8242335: Additional Tests for RSASSA-PSS
New Tests for RSASSA-PSS Reviewed-by: valeriep
This commit is contained in:
parent
600319b68a
commit
a8edd11d7a
279
test/jdk/sun/security/rsa/pss/PSSKeyCompatibility.java
Normal file
279
test/jdk/sun/security/rsa/pss/PSSKeyCompatibility.java
Normal file
@ -0,0 +1,279 @@
|
||||
/*
|
||||
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.security.Key;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.cert.Certificate;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.interfaces.RSAPrivateCrtKey;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.security.spec.PKCS8EncodedKeySpec;
|
||||
import java.security.spec.RSAPrivateCrtKeySpec;
|
||||
import java.security.spec.RSAPublicKeySpec;
|
||||
import java.security.spec.X509EncodedKeySpec;
|
||||
import java.util.Arrays;
|
||||
import java.util.Base64;
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @bug 8242335
|
||||
* @summary OpenSSL generated compatibility test with RSASSA-PSS Java.
|
||||
* @run main PSSKeyCompatibility
|
||||
*/
|
||||
public class PSSKeyCompatibility {
|
||||
|
||||
private static final String ALGO = "RSASSA-PSS";
|
||||
private static final String OID = "1.2.840.113549.1.1.10";
|
||||
private static final String PROVIDER = "SunRsaSign";
|
||||
|
||||
public static void main(String[] args) {
|
||||
|
||||
boolean result = true;
|
||||
for (String algo : new String[]{ALGO, OID}) {
|
||||
System.out.println("With : " + algo);
|
||||
result &= validateCert(algo, PROVIDER, PUBLIC_256);
|
||||
result &= validateCert(algo, PROVIDER, PUBLIC_384);
|
||||
result &= validateCert(algo, PROVIDER, PUBLIC_512);
|
||||
|
||||
result &= validatePrivate(algo, PROVIDER, PRIVATE);
|
||||
}
|
||||
if (!result) {
|
||||
throw new RuntimeException("Some test cases failed");
|
||||
}
|
||||
}
|
||||
|
||||
private static boolean validatePrivate(String algorithm, String provider,
|
||||
String type) {
|
||||
|
||||
try {
|
||||
KeyFactory kf = KeyFactory.getInstance(algorithm, provider);
|
||||
PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(
|
||||
Base64.getMimeDecoder().decode(type));
|
||||
PrivateKey priv = kf.generatePrivate(privSpec);
|
||||
|
||||
RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey) priv;
|
||||
PrivateKey priv1 = kf.generatePrivate(new RSAPrivateCrtKeySpec(
|
||||
crtKey.getModulus(),
|
||||
crtKey.getPublicExponent(),
|
||||
crtKey.getPrivateExponent(),
|
||||
crtKey.getPrimeP(),
|
||||
crtKey.getPrimeQ(),
|
||||
crtKey.getPrimeExponentP(),
|
||||
crtKey.getPrimeExponentQ(),
|
||||
crtKey.getCrtCoefficient(),
|
||||
crtKey.getParams()
|
||||
));
|
||||
equals(priv, priv1);
|
||||
} catch (NoSuchAlgorithmException | InvalidKeySpecException
|
||||
| NoSuchProviderException e) {
|
||||
