/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* This class represents a "provider" for the
* Java Security API, where a provider implements some or all parts of
* Java Security. Services that a provider may implement include:
*
* <ul>
*
* <li>Algorithms (such as DSA, RSA, MD5 or SHA-1).
*
* <li>Key generation, conversion, and management facilities (such as for
* algorithm-specific keys).
*
*</ul>
*
* <p>Each provider has a name and a version number, and is configured
* in each runtime it is installed in.
*
* <p>See <a href =
* "../../../technotes/guides/security/crypto/CryptoSpec.html#Provider">The Provider Class</a>
* in the "Java Cryptography Architecture API Specification & Reference"
* for information about how a particular type of provider, the
* cryptographic service provider, works and is installed. However,
* please note that a provider can be used to implement any security
* service in Java that uses a pluggable architecture with a choice
* of implementations that fit underneath.
*
* <p>Some provider implementations may encounter unrecoverable internal
* errors during their operation, for example a failure to communicate with a
* security token. A {@link ProviderException} should be used to indicate
* such errors.
*
* <p>The service type <code>Provider</code> is reserved for use by the
* security framework. Services of this type cannot be added, removed,
* or modified by applications.
* The following attributes are automatically placed in each Provider object:
* <table cellspacing=4>
* <tr><th>Name</th><th>Value</th>
* <tr><td><code>Provider.id name</code></td>
* <td><code>String.valueOf(provider.getName())</code></td>
* <tr><td><code>Provider.id version</code></td>
* <td><code>String.valueOf(provider.getVersion())</code></td>
* <tr><td><code>Provider.id info</code></td>
<td><code>String.valueOf(provider.getInfo())</code></td>
* <tr><td><code>Provider.id className</code></td>
* <td><code>provider.getClass().getName()</code></td>
* </table>
*
* @author Benjamin Renaud
* @author Andreas Sterbenz
*/
// Declare serialVersionUID to be compatible with JDK1.1
("provider", "Provider");
/**
* The provider name.
*
* @serial
*/
/**
* A description of the provider and its services.
*
* @serial
*/
/**
* The provider version number.
*
* @serial
*/
private double version;
private transient boolean initialized;
/**
* Constructs a provider with the specified name, version number,
* and information.
*
* @param name the provider name.
*
* @param version the provider version number.
*
* @param info a description of the provider and its services.
*/
putId();
initialized = true;
}
/**
* Returns the name of this provider.
*
* @return the name of this provider.
*/
return name;
}
/**
* Returns the version number for this provider.
*
* @return the version number for this provider.
*/
public double getVersion() {
return version;
}
/**
* Returns a human-readable description of the provider and its
* services. This may return an HTML page, with relevant links.
*
* @return a description of the provider and its services.
*/
return info;
}
/**
* Returns a string with the name and the version number
* of this provider.
*
* @return the string with the name and the version number
* for this provider.
*/
}
/*
* override the following methods to ensure that provider
* information can only be changed if the caller has the appropriate
* permissions.
*/
/**
* Clears this provider so that it no longer contains the properties
* used to look up facilities implemented by the provider.
*
* <p>First, if there is a security manager, its
* <code>checkSecurityAccess</code> method is called with the string
* <code>"clearProviderProperties."+name</code> (where <code>name</code>
* is the provider name) to see if it's ok to clear this provider.
* If the default implementation of <code>checkSecurityAccess</code>
* is used (that is, that method is not overriden), then this results in
* a call to the security manager's <code>checkPermission</code> method
* with a <code>SecurityPermission("clearProviderProperties."+name)</code>
* permission.
*
* @throws SecurityException
* if a security manager exists and its <code>{@link
* java.lang.SecurityManager#checkSecurityAccess}</code> method
* denies access to clear this provider
*
* @since 1.2
*/
public synchronized void clear() {
}
implClear();
}
/**
* Reads a property list (key and element pairs) from the input stream.
*
* @param inStream the input stream.
* @exception IOException if an error occurred when reading from the
* input stream.
* @see java.util.Properties#load
*/
}
}
/**
* Copies all of the mappings from the specified Map to this provider.
* These mappings will replace any properties that this provider had
* for any of the keys currently in the specified Map.
*
* @since 1.2
*/
}
implPutAll(t);
}
/**
* Returns an unmodifiable Set view of the property entries contained
* in this Provider.
