stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8050371: More MessageDigest tests

Browse Source 
Reviewed-by: xuelei
This commit is contained in:
Zaiyao Liu 2015-03-04 08:10:23 +00:00 committed by Xue-Lei Andrew Fan
parent a1f3c2d2fe
commit 7b95618234
3 changed files with 527 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
jdk/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java
View File

@ -59,6 +59,10 @@ import static sun.security.ssl.CipherSuite.KeyExchange.*;
*/
final class ClientHandshaker extends Handshaker {
// constants for subject alt names of type DNS and IP
private final static int ALTNAME_DNS = 2;
private final static int ALTNAME_IP = 7;
// the server's public key from its certificate.
private PublicKey serverKey;
@ -1502,20 +1506,49 @@ final class ClientHandshaker extends Handshaker {
return true;
}
// check the iPAddress field in subjectAltName extension
Object thisIPAddress = getSubjectAltName(thisCert, 7); // 7: iPAddress
Object prevIPAddress = getSubjectAltName(prevCert, 7);
if (thisIPAddress != null && prevIPAddress!= null) {
// only allow the exactly match
return Objects.equals(thisIPAddress, prevIPAddress);
// check subject alternative names
Collection<List<?>> thisSubjectAltNames = null;
try {
thisSubjectAltNames = thisCert.getSubjectAlternativeNames();
} catch (CertificateParsingException cpe) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println(
"Attempt to obtain subjectAltNames extension failed!");
}
}
// check the dNSName field in subjectAltName extension
Object thisDNSName = getSubjectAltName(thisCert, 2); // 2: dNSName
Object prevDNSName = getSubjectAltName(prevCert, 2);
if (thisDNSName != null && prevDNSName!= null) {
// only allow the exactly match
return Objects.equals(thisDNSName, prevDNSName);
Collection<List<?>> prevSubjectAltNames = null;
try {
prevSubjectAltNames = prevCert.getSubjectAlternativeNames();
} catch (CertificateParsingException cpe) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println(
"Attempt to obtain subjectAltNames extension failed!");
}
}
if ((thisSubjectAltNames != null) && (prevSubjectAltNames != null)) {
// check the iPAddress field in subjectAltName extension
Collection<String> thisSubAltIPAddrs =
getSubjectAltNames(thisSubjectAltNames, ALTNAME_IP);
Collection<String> prevSubAltIPAddrs =
getSubjectAltNames(prevSubjectAltNames, ALTNAME_IP);
if ((thisSubAltIPAddrs != null) && (prevSubAltIPAddrs != null) &&
(isEquivalent(thisSubAltIPAddrs, prevSubAltIPAddrs))) {
return true;
}
// check the dNSName field in subjectAltName extension
Collection<String> thisSubAltDnsNames =
getSubjectAltNames(thisSubjectAltNames, ALTNAME_DNS);
Collection<String> prevSubAltDnsNames =
getSubjectAltNames(prevSubjectAltNames, ALTNAME_DNS);
if ((thisSubAltDnsNames != null) && (prevSubAltDnsNames != null) &&
(isEquivalent(thisSubAltDnsNames, prevSubAltDnsNames))) {
return true;
}
}
// check the certificate subject and issuer
@ -1537,28 +1570,39 @@ final class ClientHandshaker extends Handshaker {
* Returns the subject alternative name of the specified type in the
* subjectAltNames extension of a certificate.