e.printStackTrace(System.out);
|
||||
return false;
|
||||
}
|
||||
System.out.println("PASSED - validatePrivate");
|
||||
return true;
|
||||
}
|
||||
|
||||
private static boolean validateCert(String algorithm, String provider,
|
||||
String type) {
|
||||
|
||||
try {
|
||||
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
||||
Certificate cert = cf.generateCertificate(
|
||||
new ByteArrayInputStream(type.getBytes()));
|
||||
System.out.println(cert);
|
||||
KeyFactory kf = KeyFactory.getInstance(algorithm, provider);
|
||||
X509EncodedKeySpec pubSpec = kf.getKeySpec(
|
||||
cert.getPublicKey(), X509EncodedKeySpec.class);
|
||||
PublicKey pub = kf.generatePublic(pubSpec);
|
||||
PublicKey pub1 = kf.generatePublic(new RSAPublicKeySpec(
|
||||
((RSAPublicKey) pub).getModulus(),
|
||||
((RSAPublicKey) pub).getPublicExponent(),
|
||||
((RSAPublicKey) pub).getParams()));
|
||||
equals(cert.getPublicKey(), pub);
|
||||
equals(pub, pub1);
|
||||
} catch (CertificateException | NoSuchAlgorithmException
|
||||
| InvalidKeySpecException | NoSuchProviderException e) {
|
||||
e.printStackTrace(System.out);
|
||||
return false;
|
||||
}
|
||||
System.out.println("PASSED - validateCert");
|
||||
return true;
|
||||
}
|
||||
|
||||
private static void equals(Key orig, Key gen) {
|
||||
if (!orig.equals(gen) && orig.hashCode() != gen.hashCode()
|
||||
&& !Arrays.equals(orig.getEncoded(), gen.getEncoded())) {
|
||||
throw new RuntimeException("Key mismatch found");
|
||||
}
|
||||
}
|
||||
|
||||
//rsa_pss_pss_sha256
|
||||
private static final String PRIVATE
|
||||
= "MIIEvAIBADALBgkqhkiG9w0BAQoEggSoMIIEpAIBAAKCAQEAu1qb8PZ8vMrX08Gf\n"
|
||||
+ "y9mx7c5NHymdPIpdDvaiYkpRfYGXp3Jpx7A0Hq01QY0OUu+0sCd5IbiVoVGqM4cq\n"
|
||||
+ "r2e4eyYnbgJEF7Tg8Ipu70cOUCZLj/fYNAjvFjv4+lxQYRCZHUH+lWPDPtJWKELx\n"
|
||||
+ "iIsAL5tglfyrQrdWLaOiZKlJ49DrYKU6PYqELxdQ1lw3r8iBbgGJP2podGD0rMWw\n"
|
||||
+ "nGX4pl9C7dYA+FV2yDirpH+OMNGOqB5QCe2WcsMLMzLPxJxOpqU8lCuscXR0VZuV\n"
|
||||
+ "krgztGJcq4J0eqp05jvMWii4vW/KSIh9bndVmS2QIU7YArI8RMXtbSHdE0hXAkh+\n"
|
||||
+ "Phb6/QIDAQABAoIBAQC4gbJDKquLTYQhYXTaT4h/toSS5OuZfHXKz675d1ErdZ2B\n"
|
||||
+ "ZRaxdmDNuSxSYvSxTqm2NRmA0QRiu0cPudSaq12twdRg7VBbvGEt4lb/xA1fd2dA\n"
|
||||
+ "4AcGr6mtTuCSxqjN/oebnat3OalFS+VXfx3Yp3NGbxE+hHewm1b+WUELOwCunhYw\n"
|
||||
+ "WJxs5dR0APiqzknveFgkOSDRbMYhwN6ZIrAmZH0wkGI7ufssnp9LEVDkoQCaFHlW\n"
|
||||
+ "bUpBHV1YxMCgAD/Azoo7MtedoO/+qnu1h26VhMVMCQL1DymZAnWd5kXumP9PG9j9\n"
|
||||
+ "z2JwIdYc7wkLVoSHJmjuXn/Sa/X7YCTGNk5Qwp/tAoGBAPJIWN3b6FPasnAevD2O\n"
|
||||
+ "04l1nnNrjNmu7aMGTTH5CrDseI7y/nqbSC18pOivRLmvhkON26I/Gu8GPKBteZAV\n"
|
||||
+ "OHKPc4RM11nvv9CyN4yDp0g76pPXLPXRRN/HV0RfBkmaiE6rpS07ue8FDUZmqb9+\n"
|
||||
+ "T8LV2eCYL7gYnIxsctzEQ8tXAoGBAMX2H7wpZVqHlGW94FF2pLp82q2cP80PBD+Z\n"
|
||||
+ "TglUVHy957EGPqEzxAWf3saORMDXyme7o0eSHJ1tikNTqAb+//zg5JexNEZSv6cR\n"
