8342183: Update tests to use stronger algorithms and keys

Reviewed-by: rhalade, ascarpino
This commit is contained in:
Fernando Guallini 2024-11-01 17:52:20 +00:00 committed by Rajan Halade
parent 1eccdfc622
commit c82ad845e1
35 changed files with 259 additions and 125 deletions

View File

@ -75,7 +75,7 @@ public class CICOSkipTest {
"OFB", "OFB64", "PCBC"};
private static final String[] PADDINGS = {"NoPadding", "Pkcs5Padding"};
private static final String[] PBE_ALGOS = {"PBEWithMD5AndDES",
"PBEWithMD5AndDES/CBC/PKCS5Padding"};
"PBEWithMD5AndDES/CBC/PKCS5Padding", "PBEWithSHA1AndDESede"};
public static void main(String[] args) throws Exception {
// how many kinds of padding mode such as PKCS5padding and NoPadding

View File

@ -167,7 +167,8 @@ public class TestCipherKeyWrapperTest {
test.wrapperPBEKeyTest(provider);
// Public and private key wrap test
test.wrapperPublicPriviteKeyTest(provider, publicPrivateAlgos);
test.wrapperPublicPriviteKeyTest(provider, publicPrivateAlgos, "DES");
test.wrapperPublicPriviteKeyTest(provider, publicPrivateAlgos, "AES");
}
private void wrapperAesDESedeKeyTest(String algo, String wrapAlgo,
@ -263,7 +264,7 @@ public class TestCipherKeyWrapperTest {
}
}
private void wrapperPublicPriviteKeyTest(Provider p, String[] algorithms)
private void wrapperPublicPriviteKeyTest(Provider p, String[] algorithms, String algoWrap)
throws NoSuchAlgorithmException, InvalidKeyException,
NoSuchPaddingException, IllegalBlockSizeException,
InvalidAlgorithmParameterException {
@ -275,7 +276,6 @@ public class TestCipherKeyWrapperTest {
kpg.initialize(SecurityUtils.getTestKeySize(algo));
KeyPair kp = kpg.genKeyPair();
// key generated
String algoWrap = "DES";
KeyGenerator kg = KeyGenerator.getInstance(algoWrap, p);
Key key = kg.generateKey();
wrapTest(algo, algoWrap, key, kp.getPrivate(), Cipher.PRIVATE_KEY,

View File

@ -40,7 +40,7 @@ import javax.crypto.NoSuchPaddingException;
public class TestCipherPBECons {
private static final String[] PBEAlgorithms = {"pbeWithMD5ANDdes",
"PBEWithMD5AndTripleDES"};
"PBEWithMD5AndTripleDES", "PBEWithSHA1AndDESede"};
private static final String[] cipherModes = {"ECb", "cbC", "cFB", "Cfb32",
"OfB", "oFb64", "pCbC"};
private static final String[] cipherPaddings = {"Pkcs5Padding", "NoPaDDing"};

View File

@ -232,20 +232,26 @@ public class DHKeyAgreement2 {
}
System.err.println("Shared secrets are the same");
testSecretKey(bobKeyAgree, alicePubKey, "DES");
testSecretKey(bobKeyAgree, alicePubKey, "AES");
}
private static void testSecretKey(KeyAgreement bobKeyAgree, PublicKey alicePubKey, String algo)
throws Exception {
// Now let's return the shared secret as a SecretKey object
// and use it for encryption
System.out.println("Return shared secret as SecretKey object ...");
System.out.println("Return shared secret as SecretKey object with algorithm: " + algo);
bobKeyAgree.doPhase(alicePubKey, true);
SecretKey desKey = bobKeyAgree.generateSecret("DES");
SecretKey key = bobKeyAgree.generateSecret(algo);
Cipher desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
desCipher.init(Cipher.ENCRYPT_MODE, desKey);
Cipher cipher = Cipher.getInstance(algo + "/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] cleartext = "This is just an example".getBytes();
byte[] ciphertext = desCipher.doFinal(cleartext);
byte[] ciphertext = cipher.doFinal(cleartext);
desCipher.init(Cipher.DECRYPT_MODE, desKey);
byte[] cleartext1 = desCipher.doFinal(ciphertext);
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] cleartext1 = cipher.doFinal(ciphertext);
int clearLen = cleartext.length;
int clear1Len = cleartext1.length;

View File

@ -24,6 +24,7 @@
/**
* @test
* @bug 8072452 8163498
* @library /test/lib
* @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
* This test has been split based on lower/higher key sizes in order to
* reduce individual execution times and run in parallel
@ -33,14 +34,16 @@
* @run main/timeout=300 SupportedDHParamGens 832
* @run main/timeout=300 SupportedDHParamGens 1024
* @run main/timeout=600 SupportedDHParamGens 2048
* @run main/timeout=600 SupportedDHParamGens 3072
* @run main/timeout=600 SupportedDHParamGens 4096
*/
import java.math.BigInteger;
import java.security.*;
import javax.crypto.*;
import javax.crypto.interfaces.*;
import javax.crypto.spec.*;
import jdk.test.lib.security.DiffieHellmanGroup;
import jdk.test.lib.security.SecurityUtils;
public class SupportedDHParamGens {
@ -48,12 +51,18 @@ public class SupportedDHParamGens {
int primeSize = Integer.valueOf(args[0]).intValue();
System.out.println("Checking " + primeSize + " ...");
DHParameterSpec spec = null;
switch (primeSize) {
case 2048, 3072, 4096 -> spec = getDHParameterSpec(primeSize);
default -> {
AlgorithmParameterGenerator apg =
AlgorithmParameterGenerator.getInstance("DH",
System.getProperty("test.provider.name", "SunJCE"));
apg.init(primeSize);
AlgorithmParameters ap = apg.generateParameters();
DHParameterSpec spec = ap.getParameterSpec(DHParameterSpec.class);
spec = ap.getParameterSpec(DHParameterSpec.class);
}
}
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DH",
System.getProperty("test.provider.name", "SunJCE"));
@ -62,6 +71,11 @@ public class SupportedDHParamGens {
checkKeyPair(kp, primeSize);
}
private static DHParameterSpec getDHParameterSpec(int primeSize) {
DiffieHellmanGroup dhGroup = SecurityUtils.getTestDHGroup(primeSize);
return new DHParameterSpec(dhGroup.getPrime(), dhGroup.getBase());
}
private static void checkKeyPair(KeyPair kp, int pSize) throws Exception {
DHPrivateKey privateKey = (DHPrivateKey)kp.getPrivate();

View File

@ -24,6 +24,7 @@
/**
* @test
* @bug 8072452 8163498
* @library /test/lib
* @summary Support DHE sizes up to 8192-bits and DSA sizes up to 3072-bits
* This test has been split based on lower/higher key sizes in order to
* reduce individual execution times and run in parallel

