8227059: sun/security/tools/keytool/DefaultSignatureAlgorithm.java timed out
Reviewed-by: xuelei
--- a/test/jdk/sun/security/tools/keytool/DefaultSignatureAlgorithm.java Wed Jul 10 09:43:34 2019 +0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,81 +0,0 @@
-/*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 8138766
- * @key intermittent
- * @summary New default -sigalg for keytool
- * @modules java.base/sun.security.tools.keytool
- * @modules jdk.crypto.ec
- * @run main/othervm DefaultSignatureAlgorithm RSA 1024 SHA256withRSA
- * @run main/othervm DefaultSignatureAlgorithm RSA 3072 SHA256withRSA
- * @run main/othervm DefaultSignatureAlgorithm RSA 3073 SHA384withRSA
- * @run main/othervm DefaultSignatureAlgorithm DSA 1024 SHA256withDSA
- * @run main/othervm/timeout=700 DefaultSignatureAlgorithm DSA 3072
- * SHA256withDSA
- * @run main/othervm DefaultSignatureAlgorithm EC 192 SHA256withECDSA
- * @run main/othervm DefaultSignatureAlgorithm EC 384 SHA384withECDSA
- * @run main/othervm DefaultSignatureAlgorithm EC 571 SHA512withECDSA
- * @run main/othervm DefaultSignatureAlgorithm EC 571 SHA256withECDSA
- * SHA256withECDSA
- */
-
-import sun.security.tools.keytool.Main;
-
-import java.io.File;
-import java.security.KeyStore;
-import java.security.cert.X509Certificate;
-
-public class DefaultSignatureAlgorithm {
-
- public static void main(String[] args) throws Exception {
- if(args == null || args.length < 3) {
- throw new RuntimeException("Invalid arguments provided.");
- }
- String sigAlg = (args.length == 4) ? args[3] : null;
- run(args[0], Integer.valueOf(args[1]), args[2], sigAlg);
- }
-
- private static void run(String keyAlg, int keySize,
- String expectedSigAlg, String sigAlg) throws Exception {
- String alias = keyAlg + keySize + System.currentTimeMillis();
- String cmd = "-keystore ks -storepass changeit" +
- " -keypass changeit -alias " + alias +
- " -keyalg " + keyAlg + " -keysize " + keySize +
- " -genkeypair -dname CN=" + alias + " -debug";
- if (sigAlg != null) {
- cmd += " -sigalg " + sigAlg;
- }
- Main.main(cmd.split(" "));
-
- KeyStore ks = KeyStore.getInstance(
- new File("ks"), "changeit".toCharArray());
- X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
- String actualSigAlg = cert.getSigAlgName();
- if (!actualSigAlg.equals(expectedSigAlg)) {
- throw new Exception("Failure at " + alias + ": expected "
- + expectedSigAlg + ", actually " + actualSigAlg);
- }
- }
-}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/fakegen/DefaultSignatureAlgorithm.java Wed Jul 10 09:43:35 2019 +0800
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8138766 8227059
+ * @summary New default -sigalg for keytool
+ * @library /test/lib
+ * @build java.base/sun.security.rsa.RSAKeyPairGenerator
+ * java.base/sun.security.provider.DSAKeyPairGenerator
+ * jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator
+ * @run main DefaultSignatureAlgorithm
+ * @modules jdk.crypto.ec
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import java.io.File;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+
+public class DefaultSignatureAlgorithm {
+
+ static int pos = 0;
+
+ public static void main(String[] args) throws Exception {
+ check("RSA", 1024, null, "SHA256withRSA");
+ check("RSA", 3072, null, "SHA256withRSA");
+ check("RSA", 3073, null, "SHA384withRSA");
+ check("RSA", 7680, null, "SHA384withRSA");
+ check("RSA", 7681, null, "SHA512withRSA");
+
+ check("DSA", 1024, null, "SHA256withDSA");
+ check("DSA", 3072, null, "SHA256withDSA");
+
+ check("EC", 192, null, "SHA256withECDSA");
+ check("EC", 384, null, "SHA384withECDSA");
+ check("EC", 571, null, "SHA512withECDSA");
+
+ check("EC", 571, "SHA256withECDSA", "SHA256withECDSA");
+ }
+
+ private static void check(String keyAlg, int keySize,
+ String requestedSigAlg, String expectedSigAlg)
+ throws Exception {
+ String alias = keyAlg + keySize + "-" + pos++;
+ String sigAlgParam = requestedSigAlg == null
+ ? ""
+ : (" -sigalg " + requestedSigAlg);
+ genkeypair(alias,
+ "-keyalg " + keyAlg + " -keysize " + keySize + sigAlgParam)
+ .shouldHaveExitValue(0);
+
+ KeyStore ks = KeyStore.getInstance(
+ new File("ks"), "changeit".toCharArray());
+ X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
+ Asserts.assertEQ(cert.getPublicKey().getAlgorithm(), keyAlg);
+ Asserts.assertEQ(cert.getSigAlgName(), expectedSigAlg);
+ }
+
+ static OutputAnalyzer genkeypair(String alias, String options)
+ throws Exception {
+ String patchArg = "-J--patch-module=java.base="
+ + System.getProperty("test.classes")
+ + File.separator + "patches" + File.separator + "java.base"
+ + " -J--patch-module=jdk.crypto.ec="
+ + System.getProperty("test.classes")
+ + File.separator + "patches" + File.separator + "jdk.crypto.ec";;
+ return kt(patchArg + " -genkeypair -alias " + alias
+ + " -dname CN=" + alias + " " + options);
+ }
+
+ static OutputAnalyzer kt(String cmd)
+ throws Exception {
+ return SecurityTools.keytool("-storepass changeit -keypass changeit "
+ + "-keystore ks " + cmd);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/fakegen/PSS.java Wed Jul 10 09:43:35 2019 +0800
@@ -0,0 +1,115 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8215694 8222987 8225257
+ * @summary keytool cannot generate RSASSA-PSS certificates
+ * @library /test/lib
+ * @build java.base/sun.security.rsa.RSAKeyPairGenerator
+ * @modules java.base/sun.security.util
+ * java.base/sun.security.x509
+ * @requires os.family != "solaris"
+ * @run main PSS
+ */
+
+// This test is excluded from Solaris because the 8192-bit RSA key pair
+// generator is extremely slow there.