|
||||
+ "trAxuUT7kgjdJaD2i2BjlJyGG6fiXHcxC8lBvnFiWrC+qihTKDPdwWXdEOwzqCdL\n"
|
||||
+ "0eBbKAvLAoGAKDjah/p6F3G3LeXsWkvb0nY0V/UC7SCdUvM43ZL6s2SOnyy4EqK0\n"
|
||||
+ "2NhYiEiQoEMDhzOFwum3Dvd6GSgThlf/hwVJqC0Zk1S6A2uSzUEOBG/uAZ03WZfk\n"
|
||||
+ "V0JAupkL8iw1dNoKEfhYZdXw3j8s7x2JIE9gXGjngyiS1L0sVHpAxwECgYB78csS\n"
|
||||
+ "23RLB0JhpU2yk6812ABu3LqRoEpPq6PRcYxogdpz2u4RrkCYKO2psd/YQgPHiRMF\n"
|
||||
+ "N7VU2AXOe61jm/sZEJHvbBLHyP2YFB4nGSrfxwc7J4Ns0ZCYbCDbE5hzN+Ye9oVj\n"
|
||||
+ "oBcmFKelq+sLzm0IdFqndY8n5HvvBqjEaS6cmwKBgQDM5VsMKnGuqy5pozamgABu\n"
|
||||
+ "/z3f8ATzPVr85LiEWP7qB9Y1JIFuTma3IVlULtab2S4rhrHqQNy6qA6Be9fKKPwE\n"
|
||||
+ "TCmM/SDdolcz2d0rC2VDO+pc1RPluDpB/Ag8aHkV58azQASHHvAKBckIe7fay2t2\n"
|
||||
+ "j4FaKzM/ieY3WSapIbjf3w==";
|
||||
|
||||
/*
|
||||
* Certificate: Data: Version: 3 (0x2)
|
||||
* Serial Number: 11:4c:35:8c:63:47:91:1d:c1:c8:0f:c2:6f:d0:bd:8b:8f:89:e3:6c
|
||||
* Signature Algorithm: rsassaPss
|
||||
* Hash Algorithm: sha256
|
||||
* Mask Algorithm: mgf1 with sha256
|
||||
* Salt Length: 0xDE
|
||||
* Trailer Field: 0xBC (default)
|
||||
* Issuer: CN = localhost
|
||||
* Validity Not Before: Apr 8 06:01:37 2020 GMT
|
||||
* Not After : Apr 3 06:01:37 2040 GMT
|
||||
* Subject: CN = localhost
|
||||
* Subject Public Key Info: Public
|
||||
* Key Algorithm: rsassaPss
|
||||
* RSA-PSS Public-Key: (2048 bit)
|
||||
*/
|
||||
private static final String PUBLIC_256 = "-----BEGIN CERTIFICATE-----\n"
|
||||
+ "MIIDaTCCAiCgAwIBAgIUe9ijWtZJGfoH6whOTEIc+J/T1vswPgYJKoZIhvcNAQEK\n"
|
||||
+ "MDGgDTALBglghkgBZQMEAgGhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIBogQC\n"
|
||||
+ "AgDeMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMDAzMTcwNjM4MDdaFw00MDAz\n"
|
||||
+ "MTIwNjM4MDdaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASAwCwYJKoZIhvcNAQEK\n"
|
||||
+ "A4IBDwAwggEKAoIBAQC7Wpvw9ny8ytfTwZ/L2bHtzk0fKZ08il0O9qJiSlF9gZen\n"
|
||||
+ "cmnHsDQerTVBjQ5S77SwJ3khuJWhUaozhyqvZ7h7JiduAkQXtODwim7vRw5QJkuP\n"
|
||||
+ "99g0CO8WO/j6XFBhEJkdQf6VY8M+0lYoQvGIiwAvm2CV/KtCt1Yto6JkqUnj0Otg\n"
|
||||
+ "pTo9ioQvF1DWXDevyIFuAYk/amh0YPSsxbCcZfimX0Lt1gD4VXbIOKukf44w0Y6o\n"
|
||||
+ "HlAJ7ZZywwszMs/EnE6mpTyUK6xxdHRVm5WSuDO0YlyrgnR6qnTmO8xaKLi9b8pI\n"
|
||||
+ "iH1ud1WZLZAhTtgCsjxExe1tId0TSFcCSH4+Fvr9AgMBAAGjUzBRMB0GA1UdDgQW\n"
|
||||
+ "BBSDV090I9jEWvpjZ7fgO+GGocVgaDAfBgNVHSMEGDAWgBSDV090I9jEWvpjZ7fg\n"
|
||||
+ "O+GGocVgaDAPBgNVHRMBAf8EBTADAQH/MD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI\n"
|
||||
+ "AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3gOCAQEAVl99\n"
|
||||
+ "g2F0H9YzEtvG5NjSGq8uCW5dLQd5DcXNfyfSLlUBwCTaZXncrc5/3DLYN1mWRQm2\n"
|
||||
+ "pCwmoGVzslwcLNENldTYogCc0Pc3YeG81wTBq0Tt6zS8RsDR3jhCFSDTVOjOoe0R\n"
|
||||
+ "kdYRd9d2pLg2ZOzAJXa6GLrFA+3Vv3dFFh8FhGB9CcVsyPQDzWhXQ0IwukHK+AMY\n"