*
* @see java.util.Map.Entry
* @since 1.2
*/
else
return super.entrySet(); // Recursive call
}
// This exception will be thrown if the implementation of
// Collections.unmodifiableMap.entrySet() is changed such that it
// no longer calls entrySet() on the backing Map. (Provider's
// entrySet implementation depends on this "implementation detail",
// which is unlikely to change.
if (entrySetCallCount != 2)
throw new RuntimeException("Internal error.");
return entrySet;
}
/**
* Returns an unmodifiable Set view of the property keys contained in
* this provider.
*
* @since 1.2
*/
}
/**
* Returns an unmodifiable Collection view of the property values
* contained in this provider.
*
* @since 1.2
*/
}
/**
* Sets the <code>key</code> property to have the specified
* <code>value</code>.
*
* <p>First, if there is a security manager, its
* <code>checkSecurityAccess</code> method is called with the string
* <code>"putProviderProperty."+name</code>, where <code>name</code> is the
* provider name, to see if it's ok to set this provider's property values.
* If the default implementation of <code>checkSecurityAccess</code>
* is used (that is, that method is not overriden), then this results in
* a call to the security manager's <code>checkPermission</code> method
* with a <code>SecurityPermission("putProviderProperty."+name)</code>
* permission.
*
* @param key the property key.
*
* @param value the property value.
*
* @return the previous value of the specified property
* (<code>key</code>), or null if it did not have one.
*
* @throws SecurityException
* if a security manager exists and its <code>{@link
* java.lang.SecurityManager#checkSecurityAccess}</code> method
* denies access to set property values.
*
* @since 1.2
*/
}
}
/**
* Removes the <code>key</code> property (and its corresponding
* <code>value</code>).
*
* <p>First, if there is a security manager, its
* <code>checkSecurityAccess</code> method is called with the string
* <code>"removeProviderProperty."+name</code>, where <code>name</code> is
* the provider name, to see if it's ok to remove this provider's
* properties. If the default implementation of
* <code>checkSecurityAccess</code> is used (that is, that method is not
* overriden), then this results in a call to the security manager's
* <code>checkPermission</code> method with a
* <code>SecurityPermission("removeProviderProperty."+name)</code>
* permission.
*
* @param key the key for the property to be removed.
*
* @return the value to which the key had been mapped,
* or null if the key did not have a mapping.
*
* @throws SecurityException
* if a security manager exists and its <code>{@link
* java.lang.SecurityManager#checkSecurityAccess}</code> method
* denies access to remove this provider's properties.
*
* @since 1.2
*/
}
return implRemove(key);
}
// let javadoc show doc from superclass
}
// let javadoc show doc from superclass
return super.keys();
}
// let javadoc show doc from superclass
return super.elements();
}
// let javadoc show doc from superclass
return super.getProperty(key);
}
private void checkInitialized() {
if (!initialized) {
throw new IllegalStateException();
}
}
}
}
// legacy properties changed since last call to any services method?
private transient boolean legacyChanged;
// serviceMap changed since last call to getServices()
private transient boolean servicesChanged;
// Map<String,String>
// Map<ServiceKey,Service>
// used for services added via putService(), initialized on demand
// Map<ServiceKey,Service>
// used for services added via legacy methods, init on demand
// Set<Service>
// Unmodifiable set of all services. Initialized on demand.
// register the id attributes for this provider
// this is to ensure that equals() and hashCode() do not incorrectly
// report to different provider objects as the same
private void putId() {
// note: name and info may be null
}
throws IOException, ClassNotFoundException {
}
implClear();
initialized = true;
}
/**
* Copies all of the mappings from the specified Map to this provider.
* Internal method to be called AFTER the security check has been
* performed.
*/
}
}
return null;
}
legacyChanged = true;
if (legacyStrings == null) {
}
}
}
return null;
}
legacyChanged = true;
if (legacyStrings == null) {
}
}
}
private void implClear() {
if (legacyStrings != null) {
}
}
if (serviceMap != null) {
serviceMap.clear();
}
legacyChanged = false;
servicesChanged = false;
serviceSet = null;
super.clear();
putId();
}
// used as key in the serviceMap and legacyMap HashMaps
private static class ServiceKey {
this.originalAlgorithm = algorithm;
}
public int hashCode() {
}
if (this == obj) {
return true;
}
if (obj instanceof ServiceKey == false) {
return false;
}
}
}
}
/**
* Ensure all the legacy String properties are fully parsed into
* service objects.
*/
private void ensureLegacyParsed() {
return;
}
serviceSet = null;
} else {
}
}
legacyChanged = false;
}
/**
* Remove all invalid services from the Map. Invalid services can only
* occur if the legacy properties are inconsistent or incomplete.
