Skip to content

Commit

Permalink
Add provider name and class name mapping for SunSASL in FIPS
Browse files Browse the repository at this point in the history
  • Loading branch information
taoliult committed Dec 7, 2023
1 parent d6f3819 commit 0aa791e
Showing 1 changed file with 37 additions and 14 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -685,13 +685,8 @@ private void initProviders() {
// Provider with argument (provider name + optional argument).
providers.add(pNum - 1, providerName);

// Remove the provider's optional arguments if there are.
pos = providerName.indexOf(' ');
providerName = (pos < 0) ? providerName.trim() : providerName.substring(0, pos).trim();
// Remove the provider's class package names if there are.
pos = providerName.lastIndexOf('.');
providerName = (pos < 0) ? providerName : providerName.substring(pos + 1, providerName.length());
// Provider without arguments and package names.
// Provider name defined in provider construction method.
providerName = getProvidersSimpleName(providerName);
providersSimpleName.add(pNum - 1, providerName);
}

Expand Down Expand Up @@ -957,13 +952,7 @@ boolean isRestrictedProviderAllowed(String providerName) {
debug.println("Checking the provider " + providerName + " in restricted security mode.");
}

// Remove argument, e.g. -NSS-FIPS, if there is.
int pos = providerName.indexOf('-');
providerName = (pos < 0) ? providerName : providerName.substring(0, pos);

// Remove the provider class package name if there is.
pos = providerName.lastIndexOf('.');
providerName = (pos < 0) ? providerName : providerName.substring(pos + 1, providerName.length());
providerName = getProvidersSimpleName(providerName);

// Check if the provider is in restricted security provider list.
// If not, the provider won't be registered.
Expand All @@ -988,6 +977,40 @@ boolean isRestrictedProviderAllowed(String providerName) {
return false;
}

/**
* Get the provider name defined in provider construction method.
*
* @param providerName provider name or provider with packages or arguments
* @return provider name defined in provider construction method
*/
private static String getProvidersSimpleName(String providerName) {
// Remove the provider's optional arguments if present.
int pos = providerName.indexOf(' ');
providerName = (pos < 0) ? providerName.trim() : providerName.substring(0, pos).trim();

// Remove argument, e.g. -NSS-FIPS, if present.
pos = providerName.indexOf('-');
providerName = (pos < 0) ? providerName : providerName.substring(0, pos);

if (providerName.equals("com.sun.net.ssl.internal.ssl.Provider")) {
// In JDK 8, the main class for the SunJSSE provider is
// com.sun.net.ssl.internal.ssl.Provider
return "SunJSSE";
} else if (providerName.equals("sun.security.provider.Sun")) {
// In JDK 8, the main class for the SUN provider is sun.security.provider.Sun
return "SUN";
} else if (providerName.equals("com.sun.security.sasl.Provider")) {
// The main class for the SunSASL provider is com.sun.security.sasl.Provider
return "SunSASL";
} else {
// Remove the provider's class package names if present.
pos = providerName.lastIndexOf('.');
providerName = (pos < 0) ? providerName : providerName.substring(pos + 1);
// Provider without arguments and package names.
return providerName;
}
}

/**
* List audit info of all available RestrictedSecurity profiles.
*/
Expand Down

0 comments on commit 0aa791e

Please sign in to comment.