|
||||
+ "6x1h12/CGQfrzBhrUtwbV+9iZN3lVsBYEFNKVz8Ca7H80YC4bsEHAHeR5nIUFk82\n"
|
||||
+ "kYuOBhcfC10oz+NdM1KbyAX8/4Uf7S3aBca27GTr1vP6tkmybonRHnZRoELNo1RQ\n"
|
||||
+ "wM0XPciACllEAJCVrQ==\n"
|
||||
+ "-----END CERTIFICATE-----";
|
||||
|
||||
/*
|
||||
* Certificate: Data: Version: 3 (0x2)
|
||||
* Serial Number: 32:f5:cf:23:71:d3:7f:16:10:5d:6e:c7:25:82:ee:7f:a8:ec:27:80
|
||||
* Signature Algorithm: rsassaPss
|
||||
* Hash Algorithm: sha384
|
||||
* Mask Algorithm: mgf1 with sha384
|
||||
* Salt Length: 0xCE
|
||||
* Trailer Field: 0xBC (default)
|
||||
* Issuer: CN = localhost
|
||||
* Validity Not Before: Apr 8 06:01:37 2020 GMT
|
||||
* Not After : Apr 3 06:01:37 2040 GMT
|
||||
* Subject: CN = localhost
|
||||
* Subject Public Key Info: Public
|
||||
* Key Algorithm: rsassaPss
|
||||
* RSA-PSS Public-Key: (2048 bit)
|
||||
*/
|
||||
private static final String PUBLIC_384 = "-----BEGIN CERTIFICATE-----\n"
|
||||
+ "MIIDaTCCAiCgAwIBAgIUAeOnPMUidJHBqZbvhJWcH/05h0MwPgYJKoZIhvcNAQEK\n"
|
||||
+ "MDGgDTALBglghkgBZQMEAgKhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAICogQC\n"
|
||||
+ "AgDOMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMDAzMTcwNzI2MzFaFw00MDAz\n"
|
||||
+ "MTIwNzI2MzFaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASAwCwYJKoZIhvcNAQEK\n"
|
||||
+ "A4IBDwAwggEKAoIBAQDPgUMdvdYOeVahvAp92RNG55plAlUyEdowNmIpEbyZOlEM\n"
|
||||
+ "Jc+7VqMt1K/+ZX1MkAGrFjV635p3c0NqI6qyv57cXA7VT92aYp9S0l4t7Cb2DQ6Y\n"
|
||||
+ "D+1jPNYTpYoMoI8ZPA486RGpnBtmRp9KRSkAoLS6AngCABE7OxuE0MrYKhbJ/8Lq\n"
|
||||
+ "Ss627FDXK+7aLCbEdLbr5G9BAIMEQDJAomHcqBMz5+EnEXWHc8drHFVIniHByFv3\n"
|
||||
+ "HmzDhFEMKCV9PbBXjgKdpMIAJsRXG3t1CBE/pEzILomgg3i4OHSUvEIzTApwTJvg\n"
|
||||
+ "UqtXi0UJqPohPViCQFeWLMa2N0pOAx1FMfdJIutLAgMBAAGjUzBRMB0GA1UdDgQW\n"
|
||||
+ "BBQBEi9rWGXrZObncP4StBKXB3baODAfBgNVHSMEGDAWgBQBEi9rWGXrZObncP4S\n"
|
||||
+ "tBKXB3baODAPBgNVHRMBAf8EBTADAQH/MD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI\n"
|
||||
+ "AWUDBAICoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAqIEAgIAzgOCAQEADIQ6\n"
|
||||
+ "2ktTyS9+POWWe8yGEqW/q9DxL0NAqc0n4rYm5hs/8MKk1NMaqIku2xjE3T/16iFj\n"
|
||||
+ "3WEtj51yoSIUN0VxXPUoj3Yv5xR03huBk8gAwTpQc9psRQuGpLt9BBq0dyErQ8XR\n"
|
||||
+ "88SshQRpDEZ2yR4Tb+U5XfbWe70uCGfeG3iDMtZPAx2GnYBD+u3JaN/m7sr0cB8V\n"
|
||||
+ "Y8GuxWNh40aaIR0iaWbIC4b9N3wYDOa1yd8PqAKnLIs1F5CinJM6i5LmbkQpd+cK\n"
|
||||
+ "t13iaFYN26HuD3AywDQDvyYTwV7q5jcoEGAd35+pmKCdatEHlo0uLzbTGZw31Gfo\n"
|
||||
+ "BeSEh3vmXa1Q7SOpTQ==\n"
|
||||
+ "-----END CERTIFICATE-----";
|
||||
/*
|
||||
* Certificate: Data: Version: 3 (0x2)
|
||||
* Serial Number: 32:f5:cf:23:71:d3:7f:16:10:5d:6e:c7:25:82:ee:7f:a8:ec:27:80
|
||||
* Signature Algorithm: rsassaPss
|
||||
* Hash Algorithm: sha512
|
||||
* Mask Algorithm: mgf1 with sha512
|
||||
* Salt Length: 0xBE
|
