infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-03-25 07:09:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

8056026: Debug security logging should print Provider used for each crypto operation

Browse Source 
Reviewed-by: mullan
This commit is contained in:
Vinnie Ryan 2014-09-25 12:24:19 +01:00
parent 0a17643e73
commit aeecc19f04
10 changed files with 190 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
jdk/src/java.base/share/classes/java/security/KeyPairGenerator.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -33,6 +33,7 @@ import java.security.Provider.Service;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
import sun.security.util.Debug;
/**
* The KeyPairGenerator class is used to generate pairs of
@ -126,6 +127,11 @@ import sun.security.jca.GetInstance.Instance;
public abstract class KeyPairGenerator extends KeyPairGeneratorSpi {
private static final Debug pdebug =
Debug.getInstance("provider", "Provider");
private static final boolean skipDebug =
Debug.isOn("engine=") && !Debug.isOn("keypairgenerator");
private final String algorithm;
// The provider
@ -167,6 +173,12 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi {
kpg = new Delegate(spi, algorithm);
}
kpg.provider = instance.provider;
if (!skipDebug && pdebug != null) {
pdebug.println("KeyPairGenerator." + algorithm +
" algorithm from: " + kpg.provider.getName());
}
return kpg;
}
@ -557,6 +569,11 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi {
provider = instance.provider;
this.serviceIterator = serviceIterator;
initType = I_NONE;
if (!skipDebug && pdebug != null) {
pdebug.println("KeyPairGenerator." + algorithm +
" algorithm from: " + provider.getName());
}
}
/**

12
jdk/src/java.base/share/classes/java/security/KeyStore.java
View File

@ -37,6 +37,8 @@ import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.callback.*;
import sun.security.util.Debug;
/**
* This class represents a storage facility for cryptographic
* keys and certificates.
@ -177,6 +179,11 @@ import javax.security.auth.callback.*;
public class KeyStore {
private static final Debug pdebug =
Debug.getInstance("provider", "Provider");
private static final boolean skipDebug =
Debug.isOn("engine=") && !Debug.isOn("keystore");
/*
* Constant to lookup in the Security properties file to determine
* the default keystore type.
@ -801,6 +808,11 @@ public class KeyStore {
this.keyStoreSpi = keyStoreSpi;
this.provider = provider;
this.type = type;
if (!skipDebug && pdebug != null) {
pdebug.println("KeyStore." + type.toUpperCase() + " type from: " +
this.provider.getName());
}
}
/**

26
jdk/src/java.base/share/classes/java/security/MessageDigest.java
View File

@ -35,6 +35,8 @@ import java.io.ByteArrayInputStream;
import java.nio.ByteBuffer;
import sun.security.util.Debug;
/**
* This MessageDigest class provides applications the functionality of a
* message digest algorithm, such as SHA-1 or SHA-256.
@ -103,6 +105,11 @@ import java.nio.ByteBuffer;
public abstract class MessageDigest extends MessageDigestSpi {
private static final Debug pdebug =
Debug.getInstance("provider", "Provider");
private static final boolean skipDebug =
Debug.isOn("engine=") && !Debug.isOn("messagedigest");
private String algorithm;
// The state of this digest
@ -156,18 +163,23 @@ public abstract class MessageDigest extends MessageDigestSpi {
public static MessageDigest getInstance(String algorithm)
throws NoSuchAlgorithmException {
try {
MessageDigest md;
Object[] objs = Security.getImpl(algorithm, "MessageDigest",
(String)null);
if (objs[0] instanceof MessageDigest) {
MessageDigest md = (MessageDigest)objs[0];
md.provider = (Provider)objs[1];
return md;
md = (MessageDigest)objs[0];
} else {
MessageDigest delegate =
new Delegate((MessageDigestSpi)objs[0], algorithm);
delegate.provider = (Provider)objs[1];
return delegate;
md = new Delegate((MessageDigestSpi)objs[0], algorithm);
}
md.provider = (Provider)objs[1];
if (!skipDebug && pdebug != null) {
pdebug.println("MessageDigest." + algorithm +
" algorithm from: " + md.provider.getName());
}
return md;
} catch(NoSuchProviderException e) {
throw new NoSuchAlgorithmException(algorithm + " not found");
}

