8144539: Update PKCS11 tests to run with security manager
Reviewed-by: valeriep, ascarpino
--- a/jdk/test/sun/security/pkcs11/Cipher/ReinitCipher.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/ReinitCipher.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,21 +28,22 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
+ * @run main/othervm ReinitCipher
+ * @run main/othervm ReinitCipher sm
*/
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.security.Provider;
+import java.util.Random;
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
public class ReinitCipher extends PKCS11Test {
public static void main(String[] args) throws Exception {
- main(new ReinitCipher());
+ main(new ReinitCipher(), args);
}
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("Cipher", "ARCFOUR") == null) {
System.out.println("Not supported by provider, skipping");
--- a/jdk/test/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,16 +27,18 @@
* @summary Test internal PKCS5Padding impl with various error conditions.
* @author Valerie Peng
* @library ..
+ * @run main/othervm TestPKCS5PaddingError
+ * @run main/othervm TestPKCS5PaddingError sm
*/
-import java.io.*;
-import java.nio.*;
-import java.util.*;
-import java.security.*;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.*;
-import javax.crypto.spec.IvParameterSpec;
+import java.security.AlgorithmParameters;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
public class TestPKCS5PaddingError extends PKCS11Test {
private static class CI { // class for holding Cipher Information
@@ -62,10 +64,8 @@
private static StringBuffer debugBuf = new StringBuffer();
+ @Override
public void main(Provider p) throws Exception {
- boolean status = true;
- Random random = new Random();
-
try {
byte[] plainText = new byte[200];
@@ -127,6 +127,6 @@
}
public static void main(String[] args) throws Exception {
- main(new TestPKCS5PaddingError());
+ main(new TestPKCS5PaddingError(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/Cipher/TestRSACipher.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestRSACipher.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,20 +28,28 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
+ * @run main/othervm TestRSACipher
+ * @run main/othervm TestRSACipher sm
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.util.Arrays;
+import java.util.Random;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
public class TestRSACipher extends PKCS11Test {
private static final String[] RSA_ALGOS =
{ "RSA/ECB/PKCS1Padding", "RSA" };
+ @Override
public void main(Provider p) throws Exception {
try {
Cipher.getInstance(RSA_ALGOS[0], p);
@@ -122,7 +130,7 @@
}
public static void main(String[] args) throws Exception {
- main(new TestRSACipher());
+ main(new TestRSACipher(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/Cipher/TestRSACipherWrap.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestRSACipherWrap.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,13 +27,20 @@
* @summary basic test for RSA cipher key wrapping functionality
* @author Valerie Peng
* @library ..
+ * @run main/othervm TestRSACipherWrap
+ * @run main/othervm TestRSACipherWrap sm
*/
-import java.io.*;
-import java.util.*;
-import java.security.*;
-
-import javax.crypto.*;
+import java.security.GeneralSecurityException;
+import java.security.InvalidParameterException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.util.Arrays;
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
public class TestRSACipherWrap extends PKCS11Test {
@@ -41,6 +48,7 @@
private static final String[] RSA_ALGOS =
{ "RSA/ECB/PKCS1Padding", "RSA" };
+ @Override
public void main(Provider p) throws Exception {
try {
Cipher.getInstance(RSA_ALGOS[0], p);
@@ -104,6 +112,6 @@
}
public static void main(String[] args) throws Exception {
- main(new TestRSACipherWrap());
+ main(new TestRSACipherWrap(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/Cipher/TestRawRSACipher.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestRawRSACipher.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,16 +28,21 @@
* @author Valerie Peng
* @library ..
* @key randomness
+ * @run main/othervm TestRawRSACipher
+ * @run main/othervm TestRawRSACipher sm
*/
-import javax.crypto.*;
-import java.io.*;
-import javax.crypto.spec.SecretKeySpec;
-import java.security.*;
-import java.util.*;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.util.Arrays;
+import java.util.Random;
+import javax.crypto.Cipher;
public class TestRawRSACipher extends PKCS11Test {
+ @Override
public void main(Provider p) throws Exception {
try {
Cipher.getInstance("RSA/ECB/NoPadding", p);
@@ -80,6 +85,6 @@
}
public static void main(String[] args) throws Exception {
- main(new TestRawRSACipher());
+ main(new TestRawRSACipher(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,16 +28,19 @@
* @author Valerie Peng
* @library ..
* @key randomness
+ * @run main/othervm TestSymmCiphers
+ * @run main/othervm TestSymmCiphers sm
*/
-import java.io.*;
-import java.nio.*;
-import java.util.*;
-import java.security.*;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.*;
-import javax.crypto.spec.IvParameterSpec;
+import java.io.ByteArrayOutputStream;
+import java.nio.ByteBuffer;
+import java.security.AlgorithmParameters;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.util.Random;
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
public class TestSymmCiphers extends PKCS11Test {
@@ -81,6 +84,7 @@
};
private static StringBuffer debugBuf = new StringBuffer();
+ @Override
public void main(Provider p) throws Exception {
// NSS reports CKR_DEVICE_ERROR when the data passed to
// its EncryptUpdate/DecryptUpdate is not multiple of blocks
@@ -272,6 +276,6 @@
}
public static void main(String[] args) throws Exception {
- main(new TestSymmCiphers());
+ main(new TestSymmCiphers(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,17 +28,22 @@
* @author Valerie Peng
* @library ..
* @key randomness
+ * @run main/othervm TestSymmCiphersNoPad
+ * @run main/othervm TestSymmCiphersNoPad sm
*/
-import java.io.*;
-import java.nio.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.spec.AlgorithmParameterSpec;
-
-import javax.crypto.*;
-import javax.crypto.spec.IvParameterSpec;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.nio.ByteBuffer;
+import java.security.AlgorithmParameters;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.util.Random;
+import javax.crypto.Cipher;
+import javax.crypto.CipherInputStream;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
public class TestSymmCiphersNoPad extends PKCS11Test {
@@ -67,6 +72,7 @@
private static StringBuffer debugBuf;
+ @Override
public void main(Provider p) throws Exception {
boolean status = true;
Random random = new Random();
@@ -234,6 +240,6 @@
}
public static void main(String[] args) throws Exception {
- main(new TestSymmCiphersNoPad());
+ main(new TestSymmCiphersNoPad(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,17 +27,20 @@
* @summary Verify that DH works properly
* @author Andreas Sterbenz
* @library ..
+ * @run main/othervm TestDH
+ * @run main/othervm TestDH sm
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.util.Arrays;
+import javax.crypto.KeyAgreement;
+import javax.crypto.SecretKey;
public class TestDH extends PKCS11Test {
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("KeyAgreement", "DH") == null) {
System.out.println("DH not supported, skipping");
@@ -91,8 +94,9 @@
testAlgorithm(ka2, kp2, ka1, kp1, "TlsPremasterSecret");
}
- private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1, KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception {
- SecretKey key1 = null;
+ private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1,
+ KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception {
+ SecretKey key1;
ka1.init(kp1.getPrivate());
ka1.doPhase(kp2.getPublic(), true);
@@ -115,7 +119,7 @@
}
public static void main(String[] args) throws Exception {
- main(new TestDH());
+ main(new TestDH(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/KeyAgreement/TestInterop.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyAgreement/TestInterop.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,14 +26,18 @@
* @bug 7146728
* @summary Interop test for DH with secret that has a leading 0x00 byte
* @library ..
+ * @run main/othervm TestInterop
+ * @run main/othervm TestInterop sm
*/
import java.math.BigInteger;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.util.Arrays;
+import javax.crypto.KeyAgreement;
+import javax.crypto.spec.DHPrivateKeySpec;
+import javax.crypto.spec.DHPublicKeySpec;
public class TestInterop extends PKCS11Test {
@@ -72,6 +76,7 @@
+ "30313414180008978013330410484011186019824874948204261839391153650949864"
+ "429505597086564709");
+ @Override
public void main(Provider prov) throws Exception {
if (prov.getService("KeyAgreement", "DH") == null) {
System.out.println("DH not supported, skipping");
@@ -138,6 +143,6 @@
}
public static void main(String[] args) throws Exception {
- main(new TestInterop());
+ main(new TestInterop(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/KeyAgreement/TestShort.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyAgreement/TestShort.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,15 +27,19 @@
* @summary KAT test for DH (normal and with secret that has leading a 0x00 byte)
* @author Andreas Sterbenz
* @library ..
+ * @run main/othervm TestShort
+ * @run main/othervm TestShort sm
*/
import java.math.BigInteger;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.util.Arrays;
+import javax.crypto.KeyAgreement;
+import javax.crypto.spec.DHPrivateKeySpec;
+import javax.crypto.spec.DHPublicKeySpec;
public class TestShort extends PKCS11Test {
@@ -83,6 +87,7 @@
+ "1a:6a:15:d8:a4:8c:0a:ce:f0:15:03:0c:c2:56:82:a2:75:9b:49:fe:ed:60:c5:6e"
+ ":de:47:55:62:4f:16:20:6d:74:cc:7b:95:93:25:2c:ea");
+ @Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyAgreement", "DH") == null) {
System.out.println("DH not supported, skipping");
@@ -142,7 +147,7 @@
}
public static void main(String[] args) throws Exception {
- main(new TestShort());
+ main(new TestShort(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/KeyGenerator/DESParity.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyGenerator/DESParity.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,19 +28,21 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
+ * @run main/othervm DESParity
+ * @run main/othervm DESParity sm
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.spec.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.security.Provider;
+import java.util.Random;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.DESKeySpec;
+import javax.crypto.spec.DESedeKeySpec;
+import javax.crypto.spec.SecretKeySpec;
public class DESParity extends PKCS11Test {
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("SecretKeyFactory", "DES") == null) {
System.out.println("Not supported by provider, skipping");
@@ -73,7 +75,7 @@
}
public static void main(String[] args) throws Exception {
- main(new DESParity());
+ main(new DESParity(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,13 +27,16 @@
* @summary test the KeyGenerator
* @author Andreas Sterbenz
* @library ..
+ * @run main/othervm TestKeyGenerator
+ * @run main/othervm TestKeyGenerator sm
*/
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
+import java.security.InvalidParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.ProviderException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
enum TestResult {
PASS,
@@ -44,7 +47,7 @@
public class TestKeyGenerator extends PKCS11Test {
public static void main(String[] args) throws Exception {
- main(new TestKeyGenerator());
+ main(new TestKeyGenerator(), args);
}
private TestResult test(String algorithm, int keyLen, Provider p,
@@ -85,6 +88,7 @@
return actual;
}
+ @Override
public void main(Provider p) throws Exception {
test("DES", 0, p, TestResult.FAIL);
test("DES", 56, p, TestResult.PASS); // ensure JCE-Compatibility
--- a/jdk/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,14 +27,14 @@
* @summary Ensure that 2048-bit DH key pairs can be generated
* @author Valerie Peng
* @library ..
+ * @run main/othervm TestDH2048
+ * @run main/othervm TestDH2048 sm
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
+import java.security.InvalidParameterException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
public class TestDH2048 extends PKCS11Test {
@@ -47,6 +47,7 @@
}
}
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("KeyPairGenerator", "DH") == null) {
System.out.println("KPG for DH not supported, skipping");
@@ -61,6 +62,6 @@
}
public static void main(String[] args) throws Exception {
- main(new TestDH2048());
+ main(new TestDH2048(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/Mac/MacKAT.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Mac/MacKAT.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,8 @@
* @summary Basic known-answer-test for Hmac algorithms
* @author Andreas Sterbenz
* @library ..
- * @run main MacKAT
+ * @run main/othervm MacKAT
+ * @run main/othervm MacKAT sm
*/
public class MacKAT extends PKCS11Test {
@@ -178,7 +179,7 @@
};
public static void main(String[] args) throws Exception {
- main(new MacKAT());
+ main(new MacKAT(), args);
}
@Override
--- a/jdk/test/sun/security/pkcs11/Mac/MacSameTest.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Mac/MacSameTest.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,8 @@
* @summary Check if doFinal and update operation result in same Mac
* @author Yu-Ching Valerie Peng, Bill Situ, Alexander Fomin
* @library ..