||||
* Trailer Field: 0xBC (default)
|
||||
* Issuer: CN = localhost
|
||||
* Validity Not Before: Apr 8 06:01:37 2020 GMT
|
||||
* Not After : Apr 3 06:01:37 2040 GMT
|
||||
* Subject: CN = localhost
|
||||
* Subject Public Key Info: Public
|
||||
* Key Algorithm: rsassaPss
|
||||
* RSA-PSS Public-Key: (2048 bit)
|
||||
*/
|
||||
private static final String PUBLIC_512 = "-----BEGIN CERTIFICATE-----\n"
|
||||
+ "MIIDaTCCAiCgAwIBAgIUMvXPI3HTfxYQXW7HJYLuf6jsJ4AwPgYJKoZIhvcNAQEK\n"
|
||||
+ "MDGgDTALBglghkgBZQMEAgOhGjAYBgkqhkiG9w0BAQgwCwYJYIZIAWUDBAIDogQC\n"
|
||||
+ "AgC+MBQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMDAzMTcwNzI4MjZaFw00MDAz\n"
|
||||
+ "MTIwNzI4MjZaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASAwCwYJKoZIhvcNAQEK\n"
|
||||
+ "A4IBDwAwggEKAoIBAQCzuWpxs8c0JPgSykN9LM+2k0RlexrxCAlkgHRpfLI8XpV4\n"
|
||||
+ "Ak3hx9a045Ym1yyskNw7FjZVfWNgmx5Z8qQZvBykCL2iwDoMLEfoJTcE3cZEppaz\n"
|
||||
+ "3PqRoOVhuUGqA4jOW8WGbMi7aq/9UfTQGikxMBD7aS/ExILtAcd0N173ZARWcP0s\n"
|
||||
+ "68bRDLmTYAclZTWDZee0gAl8MHMnXSFFPotSbZOEWz4RqhpCa49tcx1BHgto3lyc\n"
|
||||
+ "ofzOerHpilZ/zAqOVRF2qHoZKlYTsTcSK0mE2MAfV7fk40qHYkyKbKLJVj8L8Lmc\n"
|
||||
+ "AFUNTx07bLYymgtqa07ei+kaVTJdlzDWiREgN8MNAgMBAAGjUzBRMB0GA1UdDgQW\n"
|
||||
+ "BBRlbX8E0L89iIOjkgLpbL/WSbuxmTAfBgNVHSMEGDAWgBRlbX8E0L89iIOjkgLp\n"
|
||||
+ "bL/WSbuxmTAPBgNVHRMBAf8EBTADAQH/MD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI\n"
|
||||
+ "AWUDBAIDoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCA6IEAgIAvgOCAQEAaRTy\n"
|
||||
+ "CmQxYkS5qCGQeJun/lFVLVE83Sl2kCBaJCMJdBYw38H+6DknJx/sjZwD1vO+OGj6\n"
|
||||
+ "1yyzQF1dv2Y5qOUrJIgw1ODkxTLMCrdotVqClazX02VGvyRe7efbjii96/9hqtxt\n"
|
||||
+ "TZwN7+8wUX6sP91z1vXVYD5sfl/qum/cWAVJEyw32h7RpUeB0rCJcIUrNqnbBziw\n"
|
||||
+ "SRkZof1Q2b02JRO0Pb3jV3H1MV5Agt3cFCCdsmvVq595rmYRwVMtyzCxXHb8jm+N\n"
|
||||
+ "8Fzhl9pxCCd4KIOGDAvngFZAloVsCHt+BG8jPhSxOldnFM7xGrGss2lLJnmf3YSe\n"
|
||||
+ "EPDF7NvA9wKPz4oyRg==\n"
|
||||
+ "-----END CERTIFICATE-----";
|
||||
|
||||
}
|
260
test/jdk/sun/security/rsa/pss/SerializedPSSKey.java
Normal file
260
test/jdk/sun/security/rsa/pss/SerializedPSSKey.java
Normal file
@ -0,0 +1,260 @@
|
||||
/*
|
||||
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
* or visit www.oracle.com if you need additional information or have any
|
||||
* questions.
|
||||
*/
|
||||
|
||||
import static javax.crypto.Cipher.PRIVATE_KEY;
|
||||
import static javax.crypto.Cipher.PUBLIC_KEY;
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.io.ObjectOutputStream;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.Key;
|
||||
import java.security.KeyFactory;
|
||||
import java.security.KeyPair;
|
||||
import java.security.KeyPairGenerator;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.PublicKey;
|
||||
import java.security.Signature;
|
