Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/pkcs/pkcs7/SignerOrder.java
38854 views
/*1* Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 804835726* @summary test PKCS7 data signing, encoding and verification27* @run main SignerOrder28*/29import java.io.ByteArrayOutputStream;30import java.io.IOException;31import java.math.BigInteger;32import java.security.KeyPair;33import java.security.KeyPairGenerator;34import java.security.PrivateKey;35import java.security.Signature;36import java.security.SignatureException;37import java.security.cert.X509Certificate;38import java.util.Date;39import sun.misc.HexDumpEncoder;40import sun.security.pkcs.ContentInfo;41import sun.security.pkcs.PKCS7;42import sun.security.pkcs.SignerInfo;43import sun.security.util.DerOutputStream;44import sun.security.x509.AlgorithmId;45import sun.security.x509.CertificateAlgorithmId;46import sun.security.x509.CertificateSerialNumber;47import sun.security.x509.CertificateValidity;48import sun.security.x509.CertificateVersion;49import sun.security.x509.CertificateX509Key;50import sun.security.x509.X500Name;51import sun.security.x509.X509CertImpl;52import sun.security.x509.X509CertInfo;53import sun.security.x509.X509Key;5455public class SignerOrder {5657static final HexDumpEncoder hexDump = new HexDumpEncoder();5859//signer infos60static final byte[] data1 = "12345".getBytes();61static final byte[] data2 = "abcde".getBytes();6263public static void main(String[] argv) throws Exception {6465SignerInfo[] signerInfos = new SignerInfo[9];66SimpleSigner signer1 = new SimpleSigner(null, null, null, null);67signerInfos[8] = signer1.genSignerInfo(data1);68signerInfos[7] = signer1.genSignerInfo(new byte[]{});69signerInfos[6] = signer1.genSignerInfo(data2);7071SimpleSigner signer2 = new SimpleSigner(null, null, null, null);72signerInfos[5] = signer2.genSignerInfo(data1);73signerInfos[4] = signer2.genSignerInfo(new byte[]{});74signerInfos[3] = signer2.genSignerInfo(data2);7576SimpleSigner signer3 = new SimpleSigner(null, null, null, null);77signerInfos[2] = signer3.genSignerInfo(data1);78signerInfos[1] = signer3.genSignerInfo(new byte[]{});79signerInfos[0] = signer3.genSignerInfo(data2);8081ContentInfo contentInfo = new ContentInfo(data1);8283AlgorithmId[] algIds = {new AlgorithmId(AlgorithmId.SHA256_oid)};8485X509Certificate[] certs = {signer3.getCert(), signer2.getCert(),86signer1.getCert()};8788PKCS7 pkcs71 = new PKCS7(algIds, contentInfo,89certs,90signerInfos);9192System.out.println("SignerInfos in original.");93printSignerInfos(pkcs71.getSignerInfos());9495DerOutputStream out = new DerOutputStream();96pkcs71.encodeSignedData(out);9798PKCS7 pkcs72 = new PKCS7(out.toByteArray());99System.out.println("\nSignerInfos read back in:");100printSignerInfos(pkcs72.getSignerInfos());101102System.out.println("Verified signers of original:");103SignerInfo[] verifs1 = pkcs71.verify();104105System.out.println("Verified signers of after read-in:");106SignerInfo[] verifs2 = pkcs72.verify();107108if (verifs1.length != verifs2.length) {109throw new RuntimeException("Length or Original vs read-in "110+ "should be same");111}112}113114static void printSignerInfos(SignerInfo signerInfo) throws IOException {115ByteArrayOutputStream strm = new ByteArrayOutputStream();116signerInfo.derEncode(strm);117System.out.println("SignerInfo, length: "118+ strm.toByteArray().length);119System.out.println(hexDump.encode(strm.toByteArray()));120System.out.println("\n");121strm.reset();122}123124static void printSignerInfos(SignerInfo[] signerInfos) throws IOException {125ByteArrayOutputStream strm = new ByteArrayOutputStream();126for (int i = 0; i < signerInfos.length; i++) {127signerInfos[i].derEncode(strm);128System.out.println("SignerInfo[" + i + "], length: "129+ strm.toByteArray().length);130System.out.println(hexDump.encode(strm.toByteArray()));131System.out.println("\n");132strm.reset();133}134}135136}137138/**139* A simple extension of sun.security.x509.X500Signer that adds a no-fuss140* signing algorithm.141*/142class SimpleSigner {143144private final Signature sig;145private final X500Name agent;146private final AlgorithmId digestAlgId;147private final AlgorithmId encryptionAlgId;148private final AlgorithmId algId; // signature algid;149//combines digest + encryption150private final X509Key publicKey;151private final PrivateKey privateKey;152private final X509Certificate cert;153154public SimpleSigner(String digestAlg,155String encryptionAlg,156KeyPair keyPair,157X500Name agent) throws Exception {158159if (agent == null) {160agent = new X500Name("cn=test");161}162if (digestAlg == null) {163digestAlg = "SHA";164}165if (encryptionAlg == null) {166encryptionAlg = "DSA";167}168if (keyPair == null) {169KeyPairGenerator keyGen =170KeyPairGenerator.getInstance(encryptionAlg);171keyGen.initialize(1024);172keyPair = keyGen.generateKeyPair();173}174publicKey = (X509Key) keyPair.getPublic();175privateKey = keyPair.getPrivate();176177if ("DSA".equals(encryptionAlg)) {178this.sig = Signature.getInstance(encryptionAlg);179} else { // RSA180this.sig = Signature.getInstance(digestAlg + "/" + encryptionAlg);181}182this.sig.initSign(privateKey);183184this.agent = agent;185this.digestAlgId = AlgorithmId.get(digestAlg);186this.encryptionAlgId = AlgorithmId.get(encryptionAlg);187this.algId = AlgorithmId.get(this.sig.getAlgorithm());188189this.cert = getSelfCert();190}191192/**193* Take the data and sign it.194*195* @param buf buffer holding the next chunk of the data to be signed196* @param offset starting point of to-be-signed data197* @param len how many bytes of data are to be signed198* @return the signature for the input data.199* @exception SignatureException on errors.200*/201public byte[] simpleSign(byte[] buf, int offset, int len)202throws SignatureException {203sig.update(buf, offset, len);204return sig.sign();205}206207/**208* Returns the digest algorithm used to sign.209*/210public AlgorithmId getDigestAlgId() {211return digestAlgId;212}213214/**215* Returns the encryption algorithm used to sign.216*/217public AlgorithmId getEncryptionAlgId() {218return encryptionAlgId;219}220221/**222* Returns the name of the signing agent.223*/224public X500Name getSigner() {225return agent;226}227228public X509Certificate getCert() {229return cert;230}231232private X509Certificate getSelfCert() throws Exception {233long validity = 1000;234X509CertImpl certLocal;235Date firstDate, lastDate;236237firstDate = new Date();238lastDate = new Date();239lastDate.setTime(lastDate.getTime() + validity + 1000);240241CertificateValidity interval = new CertificateValidity(firstDate,242lastDate);243244X509CertInfo info = new X509CertInfo();245// Add all mandatory attributes246info.set(X509CertInfo.VERSION,247new CertificateVersion(CertificateVersion.V1));248info.set(X509CertInfo.SERIAL_NUMBER,249new CertificateSerialNumber(250(int) (firstDate.getTime() / 1000)));251info.set(X509CertInfo.ALGORITHM_ID,252new CertificateAlgorithmId(algId));253info.set(X509CertInfo.SUBJECT, agent);254info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));255info.set(X509CertInfo.VALIDITY, interval);256info.set(X509CertInfo.ISSUER, agent);257258certLocal = new X509CertImpl(info);259certLocal.sign(privateKey, algId.getName());260261return certLocal;262}263264public SignerInfo genSignerInfo(byte[] data) throws SignatureException {265return new SignerInfo((X500Name) cert.getIssuerDN(),266new BigInteger("" + cert.getSerialNumber()),267getDigestAlgId(), algId,268simpleSign(data, 0, data.length));269}270}271272273