11
jdk/src/java.base/share/classes/java/security/SecureRandom.java
View File

@ -32,6 +32,7 @@ import java.security.Provider.Service;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
import sun.security.util.Debug;
/**
* This class provides a cryptographically strong random number
@ -93,6 +94,11 @@ import sun.security.jca.GetInstance.Instance;
public class SecureRandom extends java.util.Random {
private static final Debug pdebug =
Debug.getInstance("provider", "Provider");
private static final boolean skipDebug =
Debug.isOn("engine=") && !Debug.isOn("securerandom");
/**
* The provider.
*
@ -235,6 +241,11 @@ public class SecureRandom extends java.util.Random {
this.secureRandomSpi = secureRandomSpi;
this.provider = provider;
this.algorithm = algorithm;
if (!skipDebug && pdebug != null) {
pdebug.println("SecureRandom." + algorithm +
" algorithm from: " + this.provider.getName());
}
}
/**

27
jdk/src/java.base/share/classes/java/security/Signature.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -121,6 +121,11 @@ public abstract class Signature extends SignatureSpi {
private static final Debug debug =
Debug.getInstance("jca", "Signature");
private static final Debug pdebug =
Debug.getInstance("provider", "Provider");
private static final boolean skipDebug =
Debug.isOn("engine=") && !Debug.isOn("signature");
/*
* The algorithm for this signature object.
* This value is used to map an OID to the particular algorithm.
@ -451,6 +456,11 @@ public abstract class Signature extends SignatureSpi {
throws InvalidKeyException {
engineInitVerify(publicKey);
state = VERIFY;
if (!skipDebug && pdebug != null) {
pdebug.println("Signature." + algorithm +
" verification algorithm from: " + this.provider.getName());
}
}
/**
@ -495,6 +505,11 @@ public abstract class Signature extends SignatureSpi {
PublicKey publicKey = certificate.getPublicKey();
engineInitVerify(publicKey);
state = VERIFY;
if (!skipDebug && pdebug != null) {
pdebug.println("Signature." + algorithm +
" verification algorithm from: " + this.provider.getName());
}
}
/**
@ -511,6 +526,11 @@ public abstract class Signature extends SignatureSpi {
throws InvalidKeyException {
engineInitSign(privateKey);
state = SIGN;
if (!skipDebug && pdebug != null) {
pdebug.println("Signature." + algorithm +
" signing algorithm from: " + this.provider.getName());
}
}
/**
@ -529,6 +549,11 @@ public abstract class Signature extends SignatureSpi {
throws InvalidKeyException {
engineInitSign(privateKey, random);
state = SIGN;
if (!skipDebug && pdebug != null) {
pdebug.println("Signature." + algorithm +
" signing algorithm from: " + this.provider.getName());
}
}
/**

46
jdk/src/java.base/share/classes/javax/crypto/Cipher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -167,6 +167,11 @@ public class Cipher {
private static final Debug debug =
Debug.getInstance("jca", "Cipher");
private static final Debug pdebug =
Debug.getInstance("provider", "Provider");
private static final boolean skipDebug =
Debug.isOn("engine=") && !Debug.isOn("cipher");
/**
* Constant used to initialize cipher to encryption mode.
*/
@ -1110,6 +1115,21 @@ public class Cipher {
}
}
private static String getOpmodeString(int opmode) {
switch (opmode) {
case ENCRYPT_MODE:
return "encryption";
case DECRYPT_MODE:
return "decryption";
case WRAP_MODE:
return "key wrapping";
case UNWRAP_MODE:
return "key unwrapping";
default:
return "";
}
}
/**
* Initializes this cipher with a key.
*
@ -1235,6 +1255,12 @@ public class Cipher {
initialized = true;
this.opmode = opmode;
if (!skipDebug && pdebug != null) {
pdebug.println("Cipher." + transformation + " " +
getOpmodeString(opmode) + " algorithm from: " +
this.provider.getName());
}
}
/**
@ -1372,6 +1398,12 @@ public class Cipher {
initialized = true;
this.opmode = opmode;
if (!skipDebug && pdebug != null) {
pdebug.println("Cipher." + transformation + " " +
getOpmodeString(opmode) + " algorithm from: " +
this.provider.getName());
}
}
/**
@ -1509,6 +1541,12 @@ public class Cipher {
initialized = true;
this.opmode = opmode;
if (!skipDebug && pdebug != null) {
pdebug.println("Cipher." + transformation + " " +
getOpmodeString(opmode) + " algorithm from: " +
this.provider.getName());
}
}
/**
@ -1693,6 +1731,12 @@ public class Cipher {
initialized = true;
this.opmode = opmode;
if (!skipDebug && pdebug != null) {
pdebug.println("Cipher." + transformation + " " +
getOpmodeString(opmode) + " algorithm from: " +
this.provider.getName());
}
}
/**