View File

@ -35,10 +35,10 @@ import java.util.*;
public class TestExplicitKeyLength {
private static final String ALGOS[] = { "RC2", "ARCFOUR" };
private static final String ALGOS[] = { "RC2", "ARCFOUR", "AES", "AES", "AES" };
private static final int KEY_SIZES[] =
{ 64, 80 }; // in bits
{ 64, 80, 128, 192, 256 }; // in bits
public static void runTest(String algo, int keysize) throws Exception {
KeyGenerator kg = KeyGenerator.getInstance(algo,

View File

@ -41,6 +41,10 @@ public class HmacSaltLengths {
private static final String[] ALGOS = {
"HmacPBESHA1",
"HmacPBESHA224",
"HmacPBESHA256",
"HmacPBESHA384",
"HmacPBESHA512",
"PBEWithHmacSHA1",
"PBEWithHmacSHA224",
"PBEWithHmacSHA256",

View File

@ -26,6 +26,8 @@
* @bug 7087021 8013069 8288050
* @summary Clone tests for all MAC algorithms.
* @author Jan Luehe
* @run main MacClone DES
* @run main MacClone AES
*/
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.*;
@ -39,7 +41,8 @@ public class MacClone {
"HmacSHA384", "HmacSHA512", "HmacSHA512/224",
"HmacSHA512/256",
};
KeyGenerator kgen = KeyGenerator.getInstance("DES");
String keyAlgo = args[0];
KeyGenerator kgen = KeyGenerator.getInstance(keyAlgo);
SecretKey skey = kgen.generateKey();
for (String algo : algos) {
doTest(algo, skey, null);

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -47,7 +47,7 @@ public class TestKeyStoreEntry {
private static final char[] PASSWDF = new String("guardian Angel")
.toCharArray();
private static final String[] KS_ALGOS = {
"DES", "DESede", "Blowfish"
"DES", "DESede", "Blowfish", "AES"
};
private static final int NUM_ALGOS = KS_ALGOS.length;

View File

@ -27,6 +27,8 @@
* @summary Test the MessageDigest.update(ByteBuffer) method
* @author Andreas Sterbenz
* @key randomness
* @run main ByteBuffers MD5
* @run main ByteBuffers SHA-1
*/
import java.util.*;
@ -43,7 +45,8 @@ public class ByteBuffers {
byte[] t = new byte[n];
random.nextBytes(t);
MessageDigest md = MessageDigest.getInstance("MD5", p);
String digestAlgo = args[0];
MessageDigest md = MessageDigest.getInstance(digestAlgo, p);
byte[] d1 = md.digest(t);
// test 1: ByteBuffer with an accessible backing array

View File

@ -27,6 +27,8 @@
* @summary Test the Signature.update(ByteBuffer) method
* @author Andreas Sterbenz
* @key randomness
* @run main ByteBuffers DSA 512
* @run main ByteBuffers SHA256withDSA 2048
*/
import java.util.*;
@ -44,11 +46,14 @@ public class ByteBuffers {
byte[] t = new byte[n];
random.nextBytes(t);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", p);
kpg.initialize(512);
String kpgAlgorithm = "DSA";
int keySize = Integer.parseInt(args[1]);
KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm, p);
kpg.initialize(keySize);
KeyPair kp = kpg.generateKeyPair();
Signature sig = Signature.getInstance("DSA", p);
String signAlgo = args[0];
Signature sig = Signature.getInstance(signAlgo, p);
sig.initSign(kp.getPrivate());
sig.update(t);
byte[] signature = sig.sign();

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,6 +26,8 @@
* @bug 4114896
* @summary Signature should support a sign() method that places the signature
* in an already existing array.
* @run main SignWithOutputBuffer DSS 512
* @run main SignWithOutputBuffer SHA256withDSA 2048
*/
import java.security.*;
@ -36,11 +38,14 @@ public class SignWithOutputBuffer {
int numBytes;
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DSA");
kpGen.initialize(512);
String kpgAlgorithm = "DSA";
int keySize = Integer.parseInt(args[1]);
KeyPairGenerator kpGen = KeyPairGenerator.getInstance(kpgAlgorithm);
kpGen.initialize(keySize);
KeyPair kp = kpGen.genKeyPair();
Signature sig = Signature.getInstance("DSS");
String signAlgo = args[0];
Signature sig = Signature.getInstance(signAlgo);
sig.initSign(kp.getPrivate());
sig.update((byte)0xff);
@ -55,10 +60,10 @@ public class SignWithOutputBuffer {
}
// Now repeat the same with a buffer that's big enough
sig = Signature.getInstance("DSS");
sig = Signature.getInstance(signAlgo);
sig.initSign(kp.getPrivate());
sig.update((byte)0xff);
out = new byte[48];
out = new byte[64];
numBytes = sig.sign(out, 0, out.length);
System.out.println("Signature len="+numBytes);

View File

@ -27,7 +27,8 @@
* @summary Ensure the BC provider-reselection workaround in Signature class
* functions correctly
* @modules java.base/sun.security.util
* @run main/othervm SignatureGetInstance
* @run main/othervm SignatureGetInstance default
* @run main/othervm SignatureGetInstance SHA-256
*/
import java.security.*;
import java.security.interfaces.*;
@ -37,8 +38,12 @@ import sun.security.util.SignatureUtil;
public class SignatureGetInstance {
private static final String SIGALG = "RSASSA-PSS";
private static PSSParameterSpec pssParamSpec;
public static void main(String[] args) throws Exception {
String mdName = args[0];
pssParamSpec = "default".equals(mdName) ? PSSParameterSpec.DEFAULT :
new PSSParameterSpec(mdName, "MGF1", new MGF1ParameterSpec(mdName), 20, 1);
Provider testProvider = new TestProvider();
// put test provider before SunRsaSign provider
Security.insertProviderAt(testProvider, 1);
@ -85,7 +90,7 @@ public class SignatureGetInstance {
private static void testDblInit(PrivateKey key1, PublicKey key2,
boolean shouldPass, String expectedProvName) throws Exception {
Signature sig = Signature.getInstance(SIGALG);
SignatureUtil.initSignWithParam(sig, key1, PSSParameterSpec.DEFAULT, null);
SignatureUtil.initSignWithParam(sig, key1, pssParamSpec, null);
try {
sig.initVerify(key2);
if (!shouldPass) {
@ -108,7 +113,7 @@ public class SignatureGetInstance {
} else {
sig = Signature.getInstance(SIGALG, provName);
}
AlgorithmParameterSpec params = PSSParameterSpec.DEFAULT;
AlgorithmParameterSpec params = pssParamSpec;
boolean doSign = (key instanceof PrivateKey);
try {
if (doSign) {

