8056026: Debug security logging should print Provider used for each crypto operation

Reviewed-by: mullan

8056026: Debug security logging should print Provider used for each crypto operation
Reviewed-by: mullan
5bd8dd0e · vinnie · c08f212f · 5bd8dd0e · 5bd8dd0e · 5bd8dd0e
10 changed file
--- a/src/share/classes/java/security/KeyPairGenerator.java
+++ b/src/share/classes/java/security/KeyPairGenerator.java
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@ import java.security.Provider.Service;
 import sun.security.jca.*;
 import sun.security.jca.GetInstance.Instance;
+import sun.security.util.Debug;
 /**
 * The KeyPairGenerator class is used to generate pairs of
@@ -126,6 +127,11 @@ import sun.security.jca.GetInstance.Instance;
 public abstract class KeyPairGenerator extends KeyPairGeneratorSpi {
+    private static final Debug pdebug =
+                        Debug.getInstance("provider", "Provider");
+    private static final boolean skipDebug =
+        Debug.isOn("engine=") && !Debug.isOn("keypairgenerator");
    private final String algorithm;
    // The provider
@@ -167,6 +173,12 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi {
            kpg = new Delegate(spi, algorithm);
        }
        kpg.provider = instance.provider;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("KeyPairGenerator." + algorithm +
+                " algorithm from: " + kpg.provider.getName());
+        }
        return kpg;
    }
@@ -557,6 +569,11 @@ public abstract class KeyPairGenerator extends KeyPairGeneratorSpi {
            provider = instance.provider;
            this.serviceIterator = serviceIterator;
            initType = I_NONE;
+            if (!skipDebug && pdebug != null) {
+                pdebug.println("KeyPairGenerator." + algorithm +
+                    " algorithm from: " + provider.getName());
+            }
        }
        /**

--- a/src/share/classes/java/security/KeyStore.java
+++ b/src/share/classes/java/security/KeyStore.java
@@ -37,6 +37,8 @@ import javax.crypto.SecretKey;
 import javax.security.auth.DestroyFailedException;
 import javax.security.auth.callback.*;
+import sun.security.util.Debug;
 /**
 * This class represents a storage facility for cryptographic
 * keys and certificates.
@@ -177,6 +179,11 @@ import javax.security.auth.callback.*;
 public class KeyStore {
+    private static final Debug pdebug =
+                        Debug.getInstance("provider", "Provider");
+    private static final boolean skipDebug =
+        Debug.isOn("engine=") && !Debug.isOn("keystore");
    /*
     * Constant to lookup in the Security properties file to determine
     * the default keystore type.
@@ -801,6 +808,11 @@ public class KeyStore {
        this.keyStoreSpi = keyStoreSpi;
        this.provider = provider;
        this.type = type;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("KeyStore." + type.toUpperCase() + " type from: " +
+                this.provider.getName());
+        }
    }
    /**

--- a/src/share/classes/java/security/MessageDigest.java
+++ b/src/share/classes/java/security/MessageDigest.java
@@ -35,6 +35,8 @@ import java.io.ByteArrayInputStream;
 import java.nio.ByteBuffer;
+import sun.security.util.Debug;
 /**
 * This MessageDigest class provides applications the functionality of a
 * message digest algorithm, such as SHA-1 or SHA-256.
@@ -103,6 +105,11 @@ import java.nio.ByteBuffer;
 public abstract class MessageDigest extends MessageDigestSpi {
+    private static final Debug pdebug =
+                        Debug.getInstance("provider", "Provider");
+    private static final boolean skipDebug =
+        Debug.isOn("engine=") && !Debug.isOn("messagedigest");
    private String algorithm;
    // The state of this digest
@@ -156,18 +163,23 @@ public abstract class MessageDigest extends MessageDigestSpi {
    public static MessageDigest getInstance(String algorithm)
    throws NoSuchAlgorithmException {
        try {
+            MessageDigest md;
            Object[] objs = Security.getImpl(algorithm, "MessageDigest",
                                             (String)null);
            if (objs[0] instanceof MessageDigest) {
-                MessageDigest md = (MessageDigest)objs[0];
+                md = (MessageDigest)objs[0];
-                md.provider = (Provider)objs[1];
-                return md;
            } else {
-                MessageDigest delegate =
+                md = new Delegate((MessageDigestSpi)objs[0], algorithm);
-                    new Delegate((MessageDigestSpi)objs[0], algorithm);
+            }
-                delegate.provider = (Provider)objs[1];
+            md.provider = (Provider)objs[1];
-                return delegate;
+            if (!skipDebug && pdebug != null) {
+                pdebug.println("MessageDigest." + algorithm +
+                    " algorithm from: " + md.provider.getName());
            }
+            return md;
        } catch(NoSuchProviderException e) {
            throw new NoSuchAlgorithmException(algorithm + " not found");
        }