*/
if (s.isValid() == false) {
t.remove();
}
}
}
if (i < 1) {
}
return null;
}
}
// e.g. put("Alg.Alias.MessageDigest.SHA", "SHA-1");
// aliasKey ~ MessageDigest.SHA
if (typeAndAlg == null) {
return;
}
if (s == null) {
s = new Service(this);
}
} else {
if (typeAndAlg == null) {
return;
}
if (i == -1) {
// e.g. put("MessageDigest.SHA-1", "sun.security.provider.SHA");
if (s == null) {
s = new Service(this);
}
} else { // attribute
// e.g. put("MessageDigest.SHA-1 ImplementedIn", "Software");
// kill additional spaces
}
if (s == null) {
s = new Service(this);
}
}
}
}
/**
* Get the service describing this Provider's implementation of the
* specified type of this algorithm or alias. If no such
* implementation exists, this method returns null. If there are two
* matching services, one added to this provider using
* {@link #putService putService()} and one added via {@link #put put()},
* the service added via {@link #putService putService()} is returned.
*
* @param type the type of {@link Service service} requested
* (for example, <code>MessageDigest</code>)
* @param algorithm the case insensitive algorithm name (or alternate
* alias) of the service requested (for example, <code>SHA-1</code>)
*
* @return the service describing this Provider's matching service
* or null if no such service exists
*
* @throws NullPointerException if type or algorithm is null
*
* @since 1.5
*/
// avoid allocating a new key object if possible
previousKey = key;
}
if (serviceMap != null) {
return service;
}
}
}
// ServiceKey from previous getService() call
// by re-using it if possible we avoid allocating a new object
// and the toUpperCase() call.
// re-use will occur e.g. as the framework traverses the provider
// list and queries each provider with the same values until it finds
// a matching service
/**
* Get an unmodifiable Set of all services supported by
* this Provider.
*
* @return an unmodifiable Set of all services supported by
* this Provider
*
* @since 1.5
*/
if (legacyChanged || servicesChanged) {
serviceSet = null;
}
if (serviceSet == null) {
if (serviceMap != null) {
}
}
servicesChanged = false;
}
return serviceSet;
}
/**
* Add a service. If a service of the same type with the same algorithm
* name exists and it was added using {@link #putService putService()},
* it is replaced by the new service.
* This method also places information about this service
* in the provider's Hashtable values in the format described in the
* <a href="../../../technotes/guides/security/crypto/CryptoSpec.html">
* Java Cryptography Architecture API Specification & Reference </a>.
*
* <p>Also, if there is a security manager, its
* <code>checkSecurityAccess</code> method is called with the string
* <code>"putProviderProperty."+name</code>, where <code>name</code> is
* the provider name, to see if it's ok to set this provider's property
* values. If the default implementation of <code>checkSecurityAccess</code>
* is used (that is, that method is not overriden), then this results in
* a call to the security manager's <code>checkPermission</code> method with
* a <code>SecurityPermission("putProviderProperty."+name)</code>
* permission.
*
* @param s the Service to add
*
* @throws SecurityException
* if a security manager exists and its <code>{@link
* java.lang.SecurityManager#checkSecurityAccess}</code> method denies
* access to set property values.
* @throws NullPointerException if s is null
*
* @since 1.5
*/
}
if (s == null) {
throw new NullPointerException();
}
if (s.getProvider() != this) {
throw new IllegalArgumentException
("service.getProvider() must match this Provider object");
}
if (serviceMap == null) {
}
servicesChanged = true;
// remove existing service
}
}
/**
* Put the string properties for this Service in this Provider's
* Hashtable.
*/
// use super() to avoid permission check and other processing
}
}
}
/**
* Remove the string properties for this Service from this Provider's
* Hashtable.
*/
// use super() to avoid permission check and other processing
}
}
}
/**
* Remove a service previously added using
* {@link #putService putService()}. The specified service is removed from
* this provider. It will no longer be returned by
* {@link #getService getService()} and its information will be removed
* from this provider's Hashtable.
*
* <p>Also, if there is a security manager, its
* <code>checkSecurityAccess</code> method is called with the string
* <code>"removeProviderProperty."+name</code>, where <code>name</code> is
* the provider name, to see if it's ok to remove this provider's
* properties. If the default implementation of
* <code>checkSecurityAccess</code> is used (that is, that method is not
* overriden), then this results in a call to the security manager's
* <code>checkPermission</code> method with a
* <code>SecurityPermission("removeProviderProperty."+name)</code>
* permission.