View File

@ -24,23 +24,30 @@
/**
* @test
* @bug 4716321
* @library /test/lib
* @summary Ensure the random source supplied in
* Signature.initSign(PrivateKey, SecureRandom) is used.
* @run main TestInitSignWithMyOwnRandom DSA 512
* @run main TestInitSignWithMyOwnRandom SHA256withDSA 2048
*/
import java.security.*;
import jdk.test.lib.security.SecurityUtils;
public class TestInitSignWithMyOwnRandom {
public static void main(String[] argv) throws Exception {
public static void main(String[] args) throws Exception {
// any signature implementation will do as long as
// it needs a random source
Provider p = Security.getProvider(
System.getProperty("test.provider.name", "SUN"));
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA", p);
kpg.initialize(512);
String kpgAlgorithm = "DSA";
int keySize = Integer.parseInt(args[1]);
KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm, p);
kpg.initialize(keySize);
KeyPair kp = kpg.generateKeyPair();
TestRandomSource rand = new TestRandomSource();
Signature sig = Signature.getInstance("DSA", p);
String signAlgo = args[0];
Signature sig = Signature.getInstance(signAlgo, p);
sig.initSign(kp.getPrivate(), rand);
sig.update(new byte[20]);
sig.sign();

View File

@ -48,7 +48,7 @@ public class VerifyRangeCheckOverflow {
PublicKey publicKey = keys.getPublic();
byte[] sigBytes = new byte[100];
Signature signature = Signature.getInstance("SHA1withDSA");
Signature signature = Signature.getInstance("SHA256withDSA");
signature.initVerify(publicKey);
try {
signature.verify(sigBytes, Integer.MAX_VALUE, 1);

View File

@ -165,6 +165,8 @@ public class Chain {
new Test(SigAlg.SHA1withDSA, KeyAlg.DSA, Provider.Default, 1024),
new Test(SigAlg.MD2withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.MD5withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA224withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA256withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA3_224withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA3_256withRSA, KeyAlg.RSA, Provider.Default),
new Test(SigAlg.SHA3_384withRSA, KeyAlg.RSA, Provider.Default),

View File

@ -31,31 +31,35 @@ import java.security.SignedObject;
* @test
* @bug 8050374
* @summary Checks if a signed object is a copy of an original object
* @run main Copy DSA 512
* @run main Copy SHA256withDSA 2048
*/
public class Copy {
private static final String DSA = "DSA";
private static final int KEY_SIZE = 512;
private static final int MAGIC = 123;
public static void main(String args[]) throws Exception {
int keySize = Integer.parseInt(args[1]);
KeyPairGenerator kg = KeyPairGenerator.getInstance(DSA);
kg.initialize(KEY_SIZE);
kg.initialize(keySize);
KeyPair kp = kg.genKeyPair();
Signature signature = Signature.getInstance(DSA);
String signAlgo = args[0];
Signature signature = Signature.getInstance(signAlgo);
Test original = new Test();
SignedObject so = new SignedObject(original, kp.getPrivate(),
signature);
System.out.println("Signature algorithm: " + so.getAlgorithm());
signature = Signature.getInstance(DSA, System.getProperty("test.provider.name", "SUN"));
signature = Signature.getInstance(signAlgo,
System.getProperty("test.provider.name", "SUN"));
if (!so.verify(kp.getPublic(), signature)) {
throw new RuntimeException("Verification failed");
}
kg = KeyPairGenerator.getInstance(DSA);
kg.initialize(KEY_SIZE);
kg.initialize(keySize);
kp = kg.genKeyPair();
if (so.verify(kp.getPublic(), signature)) {

View File

@ -27,6 +27,8 @@
* @summary Test the Cipher.update/doFinal(ByteBuffer, ByteBuffer) methods
* @author Andreas Sterbenz
* @key randomness
* @run main ByteBuffers DES 8
* @run main ByteBuffers AES 16
*/
import java.util.*;
@ -47,11 +49,13 @@ public class ByteBuffers {
byte[] t = new byte[n];
random.nextBytes(t);
byte[] keyBytes = new byte[8];
int keyInt = Integer.parseInt(args[1]);
byte[] keyBytes = new byte[keyInt];
random.nextBytes(keyBytes);
SecretKey key = new SecretKeySpec(keyBytes, "DES");
String algo = args[0];
SecretKey key = new SecretKeySpec(keyBytes, algo);
Cipher cipher = Cipher.getInstance("DES/ECB/NoPadding");
Cipher cipher = Cipher.getInstance(algo + "/ECB/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] outBytes = cipher.doFinal(t);

View File

@ -26,10 +26,13 @@
* @bug 4898428
* @summary test that the new getInstance() implementation works correctly
* @author Andreas Sterbenz
* @run main TestGetInstance DES PBEWithMD5AndTripleDES
* @run main TestGetInstance AES PBEWithHmacSHA1AndAES_128
*/
import java.security.*;
import java.security.spec.*;
import java.util.Locale;
import javax.crypto.*;
@ -42,61 +45,64 @@ public class TestGetInstance {
}
public static void main(String[] args) throws Exception {
String algo = args[0];
String algoLC = algo.toLowerCase(Locale.ROOT);
String pbeAlgo = args[1];
Provider p = Security.getProvider(
System.getProperty("test.provider.name", "SunJCE"));
Cipher c;
c = Cipher.getInstance("PBEWithMD5AndTripleDES");
c = Cipher.getInstance(pbeAlgo);
same(p, c.getProvider());
c = Cipher.getInstance("des",
c = Cipher.getInstance(algoLC,
System.getProperty("test.provider.name", "SunJCE"));
same(p, c.getProvider());
c = Cipher.getInstance("des/cbc/pkcs5padding",
c = Cipher.getInstance(algoLC + "/cbc/pkcs5padding",
System.getProperty("test.provider.name", "SunJCE"));
same(p, c.getProvider());
c = Cipher.getInstance("des", p);
c = Cipher.getInstance(algoLC, p);
same(p, c.getProvider());
c = Cipher.getInstance("des/cbc/pkcs5padding", p);
c = Cipher.getInstance(algoLC + "/cbc/pkcs5padding", p);
same(p, c.getProvider());
try {
c = Cipher.getInstance("DES/XYZ/PKCS5Padding");
c = Cipher.getInstance(algo + "/XYZ/PKCS5Padding");
throw new AssertionError();
} catch (NoSuchAlgorithmException e) {
System.out.println(e);
}
try {
c = Cipher.getInstance("DES/XYZ/PKCS5Padding",
c = Cipher.getInstance(algo + "/XYZ/PKCS5Padding",
System.getProperty("test.provider.name", "SunJCE"));
throw new AssertionError();
} catch (NoSuchAlgorithmException e) {
System.out.println(e);
}
try {
c = Cipher.getInstance("DES/XYZ/PKCS5Padding", p);
c = Cipher.getInstance(algo + "/XYZ/PKCS5Padding", p);
throw new AssertionError();
} catch (NoSuchAlgorithmException e) {
System.out.println(e);
}
try {
c = Cipher.getInstance("DES/CBC/XYZPadding");
c = Cipher.getInstance(algo + "/CBC/XYZPadding");
throw new AssertionError();
} catch (NoSuchAlgorithmException e) {
System.out.println(e);
}
try {
c = Cipher.getInstance("DES/CBC/XYZPadding",
c = Cipher.getInstance(algo + "/CBC/XYZPadding",
System.getProperty("test.provider.name", "SunJCE"));
throw new AssertionError();
} catch (NoSuchPaddingException e) {
System.out.println(e);
}
try {
c = Cipher.getInstance("DES/CBC/XYZPadding", p);
c = Cipher.getInstance(algo + "/CBC/XYZPadding", p);
throw new AssertionError();
} catch (NoSuchPaddingException e) {
System.out.println(e);

