1 /* |
1 /* |
2 * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. |
7 * published by the Free Software Foundation. |
27 * @summary Make sure that we can parse certificates using various named curves |
27 * @summary Make sure that we can parse certificates using various named curves |
28 * and verify their signatures |
28 * and verify their signatures |
29 * @author Andreas Sterbenz |
29 * @author Andreas Sterbenz |
30 * @library .. |
30 * @library .. |
31 * @library ../../../../java/security/testlibrary |
31 * @library ../../../../java/security/testlibrary |
|
32 * @run main/othervm ReadCertificates |
|
33 * @run main/othervm ReadCertificates sm policy |
32 */ |
34 */ |
33 |
35 |
34 import java.io.*; |
36 import java.io.File; |
35 import java.util.*; |
37 import java.io.FileInputStream; |
36 |
38 import java.io.InputStream; |
37 import java.security.cert.*; |
39 import java.security.InvalidKeyException; |
38 import java.security.*; |
40 import java.security.NoSuchAlgorithmException; |
39 import java.security.interfaces.*; |
41 import java.security.NoSuchProviderException; |
|
42 import java.security.Provider; |
|
43 import java.security.PublicKey; |
|
44 import java.security.SecureRandom; |
|
45 import java.security.SignatureException; |
|
46 import java.security.cert.CertificateException; |
|
47 import java.security.cert.CertificateFactory; |
|
48 import java.security.cert.X509Certificate; |
|
49 import java.security.interfaces.ECPublicKey; |
40 import java.security.spec.ECParameterSpec; |
50 import java.security.spec.ECParameterSpec; |
41 |
51 import java.util.ArrayList; |
|
52 import java.util.Arrays; |
|
53 import java.util.Collection; |
|
54 import java.util.LinkedHashMap; |
|
55 import java.util.List; |
|
56 import java.util.Map; |
42 import javax.security.auth.x500.X500Principal; |
57 import javax.security.auth.x500.X500Principal; |
43 |
58 |
44 public class ReadCertificates extends PKCS11Test { |
59 public class ReadCertificates extends PKCS11Test { |
45 |
60 |
46 private static CertificateFactory factory; |
61 private static CertificateFactory factory; |
47 |
62 |
48 private static SecureRandom random; |
63 private static SecureRandom random; |
49 |
64 |
50 private static Collection<X509Certificate> readCertificates(File file) throws Exception { |
65 private static Collection<X509Certificate> readCertificates(File file) throws Exception { |
51 System.out.println("Loading " + file.getName() + "..."); |
66 System.out.println("Loading " + file.getName() + "..."); |
52 InputStream in = new FileInputStream(file); |
67 Collection<X509Certificate> certs; |
53 Collection<X509Certificate> certs = (Collection<X509Certificate>)factory.generateCertificates(in); |
68 try (InputStream in = new FileInputStream(file)) { |
54 in.close(); |
69 certs = (Collection<X509Certificate>)factory.generateCertificates(in); |
|
70 } |
55 return certs; |
71 return certs; |
56 } |
72 } |
57 |
73 |
58 public static void main(String[] args) throws Exception { |
74 public static void main(String[] args) throws Exception { |
59 main(new ReadCertificates()); |
75 main(new ReadCertificates(), args); |
60 } |
76 } |
61 |
77 |
|
78 @Override |
62 public void main(Provider p) throws Exception { |
79 public void main(Provider p) throws Exception { |
63 if (p.getService("Signature", "SHA1withECDSA") == null) { |
80 if (p.getService("Signature", "SHA1withECDSA") == null) { |
64 System.out.println("Provider does not support ECDSA, skipping..."); |
81 System.out.println("Provider does not support ECDSA, skipping..."); |
65 return; |
82 return; |
66 } |
83 } |
77 // provider (undocumented hack for the Sun provider) |
94 // provider (undocumented hack for the Sun provider) |
78 factory.generateCertificate(null); |
95 factory.generateCertificate(null); |
79 } catch (CertificateException e) { |
96 } catch (CertificateException e) { |
80 // ignore |
97 // ignore |
81 } |
98 } |
