Add provider name and class name mapping for SunSASL in FIPS

taoliult · Jan 10, 2024 · 65ec1f2 · 65ec1f2
1 parent d89d744
commit 65ec1f2
Showing 1 changed file with 37 additions and 14 deletions.
diff --git a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java
@@ -687,13 +687,8 @@ private void initProviders() {
  // Provider with argument (provider name + optional argument).
  providers.add(pNum - 1, providerName);
 
- // Remove the provider's optional arguments if there are.
- pos = providerName.indexOf(' ');
- providerName = (pos < 0) ? providerName.trim() : providerName.substring(0, pos).trim();
- // Remove the provider's class package names if there are.
- pos = providerName.lastIndexOf('.');
- providerName = (pos < 0) ? providerName : providerName.substring(pos + 1, providerName.length());
- // Provider without arguments and package names.
+ // Provider name defined in provider construction method.
+ providerName = getProvidersSimpleName(providerName);
  providersSimpleName.add(pNum - 1, providerName);
  }
 
@@ -959,13 +954,7 @@ boolean isRestrictedProviderAllowed(String providerName) {
  debug.println("Checking the provider " + providerName + " in restricted security mode.");
  }
 
- // Remove argument, e.g. -NSS-FIPS, if there is.
- int pos = providerName.indexOf('-');
- providerName = (pos < 0) ? providerName : providerName.substring(0, pos);
-
- // Remove the provider class package name if there is.
- pos = providerName.lastIndexOf('.');
- providerName = (pos < 0) ? providerName : providerName.substring(pos + 1, providerName.length());
+ providerName = getProvidersSimpleName(providerName);
 
  // Check if the provider is in restricted security provider list.
  // If not, the provider won't be registered.
@@ -990,6 +979,40 @@ boolean isRestrictedProviderAllowed(String providerName) {
  return false;
  }
 
+ /**
+ * Get the provider name defined in provider construction method.
+ *
+ * @param providerName provider name or provider with packages or arguments
+ * @return provider name defined in provider construction method
+ */
+ private static String getProvidersSimpleName(String providerName) {
+ // Remove the provider's optional arguments if present.
+ int pos = providerName.indexOf(' ');
+ providerName = (pos < 0) ? providerName.trim() : providerName.substring(0, pos).trim();
+
+ // Remove argument, e.g. -NSS-FIPS, if present.
+ pos = providerName.indexOf('-');
+ providerName = (pos < 0) ? providerName : providerName.substring(0, pos);
+
+ if (providerName.equals("com.sun.net.ssl.internal.ssl.Provider")) {
+ // In JDK 8, the main class for the SunJSSE provider is
+ // com.sun.net.ssl.internal.ssl.Provider
+ return "SunJSSE";
+ } else if (providerName.equals("sun.security.provider.Sun")) {
+ // In JDK 8, the main class for the SUN provider is sun.security.provider.Sun
+ return "SUN";
+ } else if (providerName.equals("com.sun.security.sasl.Provider")) {
+ // The main class for the SunSASL provider is com.sun.security.sasl.Provider
+ return "SunSASL";
+ } else {
+ // Remove the provider's class package names if present.
+ pos = providerName.lastIndexOf('.');
+ providerName = (pos < 0) ? providerName : providerName.substring(pos + 1);
+ // Provider without arguments and package names.
+ return providerName;
+ }
+ }
+
  /**
  * List audit info of all available RestrictedSecurity profiles.
  */