View File

@ -27,6 +27,8 @@
* @summary Cipher.doFinal(ByteBuffer,ByteBuffer) fails to
* process when in.remaining() == 0
* @key randomness
* @run main DirectBBRemaining DES 8
* @run main DirectBBRemaining AES 16
*/
import java.nio.ByteBuffer;
@ -53,11 +55,13 @@ public class DirectBBRemaining {
boolean failedOnce = false;
Exception failedReason = null;
byte[] keyBytes = new byte[8];
int keyInt = Integer.parseInt(args[1]);
byte[] keyBytes = new byte[keyInt];
random.nextBytes(keyBytes);
SecretKey key = new SecretKeySpec(keyBytes, "DES");
String algo = args[0];
SecretKey key = new SecretKeySpec(keyBytes, algo);
Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding",
Cipher cipher = Cipher.getInstance(algo + "/CBC/PKCS5Padding",
System.getProperty("test.provider.name", "SunJCE"));
cipher.init(Cipher.ENCRYPT_MODE, key);

View File

@ -29,6 +29,8 @@
* crypto permssion checks failed.
* @author Valerie Peng
* @key randomness
* @run main AllPermCheck DES
* @run main AllPermCheck AES
*/
import java.io.*;
@ -86,7 +88,8 @@ public class AllPermCheck {
public static void main(String[] args) throws Exception {
Provider p = Security.getProvider(System.getProperty("test.provider.name", "SunJCE"));
System.out.println("Testing provider " + p.getName() + "...");
if (Cipher.getMaxAllowedKeyLength("DES") == Integer.MAX_VALUE) {
String transformation = args[0];
if (Cipher.getMaxAllowedKeyLength(transformation) == Integer.MAX_VALUE) {
// skip this test for unlimited jurisdiction policy files
System.out.println("Skip this test due to unlimited version");
return;

View File

@ -48,7 +48,7 @@ public class LowercasePermCheck {
public static void main(String[] args) throws Exception {
Provider p = Security.getProvider(System.getProperty("test.provider.name", "SunJCE"));
System.out.println("Testing provider " + p.getName() + "...");
if (Cipher.getMaxAllowedKeyLength("DES") == Integer.MAX_VALUE) {
if (Cipher.getMaxAllowedKeyLength("AES") == Integer.MAX_VALUE) {
// skip this test for unlimited jurisdiction policy files
System.out.println("Skip this test due to unlimited version");
return;

