Name: nt126004 Date: 03/12/2002


FULL PRODUCT VERSION :
java version "1.2.2"
Classic VM (build JDK-1.2.2_006, native threads, symcjit)

FULL OPERATING SYSTEM VERSION :
Windows NT Version 4.0

A DESCRIPTION OF THE PROBLEM :
When the Certicom provider is in the provider list in
java.security, Cipher.getInstance("DESede") returns a
Cipher object from Certicom instead of SunJCE, even though
SunJCE provides DESede for Cipher.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1.execute the test program as follow:
D:\work\learn>d:\jdk1.2.2\bin\java -Djava.compiler=NONE
-Dtrustpoint.preferred.security.providers=SUN,Trustpoint
-classpath d:\jce1.2.1\lib\jce1_2_1.jar;d:\jce1.2.1\lib\local_policy.jar;
d:\jce1.2.1\lib\US_export_policy.jar;d:\jce1.2.1\lib\sunjce_provider.jar;
d:\work\build\trustpoint\lib\TrustpointProviders.jar;
d:\workbuild\trustpoint\lib\ecc_all.jar;.;
d:\work\build\trustpointlib\TrustpointAll.jar jceCipherTest

EXPECTED VERSUS ACTUAL BEHAVIOR :
Expected Result:
==========================
java -Djava.compiler=NONE jceTest <provider> <cipherAlg>
<keyAlg>
default alg:DESede
sf provider:SunJCE
==========================
alg:DESede/CBC/NoPadding
Provider is NOT set
cipher from provider:SunJCE

Actual result:
==========================
java -Djava.compiler=NONE jceTest <provider> <cipherAlg>
<keyAlg>
default alg:DESede
sf provider:SunJCE
==========================
alg:DESede/CBC/NoPadding
Provider is NOT set
cipher from provider:Certicom

This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.security.Key;
import java.security.AlgorithmParameters;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.KeySpec;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;

public class jceCipherTest {
  private static String ALG = "DESede";
  private static String CIPHER_ALG = "DESede/CBC/NoPadding";
  private static String KEY_ALG = "DESede";

  static public void cipherTest(String alg, String provider, Key secretKey) {
    try {
      System.out.println("==========================");
      System.out.println("alg:" + alg);
      Cipher c;
      if (provider != null) {
        System.out.println("Provider:" + provider);
        c = Cipher.getInstance(alg, provider);
      } else {
        System.out.println("Provider is NOT set");
        c = Cipher.getInstance(alg);
      }
      System.out.println("cipher from provider:" + c.getProvider().getName());
    } catch (Exception e) {
      e.printStackTrace();
    }
  }

  static public Key getSecretKey(String alg, String provider) throws Exception {
    byte[] keyMaterial = new byte[24];
    SecureRandom sr = new SecureRandom();
    sr.setSeed("just a testing seed for the SecureRandom".getBytes());
    sr.nextBytes(keyMaterial);
    KeySpec ks;
    if (alg.equals("DESede")) {
      ks = new DESedeKeySpec(keyMaterial);
    } else {
      ks = new DESKeySpec(keyMaterial);
    }
    SecretKeyFactory sf;
    if (provider != null) {
      sf = SecretKeyFactory.getInstance(alg, provider);
    } else {
      sf = SecretKeyFactory.getInstance(alg);
    }
    System.out.println("sf provider:" + sf.getProvider().getName());
    return sf.generateSecret(ks);
  }

  static public void main(String[] args) {
    System.out.println("==========================");
    System.out.println("java -Djava.compiler=NONE jceTest <provider> <cipherAlg>
<keyAlg>");
    System.out.println("default alg:" + ALG);
    try {
      if (args.length == 0) {
        cipherTest(CIPHER_ALG, null, getSecretKey(KEY_ALG, null));
      } else if (args.length == 1) {
        cipherTest(CIPHER_ALG, args[0], getSecretKey(KEY_ALG, args[0]));
      } else if (args.length == 3) {
        cipherTest(args[1], args[0], getSecretKey(args[2], args[0]));
      }

    } catch (Exception e) {
      e.printStackTrace();
    }
  }
}

/************ java.security ***************/

#
# List of providers and their preference orders (see above):
#
#security.provider.1=com.trustpoint.security.provider.Trustpoint
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.crypto.provider.SunJCE
security.provider.3=com.certicom.ecc.jcae.Certicom
#security.provider.2=com.trustpoint.security.pkixprovider.TrustpointPKIXProvider
#security.provider.4=com.trustpoint.pkcs.pkcs11.jce.TrustpointCryptokiSlot

#
# Class to instantiate as the system Policy. This is the name of the class
# that will be used as the Policy object.
#
policy.provider=sun.security.provider.PolicyFile

# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy

# whether or not we expand properties in the policy file
# if this is set to false, properties (${...}) will not be expanded in policy
# files.
policy.expandProperties=true

# whether or not we allow an extra policy to be passed on the command line
# with -Djava.security.policy=somefile. Comment out this line to disable
# this feature.
policy.allowSystemProperty=true

# whether or not we look into the IdentityScope for trusted Identities
# when encountering a 1.1 signed JAR file. If the identity is found
# and is trusted, we grant it AllPermission.
policy.ignoreIdentityScope=false

#
# Default keystore type.
#
keystore.type=jks

#
# Class to instantiate as the system scope:
#
system.scope=sun.security.provider.IdentityDatabase

#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
package.access=sun.

#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageDefinition unless the
# corresponding RuntimePermission ("defineClassInPackage."+package) has
# been granted.
#
# by default, no packages are restricted for definition, and none of
# the class loaders supplied with the JDK call checkPackageDefinition.
#
#package.definition=

---------- END SOURCE ----------
(Review ID: 139542)
======================================================================