||||
import java.security.interfaces.RSAPrivateCrtKey;
|
||||
import java.security.interfaces.RSAPublicKey;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.security.spec.MGF1ParameterSpec;
|
||||
import java.security.spec.PKCS8EncodedKeySpec;
|
||||
import java.security.spec.PSSParameterSpec;
|
||||
import java.security.spec.RSAKeyGenParameterSpec;
|
||||
import java.security.spec.RSAPrivateCrtKeySpec;
|
||||
import java.security.spec.RSAPublicKeySpec;
|
||||
import java.security.spec.X509EncodedKeySpec;
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* @test @bug 8242335
|
||||
* @summary Test RSASSA-PSS serialized keys
|
||||
* @run main SerializedPSSKey
|
||||
*/
|
||||
public class SerializedPSSKey {
|
||||
|
||||
private static final String ALGO = "RSASSA-PSS";
|
||||
private static final String OID = "1.2.840.113549.1.1.10";
|
||||
private static final String PROVIDER = "SunRsaSign";
|
||||
private static final int KEY_SIZE = 2048;
|
||||
private static final byte[] DATA = "Test".getBytes();
|
||||
/**
|
||||
* Digest algorithms to test w/ RSASSA-PSS signature algorithms
|
||||
*/
|
||||
private static final String[] DIGEST_ALG = {
|
||||
"SHA-1", "SHA-224", "SHA-256", "SHA-384",
|
||||
"SHA-512", "SHA-512/224", "SHA-512/256"
|
||||
};
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
|
||||
for (String algo : new String[]{ALGO, OID}) {
|
||||
KeyPairGenerator kpg = KeyPairGenerator.getInstance(algo, PROVIDER);
|
||||
|
||||
// Algorithm-Independent Initialization
|
||||
kpg.initialize(KEY_SIZE);
|
||||
KeyPair kp = kpg.generateKeyPair();
|
||||
test(algo, kp, null);
|
||||
for (String digest : DIGEST_ALG) {
|
||||
PSSParameterSpec params = genPSSParameter(digest, KEY_SIZE);
|
||||
// RSAKeyGenParameterSpec#1 Initialization
|
||||
kpg.initialize(new RSAKeyGenParameterSpec(KEY_SIZE,
|
||||
RSAKeyGenParameterSpec.F4, params));
|
||||
KeyPair kp2 = kpg.generateKeyPair();
|
||||
test(algo, kp2, params);
|
||||
}
|
||||
System.out.println("Successful with : " + algo);
|
||||
}
|
||||
}
|
||||
|
||||
private static void test(String algo, KeyPair orig, PSSParameterSpec params)
|
||||
throws Exception {
|
||||
|
||||
Key[] privs = manipulateKey(algo, PRIVATE_KEY, orig.getPrivate());
|
||||
Key[] pubs = manipulateKey(algo, PUBLIC_KEY, orig.getPublic());
|
||||
for (Key pri : privs) {
|
||||
for (Key pub : pubs) {
|
||||
testSerialize(orig, new KeyPair(
|
||||
(PublicKey) pub, (PrivateKey) pri));
|
||||
if (params != null) {
|
||||
testSignature(algo, (PublicKey) pub,
|
||||
(PrivateKey) pri, params);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private static void testSignature(String algo, PublicKey pub,
|
||||
PrivateKey priv, PSSParameterSpec params) throws Exception {
|
||||
|
||||
Signature sig = Signature.getInstance(algo, PROVIDER);