- * @run main MacSameTest
+ * @run main/othervm MacSameTest
+ * @run main/othervm MacSameTest sm
* @key randomness
*/
public class MacSameTest extends PKCS11Test {
@@ -57,7 +58,7 @@
* @param args the command line arguments
*/
public static void main(String[] args) throws Exception {
- main(new MacSameTest());
+ main(new MacSameTest(), args);
}
@Override
--- a/jdk/test/sun/security/pkcs11/Mac/ReinitMac.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Mac/ReinitMac.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,21 +28,22 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
+ * @run main/othervm ReinitMac
+ * @run main/othervm ReinitMac sm
*/
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.security.Provider;
+import java.util.Random;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
public class ReinitMac extends PKCS11Test {
public static void main(String[] args) throws Exception {
- main(new ReinitMac());
+ main(new ReinitMac(), args);
}
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("Mac", "HmacMD5") == null) {
System.out.println(p + " does not support HmacMD5, skipping");
--- a/jdk/test/sun/security/pkcs11/MessageDigest/ByteBuffers.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/MessageDigest/ByteBuffers.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,19 +28,23 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
+ * @run main/othervm ByteBuffers
+ * @run main/othervm ByteBuffers sm
*/
-import java.util.*;
-import java.nio.*;
-
-import java.security.*;
+import java.nio.ByteBuffer;
+import java.security.MessageDigest;
+import java.security.Provider;
+import java.util.Arrays;
+import java.util.Random;
public class ByteBuffers extends PKCS11Test {
public static void main(String[] args) throws Exception {
- main(new ByteBuffers());
+ main(new ByteBuffers(), args);
}
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("MessageDigest", "MD5") == null) {
System.out.println("Provider does not support MD5, skipping");
--- a/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,19 +27,23 @@
* @summary Basic known-answer-test for all our MessageDigest algorithms
* @author Andreas Sterbenz
* @library ..
+ * @run main/othervm DigestKAT
+ * @run main/othervm DigestKAT sm
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.StringReader;
+import java.security.MessageDigest;
+import java.security.Provider;
+import java.util.Arrays;
public class DigestKAT extends PKCS11Test {
private final static char[] hexDigits = "0123456789abcdef".toCharArray();
public static String toString(byte[] b) {
- StringBuffer sb = new StringBuffer(b.length * 3);
+ StringBuilder sb = new StringBuilder(b.length * 3);
for (int i = 0; i < b.length; i++) {
int k = b[i] & 0xff;
if (i != 0) {
@@ -106,6 +110,7 @@
this.data = data;
this.digest = digest;
}
+ @Override
void run(Provider p) throws Exception {
if (p.getService("MessageDigest", alg) == null) {
System.out.println("Skipped " + alg);
@@ -123,7 +128,6 @@
System.out.println("out: " + DigestKAT.toString(myDigest));
throw new Exception("Digest test for " + alg + " failed");
}
-// System.out.println("Passed " + alg);
}
}
@@ -221,12 +225,13 @@
System.out.println("Done (" + (stop - start) + " ms).");
}
+ @Override
public void main(Provider p) throws Exception{
runTests(tests, p);
}
public static void main(String[] args) throws Exception {
- main(new DigestKAT());
+ main(new DigestKAT(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/MessageDigest/ReinitDigest.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/MessageDigest/ReinitDigest.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,18 +28,22 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
+ * @run main/othervm ReinitDigest
+ * @run main/othervm ReinitDigest sm
*/
-import java.util.*;
-
-import java.security.*;
+import java.security.MessageDigest;
+import java.security.Provider;
+import java.util.Arrays;
+import java.util.Random;
public class ReinitDigest extends PKCS11Test {
public static void main(String[] args) throws Exception {
- main(new ReinitDigest());
+ main(new ReinitDigest(), args);
}
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("MessageDigest", "MD5") == null) {
System.out.println("Provider does not support MD5, skipping");
--- a/jdk/test/sun/security/pkcs11/MessageDigest/TestCloning.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/MessageDigest/TestCloning.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,11 +28,14 @@
* @author Valerie Peng
* @library ..
* @key randomness
+ * @run main/othervm TestCloning
+ * @run main/othervm TestCloning sm
*/
-import java.util.*;
-
-import java.security.*;
+import java.security.MessageDigest;
+import java.security.Provider;
+import java.util.Arrays;
+import java.util.Random;
public class TestCloning extends PKCS11Test {
@@ -41,13 +44,14 @@
};
public static void main(String[] args) throws Exception {
- main(new TestCloning());
+ main(new TestCloning(), args);
}
private static final byte[] data1 = new byte[10];
private static final byte[] data2 = new byte[10*1024];
+ @Override
public void main(Provider p) throws Exception {
Random r = new Random();
byte[] data1 = new byte[10];
--- a/jdk/test/sun/security/pkcs11/PKCS11Test.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/PKCS11Test.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -24,15 +24,38 @@
// common infrastructure for SunPKCS11 tests
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
+import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.StringReader;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.ProviderException;
+import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+import java.util.ServiceLoader;
+import java.util.Set;
public abstract class PKCS11Test {
+ private boolean enableSM = false;
+
+ static final Properties props = System.getProperties();
+
static final String PKCS11 = "PKCS11";
// directory of the test source
@@ -40,7 +63,8 @@
static final char SEP = File.separatorChar;
- private final static String REL_CLOSED = "../../../../closed/sun/security/pkcs11".replace('/', SEP);
+ private static final String DEFAULT_POLICY =
+ BASE + SEP + ".." + SEP + "policy";
// directory corresponding to BASE in the /closed hierarchy
static final String CLOSED_BASE;
@@ -53,6 +77,9 @@
String p1 = absBase.substring(0, k + 6);
String p2 = absBase.substring(k + 5);
CLOSED_BASE = p1 + "closed" + p2;
+
+ // set it as a system property to make it available in policy file
+ System.setProperty("closed.base", CLOSED_BASE);
}
static String NSPR_PREFIX = "";
@@ -86,7 +113,7 @@
if (p.getName().equals("SunPKCS11")) {
found = true;
break;
- };
+ }
} catch (Exception e) {
// ignore and move on to the next one
}
@@ -103,6 +130,19 @@
pkcs11 = p;
}
+ /*
+ * Use Solaris SPARC 11.2 or later to avoid an intermittent failure
+ * when running SunPKCS11-Solaris (8044554)
+ */
+ static boolean isBadSolarisSparc(Provider p) {
+ if ("SunPKCS11-Solaris".equals(p.getName()) && badSolarisSparc) {
+ System.out.println("SunPKCS11-Solaris provider requires " +
+ "Solaris SPARC 11.2 or later, skipping");
+ return true;
+ }
+ return false;
+ }
+
// Return a SunPKCS11 provider configured with the specified config file
static Provider getSunPKCS11(String config) throws Exception {
if (pkcs11 == null) {
@@ -114,15 +154,43 @@
public abstract void main(Provider p) throws Exception;
private void premain(Provider p) throws Exception {
- long start = System.currentTimeMillis();
- System.out.println("Running test with provider " + p.getName() + "...");
- main(p);
- long stop = System.currentTimeMillis();
- System.out.println("Completed test with provider " + p.getName() +
- " (" + (stop - start) + " ms).");
+ // set a security manager and policy before a test case runs,
+ // and disable them after the test case finished
+ try {
+ if (enableSM) {
+ System.setSecurityManager(new SecurityManager());
+ }
+ long start = System.currentTimeMillis();
+ System.out.printf(
+ "Running test with provider %s (security manager %s) ...%n",
+ p.getName(), enableSM ? "enabled" : "disabled");
+ main(p);
+ long stop = System.currentTimeMillis();
+ System.out.println("Completed test with provider " + p.getName() +
+ " (" + (stop - start) + " ms).");
+ } finally {
+ if (enableSM) {
+ System.setSecurityManager(null);
+ }
+ }
}
public static void main(PKCS11Test test) throws Exception {
+ main(test, null);
+ }
+
+ public static void main(PKCS11Test test, String[] args) throws Exception {
+ if (args != null) {
+ if (args.length > 0 && "sm".equals(args[0])) {
+ test.enableSM = true;
+ }
+ if (test.enableSM) {
+ System.setProperty("java.security.policy",
+ (args.length > 1) ? BASE + SEP + args[1]
+ : DEFAULT_POLICY);
+ }
+ }
+
Provider[] oldProviders = Security.getProviders();
try {
System.out.println("Beginning test run " + test.getClass().getName() + "...");
@@ -218,7 +286,6 @@
}
static String getNSSLibDir(String library) throws Exception {
- Properties props = System.getProperties();
String osName = props.getProperty("os.name");
if (osName.startsWith("Win")) {
osName = "Windows";
@@ -249,6 +316,15 @@
return nssLibDir;
}
+ static boolean isBadNSSVersion(Provider p) {
+ if (isNSS(p) && badNSSVersion) {
+ System.out.println("NSS 3.11 has a DER issue that recent " +
+ "version do not.");
+ return true;
+ }
+ return false;
+ }
+
protected static void safeReload(String lib) throws Exception {
try {
System.load(lib);
@@ -317,34 +393,32 @@
try {
libfile = getNSSLibDir() + System.mapLibraryName(library);
- FileInputStream is = new FileInputStream(libfile);
- byte[] data = new byte[1000];
- int read = 0;
+ try (FileInputStream is = new FileInputStream(libfile)) {
+ byte[] data = new byte[1000];
+ int read = 0;
- while (is.available() > 0) {
- if (read == 0) {
- read = is.read(data, 0, 1000);
- } else {
- // Prepend last 100 bytes in case the header was split
- // between the reads.
- System.arraycopy(data, 900, data, 0, 100);
- read = 100 + is.read(data, 100, 900);
- }
+ while (is.available() > 0) {
+ if (read == 0) {
+ read = is.read(data, 0, 1000);
+ } else {
+ // Prepend last 100 bytes in case the header was split
+ // between the reads.
+ System.arraycopy(data, 900, data, 0, 100);
+ read = 100 + is.read(data, 100, 900);
+ }
- s = new String(data, 0, read);
- if ((i = s.indexOf(nssHeader)) > 0) {
- found = true;
- // If the nssHeader is before 920 we can break, otherwise
- // we may not have the whole header so do another read. If
- // no bytes are in the stream, that is ok, found is true.
- if (i < 920) {
- break;
+ s = new String(data, 0, read);
+ if ((i = s.indexOf(nssHeader)) > 0) {
+ found = true;
+ // If the nssHeader is before 920 we can break, otherwise
+ // we may not have the whole header so do another read. If
+ // no bytes are in the stream, that is ok, found is true.
+ if (i < 920) {
+ break;
+ }
}
}
}
-
- is.close();
-
} catch (Exception e) {
e.printStackTrace();
}
@@ -438,14 +512,13 @@
}
// Generate a vector of supported elliptic curves of a given provider
- static Vector<ECParameterSpec> getKnownCurves(Provider p) throws Exception {
+ static List<ECParameterSpec> getKnownCurves(Provider p) throws Exception {
int index;
int begin;
int end;
String curve;
- KeyPair kp = null;
- Vector<ECParameterSpec> results = new Vector<ECParameterSpec>();
+ List<ECParameterSpec> results = new ArrayList<>();
// Get Curves to test from SunEC.
String kcProp = Security.getProvider("SunEC").
getProperty("AlgorithmParameters.EC SupportedCurves");
@@ -483,7 +556,7 @@
try {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p);
kpg.initialize(e);
- kp = kpg.generateKeyPair();
+ kpg.generateKeyPair();
results.add(e);
System.out.println("Supported");
} catch (ProviderException ex) {
@@ -514,9 +587,8 @@
}
// Check support for a curve with a provided Vector of EC support
- boolean checkSupport(Vector<ECParameterSpec> supportedEC,
+ boolean checkSupport(List<ECParameterSpec> supportedEC,
ECParameterSpec curve) {
- boolean found = false;
for (ECParameterSpec ec: supportedEC) {
if (ec.equals(curve)) {
return true;
@@ -529,7 +601,7 @@
// Location of the NSS libraries on each supported platform
static {
- osMap = new HashMap<String,String[]>();
+ osMap = new HashMap<>();
osMap.put("SunOS-sparc-32", new String[]{"/usr/lib/mps/"});
osMap.put("SunOS-sparcv9-64", new String[]{"/usr/lib/mps/64/"});
osMap.put("SunOS-x86-32", new String[]{"/usr/lib/mps/"});
@@ -551,11 +623,20 @@
private final static char[] hexDigits = "0123456789abcdef".toCharArray();
+ static final boolean badNSSVersion =
+ getNSSVersion() >= 3.11 && getNSSVersion() < 3.12;
+
+ static final boolean badSolarisSparc =
+ System.getProperty("os.name").equals("SunOS") &&
+ System.getProperty("os.arch").equals("sparcv9") &&
+ System.getProperty("os.version").compareTo("5.11") <= 0 &&
+ getDistro().compareTo("11.2") < 0;
+
public static String toString(byte[] b) {
if (b == null) {
return "(null)";
}
- StringBuffer sb = new StringBuffer(b.length * 3);
+ StringBuilder sb = new StringBuilder(b.length * 3);
for (int i = 0; i < b.length; i++) {
int k = b[i] & 0xff;
if (i != 0) {
@@ -637,8 +718,7 @@
/**
* Get the identifier for the operating system distribution
*/
- public String getDistro() {
-
+ static String getDistro() {
try (BufferedReader in =
new BufferedReader(new InputStreamReader(
Runtime.getRuntime().exec("uname -v").getInputStream()))) {
--- a/jdk/test/sun/security/pkcs11/Secmod/AddPrivateKey.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/AddPrivateKey.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,14 +28,26 @@
* @author Andreas Sterbenz
* @library ..
