Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/pkcs11/Secmod/AddPrivateKey.java
38855 views
/*1* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/**24* @test25* @bug 641498026* @summary Test that the PKCS#11 KeyStore handles RSA, DSA, and EC keys27* @author Andreas Sterbenz28* @library ..29* @run main/othervm AddPrivateKey30* @run main/othervm AddPrivateKey sm policy31* @key randomness32*/3334import java.io.File;35import java.io.FileInputStream;36import java.io.InputStream;37import java.security.KeyFactory;38import java.security.KeyStore;39import java.security.KeyStore.PasswordProtection;40import java.security.KeyStore.PrivateKeyEntry;41import java.security.KeyStoreException;42import java.security.PrivateKey;43import java.security.Provider;44import java.security.PublicKey;45import java.security.Security;46import java.security.Signature;47import java.security.cert.X509Certificate;48import java.util.Arrays;49import java.util.Collections;50import java.util.List;5152// this test is currently only run for the NSS KeyStore provider, but it53// is really a generic KeyStore test so it should be modified to run for54// all providers.55public class AddPrivateKey extends SecmodTest {5657private static final String ALIAS1 = "entry1";58private static final String ALIAS2 = "entry2";59private static final String ALIAS3 = "entry3";60private static final int MAX_LINE = 85;61private static final int DATA_LENGTH = 4096;62private static final byte[] DATA = generateData(DATA_LENGTH);6364public static void main(String[] args) throws Exception {65if (initSecmod() == false) {66return;67}6869String configName = BASE + SEP + "nss.cfg";70Provider p = getSunPKCS11(configName);7172boolean supportsEC = (p.getService("KeyFactory", "EC") != null);7374System.out.println(p);75System.out.println();76Security.addProvider(p);7778if (args.length > 1 && "sm".equals(args[0])) {79System.setProperty("java.security.policy",80BASE + File.separator + args[1]);81System.setSecurityManager(new SecurityManager());82}8384KeyStore ks = KeyStore.getInstance(PKCS11, p);85ks.load(null, password);86for (String alias : aliases(ks)) {87System.out.println("Deleting: " + alias);88ks.deleteEntry(alias);89}9091KeyStore jks = KeyStore.getInstance("JKS");92try (InputStream in = new FileInputStream(BASE + SEP + "keystore.jks")) {93char[] jkspass = "passphrase".toCharArray();94jks.load(in, jkspass);95for (String alias : Collections.list(jks.aliases())) {96if (jks.entryInstanceOf(alias, PrivateKeyEntry.class)) {97PrivateKeyEntry entry = (PrivateKeyEntry)jks.getEntry(alias,98new PasswordProtection(jkspass));99String algorithm = entry.getPrivateKey().getAlgorithm();100System.out.printf("-Entry %s (%s)%n", alias, algorithm);101if ((supportsEC == false) && algorithm.equals("EC")) {102System.out.println("EC not supported by provider, "103+ "skipping");104continue;105}106if ((supportsEC == false) && algorithm.equals("DSA")) {107System.out.println("Provider does not appear to have "108+ "CKA_NETSCAPE_DB fix, skipping");109continue;110}111test(p, entry);112} // else ignore113}114}115System.out.println("OK");116}117118private static List<String> aliases(KeyStore ks) throws KeyStoreException {119return Collections.list(ks.aliases());120}121122private static void test(Provider p, PrivateKeyEntry entry) throws Exception {123PrivateKey key = entry.getPrivateKey();124X509Certificate[] chain = (X509Certificate[])entry.getCertificateChain();125PublicKey publicKey = chain[0].getPublicKey();126System.out.println(toString(key));127sign(p, key, publicKey);128129KeyStore ks = KeyStore.getInstance("PKCS11", p);130ks.load(null, null);131if (ks.size() != 0) {132throw new Exception("KeyStore not empty");133}134List<String> aliases;135136// test 1: add entry137ks.setKeyEntry(ALIAS1, key, null, chain);138aliases = aliases(ks);139if (aliases.size() != 1) {140throw new Exception("size not 1: " + aliases);141}142if (aliases.get(0).equals(ALIAS1) == false) {143throw new Exception("alias mismatch: " + aliases);144}145146PrivateKey key2 = (PrivateKey)ks.getKey(ALIAS1, null);147System.out.println(toString(key2));148X509Certificate[] chain2 =149(X509Certificate[]) ks.getCertificateChain(ALIAS1);150if (Arrays.equals(chain, chain2) == false) {151throw new Exception("chain mismatch");152}153sign(p, key2, publicKey);154155ks.deleteEntry(ALIAS1);156if (ks.size() != 0) {157throw new Exception("KeyStore not empty");158}159160// test 2: translate to session object, then add entry161KeyFactory kf = KeyFactory.getInstance(key.getAlgorithm(), p);162PrivateKey key3 = (PrivateKey)kf.translateKey(key);163System.out.println(toString(key3));164sign(p, key3, publicKey);165166ks.setKeyEntry(ALIAS2, key3, null, chain);167aliases = aliases(ks);168if (aliases.size() != 1) {169throw new Exception("size not 1");170}171if (aliases.get(0).equals(ALIAS2) == false) {172throw new Exception("alias mismatch: " + aliases);173}174175PrivateKey key4 = (PrivateKey)ks.getKey(ALIAS2, null);176System.out.println(toString(key4));177X509Certificate[] chain4 = (X509Certificate[])178ks.getCertificateChain(ALIAS2);179if (Arrays.equals(chain, chain4) == false) {180throw new Exception("chain mismatch");181}182sign(p, key4, publicKey);183184// test 3: change alias185ks.setKeyEntry(ALIAS3, key3, null, chain);186aliases = aliases(ks);187if (aliases.size() != 1) {188throw new Exception("size not 1");189}190if (aliases.get(0).equals(ALIAS3) == false) {191throw new Exception("alias mismatch: " + aliases);192}193194PrivateKey key5 = (PrivateKey)ks.getKey(ALIAS3, null);195System.out.println(toString(key5));196X509Certificate[] chain5 = (X509Certificate[])197ks.getCertificateChain(ALIAS3);198if (Arrays.equals(chain, chain5) == false) {199throw new Exception("chain mismatch");200}201sign(p, key5, publicKey);202203ks.deleteEntry(ALIAS3);204if (ks.size() != 0) {205throw new Exception("KeyStore not empty");206}207208System.out.println("OK");209}210211private static void sign(Provider p, PrivateKey privateKey,212PublicKey publicKey) throws Exception {213String keyAlg = privateKey.getAlgorithm();214String alg;215switch (keyAlg) {216case "RSA":217alg = "SHA1withRSA";218break;219case "DSA":220alg = "SHA1withDSA";221break;222case "EC":223alg = "SHA1withECDSA";224break;225default:226throw new Exception("Unknown algorithm " + keyAlg);227}228Signature s = Signature.getInstance(alg, p);229s.initSign(privateKey);230s.update(DATA);231byte[] sig = s.sign();232233s.initVerify(publicKey);234s.update(DATA);235if (s.verify(sig) == false) {236throw new Exception("Signature did not verify");237}238}239240private static String toString(Object o) {241String s = String.valueOf(o).split("\n")[0];242return (s.length() <= MAX_LINE) ? s : s.substring(0, MAX_LINE);243}244245}246247248