1 /*

     2  * Copyright (c) 2017, Red Hat, Inc. and/or its affiliates.

     3  *

     4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     5  *

     6  * This code is free software; you can redistribute it and/or modify it

     7  * under the terms of the GNU General Public License version 2 only, as

     8  * published by the Free Software Foundation.

     9  *

    10  * This code is distributed in the hope that it will be useful, but WITHOUT

    11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    13  * version 2 for more details (a copy is included in the LICENSE file that

    14  * accompanied this code).

    15  *

    16  * You should have received a copy of the GNU General Public License version

    17  * 2 along with this work; if not, write to the Free Software Foundation,

    18  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    19  *

    20  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    21  * or visit www.oracle.com if you need additional information or have any

    22  * questions.

    23  */

    24 

    25 /*

    26  * @test

    27  * @bug 8165996

    28  * @summary Test NSS DB Sqlite

    29  * @library ../

    30  * @modules java.base/sun.security.rsa

    31  *          java.base/sun.security.provider

    32  *          java.base/sun.security.jca

    33  *          java.base/sun.security.tools.keytool

    34  *          java.base/sun.security.x509

    35  *          java.base/com.sun.crypto.provider

    36  *          jdk.crypto.cryptoki/sun.security.pkcs11:+open

    37  * @run main/othervm/timeout=120 TestNssDbSqlite

    38  * @author Martin Balao (mbalao@redhat.com)

    39  */

    40 

    41 import java.security.PrivateKey;

    42 import java.security.cert.Certificate;

    43 import java.security.KeyStore;

    44 import java.security.Provider;

    45 import java.security.Signature;

    46 

    47 import sun.security.rsa.SunRsaSign;

    48 import sun.security.jca.ProviderList;

    49 import sun.security.jca.Providers;

    50 import sun.security.tools.keytool.CertAndKeyGen;

    51 import sun.security.x509.X500Name;

    52 

    53 public final class TestNssDbSqlite extends SecmodTest {

    54 

    55     private static final boolean enableDebug = true;

    56 

    57     private static Provider sunPKCS11NSSProvider;

    58     private static Provider sunRsaSignProvider;

    59     private static Provider sunJCEProvider;

    60     private static KeyStore ks;

    61     private static char[] passphrase = "test12".toCharArray();

    62     private static PrivateKey privateKey;

    63     private static Certificate certificate;

    64 

    65     public static void main(String[] args) throws Exception {

    66 

    67         initialize();

    68 

    69         if (enableDebug) {

    70             System.out.println("SunPKCS11 provider: " +

    71                 sunPKCS11NSSProvider);

    72         }

    73 

    74         testRetrieveKeysFromKeystore();

    75 

    76         System.out.println("Test PASS - OK");

    77     }

    78 

    79     private static void testRetrieveKeysFromKeystore() throws Exception {

    80 

    81         String plainText = "known plain text";

    82 

    83         ks.setKeyEntry("root_ca_1", privateKey, passphrase,

    84                 new Certificate[]{certificate});

    85         PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase);

    86 

    87         Signature sS = Signature.getInstance(

    88                 "SHA256withRSA", sunPKCS11NSSProvider);

    89         sS.initSign(k1);

    90         sS.update(plainText.getBytes());

    91         byte[] generatedSignature = sS.sign();

    92 

    93         if (enableDebug) {

    94             System.out.println("Generated signature: ");

    95             for (byte b : generatedSignature) {

    96                 System.out.printf("0x%02x, ", (int)(b) & 0xFF);

    97             }

    98             System.out.println("");

    99         }

   100 

   101         Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider);

   102         sV.initVerify(certificate);

   103         sV.update(plainText.getBytes());

   104         if(!sV.verify(generatedSignature)){

   105             throw new Exception("Couldn't verify signature");

   106         }

   107     }

   108 

   109     private static void initialize() throws Exception {

   110         initializeProvider();

   111     }

   112 

   113     private static void initializeProvider () throws Exception {

   114         useSqlite(true);

   115         if (!initSecmod()) {

   116             return;

   117         }

   118 

   119         sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg");

   120         sunJCEProvider = new com.sun.crypto.provider.SunJCE();

   121         sunRsaSignProvider = new SunRsaSign();

   122         Providers.setProviderList(ProviderList.newList(

   123                 sunJCEProvider, sunPKCS11NSSProvider,

   124                 new sun.security.provider.Sun(), sunRsaSignProvider));

   125 

   126         ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider);

   127         ks.load(null, passphrase);

   128 

   129         CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA");

   130         gen.generate(2048);

   131         privateKey = gen.getPrivateKey();

   132         certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365);

   133     }

   134 }