View File

@ -26,6 +26,8 @@
* @bug 4508341
* @summary Test the EncryptedPrivateKeyInfo.getKeySpec(...) methods.
* @author Valerie Peng
* @run main/othervm -DcipherAlg=PBEWithMD5AndDES GetKeySpec
* @run main/othervm -DcipherAlg=PBEWithSHA1AndDESede GetKeySpec
*/
import java.util.*;
import java.nio.*;
@ -37,12 +39,13 @@ import javax.crypto.*;
import javax.crypto.spec.*;
public class GetKeySpec {
private static final String cipherAlg = "PBEWithMD5AndDES";
private static String cipherAlg;
private static final char[] passwd = { 'p','a','s','s','w','d' };
private static AlgorithmParameters GOOD_PARAMS;
static {
try {
cipherAlg = System.getProperty("cipherAlg");
PBEParameterSpec goodParamSpec =
new PBEParameterSpec(new byte[8], 1024);
GOOD_PARAMS = AlgorithmParameters.getInstance
@ -55,7 +58,8 @@ public class GetKeySpec {
}
private static String pkcs8Encoded = "30:82:01:53:02:01:00:30:0D:06:09:2A:86:48:86:F7:0D:01:01:01:05:00:04:82:01:3D:30:82:01:39:02:01:00:02:40:6E:A4:13:65:97:A2:C2:47:5E:F2:23:6B:94:D8:D7:25:13:BB:A4:AE:8A:AA:A7:27:A4:9A:04:DC:15:F7:9B:E4:39:18:99:9E:27:EA:92:BB:D0:0E:F3:26:F4:95:89:33:02:65:6D:84:69:2C:CE:B7:FA:68:8E:FE:8D:63:44:6B:02:03:01:00:01:02:40:59:6E:1C:13:98:FE:C1:04:89:75:35:36:27:29:22:B5:E0:7E:62:BD:86:6E:2C:10:7A:16:D8:68:C1:04:D4:A7:10:41:F7:B9:B4:84:05:03:A5:C0:28:73:24:A7:24:F1:1B:C3:4F:BF:05:20:D0:D9:00:08:7F:C3:29:64:1B:29:02:21:00:C4:63:4D:0C:32:51:44:AE:DD:90:A9:B7:B6:C2:6B:11:BE:D2:07:E7:B5:C2:4A:9F:4D:0F:2F:30:5F:E6:1C:6D:02:21:00:90:39:A4:2D:93:0B:08:AF:2F:6F:18:CC:1A:EF:B6:E6:01:E7:21:3A:7F:45:C7:3F:39:12:B8:CC:DF:44:2D:37:02:21:00:B3:9B:61:9E:B2:F2:12:4F:9E:C1:2C:06:A1:B5:A3:38:62:7D:31:CF:9F:32:67:0E:D3:E9:FC:2D:50:B7:61:ED:02:20:5B:FD:77:FB:5D:A3:97:09:6E:1E:D5:59:32:01:1D:CE:7C:FE:38:12:80:A5:38:1D:DA:40:57:C0:CC:D3:46:67:02:20:52:EC:61:05:0D:EC:8A:ED:F7:1E:95:67:D0:7C:8B:D9:AA:A5:33:B8:26:26:2E:8F:D7:A7:18:16:2A:83:63:5C";
private static String encryptedPKCS8 = "AE:20:81:4F:4D:38:73:C0:51:70:42:DA:C2:EF:61:49:07:E9:B5:D5:55:6D:D1:50:54:B2:0B:41:3E:2F:B6:00:BC:30:89:7B:32:A5:5F:B6:86:92:9E:06:6E:E2:40:8E:3E:E8:0B:CA:97:DB:3E:72:3E:03:22:34:35:EA:5F:B0:71:B2:07:BC:0D:97:94:0A:E6:12:9B:60:7A:77:D4:6C:99:60:2E:68:D6:55:BE:83:B8:A9:0F:19:8A:BE:91:30:D0:FE:52:94:5A:4C:D7:24:07:B3:61:EB:B5:4A:C6:6F:96:8A:C0:20:E9:73:40:FA:A2:56:04:F2:43:35:90:EA:35:C9:8C:08:9D:0B:BC:37:F0:01:D5:DF:BE:E4:4A:57:E0:13:0C:D5:F0:E8:5C:3B:B3:CD:7E:B5:E8:A5:84:63:F6:DA:3E:F2:CF:53:1F:A2:86:44:61:DD:AF:C1:78:70:3A:E6:06:41:77:6C:5B:8D:FA:C4:39:D7:4D:2F:87:D8:31:F4:B6:2B:94:D9:87:17:0E:C8:E3:FA:54:C8:B2:44:56:E0:37:5F:4C:5D:B2:21:DD:15:9E:94:63:89:CF:07:8C:79:F8:65:B2:22:45:D5:F0:2A:70:19:61:16:1D:52:5E:0C:35:3B:20:88:17:7E:FD:05:CC:08:09:2F:05:61:F7:A8:F5:EA:DE:77:DE:5D:55:4E:A0:36:A1:13:FF:2D:57:E8:4E:06:CE:C9:C1:B1:AE:C6:52:A6:EB:35:4C:81:91:DE:71:BA:34:DA:8A:99:1A:47:2E:66:52:AF:E3:2A:E4:0A:27:7F:72:C4:90:7E:8D:8F:64:8D:21:7E:00:DC:1C:62:0F:CC:96:80:C7:E5:5B:70:48:A5:E7:34:27:1A:7C:48:A7:9E:8B:2B:A6:E2";
private static String sha1EncryptedPKCS8 = "0D:CA:00:8F:64:91:9C:60:36:F5:9B:BD:DD:C5:A9:A2:27:9E:6B:AE:CB:23:0E:2F:DA:76:03:A5:B7:C0:D5:3E:B9:03:60:62:41:2C:D6:51:37:F0:D9:ED:B2:CC:E7:99:28:03:CD:20:5D:EC:56:77:FC:61:57:D7:8C:F3:F6:10:F7:E5:BA:88:04:FE:1A:17:B3:8C:36:BF:70:2D:CD:6F:BF:83:ED:03:41:22:95:68:E3:08:90:76:B5:97:CB:FF:CE:51:27:14:F6:38:00:22:E9:0F:86:9F:64:D2:47:34:F6:50:DA:A9:80:F5:67:BF:C7:51:B3:38:AF:CD:15:96:50:8F:33:F3:8B:43:4C:AF:ED:DD:37:03:EC:B1:CC:57:53:0A:AF:0D:53:CD:D7:2B:A2:20:C5:37:AF:09:78:8E:3F:A0:E4:EC:22:C6:71:EC:D1:42:15:9D:1D:E9:E3:9D:8F:D6:0B:2A:99:C9:C8:90:B1:CD:AB:17:DD:A3:6F:64:43:23:26:25:7B:A5:E0:1F:2E:AF:18:89:C8:D6:97:28:32:A1:01:22:6F:14:B6:6C:4E:8A:83:47:16:99:51:B4:8D:85:9E:AB:00:B5:18:BB:49:97:47:59:F8:A7:A8:64:76:3F:41:5F:71:1A:F3:4A:96:F2:B4:44:38:42:4B:AE:0F:08:83:5C:33:F8:6A:8F:B9:6A:3D:1C:06:02:4E:07:48:46:E0:6D:6D:ED:E8:19:CB:3F:B0:6F:10:68:3A:5E:F5:8F:94:EF:B4:8B:58:5F:50:0A:E5:F2:13:54:59:14:99:C5:74:02:A2:B1:73:16:7F:F2:D4:DE:E0:12:86:55:46:9C:57:D1:7A:5C:8B:46:E1:7E:C3:32:14:31:52:64:07:52:9D:65:04:9D:54:89";
private static String md5EncryptedPKCS8 = "AE:20:81:4F:4D:38:73:C0:51:70:42:DA:C2:EF:61:49:07:E9:B5:D5:55:6D:D1:50:54:B2:0B:41:3E:2F:B6:00:BC:30:89:7B:32:A5:5F:B6:86:92:9E:06:6E:E2:40:8E:3E:E8:0B:CA:97:DB:3E:72:3E:03:22:34:35:EA:5F:B0:71:B2:07:BC:0D:97:94:0A:E6:12:9B:60:7A:77:D4:6C:99:60:2E:68:D6:55:BE:83:B8:A9:0F:19:8A:BE:91:30:D0:FE:52:94:5A:4C:D7:24:07:B3:61:EB:B5:4A:C6:6F:96:8A:C0:20:E9:73:40:FA:A2:56:04:F2:43:35:90:EA:35:C9:8C:08:9D:0B:BC:37:F0:01:D5:DF:BE:E4:4A:57:E0:13:0C:D5:F0:E8:5C:3B:B3:CD:7E:B5:E8:A5:84:63:F6:DA:3E:F2:CF:53:1F:A2:86:44:61:DD:AF:C1:78:70:3A:E6:06:41:77:6C:5B:8D:FA:C4:39:D7:4D:2F:87:D8:31:F4:B6:2B:94:D9:87:17:0E:C8:E3:FA:54:C8:B2:44:56:E0:37:5F:4C:5D:B2:21:DD:15:9E:94:63:89:CF:07:8C:79:F8:65:B2:22:45:D5:F0:2A:70:19:61:16:1D:52:5E:0C:35:3B:20:88:17:7E:FD:05:CC:08:09:2F:05:61:F7:A8:F5:EA:DE:77:DE:5D:55:4E:A0:36:A1:13:FF:2D:57:E8:4E:06:CE:C9:C1:B1:AE:C6:52:A6:EB:35:4C:81:91:DE:71:BA:34:DA:8A:99:1A:47:2E:66:52:AF:E3:2A:E4:0A:27:7F:72:C4:90:7E:8D:8F:64:8D:21:7E:00:DC:1C:62:0F:CC:96:80:C7:E5:5B:70:48:A5:E7:34:27:1A:7C:48:A7:9E:8B:2B:A6:E2";
private static byte[] parse(String s) {
try {
@ -99,7 +103,7 @@ public class GetKeySpec {
throw new Exception("Static parameter generation failed");
}
byte[] encodedKey = parse(pkcs8Encoded);
byte[] encryptedData = parse(encryptedPKCS8);
byte[] encryptedData = parse(cipherAlg.contains("MD5") ? md5EncryptedPKCS8 : sha1EncryptedPKCS8);
boolean result = true;
Provider p = Security.getProvider(System.getProperty("test.provider.name", "SunJCE"));