* @run main/othervm AddPrivateKey
+ * @run main/othervm AddPrivateKey sm policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.KeyStore.*;
-import java.security.cert.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyFactory;
+import java.security.KeyStore;
+import java.security.KeyStore.PasswordProtection;
+import java.security.KeyStore.PrivateKeyEntry;
+import java.security.KeyStoreException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.Signature;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
// this test is currently only run for the NSS KeyStore provider, but it
// is really a generic KeyStore test so it should be modified to run for
@@ -63,6 +75,12 @@
System.out.println();
Security.addProvider(p);
+ if (args.length > 1 && "sm".equals(args[0])) {
+ System.setProperty("java.security.policy",
+ BASE + File.separator + args[1]);
+ System.setSecurityManager(new SecurityManager());
+ }
+
KeyStore ks = KeyStore.getInstance(PKCS11, p);
ks.load(null, password);
for (String alias : aliases(ks)) {
--- a/jdk/test/sun/security/pkcs11/Secmod/AddTrustedCert.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/AddTrustedCert.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,14 +28,21 @@
* @author Andreas Sterbenz
* @library ..
* @run main/othervm AddTrustedCert
+ * @run main/othervm AddTrustedCert sm policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.KeyStore.*;
-import java.security.cert.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.KeyStore.TrustedCertificateEntry;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.TreeSet;
public class AddTrustedCert extends SecmodTest {
@@ -56,6 +63,13 @@
System.out.println(p);
Security.addProvider(p);
+
+ if (args.length > 1 && "sm".equals(args[0])) {
+ System.setProperty("java.security.policy",
+ BASE + File.separator + args[1]);
+ System.setSecurityManager(new SecurityManager());
+ }
+
KeyStore ks = KeyStore.getInstance(PKCS11, p);
ks.load(null, password);
Collection<String> aliases = new TreeSet<>(Collections.list(
--- a/jdk/test/sun/security/pkcs11/Secmod/Crypto.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/Crypto.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,9 +28,14 @@
* @author Andreas Sterbenz
* @library ..
* @run main/othervm Crypto
+ * @run main/othervm Crypto sm policy
*/
-import java.security.*;
+import java.io.File;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.security.Signature;
public class Crypto extends SecmodTest {
@@ -42,6 +47,12 @@
String configName = BASE + SEP + "nsscrypto.cfg";
Provider p = getSunPKCS11(configName);
+ if (args.length > 1 && "sm".equals(args[0])) {
+ System.setProperty("java.security.policy",
+ BASE + File.separator + args[1]);
+ System.setSecurityManager(new SecurityManager());
+ }
+
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p);
KeyPair kp = kpg.generateKeyPair();
--- a/jdk/test/sun/security/pkcs11/Secmod/GetPrivateKey.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/GetPrivateKey.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,13 +29,19 @@
* @author Andreas Sterbenz
* @library ..
* @run main/othervm GetPrivateKey
+ * @run main/othervm GetPrivateKey sm policy
*/
-import java.util.*;
-
-import java.security.*;
-import java.security.KeyStore.*;
-import java.security.cert.*;
+import java.io.File;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.Signature;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.TreeSet;
public class GetPrivateKey extends SecmodTest {
@@ -49,6 +55,13 @@
System.out.println(p);
Security.addProvider(p);
+
+ if (args.length > 1 && "sm".equals(args[0])) {
+ System.setProperty("java.security.policy",
+ BASE + File.separator + args[1]);
+ System.setSecurityManager(new SecurityManager());
+ }
+
KeyStore ks = KeyStore.getInstance(PKCS11, p);
ks.load(null, password);
Collection<String> aliases = new TreeSet<>(
--- a/jdk/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,13 +28,19 @@
* @author Wang Weijun
* @library ..
* @run main/othervm JksSetPrivateKey
+ * @run main/othervm JksSetPrivateKey sm policy
*/
-import java.util.*;
-
-import java.security.*;
-import java.security.KeyStore.*;
-import java.security.cert.*;
+import java.io.File;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.TreeSet;
public class JksSetPrivateKey extends SecmodTest {
@@ -48,9 +54,16 @@
System.out.println(p);
Security.addProvider(p);
+
+ if (args.length > 1 && "sm".equals(args[0])) {
+ System.setProperty("java.security.policy",
+ BASE + File.separator + args[1]);
+ System.setSecurityManager(new SecurityManager());
+ }
+
KeyStore ks = KeyStore.getInstance("PKCS11", p);
ks.load(null, password);
- Collection<String> aliases = new TreeSet<String>(Collections.list(ks.aliases()));
+ Collection<String> aliases = new TreeSet<>(Collections.list(ks.aliases()));
System.out.println("entries: " + aliases.size());
System.out.println(aliases);
@@ -66,14 +79,14 @@
jks.setKeyEntry("k1", privateKey, "changeit".toCharArray(), chain);
throw new Exception("No, an NSS PrivateKey shouldn't be extractable and put inside a JKS keystore");
} catch (KeyStoreException e) {
- System.err.println(e);; // This is OK
+ System.err.println(e); // This is OK
}
try {
jks.setKeyEntry("k2", new DummyPrivateKey(), "changeit".toCharArray(), chain);
throw new Exception("No, non-PKCS#8 key shouldn't be put inside a KeyStore");
} catch (KeyStoreException e) {
- System.err.println(e);; // This is OK
+ System.err.println(e); // This is OK
}
System.out.println("OK");
@@ -81,35 +94,41 @@
jks.setKeyEntry("k3", new DummyPrivateKey2(), "changeit".toCharArray(), chain);
throw new Exception("No, not-extractble key shouldn't be put inside a KeyStore");
} catch (KeyStoreException e) {
- System.err.println(e);; // This is OK
+ System.err.println(e); // This is OK
}
System.out.println("OK");
}
}
class DummyPrivateKey implements PrivateKey {
+ @Override
public String getAlgorithm() {
return "DUMMY";
}
+ @Override
public String getFormat() {
return "DUMMY";
}
+ @Override
public byte[] getEncoded() {
return "DUMMY".getBytes();
}
}
class DummyPrivateKey2 implements PrivateKey {
+ @Override
public String getAlgorithm() {
return "DUMMY";
}
+ @Override
public String getFormat() {
return "PKCS#8";
}
+ @Override
public byte[] getEncoded() {
return null;
}
--- a/jdk/test/sun/security/pkcs11/Secmod/LoadKeystore.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/LoadKeystore.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,6 +21,7 @@
* questions.
*/
+import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
@@ -35,6 +36,7 @@
* @summary Checks that PKCS#11 keystore can't be loaded with wrong password
* @library ../
* @run main/othervm LoadKeystore
+ * @run main/othervm LoadKeystore sm policy
*/
public class LoadKeystore extends SecmodTest {
@@ -50,6 +52,12 @@
System.out.println();
Security.addProvider(p);
+ if (args.length > 1 && "sm".equals(args[0])) {
+ System.setProperty("java.security.policy",
+ BASE + File.separator + args[1]);
+ System.setSecurityManager(new SecurityManager());
+ }
+
try {
System.out.println("Load keystore with wrong type");
KeyStore.getInstance("unknown", p);
--- a/jdk/test/sun/security/pkcs11/Secmod/TrustAnchors.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/TrustAnchors.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,13 +28,17 @@
* @author Andreas Sterbenz
* @library ..
* @run main/othervm TrustAnchors
+ * @run main/othervm TrustAnchors sm policy
*/
-import java.util.*;
-
-import java.security.*;
-import java.security.KeyStore.*;
-import java.security.cert.*;
+import java.io.File;
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.TreeSet;
public class TrustAnchors extends SecmodTest {
@@ -57,9 +61,16 @@
System.out.println(p);
Security.addProvider(p);
+
+ if (args.length > 1 && "sm".equals(args[0])) {
+ System.setProperty("java.security.policy",
+ BASE + File.separator + args[1]);
+ System.setSecurityManager(new SecurityManager());
+ }
+
KeyStore ks = KeyStore.getInstance("PKCS11", p);
ks.load(null, null);
- Collection<String> aliases = new TreeSet<String>(Collections.list(ks.aliases()));
+ Collection<String> aliases = new TreeSet<>(Collections.list(ks.aliases()));
System.out.println("entries: " + aliases.size());
System.out.println(aliases);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/Secmod/policy Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,6 @@
+grant {
+ permission java.security.SecurityPermission "authProvider.*";
+ permission java.io.FilePermission "${test.src}/-", "read";
+ permission java.io.FilePermission "${pkcs11test.nss.db}/-", "read";
+ permission java.io.FilePermission "${pkcs11test.nss.libdir}/-", "read";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/SecureRandom/Basic.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/SecureRandom/Basic.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,17 +28,17 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
+ * @run main/othervm Basic
+ * @run main/othervm Basic sm
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.SecureRandom;
public class Basic extends PKCS11Test {
+ @Override
public void main(Provider p) throws Exception {
SecureRandom random;
try {
@@ -58,7 +58,7 @@
}
public static void main(String[] args) throws Exception {
- main(new Basic());
+ main(new Basic(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/Signature/ByteBuffers.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Signature/ByteBuffers.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,19 +28,24 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
+ * @run main/othervm ByteBuffers
+ * @run main/othervm ByteBuffers sm
*/
-import java.util.*;
-import java.nio.*;
-
-import java.security.*;
+import java.nio.ByteBuffer;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.security.Signature;
+import java.util.Random;
public class ByteBuffers extends PKCS11Test {
public static void main(String[] args) throws Exception {
- main(new ByteBuffers());
+ main(new ByteBuffers(), args);
}
+ @Override
public void main(Provider p) throws Exception {
/*
@@ -48,9 +53,9 @@
* when running SunPKCS11-Solaris provider (8044554)
*/
if (p.getName().equals("SunPKCS11-Solaris") &&
- System.getProperty("os.name").equals("SunOS") &&
- System.getProperty("os.arch").equals("sparcv9") &&
- System.getProperty("os.version").compareTo("5.11") <= 0 &&
+ props.getProperty("os.name").equals("SunOS") &&
+ props.getProperty("os.arch").equals("sparcv9") &&
+ props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +
--- a/jdk/test/sun/security/pkcs11/Signature/TestDSA.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Signature/TestDSA.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,14 +28,24 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
+ * @run main/othervm TestDSA
+ * @run main/othervm TestDSA sm
*/
-import java.io.*;
-import java.util.*;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.StringReader;
import java.math.BigInteger;
-
-import java.security.*;
-import java.security.spec.*;
+import java.security.KeyFactory;
+import java.security.MessageDigest;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.spec.DSAPrivateKeySpec;
+import java.security.spec.DSAPublicKeySpec;
+import java.util.Random;
public class TestDSA extends PKCS11Test {
@@ -102,9 +112,10 @@
}
public static void main(String[] args) throws Exception {
- main(new TestDSA());
+ main(new TestDSA(), args);
}
+ @Override
public void main(Provider provider) throws Exception {
long start = System.currentTimeMillis();
@@ -115,9 +126,9 @@
* when running SunPKCS11-Solaris (8044554)
*/
if (provider.getName().equals("SunPKCS11-Solaris") &&
- System.getProperty("os.name").equals("SunOS") &&
- System.getProperty("os.arch").equals("sparcv9") &&
- System.getProperty("os.version").compareTo("5.11") <= 0 &&
+ props.getProperty("os.name").equals("SunOS") &&
+ props.getProperty("os.arch").equals("sparcv9") &&
+ props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +
--- a/jdk/test/sun/security/pkcs11/Signature/TestDSAKeyLength.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Signature/TestDSAKeyLength.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -20,6 +20,7 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
+
/*
* @test
* @bug 7200306 8029158
@@ -27,19 +28,24 @@
* with unsupported key sizes
* @library ..