*/
private static Object getSubjectAltName(X509Certificate cert, int type) {
Collection<List<?>> subjectAltNames;
private static Collection<String> getSubjectAltNames(
Collection<List<?>> subjectAltNames, int type) {
try {
subjectAltNames = cert.getSubjectAlternativeNames();
} catch (CertificateParsingException cpe) {
if (debug != null && Debug.isOn("handshake")) {
System.out.println(
"Attempt to obtain subjectAltNames extension failed!");
}
return null;
}
if (subjectAltNames != null) {
for (List<?> subjectAltName : subjectAltNames) {
int subjectAltNameType = (Integer)subjectAltName.get(0);
if (subjectAltNameType == type) {
return subjectAltName.get(1);
HashSet<String> subAltDnsNames = null;
for (List<?> subjectAltName : subjectAltNames) {
int subjectAltNameType = (Integer)subjectAltName.get(0);
if (subjectAltNameType == type) {
String subAltDnsName = (String)subjectAltName.get(1);
if ((subAltDnsName != null) && !subAltDnsName.isEmpty()) {
if (subAltDnsNames == null) {
subAltDnsNames =
new HashSet<>(subjectAltNames.size());
}
subAltDnsNames.add(subAltDnsName);
}
}
}
return null;
return subAltDnsNames;
}
private static boolean isEquivalent(Collection<String> thisSubAltNames,
Collection<String> prevSubAltNames) {
for (String thisSubAltName : thisSubAltNames) {
for (String prevSubAltName : prevSubAltNames) {
// Only allow the exactly match. Check no wildcard character.
if (thisSubAltName.equalsIgnoreCase(prevSubAltName)) {
return true;
}
}
}
return false;
}
}

143
jdk/test/java/security/MessageDigest/TestSameLength.java Normal file
View File

@ -0,0 +1,143 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import static java.lang.System.out;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.util.Random;
/**
* @test
* @bug 8050371
* @summary Check md.getDigestLength() equal digest output length with various
* algorithm/dataLen/(update,digest methods).
* @author Kevin Liu
*/
public class TestSameLength {
public static void main(String[] args) throws Exception {
TestSameLength test = new TestSameLength();
test.run();
}
private void run() throws Exception {
String[] algorithmArr = {
"SHA", "Sha", "SHA-1", "sha-1", "SHA1", "sha1", "MD5", "md5",
"SHA-224", "SHA-256", "SHA-384", "SHA-512"
};
int[] nUpdatesArr = {
0, 1, 2, 3
};
int[] dataLenArr = {
1, 50, 2500, 125000, 6250000
};
for (String algorithm: algorithmArr) {
for (UpdateMethod update: UpdateMethod.values()) {
for (int dataLen: dataLenArr) {
if (!runTest(algorithm, dataLen, update)) {
throw new RuntimeException(
"Test failed at algorithm/dataLen/numUpdate:"
+ algorithm + "/" + dataLen + "/"
+ update.toString());
}
}
}
}
out.println("All " + algorithmArr.length * nUpdatesArr.length
* dataLenArr.length + " tests Passed");
}
private boolean runTest(String algo, long dataLen,
UpdateMethod whichUpdate) throws Exception {
try {
// Do initialization
byte[] data = new byte[(int) dataLen];
new Random().nextBytes(data);
MessageDigest md = MessageDigest.getInstance(algo);
int outputLen = md.getDigestLength();
// Perform the update using all available/possible update methods
whichUpdate.updateDigest(data, md, dataLen);
// Get the output
byte[] output = md.digest();
// Compare input and output
return outputLen == output.length;
} catch (Exception ex) {
System.err.println("Testing: " + algo + "/" + dataLen + "/"
+ whichUpdate.toString()
+ " failed with unexpected exception");
ex.printStackTrace();
throw ex;
}
}
private static enum UpdateMethod {
UPDATE_BYTE {
@Override
public void updateDigest(byte[] data,
MessageDigest md, long dataLen) {
for (int i = 0; i < dataLen; i++) {
md.update(data[i]);
}
}
},
UPDATE_BUFFER {
@Override
public void updateDigest(byte[] data,
MessageDigest md, long dataLen) {
md.update(data);
}
},
UPDATE_BUFFER_LEN {
@Override
public void updateDigest(byte[] data,
MessageDigest md, long dataLen) {
for (int i = 0; i < dataLen; i++) {
md.update(data, i, 1);
}
}
},
UPDATE_BYTE_BUFFER {
@Override
public void updateDigest(byte[] data,
MessageDigest md, long dataLen) {
md.update(ByteBuffer.wrap(data));
}
};
public abstract void updateDigest(byte[] data,
MessageDigest md, long dataLen);
}
}

310
jdk/test/java/security/MessageDigest/TestSameValue.java Normal file
View File

@ -0,0 +1,310 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import static java.lang.System.out;
import java.nio.ByteBuffer;
import java.security.DigestException;
import java.security.MessageDigest;
import java.util.Random;
/**
* @test
* @bug 8050371
* @summary Check md.digest(data) value whether same with digest output value
* with various update/digest methods.
