.setAt(p, 1); CipherTest.main(new JSSEFactory(), cmdArgs); Security.removeProvider(p.getName());