* @key randomness
+ * @run main/othervm TestDSAKeyLength
+ * @run main/othervm TestDSAKeyLength sm
*/
-
-import java.security.*;
-import java.security.spec.*;
-import java.security.interfaces.*;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Signature;
public class TestDSAKeyLength extends PKCS11Test {
public static void main(String[] args) throws Exception {
- main(new TestDSAKeyLength());
+ main(new TestDSAKeyLength(), args);
}
+ @Override
public void main(Provider provider) throws Exception {
if (isNSS(provider) && getNSSVersion() >= 3.14) {
System.out.println("Skip testing NSS " + getNSSVersion());
@@ -51,9 +57,9 @@
* when running SunPKCS11-Solaris (8044554)
*/
if (provider.getName().equals("SunPKCS11-Solaris") &&
- System.getProperty("os.name").equals("SunOS") &&
- System.getProperty("os.arch").equals("sparcv9") &&
- System.getProperty("os.version").compareTo("5.11") <= 0 &&
+ props.getProperty("os.name").equals("SunOS") &&
+ props.getProperty("os.arch").equals("sparcv9") &&
+ props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +
--- a/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,14 +27,26 @@
* @summary Make sure initSign/initVerify() check RSA key lengths
* @author Yu-Ching Valerie Peng
* @library ..
+ * @run main/othervm TestRSAKeyLength
+ * @run main/othervm TestRSAKeyLength sm
*/
-import java.security.*;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignedObject;
public class TestRSAKeyLength extends PKCS11Test {
+
public static void main(String[] args) throws Exception {
- main(new TestRSAKeyLength());
+ main(new TestRSAKeyLength(), args);
}
+
+ @Override
public void main(Provider p) throws Exception {
/*
@@ -42,9 +54,9 @@
* when running SunPKCS11-Solaris (8044554)
*/
if (p.getName().equals("SunPKCS11-Solaris") &&
- System.getProperty("os.name").equals("SunOS") &&
- System.getProperty("os.arch").equals("sparcv9") &&
- System.getProperty("os.version").compareTo("5.11") <= 0 &&
+ props.getProperty("os.name").equals("SunOS") &&
+ props.getProperty("os.arch").equals("sparcv9") &&
+ props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +
--- a/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,16 +29,31 @@
* @author Andreas Sterbenz
* @library ..
* @library ../../../../java/security/testlibrary
+ * @run main/othervm ReadCertificates
+ * @run main/othervm ReadCertificates sm policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.cert.*;
-import java.security.*;
-import java.security.interfaces.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.SignatureException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
-
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
import javax.security.auth.x500.X500Principal;
public class ReadCertificates extends PKCS11Test {
@@ -49,16 +64,18 @@
private static Collection<X509Certificate> readCertificates(File file) throws Exception {
System.out.println("Loading " + file.getName() + "...");
- InputStream in = new FileInputStream(file);
- Collection<X509Certificate> certs = (Collection<X509Certificate>)factory.generateCertificates(in);
- in.close();
+ Collection<X509Certificate> certs;
+ try (InputStream in = new FileInputStream(file)) {
+ certs = (Collection<X509Certificate>)factory.generateCertificates(in);
+ }
return certs;
}
public static void main(String[] args) throws Exception {
- main(new ReadCertificates());
+ main(new ReadCertificates(), args);
}
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("Signature", "SHA1withECDSA") == null) {
System.out.println("Provider does not support ECDSA, skipping...");
@@ -79,7 +96,7 @@
} catch (CertificateException e) {
// ignore
}
- Map<X500Principal,X509Certificate> certs = new LinkedHashMap<X500Principal,X509Certificate>();
+ Map<X500Principal,X509Certificate> certs = new LinkedHashMap<>();
File dir = new File(BASE, "certs");
File closedDir = new File(CLOSED_BASE, "certs");
@@ -103,7 +120,7 @@
System.out.println("OK: " + certs.size() + " certificates.");
// Get supported curves
- Vector<ECParameterSpec> supportedEC = getKnownCurves(p);
+ List<ECParameterSpec> supportedEC = getKnownCurves(p);
System.out.println("Test Certs:\n");
for (X509Certificate cert : certs.values()) {
@@ -127,7 +144,8 @@
System.out.println("Warning: " + e.getMessage() +
". Trying another provider...");
cert.verify(key);
- } catch (Exception e) {
+ } catch (CertificateException | InvalidKeyException |
+ NoSuchProviderException | SignatureException e) {
System.out.println(e.getMessage());
if (key instanceof ECPublicKey) {
System.out.println("Failed.\n\tCurve: " +
@@ -145,7 +163,7 @@
// try some random invalid signatures to make sure we get the correct
// error
System.out.println("Checking incorrect signatures...");
- List<X509Certificate> certList = new ArrayList<X509Certificate>(certs.values());
+ List<X509Certificate> certList = new ArrayList<>(certs.values());
for (int i = 0; i < 20; i++) {
X509Certificate cert, signer;
do {
@@ -161,9 +179,7 @@
} else {
throw new Exception("Verified invalid signature");
}
- } catch (SignatureException e) {
- System.out.println("OK: " + e);
- } catch (InvalidKeyException e) {
+ } catch (SignatureException | InvalidKeyException e) {
System.out.println("OK: " + e);
}
}
--- a/jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,26 +29,41 @@
* @library ..
* @library ../../../../java/security/testlibrary
* @key randomness
+ * @run main/othervm ReadPKCS12
+ * @run main/othervm ReadPKCS12 sm policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.interfaces.*;
-import java.security.cert.*;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.FileReader;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
import java.security.cert.Certificate;
-
-import javax.security.auth.x500.X500Principal;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Random;
public class ReadPKCS12 extends PKCS11Test {
private final static boolean COPY = false;
public static void main(String[] args) throws Exception {
- main(new ReadPKCS12());
+ main(new ReadPKCS12(), args);
}
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("Signature", "SHA1withECDSA") == null) {
System.out.println("Provider does not support ECDSA, skipping...");
@@ -71,29 +86,30 @@
KeyStore ks2;
if (COPY) {
ks2 = KeyStore.getInstance("JKS");
- InputStream in = new FileInputStream("keystore.old");
- ks2.load(in, "passphrase".toCharArray());
- in.close();
+ try (InputStream in = new FileInputStream("keystore.old")) {
+ ks2.load(in, "passphrase".toCharArray());
+ }
}
File dir = new File(BASE, "pkcs12");
File closedDir = new File(CLOSED_BASE, "pkcs12");
- Map<String,char[]> passwords = new HashMap<String,char[]>();
- BufferedReader reader = new BufferedReader(new FileReader((new File(BASE, "p12passwords.txt"))));
- while (true) {
- String line = reader.readLine();
- if (line == null) {
- break;
+ Map<String,char[]> passwords = new HashMap<>();
+ try (BufferedReader reader = new BufferedReader(
+ new FileReader(new File(BASE, "p12passwords.txt")))) {
+ while (true) {
+ String line = reader.readLine();
+ if (line == null) {
+ break;
+ }
+ line = line.trim();
+ if ((line.length() == 0) || line.startsWith("#")) {
+ continue;
+ }
+ String[] s = line.split(" ");
+ passwords.put(s[0], s[1].toCharArray());
}
- line = line.trim();
- if ((line.length() == 0) || line.startsWith("#")) {
- continue;
- }
- String[] s = line.split(" ");
- passwords.put(s[0], s[1].toCharArray());
}
- reader.close();
for (File file : concat(dir.listFiles(), closedDir.listFiles())) {
String name = file.getName();
@@ -108,10 +124,11 @@
password = passwords.get("*");
}
- InputStream in = new FileInputStream(file);
- KeyStore ks = KeyStore.getInstance("PKCS12");
- ks.load(in, password);
- in.close();
+ KeyStore ks;
+ try (InputStream in = new FileInputStream(file)) {
+ ks = KeyStore.getInstance("PKCS12");
+ ks.load(in, password);
+ }
List<String> aliases = Collections.list(ks.aliases());
System.out.println("Aliases: " + aliases);
@@ -147,9 +164,9 @@
}
if (COPY) {
- OutputStream out = new FileOutputStream("keystore.new");
- ks2.store(out, "passphrase".toCharArray());
- out.close();
+ try (OutputStream out = new FileOutputStream("keystore.new")) {
+ ks2.store(out, "passphrase".toCharArray());
+ }
}
System.out.println("OK");
--- a/jdk/test/sun/security/pkcs11/ec/TestCurves.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestCurves.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,53 +29,46 @@
* @library ..
* @modules jdk.crypto.pkcs11/sun.security.pkcs11.wrapper
* @compile -XDignore.symbol.file TestCurves.java
- * @run main TestCurves
+ * @run main/othervm TestCurves
+ * @run main/othervm TestCurves sm
* @key randomness
*/
-import java.util.*;
-
-import java.security.*;
-import java.security.spec.*;
-
-import javax.crypto.*;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
+import java.security.ProviderException;
+import java.security.Signature;
+import java.security.spec.ECParameterSpec;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Random;
+import javax.crypto.KeyAgreement;
public class TestCurves extends PKCS11Test {
public static void main(String[] args) throws Exception {
- main(new TestCurves());
+ main(new TestCurves(), args);
}
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("KeyAgreement", "ECDH") == null) {
System.out.println("Not supported by provider, skipping");
return;
}
- if (isNSS(p) && getNSSVersion() >= 3.11 && getNSSVersion() < 3.12) {
- System.out.println("NSS 3.11 has a DER issue that recent " +
- "version do not.");
+ if (isBadNSSVersion(p)) {
return;
}
- /*
- * Use Solaris SPARC 11.2 or later to avoid an intermittent failure
- * when running SunPKCS11-Solaris (8044554)
- */
- if (p.getName().equals("SunPKCS11-Solaris") &&
- System.getProperty("os.name").equals("SunOS") &&
- System.getProperty("os.arch").equals("sparcv9") &&
- System.getProperty("os.version").compareTo("5.11") <= 0 &&
- getDistro().compareTo("11.2") < 0) {
-
- System.out.println("SunPKCS11-Solaris provider requires " +
- "Solaris SPARC 11.2 or later, skipping");
+ if (isBadSolarisSparc(p)) {
return;
}
// Check if this is sparc for later failure avoidance.
boolean sparc = false;
- if (System.getProperty("os.arch").equals("sparcv9")) {
+ if (props.getProperty("os.arch").equals("sparcv9")) {
sparc = true;
System.out.println("This is a sparcv9");
}
@@ -84,7 +77,7 @@
byte[] data = new byte[2048];
random.nextBytes(data);
- Vector<ECParameterSpec> curves = getKnownCurves(p);
+ List<ECParameterSpec> curves = getKnownCurves(p);
for (ECParameterSpec params : curves) {
System.out.println("Testing " + params + "...");
KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p);
--- a/jdk/test/sun/security/pkcs11/ec/TestECDH.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestECDH.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,16 +28,21 @@
* @author Andreas Sterbenz
* @library ..
