8222275: sun/security/tools/keytool/Serial64.java: assertTrue: expected true, was false
authorweijun
Sun, 14 Apr 2019 10:22:56 +0800
changeset 54528 ac56154f0b9e
parent 54527 96d290a7e94f
child 54529 d2c2622995e2
8222275: sun/security/tools/keytool/Serial64.java: assertTrue: expected true, was false Reviewed-by: xuelei
test/jdk/sun/security/tools/keytool/Serial64.java
--- a/test/jdk/sun/security/tools/keytool/Serial64.java	Fri Apr 12 14:13:31 2019 -0700
+++ b/test/jdk/sun/security/tools/keytool/Serial64.java	Sun Apr 14 10:22:56 2019 +0800
@@ -23,15 +23,13 @@
 
 /*
  * @test
- * @bug 8221257
+ * @bug 8221257 8222275
  * @summary Improve serial number generation mechanism for keytool -gencert
  * @library /test/lib
  * @key randomness
  */
 
-import jdk.test.lib.Asserts;
 import jdk.test.lib.SecurityTools;
-import jdk.test.lib.process.OutputAnalyzer;
 
 import java.io.File;
 import java.io.FileInputStream;
@@ -39,57 +37,59 @@
 import java.security.KeyStore;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
 
 public class Serial64 {
 
-    static List<BigInteger> numbers = new ArrayList<>();
-
     public static void main(String[] args) throws Exception {
 
-        // 10 Self-signed certs and issued certs
-        genkeypair("ca");
-        genkeypair("user");
-        for (int i = 0; i < 8; i++) {
-            gencert("ca", "user");
+        boolean see64 = false;
+
+        see64 |= see64(genkeypair("ca"));
+        see64 |= see64(genkeypair("user"));
+
+        keytool("-certreq -alias user -file req");
+
+        for (int i = 3; i <= 30; i++) {
+            see64 |= see64(gencert());
+            if (i >= 10 && see64) {
+                // As long as we have generated >=10 (non-negative) SNs and
+                // at least one is 64 bit it's good to go.
+                return;
+            }
         }
 
-        numbers.forEach(b -> System.out.println(b.toString(16)));
-
-        // Must be positive, therefore never zero.
-        Asserts.assertTrue(numbers.stream()
-                .allMatch(b -> b.signum() == 1));
-
-        // At least one should be 64 bit. There is a chance of
-        // 2^-10 this would fail.
-        Asserts.assertTrue(numbers.stream()
-                .anyMatch(b -> b.bitLength() == 64));
+        // None is 64 bit. There is a chance of 2^-30 we reach here.
+        // Or, maybe we do have a bug?
+        throw new RuntimeException("No 64-bit serial number");
     }
 
-    static OutputAnalyzer keytool(String s) throws Exception {
-        return SecurityTools.keytool(
-                "-storepass changeit -keypass changeit "
-                        + "-keystore ks -keyalg rsa " + s);
+    static boolean see64(BigInteger sn) {
+        System.out.println(sn.toString(16));
+
+        if (sn.signum() != 1) {
+            throw new RuntimeException("Must be positive");
+        }
+        return sn.bitLength() == 64;
     }
 
-    static void genkeypair(String a) throws Exception {
-        keytool("-genkeypair -alias " + a + " -dname CN=" + a)
+    static void keytool(String s) throws Exception {
+        SecurityTools.keytool("-storepass changeit -keypass changeit "
+                + "-keystore ks -keyalg rsa " + s)
                 .shouldHaveExitValue(0);
-        numbers.add(((X509Certificate)KeyStore.getInstance(
-                new File("ks"), "changeit".toCharArray())
-                    .getCertificate(a)).getSerialNumber());
     }
 
-    static void gencert(String signer, String owner)
-            throws Exception {
-        keytool("-certreq -alias " + owner + " -file req")
-                .shouldHaveExitValue(0);
-        keytool("-gencert -alias " + signer + " -infile req -outfile cert")
-                .shouldHaveExitValue(0);
+    static BigInteger genkeypair(String a) throws Exception {
+        keytool("-genkeypair -alias " + a + " -dname CN=" + a);
+        return ((X509Certificate)KeyStore.getInstance(
+                new File("ks"), "changeit".toCharArray())
+                    .getCertificate(a)).getSerialNumber();
+    }
+
+    static BigInteger gencert() throws Exception {
+        keytool("-gencert -alias ca -infile req -outfile cert");
         try (FileInputStream fis = new FileInputStream("cert")) {
-            numbers.add(((X509Certificate)CertificateFactory.getInstance("X.509")
-                    .generateCertificate(fis)).getSerialNumber());
+            return ((X509Certificate)CertificateFactory.getInstance("X.509")
+                    .generateCertificate(fis)).getSerialNumber();
         }
     }
 }