--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/Signature/SignatureLength.java Fri Jul 22 16:05:23 2016 +0100
@@ -0,0 +1,101 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.*;
+
+/*
+ * @test
+ * @bug 8161571
+ * @summary Reject signatures presented for verification that contain extra
+ * bytes.
+ * @run main SignatureLength
+ */
+public class SignatureLength {
+
+ public static void main(String[] args) throws Exception {
+ main0("EC", 256, "SHA256withECDSA", "SunEC");
+ main0("RSA", 2048, "SHA256withRSA", "SunRsaSign");
+ main0("DSA", 2048, "SHA256withDSA", "SUN");
+
+ if (System.getProperty("os.name").equals("SunOS")) {
+ main0("EC", 256, "SHA256withECDSA", null);
+ main0("RSA", 2048, "SHA256withRSA", null);
+ }
+ }
+
+ private static void main0(String keyAlgorithm, int keysize,
+ String signatureAlgorithm, String provider) throws Exception {
+ byte[] plaintext = "aaa".getBytes("UTF-8");
+
+ // Generate
+ KeyPairGenerator generator =
+ provider == null ?
+ (KeyPairGenerator) KeyPairGenerator.getInstance(keyAlgorithm) :
+ (KeyPairGenerator) KeyPairGenerator.getInstance(
+ keyAlgorithm, provider);
+ generator.initialize(keysize);
+ System.out.println("Generating " + keyAlgorithm + " keypair using " +
+ generator.getProvider().getName() + " JCE provider");
+ KeyPair keypair = generator.generateKeyPair();
+
+ // Sign
+ Signature signer =
+ provider == null ?
+ Signature.getInstance(signatureAlgorithm) :
+ Signature.getInstance(signatureAlgorithm, provider);
+ signer.initSign(keypair.getPrivate());
+ signer.update(plaintext);
+ System.out.println("Signing using " + signer.getProvider().getName() +
+ " JCE provider");
+ byte[] signature = signer.sign();
+
+ // Invalidate
+ System.out.println("Invalidating signature ...");
+ byte[] badSignature = new byte[signature.length + 5];
+ System.arraycopy(signature, 0, badSignature, 0, signature.length);
+ badSignature[signature.length] = 0x01;
+ badSignature[signature.length + 1] = 0x01;
+ badSignature[signature.length + 2] = 0x01;
+ badSignature[signature.length + 3] = 0x01;
+ badSignature[signature.length + 4] = 0x01;
+
+ // Verify
+ Signature verifier =
+ provider == null ?
+ Signature.getInstance(signatureAlgorithm) :
+ Signature.getInstance(signatureAlgorithm, provider);
+ verifier.initVerify(keypair.getPublic());
+ verifier.update(plaintext);
+ System.out.println("Verifying using " +
+ verifier.getProvider().getName() + " JCE provider");
+
+ try {
+ System.out.println("Valid? " + verifier.verify(badSignature));
+ throw new Exception(
+ "ERROR: expected a SignatureException but none was thrown");
+ } catch (SignatureException e) {
+ System.out.println("OK: caught expected exception: " + e);
+ }
+ System.out.println();
+ }
+}