3988N/A * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A// explicit import to override the Provider class in this package 0N/A// need internal Sun classes for FIPS tricks 0N/A * This class contains a few static methods for interaction with the JCA/JCE 0N/A * to obtain implementations, etc. 0N/A * @author Andreas Sterbenz 0N/A // Flag indicating whether EC crypto is available. 0N/A // If null, then we have not checked yet. 0N/A // If yes, then all the EC based crypto we need is available. 1715N/A // Flag indicating whether Kerberos crypto is available. 1715N/A // If true, then all the Kerberos-based crypto we need is available. 1715N/A // Test for Kerberos using the bootstrap class loader 0N/A // force FIPS flag initialization 0N/A // Because isFIPS() is synchronized and cryptoProvider is not modified 0N/A // after it completes, this also eliminates the need for any further 0N/A // synchronization when accessing cryptoProvider 0N/A // Setup a ProviderList that can be used by the trust manager 0N/A // during certificate chain validation. All the crypto must be 0N/A // from the FIPS provider, but we also allow the required 0N/A // certificate related services from the SUN provider. 0N/A (
"FIPS mode: SUN provider must be installed");
0N/A super(
"SunCertificates",
1.0d,
"SunJSSE internal");
0N/A // copy certificate related services from the Sun provider 0N/A * JCE transformation string for RSA with PKCS#1 v1.5 padding. 0N/A * Can be used for encryption, decryption, signing, verifying. 0N/A * JCE transformation string for the stream cipher RC4. 0N/A * JCE transformation string for DES in CBC mode without padding. 0N/A * JCE transformation string for (3-key) Triple DES in CBC mode 0N/A * JCE transformation string for AES in CBC mode 0N/A * JCA identifier string for DSA, i.e. a DSA with SHA-1. 0N/A * JCA identifier string for ECDSA, i.e. a ECDSA with SHA-1. 0N/A * JCA identifier string for Raw DSA, i.e. a DSA signature without 0N/A * hashing where the application provides the SHA-1 hash of the data. 0N/A * Note that the standard name is "NONEwithDSA" but we use "RawDSA" 0N/A * for compatibility. 0N/A * JCA identifier string for Raw ECDSA, i.e. a DSA signature without 0N/A * hashing where the application provides the SHA-1 hash of the data. 0N/A * JCA identifier string for Raw RSA, i.e. a RSA PKCS#1 v1.5 signature 0N/A * without hashing where the application provides the hash of the data. 0N/A * Used for RSA client authentication with a 36 byte hash. 0N/A * JCA identifier string for the SSL/TLS style RSA Signature. I.e. 0N/A * an signature using RSA with PKCS#1 v1.5 padding signing a 0N/A * concatenation of an MD5 and SHA-1 digest. 0N/A // no instantiation of this class 0N/A * Return an JCE cipher implementation for the specified algorithm. 0N/A * Return an JCA signature implementation for the specified algorithm. 0N/A * The algorithm string should be one of the constants defined 0N/A // reference equality 0N/A // The SunPKCS11 provider currently does not support this 0N/A // special algorithm. We allow a fallback in this case because 0N/A // the SunJSSE implementation does the actual crypto using 0N/A // a NONEwithRSA signature obtained from the cryptoProvider. 3988N/A // Calling Signature.getInstance() and catching the 3988N/A // exception would be cleaner, but exceptions are a little 3988N/A // expensive. So we check directly via getService(). 0N/A // Try "PKCS11" first. If that is not supported, iterate through 0N/A // the provider and return the first working implementation. 0N/A // In FIPS mode, set thread local providers; otherwise a no-op. 0N/A // Must be paired with endFipsProvider.