stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8144539: Update PKCS11 tests to run with security manager

Browse Source 
Reviewed-by: valeriep, ascarpino
This commit is contained in:
Artem Smotrakov 2016-01-26 13:32:07 -08:00
parent b9687e112e
commit ff74b29304
66 changed files with 1301 additions and 834 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
jdk/test/sun/security/pkcs11/Cipher/ReinitCipher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,21 +28,22 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
* @run main/othervm ReinitCipher
* @run main/othervm ReinitCipher sm
*/
import java.util.*;
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.Provider;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
public class ReinitCipher extends PKCS11Test {
public static void main(String[] args) throws Exception {
main(new ReinitCipher());
main(new ReinitCipher(), args);
}
@Override
public void main(Provider p) throws Exception {
if (p.getService("Cipher", "ARCFOUR") == null) {
System.out.println("Not supported by provider, skipping");

26
jdk/test/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,16 +27,18 @@
* @summary Test internal PKCS5Padding impl with various error conditions.
* @author Valerie Peng
* @library ..
* @run main/othervm TestPKCS5PaddingError
* @run main/othervm TestPKCS5PaddingError sm
*/
import java.io.*;
import java.nio.*;
import java.util.*;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
import java.security.AlgorithmParameters;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
public class TestPKCS5PaddingError extends PKCS11Test {
private static class CI { // class for holding Cipher Information
@ -62,10 +64,8 @@ public class TestPKCS5PaddingError extends PKCS11Test {
private static StringBuffer debugBuf = new StringBuffer();
@Override
public void main(Provider p) throws Exception {
boolean status = true;
Random random = new Random();
try {
byte[] plainText = new byte[200];
@ -127,6 +127,6 @@ public class TestPKCS5PaddingError extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestPKCS5PaddingError());
main(new TestPKCS5PaddingError(), args);
}
}

24
jdk/test/sun/security/pkcs11/Cipher/TestRSACipher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,20 +28,28 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
* @run main/othervm TestRSACipher
* @run main/othervm TestRSACipher sm
*/
import java.io.*;
import java.util.*;
import java.security.*;
import javax.crypto.*;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Random;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
public class TestRSACipher extends PKCS11Test {
private static final String[] RSA_ALGOS =
{ "RSA/ECB/PKCS1Padding", "RSA" };
@Override
public void main(Provider p) throws Exception {
try {
Cipher.getInstance(RSA_ALGOS[0], p);
@ -122,7 +130,7 @@ public class TestRSACipher extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestRSACipher());
main(new TestRSACipher(), args);
}
}

22
jdk/test/sun/security/pkcs11/Cipher/TestRSACipherWrap.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,13 +27,20 @@
* @summary basic test for RSA cipher key wrapping functionality
* @author Valerie Peng
* @library ..
* @run main/othervm TestRSACipherWrap
* @run main/othervm TestRSACipherWrap sm
*/
import java.io.*;
import java.util.*;
import java.security.*;
import javax.crypto.*;
import java.security.GeneralSecurityException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
public class TestRSACipherWrap extends PKCS11Test {
@ -41,6 +48,7 @@ public class TestRSACipherWrap extends PKCS11Test {
private static final String[] RSA_ALGOS =
{ "RSA/ECB/PKCS1Padding", "RSA" };
@Override
public void main(Provider p) throws Exception {
try {
Cipher.getInstance(RSA_ALGOS[0], p);
@ -104,6 +112,6 @@ public class TestRSACipherWrap extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestRSACipherWrap());
main(new TestRSACipherWrap(), args);
}
}

19
jdk/test/sun/security/pkcs11/Cipher/TestRawRSACipher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,16 +28,21 @@
* @author Valerie Peng
* @library ..
* @key randomness
* @run main/othervm TestRawRSACipher
* @run main/othervm TestRawRSACipher sm
*/
import javax.crypto.*;
import java.io.*;
import javax.crypto.spec.SecretKeySpec;
import java.security.*;
import java.util.*;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.util.Arrays;
import java.util.Random;
import javax.crypto.Cipher;
public class TestRawRSACipher extends PKCS11Test {
@Override
public void main(Provider p) throws Exception {
try {
Cipher.getInstance("RSA/ECB/NoPadding", p);
@ -80,6 +85,6 @@ public class TestRawRSACipher extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestRawRSACipher());
main(new TestRawRSACipher(), args);
}
}

24
jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,16 +28,19 @@
* @author Valerie Peng
* @library ..
* @key randomness
* @run main/othervm TestSymmCiphers
* @run main/othervm TestSymmCiphers sm
*/
import java.io.*;
import java.nio.*;
import java.util.*;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
import java.io.ByteArrayOutputStream;
import java.nio.ByteBuffer;
import java.security.AlgorithmParameters;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
public class TestSymmCiphers extends PKCS11Test {
@ -81,6 +84,7 @@ public class TestSymmCiphers extends PKCS11Test {
};
private static StringBuffer debugBuf = new StringBuffer();
@Override
public void main(Provider p) throws Exception {
// NSS reports CKR_DEVICE_ERROR when the data passed to
// its EncryptUpdate/DecryptUpdate is not multiple of blocks
@ -272,6 +276,6 @@ public class TestSymmCiphers extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestSymmCiphers());
main(new TestSymmCiphers(), args);
}
}

28
jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,17 +28,22 @@
* @author Valerie Peng
* @library ..
* @key randomness
* @run main/othervm TestSymmCiphersNoPad
* @run main/othervm TestSymmCiphersNoPad sm
*/
import java.io.*;
import java.nio.*;
import java.util.*;
import java.security.*;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.AlgorithmParameters;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
public class TestSymmCiphersNoPad extends PKCS11Test {
@ -67,6 +72,7 @@ public class TestSymmCiphersNoPad extends PKCS11Test {
private static StringBuffer debugBuf;
@Override
public void main(Provider p) throws Exception {
boolean status = true;
Random random = new Random();
@ -234,6 +240,6 @@ public class TestSymmCiphersNoPad extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestSymmCiphersNoPad());
main(new TestSymmCiphersNoPad(), args);
}
}