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.security.DerUtils;
+import sun.security.util.ObjectIdentifier;
+import sun.security.x509.AlgorithmId;
+
+import java.io.File;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+
+public class PSS {
+
+ public static void main(String[] args) throws Exception {
+
+ genkeypair("p", "-keyalg RSASSA-PSS -sigalg RSASSA-PSS")
+ .shouldHaveExitValue(0);
+
+ genkeypair("a", "-keyalg RSA -sigalg RSASSA-PSS -keysize 2048")
+ .shouldHaveExitValue(0);
+
+ genkeypair("b", "-keyalg RSA -sigalg RSASSA-PSS -keysize 4096")
+ .shouldHaveExitValue(0);
+
+ genkeypair("c", "-keyalg RSA -sigalg RSASSA-PSS -keysize 8192")
+ .shouldHaveExitValue(0);
+
+ KeyStore ks = KeyStore.getInstance(
+ new File("ks"), "changeit".toCharArray());
+
+ check((X509Certificate)ks.getCertificate("p"), "RSASSA-PSS",
+ AlgorithmId.SHA256_oid);
+
+ check((X509Certificate)ks.getCertificate("a"), "RSA",
+ AlgorithmId.SHA256_oid);
+
+ check((X509Certificate)ks.getCertificate("b"), "RSA",
+ AlgorithmId.SHA384_oid);
+
+ check((X509Certificate)ks.getCertificate("c"), "RSA",
+ AlgorithmId.SHA512_oid);
+
+ // More commands
+ kt("-certreq -alias p -sigalg RSASSA-PSS -file p.req")
+ .shouldHaveExitValue(0);
+
+ kt("-gencert -alias a -sigalg RSASSA-PSS -infile p.req -outfile p.cert")
+ .shouldHaveExitValue(0);
+
+ kt("-importcert -alias p -file p.cert")
+ .shouldHaveExitValue(0);
+
+ kt("-selfcert -alias p -sigalg RSASSA-PSS")
+ .shouldHaveExitValue(0);
+ }
+
+ static OutputAnalyzer genkeypair(String alias, String options)
+ throws Exception {
+ String patchArg = "-J--patch-module=java.base=" + System.getProperty("test.classes")
+ + File.separator + "patches" + File.separator + "java.base";
+ return kt(patchArg + " -genkeypair -alias " + alias
+ + " -dname CN=" + alias + " " + options);
+ }
+
+ static OutputAnalyzer kt(String cmd)
+ throws Exception {
+ return SecurityTools.keytool("-storepass changeit -keypass changeit "
+ + "-keystore ks " + cmd);
+ }
+
+ static void check(X509Certificate cert, String expectedKeyAlg,
+ ObjectIdentifier expectedMdAlg) throws Exception {
+ Asserts.assertEQ(cert.getPublicKey().getAlgorithm(), expectedKeyAlg);
+ Asserts.assertEQ(cert.getSigAlgName(), "RSASSA-PSS");
+ DerUtils.checkAlg(cert.getSigAlgParams(), "000", expectedMdAlg);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/fakegen/java.base/sun/security/provider/DSAKeyPairGenerator.java Wed Jul 10 09:43:35 2019 +0800
@@ -0,0 +1,156 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.provider;
+
+import java.math.BigInteger;
+
+import java.security.*;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * A fake DSA key pair generator
+ */
+class DSAKeyPairGenerator extends KeyPairGenerator {
+
+ private int plen;
+
+ DSAKeyPairGenerator(int defaultKeySize) {
+ super("DSA");
+ this.plen = defaultKeySize;
+ }
+
+ public void initialize(int modlen, SecureRandom random) {
+ this.plen = modlen;
+ }
+
+ public void initialize(AlgorithmParameterSpec params, SecureRandom random) {
+ throw new UnsupportedOperationException();
+ }
+
+ public KeyPair generateKeyPair() {
+ BigInteger p, q, g, x, y;
+ switch (plen) {
+ case 1024:
+ p = new BigInteger("178011905478542266528237562450159990145232"
+ + "156369120674273274450314442865788737020770612695252"
+ + "123463079567156784778466449970650770920727857050009"
+ + "668388144034129745221171818506047231150039301079959"
+ + "358067395348717066319802262019714966524135060945913"
+ + "707594956514672855690606794135837542707371727429551"
+ + "343320695239");
+ q = new BigInteger("864205495604807476120572616017955259175325"
+ + "408501");
+ g = new BigInteger("174068207532402095185811980123523436538604"
+ + "490794561350978495831040599953488455823147851597408"
+ + "940950725307797094915759492368300574252438761037084"
+ + "473467180148876118103083043754985190983472601550494"
+ + "691329488083395492313850000361646482644608492304078"
+ + "721818959999056496097769368017749273708962006689187"
+ + "956744210730");
+ x = new BigInteger("442684721233431748836258763370873041965448"
+ + "305045");
+ y = new BigInteger("123777377875361061959303516913138943002334"
+ + "907914087825062123737715425120688699041350157178201"
+ + "400875613890444051801751930684745642628053940339973"
+ + "838660880918443284038995141330502246221730915504106"
+ + "313025753680709037893119973285385498869618080832350"
+ + "844717549458284541384384444940685082987448444197127"
+ + "109727215326");
+ break;
+ case 3072:
+ p = new BigInteger("532424770282957507167558442446475365039221"
+ + "865310725601984444684810811113744209961033785957055"
+ + "545569814329215072178264469737927701168579964248618"
+ + "212671015750272795670312875451455848633455356647610"
+ + "802537682630581977793580392148938495801039643027210"
+ + "168055234243089546290868853109011307872303192870862"
+ + "928522910714047973751079687063489704904165319118754"
+ + "414656318529199596549052269402875554159175957058778"
+ + "440558421673575502884909440510567191072050738584727"
+ + "120524174557883883057055053123583287619621138916493"
+ + "103747092870334536468061850120264153241617645557971"
+ + "369719361654590867807897284715299844320510777830158"
+ + "726099043158186232574541934847234927190558272654504"
+ + "899757279197741136733127726856995584055651857157703"
+ + "730144527174175430693903863066052387871964460507889"
+ + "647358151911550149297202134918108185581732063173116"
+ + "923323722454275514471399056679497166381315291238166"
+ + "678637058042047687405023560967657729197010282296512"
+ + "1019243318222397");
+ q = new BigInteger("890750162030504407723769200757822201430799"
+ + "34855896740921457815099167207156753");
+ g = new BigInteger("151817606774376623890824510431247991418389"
+ + "715779225250508738780526725946562383344295250350988"
+ + "771843988677909140611473778208677098146023000408394"
+ + "159085130929460916510001933636711147155614261913281"