* @author Kevin Liu
*/
public class TestSameValue {
public static void main(String[] args) throws Exception {
TestSameValue test1 = new TestSameValue();
test1.run();
}
private void run() throws Exception {
byte[] data = new byte[6706];
MessageDigest md = null;
// Initialize input data
new Random().nextBytes(data);
String[] providers = {
null, "SUN"
};
String[] algorithmArr = {
"SHA", "Sha", "MD5", "md5", "SHA-224", "SHA-256", "SHA-384",
"SHA-512"
};
for (String algorithm: algorithmArr) {
for (String provider: providers) {
if (provider != null) {
md = MessageDigest.getInstance(algorithm, provider);
} else {
md = MessageDigest.getInstance(algorithm);
}
for (UpdateDigestMethod updateMethod: UpdateDigestMethod
.values()) {
byte[] output = updateMethod.updateDigest(data, md);
// Get the output and the "correct" one
byte[] standard = md.digest(data);
// Compare input and output
if (!MessageDigest.isEqual(output, standard)) {
throw new RuntimeException(
"Test failed at algorithm/provider/numUpdate:"
+ algorithm + "/" + provider + "/"
+ updateMethod);
}
}
}
}
out.println("All " + algorithmArr.length
* UpdateDigestMethod.values().length * providers.length
+ " tests Passed");
}
private static enum UpdateDigestMethod {
/*
* update the data one by one using method update(byte input) then
* do digest (giving the output buffer, offset, and the number of
* bytes to put in the output buffer)
*/
UPDATE_DIGEST_BUFFER {
@Override
public byte[] updateDigest(byte[] data, MessageDigest md)
throws DigestException {
for (byte element: data) {
md.update(element);
}
byte[] output = new byte[md.getDigestLength()];
int len = md.digest(output, 0, output.length);
if (len != output.length) {
throw new RuntimeException(
"ERROR" + ": digest length differs!");
}
return output;
}
},
/*
* update the data one by one using method update(byte input)
* then do digest
*/
UPDATE_DIGEST {
@Override
public byte[] updateDigest(byte[] data, MessageDigest md) {
for (byte element: data) {
md.update(element);
}
return md.digest();
}
},
/*
* update all the data at once as a block, then do digest ( giving the
* output buffer, offset, and the number of bytes to put in the output
* buffer)
*/
UPDATE_BLOCK_DIGEST_BUFFER {
@Override
public byte[] updateDigest(byte[] data, MessageDigest md)
throws DigestException {
md.update(data);
byte[] output = new byte[md.getDigestLength()];
int len = md.digest(output, 0, output.length);
if (len != output.length) {
throw new RuntimeException(
"ERROR" + ": digest length differs!");
}
return output;
}
},
// update all the data at once as a block, then do digest
UPDATE_BLOCK_DIGEST {
@Override
public byte[] updateDigest(byte[] data, MessageDigest md) {
md.update(data);
return md.digest();
}
},
/*
* update the leading bytes (length is "data.length-LASTNBYTES")
* at once as a block, then do digest (do a final update using
* the left LASTNBYTES bytes which is passed as a parameter for
* the digest method, then complete the digest)
*/
UPDATE_LEADING_BLOCK_DIGEST_REMAIN {
@Override
public byte[] updateDigest(byte[] data, MessageDigest md) {
byte[] mainPart = new byte[data.length - LASTNBYTES];
for (int i = 0; i < mainPart.length; i++) {
mainPart[i] = data[i];
}
for (int j = 0; j < LASTNBYTES; j++) {
REMAIN[j] = data[data.length - LASTNBYTES + j];
}
md.update(mainPart);
return md.digest(REMAIN);
}
},
/*
* update the data 2 bytes each time, after finishing updating,
* do digest (giving the output buffer, offset, and the number
