1 /* |
1 /** |
2 * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. |
7 * published by the Free Software Foundation. |
26 import java.security.KeyPairGenerator; |
26 import java.security.KeyPairGenerator; |
27 import java.security.KeyPair; |
27 import java.security.KeyPair; |
28 import java.security.NoSuchProviderException; |
28 import java.security.NoSuchProviderException; |
29 import java.security.PrivateKey; |
29 import java.security.PrivateKey; |
30 import java.security.PublicKey; |
30 import java.security.PublicKey; |
31 import java.util.Arrays; |
31 import java.security.spec.*; |
|
32 import java.util.*; |
|
33 import jdk.test.lib.SigTestUtil; |
|
34 import static jdk.test.lib.SigTestUtil.SignatureType; |
32 |
35 |
33 /* |
36 /* |
34 * @test |
37 * @test |
35 * @bug 8050374 8181048 |
38 * @bug 8050374 8181048 8146293 |
36 * @summary Verify a chain of signed objects |
39 * @summary Verify a chain of signed objects |
|
40 * @library /test/lib |
|
41 * @build jdk.test.lib.SigTestUtil |
|
42 * @run main Chain |
37 */ |
43 */ |
38 public class Chain { |
44 public class Chain { |
39 |
45 |
40 static enum KeyAlg { |
46 static enum KeyAlg { |
41 RSA("RSA"), |
47 RSA("RSA"), |
75 SHA1withRSA("Sha1withrSA"), |
81 SHA1withRSA("Sha1withrSA"), |
76 SHA224withRSA("SHA224withRSA"), |
82 SHA224withRSA("SHA224withRSA"), |
77 SHA256withRSA("SHA256withRSA"), |
83 SHA256withRSA("SHA256withRSA"), |
78 SHA384withRSA("SHA384withRSA"), |
84 SHA384withRSA("SHA384withRSA"), |
79 SHA512withRSA("SHA512withRSA"), |
85 SHA512withRSA("SHA512withRSA"), |
|
86 SHA512_224withRSA("SHA512/224withRSA"), |
|
87 SHA512_256withRSA("SHA512/256withRSA"), |
80 |
88 |
81 SHA1withECDSA("SHA1withECDSA"), |
89 SHA1withECDSA("SHA1withECDSA"), |
82 SHA256withECDSA("SHA256withECDSA"), |
90 SHA256withECDSA("SHA256withECDSA"), |
83 SHA224withECDSA("SHA224withECDSA"), |
91 SHA224withECDSA("SHA224withECDSA"), |
84 SHA384withECDSA("SHA384withECDSA"), |
92 SHA384withECDSA("SHA384withECDSA"), |
85 SHA512withECDSA("SHA512withECDSA"), |
93 SHA512withECDSA("SHA512withECDSA"), |
86 |
94 |
87 MD5andSHA1withRSA("MD5andSHA1withRSA"); |
95 MD5andSHA1withRSA("MD5andSHA1withRSA"), |
|
96 |
|
97 RSASSA_PSS("RSASSA-PSS"); |
88 |
98 |
89 final String name; |
99 final String name; |
90 |
100 |
91 SigAlg(String name) { |
101 SigAlg(String name) { |
92 this.name = name; |
102 this.name = name; |
96 static class Test { |
106 static class Test { |
97 final Provider provider; |
107 final Provider provider; |
98 final KeyAlg keyAlg; |
108 final KeyAlg keyAlg; |
99 final SigAlg sigAlg; |
109 final SigAlg sigAlg; |
100 final int keySize; |
110 final int keySize; |
|
111 final AlgorithmParameterSpec sigParams; |
101 |
112 |
102 Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider) { |
113 Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider) { |
103 this(sigAlg, keyAlg, provider, -1); |
114 this(sigAlg, keyAlg, provider, -1, null); |
104 } |
115 } |
105 |
116 |
106 Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider, int keySize) { |
117 Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider, int keySize) { |
|
118 this(sigAlg, keyAlg, provider, keySize, null); |
|
119 } |
|
120 |
|
121 Test(SigAlg sigAlg, KeyAlg keyAlg, Provider provider, int keySize, |
|
122 AlgorithmParameterSpec sigParams) { |
107 this.provider = provider; |
123 this.provider = provider; |
108 this.keyAlg = keyAlg; |
124 this.keyAlg = keyAlg; |
109 this.sigAlg = sigAlg; |
125 this.sigAlg = sigAlg; |
110 this.keySize = keySize; |
126 this.keySize = keySize; |
|
127 this.sigParams = sigParams; |
|
128 } |
|
129 |
|
130 private static String formatParams(AlgorithmParameterSpec aps) { |
|
131 if (aps == null) return "null"; |
|
132 if (aps instanceof PSSParameterSpec) { |
|
133 PSSParameterSpec p = (PSSParameterSpec) aps; |
|
134 return String.format("PSSParameterSpec (%s, %s, %s, %s)", |
|
135 p.getDigestAlgorithm(), formatParams(p.getMGFParameters()), |
|
136 p.getSaltLength(), p.getTrailerField()); |
|
137 } else if (aps instanceof MGF1ParameterSpec) { |
|
138 return "MGF1" + |
