test/jdk/java/security/SecureRandom/SerializedSeedTest.java
author prr
Fri, 25 May 2018 12:12:24 -0700
changeset 50347 b2f046ae8eb6
parent 47216 71c04702a3d5
child 51840 dc15e45122b2
permissions -rw-r--r--
Merge

/*
 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 * @test
 * @bug 8141039
 * @library /lib/testlibrary
 * @summary When random number is generated through the a SecureRandom instance
 *          as well from it's serialized instance in the same time then the
 *          generated random numbers should be different when one or both are
 *          reseeded.
 * @run main/othervm -Djava.security.egd=file:/dev/urandom SerializedSeedTest
 */
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ByteArrayInputStream;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import jdk.testlibrary.Asserts;

public class SerializedSeedTest {

    private static final byte[] SEED = "seed".getBytes();
    private static final String DRBG_CONFIG = "securerandom.drbg.config";
    private static final String DRBG_CONFIG_VALUE
            = Security.getProperty(DRBG_CONFIG);

    public static void main(String[] args) {
        boolean success = true;

        for (String mech : new String[]{
            "SHA1PRNG", "Hash_DRBG", "HMAC_DRBG", "CTR_DRBG"}) {
            System.out.printf(
                    "%nRunning test for SecureRandom mechanism: '%s'", mech);
            try {
                // Serialize without seed and compare generated random numbers
                // produced through original and serialized instances.
                SecureRandom orig = getSRInstance(mech);
                SecureRandom copy = deserializedCopy(orig);
                System.out.printf("%nSerialize without seed. Generated random"
                        + " numbers should be different.");
                check(orig, copy, false, mech);

                // Serialize after default seed and compare generated random
                // numbers produced through original and serialized instances.
                orig = getSRInstance(mech);
                orig.nextInt(); // Default seeded
                copy = deserializedCopy(orig);
                System.out.printf("%nSerialize after default seed. Generated"
                        + " random numbers should be same till 20-bytes.");
                check(orig, copy, !isDRBG(mech), mech);

                // Serialize after explicit seed and compare generated random
                // numbers produced through original and serialized instances.
                orig = getSRInstance(mech);
                orig.setSeed(SEED); // Explicitly seeded
                copy = deserializedCopy(orig);
                System.out.printf("%nSerialize after explicit seed. Generated "
                        + "random numbers should be same till 20-bytes.");
                check(orig, copy, !isDRBG(mech), mech);

                // Serialize without seed but original is explicitly seeded
                // before generating any random number. Then compare generated
                // random numbers produced through original and serialized
                // instances.
                orig = getSRInstance(mech);
                copy = deserializedCopy(orig);
                orig.setSeed(SEED); // Explicitly seeded
                System.out.printf("%nSerialize without seed. When original is "
                        + "explicitly seeded before generating random numbers,"
                        + " Generated random numbers should be different.");
                check(orig, copy, false, mech);

                // Serialize after default seed but original is explicitly
                // seeded before generating any random number. Then compare
                // generated random numbers produced through original and
                // serialized instances.
                orig = getSRInstance(mech);
                orig.nextInt(); // Default seeded
                copy = deserializedCopy(orig);
                orig.setSeed(SEED); // Explicitly seeded
                System.out.printf("%nSerialize after default seed but original "
                        + "is explicitly seeded before generating random number"
                        + ". Generated random numbers should be different.");
                check(orig, copy, false, mech);

                // Serialize after explicit seed but original is explicitly
                // seeded again before generating random number. Then compare
                // generated random numbers produced through original and
                // serialized instances.
                orig = getSRInstance(mech);
                orig.setSeed(SEED); // Explicitly seeded
                copy = deserializedCopy(orig);
                orig.setSeed(SEED); // Explicitly seeded
                System.out.printf("%nSerialize after explicit seed but "
                        + "original is explicitly seeded again before "
                        + "generating random number. Generated random "
                        + "numbers should be different.");
                check(orig, copy, false, mech);

            } catch (Exception e) {
                e.printStackTrace(System.out);
                success = false;
            } finally {
                Security.setProperty(DRBG_CONFIG, DRBG_CONFIG_VALUE);
            }
            System.out.printf("%n------Completed Test for %s------", mech);
        }

        if (!success) {
            throw new RuntimeException("At least one test failed.");
        }
    }

    /**
     * Find if the mechanism is a DRBG mechanism.
     * @param mech Mechanism name
     * @return True for DRBG mechanism else False
     */
    private static boolean isDRBG(String mech) {
        return mech.contains("_DRBG");
    }

    /**
     * Verify the similarity of random numbers generated though both original
     * as well as deserialized instance.
     */
    private static void check(SecureRandom orig, SecureRandom copy,
            boolean equal, String mech) {
        int o = orig.nextInt();
        int c = copy.nextInt();
        System.out.printf("%nRandom number generated for mechanism: '%s' "
                + "from original instance as: '%s' and from serialized "
                + "instance as: '%s'", mech, o, c);
        if (equal) {
            Asserts.assertEquals(o, c, mech);
        } else {
            Asserts.assertNotEquals(o, c, mech);
        }
    }

    /**
     * Get a copy of SecureRandom instance through deserialization.
     * @param orig Original SecureRandom instance
     * @return Deserialized SecureRandom instance
     * @throws IOException
     * @throws ClassNotFoundException
     */
    private static SecureRandom deserializedCopy(SecureRandom orig)
            throws IOException, ClassNotFoundException {
        return deserialize(serialize(orig));
    }

    /**
     * Deserialize the SecureRandom object.
     */
    private static SecureRandom deserialize(byte[] serialized)
            throws IOException, ClassNotFoundException {
        SecureRandom sr = null;
        try (ByteArrayInputStream bis = new ByteArrayInputStream(serialized);
                ObjectInputStream ois = new ObjectInputStream(bis)) {
            sr = (SecureRandom) ois.readObject();
        }
        return sr;
    }

    /**
     * Serialize the given SecureRandom object.
     */
    private static byte[] serialize(SecureRandom sr) throws IOException {
        try (ByteArrayOutputStream bos = new ByteArrayOutputStream();
                ObjectOutputStream oos = new ObjectOutputStream(bos)) {
            oos.writeObject(sr);
            return bos.toByteArray();
        }
    }

    /**
     * Create a SecureRandom instance for a given mechanism.
     */
    private static SecureRandom getSRInstance(String mech)
            throws NoSuchAlgorithmException {
        if (!isDRBG(mech)) {
            return SecureRandom.getInstance(mech);
        } else {
            Security.setProperty(DRBG_CONFIG, mech);
            return SecureRandom.getInstance("DRBG");
        }
    }

}