View File

@ -28,6 +28,8 @@
* @summary Test the error conditions of
* EncryptedPrivateKeyInfo.getKeySpec(...) methods.
* @author Valerie Peng
* @run main/othervm -DcipherAlg=PBEWithMD5AndDES GetKeySpecException
* @run main/othervm -DcipherAlg=PBEWithSHA1AndDESede GetKeySpecException
*/
import java.security.*;
import java.util.Arrays;
@ -37,7 +39,7 @@ import javax.crypto.*;
import javax.crypto.spec.*;
public class GetKeySpecException {
private static final String cipherAlg = "PBEWithMD5AndDES";
private static String cipherAlg;
private static final char[] passwd = { 'p','a','s','s','w','d' };
private static SecretKey cipherKey;
private static Cipher cipher = null;
@ -50,6 +52,7 @@ public class GetKeySpecException {
static {
try {
cipherAlg = System.getProperty("cipherAlg");
sunjce = Security.getProvider(System.getProperty("test.provider.name", "SunJCE"));
PBEParameterSpec badParamSpec =
new PBEParameterSpec(new byte[10], 10);

View File

@ -28,6 +28,8 @@
* with wrong mode with EncryptedPrivateKeyInfo.getKeySpec
* (Cipher) method.
* @author Valerie Peng
* @run main GetKeySpecException2 PBEWithMD5AndDES
* @run main GetKeySpecException2 PBEWithSHA1AndDESede
*/
import java.security.*;
import java.util.Arrays;
@ -38,11 +40,10 @@ import javax.crypto.interfaces.PBEKey;
import javax.crypto.spec.*;
public class GetKeySpecException2 {
private static final String cipherAlg = "PBEWithMD5AndDES";
private static final char[] passwd = { 'p','a','s','s','w','d' };
public static void main(String[] argv) throws Exception {
public static void main(String[] args) throws Exception {
String cipherAlg = args[0];
// use random data
byte[] encryptedData = new byte[30];
encryptedData[20] = (byte) 8;

View File

@ -28,6 +28,8 @@
* methods with scenarios where the decrypted bytes are not
* encoded correctly per PKCS#8 standard.
* @author Valerie Peng
* @run main/othervm -DcipherAlg=PBEWithMD5AndDES GetKeySpecInvalidEncoding
* @run main/othervm -DcipherAlg=PBEWithSHA1AndDESede GetKeySpecInvalidEncoding
*/
import java.util.*;
import java.nio.*;
@ -39,12 +41,13 @@ import javax.crypto.*;
import javax.crypto.spec.*;
public class GetKeySpecInvalidEncoding {
private static final String cipherAlg = "PBEWithMD5AndDES";
private static String cipherAlg;
private static final char[] passwd = { 'p','a','s','s', 'w', 'd' };
private static AlgorithmParameters GOOD_PARAMS;
static {
try {
cipherAlg = System.getProperty("cipherAlg");
PBEParameterSpec goodParamSpec =
new PBEParameterSpec(new byte[8], 6);
GOOD_PARAMS = AlgorithmParameters.getInstance

View File

@ -26,6 +26,8 @@
* @bug 4898428
* @summary test that the new getInstance() implementation works correctly
* @author Andreas Sterbenz
* @run main TestGetInstance des
* @run main TestGetInstance aes
*/
import java.security.*;
@ -47,12 +49,13 @@ public class TestGetInstance {
KeyGenerator kg;
kg = KeyGenerator.getInstance("des");
String algo = args[0];
kg = KeyGenerator.getInstance(algo);
System.out.println("Default: " + kg.getProvider().getName());
kg = KeyGenerator.getInstance("des",
kg = KeyGenerator.getInstance(algo,
System.getProperty("test.provider.name", "SunJCE"));
same(p, kg.getProvider());
kg = KeyGenerator.getInstance("des", p);
kg = KeyGenerator.getInstance(algo, p);
same(p, kg.getProvider());
try {

View File

@ -27,6 +27,8 @@
* @summary Test the Mac.update(ByteBuffer) method
* @author Andreas Sterbenz
* @key randomness
* @run main ByteBuffers HmacMD5
* @run main ByteBuffers HmacSha256
*/
import java.util.*;
@ -46,11 +48,12 @@ public class ByteBuffers {
byte[] t = new byte[n];
random.nextBytes(t);
String algo = args[0];
byte[] keyBytes = new byte[16];
random.nextBytes(keyBytes);
SecretKey key = new SecretKeySpec(keyBytes, "HmacMD5");
SecretKey key = new SecretKeySpec(keyBytes, algo);
Mac mac = Mac.getInstance("HmacMD5");
Mac mac = Mac.getInstance(algo);
mac.init(key);
byte[] macValue = mac.doFinal(t);

View File

@ -26,6 +26,8 @@
* @bug 4898428
* @summary test that the new getInstance() implementation works correctly
* @author Andreas Sterbenz
* @run main TestGetInstance hmacmd5
* @run main TestGetInstance hmacsha256
*/
import java.security.*;
@ -47,11 +49,12 @@ public class TestGetInstance {
Mac mac;
mac = Mac.getInstance("hmacmd5");
String algo = args[0];
mac = Mac.getInstance(algo);
System.out.println("Default: " + mac.getProvider().getName());
mac = Mac.getInstance("hmacmd5", System.getProperty("test.provider.name", "SunJCE"));
mac = Mac.getInstance(algo, System.getProperty("test.provider.name", "SunJCE"));
same(p, mac.getProvider());
mac = Mac.getInstance("hmacmd5", p);
mac = Mac.getInstance(algo, p);
same(p, mac.getProvider());
try {

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,7 +30,8 @@
* java.base/sun.security.util
* java.base/sun.security.x509
* @compile -XDignore.symbol.file PKCS10AttrEncoding.java
* @run main PKCS10AttrEncoding
* @run main PKCS10AttrEncoding DSA 512
* @run main PKCS10AttrEncoding Sha256withDSA 2048
*/
import java.security.KeyPair;
import java.security.KeyPairGenerator;
@ -69,11 +70,13 @@ public class PKCS10AttrEncoding {
constructedMap.put(ids[j], values[j]);
}
String kpgAlgorithm = "DSA";
X500Name subject = new X500Name("cn=Test");
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
String sigAlg = "DSA";
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(kpgAlgorithm);
String sigAlg = args[0];
int keySize = Integer.parseInt(args[1]);
keyGen.initialize(512);
keyGen.initialize(keySize);
KeyPair pair = keyGen.generateKeyPair();
X509Key publicKey = (X509Key) pair.getPublic();