24
jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,17 +27,20 @@
* @summary Verify that DH works properly
* @author Andreas Sterbenz
* @library ..
* @run main/othervm TestDH
* @run main/othervm TestDH sm
*/
import java.io.*;
import java.util.*;
import java.security.*;
import javax.crypto.*;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.util.Arrays;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
public class TestDH extends PKCS11Test {
@Override
public void main(Provider p) throws Exception {
if (p.getService("KeyAgreement", "DH") == null) {
System.out.println("DH not supported, skipping");
@ -91,8 +94,9 @@ public class TestDH extends PKCS11Test {
testAlgorithm(ka2, kp2, ka1, kp1, "TlsPremasterSecret");
}
private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1, KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception {
SecretKey key1 = null;
private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1,
KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception {
SecretKey key1;
ka1.init(kp1.getPrivate());
ka1.doPhase(kp2.getPublic(), true);
@ -115,7 +119,7 @@ public class TestDH extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestDH());
main(new TestDH(), args);
}
}

21
jdk/test/sun/security/pkcs11/KeyAgreement/TestInterop.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -26,14 +26,18 @@
* @bug 7146728
* @summary Interop test for DH with secret that has a leading 0x00 byte
* @library ..
* @run main/othervm TestInterop
* @run main/othervm TestInterop sm
*/
import java.math.BigInteger;
import java.util.*;
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.util.Arrays;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.DHPrivateKeySpec;
import javax.crypto.spec.DHPublicKeySpec;
public class TestInterop extends PKCS11Test {
@ -72,6 +76,7 @@ public class TestInterop extends PKCS11Test {
+ "30313414180008978013330410484011186019824874948204261839391153650949864"
+ "429505597086564709");
@Override
public void main(Provider prov) throws Exception {
if (prov.getService("KeyAgreement", "DH") == null) {
System.out.println("DH not supported, skipping");
@ -138,6 +143,6 @@ public class TestInterop extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestInterop());
main(new TestInterop(), args);
}
}

21
jdk/test/sun/security/pkcs11/KeyAgreement/TestShort.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,15 +27,19 @@
* @summary KAT test for DH (normal and with secret that has leading a 0x00 byte)
* @author Andreas Sterbenz
* @library ..
* @run main/othervm TestShort
* @run main/othervm TestShort sm
*/
import java.math.BigInteger;
import java.util.*;
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.util.Arrays;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.DHPrivateKeySpec;
import javax.crypto.spec.DHPublicKeySpec;
public class TestShort extends PKCS11Test {
@ -83,6 +87,7 @@ public class TestShort extends PKCS11Test {
+ "1a:6a:15:d8:a4:8c:0a:ce:f0:15:03:0c:c2:56:82:a2:75:9b:49:fe:ed:60:c5:6e"
+ ":de:47:55:62:4f:16:20:6d:74:cc:7b:95:93:25:2c:ea");
@Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyAgreement", "DH") == null) {
System.out.println("DH not supported, skipping");
@ -142,7 +147,7 @@ public class TestShort extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestShort());
main(new TestShort(), args);
}
}

22
jdk/test/sun/security/pkcs11/KeyGenerator/DESParity.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,19 +28,21 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
* @run main/othervm DESParity
* @run main/othervm DESParity sm
*/
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.Provider;
import java.util.Random;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class DESParity extends PKCS11Test {
@Override
public void main(Provider p) throws Exception {
if (p.getService("SecretKeyFactory", "DES") == null) {
System.out.println("Not supported by provider, skipping");
@ -73,7 +75,7 @@ public class DESParity extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new DESParity());
main(new DESParity(), args);
}
}

18
jdk/test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,13 +27,16 @@
* @summary test the KeyGenerator
* @author Andreas Sterbenz
* @library ..
* @run main/othervm TestKeyGenerator
* @run main/othervm TestKeyGenerator sm
*/
import java.util.*;
import java.security.*;
import javax.crypto.*;
import java.security.InvalidParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.ProviderException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
enum TestResult {
PASS,
@ -44,7 +47,7 @@ enum TestResult {
public class TestKeyGenerator extends PKCS11Test {
public static void main(String[] args) throws Exception {
main(new TestKeyGenerator());
main(new TestKeyGenerator(), args);
}
private TestResult test(String algorithm, int keyLen, Provider p,
@ -85,6 +88,7 @@ public class TestKeyGenerator extends PKCS11Test {
return actual;
}
@Override
public void main(Provider p) throws Exception {
test("DES", 0, p, TestResult.FAIL);
test("DES", 56, p, TestResult.PASS); // ensure JCE-Compatibility

17
jdk/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,14 +27,14 @@
* @summary Ensure that 2048-bit DH key pairs can be generated
* @author Valerie Peng
* @library ..
* @run main/othervm TestDH2048
* @run main/othervm TestDH2048 sm
*/
import java.io.*;
import java.util.*;
import java.security.*;
import javax.crypto.*;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
public class TestDH2048 extends PKCS11Test {
@ -47,6 +47,7 @@ public class TestDH2048 extends PKCS11Test {
}
}
@Override
public void main(Provider p) throws Exception {
if (p.getService("KeyPairGenerator", "DH") == null) {
System.out.println("KPG for DH not supported, skipping");
@ -61,6 +62,6 @@ public class TestDH2048 extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestDH2048());
main(new TestDH2048(), args);
}
}

7
jdk/test/sun/security/pkcs11/Mac/MacKAT.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -36,7 +36,8 @@ import javax.crypto.spec.SecretKeySpec;
* @summary Basic known-answer-test for Hmac algorithms
* @author Andreas Sterbenz
* @library ..
* @run main MacKAT
* @run main/othervm MacKAT
* @run main/othervm MacKAT sm
*/
public class MacKAT extends PKCS11Test {
@ -178,7 +179,7 @@ public class MacKAT extends PKCS11Test {
};
public static void main(String[] args) throws Exception {
main(new MacKAT());
main(new MacKAT(), args);
}
@Override

7
jdk/test/sun/security/pkcs11/Mac/MacSameTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -36,7 +36,8 @@ import javax.crypto.spec.SecretKeySpec;
* @summary Check if doFinal and update operation result in same Mac
* @author Yu-Ching Valerie Peng, Bill Situ, Alexander Fomin
* @library ..
* @run main MacSameTest
* @run main/othervm MacSameTest
* @run main/othervm MacSameTest sm
* @key randomness
*/
public class MacSameTest extends PKCS11Test {
@ -57,7 +58,7 @@ public class MacSameTest extends PKCS11Test {
* @param args the command line arguments
*/
public static void main(String[] args) throws Exception {
main(new MacSameTest());
main(new MacSameTest(), args);
}
@Override

