jdk-24/jdk/test/java/security/SecureRandom/GetInstanceTest.java

313 lines
14 KiB
Java
Raw Normal View History

/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8141039
* @library /lib/testlibrary
* @summary SecureRandom supports multiple getInstance method including
* getInstanceStrong() method. This test verifies a set of possible
* cases for getInstance with different SecureRandom mechanism
* supported in Java.
* @run main GetInstanceTest
*/
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SecureRandomParameters;
import java.security.DrbgParameters;
import static java.security.DrbgParameters.Capability.*;
import java.security.Security;
import java.util.Arrays;
import jdk.testlibrary.Asserts;
public class GetInstanceTest {
private static final boolean PASS = true;
private static final String INVALID_ALGO = "INVALID";
private static final String SUN_PROVIDER = "SUN";
private static final String INVALID_PROVIDER = "INVALID";
private static final String STRONG_ALG_SEC_PROP
= "securerandom.strongAlgorithms";
private static final String DRBG_CONFIG = "securerandom.drbg.config";
private static final String DRBG_CONFIG_VALUE
= Security.getProperty(DRBG_CONFIG);
public static void main(String[] args) throws Exception {
boolean success = true;
// Only accepted failure is NoSuchAlgorithmException.
// For any other failure the test case will fail here.
SecureRandom sr = matchExc(() -> SecureRandom.getInstanceStrong(),
PASS, NoSuchAlgorithmException.class,
"PASS - Undefined security Property "
+ "'securerandom.strongAlgorithms'");
System.out.format("Current platform supports mechanism: '%s' through "
+ "provider: '%s' for the method getInstanceStrong().",
sr.getAlgorithm(), sr.getProvider().getName());
// DRBG name should appear with "securerandom.strongAlgorithms"
// security property.
String origDRBGConfig = Security.getProperty(STRONG_ALG_SEC_PROP);
if (!origDRBGConfig.contains("DRBG")) {
throw new RuntimeException("DRBG is not associated with default "
+ "strong algorithm through security Property: "
+ "'securerandom.strongAlgorithms'.");
}
Security.setProperty(STRONG_ALG_SEC_PROP, "DRBG:SUN");
sr = matchExc(() -> SecureRandom.getInstanceStrong(),
PASS, NoSuchAlgorithmException.class,
"PASS - Undefined security Property "
+ "'securerandom.strongAlgorithms'");
checkAttributes(sr, "DRBG");
Security.setProperty(STRONG_ALG_SEC_PROP, origDRBGConfig);
for (String mech : new String[]{
"SHA1PRNG", "Hash_DRBG", "HMAC_DRBG", "CTR_DRBG", INVALID_ALGO,}) {
System.out.printf("%nTest SecureRandom mechanism: '%s'", mech);
try {
if (isDRBG(mech)) {
Security.setProperty(DRBG_CONFIG, mech);
}
verifyInstance(mech);
} catch (Exception e) {
e.printStackTrace(System.out);
success = false;
} finally {
Security.setProperty(DRBG_CONFIG, DRBG_CONFIG_VALUE);
}
}
if (!success) {
throw new RuntimeException("At least one test failed.");
}
}
private static void verifyInstance(String mech) throws Exception {
String srAlgo = isDRBG(mech) ? "DRBG" : mech;
// Test for getInstance(algorithm) method.
// It should pass for all case other than invalid algorithm name.
// If it fails then the expected exception type should be
// NoSuchAlgorithmException. Any other Exception type occured will be
// treated as failure.
checkAttributes(
matchExc(() -> SecureRandom.getInstance(srAlgo), !(nsa(mech)),
NoSuchAlgorithmException.class,
String.format("PASS - It is expected to fail for"
+ " getInstance(algorithm) when algorithm: '%s'"
+ " is null or invalid.", mech)), mech);
// Test for getInstance(algorithm, provider) method.
checkAttributes(
matchExc(() -> SecureRandom.getInstance(srAlgo,
Security.getProvider(SUN_PROVIDER)),
!(nsa(mech)),
NoSuchAlgorithmException.class,
String.format("PASS - It is expected to fail for"
+ " getInstance(algorithm, provider) when"
+ " algorithm:'%s' is null or invalid.", mech)),
mech);
// Test for getInstance(algorithm, providerName) method.
checkAttributes(
matchExc(() -> SecureRandom.getInstance(srAlgo, SUN_PROVIDER),
!(nsa(mech)), NoSuchAlgorithmException.class,
String.format("PASS - It is expected to fail for "
+ "getInstance(algorithm, providerName) when "
+ "algorithm: '%s' is null or invalid.", mech)),
mech);
// Test for getInstance(algorithm, providerName) method.
checkAttributes(
matchExc(() -> SecureRandom.getInstance(
srAlgo, INVALID_PROVIDER),
!PASS, NoSuchProviderException.class,
String.format("PASS - It is expected to fail for "
+ "getInstance(algorithm, providerName) when "
+ "provider name: '%s' is invalid and "
+ "algorithm: '%s'", INVALID_PROVIDER, mech)),
mech);
// Run the test for a set of SecureRandomParameters
for (SecureRandomParameters param : Arrays.asList(null,
DrbgParameters.instantiation(-1, NONE, null))) {
System.out.printf("%nRunning DRBG param getInstance() methods "
+ "for algorithm: %s and DRBG param type: %s", mech,
(param != null) ? param.getClass().getName() : param);
// Following Test are applicable for new DRBG methods only.