* @library ../../../../java/security/testlibrary
+ * @run main/othervm TestECDH
+ * @run main/othervm TestECDH sm policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.spec.*;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
-
-import javax.crypto.*;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Arrays;
+import javax.crypto.KeyAgreement;
public class TestECDH extends PKCS11Test {
@@ -55,6 +60,7 @@
private final static String secret163 = "04:ae:71:c1:c6:4d:f4:34:4d:72:70:a4:64:65:7f:2d:88:2d:3f:50:be";
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("KeyAgreement", "ECDH") == null) {
System.out.println("Provider does not support ECDH, skipping");
@@ -89,10 +95,12 @@
System.out.println("OK");
}
- private final static void test(Provider p, String pub1s, String priv1s, String pub2s, String priv2s, String secrets) throws Exception {
+ private final static void test(Provider p, String pub1s, String priv1s,
+ String pub2s, String priv2s, String secrets) throws Exception {
KeyFactory kf = KeyFactory.getInstance("EC", p);
PublicKey pub1 = kf.generatePublic(new X509EncodedKeySpec(parse(pub1s)));
- System.out.println("Testing using parameters " + ((ECPublicKey)pub1).getParams() + "...");
+ System.out.println("Testing using parameters "
+ + ((ECPublicKey)pub1).getParams() + "...");
PrivateKey priv1 = kf.generatePrivate(new PKCS8EncodedKeySpec(parse(priv1s)));
PublicKey pub2 = kf.generatePublic(new X509EncodedKeySpec(parse(pub2s)));
@@ -121,7 +129,7 @@
}
public static void main(String[] args) throws Exception {
- main(new TestECDH());
+ main(new TestECDH(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/ec/TestECDH2.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestECDH2.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,19 +30,25 @@
* @library ../../../../java/security/testlibrary
* @modules java.base/sun.security.util
* @compile -XDignore.symbol.file TestECDH2.java
- * @run main TestECDH2
+ * @run main/othervm TestECDH2
+ * @run main/othervm TestECDH2 sm
*/
-import java.io.*;
-import java.util.*;
import java.math.BigInteger;
-
-import java.security.*;
-import java.security.spec.*;
-import java.security.interfaces.*;
-import javax.crypto.*;
-
-import sun.security.util.ECUtil;
+import java.security.AlgorithmParameters;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPrivateKeySpec;
+import java.security.spec.ECPublicKeySpec;
+import java.util.Arrays;
+import javax.crypto.KeyAgreement;
public class TestECDH2 extends PKCS11Test {
@@ -81,7 +87,9 @@
private KeyPair genECKeyPair(String curvName, String privD, String pubX,
String pubY, Provider p) throws Exception {
- ECParameterSpec ecParams = ECUtil.getECParameterSpec(p, curvName);
+ AlgorithmParameters params = AlgorithmParameters.getInstance("EC", p);
+ params.init(new ECGenParameterSpec(curvName));
+ ECParameterSpec ecParams = params.getParameterSpec(ECParameterSpec.class);
ECPrivateKeySpec privKeySpec =
new ECPrivateKeySpec(new BigInteger(privD, 16), ecParams);
ECPublicKeySpec pubKeySpec =
@@ -98,19 +106,17 @@
return kpg.generateKeyPair();
}
public static void main(String[] args) throws Exception {
- main(new TestECDH2());
+ main(new TestECDH2(), args);
}
+ @Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyAgreement", "ECDH") == null) {
System.out.println("ECDH not supported, skipping");
return;
}
- if (isNSS(provider) && getNSSVersion() >= 3.11 &&
- getNSSVersion() < 3.12) {
- System.out.println("NSS 3.11 has a DER issue that recent " +
- "version do not.");
+ if (isBadNSSVersion(provider)) {
return;
}
--- a/jdk/test/sun/security/pkcs11/ec/TestECDSA.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestECDSA.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,13 +29,22 @@
* @library ..
* @library ../../../../java/security/testlibrary
* @key randomness
+ * @run main/othervm TestECDSA
+ * @run main/othervm TestECDSA sm policy
*/
-import java.util.*;
-
-import java.security.*;
-import java.security.spec.*;
-import java.security.interfaces.*;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.MessageDigest;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Random;
public class TestECDSA extends PKCS11Test {
@@ -79,7 +88,8 @@
private final static byte[] data2Raw = {};
private final static byte[] data2SHA = b("da:39:a3:ee:5e:6b:4b:0d:32:55:bf:ef:95:60:18:90:af:d8:07:09");
- private static void verify(Provider provider, String alg, PublicKey key, byte[] data, byte[] sig, boolean result) throws Exception {
+ private static void verify(Provider provider, String alg, PublicKey key,
+ byte[] data, byte[] sig, boolean result) throws Exception {
Signature s = Signature.getInstance(alg, provider);
s.initVerify(key);
boolean r;
@@ -105,9 +115,10 @@
}
public static void main(String[] args) throws Exception {
- main(new TestECDSA());
+ main(new TestECDSA(), args);
}
+ @Override
public void main(Provider provider) throws Exception {
long start = System.currentTimeMillis();
@@ -116,25 +127,11 @@
return;
}
- if (isNSS(provider) && getNSSVersion() >= 3.11 &&
- getNSSVersion() < 3.12) {
- System.out.println("NSS 3.11 has a DER issue that recent " +
- "version do not.");
+ if (isBadNSSVersion(provider)) {
return;
}
- /*
- * Use Solaris SPARC 11.2 or later to avoid an intermittent failure
- * when running SunPKCS11-Solaris (8044554)
- */
- if (provider.getName().equals("SunPKCS11-Solaris") &&
- System.getProperty("os.name").equals("SunOS") &&
- System.getProperty("os.arch").equals("sparcv9") &&
- System.getProperty("os.version").compareTo("5.11") <= 0 &&
- getDistro().compareTo("11.2") < 0) {
-
- System.out.println("SunPKCS11-Solaris provider requires " +
- "Solaris SPARC 11.2 or later, skipping");
+ if (isBadSolarisSparc(provider)) {
return;
}
--- a/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,18 +30,23 @@
* @library ../../../../java/security/testlibrary
* @modules java.base/sun.security.util
* @compile -XDignore.symbol.file TestECDSA2.java
- * @run main TestECDSA2
+ * @run main/othervm TestECDSA2
+ * @run main/othervm TestECDSA2 sm
*/
-import java.io.*;
-import java.util.*;
import java.math.BigInteger;
-
-import java.security.*;
-import java.security.spec.*;
-import java.security.interfaces.*;
-
-import sun.security.util.ECUtil;
+import java.security.AlgorithmParameters;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPrivateKeySpec;
+import java.security.spec.ECPublicKeySpec;
public class TestECDSA2 extends PKCS11Test {
@@ -78,7 +83,9 @@
private KeyPair genECKeyPair(String curvName, String privD, String pubX,
String pubY, Provider p) throws Exception {
- ECParameterSpec ecParams = ECUtil.getECParameterSpec(p, curvName);
+ AlgorithmParameters params = AlgorithmParameters.getInstance("EC", p);
+ params.init(new ECGenParameterSpec(curvName));
+ ECParameterSpec ecParams = params.getParameterSpec(ECParameterSpec.class);
ECPrivateKeySpec privKeySpec =
new ECPrivateKeySpec(new BigInteger(privD, 16), ecParams);
ECPublicKeySpec pubKeySpec =
@@ -90,9 +97,10 @@
}
public static void main(String[] args) throws Exception {
- main(new TestECDSA2());
+ main(new TestECDSA2(), args);
}
+ @Override
public void main(Provider provider) throws Exception {
boolean testP256 =
(provider.getService("Signature", "SHA256withECDSA") != null);
@@ -105,10 +113,7 @@
return;
}
- if (isNSS(provider) && getNSSVersion() >= 3.11 &&
- getNSSVersion() < 3.12) {
- System.out.println("NSS 3.11 has a DER issue that recent " +
- "version do not.");
+ if (isBadNSSVersion(provider)) {
return;
}
--- a/jdk/test/sun/security/pkcs11/ec/TestECGenSpec.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestECGenSpec.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,29 +27,32 @@
* @summary Verify that we can use ECGenParameterSpec
* @author Andreas Sterbenz
* @library ..
+ * @run main/othervm TestECGenSpec
+ * @run main/othervm TestECGenSpec sm
*/
-import java.util.*;
-
-import java.security.*;
-import java.security.spec.*;
+import java.security.AlgorithmParameters;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Provider;
import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
public class TestECGenSpec extends PKCS11Test {
public static void main(String[] args) throws Exception {
- main(new TestECGenSpec());
+ main(new TestECGenSpec(), args);
}
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("Signature", "SHA1withECDSA") == null) {
System.out.println("Provider does not support ECDSA, skipping...");
return;
}
- if (isNSS(p) && getNSSVersion() >= 3.11 && getNSSVersion() < 3.12) {
- System.out.println("NSS 3.11 has a DER issue that recent " +
- "version do not.");
+ if (isBadNSSVersion(p)) {
return;
}
--- a/jdk/test/sun/security/pkcs11/ec/TestKeyFactory.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/TestKeyFactory.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,14 +27,23 @@
* @summary Test the P11ECKeyFactory
* @author Andreas Sterbenz
* @library ..
+ * @run main/othervm TestKeyFactory
+ * @run main/othervm TestKeyFactory sm
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.interfaces.*;
-import java.security.spec.*;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.spec.ECPrivateKeySpec;
+import java.security.spec.ECPublicKeySpec;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Arrays;
public class TestKeyFactory extends PKCS11Test {
@@ -111,9 +120,10 @@
}
public static void main(String[] args) throws Exception {
- main(new TestKeyFactory());
+ main(new TestKeyFactory(), args);
}
+ @Override
public void main(Provider p) throws Exception {
if (p.getService("KeyFactory", "EC") == null) {
System.out.println("Provider does not support EC, skipping");
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/ec/policy Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,7 @@
+grant {
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.security.SecurityPermission "insertProvider.*";
+ permission java.security.SecurityPermission "removeProvider.*";
+ permission java.io.FilePermission "${test.src}/-", "read";
+ permission java.io.FilePermission "${closed.base}/-", "read";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,15 +29,21 @@
* @library ..
* @modules java.base/com.sun.net.ssl.internal.ssl
* @run main/othervm TrustManagerTest
+ * @run main/othervm TrustManagerTest sm TrustManagerTest.policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.cert.*;
-
-import javax.net.ssl.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.Policy;
+import java.security.Provider;
+import java.security.Security;
+import java.security.URIParameter;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
// This test belongs more in JSSE than here, but the JSSE workspace does not
// have the NSS test infrastructure. It will live here for the time being.
@@ -73,6 +79,12 @@
X509Certificate ca = loadCertificate("certs/ca.cer");
X509Certificate anchor = loadCertificate("certs/anchor.cer");
+ if (args.length > 1 && "sm".equals(args[0])) {
+ Policy.setPolicy(Policy.getInstance("JavaPolicy",
+ new URIParameter(new File(BASE, args[1]).toURI())));
+ System.setSecurityManager(new SecurityManager());
+ }
+
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(null, null);
trustStore.setCertificateEntry("anchor", anchor);
@@ -90,11 +102,10 @@
}
private static X509Certificate loadCertificate(String name) throws Exception {
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- InputStream in = new FileInputStream(BASE + SEP + name);
- X509Certificate cert = (X509Certificate)cf.generateCertificate(in);
- in.close();
- return cert;
+ try (InputStream in = new FileInputStream(BASE + SEP + name)) {
+ return (X509Certificate) CertificateFactory.getInstance("X.509")
+ .generateCertificate(in);
+ }
}
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.policy Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,3 @@
+grant {
+
+};
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/policy Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,3 @@
+grant {
+ permission java.lang.RuntimePermission "setSecurityManager";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/rsa/KeyWrap.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/KeyWrap.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,18 +28,28 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
+ * @run main/othervm KeyWrap
+ * @run main/othervm KeyWrap sm
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.util.Random;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
public class KeyWrap extends PKCS11Test {
+ @Override
public void main(Provider p) throws Exception {
try {
Cipher.getInstance("RSA/ECB/PKCS1Padding", p);
@@ -62,7 +72,7 @@
PublicKey pub = (PublicKey)kf.translateKey(kp.getPublic());
PrivateKey priv = (PrivateKey)kf.translateKey(kp.getPrivate());
kp = new KeyPair(pub, priv);
- } catch (Exception ee) {
+ } catch (NoSuchAlgorithmException | InvalidKeyException ee) {
ee.printStackTrace();
System.out.println("Provider does not support RSA, skipping");
return;
@@ -93,7 +103,7 @@
}
public static void main(String[] args) throws Exception {
- main(new KeyWrap());
+ main(new KeyWrap(), args);
}
}
--- a/jdk/test/sun/security/pkcs11/rsa/TestCACerts.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/TestCACerts.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,24 +28,28 @@
* @author Andreas Sterbenz
* @library ..