+ + "024881629605746742555704817858764668833915862917006"
+ + "598838541275997577579609978297421111961935816027196"
+ + "483840098753346970227821715342000582711792748060856"
+ + "726896896804543780217869880654497603605897208724113"
+ + "159746510357451233393865294043543249227656881945445"
+ + "911394836487973565655780621125471620102365417701222"
+ + "942700788591992318925980959657031578942777920589286"
+ + "616050851348109471636081284309144953091734152913609"
+ + "446411782660994503265873790796828974300693496175976"
+ + "687169380996928285288177682058646187108156643041984"
+ + "849723272840833108573298006600021948389582796433112"
+ + "947515654733901137745000270350091408182905439114222"
+ + "789179830877253611946986888461931792357280552721443"
+ + "254779196196933589018709692301251250169609249601817"
+ + "4795480503442737");
+ x = new BigInteger("837184725379267020693579006510066460977336"
+ + "11851797067505263114214549968402803");
+ y = new BigInteger("395340495486576955293430186860596538887519"
+ + "532234445217156133155957480616804094258448364164620"
+ + "019669119585215430588435624960233328621409901309332"
+ + "192899527076171337665680476899693664056285881110265"
+ + "747619109873269836751712303602309960796986216520795"
+ + "801714761851172570535758859846766099312622783018124"
+ + "479033035974495130498276693342256396509951099944860"
+ + "886247767918456849069941054372775951688384599525157"
+ + "707186634084399395289878437457318095050730531728857"
+ + "772445883395712924633196197942869159234956079072812"
+ + "033713932103618702222793066673087288841096282175640"
+ + "243353943285718935517693389945339235110435667386410"
+ + "827568246083609394541667076709869892137539964277111"
+ + "881671381034966060604088870102183420000265271778711"
+ + "380501229707440889595235145225482336904915838699846"
+ + "941323450568220944649213026904670943083185766542427"
+ + "196471392765688014947830444837953042683779059773143"
+ + "877079141940001705246446188097009313372159366032655"
+ + "5436444354063312");
+ break;
+ default:
+ throw new AssertionError("Unknown keySize " + plen);
+ }
+
+ try {
+ return new KeyPair(new DSAPublicKeyImpl(y, p, q, g),
+ new DSAPrivateKey(x, p, q, g));
+ } catch (InvalidKeyException e) {
+ throw new ProviderException(e);
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/fakegen/java.base/sun/security/rsa/RSAKeyPairGenerator.java Wed Jul 10 09:43:35 2019 +0800
@@ -0,0 +1,449 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.rsa;
+
+import java.math.BigInteger;
+
+import java.security.*;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.RSAKeyGenParameterSpec;
+
+import sun.security.x509.AlgorithmId;
+import static sun.security.rsa.RSAUtil.KeyType;
+
+/**
+ * A fake RSA keypair generation.
+ */
+public abstract class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
+
+ // public exponent to use
+ private BigInteger publicExponent;
+
+ // size of the key to generate, >= RSAKeyFactory.MIN_MODLEN
+ private int keySize;
+
+ private final KeyType type;
+ private AlgorithmId rsaId;
+
+ RSAKeyPairGenerator(KeyType type, int defKeySize) {
+ this.type = type;
+ // initialize to default in case the app does not call initialize()
+ initialize(defKeySize, null);
+ }
+
+ // initialize the generator. See JCA doc
+ public void initialize(int keySize, SecureRandom random) {
+ try {
+ initialize(new RSAKeyGenParameterSpec(keySize,
+ RSAKeyGenParameterSpec.F4), random);
+ } catch (InvalidAlgorithmParameterException iape) {
+ throw new InvalidParameterException(iape.getMessage());
+ }
+ }
+
+ // second initialize method. See JCA doc.
+ public void initialize(AlgorithmParameterSpec params, SecureRandom random)
+ throws InvalidAlgorithmParameterException {
+ if (params instanceof RSAKeyGenParameterSpec == false) {
+ throw new InvalidAlgorithmParameterException
+ ("Params must be instance of RSAKeyGenParameterSpec");
+ }
+
+ RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec)params;
+ int tmpKeySize = rsaSpec.getKeysize();
+ BigInteger tmpPublicExponent = rsaSpec.getPublicExponent();
+ AlgorithmParameterSpec tmpParams = rsaSpec.getKeyParams();
+
+ if (tmpPublicExponent == null) {
+ tmpPublicExponent = RSAKeyGenParameterSpec.F4;
+ } else {
+ if (tmpPublicExponent.compareTo(RSAKeyGenParameterSpec.F0) < 0) {
+ throw new InvalidAlgorithmParameterException
+ ("Public exponent must be 3 or larger");
+ }
+ if (tmpPublicExponent.bitLength() > tmpKeySize) {
+ throw new InvalidAlgorithmParameterException
+ ("Public exponent must be smaller than key size");
+ }
+ }
+
+ // do not allow unreasonably large key sizes, probably user error
+ try {
+ RSAKeyFactory.checkKeyLengths(tmpKeySize, tmpPublicExponent,
+ 512, 64 * 1024);
+ } catch (InvalidKeyException e) {
+ throw new InvalidAlgorithmParameterException(
+ "Invalid key sizes", e);
+ }
+
+ try {
+ this.rsaId = RSAUtil.createAlgorithmId(type, tmpParams);
+ } catch (ProviderException e) {
+ throw new InvalidAlgorithmParameterException(
+ "Invalid key parameters", e);
+ }
+
+ this.keySize = tmpKeySize;
+ this.publicExponent = tmpPublicExponent;
+ }
+
+ // generate the keypair. See JCA doc
+ public KeyPair generateKeyPair() {
+
+ // accommodate odd key sizes in case anybody wants to use them
+ BigInteger e = publicExponent;
+ if (!e.equals(RSAKeyGenParameterSpec.F4)) {
+ throw new AssertionError("Only support F4 now");
+ }
+ BigInteger p, q, n;
+
+ // Pre-calculated p and q for e == RSAKeyGenParameterSpec.F4
+ switch (keySize) {
+ case 1024:
+ p = new BigInteger("1220491537800192366196661816910427"
+ + "2375185130493819649338056226264568132442590"
+ + "2306195110391300298681932797393339089272174"
+ + "24490645345596103420476757417659909");
+
+ q = new BigInteger("8480533592205316739308384508307319"
+ + "3310632635895778398980504245932789486455154"
+ + "4265220956952343855842030266079089174423047"
+ + "7382175514060777025691485728713063");
+ break;
+ case 2048:
