|
1 /* |
|
2 * Copyright (c) 2017, Red Hat, Inc. and/or its affiliates. |
|
3 * |
|
4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
5 * |
|
6 * This code is free software; you can redistribute it and/or modify it |
|
7 * under the terms of the GNU General Public License version 2 only, as |
|
8 * published by the Free Software Foundation. |
|
9 * |
|
10 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
13 * version 2 for more details (a copy is included in the LICENSE file that |
|
14 * accompanied this code). |
|
15 * |
|
16 * You should have received a copy of the GNU General Public License version |
|
17 * 2 along with this work; if not, write to the Free Software Foundation, |
|
18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
19 * |
|
20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
21 * or visit www.oracle.com if you need additional information or have any |
|
22 * questions. |
|
23 */ |
|
24 |
|
25 /* |
|
26 * @test |
|
27 * @bug 8165996 |
|
28 * @summary Test NSS DB Sqlite |
|
29 * @library ../ |
|
30 * @modules java.base/sun.security.rsa |
|
31 * java.base/sun.security.provider |
|
32 * java.base/sun.security.jca |
|
33 * java.base/sun.security.tools.keytool |
|
34 * java.base/sun.security.x509 |
|
35 * java.base/com.sun.crypto.provider |
|
36 * jdk.crypto.cryptoki/sun.security.pkcs11:+open |
|
37 * @run main/othervm/timeout=120 TestNssDbSqlite |
|
38 * @author Martin Balao (mbalao@redhat.com) |
|
39 */ |
|
40 |
|
41 import java.security.PrivateKey; |
|
42 import java.security.cert.Certificate; |
|
43 import java.security.KeyStore; |
|
44 import java.security.Provider; |
|
45 import java.security.Signature; |
|
46 |
|
47 import sun.security.rsa.SunRsaSign; |
|
48 import sun.security.jca.ProviderList; |
|
49 import sun.security.jca.Providers; |
|
50 import sun.security.tools.keytool.CertAndKeyGen; |
|
51 import sun.security.x509.X500Name; |
|
52 |
|
53 public final class TestNssDbSqlite extends SecmodTest { |
|
54 |
|
55 private static final boolean enableDebug = true; |
|
56 |
|
57 private static Provider sunPKCS11NSSProvider; |
|
58 private static Provider sunRsaSignProvider; |
|
59 private static Provider sunJCEProvider; |
|
60 private static KeyStore ks; |
|
61 private static char[] passphrase = "test12".toCharArray(); |
|
62 private static PrivateKey privateKey; |
|
63 private static Certificate certificate; |
|
64 |
|
65 public static void main(String[] args) throws Exception { |
|
66 |
|
67 initialize(); |
|
68 |
|
69 if (enableDebug) { |
|
70 System.out.println("SunPKCS11 provider: " + |
|
71 sunPKCS11NSSProvider); |
|
72 } |
|
73 |
|
74 testRetrieveKeysFromKeystore(); |
|
75 |
|
76 System.out.println("Test PASS - OK"); |
|
77 } |
|
78 |
|
79 private static void testRetrieveKeysFromKeystore() throws Exception { |
|
80 |
|
81 String plainText = "known plain text"; |
|
82 |
|
83 ks.setKeyEntry("root_ca_1", privateKey, passphrase, |
|
84 new Certificate[]{certificate}); |
|
85 PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase); |
|
86 |
|
87 Signature sS = Signature.getInstance( |
|
88 "SHA256withRSA", sunPKCS11NSSProvider); |
|
89 sS.initSign(k1); |
|
90 sS.update(plainText.getBytes()); |
|
91 byte[] generatedSignature = sS.sign(); |
|
92 |
|
93 if (enableDebug) { |
|
94 System.out.println("Generated signature: "); |
|
95 for (byte b : generatedSignature) { |
|
96 System.out.printf("0x%02x, ", (int)(b) & 0xFF); |
|
97 } |
|
98 System.out.println(""); |
|
99 } |
|
100 |
|
101 Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider); |
|
102 sV.initVerify(certificate); |
|
103 sV.update(plainText.getBytes()); |
|
104 if(!sV.verify(generatedSignature)){ |
|
105 throw new Exception("Couldn't verify signature"); |
|
106 } |
|
107 } |
|
108 |
|
109 private static void initialize() throws Exception { |
|
110 initializeProvider(); |
|
111 } |
|
112 |
|
113 private static void initializeProvider () throws Exception { |
|
114 useSqlite(true); |
|
115 if (!initSecmod()) { |
|
116 return; |
|
117 } |
|
118 |
|
119 sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg"); |
|
120 sunJCEProvider = new com.sun.crypto.provider.SunJCE(); |
|
121 sunRsaSignProvider = new SunRsaSign(); |
|
122 Providers.setProviderList(ProviderList.newList( |
|
123 sunJCEProvider, sunPKCS11NSSProvider, |
|
124 new sun.security.provider.Sun(), sunRsaSignProvider)); |
|
125 |
|
126 ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider); |
|
127 ks.load(null, passphrase); |
|
128 |
|
129 CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA"); |
|
130 gen.generate(2048); |
|
131 privateKey = gen.getPrivateKey(); |
|
132 certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365); |
|
133 } |
|
134 } |