* @library ../../../../java/security/testlibrary
+ * @run main/othervm TestCACerts
+ * @run main/othervm TestCACerts sm TestCACerts.policy
*/
// this test serves as our known answer test
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.cert.*;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.cert.X509Certificate;
+import java.util.Enumeration;
public class TestCACerts extends PKCS11Test {
- private final static char SEP = File.separatorChar;
-
public static void main(String[] args) throws Exception {
- main(new TestCACerts());
+ main(new TestCACerts(), args);
}
+ @Override
public void main(Provider p) throws Exception {
/*
@@ -53,9 +57,9 @@
* when running SunPKCS11-Solaris (8044554)
*/
if (p.getName().equals("SunPKCS11-Solaris") &&
- System.getProperty("os.name").equals("SunOS") &&
- System.getProperty("os.arch").equals("sparcv9") &&
- System.getProperty("os.version").compareTo("5.11") <= 0 &&
+ props.getProperty("os.name").equals("SunOS") &&
+ props.getProperty("os.arch").equals("sparcv9") &&
+ props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +
@@ -67,12 +71,13 @@
Providers.setAt(p, 1);
try {
String PROVIDER = p.getName();
- String javaHome = System.getProperty("java.home");
+ String javaHome = props.getProperty("java.home");
String caCerts = javaHome + SEP + "lib" + SEP + "security" + SEP + "cacerts";
- InputStream in = new FileInputStream(caCerts);
- KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
- ks.load(in, null);
- in.close();
+ KeyStore ks;
+ try (InputStream in = new FileInputStream(caCerts)) {
+ ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ ks.load(in, null);
+ }
for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) {
String alias = (String)e.nextElement();
if (ks.isCertificateEntry(alias)) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/TestCACerts.policy Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,7 @@
+grant {
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.security.SecurityPermission "insertProvider.*";
+ permission java.security.SecurityPermission "removeProvider.*";
+ permission java.util.PropertyPermission "java.home", "read";
+ permission java.io.FilePermission "${java.home}/lib/security/cacerts", "read";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/rsa/TestKeyFactory.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/TestKeyFactory.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,26 +27,26 @@
* @summary Test KeyFactory of the new RSA provider
* @author Andreas Sterbenz
* @library ..
+ * @run main/othervm TestKeyFactory
+ * @run main/othervm TestKeyFactory sm rsakeys.ks.policy
*/
import java.io.*;
import java.util.*;
import java.security.*;
-import java.security.interfaces.*;
import java.security.spec.*;
public class TestKeyFactory extends PKCS11Test {
- private final static String BASE = System.getProperty("test.src", ".");
-
private static final char[] password = "test12".toCharArray();
static KeyStore getKeyStore() throws Exception {
- InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"));
- KeyStore ks = KeyStore.getInstance("JKS");
- ks.load(in, password);
- in.close();
+ KeyStore ks;
+ try (InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"))) {
+ ks = KeyStore.getInstance("JKS");
+ ks.load(in, password);
+ }
return ks;
}
@@ -128,9 +128,10 @@
}
public static void main(String[] args) throws Exception {
- main(new TestKeyFactory());
+ main(new TestKeyFactory(), args);
}
+ @Override
public void main(Provider p) throws Exception {
long start = System.currentTimeMillis();
KeyStore ks = getKeyStore();
--- a/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,16 +30,20 @@
* @library /lib/testlibrary
* @build jdk.testlibrary.*
* @run main/othervm TestKeyPairGenerator
+ * @run main/othervm TestKeyPairGenerator sm TestKeyPairGenerator.policy
* @key intermittent randomness
*/
-import java.io.*;
-import java.util.*;
import java.math.BigInteger;
-
-import java.security.*;
-import java.security.interfaces.*;
-import java.security.spec.*;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.RSAKeyGenParameterSpec;
import jdk.testlibrary.RandomFactory;
public class TestKeyPairGenerator extends PKCS11Test {
@@ -48,7 +52,8 @@
private static byte[] data;
- private static void testSignature(String algorithm, PrivateKey privateKey, PublicKey publicKey) throws Exception {
+ private static void testSignature(String algorithm, PrivateKey privateKey,
+ PublicKey publicKey) throws Exception {
System.out.println("Testing " + algorithm + "...");
Signature s = Signature.getInstance(algorithm, provider);
s.initSign(privateKey);
@@ -98,9 +103,10 @@
}
public static void main(String[] args) throws Exception {
- main(new TestKeyPairGenerator());
+ main(new TestKeyPairGenerator(), args);
}
+ @Override
public void main(Provider p) throws Exception {
long start = System.currentTimeMillis();
provider = p;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.policy Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,4 @@
+grant {
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.util.PropertyPermission "seed", "read";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,18 +28,25 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
+ * @run main/othervm TestSignatures
+ * @run main/othervm TestSignatures sm rsakeys.ks.policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.*;
-import java.security.interfaces.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyFactory;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Enumeration;
+import java.util.Random;
public class TestSignatures extends PKCS11Test {
- private final static String BASE = System.getProperty("test.src", ".");
-
private static final char[] password = "test12".toCharArray();
private static Provider provider;
@@ -47,14 +54,16 @@
private static byte[] data;
static KeyStore getKeyStore() throws Exception {
- InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"));
- KeyStore ks = KeyStore.getInstance("JKS");
- ks.load(in, password);
- in.close();
+ KeyStore ks;
+ try (InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"))) {
+ ks = KeyStore.getInstance("JKS");
+ ks.load(in, password);
+ }
return ks;
}
- private static void testSignature(String algorithm, PrivateKey privateKey, PublicKey publicKey) throws Exception {
+ private static void testSignature(String algorithm, PrivateKey privateKey,
+ PublicKey publicKey) throws Exception {
System.out.println("Testing " + algorithm + "...");
Signature s = Signature.getInstance(algorithm, provider);
s.initSign(privateKey);
@@ -78,7 +87,8 @@
}
}
- private static void test(PrivateKey privateKey, PublicKey publicKey) throws Exception {
+ private static void test(PrivateKey privateKey, PublicKey publicKey)
+ throws Exception {
testSignature("MD2withRSA", privateKey, publicKey);
testSignature("MD5withRSA", privateKey, publicKey);
testSignature("SHA1withRSA", privateKey, publicKey);
@@ -93,9 +103,10 @@
}
public static void main(String[] args) throws Exception {
- main(new TestSignatures());
+ main(new TestSignatures(), args);
}
+ @Override
public void main(Provider p) throws Exception {
/*
@@ -103,9 +114,9 @@
* when running SunPKCS11-Solaris (8044554)
*/
if (p.getName().equals("SunPKCS11-Solaris") &&
- System.getProperty("os.name").equals("SunOS") &&
- System.getProperty("os.arch").equals("sparcv9") &&
- System.getProperty("os.version").compareTo("5.11") <= 0 &&
+ props.getProperty("os.name").equals("SunOS") &&
+ props.getProperty("os.arch").equals("sparcv9") &&
+ props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/rsa/rsakeys.ks.policy Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,4 @@
+grant {
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.io.FilePermission "${test.src}/rsakeys.ks", "read";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/sslecc/CipherTest.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/sslecc/CipherTest.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -47,7 +47,8 @@
// use any available port for the server socket
static volatile int serverPort = 0;
- final int THREADS;
+ static final int THREADS = Integer.getInteger("numThreads", 4);
+ static final String TEST_SRC = System.getProperty("test.src", ".");
// assume that if we do not read anything for 20 seconds, something
// has gone wrong
@@ -68,6 +69,7 @@
this.cipherTest = cipherTest;
}
+ @Override
public abstract void run();
void handleRequest(InputStream in, OutputStream out) throws IOException {
@@ -117,6 +119,7 @@
return TLSCipherStatus.isEnabled(cipherSuite, protocol);
}
+ @Override
public String toString() {
String s = cipherSuite + " in " + protocol + " mode";
if (clientAuth != null) {
@@ -260,7 +263,6 @@
private boolean failed;
private CipherTest(PeerFactory peerFactory) throws IOException {
- THREADS = Integer.parseInt(System.getProperty("numThreads", "4"));
factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket)factory.createSocket();
String[] cipherSuites = socket.getSupportedCipherSuites();
@@ -350,6 +352,7 @@
this.cipherTest = cipherTest;
}
+ @Override
public final void run() {
while (true) {
TestParameters params = cipherTest.getTest();
@@ -405,10 +408,11 @@
private static KeyStore readKeyStore(String name) throws Exception {
File file = new File(PATH, name);
- InputStream in = new FileInputStream(file);
- KeyStore ks = KeyStore.getInstance("JKS");
- ks.load(in, passwd);
- in.close();
+ KeyStore ks;
+ try (InputStream in = new FileInputStream(file)) {
+ ks = KeyStore.getInstance("JKS");
+ ks.load(in, passwd);
+ }
return ks;
}
@@ -421,7 +425,7 @@
} else {
relPath = pathToStores;
}
- PATH = new File(System.getProperty("test.src", "."), relPath);
+ PATH = new File(TEST_SRC, relPath);
CipherTest.peerFactory = peerFactory;
System.out.print(
"Initializing test '" + peerFactory.getName() + "'...");
@@ -494,16 +498,19 @@
}
+ @Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// empty
}
+ @Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// empty
}
+ @Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
@@ -522,6 +529,7 @@
this.authType = "ECDSA".equals(authType) ? "EC" : authType;
}
+ @Override
public String[] getClientAliases(String keyType, Principal[] issuers) {
if (authType == null) {
return null;
@@ -529,6 +537,7 @@
return keyManager.getClientAliases(authType, issuers);
}
+ @Override
public String chooseClientAlias(String[] keyType, Principal[] issuers,
Socket socket) {
if (authType == null) {
@@ -538,6 +547,7 @@
issuers, socket);
}
+ @Override
public String chooseEngineClientAlias(String[] keyType,
Principal[] issuers, SSLEngine engine) {
if (authType == null) {
@@ -547,24 +557,29 @@
issuers, engine);
}
+ @Override
public String[] getServerAliases(String keyType, Principal[] issuers) {
throw new UnsupportedOperationException("Servers not supported");
}
+ @Override
public String chooseServerAlias(String keyType, Principal[] issuers,
Socket socket) {
throw new UnsupportedOperationException("Servers not supported");
}
+ @Override
public String chooseEngineServerAlias(String keyType, Principal[] issuers,
SSLEngine engine) {
throw new UnsupportedOperationException("Servers not supported");
}
+ @Override
public X509Certificate[] getCertificateChain(String alias) {
return keyManager.getCertificateChain(alias);
}
+ @Override
public PrivateKey getPrivateKey(String alias) {
return keyManager.getPrivateKey(alias);
}
@@ -577,6 +592,7 @@
private final static ThreadFactory DEFAULT = Executors.defaultThreadFactory();
+ @Override
public Thread newThread(Runnable r) {
Thread t = DEFAULT.newThread(r);
t.setDaemon(true);
--- a/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -34,25 +34,28 @@
* @library ..
* @library ../../../../java/security/testlibrary
* @run main/othervm ClientJSSEServerJSSE
+ * @run main/othervm ClientJSSEServerJSSE sm policy
*/
-import java.security.*;
+import java.security.Provider;
+import java.security.Security;
public class ClientJSSEServerJSSE extends PKCS11Test {
private static String[] cmdArgs;
public static void main(String[] args) throws Exception {
- cmdArgs = args;
- main(new ClientJSSEServerJSSE());
- }
-
- public void main(Provider p) throws Exception {
// reset security properties to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+ cmdArgs = args;
+ main(new ClientJSSEServerJSSE(), args);
+ }
+
+ @Override
+ public void main(Provider p) throws Exception {
if (p.getService("KeyFactory", "EC") == null) {
System.out.println("Provider does not support EC, skipping");
return;
@@ -64,14 +67,17 @@
private static class JSSEFactory extends CipherTest.PeerFactory {
+ @Override
String getName() {
return "Client JSSE - Server JSSE";
}
+ @Override
CipherTest.Client newClient(CipherTest cipherTest) throws Exception {
return new JSSEClient(cipherTest);
}
+ @Override
CipherTest.Server newServer(CipherTest cipherTest) throws Exception {
return new JSSEServer(cipherTest);
}
--- a/jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,16 +21,17 @@
* questions.