17
jdk/src/java.base/share/classes/javax/crypto/KeyAgreement.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -78,6 +78,11 @@ public class KeyAgreement {
private static final Debug debug =
Debug.getInstance("jca", "KeyAgreement");
private static final Debug pdebug =
Debug.getInstance("provider", "Provider");
private static final boolean skipDebug =
Debug.isOn("engine=") && !Debug.isOn("keyagreement");
// The provider
private Provider provider;
@ -468,6 +473,11 @@ public class KeyAgreement {
throw new InvalidKeyException(e);
}
}
if (!skipDebug && pdebug != null) {
pdebug.println("KeyAgreement." + algorithm + " algorithm from: " +
this.provider.getName());
}
}
/**
@ -524,6 +534,11 @@ public class KeyAgreement {
} else {
chooseProvider(I_PARAMS, key, params, random);
}
if (!skipDebug && pdebug != null) {
pdebug.println("KeyAgreement." + algorithm + " algorithm from: " +
this.provider.getName());
}
}
/**

18
jdk/src/java.base/share/classes/javax/crypto/KeyGenerator.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -33,6 +33,7 @@ import java.security.spec.*;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
import sun.security.util.Debug;
/**
* This class provides the functionality of a secret (symmetric) key generator.
@ -108,6 +109,11 @@ import sun.security.jca.GetInstance.Instance;
public class KeyGenerator {
private static final Debug pdebug =
Debug.getInstance("provider", "Provider");
private static final boolean skipDebug =
Debug.isOn("engine=") && !Debug.isOn("keygenerator");
// see java.security.KeyPairGenerator for failover notes
private final static int I_NONE = 1;
@ -145,6 +151,11 @@ public class KeyGenerator {
this.spi = keyGenSpi;
this.provider = provider;
this.algorithm = algorithm;
if (!skipDebug && pdebug != null) {
pdebug.println("KeyGenerator." + algorithm + " algorithm from: " +
this.provider.getName());
}
}
private KeyGenerator(String algorithm) throws NoSuchAlgorithmException {
@ -158,6 +169,11 @@ public class KeyGenerator {
throw new NoSuchAlgorithmException
(algorithm + " KeyGenerator not available");
}
if (!skipDebug && pdebug != null) {
pdebug.println("KeyGenerator." + algorithm + " algorithm from: " +
this.provider.getName());
}
}
/**

17
jdk/src/java.base/share/classes/javax/crypto/Mac.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -77,6 +77,11 @@ public class Mac implements Cloneable {
private static final Debug debug =
Debug.getInstance("jca", "Mac");
private static final Debug pdebug =
Debug.getInstance("provider", "Provider");
private static final boolean skipDebug =
Debug.isOn("engine=") && !Debug.isOn("mac");
// The provider
private Provider provider;
@ -413,6 +418,11 @@ public class Mac implements Cloneable {
throw new InvalidKeyException("init() failed", e);
}
initialized = true;
if (!skipDebug && pdebug != null) {
pdebug.println("Mac." + algorithm + " algorithm from: " +
this.provider.getName());
}
}
/**
@ -435,6 +445,11 @@ public class Mac implements Cloneable {
chooseProvider(key, params);
}
initialized = true;
if (!skipDebug && pdebug != null) {
pdebug.println("Mac." + algorithm + " algorithm from: " +
this.provider.getName());
}
}
/**

12
jdk/src/java.base/share/classes/sun/security/util/Debug.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -104,7 +104,15 @@ public class Debug {
System.err.println("codebase=<URL>");
System.err.println(" only dump output if specified codebase");
System.err.println(" is being checked");
System.err.println();
System.err.println("The following can be used with provider:");
System.err.println();
System.err.println("engine=<engines>");
System.err.println(" only dump output for the specified list");
System.err.println(" of JCA engines. Supported values:");
System.err.println(" Cipher, KeyAgreement, KeyGenerator,");
System.err.println(" KeyPairGenerator, KeyStore, Mac,");
System.err.println(" MessageDigest, SecureRandom, Signature.");
System.err.println();
System.err.println("Note: Separate multiple options with a comma");
System.exit(0);