1 /*

     2  * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.

     8  *

     9  * This code is distributed in the hope that it will be useful, but WITHOUT

    10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    12  * version 2 for more details (a copy is included in the LICENSE file that

    13  * accompanied this code).

    14  *

    15  * You should have received a copy of the GNU General Public License version

    16  * 2 along with this work; if not, write to the Free Software Foundation,

    17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    18  *

    19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    20  * or visit www.oracle.com if you need additional information or have any

    21  * questions.

    22  */

    23 

    24 /*

    25  * @test

    26  * @bug 6618658

    27  * @summary Deserialization allows creation of mutable SignedObject

    28  */

    29 

    30 import java.io.ByteArrayInputStream;

    31 import java.io.ByteArrayOutputStream;

    32 import java.io.ObjectInputStream;

    33 import java.io.ObjectOutputStream;

    34 import java.security.KeyPair;

    35 import java.security.KeyPairGenerator;

    36 import java.security.Signature;

    37 import java.security.SignedObject;

    38 

    39 

    40 public class Correctness {

    41 

    42     public static void main(String[] args) throws Exception {

    43 

    44         String SIGALG = "SHA1withRSA";

    45         KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");

    46         KeyPair kp = kpg.generateKeyPair();

    47 

    48         SignedObject so1 = new SignedObject("Hello", kp.getPrivate(),

    49                 Signature.getInstance(SIGALG));

    50 

    51         ByteArrayOutputStream byteOut = new ByteArrayOutputStream();

    52         ObjectOutputStream out = new ObjectOutputStream(byteOut);

    53         out.writeObject(so1);

    54         out.close();

    55 

    56         byte[] data = byteOut.toByteArray();

    57 

    58         SignedObject so2 = (SignedObject)new ObjectInputStream(

    59                 new ByteArrayInputStream(data)).readObject();

    60 

    61         if (!so2.getObject().equals("Hello")) {

    62             throw new Exception("Content changed");

    63         }

    64         if (!so2.getAlgorithm().equals(SIGALG)) {

    65             throw new Exception("Signature algorithm unknown");

    66         }

    67         if (!so2.verify(kp.getPublic(), Signature.getInstance(SIGALG))) {

    68             throw new Exception("Not verified");

    69         }

    70     }

    71 }