+ p = new BigInteger("1600840041787354447543653385760927"
+ + "2642568308955833364523274045522752644800599"
+ + "8669541532595690224703734511692014533312515"
+ + "1867029838883431415692353449578487671384896"
+ + "6611685764860941767986520897595108597563035"
+ + "4023785639802607792535812062420427283857665"
+ + "9883578590844700707106157871508280052743363"
+ + "65749456332400771");
+ q = new BigInteger("1303880717101677622201474394769850"
+ + "7257196073324816341282215626935164930077468"
+ + "5999131251387556761167658937349436378464220"
+ + "4831804147777472146628148336776639855791417"
+ + "3849903041999943901924899580268176393595653"
+ + "7357080543898614581363167420619163047562600"
+ + "6155574020606891195960345238780709194499010"
+ + "43652862954645301");
+ break;
+ case 3072:
+ p = new BigInteger("2403380417344527161525447148950543"
+ + "9379802436047502603774623852967909282895900"
+ + "7474251859703715384817150107392592636129366"
+ + "5680725148417789414447073716354703692160825"
+ + "9910929198523923851672957013786423746474670"
+ + "5285365870313877239114930859096040034848729"
+ + "0251735848703378313724697081522892607625120"
+ + "0765531003751468146539682665307123591367928"
+ + "1883284784295069877414057796300484015307336"
+ + "5167008365209621810307777651197826810474895"
+ + "858836606799546054179898997210174885200767");
+ q = new BigInteger("2046511893459993309772203642844931"
+ + "1853027469856467052942666265372903000702193"
+ + "7794121141028918655144044411085405243565188"
+ + "8318027937964509940322691121105328104450287"
+ + "0400405975394764523022670537180050051646095"
+ + "3320242109876620452477757629185501504625999"
+ + "8487187901577781067325277853462587849063313"
+ + "5364789330253471096755661110557598411108366"
+ + "1566266965711522070909440716658568303529454"
+ + "8075296935907088988560548322049196321207173"
+ + "136436923455192617031129191723631954025427");
+ break;
+ case 3073:
+ p = new BigInteger("358024230418365680745725628188289"
+ + "996969857993064124357766607077169315932503"
+ + "907030633492082868150575329278637502167157"
+ + "345572819552678004302525872656665704012432"
+ + "644868036964802792468216554458209893873320"
+ + "297608885231998895441396822219845215463819"
+ + "216163684222596923153702349718019538798623"
+ + "793830598445085650304217449539016339429747"
+ + "385490484982419227549804698120223647408926"
+ + "021549912791440569127641517442362359166673"
+ + "430151753277549861070074076802118983202554"
+ + "7683523973");
+ q = new BigInteger("169752169194244078720180277210205"
+ + "255207796420396114596943944148158798629671"
+ + "789863988428383183103705641694331073747120"
+ + "522505020908219489265190380712941311249155"
+ + "156834674079165492105570443486536740756291"
+ + "314279877766807786397193023304245520017295"
+ + "969248707516367324340822062886043618371887"
+ + "320492710434958863952407959935025922006108"
+ + "282752473898685457767312430894004833959025"
+ + "415996648289919841900071076314309778495245"
+ + "505026665971431792707247787031811654193145"
+ + "1044952887");
+ break;
+ case 4096:
+ p = new BigInteger("2985635754414679487171962796211911"
+ + "1563710734938215274736352092606404045130913"
+ + "2477365484439939846705721840432140066578525"
+ + "0762327458086280430118434094733412377416194"
+ + "8736124795243564050755767519346747209606612"
+ + "5835460937739428885308798309679495432910469"
+ + "0294757621321446003970767164933974474924664"
+ + "1513767092845098947552598109657871041666676"
+ + "2945573325433283821164032766425479703026349"
+ + "9433641551427112483593214628620450175257586"
+ + "4350119143877183562692754400346175237007314"
+ + "7121580349193179272551363894896336921717843"
+ + "3734726842184251708799134654802475890197293"
+ + "9094908310578403843742664173424031260840446"
+ + "591633359364559754200663");
+ q = new BigInteger("2279248439141087793789384816271625"
+ + "1304008816573950275844533962181244003563987"
+ + "6638461665174020058827698592331066726709304"
+ + "9231319346136709972639455506783245161859951"
+ + "6191872757335765533547033659834427437142631"
+ + "3801232751161907082392011429712327250253948"
+ + "6012497852063361866175243227579880020724881"
+ + "9393797645220239009219998518884396282407710"
+ + "7199202450846395844337846503427790307364624"
+ + "5124871273035872938616425951596065309519651"
+ + "1519189356431513094684173807318945903212527"
+ + "7712469749366620048658571121822171067675915"
+ + "5479178304648399924549334007222294762969503"
+ + "5341584429803583589276956979963609078497238"
+ + "760757619468018224491053");
+ break;
+ case 7680:
+ p = new BigInteger("7034022146817764608206409206476311"
+ + "1371065855827199565170055133179419153145313"
+ + "9446295819321510144417300286482767498463255"
+ + "3370362723164324606829434617977090251035572"
+ + "4237546099249090966627372485629853471350368"
+ + "1497807044971675189990783927066958945388379"
+ + "4004871857862380913954692362042250112646330"
+ + "0515873693830575810241740671573357342073942"
+ + "4924331206670599086552994426505996651481869"
+ + "2750320309695596383830444337180596058381417"
+ + "7804256675894755482917598033151085120879826"
+ + "5373459707672000040090469058320463160804122"
+ + "8041026671361647347262771363754358441620179"
+ + "3861076191970047581401830740749715862725492"
+ + "5750077182986169592435996668282677192000592"
+ + "8019204141383012670399208092972174321639234"
+ + "6398779487064860458178135981700487728919191"
+ + "2418625085287791733119321378648688730352488"
+ + "6446800847442687530322927871063574241918202"
+ + "1883228799435533794167861499482410970370569"
+ + "6964781912514810444018313637829915454156777"
+ + "4591735979781496237582756842195362757823524"
+ + "2054367976655738752756266147542536910268553"
+ + "7448833810249238249431673425245843356607647"
+ + "4372260685985882252621076435844355190011754"
+ + "0656637395317040751098009821385816878380790"
