# HG changeset patch # User igerasim # Date 1522386725 25200 # Node ID f1a8ec1a697230170178f4a87faa64b83c1797eb # Parent f7363de371c9a1f668bd0a01b7df3d1ddb9cc58b 8178370: [TEST_BUG] java/security/Signature/SignatureLength.java fails Reviewed-by: mullan diff -r f7363de371c9 -r f1a8ec1a6972 test/jdk/java/security/Signature/SignatureLength.java --- a/test/jdk/java/security/Signature/SignatureLength.java Thu Mar 29 16:23:35 2018 -0700 +++ b/test/jdk/java/security/Signature/SignatureLength.java Thu Mar 29 22:12:05 2018 -0700 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,7 @@ /* * @test - * @bug 8161571 + * @bug 8161571 8178370 * @summary Reject signatures presented for verification that contain extra * bytes. * @modules jdk.crypto.ec @@ -32,42 +32,71 @@ import java.security.KeyPair; import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.Security; import java.security.Signature; import java.security.SignatureException; public class SignatureLength { public static void main(String[] args) throws Exception { - main0("EC", 256, "SHA256withECDSA", "SunEC"); - main0("RSA", 2048, "SHA256withRSA", "SunRsaSign"); - main0("DSA", 2048, "SHA256withDSA", "SUN"); + for (Provider p0 : Security.getProviders()) { + for (Provider p1 : Security.getProviders()) { + for (Provider p2 : Security.getProviders()) { + // SunMSCAPI signer can only be initialized with + // a key generated with SunMSCAPI + if (!p0.getName().equals("SunMSCAPI") + && p1.getName().equals("SunMSCAPI")) continue; - if (System.getProperty("os.name").equals("SunOS")) { - main0("EC", 256, "SHA256withECDSA", null); - main0("RSA", 2048, "SHA256withRSA", null); + // SunMSCAPI generated key can only be signed + // with SunMSCAPI signer + if (p0.getName().equals("SunMSCAPI") + && !p1.getName().equals("SunMSCAPI")) continue; + + // SunMSCAPI and SunPKCS11 verifiers may return false + // instead of throwing SignatureException + boolean mayNotThrow = p2.getName().equals("SunMSCAPI") + || p2.getName().startsWith("SunPKCS11"); + + main0("EC", 256, "SHA256withECDSA", p0, p1, p2, mayNotThrow); + main0("RSA", 2048, "SHA256withRSA", p0, p1, p2, mayNotThrow); + main0("DSA", 2048, "SHA256withDSA", p0, p1, p2, mayNotThrow); + } + } } } private static void main0(String keyAlgorithm, int keysize, - String signatureAlgorithm, String provider) throws Exception { + String signatureAlgorithm, Provider generatorProvider, + Provider signerProvider, Provider verifierProvider, + boolean mayNotThrow) throws Exception { + + KeyPairGenerator generator; + Signature signer; + Signature verifier; + + try { + generator = KeyPairGenerator.getInstance(keyAlgorithm, + generatorProvider); + signer = Signature.getInstance(signatureAlgorithm, + signerProvider); + verifier = Signature.getInstance(signatureAlgorithm, + verifierProvider); + } catch (NoSuchAlgorithmException nsae) { + // ignore this set of providers + return; + } + byte[] plaintext = "aaa".getBytes("UTF-8"); // Generate - KeyPairGenerator generator = - provider == null ? - (KeyPairGenerator) KeyPairGenerator.getInstance(keyAlgorithm) : - (KeyPairGenerator) KeyPairGenerator.getInstance( - keyAlgorithm, provider); generator.initialize(keysize); System.out.println("Generating " + keyAlgorithm + " keypair using " + generator.getProvider().getName() + " JCE provider"); KeyPair keypair = generator.generateKeyPair(); // Sign - Signature signer = - provider == null ? - Signature.getInstance(signatureAlgorithm) : - Signature.getInstance(signatureAlgorithm, provider); signer.initSign(keypair.getPrivate()); signer.update(plaintext); System.out.println("Signing using " + signer.getProvider().getName() + @@ -85,19 +114,26 @@ badSignature[signature.length + 4] = 0x01; // Verify - Signature verifier = - provider == null ? - Signature.getInstance(signatureAlgorithm) : - Signature.getInstance(signatureAlgorithm, provider); verifier.initVerify(keypair.getPublic()); verifier.update(plaintext); System.out.println("Verifying using " + verifier.getProvider().getName() + " JCE provider"); try { - System.out.println("Valid? " + verifier.verify(badSignature)); - throw new Exception( - "ERROR: expected a SignatureException but none was thrown"); + boolean valid = verifier.verify(badSignature); + System.out.println("Valid? " + valid); + if (mayNotThrow) { + if (valid) { + throw new Exception( + "ERROR: expected a SignatureException but none was thrown" + + " and invalid signature was verified"); + } else { + System.out.println("OK: verification failed as expected"); + } + } else { + throw new Exception( + "ERROR: expected a SignatureException but none was thrown"); + } } catch (SignatureException e) { System.out.println("OK: caught expected exception: " + e); }