|
||||
sig.setParameter(params);
|
||||
sig.initSign(priv);
|
||||
sig.update(DATA);
|
||||
byte[] signature = sig.sign();
|
||||
|
||||
sig.initVerify(pub);
|
||||
sig.update(DATA);
|
||||
if (!sig.verify(signature)) {
|
||||
throw new RuntimeException("Signature verification failed");
|
||||
}
|
||||
// Re-verify the signature with another Signature instance
|
||||
Signature sig1 = Signature.getInstance(algo, PROVIDER);
|
||||
sig1.setParameter(params);
|
||||
sig1.initVerify(pub);
|
||||
sig1.update(DATA);
|
||||
if (!sig1.verify(signature)) {
|
||||
throw new RuntimeException("Signature verification failed");
|
||||
}
|
||||
}
|
||||
|
||||
private static Key[] manipulateKey(String algo, int type, Key key)
|
||||
throws NoSuchAlgorithmException, InvalidKeySpecException,
|
||||
NoSuchProviderException, InvalidKeyException {
|
||||
|
||||
KeyFactory kf = KeyFactory.getInstance(algo, PROVIDER);
|
||||
switch (type) {
|
||||
case PUBLIC_KEY:
|
||||
return new Key[]{
|
||||
kf.generatePublic(kf.getKeySpec(key, RSAPublicKeySpec.class)),
|
||||
kf.generatePublic(new X509EncodedKeySpec(key.getEncoded())),
|
||||
kf.generatePublic(new RSAPublicKeySpec(
|
||||
((RSAPublicKey) key).getModulus(),
|
||||
((RSAPublicKey) key).getPublicExponent(),
|
||||
((RSAPublicKey) key).getParams())),
|
||||
kf.translateKey(key)
|
||||
};
|
||||
case PRIVATE_KEY:
|
||||
RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey) key;
|
||||
return new Key[]{
|
||||
kf.generatePrivate(
|
||||
kf.getKeySpec(key, RSAPrivateCrtKeySpec.class)),
|
||||
kf.generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded())),
|
||||
kf.generatePrivate(new RSAPrivateCrtKeySpec(
|
||||
crtKey.getModulus(),
|
||||
crtKey.getPublicExponent(),
|
||||
crtKey.getPrivateExponent(),
|
||||
crtKey.getPrimeP(),
|
||||
crtKey.getPrimeQ(),
|
||||
crtKey.getPrimeExponentP(),
|
||||
crtKey.getPrimeExponentQ(),
|
||||
crtKey.getCrtCoefficient(),
|
||||
crtKey.getParams()
|
||||
)),
|
||||
kf.translateKey(key)
|
||||
};
|
||||
}
|
||||
throw new RuntimeException("We shouldn't reach here");
|
||||
}
|
||||
|
||||
private static PSSParameterSpec genPSSParameter(String digest, int keySize)
|
||||
throws NoSuchAlgorithmException {
|
||||
|
||||
int dgLen = MessageDigest.getInstance(digest).getDigestLength();
|
||||
// pick a salt length based on the key length and digestAlgo
|
||||
int saltLength = keySize / 8 - dgLen - 2;
|
||||
if (saltLength < 0) {
|
||||
System.out.printf("keysize: %s, digestLen: %s%n", keySize / 8, dgLen);
|
||||
return null;
|
||||
}
|
||||
return new PSSParameterSpec(digest, "MGF1", new MGF1ParameterSpec(digest),
|
||||
saltLength, PSSParameterSpec.TRAILER_FIELD_BC);
|
||||
}
|
||||
|
||||
/**
|
||||
* Compare original KeyPair with transformed ones.