+ + "9017022563392158510700243843871343995665725"
+ + "9447");
+ q = new BigInteger("7006097449483280289139842436346899"
+ + "9530483972793167261845287040200424598484519"
+ + "0516644904497480849788319004016685820778949"
+ + "8514891188272714344395538114013074460410497"
+ + "8359325044727263936454825245761418873141623"
+ + "2797767712619624879346520836103128457266811"
+ + "0175147598232556414901292143389437071453369"
+ + "4867355570712858957689566849950544938172174"
+ + "9136345403774445991224311311204082279382451"
+ + "1977673518543939329498617563049052032259503"
+ + "1057378839061411322975567618416093845144604"
+ + "4563500271329350225709899627798126176885843"
+ + "9953695524756659384424971651654225913916902"
+ + "7087953078966988666226779422822854729725410"
+ + "1118666318953891716194309185187152294057704"
+ + "2509582485250984938518224243061447485603856"
+ + "0197517312286511585545481984194518805766300"
+ + "7351141154720653351520788558277866920369211"
+ + "9269193267018615410395030712426882576851775"
+ + "9240726416572698143674385203349496226355950"
+ + "0327319442530888807531774734409411628435155"
+ + "6449625936156829175453919098709371623972260"
+ + "4090598351878256110255744263233419699486705"
+ + "3658219936031243191809689036438631617494147"
+ + "8183898954195399872571907981872765548994005"
+ + "0754996819683869837696561316479950526914796"
+ + "3613549619563212818369365543951734053135086"
+ + "8593");
+ break;
+ case 7681:
+ p = new BigInteger("1051422012172516922972337796421710"
+ + "1479918158427421377774284533124281583092508"
+ + "4961153980854679659383249048667658521370629"
+ + "6404078819943386006431233653506112030196761"
+ + "7596078830067404622117784094070983115834842"
+ + "0487926993058767148294211654032287322495894"
+ + "1733666341539644761909820700670130074920230"
+ + "0423405253327351685101039824822997870642295"
+ + "8176417666723292317903368285439828460328413"
+ + "9578515412811253729224087502906626189200448"
+ + "4062549581079444644685394008569377879899377"
+ + "0578136407363616816108795867392262638913436"
+ + "2041457188733948013731661456602199370852579"
+ + "2394583215214266552642082043674873685065171"
+ + "9053703728689139119006448644148961706358756"
+ + "0498696516029596534138345596800696824976461"
+ + "8461070371773003241093580622731426623849732"
+ + "8737707046931934781383331589291927520571138"
+ + "2759511573966362005294438252298268405782746"
+ + "9642105075721912120520774388679358659061825"
+ + "8867415333830751976884165265610029632416351"
+ + "6666642762305875140340531095190000199307531"
+ + "2186952558457690950270489966695323839026041"
+ + "0797018634946454573060304991245539422899112"
+ + "9312288231966690989900334936215870198735213"
+ + "6745631923445509394027128331099748294658904"
+ + "6303809606943116678969915369410846798143779"
+ + "89187");
+ q = new BigInteger("8160183444544784072886152354850963"
+ + "2507221530634202707531181684048014518183560"
+ + "4586261698204521358487995639975786964316103"
+ + "5861955444259138806900123878887948650444640"
+ + "7062365744302695074634248387572850855758081"
+ + "9074631976865727985289995811413472254074432"
+ + "4751574514329862821405069035713821908598155"
+ + "5436571566703295992717666421591959121774983"
+ + "5913798632992394695663301960139778059658979"
+ + "4944466598070019481108421780314115410201334"
+ + "2925668957166258484312039121420100795544341"
+ + "5372918969907063685116069321551182817324799"
+ + "3347159610063964281388144113123539915925090"
+ + "2692309096312451442405059120315891913678403"
+ + "4977738880336169371406947347468157606390086"
+ + "3381587148478097717352225924672548657441771"
+ + "3887371520215341151934095945869956390140929"
+ + "3098286281540595154062683214111934217839063"
+ + "3309526631019699109621050440794920159910038"
+ + "3248965999877529393614116991972153758910967"
+ + "1712258745878268303349611893651932564447696"
+ + "9601760120187828039923387985032881949408596"
+ + "0689784023540256749586591441103043888423326"
+ + "3078541569639917739590630101701573133092711"
+ + "6157430583592378472242178997833136144409256"
+ + "3558220277370179546822023437190315852529873"
+ + "0831890147323301322699740037060134979740963"
+ + "4289");
+ break;
+ case 8192:
+ p = new BigInteger("9821669838446774374944535804569858"
+ + "0553278885576950130485823829973470553571905"
+ + "3014418421996241500307589880457361653957913"
+ + "9176499436767288125182942994089196450118944"
+ + "8701794862752733776161684616570463744619126"
+ + "4981622564763630694110472008409561205704867"
+ + "0221819623405201369630462487520858670679048"
+ + "5854008441429858453634949980424333056803703"
+ + "1205609490778445762604050796894221725977551"
+ + "1428887194691696420765173256600200430067305"
+ + "4364524177041858044598166859757042904625691"
+ + "4292728453597609683799189454690202563236931"
+ + "8171122071288244573793276051041975005528757"
+ + "0228306442708182141334279133965507583927772"
+ + "9244311696220253059281524393613278272067808"
+ + "7017494446447670799055720358621918361716353"
+ + "5018317015764698318012095108914870478138809"
+ + "8204738169777192718869484177321870413838036"
+ + "8149216482968887382371881239714335470844573"
+ + "1862934371951394070111726593305334971041399"
+ + "5517260339034138718517336990212463882142363"
+ + "9154412320743552301967162100734381046548816"
+ + "3883737645359595416600487444018399886391071"
+ + "3777667222706059170707223589163679915863781"
+ + "4662302526078720977228426750718207481384357"
+ + "7918717041190413457052439016978578217755022"
+ + "7370720979516554707297685239584071755267452"
+ + "6021894842754355160100506065457679069228273"
+ + "95209345267367982516553449135291473361");
+ q = new BigInteger("7902448465953646210110784092684896"
+ + "0265474424590294110174550047938700740921014"
+ + "1981650823416127449143596912363210790070524"
+ + "2903784112701128957948996730263815210531364"
+ + "0489145287401377007608600217628773627723381"