|
139 ((MGF1ParameterSpec)aps).getDigestAlgorithm(); |
|
140 } else { |
|
141 return aps.toString(); |
|
142 } |
|
143 } |
|
144 |
|
145 public String toString() { |
|
146 return String.format("Test: provider = %s, signature alg = %s, " |
|
147 + " w/ %s, key alg = %s", provider, sigAlg, |
|
148 formatParams(sigParams), keyAlg); |
111 } |
149 } |
112 } |
150 } |
113 |
151 |
114 private static final Test[] tests = { |
152 private static final Test[] tests = { |
115 new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default, 1024), |
153 new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default, 1024), |
124 private static final String str = "to-be-signed"; |
162 private static final String str = "to-be-signed"; |
125 private static final int N = 3; |
163 private static final int N = 3; |
126 |
164 |
127 public static void main(String argv[]) { |
165 public static void main(String argv[]) { |
128 boolean result = Arrays.stream(tests).allMatch((test) -> runTest(test)); |
166 boolean result = Arrays.stream(tests).allMatch((test) -> runTest(test)); |
129 if(result) { |
167 result &= runTestPSS(2048); |
|
168 if (result) { |
130 System.out.println("All tests passed"); |
169 System.out.println("All tests passed"); |
131 } else { |
170 } else { |
132 throw new RuntimeException("Some tests failed"); |
171 throw new RuntimeException("Some tests failed"); |
133 } |
172 } |
134 } |
173 } |
135 |
174 |
|
175 private static boolean runTestPSS(int keysize) { |
|
176 boolean result = true; |
|
177 SigAlg pss = SigAlg.RSASSA_PSS; |
|
178 Iterator<String> mdAlgs = SigTestUtil.getDigestAlgorithms |
|
179 (SignatureType.RSASSA_PSS, keysize).iterator(); |
|
180 while (mdAlgs.hasNext()) { |
|
181 result &= runTest(new Test(pss, KeyAlg.RSA, Provider.SunRsaSign, |
|
182 keysize, SigTestUtil.generateDefaultParameter |
|
183 (SignatureType.RSASSA_PSS, mdAlgs.next()))); |
|
184 } |
|
185 return result; |
|
186 } |
|
187 |
136 static boolean runTest(Test test) { |
188 static boolean runTest(Test test) { |
137 System.out.format("Test: provider = %s, signature algorithm = %s, " |
189 System.out.println(test); |
138 + "key algorithm = %s\n", |
|
139 test.provider, test.sigAlg, test.keyAlg); |
|
140 try { |
190 try { |
141 // Generate all private/public key pairs |
191 // Generate all private/public key pairs |
142 PrivateKey[] privKeys = new PrivateKey[N]; |
192 PrivateKey[] privKeys = new PrivateKey[N]; |
143 PublicKey[] pubKeys = new PublicKey[N]; |
193 PublicKey[] pubKeys = new PublicKey[N]; |
144 PublicKey[] anotherPubKeys = new PublicKey[N]; |
194 PublicKey[] anotherPubKeys = new PublicKey[N]; |
151 test.keyAlg.name, test.provider.name); |
201 test.keyAlg.name, test.provider.name); |
152 } else { |
202 } else { |
153 signature = Signature.getInstance(test.sigAlg.name); |
203 signature = Signature.getInstance(test.sigAlg.name); |
154 kpg = KeyPairGenerator.getInstance(test.keyAlg.name); |
204 kpg = KeyPairGenerator.getInstance(test.keyAlg.name); |
155 } |
205 } |
|
206 |
|
207 signature.setParameter(test.sigParams); |
|
208 |
156 for (int j=0; j < N; j++) { |
209 for (int j=0; j < N; j++) { |
157 if (test.keySize != -1) { |
210 if (test.keySize != -1) { |
158 kpg.initialize(test.keySize); |
211 kpg.initialize(test.keySize); |
159 } |
212 } |
160 KeyPair kp = kpg.genKeyPair(); |
213 KeyPair kp = kpg.genKeyPair(); |
185 do { |
238 do { |
186 if (!object.verify(pubKeys[n], signature)) { |
239 if (!object.verify(pubKeys[n], signature)) { |
187 System.out.println("Failed: verification failed, n = " + n); |
240 System.out.println("Failed: verification failed, n = " + n); |
188 return false; |
241 return false; |
189 } |
242 } |
190 |
|
191 if (object.verify(anotherPubKeys[n], signature)) { |
243 if (object.verify(anotherPubKeys[n], signature)) { |
192 System.out.println("Failed: verification should not " |
244 System.out.println("Failed: verification should not " |
193 + "succeed with wrong public key, n = " + n); |
245 + "succeed with wrong public key, n = " + n); |
194 return false; |
246 return false; |
195 } |
247 } |