17
jdk/test/sun/security/pkcs11/Mac/ReinitMac.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,21 +28,22 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
* @run main/othervm ReinitMac
* @run main/othervm ReinitMac sm
*/
import java.util.*;
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.Provider;
import java.util.Random;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
public class ReinitMac extends PKCS11Test {
public static void main(String[] args) throws Exception {
main(new ReinitMac());
main(new ReinitMac(), args);
}
@Override
public void main(Provider p) throws Exception {
if (p.getService("Mac", "HmacMD5") == null) {
System.out.println(p + " does not support HmacMD5, skipping");

16
jdk/test/sun/security/pkcs11/MessageDigest/ByteBuffers.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,19 +28,23 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
* @run main/othervm ByteBuffers
* @run main/othervm ByteBuffers sm
*/
import java.util.*;
import java.nio.*;
import java.security.*;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.security.Provider;
import java.util.Arrays;
import java.util.Random;
public class ByteBuffers extends PKCS11Test {
public static void main(String[] args) throws Exception {
main(new ByteBuffers());
main(new ByteBuffers(), args);
}
@Override
public void main(Provider p) throws Exception {
if (p.getService("MessageDigest", "MD5") == null) {
System.out.println("Provider does not support MD5, skipping");

21
jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,19 +27,23 @@
* @summary Basic known-answer-test for all our MessageDigest algorithms
* @author Andreas Sterbenz
* @library ..
* @run main/othervm DigestKAT
* @run main/othervm DigestKAT sm
*/
import java.io.*;
import java.util.*;
import java.security.*;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.MessageDigest;
import java.security.Provider;
import java.util.Arrays;
public class DigestKAT extends PKCS11Test {
private final static char[] hexDigits = "0123456789abcdef".toCharArray();
public static String toString(byte[] b) {
StringBuffer sb = new StringBuffer(b.length * 3);
StringBuilder sb = new StringBuilder(b.length * 3);
for (int i = 0; i < b.length; i++) {
int k = b[i] & 0xff;
if (i != 0) {
@ -106,6 +110,7 @@ public class DigestKAT extends PKCS11Test {
this.data = data;
this.digest = digest;
}
@Override
void run(Provider p) throws Exception {
if (p.getService("MessageDigest", alg) == null) {
System.out.println("Skipped " + alg);
@ -123,7 +128,6 @@ public class DigestKAT extends PKCS11Test {
System.out.println("out: " + DigestKAT.toString(myDigest));
throw new Exception("Digest test for " + alg + " failed");
}
// System.out.println("Passed " + alg);
}
}
@ -221,12 +225,13 @@ public class DigestKAT extends PKCS11Test {
System.out.println("Done (" + (stop - start) + " ms).");
}
@Override
public void main(Provider p) throws Exception{
runTests(tests, p);
}
public static void main(String[] args) throws Exception {
main(new DigestKAT());
main(new DigestKAT(), args);
}
}

14
jdk/test/sun/security/pkcs11/MessageDigest/ReinitDigest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,18 +28,22 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
* @run main/othervm ReinitDigest
* @run main/othervm ReinitDigest sm
*/
import java.util.*;
import java.security.*;
import java.security.MessageDigest;
import java.security.Provider;
import java.util.Arrays;
import java.util.Random;
public class ReinitDigest extends PKCS11Test {
public static void main(String[] args) throws Exception {
main(new ReinitDigest());
main(new ReinitDigest(), args);
}
@Override
public void main(Provider p) throws Exception {
if (p.getService("MessageDigest", "MD5") == null) {
System.out.println("Provider does not support MD5, skipping");

14
jdk/test/sun/security/pkcs11/MessageDigest/TestCloning.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,11 +28,14 @@
* @author Valerie Peng
* @library ..
* @key randomness
* @run main/othervm TestCloning
* @run main/othervm TestCloning sm
*/
import java.util.*;
import java.security.*;
import java.security.MessageDigest;
import java.security.Provider;
import java.util.Arrays;
import java.util.Random;
public class TestCloning extends PKCS11Test {
@ -41,13 +44,14 @@ public class TestCloning extends PKCS11Test {
};
public static void main(String[] args) throws Exception {
main(new TestCloning());
main(new TestCloning(), args);
}
private static final byte[] data1 = new byte[10];
private static final byte[] data2 = new byte[10*1024];
@Override
public void main(Provider p) throws Exception {
Random r = new Random();
byte[] data1 = new byte[10];