82 Map<X500Principal,X509Certificate> certs = new LinkedHashMap<X500Principal,X509Certificate>(); |
99 Map<X500Principal,X509Certificate> certs = new LinkedHashMap<>(); |
83 |
100 |
84 File dir = new File(BASE, "certs"); |
101 File dir = new File(BASE, "certs"); |
85 File closedDir = new File(CLOSED_BASE, "certs"); |
102 File closedDir = new File(CLOSED_BASE, "certs"); |
86 File[] files = concat(dir.listFiles(), closedDir.listFiles()); |
103 File[] files = concat(dir.listFiles(), closedDir.listFiles()); |
87 Arrays.sort(files); |
104 Arrays.sort(files); |
101 } |
118 } |
102 } |
119 } |
103 System.out.println("OK: " + certs.size() + " certificates."); |
120 System.out.println("OK: " + certs.size() + " certificates."); |
104 |
121 |
105 // Get supported curves |
122 // Get supported curves |
106 Vector<ECParameterSpec> supportedEC = getKnownCurves(p); |
123 List<ECParameterSpec> supportedEC = getKnownCurves(p); |
107 |
124 |
108 System.out.println("Test Certs:\n"); |
125 System.out.println("Test Certs:\n"); |
109 for (X509Certificate cert : certs.values()) { |
126 for (X509Certificate cert : certs.values()) { |
110 X509Certificate issuer = certs.get(cert.getIssuerX500Principal()); |
127 X509Certificate issuer = certs.get(cert.getIssuerX500Principal()); |
111 System.out.print("Verifying " + cert.getSubjectX500Principal() + |
128 System.out.print("Verifying " + cert.getSubjectX500Principal() + |
125 System.out.println("Pass."); |
142 System.out.println("Pass."); |
126 } catch (NoSuchAlgorithmException e) { |
143 } catch (NoSuchAlgorithmException e) { |
127 System.out.println("Warning: " + e.getMessage() + |
144 System.out.println("Warning: " + e.getMessage() + |
128 ". Trying another provider..."); |
145 ". Trying another provider..."); |
129 cert.verify(key); |
146 cert.verify(key); |
130 } catch (Exception e) { |
147 } catch (CertificateException | InvalidKeyException | |
|
148 NoSuchProviderException | SignatureException e) { |
131 System.out.println(e.getMessage()); |
149 System.out.println(e.getMessage()); |
132 if (key instanceof ECPublicKey) { |
150 if (key instanceof ECPublicKey) { |
133 System.out.println("Failed.\n\tCurve: " + |
151 System.out.println("Failed.\n\tCurve: " + |
134 ((ECPublicKey)key).getParams() + |
152 ((ECPublicKey)key).getParams() + |
135 "\n\tSignature Alg: " + cert.getSigAlgName()); |
153 "\n\tSignature Alg: " + cert.getSigAlgName()); |
143 } |
161 } |
144 |
162 |
145 // try some random invalid signatures to make sure we get the correct |
163 // try some random invalid signatures to make sure we get the correct |
146 // error |
164 // error |
147 System.out.println("Checking incorrect signatures..."); |
165 System.out.println("Checking incorrect signatures..."); |
148 List<X509Certificate> certList = new ArrayList<X509Certificate>(certs.values()); |
166 List<X509Certificate> certList = new ArrayList<>(certs.values()); |
149 for (int i = 0; i < 20; i++) { |
167 for (int i = 0; i < 20; i++) { |
150 X509Certificate cert, signer; |
168 X509Certificate cert, signer; |
151 do { |
169 do { |
152 cert = getRandomCert(certList); |
170 cert = getRandomCert(certList); |
153 signer = getRandomCert(certList); |
171 signer = getRandomCert(certList); |
159 if (cert.getPublicKey().equals(signerPublicKey)) { |
177 if (cert.getPublicKey().equals(signerPublicKey)) { |
160 System.out.println("OK: self-signed certificate detected"); |
178 System.out.println("OK: self-signed certificate detected"); |
161 } else { |
179 } else { |
162 throw new Exception("Verified invalid signature"); |
180 throw new Exception("Verified invalid signature"); |
163 } |
181 } |
164 } catch (SignatureException e) { |
182 } catch (SignatureException | InvalidKeyException e) { |
165 System.out.println("OK: " + e); |
|
166 } catch (InvalidKeyException e) { |
|
167 System.out.println("OK: " + e); |
183 System.out.println("OK: " + e); |
168 } |
184 } |
169 } |
185 } |
170 |
186 |
171 System.out.println("OK"); |
187 System.out.println("OK"); |