8220016: Clean up redundant RSA services in the SunJSSE provider

Removed duplicated RSA signature/KF/KPG support in SunJSSE

Reviewed-by: xuelei

src/java.base/share/classes/sun/security/ssl/SunJSSE.java

@@ -27,18 +27,12 @@ package sun.security.ssl;
 
 import java.security.*;
 import java.util.*;
-import sun.security.rsa.SunRsaSignEntries;
 import static sun.security.util.SecurityConstants.PROVIDER_VER;
 import static sun.security.provider.SunEntries.createAliases;
 
 /**
  * The JSSE provider.
  *
- * The RSA implementation has been removed from JSSE, but we still need to
- * register the same algorithms for compatibility. We just point to the RSA
- * implementation in the SunRsaSign provider. This works because all classes
- * are in the bootclasspath and therefore loaded by the same classloader.
- *
  * SunJSSE now supports an experimental FIPS compliant mode when used with an
  * appropriate FIPS certified crypto provider. In FIPS mode, we:
  *  . allow only TLS 1.0 or later
@@ -84,12 +78,6 @@ public class SunJSSE extends java.security.Provider {
     }
 
     private void doRegister() {
-        Iterator<Provider.Service> rsaIter =
-            new SunRsaSignEntries(this).iterator();
-        while (rsaIter.hasNext()) {
-            putService(rsaIter.next());
-        }
-
         ps("Signature", "MD5andSHA1withRSA",
             "sun.security.ssl.RSASignature", null, null);
 

test/jdk/java/security/Signature/Offsets.java

@@ -123,8 +123,13 @@ public class Offsets {
             throw new RuntimeException("Test doesn't support this signature "
                     + "algorithm: " + algorithm);
         }
-
+        KeyPairGenerator kpg = null;
-        KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyAlgo, provider);
+        // first try matching provider, fallback to most preferred if none available
+        try {
+            kpg = KeyPairGenerator.getInstance(keyAlgo, provider);
+        } catch (NoSuchAlgorithmException nsae) {
+            kpg = KeyPairGenerator.getInstance(keyAlgo);
+        }
         kpg.initialize(keySize);
         KeyPair kp = kpg.generateKeyPair();
         PublicKey pubkey = kp.getPublic();

test/jdk/java/security/SignedObject/Chain.java

@@ -1,5 +1,5 @@
 /**
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,13 +21,7 @@
  * questions.
  */
 
-import java.security.Signature;
+import java.security.*;
-import java.security.SignedObject;
-import java.security.KeyPairGenerator;
-import java.security.KeyPair;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
 import java.security.spec.*;
 import java.util.*;
 import jdk.test.lib.SigTestUtil;
@@ -197,8 +191,15 @@ public class Chain {
             if (test.provider != Provider.Default) {
                 signature = Signature.getInstance(test.sigAlg.name,
                         test.provider.name);
+                // try using the same provider first, if not, fallback
+                // to the first available impl
+                try {
                     kpg = KeyPairGenerator.getInstance(
                         test.keyAlg.name, test.provider.name);
+                } catch (NoSuchAlgorithmException nsae) {
+                    kpg = KeyPairGenerator.getInstance(
+                        test.keyAlg.name);
+                }
             } else {
                 signature = Signature.getInstance(test.sigAlg.name);
                 kpg = KeyPairGenerator.getInstance(test.keyAlg.name);

test/jdk/sun/security/pkcs11/KeyStore/Basic.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -111,7 +111,7 @@ public class Basic extends PKCS11Test {
         this.provider = p;
 
         // get private keys
-        KeyFactory kf = KeyFactory.getInstance("RSA", "SunJSSE");
+        KeyFactory kf = KeyFactory.getInstance("RSA");
         KeyFactory dsaKf = KeyFactory.getInstance("DSA", "SUN");
 
         ObjectInputStream ois1 = new ObjectInputStream

test/jdk/sun/security/rsa/BrokenRSAPrivateCrtKey.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2002, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,11 +23,11 @@
 
 /*
  * @test
- * @bug 4503229
+ * @bug 4503229 8220016
  * @summary default RSA KeyFactory can return broken RSAPrivateCrtKey objects
  *      This test was taken directly from the bug report, which
  *      was fixed in the crippled JSAFE provider, and needed
- *      to be brought forward into JSSE.
+ *      to be brought forward into SunRsaSign (was JSSE).
  * @author Brad Wetmore
  */
 