174
jdk/test/sun/security/pkcs11/PKCS11Test.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -24,15 +24,38 @@
// common infrastructure for SunPKCS11 tests
import java.io.*;
import java.util.*;
import java.security.*;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPairGenerator;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.ServiceLoader;
import java.util.Set;
public abstract class PKCS11Test {
private boolean enableSM = false;
static final Properties props = System.getProperties();
static final String PKCS11 = "PKCS11";
// directory of the test source
@ -40,7 +63,8 @@ public abstract class PKCS11Test {
static final char SEP = File.separatorChar;
private final static String REL_CLOSED = "../../../../closed/sun/security/pkcs11".replace('/', SEP);
private static final String DEFAULT_POLICY =
BASE + SEP + ".." + SEP + "policy";
// directory corresponding to BASE in the /closed hierarchy
static final String CLOSED_BASE;
@ -53,6 +77,9 @@ public abstract class PKCS11Test {
String p1 = absBase.substring(0, k + 6);
String p2 = absBase.substring(k + 5);
CLOSED_BASE = p1 + "closed" + p2;
// set it as a system property to make it available in policy file
System.setProperty("closed.base", CLOSED_BASE);
}
static String NSPR_PREFIX = "";
@ -86,7 +113,7 @@ public abstract class PKCS11Test {
if (p.getName().equals("SunPKCS11")) {
found = true;
break;
};
}
} catch (Exception e) {
// ignore and move on to the next one
}
@ -103,6 +130,19 @@ public abstract class PKCS11Test {
pkcs11 = p;
}
/*
* Use Solaris SPARC 11.2 or later to avoid an intermittent failure
* when running SunPKCS11-Solaris (8044554)
*/
static boolean isBadSolarisSparc(Provider p) {
if ("SunPKCS11-Solaris".equals(p.getName()) && badSolarisSparc) {
System.out.println("SunPKCS11-Solaris provider requires " +
"Solaris SPARC 11.2 or later, skipping");
return true;
}
return false;
}
// Return a SunPKCS11 provider configured with the specified config file
static Provider getSunPKCS11(String config) throws Exception {
if (pkcs11 == null) {
@ -114,15 +154,43 @@ public abstract class PKCS11Test {
public abstract void main(Provider p) throws Exception;
private void premain(Provider p) throws Exception {
long start = System.currentTimeMillis();
System.out.println("Running test with provider " + p.getName() + "...");
main(p);
long stop = System.currentTimeMillis();
System.out.println("Completed test with provider " + p.getName() +
" (" + (stop - start) + " ms).");
// set a security manager and policy before a test case runs,
// and disable them after the test case finished
try {
if (enableSM) {
System.setSecurityManager(new SecurityManager());
}
long start = System.currentTimeMillis();
System.out.printf(
"Running test with provider %s (security manager %s) ...%n",
p.getName(), enableSM ? "enabled" : "disabled");
main(p);
long stop = System.currentTimeMillis();
System.out.println("Completed test with provider " + p.getName() +
" (" + (stop - start) + " ms).");
} finally {
if (enableSM) {
System.setSecurityManager(null);
}
}
}
public static void main(PKCS11Test test) throws Exception {
main(test, null);
}
public static void main(PKCS11Test test, String[] args) throws Exception {
if (args != null) {
if (args.length > 0 && "sm".equals(args[0])) {
test.enableSM = true;
}
if (test.enableSM) {
System.setProperty("java.security.policy",
(args.length > 1) ? BASE + SEP + args[1]
: DEFAULT_POLICY);
}
}
Provider[] oldProviders = Security.getProviders();
try {
System.out.println("Beginning test run " + test.getClass().getName() + "...");
@ -218,7 +286,6 @@ public abstract class PKCS11Test {
}
static String getNSSLibDir(String library) throws Exception {
Properties props = System.getProperties();
String osName = props.getProperty("os.name");
if (osName.startsWith("Win")) {
osName = "Windows";
@ -249,6 +316,15 @@ public abstract class PKCS11Test {
return nssLibDir;
}
static boolean isBadNSSVersion(Provider p) {
if (isNSS(p) && badNSSVersion) {
System.out.println("NSS 3.11 has a DER issue that recent " +
"version do not.");
return true;
}
return false;
}
protected static void safeReload(String lib) throws Exception {
try {
System.load(lib);
@ -317,34 +393,32 @@ public abstract class PKCS11Test {
try {
libfile = getNSSLibDir() + System.mapLibraryName(library);
FileInputStream is = new FileInputStream(libfile);
byte[] data = new byte[1000];
int read = 0;
try (FileInputStream is = new FileInputStream(libfile)) {
byte[] data = new byte[1000];
int read = 0;
while (is.available() > 0) {
if (read == 0) {
read = is.read(data, 0, 1000);
} else {
// Prepend last 100 bytes in case the header was split
// between the reads.
System.arraycopy(data, 900, data, 0, 100);
read = 100 + is.read(data, 100, 900);
}
while (is.available() > 0) {
if (read == 0) {
read = is.read(data, 0, 1000);
} else {
// Prepend last 100 bytes in case the header was split
// between the reads.
System.arraycopy(data, 900, data, 0, 100);
read = 100 + is.read(data, 100, 900);
}
s = new String(data, 0, read);
if ((i = s.indexOf(nssHeader)) > 0) {
found = true;
// If the nssHeader is before 920 we can break, otherwise
// we may not have the whole header so do another read. If
// no bytes are in the stream, that is ok, found is true.
if (i < 920) {
break;
s = new String(data, 0, read);
if ((i = s.indexOf(nssHeader)) > 0) {
found = true;
// If the nssHeader is before 920 we can break, otherwise
// we may not have the whole header so do another read. If
// no bytes are in the stream, that is ok, found is true.
if (i < 920) {
break;
}
}
}
}
is.close();
} catch (Exception e) {
e.printStackTrace();
}
@ -438,14 +512,13 @@ public abstract class PKCS11Test {
}
// Generate a vector of supported elliptic curves of a given provider
static Vector<ECParameterSpec> getKnownCurves(Provider p) throws Exception {
static List<ECParameterSpec> getKnownCurves(Provider p) throws Exception {
int index;
int begin;
int end;
String curve;
KeyPair kp = null;
Vector<ECParameterSpec> results = new Vector<ECParameterSpec>();
List<ECParameterSpec> results = new ArrayList<>();
// Get Curves to test from SunEC.
String kcProp = Security.getProvider("SunEC").
getProperty("AlgorithmParameters.EC SupportedCurves");
@ -483,7 +556,7 @@ public abstract class PKCS11Test {
try {
KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p);
kpg.initialize(e);
kp = kpg.generateKeyPair();
kpg.generateKeyPair();
results.add(e);
System.out.println("Supported");
} catch (ProviderException ex) {
@ -514,9 +587,8 @@ public abstract class PKCS11Test {
}
// Check support for a curve with a provided Vector of EC support
boolean checkSupport(Vector<ECParameterSpec> supportedEC,
boolean checkSupport(List<ECParameterSpec> supportedEC,
ECParameterSpec curve) {
boolean found = false;
for (ECParameterSpec ec: supportedEC) {
if (ec.equals(curve)) {
return true;
@ -529,7 +601,7 @@ public abstract class PKCS11Test {
// Location of the NSS libraries on each supported platform
static {
osMap = new HashMap<String,String[]>();
osMap = new HashMap<>();
osMap.put("SunOS-sparc-32", new String[]{"/usr/lib/mps/"});
osMap.put("SunOS-sparcv9-64", new String[]{"/usr/lib/mps/64/"});
osMap.put("SunOS-x86-32", new String[]{"/usr/lib/mps/"});
@ -551,11 +623,20 @@ public abstract class PKCS11Test {
private final static char[] hexDigits = "0123456789abcdef".toCharArray();
static final boolean badNSSVersion =
getNSSVersion() >= 3.11 && getNSSVersion() < 3.12;
static final boolean badSolarisSparc =
System.getProperty("os.name").equals("SunOS") &&
System.getProperty("os.arch").equals("sparcv9") &&
System.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0;
public static String toString(byte[] b) {
if (b == null) {
return "(null)";
}
StringBuffer sb = new StringBuffer(b.length * 3);
StringBuilder sb = new StringBuilder(b.length * 3);
for (int i = 0; i < b.length; i++) {
int k = b[i] & 0xff;
if (i != 0) {
@ -637,8 +718,7 @@ public abstract class PKCS11Test {
/**
* Get the identifier for the operating system distribution
*/
public String getDistro() {
static String getDistro() {
try (BufferedReader in =
new BufferedReader(new InputStreamReader(
Runtime.getRuntime().exec("uname -v").getInputStream()))) {