// Test for getInstance(algorithm, params) method.
// Tests are expected to pass for DRBG type with valid parameter
// If it fails the expected exception type is derived from
// getExcType(mech, param) method. If exception type is not
// expected then the test will be considered as failure.
checkAttributes(
matchExc(() -> SecureRandom.getInstance(srAlgo, param),
(isDRBG(mech)) && (isValidDRBGParam(param)),
getExcType(mech, param),
String.format("PASS - It is expected to fail "
+ "for getInstance(algorithm, params) "
+ "for algorithm: %s and parameter: %s",
mech, param)),
mech);
// Test for getInstance(algorithm, params, provider) method.
checkAttributes(
matchExc(() -> SecureRandom.getInstance(srAlgo, param,
Security.getProvider(SUN_PROVIDER)),
(isDRBG(mech)) && (isValidDRBGParam(param)),
getExcType(mech, param),
String.format("PASS - It is expected to fail "
+ "for getInstance(algorithm, params, "
+ "provider) for algorithm: %s and "
+ "parameter: %s", mech, param)),
mech);
// Test for getInstance(algorithm, params, providerName) method.
checkAttributes(
matchExc(() -> SecureRandom.getInstance(srAlgo, param,
SUN_PROVIDER),
(isDRBG(mech)) && (isValidDRBGParam(param)),
getExcType(mech, param),
String.format("PASS - It is expected to fail "
+ "for getInstance(algorithm, params, "
+ "providerName) for algorithm: %s and "
+ "parameter: %s", mech, param)), mech);
// getInstance(algorithm, params, providerName) when
// providerName is invalid
checkAttributes(
matchExc(() -> SecureRandom.getInstance(srAlgo, param,
INVALID_PROVIDER),
!PASS, ((param == null)
? IllegalArgumentException.class
: NoSuchProviderException.class),
String.format("PASS - It is expected to fail "
+ "for getInstance(algorithm, params, "
+ "providerName) when param is null or"
+ " provider: %s is invalid for "
+ "algorithm: '%s'", INVALID_PROVIDER,
mech)), mech);
// getInstance(algorithm, params, provider) when provider=null
checkAttributes(
matchExc(() -> SecureRandom.getInstance(srAlgo, param,
(String) null),
!PASS, IllegalArgumentException.class,
String.format("PASS - It is expected to fail "
+ "for getInstance(algorithm, params, "
+ "providerName) when provider name "
+ "is null")), mech);
// getInstance(algorithm, params, providerName) when
// providerName is empty.
checkAttributes(
matchExc(() -> SecureRandom.getInstance(
srAlgo, param, ""),
!PASS, IllegalArgumentException.class,
String.format("PASS - It is expected to fail "
+ "for getInstance(algorithm, params, "
+ "providerName) when provider name "
+ "is empty")), mech);
}
}
private static boolean isValidDRBGParam(SecureRandomParameters param) {
return (param instanceof DrbgParameters.Instantiation);
}
/**
* If the mechanism should occur NoSuchAlgorithmException.
*/
private static boolean nsa(String mech) {
return mech.equals(INVALID_ALGO);
}
/**
* Verify if the mechanism is DRBG type.
* @param mech Mechanism name
* @return True if the mechanism name is DRBG type else False.
*/
private static boolean isDRBG(String mech) {
return mech.contains("_DRBG");
}
/**
* Type of exception expected for a SecureRandom instance when exception
* occurred while calling getInstance method with a fixed set of parameter.
* @param mech Mechanism used to create a SecureRandom instance
* @param param Parameter to getInstance() method
* @return Exception type expected
*/
private static Class getExcType(String mech, SecureRandomParameters param) {
return ((isDRBG(mech) && !isValidDRBGParam(param)) || param == null)
? IllegalArgumentException.class
: NoSuchAlgorithmException.class;
}
private interface RunnableCode {
SecureRandom run() throws Exception;
}
/**
* Execute a given code block and verify, if the exception type is expected.
* @param r Code block to run
* @param ex Expected exception type
* @param shouldPass If the code execution expected to pass without failure
* @param msg Message to log in case of expected failure
*/
private static SecureRandom matchExc(RunnableCode r, boolean shouldPass,
Class ex, String msg) {
SecureRandom sr = null;
try {
sr = r.run();
if (!shouldPass) {
throw new RuntimeException("Excecution should fail here.");
}
} catch (Exception e) {
System.out.printf("%nOccured exception: %s - Expected exception: %s"
+ " : ", e.getClass(), ex.getCanonicalName());
if (ex.isAssignableFrom(e.getClass())) {
System.out.printf("%n%s : Expected Exception: %s : ",
e.getClass(), msg);
} else if (shouldPass) {
throw new RuntimeException(e);
} else {
System.out.printf("%nIgnore the following exception: %s%n",
e.getMessage());
}
}
return sr;
}
/**
* Check specific attributes of a SecureRandom instance.
*/
private static void checkAttributes(SecureRandom sr, String mech) {
if (sr == null) {
return;
}
Asserts.assertEquals(sr.getAlgorithm(), (isDRBG(mech) ? "DRBG" : mech));
Asserts.assertEquals(sr.getProvider().getName(), SUN_PROVIDER);
}
}