+ + "1194123533939872283952535576847014977682278"
+ + "9332064706645169741712060131540562788886577"
+ + "3762235020990267901959745687867018811088495"
+ + "3716021011509120447248882358515954471433808"
+ + "2782236662758287959413069553620728137831579"
+ + "2321174813204514354999978428741310035945405"
+ + "0226661395731921098764192439072425262100813"
+ + "9732949866553839713092238096261034339815187"
+ + "2832617055364163276140160068136296115910569"
+ + "9466440903693740716929166334256441926903849"
+ + "1082968246155177124035336609654226388424434"
+ + "5775783323612758615407928446164631651292743"
+ + "8428509642959278732826297890909454571009075"
+ + "7836191622138731918099379467912681177757761"
+ + "6141378131042432093843778753846726589215845"
+ + "7402160146427434508515156204064224022904659"
+ + "8645441448874409852211668374267341177082462"
+ + "7341410218867175406105046487057429530801973"
+ + "0931082058719258230993681115780999537424968"
+ + "2385515792331573549935317407789344892257264"
+ + "7464569110078675090194686816764429827739815"
+ + "0566036514181547634372488184242167294602000"
+ + "8232780963578241583529875079397308150506597"
+ + "37190564909892937290776929541076192569");
+ break;
+ default:
+ throw new AssertionError("Unknown keySize " + keySize);
+ }
+
+ n = p.multiply(q);
+
+ // phi = (p - 1) * (q - 1) must be relative prime to e
+ // otherwise RSA just won't work ;-)
+ BigInteger p1 = p.subtract(BigInteger.ONE);
+ BigInteger q1 = q.subtract(BigInteger.ONE);
+ BigInteger phi = p1.multiply(q1);
+ // generate new p and q until they work. typically
+ // the first try will succeed when using F4
+ if (e.gcd(phi).equals(BigInteger.ONE) == false) {
+ throw new AssertionError("Should not happen");
+ }
+
+ // private exponent d is the inverse of e mod phi
+ BigInteger d = e.modInverse(phi);
+
+ // 1st prime exponent pe = d mod (p - 1)
+ BigInteger pe = d.mod(p1);
+ // 2nd prime exponent qe = d mod (q - 1)
+ BigInteger qe = d.mod(q1);
+
+ // crt coefficient coeff is the inverse of q mod p
+ BigInteger coeff = q.modInverse(p);
+
+ try {
+ PublicKey publicKey = new RSAPublicKeyImpl(rsaId, n, e);
+ PrivateKey privateKey = new RSAPrivateCrtKeyImpl(
+ rsaId, n, e, d, p, q, pe, qe, coeff);
+ return new KeyPair(publicKey, privateKey);
+ } catch (InvalidKeyException exc) {
+ // invalid key exception only thrown for keys < 512 bit,
+ // will not happen here
+ throw new RuntimeException(exc);
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/fakegen/jdk.crypto.ec/sun/security/ec/ECKeyPairGenerator.java Wed Jul 10 09:43:35 2019 +0800
@@ -0,0 +1,105 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.ec;
+
+import java.math.BigInteger;
+import java.security.*;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+
+import sun.security.util.ECUtil;
+import static sun.security.util.SecurityProviderConstants.DEF_EC_KEY_SIZE;
+
+/**
+ * A fake EC keypair generator.
+ */
+public final class ECKeyPairGenerator extends KeyPairGeneratorSpi {
+
+ private int keySize;
+
+ public ECKeyPairGenerator() {
+ initialize(DEF_EC_KEY_SIZE, null);
+ }
+
+ @Override
+ public void initialize(int keySize, SecureRandom random) {
+ this.keySize = keySize;
+ }
+
+ @Override
+ public void initialize(AlgorithmParameterSpec params, SecureRandom random)
+ throws InvalidAlgorithmParameterException {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public KeyPair generateKeyPair() {
+ BigInteger s, x, y;
+ switch (keySize) {
+ case 192:
+ s = new BigInteger("144089953963995451666433763881605261867377"
+ + "0287449914970417");
+ x = new BigInteger("527580219290493448707803038403444129676461"
+ + "560927008883862");
+ y = new BigInteger("171489247081620145247240656640887886126295"
+ + "376102134763235");
+ break;
+ case 384:
+ s = new BigInteger("230878276322370828604837367594276033697165"
+ + "328633328282930557390817326627704675451851870430805"
+ + "90262886393892128915463");
+ x = new BigInteger("207573127814711182089888821916296502977037"
+ + "557291394001491584185306092085745595207966563387890"
+ + "64848861531410731137896");
+ y = new BigInteger("272903686539605964684771543637437742229808"
+ + "792287657810480793861620950159864617021540168828129"
+ + "97920015041145259782242");
+ break;
+ case 571:
+ s = new BigInteger("102950007413729156017516513076331886543538"
+ + "947044937190140406420556321983301533699021909556189"
+ + "150601557539520495361099574425100081169640300555562"
+ + "4280643194744140660275077121");
+ x = new BigInteger("640598847385582251482893323029655037929442"
+ + "593800810090252942944624854811134311418807076811195"
+ + "132373308708007447666896675761104237802118413642543"
+ + "8277858107132017492037336593");
+ y = new BigInteger("254271270803422773271985083014247202480077"
+ + "131823713050110789460550383275777195766342550786766"
+ + "080401402424961690914429074822281551140068729472439"
+ + "477216613432839953714415981");
+ break;
+ default:
+ throw new AssertionError("Unsupported keysize " + keySize);
+ }
+ ECParameterSpec ecParams = ECUtil.getECParameterSpec(null, keySize);
+ try {
+ return new KeyPair(new ECPublicKeyImpl(new ECPoint(x, y), ecParams),
+ new ECPrivateKeyImpl(s, ecParams));
+ } catch (Exception ex) {
+ throw new ProviderException(ex);
+ }
+ }
+}
--- a/test/jdk/sun/security/tools/keytool/pss/PSS.java Wed Jul 10 09:43:34 2019 +0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,115 +0,0 @@
-/*
- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/*
- * @test
- * @bug 8215694 8222987 8225257
- * @summary keytool cannot generate RSASSA-PSS certificates
- * @library /test/lib
- * @build java.base/sun.security.rsa.RSAKeyPairGenerator
- * @modules java.base/sun.security.util
- * java.base/sun.security.x509
- * @requires os.family != "solaris"
- * @run main PSS
- */
-
-// This test is excluded from Solaris because the 8192-bit RSA key pair
-// generator is extremely slow there.