32
jdk/test/sun/security/pkcs11/Secmod/AddPrivateKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,14 +28,26 @@
* @author Andreas Sterbenz
* @library ..
* @run main/othervm AddPrivateKey
* @run main/othervm AddPrivateKey sm policy
*/
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.KeyStore.*;
import java.security.cert.*;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStore.PasswordProtection;
import java.security.KeyStore.PrivateKeyEntry;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
// this test is currently only run for the NSS KeyStore provider, but it
// is really a generic KeyStore test so it should be modified to run for
@ -63,6 +75,12 @@ public class AddPrivateKey extends SecmodTest {
System.out.println();
Security.addProvider(p);
if (args.length > 1 && "sm".equals(args[0])) {
System.setProperty("java.security.policy",
BASE + File.separator + args[1]);
System.setSecurityManager(new SecurityManager());
}
KeyStore ks = KeyStore.getInstance(PKCS11, p);
ks.load(null, password);
for (String alias : aliases(ks)) {

28
jdk/test/sun/security/pkcs11/Secmod/AddTrustedCert.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,14 +28,21 @@
* @author Andreas Sterbenz
* @library ..
* @run main/othervm AddTrustedCert
* @run main/othervm AddTrustedCert sm policy
*/
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.KeyStore.*;
import java.security.cert.*;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStore.TrustedCertificateEntry;
import java.security.Provider;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.TreeSet;
public class AddTrustedCert extends SecmodTest {
@ -56,6 +63,13 @@ public class AddTrustedCert extends SecmodTest {
System.out.println(p);
Security.addProvider(p);
if (args.length > 1 && "sm".equals(args[0])) {
System.setProperty("java.security.policy",
BASE + File.separator + args[1]);
System.setSecurityManager(new SecurityManager());
}
KeyStore ks = KeyStore.getInstance(PKCS11, p);
ks.load(null, password);
Collection<String> aliases = new TreeSet<>(Collections.list(

15
jdk/test/sun/security/pkcs11/Secmod/Crypto.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,9 +28,14 @@
* @author Andreas Sterbenz
* @library ..
* @run main/othervm Crypto
* @run main/othervm Crypto sm policy
*/
import java.security.*;
import java.io.File;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.Signature;
public class Crypto extends SecmodTest {
@ -42,6 +47,12 @@ public class Crypto extends SecmodTest {
String configName = BASE + SEP + "nsscrypto.cfg";
Provider p = getSunPKCS11(configName);
if (args.length > 1 && "sm".equals(args[0])) {
System.setProperty("java.security.policy",
BASE + File.separator + args[1]);
System.setSecurityManager(new SecurityManager());
}
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p);
KeyPair kp = kpg.generateKeyPair();

25
jdk/test/sun/security/pkcs11/Secmod/GetPrivateKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,13 +29,19 @@
* @author Andreas Sterbenz
* @library ..
* @run main/othervm GetPrivateKey
* @run main/othervm GetPrivateKey sm policy
*/
import java.util.*;
import java.security.*;
import java.security.KeyStore.*;
import java.security.cert.*;
import java.io.File;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.TreeSet;
public class GetPrivateKey extends SecmodTest {
@ -49,6 +55,13 @@ public class GetPrivateKey extends SecmodTest {
System.out.println(p);
Security.addProvider(p);
if (args.length > 1 && "sm".equals(args[0])) {
System.setProperty("java.security.policy",
BASE + File.separator + args[1]);
System.setSecurityManager(new SecurityManager());
}
KeyStore ks = KeyStore.getInstance(PKCS11, p);
ks.load(null, password);
Collection<String> aliases = new TreeSet<>(

39
jdk/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,13 +28,19 @@
* @author Wang Weijun
* @library ..
* @run main/othervm JksSetPrivateKey
* @run main/othervm JksSetPrivateKey sm policy
*/
import java.util.*;
import java.security.*;
import java.security.KeyStore.*;
import java.security.cert.*;
import java.io.File;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.TreeSet;
public class JksSetPrivateKey extends SecmodTest {
@ -48,9 +54,16 @@ public class JksSetPrivateKey extends SecmodTest {
System.out.println(p);
Security.addProvider(p);
if (args.length > 1 && "sm".equals(args[0])) {
System.setProperty("java.security.policy",
BASE + File.separator + args[1]);
System.setSecurityManager(new SecurityManager());
}
KeyStore ks = KeyStore.getInstance("PKCS11", p);
ks.load(null, password);
Collection<String> aliases = new TreeSet<String>(Collections.list(ks.aliases()));
Collection<String> aliases = new TreeSet<>(Collections.list(ks.aliases()));
System.out.println("entries: " + aliases.size());
System.out.println(aliases);
@ -66,14 +79,14 @@ public class JksSetPrivateKey extends SecmodTest {
jks.setKeyEntry("k1", privateKey, "changeit".toCharArray(), chain);
throw new Exception("No, an NSS PrivateKey shouldn't be extractable and put inside a JKS keystore");
} catch (KeyStoreException e) {
System.err.println(e);; // This is OK
System.err.println(e); // This is OK
}
try {
jks.setKeyEntry("k2", new DummyPrivateKey(), "changeit".toCharArray(), chain);
throw new Exception("No, non-PKCS#8 key shouldn't be put inside a KeyStore");
} catch (KeyStoreException e) {
System.err.println(e);; // This is OK
System.err.println(e); // This is OK
}
System.out.println("OK");
@ -81,35 +94,41 @@ public class JksSetPrivateKey extends SecmodTest {
jks.setKeyEntry("k3", new DummyPrivateKey2(), "changeit".toCharArray(), chain);
throw new Exception("No, not-extractble key shouldn't be put inside a KeyStore");
} catch (KeyStoreException e) {
System.err.println(e);; // This is OK
System.err.println(e); // This is OK
}
System.out.println("OK");
}
}
class DummyPrivateKey implements PrivateKey {
@Override
public String getAlgorithm() {
return "DUMMY";
}
@Override
public String getFormat() {
return "DUMMY";
}
@Override
public byte[] getEncoded() {
return "DUMMY".getBytes();
}
}
class DummyPrivateKey2 implements PrivateKey {
@Override
public String getAlgorithm() {
return "DUMMY";
}
@Override
public String getFormat() {
return "PKCS#8";
}
@Override
public byte[] getEncoded() {
return null;
}