|
||||
*/
|
||||
private static void testKeyEquals(KeyPair orig, PublicKey pubKey,
|
||||
PrivateKey priKey) {
|
||||
|
||||
if (!orig.getPrivate().equals(priKey)
|
||||
&& orig.getPrivate().hashCode() != priKey.hashCode()
|
||||
&& !Arrays.equals(orig.getPrivate().getEncoded(),
|
||||
priKey.getEncoded())) {
|
||||
throw new RuntimeException(
|
||||
"PrivateKey is not equal with transformed one");
|
||||
}
|
||||
if (!orig.getPublic().equals(pubKey)
|
||||
&& orig.getPublic().hashCode() != pubKey.hashCode()
|
||||
&& !Arrays.equals(orig.getPublic().getEncoded(),
|
||||
pubKey.getEncoded())) {
|
||||
throw new RuntimeException(
|
||||
"PublicKey is not equal with transformed one");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test serialization of KeyPair and Keys it holds.
|
||||
*/
|
||||
private static void testSerialize(KeyPair orig, KeyPair transformed)
|
||||
throws Exception {
|
||||
|
||||
testKeyEquals(orig, transformed.getPublic(), transformed.getPrivate());
|
||||
PrivateKey serializedPrivate = deserializedCopy(transformed.getPrivate(),
|
||||
PrivateKey.class);
|
||||
PublicKey serializedPublic = deserializedCopy(transformed.getPublic(),
|
||||
PublicKey.class);
|
||||
testKeyEquals(orig, serializedPublic, serializedPrivate);
|
||||
// Verify Serialized KeyPair instance.
|
||||
KeyPair copy = deserializedCopy(transformed, KeyPair.class);
|
||||
testKeyEquals(orig, copy.getPublic(), copy.getPrivate());
|
||||
}
|
||||
|
||||
private static <T extends Object> T deserializedCopy(T orig, Class<T> type)
|
||||
throws IOException, ClassNotFoundException {
|
||||
return deserialize(serialize(orig), type);
|
||||
}
|
||||
|
||||
/**
|
||||
* Deserialize the Key object.
|
||||
*/
|
||||
private static <T extends Object> T deserialize(byte[] serialized,
|
||||
Class<T> type) throws IOException, ClassNotFoundException {
|
||||
|
||||
T key = null;
|
||||
try (ByteArrayInputStream bis = new ByteArrayInputStream(serialized);
|
||||
ObjectInputStream ois = new ObjectInputStream(bis)) {
|
||||
key = (T) ois.readObject();
|
||||
}
|
||||
return key;
|
||||
}
|
||||
|
||||
/**
|
||||
* Serialize the given Key object.
|
||||
*/
|
||||
private static <T extends Object> byte[] serialize(T key)
|
||||
throws IOException {
|
||||
|
||||
try (ByteArrayOutputStream bos = new ByteArrayOutputStream();
|
||||
ObjectOutputStream oos = new ObjectOutputStream(bos)) {
|
||||
oos.writeObject(key);
|
||||
return bos.toByteArray();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user