*/
-import java.io.*;
-import java.net.*;
-import java.util.*;
-import java.util.concurrent.*;
-
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-
-import javax.net.ssl.*;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.concurrent.Executor;
+import java.util.concurrent.Executors;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.TrustManager;
class JSSEServer extends CipherTest.Server {
@@ -48,15 +49,17 @@
serverSocket.setWantClientAuth(true);
}
+ @Override
public void run() {
System.out.println("JSSE Server listening on port " + cipherTest.serverPort);
Executor exec = Executors.newFixedThreadPool
- (cipherTest.THREADS, DaemonThreadFactory.INSTANCE);
+ (CipherTest.THREADS, DaemonThreadFactory.INSTANCE);
try {
while (true) {
final SSLSocket socket = (SSLSocket)serverSocket.accept();
socket.setSoTimeout(cipherTest.TIMEOUT);
Runnable r = new Runnable() {
+ @Override
public void run() {
try {
InputStream in = socket.getInputStream();
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/sslecc/policy Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,9 @@
+grant {
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.security.SecurityPermission "insertProvider.*";
+ permission java.security.SecurityPermission "removeProvider.*";
+ permission java.util.PropertyPermission "test.src", "read";
+ permission java.util.PropertyPermission "numThreads", "read";
+ permission java.io.FilePermission "${test.src}/*", "read";
+ permission java.net.SocketPermission "127.0.0.1:*", "listen,resolve,accept,connect";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/tls/TestKeyMaterial.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/TestKeyMaterial.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,136 +28,138 @@
* @author Andreas Sterbenz
* @library ..
* @modules java.base/sun.security.internal.spec
+ * @run main/othervm TestKeyMaterial
+ * @run main/othervm TestKeyMaterial sm policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.Security;
+import java.io.BufferedReader;
+import java.nio.file.Files;
+import java.nio.file.Paths;
import java.security.Provider;
-
+import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
-
-import javax.crypto.spec.*;
-
-import sun.security.internal.spec.*;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
+import sun.security.internal.spec.TlsKeyMaterialSpec;
public class TestKeyMaterial extends PKCS11Test {
- private static int PREFIX_LENGTH = "km-master: ".length();
+ private static final int PREFIX_LENGTH = "km-master: ".length();
public static void main(String[] args) throws Exception {
- main(new TestKeyMaterial());
+ main(new TestKeyMaterial(), args);
}
+ @Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyGenerator", "SunTlsKeyMaterial") == null) {
System.out.println("Provider does not support algorithm, skipping");
return;
}
- InputStream in = new FileInputStream(new File(BASE, "keymatdata.txt"));
- BufferedReader reader = new BufferedReader(new InputStreamReader(in));
+ try (BufferedReader reader = Files.newBufferedReader(
+ Paths.get(BASE, "keymatdata.txt"))) {
+
+ int n = 0;
+ int lineNumber = 0;
- int n = 0;
- int lineNumber = 0;
+ byte[] master = null;
+ int major = 0;
+ int minor = 0;
+ byte[] clientRandom = null;
+ byte[] serverRandom = null;
+ String cipherAlgorithm = null;
+ int keyLength = 0;
+ int expandedKeyLength = 0;
+ int ivLength = 0;
+ int macLength = 0;
+ byte[] clientCipherBytes = null;
+ byte[] serverCipherBytes = null;
+ byte[] clientIv = null;
+ byte[] serverIv = null;
+ byte[] clientMacBytes = null;
+ byte[] serverMacBytes = null;
- byte[] master = null;
- int major = 0;
- int minor = 0;
- byte[] clientRandom = null;
- byte[] serverRandom = null;
- String cipherAlgorithm = null;
- int keyLength = 0;
- int expandedKeyLength = 0;
- int ivLength = 0;
- int macLength = 0;
- byte[] clientCipherBytes = null;
- byte[] serverCipherBytes = null;
- byte[] clientIv = null;
- byte[] serverIv = null;
- byte[] clientMacBytes = null;
- byte[] serverMacBytes = null;
+ while (true) {
+ String line = reader.readLine();
+ lineNumber++;
+ if (line == null) {
+ break;
+ }
+ if (line.startsWith("km-") == false) {
+ continue;
+ }
+ String data = line.substring(PREFIX_LENGTH);
+ if (line.startsWith("km-master:")) {
+ master = parse(data);
+ } else if (line.startsWith("km-major:")) {
+ major = Integer.parseInt(data);
+ } else if (line.startsWith("km-minor:")) {
+ minor = Integer.parseInt(data);
+ } else if (line.startsWith("km-crandom:")) {
+ clientRandom = parse(data);
+ } else if (line.startsWith("km-srandom:")) {
+ serverRandom = parse(data);
+ } else if (line.startsWith("km-cipalg:")) {
+ cipherAlgorithm = data;
+ } else if (line.startsWith("km-keylen:")) {
+ keyLength = Integer.parseInt(data);
+ } else if (line.startsWith("km-explen:")) {
+ expandedKeyLength = Integer.parseInt(data);
+ } else if (line.startsWith("km-ivlen:")) {
+ ivLength = Integer.parseInt(data);
+ } else if (line.startsWith("km-maclen:")) {
+ macLength = Integer.parseInt(data);
+ } else if (line.startsWith("km-ccipkey:")) {
+ clientCipherBytes = parse(data);
+ } else if (line.startsWith("km-scipkey:")) {
+ serverCipherBytes = parse(data);
+ } else if (line.startsWith("km-civ:")) {
+ clientIv = parse(data);
+ } else if (line.startsWith("km-siv:")) {
+ serverIv = parse(data);
+ } else if (line.startsWith("km-cmackey:")) {
+ clientMacBytes = parse(data);
+ } else if (line.startsWith("km-smackey:")) {
+ serverMacBytes = parse(data);
- while (true) {
- String line = reader.readLine();
- lineNumber++;
- if (line == null) {
- break;
- }
- if (line.startsWith("km-") == false) {
- continue;
+ System.out.print(".");
+ n++;
+
+ KeyGenerator kg =
+ KeyGenerator.getInstance("SunTlsKeyMaterial", provider);
+ SecretKey masterKey =
+ new SecretKeySpec(master, "TlsMasterSecret");
+ TlsKeyMaterialParameterSpec spec =
+ new TlsKeyMaterialParameterSpec(masterKey, major, minor,
+ clientRandom, serverRandom, cipherAlgorithm,
+ keyLength, expandedKeyLength, ivLength, macLength,
+ null, -1, -1);
+
+ kg.init(spec);
+ TlsKeyMaterialSpec result =
+ (TlsKeyMaterialSpec)kg.generateKey();
+ match(lineNumber, clientCipherBytes,
+ result.getClientCipherKey(), cipherAlgorithm);
+ match(lineNumber, serverCipherBytes,
+ result.getServerCipherKey(), cipherAlgorithm);
+ match(lineNumber, clientIv, result.getClientIv(), "");
+ match(lineNumber, serverIv, result.getServerIv(), "");
+ match(lineNumber, clientMacBytes, result.getClientMacKey(), "");
+ match(lineNumber, serverMacBytes, result.getServerMacKey(), "");
+
+ } else {
+ throw new Exception("Unknown line: " + line);
+ }
}
- String data = line.substring(PREFIX_LENGTH);
- if (line.startsWith("km-master:")) {
- master = parse(data);
- } else if (line.startsWith("km-major:")) {
- major = Integer.parseInt(data);
- } else if (line.startsWith("km-minor:")) {
- minor = Integer.parseInt(data);
- } else if (line.startsWith("km-crandom:")) {
- clientRandom = parse(data);
- } else if (line.startsWith("km-srandom:")) {
- serverRandom = parse(data);
- } else if (line.startsWith("km-cipalg:")) {
- cipherAlgorithm = data;
- } else if (line.startsWith("km-keylen:")) {
- keyLength = Integer.parseInt(data);
- } else if (line.startsWith("km-explen:")) {
- expandedKeyLength = Integer.parseInt(data);
- } else if (line.startsWith("km-ivlen:")) {
- ivLength = Integer.parseInt(data);
- } else if (line.startsWith("km-maclen:")) {
- macLength = Integer.parseInt(data);
- } else if (line.startsWith("km-ccipkey:")) {
- clientCipherBytes = parse(data);
- } else if (line.startsWith("km-scipkey:")) {
- serverCipherBytes = parse(data);
- } else if (line.startsWith("km-civ:")) {
- clientIv = parse(data);
- } else if (line.startsWith("km-siv:")) {
- serverIv = parse(data);
- } else if (line.startsWith("km-cmackey:")) {
- clientMacBytes = parse(data);
- } else if (line.startsWith("km-smackey:")) {
- serverMacBytes = parse(data);
-
- System.out.print(".");
- n++;
-
- KeyGenerator kg =
- KeyGenerator.getInstance("SunTlsKeyMaterial", provider);
- SecretKey masterKey =
- new SecretKeySpec(master, "TlsMasterSecret");
- TlsKeyMaterialParameterSpec spec =
- new TlsKeyMaterialParameterSpec(masterKey, major, minor,
- clientRandom, serverRandom, cipherAlgorithm,
- keyLength, expandedKeyLength, ivLength, macLength,
- null, -1, -1);
-
- kg.init(spec);
- TlsKeyMaterialSpec result =
- (TlsKeyMaterialSpec)kg.generateKey();
- match(lineNumber, clientCipherBytes,
- result.getClientCipherKey(), cipherAlgorithm);
- match(lineNumber, serverCipherBytes,
- result.getServerCipherKey(), cipherAlgorithm);
- match(lineNumber, clientIv, result.getClientIv(), "");
- match(lineNumber, serverIv, result.getServerIv(), "");
- match(lineNumber, clientMacBytes, result.getClientMacKey(), "");
- match(lineNumber, serverMacBytes, result.getServerMacKey(), "");
-
- } else {
- throw new Exception("Unknown line: " + line);
+ if (n == 0) {
+ throw new Exception("no tests");
}
- }
- if (n == 0) {
- throw new Exception("no tests");
+ System.out.println();
+ System.out.println("OK: " + n + " tests");
}
- in.close();
- System.out.println();
- System.out.println("OK: " + n + " tests");
}
private static void stripParity(byte[] b) {
--- a/jdk/test/sun/security/pkcs11/tls/TestLeadingZeroesP11.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/TestLeadingZeroesP11.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -27,15 +27,18 @@
* @summary Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement
* @library ..
* @author Pasi Eronen
+ * @run main/othervm TestLeadingZeroesP11
+ * @run main/othervm TestLeadingZeroesP11 sm
*/
-import java.io.*;
-import java.security.*;
-import java.security.spec.*;
-import java.security.interfaces.*;
-import javax.crypto.*;
-import javax.crypto.spec.*;
-import javax.crypto.interfaces.*;
+
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+import javax.crypto.KeyAgreement;
/**
* Test that leading zeroes are stripped in TlsPremasterSecret case,
@@ -48,9 +51,10 @@
public class TestLeadingZeroesP11 extends PKCS11Test {
public static void main(String[] args) throws Exception {
- main(new TestLeadingZeroesP11());
+ main(new TestLeadingZeroesP11(), args);
}
+ @Override
public void main(Provider p) throws Exception {
// decode pre-generated keypairs
--- a/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,111 +29,112 @@
* @library ..