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,7 +29,8 @@
* @modules java.base/sun.security.pkcs
* java.base/sun.security.util
* java.base/sun.security.x509
* @run main SignerOrder
* @run main SignerOrder default 1024
* @run main SignerOrder Sha256 2048
*/
import java.io.IOException;
import java.math.BigInteger;
@ -62,20 +63,21 @@ public class SignerOrder {
static final byte[] data1 = "12345".getBytes();
static final byte[] data2 = "abcde".getBytes();
public static void main(String[] argv) throws Exception {
public static void main(String[] args) throws Exception {
String digestAlg = "default".equals(args[0]) ? null : args[0];
int keySize = Integer.parseInt(args[1]);
SignerInfo[] signerInfos = new SignerInfo[9];
SimpleSigner signer1 = new SimpleSigner(null, null, null, null);
SimpleSigner signer1 = new SimpleSigner(digestAlg, null, null, null, keySize);
signerInfos[8] = signer1.genSignerInfo(data1);
signerInfos[7] = signer1.genSignerInfo(new byte[]{});
signerInfos[6] = signer1.genSignerInfo(data2);
SimpleSigner signer2 = new SimpleSigner(null, null, null, null);
SimpleSigner signer2 = new SimpleSigner(digestAlg, null, null, null, keySize);
signerInfos[5] = signer2.genSignerInfo(data1);
signerInfos[4] = signer2.genSignerInfo(new byte[]{});
signerInfos[3] = signer2.genSignerInfo(data2);
SimpleSigner signer3 = new SimpleSigner(null, null, null, null);
SimpleSigner signer3 = new SimpleSigner(digestAlg, null, null, null, keySize);
signerInfos[2] = signer3.genSignerInfo(data1);
signerInfos[1] = signer3.genSignerInfo(new byte[]{});
signerInfos[0] = signer3.genSignerInfo(data2);
@ -156,28 +158,33 @@ class SimpleSigner {
public SimpleSigner(String digestAlg,
String encryptionAlg,
KeyPair keyPair,
X500Name agent) throws Exception {
X500Name agent,
int keySize) throws Exception {
String signAlgoDigest;
if (agent == null) {
agent = new X500Name("cn=test");
}
if (digestAlg == null) {
digestAlg = "SHA";
}
if (encryptionAlg == null) {
encryptionAlg = "DSA";
}
if (digestAlg == null) {
digestAlg = "SHA";
signAlgoDigest = encryptionAlg;
} else {
signAlgoDigest = digestAlg + "with" + encryptionAlg;
}
if (keyPair == null) {
KeyPairGenerator keyGen =
KeyPairGenerator.getInstance(encryptionAlg);
keyGen.initialize(1024);
keyGen.initialize(keySize);
keyPair = keyGen.generateKeyPair();
}
publicKey = (X509Key) keyPair.getPublic();
privateKey = keyPair.getPrivate();
if ("DSA".equals(encryptionAlg)) {
this.sig = Signature.getInstance(encryptionAlg);
this.sig = Signature.getInstance(signAlgoDigest);
} else { // RSA
this.sig = Signature.getInstance(digestAlg + "/" + encryptionAlg);
}

View File

@ -86,9 +86,10 @@ public class TestKeyPairGenerator {
}
// regression test for 4865198
private static void testInvalidSignature(KeyPair kp1, KeyPair kp2) throws Exception {
private static void testInvalidSignature(KeyPair kp1, KeyPair kp2, String signAlgo)
throws Exception {
System.out.println("Testing signature with incorrect key...");
Signature sig = Signature.getInstance("MD5withRSA", provider);
Signature sig = Signature.getInstance(signAlgo, provider);
sig.initSign(kp1.getPrivate());
byte[] data = new byte[100];
sig.update(data);
@ -153,9 +154,14 @@ public class TestKeyPairGenerator {
}
test(privateKey, publicKey);
}
testInvalidSignature(keyPairs[0], keyPairs[1]);
testInvalidSignature(keyPairs[0], keyPairs[2]);
testInvalidSignature(keyPairs[2], keyPairs[0]);
String md5Algo = "MD5withRSA";
String sha256Algo = "Sha256withRSA";
testInvalidSignature(keyPairs[0], keyPairs[1], md5Algo);
testInvalidSignature(keyPairs[0], keyPairs[2], md5Algo);
testInvalidSignature(keyPairs[2], keyPairs[0], md5Algo);
testInvalidSignature(keyPairs[0], keyPairs[1], sha256Algo);
testInvalidSignature(keyPairs[0], keyPairs[2], sha256Algo);
testInvalidSignature(keyPairs[2], keyPairs[0], sha256Algo);
long stop = System.currentTimeMillis();
System.out.println("All tests passed (" + (stop - start) + " ms).");
}

View File

@ -29,18 +29,23 @@ import jdk.test.lib.security.SecurityUtils;
* @bug 8205445
* @library /test/lib
* @summary Make sure old state is cleared when init is called again
* @run main InitAgain default
* @run main InitAgain SHA-256
*/
public class InitAgain {
public static void main(String[] args) throws Exception {
String mdName = args[0];
PSSParameterSpec pssParamSpec = "default".equals(mdName) ? PSSParameterSpec.DEFAULT :
new PSSParameterSpec(mdName, "MGF1", new MGF1ParameterSpec(mdName), 20, 1);
byte[] msg = "hello".getBytes();
Signature s1 = Signature.getInstance("RSASSA-PSS");
Signature s2 = Signature.getInstance("RSASSA-PSS");
s1.setParameter(PSSParameterSpec.DEFAULT);
s2.setParameter(PSSParameterSpec.DEFAULT);
s1.setParameter(pssParamSpec);
s2.setParameter(pssParamSpec);
String kpgAlgorithm = "RSA";
KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm);