-
-import jdk.test.lib.Asserts;
-import jdk.test.lib.SecurityTools;
-import jdk.test.lib.process.OutputAnalyzer;
-import jdk.test.lib.security.DerUtils;
-import sun.security.util.ObjectIdentifier;
-import sun.security.x509.AlgorithmId;
-
-import java.io.File;
-import java.security.KeyStore;
-import java.security.cert.X509Certificate;
-
-public class PSS {
-
- public static void main(String[] args) throws Exception {
-
- genkeypair("p", "-keyalg RSASSA-PSS -sigalg RSASSA-PSS")
- .shouldHaveExitValue(0);
-
- genkeypair("a", "-keyalg RSA -sigalg RSASSA-PSS -keysize 2048")
- .shouldHaveExitValue(0);
-
- genkeypair("b", "-keyalg RSA -sigalg RSASSA-PSS -keysize 4096")
- .shouldHaveExitValue(0);
-
- genkeypair("c", "-keyalg RSA -sigalg RSASSA-PSS -keysize 8192")
- .shouldHaveExitValue(0);
-
- KeyStore ks = KeyStore.getInstance(
- new File("ks"), "changeit".toCharArray());
-
- check((X509Certificate)ks.getCertificate("p"), "RSASSA-PSS",
- AlgorithmId.SHA256_oid);
-
- check((X509Certificate)ks.getCertificate("a"), "RSA",
- AlgorithmId.SHA256_oid);
-
- check((X509Certificate)ks.getCertificate("b"), "RSA",
- AlgorithmId.SHA384_oid);
-
- check((X509Certificate)ks.getCertificate("c"), "RSA",
- AlgorithmId.SHA512_oid);
-
- // More commands
- kt("-certreq -alias p -sigalg RSASSA-PSS -file p.req")
- .shouldHaveExitValue(0);
-
- kt("-gencert -alias a -sigalg RSASSA-PSS -infile p.req -outfile p.cert")
- .shouldHaveExitValue(0);
-
- kt("-importcert -alias p -file p.cert")
- .shouldHaveExitValue(0);
-
- kt("-selfcert -alias p -sigalg RSASSA-PSS")
- .shouldHaveExitValue(0);
- }
-
- static OutputAnalyzer genkeypair(String alias, String options)
- throws Exception {
- String patchArg = "-J--patch-module=java.base=" + System.getProperty("test.classes")
- + File.separator + "patches" + File.separator + "java.base";
- return kt(patchArg + " -genkeypair -alias " + alias
- + " -dname CN=" + alias + " " + options);
- }
-
- static OutputAnalyzer kt(String cmd)
- throws Exception {
- return SecurityTools.keytool("-storepass changeit -keypass changeit "
- + "-keystore ks " + cmd);
- }
-
- static void check(X509Certificate cert, String expectedKeyAlg,
- ObjectIdentifier expectedMdAlg) throws Exception {
- Asserts.assertEQ(cert.getPublicKey().getAlgorithm(), expectedKeyAlg);
- Asserts.assertEQ(cert.getSigAlgName(), "RSASSA-PSS");
- DerUtils.checkAlg(cert.getSigAlgParams(), "000", expectedMdAlg);
- }
-}
--- a/test/jdk/sun/security/tools/keytool/pss/java.base/sun/security/rsa/RSAKeyPairGenerator.java Wed Jul 10 09:43:34 2019 +0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,273 +0,0 @@
-/*
- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.rsa;
-
-import java.math.BigInteger;
-
-import java.security.*;
-import java.security.spec.AlgorithmParameterSpec;
-import java.security.spec.RSAKeyGenParameterSpec;
-
-import sun.security.jca.JCAUtil;
-import sun.security.x509.AlgorithmId;
-import static sun.security.rsa.RSAUtil.KeyType;
-
-/**
- * Fake RSA keypair generation.
- */
-public abstract class RSAKeyPairGenerator extends KeyPairGeneratorSpi {
-
- // public exponent to use
- private BigInteger publicExponent;
-
- // size of the key to generate, >= RSAKeyFactory.MIN_MODLEN
- private int keySize;
-
- private final KeyType type;
- private AlgorithmId rsaId;
-
- RSAKeyPairGenerator(KeyType type, int defKeySize) {
- this.type = type;
- // initialize to default in case the app does not call initialize()
- initialize(defKeySize, null);
- }
-
- // initialize the generator. See JCA doc
- public void initialize(int keySize, SecureRandom random) {
- try {
- initialize(new RSAKeyGenParameterSpec(keySize,
- RSAKeyGenParameterSpec.F4), random);
- } catch (InvalidAlgorithmParameterException iape) {
- throw new InvalidParameterException(iape.getMessage());
- }
- }
-
- // second initialize method. See JCA doc.
- public void initialize(AlgorithmParameterSpec params, SecureRandom random)
- throws InvalidAlgorithmParameterException {
- if (params instanceof RSAKeyGenParameterSpec == false) {
- throw new InvalidAlgorithmParameterException
- ("Params must be instance of RSAKeyGenParameterSpec");
- }
-
- RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec)params;
- int tmpKeySize = rsaSpec.getKeysize();
- BigInteger tmpPublicExponent = rsaSpec.getPublicExponent();
- AlgorithmParameterSpec tmpParams = rsaSpec.getKeyParams();
-
- if (tmpPublicExponent == null) {
- tmpPublicExponent = RSAKeyGenParameterSpec.F4;
- } else {
- if (tmpPublicExponent.compareTo(RSAKeyGenParameterSpec.F0) < 0) {
- throw new InvalidAlgorithmParameterException
- ("Public exponent must be 3 or larger");
- }
- if (tmpPublicExponent.bitLength() > tmpKeySize) {
- throw new InvalidAlgorithmParameterException
- ("Public exponent must be smaller than key size");
- }
- }
-
- // do not allow unreasonably large key sizes, probably user error
- try {
- RSAKeyFactory.checkKeyLengths(tmpKeySize, tmpPublicExponent,
- 512, 64 * 1024);
- } catch (InvalidKeyException e) {
- throw new InvalidAlgorithmParameterException(
- "Invalid key sizes", e);
- }
-
- try {
- this.rsaId = RSAUtil.createAlgorithmId(type, tmpParams);
- } catch (ProviderException e) {
- throw new InvalidAlgorithmParameterException(
- "Invalid key parameters", e);
- }
-
- this.keySize = tmpKeySize;
- this.publicExponent = tmpPublicExponent;
- }
-
- // generate the keypair. See JCA doc
- public KeyPair generateKeyPair() {
-
- // accommodate odd key sizes in case anybody wants to use them
- BigInteger e = publicExponent;
- if (!e.equals(RSAKeyGenParameterSpec.F4)) {
- throw new AssertionError("Only support F4 now");
- }
- BigInteger p, q, n;
-
- // Pre-calculated p and q for e == RSAKeyGenParameterSpec.F4
- switch (keySize) {
- case 2048:
- p = new BigInteger("1600840041787354447543653385760927"
- + "2642568308955833364523274045522752644800599"
- + "8669541532595690224703734511692014533312515"
- + "1867029838883431415692353449578487671384896"
- + "6611685764860941767986520897595108597563035"
- + "4023785639802607792535812062420427283857665"
- + "9883578590844700707106157871508280052743363"