*
* @param s the Service to be removed
*
* @throws SecurityException
* if a security manager exists and its <code>{@link
* java.lang.SecurityManager#checkSecurityAccess}</code> method denies
* access to remove this provider's properties.
* @throws NullPointerException if s is null
*
* @since 1.5
*/
}
if (s == null) {
throw new NullPointerException();
}
}
return;
}
if (s != oldService) {
return;
}
servicesChanged = true;
}
}
private static class UString {
this.string = s;
}
public int hashCode() {
return lowerString.hashCode();
}
if (this == obj) {
return true;
}
return false;
}
}
return string;
}
}
// describe relevant properties of a type of engine
private static class EngineDescription {
final boolean supportsParameter;
this.supportsParameter = sp;
}
}
return clazz;
}
}
// built in knowledge of the engine types shipped as part of the JDK
// also index by canonical name to avoid toLowerCase() for some lookups
}
static {
// JCA
addEngine("CertStore", false,
"java.security.cert.CertStoreParameters");
// JCE
// JSSE
// JGSS
// SASL
// POLICY
addEngine("Policy", false,
"java.security.Policy$Parameters");
// CONFIGURATION
addEngine("Configuration", false,
"javax.security.auth.login.Configuration$Parameters");
// XML DSig
// Smart Card I/O
addEngine("TerminalFactory", false,
"java.lang.Object");
}
// get the "standard" (mixed-case) engine name for arbitary case engine name
// if there is no known engine by that name, return s
// try original case first, usually correct
if (e == null) {
}
}
/**
* The description of a security service. It encapsulates the properties
* of a service and contains a factory method to obtain new implementation
* instances of this service.
*
* <p>Each service has a provider that offers the service, a type,
* an algorithm name, and the name of the class that implements the
* service. Optionally, it also includes a list of alternate algorithm
* names for this service (aliases) and attributes, which are a map of
* (name, value) String pairs.
*
* <p>This class defines the methods {@link #supportsParameter
* supportsParameter()} and {@link #newInstance newInstance()}
* which are used by the Java security framework when it searches for
* suitable services and instantes them. The valid arguments to those
* methods depend on the type of service. For the service types defined
* within Java SE, see the
* <a href="../../../technotes/guides/security/crypto/CryptoSpec.html">
* Java Cryptography Architecture API Specification & Reference </a>
* for the valid values.
* Note that components outside of Java SE can define additional types of
* services and their behavior.
*
* <p>Instances of this class are immutable.
*
* @since 1.5
*/
public static class Service {
// Reference to the cached implementation Class object
// flag indicating whether this service has its attributes for
// supportedKeyFormats or supportedKeyClasses set
// if null, the values have not been initialized
// if TRUE, at least one of supportedFormats/Classes is non null
// supported encoding formats
// names of the supported key (super) classes
// whether this service has been registered with the Provider
private boolean registered;
// this constructor and these methods are used for parsing
// the legacy string properties.
}
private boolean isValid() {
}
}
}
if (attributes.isEmpty()) {
}
}
/**
* Construct a new service.
*
* @param provider the provider that offers this service
* @param type the type of this service
* @param algorithm the algorithm name
* @param className the name of the class implementing this service
* @param aliases List of aliases or null if algorithm has no aliases
* @param attributes Map of attributes or null if this implementation
* has no attributes
*
* @throws NullPointerException if provider, type, algorithm, or
* className is null
*/
throw new NullPointerException();
}
} else {
}
if (attributes == null) {
} else {
}
}
}
/**
* Get the type of this service. For example, <code>MessageDigest</code>.
*
* @return the type of this service
*/
return type;
}
/**
* Return the name of the algorithm of this service. For example,
* <code>SHA-1</code>.
*
* @return the algorithm of this service
*/
return algorithm;
}
/**
* Return the Provider of this service.
*
* @return the Provider of this service
*/
return provider;
}
/**
* Return the name of the class implementing this service.
*
* @return the name of the class implementing this service
*/
return className;
}
// internal only
return aliases;
}
/**
* Return the value of the specified attribute or null if this
* attribute is not set for this Service.
*
* @param name the name of the requested attribute
*
* @return the value of the specified attribute or null if the
* attribute is not present
*
* @throws NullPointerException if name is null
*/
throw new NullPointerException();
}
}
/**
* Return a new instance of the implementation described by this
* service. The security provider framework uses this method to
* construct implementations. Applications will typically not need
* to call it.