* of bytes to put in the output buffer)
*/
UPDATE_BYTES_DIGEST_BUFFER {
@Override
public byte[] updateDigest(byte[] data, MessageDigest md)
throws DigestException {
for (int i = 0; i < data.length / 2; i++) {
md.update(data, i * 2, 2);
}
byte[] output = new byte[md.getDigestLength()];
int len = md.digest(output, 0, output.length);
if (len != output.length) {
throw new RuntimeException(
"ERROR" + ": digest length differs!");
}
return output;
}
},
/*
* update the data 2 bytes each time, after finishing updating,
* do digest
*/
UPDATE_BYTES_DIGEST {
@Override
public byte[] updateDigest(byte[] data, MessageDigest md) {
for (int i=0;i<data.length/2;i++){
md.update(data,i*2,2);
}
return md.digest();
}
},
/*
* update the data one by one using method update(byte[] input,
* int offset, int len) for the leading bytes (length is
* "data.length-LASTNBYTES"), then do digest (do a final
* update using the left LASTNBYTES bytes which is passed
* as a parameter for digest method then complete the digest)
*/
UPDATE_BUFFER_LEADING_DIGEST_REMAIN {
@Override
public byte[] updateDigest(byte[] data, MessageDigest md) {
for (int i = 0; i < data.length - LASTNBYTES; i++) {
md.update(data, i, 1);
}
for (int j = 0; j < LASTNBYTES; j++) {
REMAIN[j] = data[data.length - LASTNBYTES + j];
}
return md.digest(REMAIN);
}
},
/*
* update the data one by one using method update(byte input)
* for the leading bytes (length is "data.length-LASTNBYTES"),
* then do digest (do a final update using the left LASTNBYTES
* bytes which is passed as a parameter for digest method,
* then complete the digest)
*/
UPDATE_LEADING_DIGEST_REMAIN {
@Override
public byte[] updateDigest(byte[] data, MessageDigest md) {
for (int i = 0; i < data.length - LASTNBYTES; i++) {
md.update(data[i]);
}
for (int j = 0; j < LASTNBYTES; j++) {
REMAIN[j] = data[data.length - LASTNBYTES + j];
}
return md.digest(REMAIN);
}
},
/*
* update all the data at once as a ByteBuffer, then do digest
* (giving the output buffer, offset, and the number of bytes
* to put in the output buffer)
*/
UPDATE_BYTE_BUFFER_DIGEST_BUFFER {
@Override
public byte[] updateDigest(byte[] data, MessageDigest md)
throws DigestException {
md.update(ByteBuffer.wrap(data));
byte[] output = new byte[md.getDigestLength()];
int len = md.digest(output, 0, output.length);
if (len != output.length) {
throw new RuntimeException(
"ERROR" + ": digest length differs!");
}
return output;
}
},
// update all the data at once as a ByteBuffer, then do digest
UPDATE_BYTE_BUFFER_DIGEST {
@Override
public byte[] updateDigest(byte[] data, MessageDigest md) {
md.update(ByteBuffer.wrap(data));
return md.digest();
}
},
/*
* update the leading bytes (length is "data.length-LASTNBYTES")
* at once as a ByteBuffer, then do digest (do a final update
* using the left LASTNBYTES bytes which is passed as a parameter
* for the digest method, then complete the digest)
*/
UPDATE_BYTE_BUFFER_LEADING_DIGEST_REMAIN {
@Override
public byte[] updateDigest(byte[] data, MessageDigest md) {
byte[] mainPart = new byte[data.length - LASTNBYTES];
for (int i = 0; i < mainPart.length; i++) {
mainPart[i] = data[i];
}
for (int j = 0; j < LASTNBYTES; j++) {
REMAIN[j] = data[data.length - LASTNBYTES + j];
}
md.update(ByteBuffer.wrap(mainPart));
return md.digest(REMAIN);
}
};
private static final int LASTNBYTES = 5;
private static final byte[] REMAIN = new byte[LASTNBYTES];
public abstract byte[] updateDigest(byte[] data, MessageDigest md)
throws DigestException;
}
}