--- a/src/share/classes/java/security/SecureRandom.java
+++ b/src/share/classes/java/security/SecureRandom.java
@@ -32,6 +32,7 @@ import java.security.Provider.Service;
 import sun.security.jca.*;
 import sun.security.jca.GetInstance.Instance;
+import sun.security.util.Debug;
 /**
 * This class provides a cryptographically strong random number
@@ -92,6 +93,11 @@ import sun.security.jca.GetInstance.Instance;
 public class SecureRandom extends java.util.Random {
+    private static final Debug pdebug =
+                        Debug.getInstance("provider", "Provider");
+    private static final boolean skipDebug =
+        Debug.isOn("engine=") && !Debug.isOn("securerandom");
    /**
     * The provider.
     *
@@ -234,6 +240,11 @@ public class SecureRandom extends java.util.Random {
        this.secureRandomSpi = secureRandomSpi;
        this.provider = provider;
        this.algorithm = algorithm;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("SecureRandom." + algorithm +
+                " algorithm from: " + this.provider.getName());
+        }
    }
    /**

--- a/src/share/classes/java/security/Signature.java
+++ b/src/share/classes/java/security/Signature.java
 /*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -121,6 +121,11 @@ public abstract class Signature extends SignatureSpi {
    private static final Debug debug =
                        Debug.getInstance("jca", "Signature");
+    private static final Debug pdebug =
+                        Debug.getInstance("provider", "Provider");
+    private static final boolean skipDebug =
+        Debug.isOn("engine=") && !Debug.isOn("signature");
    /*
     * The algorithm for this signature object.
     * This value is used to map an OID to the particular algorithm.
@@ -451,6 +456,11 @@ public abstract class Signature extends SignatureSpi {
            throws InvalidKeyException {
        engineInitVerify(publicKey);
        state = VERIFY;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("Signature." + algorithm +
+                " verification algorithm from: " + this.provider.getName());
+        }
    }
    /**
@@ -495,6 +505,11 @@ public abstract class Signature extends SignatureSpi {
        PublicKey publicKey = certificate.getPublicKey();
        engineInitVerify(publicKey);
        state = VERIFY;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("Signature." + algorithm +
+                " verification algorithm from: " + this.provider.getName());
+        }
    }
    /**
@@ -511,6 +526,11 @@ public abstract class Signature extends SignatureSpi {
            throws InvalidKeyException {
        engineInitSign(privateKey);
        state = SIGN;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("Signature." + algorithm +
+                " signing algorithm from: " + this.provider.getName());
+        }
    }
    /**
@@ -529,6 +549,11 @@ public abstract class Signature extends SignatureSpi {
            throws InvalidKeyException {
        engineInitSign(privateKey, random);
        state = SIGN;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("Signature." + algorithm +
+                " signing algorithm from: " + this.provider.getName());
+        }
    }
    /**

--- a/src/share/classes/javax/crypto/Cipher.java
+++ b/src/share/classes/javax/crypto/Cipher.java
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -167,6 +167,11 @@ public class Cipher {
    private static final Debug debug =
                        Debug.getInstance("jca", "Cipher");
+    private static final Debug pdebug =
+                        Debug.getInstance("provider", "Provider");
+    private static final boolean skipDebug =
+        Debug.isOn("engine=") && !Debug.isOn("cipher");
    /**
     * Constant used to initialize cipher to encryption mode.
     */
@@ -1110,6 +1115,21 @@ public class Cipher {
        }
    }
+    private static String getOpmodeString(int opmode) {
+        switch (opmode) {
+            case ENCRYPT_MODE:
+                return "encryption";
+            case DECRYPT_MODE:
+                return "decryption";
+            case WRAP_MODE:
+                return "key wrapping";
+            case UNWRAP_MODE:
+                return "key unwrapping";
+            default:
+                return "";
+        }
+    }
    /**
     * Initializes this cipher with a key.
     *
@@ -1235,6 +1255,12 @@ public class Cipher {
        initialized = true;
        this.opmode = opmode;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("Cipher." + transformation + " " +
+                getOpmodeString(opmode) + " algorithm from: " +
+                this.provider.getName());
+        }
    }
    /**
@@ -1372,6 +1398,12 @@ public class Cipher {
        initialized = true;
        this.opmode = opmode;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("Cipher." + transformation + " " +
+                getOpmodeString(opmode) + " algorithm from: " +
+                this.provider.getName());
+        }
    }
    /**
@@ -1509,6 +1541,12 @@ public class Cipher {
        initialized = true;
        this.opmode = opmode;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("Cipher." + transformation + " " +
+                getOpmodeString(opmode) + " algorithm from: " +
+                this.provider.getName());
+        }
    }
    /**
@@ -1693,6 +1731,12 @@ public class Cipher {
        initialized = true;
        this.opmode = opmode;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("Cipher." + transformation + " " +
+                getOpmodeString(opmode) + " algorithm from: " +
+                this.provider.getName());
+        }
    }
    /**