*
* <p>The default implementation uses reflection to invoke the
* standard constructor for this type of service.
* Security providers can override this method to implement
* instantiation in a different way.
* For details and the values of constructorParameter that are
* valid for the various types of services see the
* <a href="../../../technotes/guides/security/crypto/CryptoSpec.html">
* Java Cryptography Architecture API Specification &
* Reference</a>.
*
* @param constructorParameter the value to pass to the constructor,
* or null if this type of service does not use a constructorParameter.
*
* @return a new implementation of this service
*
* @throws InvalidParameterException if the value of
* constructorParameter is invalid for this type of service.
* @throws NoSuchAlgorithmException if instantation failed for
* any other reason.
*/
throws NoSuchAlgorithmException {
if (registered == false) {
throw new NoSuchAlgorithmException
("Service not registered with Provider "
}
registered = true;
}
try {
// unknown engine type, use generic code
// this is the code path future for non-core
// optional packages
return newInstanceGeneric(constructorParameter);
}
if (constructorParameter != null) {
throw new InvalidParameterException
("constructorParameter not used with " + type
+ " engines");
}
return clazz.newInstance();
} else {
if (constructorParameter != null) {
throw new InvalidParameterException
("constructorParameter must be instanceof "
+ " for engine type " + type);
}
}
}
} catch (NoSuchAlgorithmException e) {
throw e;
} catch (InvocationTargetException e) {
throw new NoSuchAlgorithmException
("Error constructing implementation (algorithm: "
} catch (Exception e) {
throw new NoSuchAlgorithmException
("Error constructing implementation (algorithm: "
}
}
// return the implementation Class object for this service
try {
} else {
}
}
return clazz;
} catch (ClassNotFoundException e) {
throw new NoSuchAlgorithmException
}
}
/**
* Generic code path for unknown engine types. Call the
* no-args constructor if constructorParameter is null, otherwise
* use the first matching constructor.
*/
throws Exception {
if (constructorParameter == null) {
return o;
}
// find first public constructor that can take the
// argument as parameter
continue;
}
continue;
}
return o;
}
throw new NoSuchAlgorithmException("No constructor matching "
}
/**
* Test whether this Service can use the specified parameter.
* Returns false if this service cannot use the parameter. Returns
* true if this service can use the parameter, if a fast test is
* infeasible, or if the status is unknown.
*
* <p>The security provider framework uses this method with
* some types of services to quickly exclude non-matching
* implementations for consideration.
* Applications will typically not need to call it.
*
* <p>For details and the values of parameter that are valid for the
* various types of services see the top of this class and the
* <a href="../../../technotes/guides/security/crypto/CryptoSpec.html">
* Java Cryptography Architecture API Specification &
* Reference</a>.
* Security providers can override it to implement their own test.
*
* @param parameter the parameter to test
*
* @return false if this this service cannot use the specified
* parameter; true if it can possibly use the parameter
*
* @throws InvalidParameterException if the value of parameter is
* invalid for this type of service or if this method cannot be
* used with this type of service
*/
// unknown engine type, return true by default
return true;
}
if (cap.supportsParameter == false) {
throw new InvalidParameterException("supportsParameter() not "
}
// allow null for keys without attributes for compatibility
throw new InvalidParameterException
("Parameter must be instanceof Key for engine " + type);
}
if (hasKeyAttributes() == false) {
return true;
}
return false;
}
if (supportsKeyFormat(key)) {
return true;
}
if (supportsKeyClass(key)) {
return true;
}
return false;
}
/**
* Return whether this service has its Supported* properties for
* keys defined. Parses the attributes if not yet initialized.
*/
private boolean hasKeyAttributes() {
Boolean b = hasKeyAttributes;
if (b == null) {
synchronized (this) {
String s;
s = getAttribute("SupportedKeyFormats");
if (s != null) {
}
s = getAttribute("SupportedKeyClasses");
if (s != null) {
}
}
}
|| (supportedClasses != null);
hasKeyAttributes = b;
}
}
return b.booleanValue();
}
// get the key class object of the specified name
try {
} catch (ClassNotFoundException e) {
// ignore
}
try {
}
} catch (ClassNotFoundException e) {
// ignore
}
return null;
}
if (supportedFormats == null) {
return false;
}
return false;
}
return true;
}
}
return false;
}
if (supportedClasses == null) {
return false;
}
return true;
}
}
return false;
}
/**
* Return a String representation of this service.
*
* @return a String representation of this service.
*/
}
}
}