* @modules java.base/sun.security.internal.interfaces
* java.base/sun.security.internal.spec
+ * @run main/othervm TestMasterSecret
+ * @run main/othervm TestMasterSecret sm TestMasterSecret.policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.Security;
+import java.io.BufferedReader;
+import java.nio.file.Files;
+import java.nio.file.Paths;
import java.security.Provider;
-
+import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
-
-import javax.crypto.spec.*;
-
-import sun.security.internal.spec.*;
+import javax.crypto.spec.SecretKeySpec;
import sun.security.internal.interfaces.TlsMasterSecret;
+import sun.security.internal.spec.TlsMasterSecretParameterSpec;
public class TestMasterSecret extends PKCS11Test {
- private static int PREFIX_LENGTH = "m-premaster: ".length();
+ private static final int PREFIX_LENGTH = "m-premaster: ".length();
public static void main(String[] args) throws Exception {
- main(new TestMasterSecret());
+ main(new TestMasterSecret(), args);
}
+ @Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyGenerator", "SunTlsMasterSecret") == null) {
System.out.println("Not supported by provider, skipping");
return;
}
- InputStream in = new FileInputStream(new File(BASE, "masterdata.txt"));
- BufferedReader reader = new BufferedReader(new InputStreamReader(in));
+
+ try (BufferedReader reader = Files.newBufferedReader(
+ Paths.get(BASE, "masterdata.txt"))) {
+
+ int n = 0;
+ int lineNumber = 0;
- int n = 0;
- int lineNumber = 0;
+ String algorithm = null;
+ byte[] premaster = null;
+ byte[] clientRandom = null;
+ byte[] serverRandom = null;
+ int protoMajor = 0;
+ int protoMinor = 0;
+ int preMajor = 0;
+ int preMinor = 0;
+ byte[] master = null;
- String algorithm = null;
- byte[] premaster = null;
- byte[] clientRandom = null;
- byte[] serverRandom = null;
- int protoMajor = 0;
- int protoMinor = 0;
- int preMajor = 0;
- int preMinor = 0;
- byte[] master = null;
+ while (true) {
+ String line = reader.readLine();
+ lineNumber++;
+ if (line == null) {
+ break;
+ }
+ if (line.startsWith("m-") == false) {
+ continue;
+ }
+ String data = line.substring(PREFIX_LENGTH);
+ if (line.startsWith("m-algorithm:")) {
+ algorithm = data;
+ } else if (line.startsWith("m-premaster:")) {
+ premaster = parse(data);
+ } else if (line.startsWith("m-crandom:")) {
+ clientRandom = parse(data);
+ } else if (line.startsWith("m-srandom:")) {
+ serverRandom = parse(data);
+ } else if (line.startsWith("m-protomajor:")) {
+ protoMajor = Integer.parseInt(data);
+ } else if (line.startsWith("m-protominor:")) {
+ protoMinor = Integer.parseInt(data);
+ } else if (line.startsWith("m-premajor:")) {
+ preMajor = Integer.parseInt(data);
+ } else if (line.startsWith("m-preminor:")) {
+ preMinor = Integer.parseInt(data);
+ } else if (line.startsWith("m-master:")) {
+ master = parse(data);
- while (true) {
- String line = reader.readLine();
- lineNumber++;
- if (line == null) {
- break;
- }
- if (line.startsWith("m-") == false) {
- continue;
+ System.out.print(".");
+ n++;
+
+ KeyGenerator kg =
+ KeyGenerator.getInstance("SunTlsMasterSecret", provider);
+ SecretKey premasterKey =
+ new SecretKeySpec(premaster, algorithm);
+ TlsMasterSecretParameterSpec spec =
+ new TlsMasterSecretParameterSpec(premasterKey,
+ protoMajor, protoMinor, clientRandom, serverRandom,
+ null, -1, -1);
+ kg.init(spec);
+ TlsMasterSecret key = (TlsMasterSecret)kg.generateKey();
+ byte[] enc = key.getEncoded();
+ if (Arrays.equals(master, enc) == false) {
+ throw new Exception("mismatch line: " + lineNumber);
+ }
+ if ((preMajor != key.getMajorVersion()) ||
+ (preMinor != key.getMinorVersion())) {
+ throw new Exception("version mismatch line: " + lineNumber);
+ }
+ } else {
+ throw new Exception("Unknown line: " + line);
+ }
}
- String data = line.substring(PREFIX_LENGTH);
- if (line.startsWith("m-algorithm:")) {
- algorithm = data;
- } else if (line.startsWith("m-premaster:")) {
- premaster = parse(data);
- } else if (line.startsWith("m-crandom:")) {
- clientRandom = parse(data);
- } else if (line.startsWith("m-srandom:")) {
- serverRandom = parse(data);
- } else if (line.startsWith("m-protomajor:")) {
- protoMajor = Integer.parseInt(data);
- } else if (line.startsWith("m-protominor:")) {
- protoMinor = Integer.parseInt(data);
- } else if (line.startsWith("m-premajor:")) {
- preMajor = Integer.parseInt(data);
- } else if (line.startsWith("m-preminor:")) {
- preMinor = Integer.parseInt(data);
- } else if (line.startsWith("m-master:")) {
- master = parse(data);
-
- System.out.print(".");
- n++;
-
- KeyGenerator kg =
- KeyGenerator.getInstance("SunTlsMasterSecret", provider);
- SecretKey premasterKey =
- new SecretKeySpec(premaster, algorithm);
- TlsMasterSecretParameterSpec spec =
- new TlsMasterSecretParameterSpec(premasterKey,
- protoMajor, protoMinor, clientRandom, serverRandom,
- null, -1, -1);
- kg.init(spec);
- TlsMasterSecret key = (TlsMasterSecret)kg.generateKey();
- byte[] enc = key.getEncoded();
- if (Arrays.equals(master, enc) == false) {
- throw new Exception("mismatch line: " + lineNumber);
- }
- if ((preMajor != key.getMajorVersion()) ||
- (preMinor != key.getMinorVersion())) {
- throw new Exception("version mismatch line: " + lineNumber);
- }
- } else {
- throw new Exception("Unknown line: " + line);
+ if (n == 0) {
+ throw new Exception("no tests");
}
- }
- if (n == 0) {
- throw new Exception("no tests");
+ System.out.println();
+ System.out.println("OK: " + n + " tests");
}
- in.close();
- System.out.println();
- System.out.println("OK: " + n + " tests");
}
}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.policy Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,8 @@
+grant {
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.io.FilePermission "${test.src}/*", "read";
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.sun.security.internal.spec";
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.sun.security.internal.interfaces";
+};
\ No newline at end of file
--- a/jdk/test/sun/security/pkcs11/tls/TestPRF.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/TestPRF.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,116 +28,116 @@
* @author Andreas Sterbenz
* @library ..
* @modules java.base/sun.security.internal.spec
+ * @run main/othervm TestPRF
+ * @run main/othervm TestPRF sm policy
*/
-import java.io.*;
-import java.util.*;
-
-import java.security.Security;
+import java.io.BufferedReader;
+import java.nio.file.Files;
+import java.nio.file.Paths;
import java.security.Provider;
-
+import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
-
-import javax.crypto.spec.*;
-
-import sun.security.internal.spec.*;
+import javax.crypto.spec.SecretKeySpec;
+import sun.security.internal.spec.TlsPrfParameterSpec;
public class TestPRF extends PKCS11Test {
- private static int PREFIX_LENGTH = "prf-output: ".length();
+ private static final int PREFIX_LENGTH = "prf-output: ".length();
public static void main(String[] args) throws Exception {
- main(new TestPRF());
+ main(new TestPRF(), args);
}
+ @Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyGenerator", "SunTlsPrf") == null) {
System.out.println("Provider does not support algorithm, skipping");
return;
}
- InputStream in = new FileInputStream(new File(BASE, "prfdata.txt"));
- BufferedReader reader = new BufferedReader(new InputStreamReader(in));
+ try (BufferedReader reader = Files.newBufferedReader(
+ Paths.get(BASE, "prfdata.txt"))) {
- int n = 0;
- int lineNumber = 0;
+ int n = 0;
+ int lineNumber = 0;
- byte[] secret = null;
- String label = null;
- byte[] seed = null;
- int length = 0;
- byte[] output = null;
+ byte[] secret = null;
+ String label = null;
+ byte[] seed = null;
+ int length = 0;
+ byte[] output = null;
- while (true) {
- String line = reader.readLine();
- lineNumber++;
- if (line == null) {
- break;
- }
- if (line.startsWith("prf-") == false) {
- continue;
- }
+ while (true) {
+ String line = reader.readLine();
+ lineNumber++;
+ if (line == null) {
+ break;
+ }
+ if (line.startsWith("prf-") == false) {
+ continue;
+ }
- String data = line.substring(PREFIX_LENGTH);
- if (line.startsWith("prf-secret:")) {
- secret = parse(data);
- } else if (line.startsWith("prf-label:")) {
- label = data;
- } else if (line.startsWith("prf-seed:")) {
- seed = parse(data);
- } else if (line.startsWith("prf-length:")) {
- length = Integer.parseInt(data);
- } else if (line.startsWith("prf-output:")) {
- output = parse(data);
+ String data = line.substring(PREFIX_LENGTH);
+ if (line.startsWith("prf-secret:")) {
+ secret = parse(data);
+ } else if (line.startsWith("prf-label:")) {
+ label = data;
+ } else if (line.startsWith("prf-seed:")) {
+ seed = parse(data);
+ } else if (line.startsWith("prf-length:")) {
+ length = Integer.parseInt(data);
+ } else if (line.startsWith("prf-output:")) {
+ output = parse(data);
- System.out.print(".");
- n++;
+ System.out.print(".");
+ n++;
- KeyGenerator kg =
- KeyGenerator.getInstance("SunTlsPrf", provider);
- SecretKey inKey;
- if (secret == null) {
- inKey = null;
- } else {
- inKey = new SecretKeySpec(secret, "Generic");
- }
- TlsPrfParameterSpec spec =
- new TlsPrfParameterSpec(inKey, label, seed, length,
- null, -1, -1);
- SecretKey key;
- try {
- kg.init(spec);
- key = kg.generateKey();
- } catch (Exception e) {
+ KeyGenerator kg =
+ KeyGenerator.getInstance("SunTlsPrf", provider);
+ SecretKey inKey;
if (secret == null) {
- // This fails on Solaris, but since we never call this
- // API for this case in JSSE, ignore the failure.
- // (SunJSSE uses the CKM_TLS_KEY_AND_MAC_DERIVE
- // mechanism)
- System.out.print("X");
- continue;
+ inKey = null;
+ } else {
+ inKey = new SecretKeySpec(secret, "Generic");
}
- System.out.println();
- throw new Exception("Error on line: " + lineNumber, e);
+ TlsPrfParameterSpec spec =
+ new TlsPrfParameterSpec(inKey, label, seed, length,
+ null, -1, -1);
+ SecretKey key;
+ try {
+ kg.init(spec);
+ key = kg.generateKey();
+ } catch (Exception e) {
+ if (secret == null) {
+ // This fails on Solaris, but since we never call this
+ // API for this case in JSSE, ignore the failure.
+ // (SunJSSE uses the CKM_TLS_KEY_AND_MAC_DERIVE
+ // mechanism)
+ System.out.print("X");
+ continue;
+ }
+ System.out.println();
+ throw new Exception("Error on line: " + lineNumber, e);
+ }
+ byte[] enc = key.getEncoded();
+ if (Arrays.equals(output, enc) == false) {
+ System.out.println();
+ System.out.println("expected: " + toString(output));
+ System.out.println("actual: " + toString(enc));
+ throw new Exception("mismatch line: " + lineNumber);
+ }
+ } else {
+ throw new Exception("Unknown line: " + line);
}
- byte[] enc = key.getEncoded();
- if (Arrays.equals(output, enc) == false) {
- System.out.println();
- System.out.println("expected: " + toString(output));
- System.out.println("actual: " + toString(enc));
- throw new Exception("mismatch line: " + lineNumber);
- }
- } else {
- throw new Exception("Unknown line: " + line);
+ }
+ if (n == 0) {
+ throw new Exception("no tests");
}
- }
- if (n == 0) {
- throw new Exception("no tests");
+ System.out.println();
+ System.out.println("OK: " + n + " tests");
}
- in.close();
- System.out.println();
- System.out.println("OK: " + n + " tests");
}
}
--- a/jdk/test/sun/security/pkcs11/tls/TestPremaster.java Tue Jan 26 09:25:53 2016 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/TestPremaster.java Tue Jan 26 13:32:07 2016 -0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -28,23 +28,22 @@
* @author Andreas Sterbenz
* @library ..
* @modules java.base/sun.security.internal.spec
+ * @run main/othervm TestPremaster
+ * @run main/othervm TestPremaster sm policy
*/
-import java.security.Security;
import java.security.Provider;
-
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
-import java.util.Formatter;
-
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
public class TestPremaster extends PKCS11Test {
public static void main(String[] args) throws Exception {
- main(new TestPremaster());
+ main(new TestPremaster(), args);
}
+ @Override
public void main(Provider provider) throws Exception {
if (provider.getService(
"KeyGenerator", "SunTlsRsaPremasterSecret") == null) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/pkcs11/tls/policy Tue Jan 26 13:32:07 2016 -0800
@@ -0,0 +1,5 @@
+grant {
+ permission java.lang.RuntimePermission "setSecurityManager";
+ permission java.io.FilePermission "${test.src}/*", "read";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.internal.spec";
+};
\ No newline at end of file