--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/mscapi/SignUsingNONEwithRSA.java Tue Sep 12 19:03:39 2017 +0200
@@ -0,0 +1,252 @@
+/*
+ * Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+ /*
+ * @test
+ * @bug 6578658
+ * @modules java.base/sun.security.x509
+ * java.base/sun.security.tools.keytool
+ * @requires os.family == "windows"
+ * @summary Sign using the NONEwithRSA signature algorithm from SunMSCAPI
+ */
+
+import java.security.*;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.util.*;
+import sun.security.tools.keytool.CertAndKeyGen;
+import sun.security.x509.X500Name;
+
+public class SignUsingNONEwithRSA {
+
+ private static final List<byte[]> precomputedHashes = Arrays.asList(
+ // A MD5 hash
+ new byte[] {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16
+ },
+ // A SHA-1 hash
+ new byte[] {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20
+ },
+ // A concatenation of SHA-1 and MD5 hashes (used during SSL handshake)
+ new byte[] {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20,
+ 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30,
+ 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
+ },
+ // A SHA-256 hash
+ new byte[] {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20,
+ 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30,
+ 0x31, 0x32
+ },
+ // A SHA-384 hash
+ new byte[] {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20,
+ 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30,
+ 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40,
+ 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48
+ },
+ // A SHA-512 hash
+ new byte[] {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20,
+ 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30,
+ 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40,
+ 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x50,
+ 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x60,
+ 0x61, 0x62, 0x63, 0x64
+ });
+
+ private static List<byte[]> generatedSignatures = new ArrayList<>();
+
+ public static void main(String[] args) throws Exception {
+
+ Provider[] providers = Security.getProviders("Signature.NONEwithRSA");
+ if (providers == null) {
+ System.out.println("No JCE providers support the " +
+ "'Signature.NONEwithRSA' algorithm");
+ System.out.println("Skipping this test...");
+ return;
+
+ } else {
+ System.out.println("The following JCE providers support the " +
+ "'Signature.NONEwithRSA' algorithm: ");
+ for (Provider provider : providers) {
+ System.out.println(" " + provider.getName());
+ }
+ }
+ System.out.println(
+ "Creating a temporary RSA keypair in the Windows-My store");
+ KeyStore ks = KeyStore.getInstance("Windows-MY");
+ ks.load(null, null);
+ CertAndKeyGen ckg = new CertAndKeyGen("RSA", "SHA1withRSA");
+ ckg.generate(1024);
+ RSAPrivateCrtKey k = (RSAPrivateCrtKey) ckg.getPrivateKey();
+ ks.setKeyEntry("6578658", k, null, new X509Certificate[]{
+ ckg.getSelfCertificate(new X500Name("cn=6578658,c=US"), 1000)
+ });
+ ks.store(null, null);
+
+ System.out.println("---------------------------------------------");
+
+ try {
+ KeyPair keys = getKeysFromKeyStore();
+ signAllUsing("SunMSCAPI", keys.getPrivate());
+ System.out.println("---------------------------------------------");
+
+ verifyAllUsing("SunMSCAPI", keys.getPublic());
+ System.out.println("---------------------------------------------");
+
+ verifyAllUsing("SunJCE", keys.getPublic());
+ System.out.println("---------------------------------------------");
+
+ keys = generateKeys();
+ signAllUsing("SunJCE", keys.getPrivate());
+ System.out.println("---------------------------------------------");
+
+ verifyAllUsing("SunMSCAPI", keys.getPublic());
+ System.out.println("---------------------------------------------");
+ } finally {
+ System.out.println(
+ "Deleting temporary RSA keypair from Windows-My store");
+ ks.deleteEntry("6578658");
+ }
+
+ }
+
+ private static KeyPair getKeysFromKeyStore() throws Exception {
+ KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
+ ks.load(null, null);
+ System.out.println("Loaded keystore: Windows-MY");
+
+ Enumeration<String> e = ks.aliases();
+ PrivateKey privateKey = null;
+ PublicKey publicKey = null;
+
+ while (e.hasMoreElements()) {
+ String alias = e.nextElement();
+ if (alias.equals("6578658")) {
+ System.out.println("Loaded entry: " + alias);
+ privateKey = (PrivateKey) ks.getKey(alias, null);
+ publicKey = (PublicKey) ks.getCertificate(alias).getPublicKey();
+ }
+ }
+ if (privateKey == null || publicKey == null) {
+ throw new Exception("Cannot load the keys need to run this test");
+ }
+
+ return new KeyPair(publicKey, privateKey);
+ }
+
+
+ private static KeyPair generateKeys() throws Exception {
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+ keyGen.initialize(1024, null);
+ KeyPair pair = keyGen.generateKeyPair();
+ PrivateKey privateKey = pair.getPrivate();
+ PublicKey publicKey = pair.getPublic();
+
+ if (privateKey == null || publicKey == null) {
+ throw new Exception("Cannot load the keys need to run this test");
+ }
+
+ return new KeyPair(publicKey, privateKey);
+ }
+
+ private static void signAllUsing(String providerName, PrivateKey privateKey)
+ throws Exception {
+ Signature sig1 = Signature.getInstance("NONEwithRSA", providerName);
+ if (sig1 == null) {
+ throw new Exception("'NONEwithRSA' is not supported");
+ }
+ if (sig1.getProvider() != null) {
+ System.out.println("Using NONEwithRSA signer from the " +
+ sig1.getProvider().getName() + " JCE provider");
+ } else {
+ System.out.println(
+ "Using NONEwithRSA signer from the internal JCE provider");
+ }
+
+ System.out.println("Using key: " + privateKey);
+ generatedSignatures.clear();
+ for (byte[] hash : precomputedHashes) {
+ sig1.initSign(privateKey);
+ sig1.update(hash);
+
+ try {
+
+ byte [] sigBytes = sig1.sign();
+ System.out.println("\nGenerated RSA signature over a " +
+ hash.length + "-byte hash (signature length: " +
+ sigBytes.length * 8 + " bits)");
+ System.out.println(String.format("0x%0" +
+ (sigBytes.length * 2) + "x",
+ new java.math.BigInteger(1, sigBytes)));
+ generatedSignatures.add(sigBytes);
+
+ } catch (SignatureException se) {
+ System.out.println("Error generating RSA signature: " + se);
+ }
+ }
+ }
+
+ private static void verifyAllUsing(String providerName, PublicKey publicKey)
+ throws Exception {
+ Signature sig1 = Signature.getInstance("NONEwithRSA", providerName);
+ if (sig1.getProvider() != null) {
+ System.out.println("\nUsing NONEwithRSA verifier from the " +
+ sig1.getProvider().getName() + " JCE provider");
+ } else {
+ System.out.println(
+ "\nUsing NONEwithRSA verifier from the internal JCE provider");
+ }
+
+ System.out.println("Using key: " + publicKey);
+
+ int i = 0;
+ for (byte[] hash : precomputedHashes) {
+
+ byte[] sigBytes = generatedSignatures.get(i++);
+ System.out.println("\nVerifying RSA Signature over a " +
+ hash.length + "-byte hash (signature length: " +
+ sigBytes.length * 8 + " bits)");
+ System.out.println(String.format("0x%0" +
+ (sigBytes.length * 2) + "x",
+ new java.math.BigInteger(1, sigBytes)));
+
+ sig1.initVerify(publicKey);
+ sig1.update(hash);
+ if (sig1.verify(sigBytes)) {
+ System.out.println("Verify PASSED");
+ } else {
+ throw new Exception("Verify FAILED");
+ }
+ }
+ }
+}