10
jdk/test/sun/security/pkcs11/Secmod/LoadKeystore.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,6 +21,7 @@
* questions.
*/
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
@ -35,6 +36,7 @@ import java.util.Collections;
* @summary Checks that PKCS#11 keystore can't be loaded with wrong password
* @library ../
* @run main/othervm LoadKeystore
* @run main/othervm LoadKeystore sm policy
*/
public class LoadKeystore extends SecmodTest {
@ -50,6 +52,12 @@ public class LoadKeystore extends SecmodTest {
System.out.println();
Security.addProvider(p);
if (args.length > 1 && "sm".equals(args[0])) {
System.setProperty("java.security.policy",
BASE + File.separator + args[1]);
System.setSecurityManager(new SecurityManager());
}
try {
System.out.println("Load keystore with wrong type");
KeyStore.getInstance("unknown", p);

25
jdk/test/sun/security/pkcs11/Secmod/TrustAnchors.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,13 +28,17 @@
* @author Andreas Sterbenz
* @library ..
* @run main/othervm TrustAnchors
* @run main/othervm TrustAnchors sm policy
*/
import java.util.*;
import java.security.*;
import java.security.KeyStore.*;
import java.security.cert.*;
import java.io.File;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.TreeSet;
public class TrustAnchors extends SecmodTest {
@ -57,9 +61,16 @@ public class TrustAnchors extends SecmodTest {
System.out.println(p);
Security.addProvider(p);
if (args.length > 1 && "sm".equals(args[0])) {
System.setProperty("java.security.policy",
BASE + File.separator + args[1]);
System.setSecurityManager(new SecurityManager());
}
KeyStore ks = KeyStore.getInstance("PKCS11", p);
ks.load(null, null);
Collection<String> aliases = new TreeSet<String>(Collections.list(ks.aliases()));
Collection<String> aliases = new TreeSet<>(Collections.list(ks.aliases()));
System.out.println("entries: " + aliases.size());
System.out.println(aliases);

6
jdk/test/sun/security/pkcs11/Secmod/policy Normal file
View File

@ -0,0 +1,6 @@
grant {
permission java.security.SecurityPermission "authProvider.*";
permission java.io.FilePermission "${test.src}/-", "read";
permission java.io.FilePermission "${pkcs11test.nss.db}/-", "read";
permission java.io.FilePermission "${pkcs11test.nss.libdir}/-", "read";
};

16
jdk/test/sun/security/pkcs11/SecureRandom/Basic.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,17 +28,17 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
* @run main/othervm Basic
* @run main/othervm Basic sm
*/
import java.io.*;
import java.util.*;
import java.security.*;
import javax.crypto.*;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
public class Basic extends PKCS11Test {
@Override
public void main(Provider p) throws Exception {
SecureRandom random;
try {
@ -58,7 +58,7 @@ public class Basic extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new Basic());
main(new Basic(), args);
}
}

23
jdk/test/sun/security/pkcs11/Signature/ByteBuffers.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,19 +28,24 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
* @run main/othervm ByteBuffers
* @run main/othervm ByteBuffers sm
*/
import java.util.*;
import java.nio.*;
import java.security.*;
import java.nio.ByteBuffer;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.Signature;
import java.util.Random;
public class ByteBuffers extends PKCS11Test {
public static void main(String[] args) throws Exception {
main(new ByteBuffers());
main(new ByteBuffers(), args);
}
@Override
public void main(Provider p) throws Exception {
/*
@ -48,9 +53,9 @@ public class ByteBuffers extends PKCS11Test {
* when running SunPKCS11-Solaris provider (8044554)
*/
if (p.getName().equals("SunPKCS11-Solaris") &&
System.getProperty("os.name").equals("SunOS") &&
System.getProperty("os.arch").equals("sparcv9") &&
System.getProperty("os.version").compareTo("5.11") <= 0 &&
props.getProperty("os.name").equals("SunOS") &&
props.getProperty("os.arch").equals("sparcv9") &&
props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +

31
jdk/test/sun/security/pkcs11/Signature/TestDSA.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,14 +28,24 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
* @run main/othervm TestDSA
* @run main/othervm TestDSA sm
*/
import java.io.*;
import java.util.*;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringReader;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;
import java.util.Random;
public class TestDSA extends PKCS11Test {
@ -102,9 +112,10 @@ public class TestDSA extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestDSA());
main(new TestDSA(), args);
}
@Override
public void main(Provider provider) throws Exception {
long start = System.currentTimeMillis();
@ -115,9 +126,9 @@ public class TestDSA extends PKCS11Test {
* when running SunPKCS11-Solaris (8044554)
*/
if (provider.getName().equals("SunPKCS11-Solaris") &&
System.getProperty("os.name").equals("SunOS") &&
System.getProperty("os.arch").equals("sparcv9") &&
System.getProperty("os.version").compareTo("5.11") <= 0 &&
props.getProperty("os.name").equals("SunOS") &&
props.getProperty("os.arch").equals("sparcv9") &&
props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +

24
jdk/test/sun/security/pkcs11/Signature/TestDSAKeyLength.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -20,6 +20,7 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 7200306 8029158
@ -27,19 +28,24 @@
* with unsupported key sizes
* @library ..
* @key randomness
* @run main/othervm TestDSAKeyLength
* @run main/othervm TestDSAKeyLength sm
*/
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Signature;
public class TestDSAKeyLength extends PKCS11Test {
public static void main(String[] args) throws Exception {
main(new TestDSAKeyLength());
main(new TestDSAKeyLength(), args);
}
@Override
public void main(Provider provider) throws Exception {
if (isNSS(provider) && getNSSVersion() >= 3.14) {
System.out.println("Skip testing NSS " + getNSSVersion());
@ -51,9 +57,9 @@ public class TestDSAKeyLength extends PKCS11Test {
* when running SunPKCS11-Solaris (8044554)
*/
if (provider.getName().equals("SunPKCS11-Solaris") &&
System.getProperty("os.name").equals("SunOS") &&
System.getProperty("os.arch").equals("sparcv9") &&
System.getProperty("os.version").compareTo("5.11") <= 0 &&
props.getProperty("os.name").equals("SunOS") &&
props.getProperty("os.arch").equals("sparcv9") &&
props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +

24
jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,14 +27,26 @@
* @summary Make sure initSign/initVerify() check RSA key lengths
* @author Yu-Ching Valerie Peng
* @library ..
* @run main/othervm TestRSAKeyLength
* @run main/othervm TestRSAKeyLength sm
*/
import java.security.*;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignedObject;
public class TestRSAKeyLength extends PKCS11Test {
public static void main(String[] args) throws Exception {
main(new TestRSAKeyLength());
main(new TestRSAKeyLength(), args);
}
@Override
public void main(Provider p) throws Exception {
/*
@ -42,9 +54,9 @@ public class TestRSAKeyLength extends PKCS11Test {
* when running SunPKCS11-Solaris (8044554)
*/
if (p.getName().equals("SunPKCS11-Solaris") &&
System.getProperty("os.name").equals("SunOS") &&
System.getProperty("os.arch").equals("sparcv9") &&
System.getProperty("os.version").compareTo("5.11") <= 0 &&
props.getProperty("os.name").equals("SunOS") &&
props.getProperty("os.arch").equals("sparcv9") &&
props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +

54
jdk/test/sun/security/pkcs11/ec/ReadCertificates.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,16 +29,31 @@
* @author Andreas Sterbenz
* @library ..
* @library ../../../../java/security/testlibrary
* @run main/othervm ReadCertificates
* @run main/othervm ReadCertificates sm policy
*/
import java.io.*;
import java.util.*;
import java.security.cert.*;
import java.security.*;
import java.security.interfaces.*;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
public class ReadCertificates extends PKCS11Test {
@ -49,16 +64,18 @@ public class ReadCertificates extends PKCS11Test {
private static Collection<X509Certificate> readCertificates(File file) throws Exception {
System.out.println("Loading " + file.getName() + "...");
InputStream in = new FileInputStream(file);
Collection<X509Certificate> certs = (Collection<X509Certificate>)factory.generateCertificates(in);
in.close();
Collection<X509Certificate> certs;
try (InputStream in = new FileInputStream(file)) {
certs = (Collection<X509Certificate>)factory.generateCertificates(in);
}
return certs;
}
public static void main(String[] args) throws Exception {
main(new ReadCertificates());
main(new ReadCertificates(), args);
}
@Override
public void main(Provider p) throws Exception {
if (p.getService("Signature", "SHA1withECDSA") == null) {
System.out.println("Provider does not support ECDSA, skipping...");
@ -79,7 +96,7 @@ public class ReadCertificates extends PKCS11Test {
} catch (CertificateException e) {
// ignore
}
Map<X500Principal,X509Certificate> certs = new LinkedHashMap<X500Principal,X509Certificate>();
Map<X500Principal,X509Certificate> certs = new LinkedHashMap<>();
File dir = new File(BASE, "certs");
File closedDir = new File(CLOSED_BASE, "certs");
@ -103,7 +120,7 @@ public class ReadCertificates extends PKCS11Test {
System.out.println("OK: " + certs.size() + " certificates.");
// Get supported curves
Vector<ECParameterSpec> supportedEC = getKnownCurves(p);
List<ECParameterSpec> supportedEC = getKnownCurves(p);
System.out.println("Test Certs:\n");
for (X509Certificate cert : certs.values()) {
@ -127,7 +144,8 @@ public class ReadCertificates extends PKCS11Test {
System.out.println("Warning: " + e.getMessage() +
". Trying another provider...");
cert.verify(key);
} catch (Exception e) {
} catch (CertificateException | InvalidKeyException |
NoSuchProviderException | SignatureException e) {
System.out.println(e.getMessage());
if (key instanceof ECPublicKey) {
System.out.println("Failed.\n\tCurve: " +
@ -145,7 +163,7 @@ public class ReadCertificates extends PKCS11Test {
// try some random invalid signatures to make sure we get the correct
// error
System.out.println("Checking incorrect signatures...");
List<X509Certificate> certList = new ArrayList<X509Certificate>(certs.values());
List<X509Certificate> certList = new ArrayList<>(certs.values());
for (int i = 0; i < 20; i++) {
X509Certificate cert, signer;
do {
@ -161,9 +179,7 @@ public class ReadCertificates extends PKCS11Test {
} else {
throw new Exception("Verified invalid signature");
}
} catch (SignatureException e) {
System.out.println("OK: " + e);
} catch (InvalidKeyException e) {
} catch (SignatureException | InvalidKeyException e) {
System.out.println("OK: " + e);
}
}