- + "65749456332400771");
- q = new BigInteger("1303880717101677622201474394769850"
- + "7257196073324816341282215626935164930077468"
- + "5999131251387556761167658937349436378464220"
- + "4831804147777472146628148336776639855791417"
- + "3849903041999943901924899580268176393595653"
- + "7357080543898614581363167420619163047562600"
- + "6155574020606891195960345238780709194499010"
- + "43652862954645301");
- break;
- case 4096:
- p = new BigInteger("2985635754414679487171962796211911"
- + "1563710734938215274736352092606404045130913"
- + "2477365484439939846705721840432140066578525"
- + "0762327458086280430118434094733412377416194"
- + "8736124795243564050755767519346747209606612"
- + "5835460937739428885308798309679495432910469"
- + "0294757621321446003970767164933974474924664"
- + "1513767092845098947552598109657871041666676"
- + "2945573325433283821164032766425479703026349"
- + "9433641551427112483593214628620450175257586"
- + "4350119143877183562692754400346175237007314"
- + "7121580349193179272551363894896336921717843"
- + "3734726842184251708799134654802475890197293"
- + "9094908310578403843742664173424031260840446"
- + "591633359364559754200663");
- q = new BigInteger("2279248439141087793789384816271625"
- + "1304008816573950275844533962181244003563987"
- + "6638461665174020058827698592331066726709304"
- + "9231319346136709972639455506783245161859951"
- + "6191872757335765533547033659834427437142631"
- + "3801232751161907082392011429712327250253948"
- + "6012497852063361866175243227579880020724881"
- + "9393797645220239009219998518884396282407710"
- + "7199202450846395844337846503427790307364624"
- + "5124871273035872938616425951596065309519651"
- + "1519189356431513094684173807318945903212527"
- + "7712469749366620048658571121822171067675915"
- + "5479178304648399924549334007222294762969503"
- + "5341584429803583589276956979963609078497238"
- + "760757619468018224491053");
- break;
- case 8192:
- p = new BigInteger("9821669838446774374944535804569858"
- + "0553278885576950130485823829973470553571905"
- + "3014418421996241500307589880457361653957913"
- + "9176499436767288125182942994089196450118944"
- + "8701794862752733776161684616570463744619126"
- + "4981622564763630694110472008409561205704867"
- + "0221819623405201369630462487520858670679048"
- + "5854008441429858453634949980424333056803703"
- + "1205609490778445762604050796894221725977551"
- + "1428887194691696420765173256600200430067305"
- + "4364524177041858044598166859757042904625691"
- + "4292728453597609683799189454690202563236931"
- + "8171122071288244573793276051041975005528757"
- + "0228306442708182141334279133965507583927772"
- + "9244311696220253059281524393613278272067808"
- + "7017494446447670799055720358621918361716353"
- + "5018317015764698318012095108914870478138809"
- + "8204738169777192718869484177321870413838036"
- + "8149216482968887382371881239714335470844573"
- + "1862934371951394070111726593305334971041399"
- + "5517260339034138718517336990212463882142363"
- + "9154412320743552301967162100734381046548816"
- + "3883737645359595416600487444018399886391071"
- + "3777667222706059170707223589163679915863781"
- + "4662302526078720977228426750718207481384357"
- + "7918717041190413457052439016978578217755022"
- + "7370720979516554707297685239584071755267452"
- + "6021894842754355160100506065457679069228273"
- + "95209345267367982516553449135291473361");
- q = new BigInteger("7902448465953646210110784092684896"
- + "0265474424590294110174550047938700740921014"
- + "1981650823416127449143596912363210790070524"
- + "2903784112701128957948996730263815210531364"
- + "0489145287401377007608600217628773627723381"
- + "1194123533939872283952535576847014977682278"
- + "9332064706645169741712060131540562788886577"
- + "3762235020990267901959745687867018811088495"
- + "3716021011509120447248882358515954471433808"
- + "2782236662758287959413069553620728137831579"
- + "2321174813204514354999978428741310035945405"
- + "0226661395731921098764192439072425262100813"
- + "9732949866553839713092238096261034339815187"
- + "2832617055364163276140160068136296115910569"
- + "9466440903693740716929166334256441926903849"
- + "1082968246155177124035336609654226388424434"
- + "5775783323612758615407928446164631651292743"
- + "8428509642959278732826297890909454571009075"
- + "7836191622138731918099379467912681177757761"
- + "6141378131042432093843778753846726589215845"
- + "7402160146427434508515156204064224022904659"
- + "8645441448874409852211668374267341177082462"
- + "7341410218867175406105046487057429530801973"
- + "0931082058719258230993681115780999537424968"
- + "2385515792331573549935317407789344892257264"
- + "7464569110078675090194686816764429827739815"
- + "0566036514181547634372488184242167294602000"
- + "8232780963578241583529875079397308150506597"
- + "37190564909892937290776929541076192569");
- break;
- default:
- throw new AssertionError("Unknown keySize " + keySize);
- }
-
- n = p.multiply(q);
-
- // phi = (p - 1) * (q - 1) must be relative prime to e
- // otherwise RSA just won't work ;-)
- BigInteger p1 = p.subtract(BigInteger.ONE);
- BigInteger q1 = q.subtract(BigInteger.ONE);
- BigInteger phi = p1.multiply(q1);
- // generate new p and q until they work. typically
- // the first try will succeed when using F4
- if (e.gcd(phi).equals(BigInteger.ONE) == false) {
- throw new AssertionError("Should not happen");
- }
-
- // private exponent d is the inverse of e mod phi
- BigInteger d = e.modInverse(phi);
-
- // 1st prime exponent pe = d mod (p - 1)
- BigInteger pe = d.mod(p1);
- // 2nd prime exponent qe = d mod (q - 1)
- BigInteger qe = d.mod(q1);
-
- // crt coefficient coeff is the inverse of q mod p
- BigInteger coeff = q.modInverse(p);
-
- try {
- PublicKey publicKey = new RSAPublicKeyImpl(rsaId, n, e);
- PrivateKey privateKey = new RSAPrivateCrtKeyImpl(
- rsaId, n, e, d, p, q, pe, qe, coeff);
- return new KeyPair(publicKey, privateKey);
- } catch (InvalidKeyException exc) {
- // invalid key exception only thrown for keys < 512 bit,
- // will not happen here
- throw new RuntimeException(exc);
- }
- }
-}