@@ -39,7 +39,7 @@ import java.math.BigInteger;
 public class BrokenRSAPrivateCrtKey {
     public static void main(String[] args) throws Exception {
         KeyPairGenerator generator =
-                KeyPairGenerator.getInstance("RSA", "SunJSSE");
+                KeyPairGenerator.getInstance("RSA", "SunRsaSign");
         generator.initialize(512);
 
         KeyPair pair = generator.generateKeyPair();
@@ -55,7 +55,7 @@ public class BrokenRSAPrivateCrtKey {
                 privatekey.getPrimeExponentQ(),
                 privatekey.getCrtCoefficient());
 
-        KeyFactory factory = KeyFactory.getInstance("RSA", "SunJSSE");
+        KeyFactory factory = KeyFactory.getInstance("RSA", "SunRsaSign");
 
         PrivateKey privatekey2 = factory.generatePrivate(spec);
 

test/jdk/sun/security/ssl/rsa/CheckProviderEntries.java

@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.*;
+import java.util.Iterator;
+import java.security.Provider.Service;
+
+/*
+ * @test
+ * @bug 8220016
+ * @summary This test checks the RSA-related services in SunJSSE provider
+ */
+public class CheckProviderEntries {
+
+    private static boolean testResult = true;
+
+    private static void error(String msg) {
+        testResult = false;
+        System.out.println(msg);
+    }
+    public static void main(String[] args) throws NoSuchAlgorithmException,
+            InvalidKeyException, SignatureException {
+        Provider p = Security.getProvider("SunJSSE");
+        Iterator<Provider.Service> iter = p.getServices().iterator();
+        while (iter.hasNext()) {
+            Service s = iter.next();
+            String type = s.getType();
+            String algo = s.getAlgorithm();
+            System.out.println("Type: " + type + " " + algo);
+            try {
+                if (algo.indexOf("RSA") != -1) {
+                    // only MD5andSHA1withRSA signature support
+                    // error out on any other RSA support
+                    if (type.equals("Signature") &&
+                        algo.equals("MD5andSHA1withRSA")) {
+                        s.newInstance(null);
+                        continue;
+                    }
+                    error("Error: unexpected RSA services");
+                }
+            } catch (NoSuchAlgorithmException | InvalidParameterException e) {
+                error("Error: cannot create obj " + e);
+            }
+        }
+        if (testResult) {
+            System.out.println("Test Passed");
+        } else {
+            throw new RuntimeException("One or more tests failed");
+        }
+    }
+}

test/jdk/sun/security/ssl/rsa/SignatureOffsets.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,7 +27,7 @@ import java.security.SignatureException;
 
 /*
  * @test
- * @bug 8050374
+ * @bug 8050374 8220016
  * @key randomness
  * @summary This test validates signature verification
  *          Signature.verify(byte[], int, int). The test uses RandomFactory to
@@ -37,9 +37,6 @@ import java.security.SignatureException;
  * @library /test/lib
  * @build jdk.test.lib.RandomFactory
  * @compile ../../../../java/security/Signature/Offsets.java
- * @run main SignatureOffsets SunJSSE MD2withRSA
- * @run main SignatureOffsets SunJSSE MD5withRSA
- * @run main SignatureOffsets SunJSSE SHA1withRSA
  * @run main SignatureOffsets SunJSSE    MD5andSHA1withRSA
  */
 public class SignatureOffsets {

test/jdk/sun/security/ssl/rsa/SignedObjectChain.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@
  * @compile ../../../../java/security/SignedObject/Chain.java
  * @run main SignedObjectChain
  */
+
 public class SignedObjectChain {
 
     private static class Test extends Chain.Test {
@@ -40,9 +41,6 @@ public class SignedObjectChain {
     }
 
     private static final Test[] tests = {
-        new Test(Chain.SigAlg.MD2withRSA),
-        new Test(Chain.SigAlg.MD5withRSA),
-        new Test(Chain.SigAlg.SHA1withRSA),
         new Test(Chain.SigAlg.MD5andSHA1withRSA),
     };