View File

@ -68,6 +68,7 @@ import java.security.NoSuchAlgorithmException;
import java.util.*;
import java.security.cert.X509Certificate;
import jdk.test.lib.util.FileUtils;
import jdk.test.lib.security.SecurityUtils;
import sun.security.util.ObjectIdentifier;
@ -103,6 +104,8 @@ public class KeyToolTest {
"-srcproviderName SunPKCS11-nzz " +
"-addprovider SunPKCS11 " +
"-providerArg p11-nzz.txt ";
private static final int KEY_LENGTH_DSA = SecurityUtils.getTestKeySize("DSA");
private static final int KEY_LENGTH_RSA = SecurityUtils.getTestKeySize("RSA");
String p11Arg, srcP11Arg;
@ -192,7 +195,7 @@ public class KeyToolTest {
// SunPKCS11-NSS does not support SHA256withDSA yet.
if (cmd.contains("p11-nss.txt") && cmd.contains("-genkey")
&& cmd.contains("DSA")) {
cmd += " -sigalg SHA1withDSA -keysize 1024";
cmd += " -sigalg SHA256withDSA -keysize " + KEY_LENGTH_DSA;
}
test(input, cmd);
} catch(Exception e) {
@ -955,6 +958,9 @@ public class KeyToolTest {
// sig not compatible
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -selfcert -sigalg MD5withRSA");
// sig not compatible
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -selfcert -sigalg SHA256withRSA");
// bad pass
testFail("", "-keystore x.jks -storetype JKS -storepass wrong " +
"-keypass changeit -selfcert");
@ -1062,10 +1068,10 @@ public class KeyToolTest {
"-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 999 " +
"-alias n5");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 512 " +
"-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 2048 " +
"-alias n6");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 1024 " +
"-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 3072 " +
"-alias n7");
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -genkeypair -keyalg DSA -dname CN=olala " +
@ -1076,6 +1082,9 @@ public class KeyToolTest {
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " +
"-sigalg MD5withRSA -alias n10");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " +
"-sigalg SHA256withRSA -alias n10-1");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " +
"-sigalg SHA1withRSA -alias n11");
@ -1152,16 +1161,20 @@ public class KeyToolTest {
remove("csr1");
// PrivateKeyEntry can do certreq
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 1024");
"-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize " +
KEY_LENGTH_DSA);
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-certreq -file csr1 -alias mykey");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-certreq -file csr1");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-certreq -file csr1 -sigalg SHA1withDSA");
// unmatched sigalg
"-certreq -file csr1 -sigalg SHA256withDSA");
// unmatched md5
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-certreq -file csr1 -sigalg MD5withRSA");
// unmatched sha
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-certreq -file csr1 -sigalg SHA256withRSA");
// misc test
// bad storepass
testFail("", "-keystore x.jks -storetype JKS -storepass badstorepass " +
@ -1192,9 +1205,9 @@ public class KeyToolTest {
"-certreq -file csr1");
// unmatched sigalg
testFail("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-certreq -file csr1 -sigalg SHA1withDSA");
"-certreq -file csr1 -sigalg SHA256withDSA");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-certreq -file csr1 -sigalg MD5withRSA");
"-certreq -file csr1 -sigalg SHA256withRSA");
// TrustedCertificateEntry cannot do certreq
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-exportcert -file x.jks.p1.cert");
@ -1222,6 +1235,9 @@ public class KeyToolTest {
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -genkeypair -dname CN=weak -keyalg rsa " +
"-keysize 512 -sigalg MD5withRSA -alias myweakkey");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-keypass changeit -genkeypair -dname CN=weak -keyalg rsa -keysize " +
KEY_LENGTH_RSA + " -sigalg SHA256withRSA -alias myweakkey-sha");
testOK("", "-keystore x.jks -storetype JKS -storepass changeit " +
"-export -file myweakkey.cert -alias myweakkey");
testFail("", "-printcert -file badkeystore");
@ -1673,31 +1689,32 @@ public class KeyToolTest {
remove("x.jks");
testOK("", "-help");
// 2. keytool -genkey -keyalg DSA -v -keysize 512 Enter "a" for the keystore
// 2. keytool -genkey -keyalg DSA -v -keysize <strongKeySize> Enter "a" for the keystore
// password. Check error (password too short). Enter "password" for
// the keystore password. Hit 'return' for "first and last name",
// "organizational unit", "City", "State", and "Country Code".
// Type "yes" when they ask you if everything is correct.
// Type 'return' for new key password.
testOK("a\npassword\npassword\nMe\nHere\nNow\nPlace\nPlace\nUS\nyes\n\n",
"-genkey -keyalg DSA -v -keysize 512 -keystore x.jks -storetype JKS");
"-genkey -keyalg DSA -v -keysize " + KEY_LENGTH_DSA + " -keystore x.jks " +
"-storetype JKS");
// 3. keytool -list -v -storepass password
testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS");
// 4. keytool -list -v Type "a" for the keystore password.
// Check error (wrong keystore password).
testFail("a\n", "-list -v -keystore x.jks -storetype JKS");
assertTrue(ex.indexOf("password was incorrect") != -1);
// 5. keytool - -keyalg DSA -v -keysize 512 Enter "password" as the password.
// 5. keytool - -keyalg DSA -v -keysize <strongKeySize> Enter "password" as the password.
// Check error (alias 'mykey' already exists).
testFail("password\n", "-genkey -keyalg DSA -v -keysize 512" +
testFail("password\n", "-genkey -keyalg DSA -v -keysize " + KEY_LENGTH_DSA +
" -keystore x.jks -storetype JKS");
assertTrue(ex.indexOf("alias <mykey> already exists") != -1);
// 6. keytool -genkey -keyalg DSA -v -keysize 512 -alias mykey2 -storepass password
// 6. keytool -genkey -keyalg DSA -v -keysize <strongKeySize> -alias mykey2 -storepass password
// Hit 'return' for "first and last name", "organizational unit", "City",
// "State", and "Country Code". Type "yes" when they ask you if
// everything is correct. Type 'return' for new key password.
testOK("\n\n\n\n\n\nyes\n\n", "-genkey -keyalg DSA -v -keysize 512 -alias mykey2" +
" -storepass password -keystore x.jks -storetype JKS");
testOK("\n\n\n\n\n\nyes\n\n", "-genkey -keyalg DSA -v -keysize " + KEY_LENGTH_DSA +
" -alias mykey2 -storepass password -keystore x.jks -storetype JKS");
// 7. keytool -list -v Type 'password' for the store password.
testOK("password\n", "-list -v -keystore x.jks -storetype JKS");
// 8. keytool -keypasswd -v -alias mykey2 -storepass password
@ -1777,7 +1794,7 @@ public class KeyToolTest {
// 1. sccs edit cert8.db key3.db
//Runtime.getRuntime().exec("/usr/bin/sccs edit cert8.db key3.db");
testOK("", p11Arg + ("-storepass test12 -genkey -alias genkey" +
" -dname cn=genkey -keysize 512 -keyalg rsa"));
" -dname cn=genkey -keysize " + KEY_LENGTH_RSA + " -keyalg rsa"));
testOK("", p11Arg + "-storepass test12 -list");
testOK("", p11Arg + "-storepass test12 -list -alias genkey");
testOK("", p11Arg +