Skip to content

Commit

Permalink
Add provider SunSASL in FIPS mode
Browse files Browse the repository at this point in the history
  • Loading branch information
taoliult committed Oct 4, 2023
1 parent b404781 commit 522822d
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 29 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -585,13 +585,8 @@ private void initProviders() {
// Provider with argument (provider name + optional argument).
providers.add(pNum - 1, providerName);

// Remove the provider's optional arguments if there are.
pos = providerName.indexOf(' ');
providerName = (pos < 0) ? providerName.trim() : providerName.substring(0, pos).trim();
// Remove the provider's class package names if there are.
pos = providerName.lastIndexOf('.');
providerName = (pos < 0) ? providerName : providerName.substring(pos + 1, providerName.length());
// Provider without arguments and package names.
// Provider name defined in provider construction method.
providerName = getProvidersSimpleName(providerName);
providersSimpleName.add(pNum - 1, providerName);

if (debug != null) {
Expand Down Expand Up @@ -849,13 +844,7 @@ boolean isRestrictedProviderAllowed(String providerName) {
debug.println("Checking the provider " + providerName + " in restricted security mode.");
}

// Remove argument, e.g. -NSS-FIPS, if there is.
int pos = providerName.indexOf('-');
providerName = (pos < 0) ? providerName : providerName.substring(0, pos);

// Remove the provider class package name if there is.
pos = providerName.lastIndexOf('.');
providerName = (pos < 0) ? providerName : providerName.substring(pos + 1, providerName.length());
providerName = getProvidersSimpleName(providerName);

// Check if the provider is in restricted security provider list.
// If not, the provider won't be registered.
Expand All @@ -880,6 +869,40 @@ boolean isRestrictedProviderAllowed(String providerName) {
return false;
}

/**
* Get the provider name defined in provider construction method.
*
* @param providerName provider name or provider with packages or arguments
* @return provider name defined in provider construction method
*/
private static String getProvidersSimpleName(String providerName) {
// Remove the provider's optional arguments if present.
int pos = providerName.indexOf(' ');
providerName = (pos < 0) ? providerName.trim() : providerName.substring(0, pos).trim();

// Remove argument, e.g. -NSS-FIPS, if present.
pos = providerName.indexOf('-');
providerName = (pos < 0) ? providerName : providerName.substring(0, pos);

if (providerName.equals("com.sun.net.ssl.internal.ssl.Provider")) {
// In JDK 8, the main class for the SunJSSE provider is
// com.sun.net.ssl.internal.ssl.Provider
return "SunJSSE";
} else if (providerName.equals("sun.security.provider.Sun")) {
// In JDK 8, the main class for the SUN provider is sun.security.provider.Sun
return "SUN";
} else if (providerName.equals("com.sun.security.sasl.Provider")) {
// The main class for the SunSASL provider is com.sun.security.sasl.Provider
return "SunSASL";
} else {
// Remove the provider's class package names if present.
pos = providerName.lastIndexOf('.');
providerName = (pos < 0) ? providerName : providerName.substring(pos + 1);
// Provider without arguments and package names.
return providerName;
}
}

/**
* List audit info if userSecurityAudit is true, default as false.
*/
Expand Down
1 change: 1 addition & 0 deletions src/java.base/share/conf/security/java.security
Original file line number Diff line number Diff line change
Expand Up @@ -146,6 +146,7 @@ RestrictedSecurity1.jce.provider.3 = SunEC [{KeyFactory, EC, ImplementedIn=Softw
SupportedKeyClasses=java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey: \
KeySize=256}, {AlgorithmParameters, EC, *}]
RestrictedSecurity1.jce.provider.4 = SunJSSE
RestrictedSecurity1.jce.provider.5 = SunSASL

RestrictedSecurity1.keystore.type = PKCS11
RestrictedSecurity1.javax.net.ssl.keyStore = NONE
Expand Down
30 changes: 15 additions & 15 deletions test/jdk/ProblemList-fips.txt
Original file line number Diff line number Diff line change
Expand Up @@ -571,21 +571,21 @@ com/sun/org/apache/xml/internal/security/ShortECDSA.java https://github.com/ibmr

# Module java.security.sasl related. Unable to find client impl for CRAM-MD5 or DIGEST-MD5.

com/sun/security/sasl/ntlm/NTLMTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
com/sun/security/sasl/ntlm/Conformance.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
com/sun/security/sasl/digest/Unbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
com/sun/security/sasl/digest/PrivacyRc4.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
com/sun/security/sasl/digest/Privacy.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
com/sun/security/sasl/digest/NoQuoteParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
com/sun/security/sasl/digest/Integrity.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
com/sun/security/sasl/digest/CheckNegotiatedQOPs.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
com/sun/security/sasl/digest/AuthRealms.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
com/sun/security/sasl/digest/AuthRealmChoices.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
com/sun/security/sasl/digest/AuthOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
com/sun/security/sasl/digest/AuthNoUtf8.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
com/sun/security/sasl/Cram.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
javax/security/sasl/Sasl/DisabledMechanisms.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
javax/security/sasl/Sasl/ClientServerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/ntlm/NTLMTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/ntlm/Conformance.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/digest/Unbound.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/digest/PrivacyRc4.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/digest/Privacy.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/digest/NoQuoteParams.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/digest/Integrity.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/digest/CheckNegotiatedQOPs.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/digest/AuthRealms.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/digest/AuthRealmChoices.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/digest/AuthOnly.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/digest/AuthNoUtf8.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#com/sun/security/sasl/Cram.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#javax/security/sasl/Sasl/DisabledMechanisms.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64
#javax/security/sasl/Sasl/ClientServerTest.java https://github.com/ibmruntimes/openj9-openjdk-jdk11/issues/547 linux-x64

# NoSuchAlgorithmException: JKS KeyStore not available or KeyStore file related.

Expand Down

0 comments on commit 522822d

Please sign in to comment.