--- a/src/share/classes/javax/crypto/KeyAgreement.java
+++ b/src/share/classes/javax/crypto/KeyAgreement.java
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -78,6 +78,11 @@ public class KeyAgreement {
    private static final Debug debug =
                        Debug.getInstance("jca", "KeyAgreement");
+    private static final Debug pdebug =
+                        Debug.getInstance("provider", "Provider");
+    private static final boolean skipDebug =
+        Debug.isOn("engine=") && !Debug.isOn("keyagreement");
    // The provider
    private Provider provider;
@@ -468,6 +473,11 @@ public class KeyAgreement {
                throw new InvalidKeyException(e);
            }
        }
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("KeyAgreement." + algorithm + " algorithm from: " +
+                this.provider.getName());
+        }
    }
    /**
@@ -524,6 +534,11 @@ public class KeyAgreement {
        } else {
            chooseProvider(I_PARAMS, key, params, random);
        }
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("KeyAgreement." + algorithm + " algorithm from: " +
+                this.provider.getName());
+        }
    }
    /**

--- a/src/share/classes/javax/crypto/KeyGenerator.java
+++ b/src/share/classes/javax/crypto/KeyGenerator.java
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -33,6 +33,7 @@ import java.security.spec.*;
 import sun.security.jca.*;
 import sun.security.jca.GetInstance.Instance;
+import sun.security.util.Debug;
 /**
 * This class provides the functionality of a secret (symmetric) key generator.
@@ -108,6 +109,11 @@ import sun.security.jca.GetInstance.Instance;
 public class KeyGenerator {
+    private static final Debug pdebug =
+                        Debug.getInstance("provider", "Provider");
+    private static final boolean skipDebug =
+        Debug.isOn("engine=") && !Debug.isOn("keygenerator");
    // see java.security.KeyPairGenerator for failover notes
    private final static int I_NONE   = 1;
@@ -145,6 +151,11 @@ public class KeyGenerator {
        this.spi = keyGenSpi;
        this.provider = provider;
        this.algorithm = algorithm;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("KeyGenerator." + algorithm + " algorithm from: " +
+                this.provider.getName());
+        }
    }
    private KeyGenerator(String algorithm) throws NoSuchAlgorithmException {
@@ -158,6 +169,11 @@ public class KeyGenerator {
            throw new NoSuchAlgorithmException
                (algorithm + " KeyGenerator not available");
        }
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("KeyGenerator." + algorithm + " algorithm from: " +
+                this.provider.getName());
+        }
    }
    /**

--- a/src/share/classes/javax/crypto/Mac.java
+++ b/src/share/classes/javax/crypto/Mac.java
 /*
- * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -77,6 +77,11 @@ public class Mac implements Cloneable {
    private static final Debug debug =
                        Debug.getInstance("jca", "Mac");
+    private static final Debug pdebug =
+                        Debug.getInstance("provider", "Provider");
+    private static final boolean skipDebug =
+        Debug.isOn("engine=") && !Debug.isOn("mac");
    // The provider
    private Provider provider;
@@ -413,6 +418,11 @@ public class Mac implements Cloneable {
            throw new InvalidKeyException("init() failed", e);
        }
        initialized = true;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("Mac." + algorithm + " algorithm from: " +
+                this.provider.getName());
+        }
    }
    /**
@@ -435,6 +445,11 @@ public class Mac implements Cloneable {
            chooseProvider(key, params);
        }
        initialized = true;
+        if (!skipDebug && pdebug != null) {
+            pdebug.println("Mac." + algorithm + " algorithm from: " +
+                this.provider.getName());
+        }
    }
    /**

--- a/src/share/classes/sun/security/util/Debug.java
+++ b/src/share/classes/sun/security/util/Debug.java
 /*
- * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -104,7 +104,15 @@ public class Debug {
        System.err.println("codebase=<URL>");
        System.err.println("              only dump output if specified codebase");
        System.err.println("              is being checked");
+        System.err.println();
+        System.err.println("The following can be used with provider:");
+        System.err.println();
+        System.err.println("engine=<engines>");
+        System.err.println("              only dump output for the specified list");
+        System.err.println("              of JCA engines. Supported values:");
+        System.err.println("              Cipher, KeyAgreement, KeyGenerator,");
+        System.err.println("              KeyPairGenerator, KeyStore, Mac,");
+        System.err.println("              MessageDigest, SecureRandom, Signature.");
        System.err.println();
        System.err.println("Note: Separate multiple options with a comma");
        System.exit(0);