1 /*

     2  * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.

     8  *

     9  * This code is distributed in the hope that it will be useful, but WITHOUT

    10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    12  * version 2 for more details (a copy is included in the LICENSE file that

    13  * accompanied this code).

    14  *

    15  * You should have received a copy of the GNU General Public License version

    16  * 2 along with this work; if not, write to the Free Software Foundation,

    17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    18  *

    19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    20  * or visit www.oracle.com if you need additional information or have any

    21  * questions.

    22  */

    23 

    24 /*

    25  * @test

    26  * @bug 8225745

    27  * @summary Ensure ECDSA certificates with signature algorithm parameters

    28  *          can be verified successfully

    29  * @run main ECSigParamsVerifyWithCert

    30  */

    31 import java.io.*;

    32 import java.security.cert.CertificateFactory;

    33 import java.security.cert.X509Certificate;

    34 

    35 public class ECSigParamsVerifyWithCert {

    36 

    37     // ECDSA certificate with non-null signature parameters, i.e.

    38     // Signature Algorithm: SHA256withECDSA, params unparsed,

    39     // OID = 1.2.840.10045.4.3.2

    40     private static String ecEntityWithSigParamsStr =

    41         "-----BEGIN CERTIFICATE-----\n" +

    42         "MIICXjCCAfmgAwIBAgIIHzREzASpiTowFAYIKoZIzj0EAwIGCCqGSM49AwEHMGAx\n" +

    43         "IzAhBgNVBAMMGkNvcmRhIE5vZGUgSW50ZXJtZWRpYXRlIENBMQswCQYDVQQKDAJS\n" +

    44         "MzEOMAwGA1UECwwFY29yZGExDzANBgNVBAcMBkxvbmRvbjELMAkGA1UEBhMCVUsw\n" +

    45         "HhcNMTgwNjI1MDAwMDAwWhcNMjcwNTIwMDAwMDAwWjAxMQswCQYDVQQGEwJHQjEP\n" +

    46         "MA0GA1UEBwwGTG9uZG9uMREwDwYDVQQKDAhNZWdhQ29ycDBZMBMGByqGSM49AgEG\n" +

    47         "CCqGSM49AwEHA0IABG2VjWPPFnGVka3G9++Sz/GPRkAkht4BDoYTlkRz8hpwr4iu\n" +

    48         "fU6NlReirLOB4LBLZcmp16xm4RYsN5ouTS7Z3wKjgcEwgb4wHQYDVR0OBBYEFBnY\n" +

    49         "sikYpaSL9U8FUygbqN3sIvMOMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgGG\n" +

    50         "MCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEFBQcDAgYEVR0lADARBgorBgEEAYOK\n" +

    51         "YgEBBAMCAQQwRwYDVR0eAQH/BD0wO6A3MDWkMzAxMQswCQYDVQQGEwJHQjEPMA0G\n" +

    52         "A1UEBwwGTG9uZG9uMREwDwYDVQQKDAhNZWdhQ29ycKEAMBQGCCqGSM49BAMCBggq\n" +

    53         "hkjOPQMBBwNJADBGAiEAos+QzgwwH2hfOtrlLncHnoT2YXXHP4q5h01T2DRmjcMC\n" +

    54         "IQDa3xZz7CkyyNO1+paAthiNVIlGwwnl4UxuYMwkAiWACw==\n" +

    55         "-----END CERTIFICATE-----\n";

    56 

    57     // ECDSA certificate with only signature algorithm oid, no parameters, i.e.

    58     // Signature Algorithm: SHA256withECDSA, OID = 1.2.840.10045.4.3.2

    59     private static String ecSigner =

    60         "-----BEGIN CERTIFICATE-----\n" +

    61         "MIICETCCAbigAwIBAgIIaHr3YTnjT8YwCgYIKoZIzj0EAwIwWDEbMBkGA1UEAwwS\n" +

    62         "Q29yZGEgTm9kZSBSb290IENBMQswCQYDVQQKDAJSMzEOMAwGA1UECwwFY29yZGEx\n" +

    63         "DzANBgNVBAcMBkxvbmRvbjELMAkGA1UEBhMCVUswHhcNMTcwNTIyMDAwMDAwWhcN\n" +

    64         "MjcwNTIwMDAwMDAwWjBgMSMwIQYDVQQDDBpDb3JkYSBOb2RlIEludGVybWVkaWF0\n" +

    65         "ZSBDQTELMAkGA1UECgwCUjMxDjAMBgNVBAsMBWNvcmRhMQ8wDQYDVQQHDAZMb25k\n" +

    66         "b24xCzAJBgNVBAYTAlVLMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEA8veoCbh\n" +

    67         "ZmazlyIFWjExBd8ru5OYdFW9Z9ZD5BVg/dswdKC4dlHMHe/sQ4TxFmkYNqf7DTTt\n" +

    68         "ePtdHT7Eb1LGYKNkMGIwHQYDVR0OBBYEFOvuLjAVKUCuGZge2G/jfX8HosITMAsG\n" +

    69         "A1UdDwQEAwIBhjAjBgNVHSUEHDAaBggrBgEFBQcDAQYIKwYBBQUHAwIGBFUdJQAw\n" +

    70         "DwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiB6wr47tuC71qi6+FbY\n" +

    71         "XYDTvK+QmAi5ywkFc95I9fPLaQIgIM+nNNQ50NwK610h3bG37XC2tGu+A7Dhtt2Q\n" +

    72         "4nDqu30=\n" +

    73         "-----END CERTIFICATE-----\n";

    74 

    75     public static void main(String[] args) throws Exception {

    76         CertificateFactory certFactory = CertificateFactory.getInstance("X.509");

    77         ByteArrayInputStream is

    78                 = new ByteArrayInputStream(ecEntityWithSigParamsStr.getBytes());

    79         X509Certificate ecEntityWithSigParams = (X509Certificate)certFactory.generateCertificate(is);

    80         is = new ByteArrayInputStream(ecSigner.getBytes());

    81         X509Certificate ecSigner = (X509Certificate)certFactory.generateCertificate(is);

    82 

    83         try {

    84             ecEntityWithSigParams.verify(ecSigner.getPublicKey());

    85             System.out.println("Test Passed: EC Cert verified");

    86         } catch (Exception e) {

    87             System.out.println("Failed, cannot verify EC certificate with sig params");

    88             throw e;

    89         }

    90     }

    91 }