83
jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,26 +29,41 @@
* @library ..
* @library ../../../../java/security/testlibrary
* @key randomness
* @run main/othervm ReadPKCS12
* @run main/othervm ReadPKCS12 sm policy
*/
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.interfaces.*;
import java.security.cert.*;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import javax.security.auth.x500.X500Principal;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;
public class ReadPKCS12 extends PKCS11Test {
private final static boolean COPY = false;
public static void main(String[] args) throws Exception {
main(new ReadPKCS12());
main(new ReadPKCS12(), args);
}
@Override
public void main(Provider p) throws Exception {
if (p.getService("Signature", "SHA1withECDSA") == null) {
System.out.println("Provider does not support ECDSA, skipping...");
@ -71,29 +86,30 @@ public class ReadPKCS12 extends PKCS11Test {
KeyStore ks2;
if (COPY) {
ks2 = KeyStore.getInstance("JKS");
InputStream in = new FileInputStream("keystore.old");
ks2.load(in, "passphrase".toCharArray());
in.close();
try (InputStream in = new FileInputStream("keystore.old")) {
ks2.load(in, "passphrase".toCharArray());
}
}
File dir = new File(BASE, "pkcs12");
File closedDir = new File(CLOSED_BASE, "pkcs12");
Map<String,char[]> passwords = new HashMap<String,char[]>();
BufferedReader reader = new BufferedReader(new FileReader((new File(BASE, "p12passwords.txt"))));
while (true) {
String line = reader.readLine();
if (line == null) {
break;
Map<String,char[]> passwords = new HashMap<>();
try (BufferedReader reader = new BufferedReader(
new FileReader(new File(BASE, "p12passwords.txt")))) {
while (true) {
String line = reader.readLine();
if (line == null) {
break;
}
line = line.trim();
if ((line.length() == 0) || line.startsWith("#")) {
continue;
}
String[] s = line.split(" ");
passwords.put(s[0], s[1].toCharArray());
}
line = line.trim();
if ((line.length() == 0) || line.startsWith("#")) {
continue;
}
String[] s = line.split(" ");
passwords.put(s[0], s[1].toCharArray());
}
reader.close();
for (File file : concat(dir.listFiles(), closedDir.listFiles())) {
String name = file.getName();
@ -108,10 +124,11 @@ public class ReadPKCS12 extends PKCS11Test {
password = passwords.get("*");
}
InputStream in = new FileInputStream(file);
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(in, password);
in.close();
KeyStore ks;
try (InputStream in = new FileInputStream(file)) {
ks = KeyStore.getInstance("PKCS12");
ks.load(in, password);
}
List<String> aliases = Collections.list(ks.aliases());
System.out.println("Aliases: " + aliases);
@ -147,9 +164,9 @@ public class ReadPKCS12 extends PKCS11Test {
}
if (COPY) {
OutputStream out = new FileOutputStream("keystore.new");
ks2.store(out, "passphrase".toCharArray());
out.close();
try (OutputStream out = new FileOutputStream("keystore.new")) {
ks2.store(out, "passphrase".toCharArray());
}
}
System.out.println("OK");

45
jdk/test/sun/security/pkcs11/ec/TestCurves.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,53 +29,46 @@
* @library ..
* @modules jdk.crypto.pkcs11/sun.security.pkcs11.wrapper
* @compile -XDignore.symbol.file TestCurves.java
* @run main TestCurves
* @run main/othervm TestCurves
* @run main/othervm TestCurves sm
* @key randomness
*/
import java.util.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.ProviderException;
import java.security.Signature;
import java.security.spec.ECParameterSpec;
import java.util.Arrays;
import java.util.List;
import java.util.Random;
import javax.crypto.KeyAgreement;
public class TestCurves extends PKCS11Test {
public static void main(String[] args) throws Exception {
main(new TestCurves());
main(new TestCurves(), args);
}
@Override
public void main(Provider p) throws Exception {
if (p.getService("KeyAgreement", "ECDH") == null) {
System.out.println("Not supported by provider, skipping");
return;
}
if (isNSS(p) && getNSSVersion() >= 3.11 && getNSSVersion() < 3.12) {
System.out.println("NSS 3.11 has a DER issue that recent " +
"version do not.");
if (isBadNSSVersion(p)) {
return;
}
/*
* Use Solaris SPARC 11.2 or later to avoid an intermittent failure
* when running SunPKCS11-Solaris (8044554)
*/
if (p.getName().equals("SunPKCS11-Solaris") &&
System.getProperty("os.name").equals("SunOS") &&
System.getProperty("os.arch").equals("sparcv9") &&
System.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +
"Solaris SPARC 11.2 or later, skipping");
if (isBadSolarisSparc(p)) {
return;
}
// Check if this is sparc for later failure avoidance.
boolean sparc = false;
if (System.getProperty("os.arch").equals("sparcv9")) {
if (props.getProperty("os.arch").equals("sparcv9")) {
sparc = true;
System.out.println("This is a sparcv9");
}
@ -84,7 +77,7 @@ public class TestCurves extends PKCS11Test {
byte[] data = new byte[2048];
random.nextBytes(data);
Vector<ECParameterSpec> curves = getKnownCurves(p);
List<ECParameterSpec> curves = getKnownCurves(p);
for (ECParameterSpec params : curves) {
System.out.println("Testing " + params + "...");
KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p);

30
jdk/test/sun/security/pkcs11/ec/TestECDH.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,16 +28,21 @@
* @author Andreas Sterbenz
* @library ..
* @library ../../../../java/security/testlibrary
* @run main/othervm TestECDH
* @run main/othervm TestECDH sm policy
*/
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.spec.*;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import javax.crypto.*;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.KeyAgreement;
public class TestECDH extends PKCS11Test {
@ -55,6 +60,7 @@ public class TestECDH extends PKCS11Test {
private final static String secret163 = "04:ae:71:c1:c6:4d:f4:34:4d:72:70:a4:64:65:7f:2d:88:2d:3f:50:be";
@Override
public void main(Provider p) throws Exception {
if (p.getService("KeyAgreement", "ECDH") == null) {
System.out.println("Provider does not support ECDH, skipping");
@ -89,10 +95,12 @@ public class TestECDH extends PKCS11Test {
System.out.println("OK");
}
private final static void test(Provider p, String pub1s, String priv1s, String pub2s, String priv2s, String secrets) throws Exception {
private final static void test(Provider p, String pub1s, String priv1s,
String pub2s, String priv2s, String secrets) throws Exception {
KeyFactory kf = KeyFactory.getInstance("EC", p);
PublicKey pub1 = kf.generatePublic(new X509EncodedKeySpec(parse(pub1s)));
System.out.println("Testing using parameters " + ((ECPublicKey)pub1).getParams() + "...");
System.out.println("Testing using parameters "
+ ((ECPublicKey)pub1).getParams() + "...");
PrivateKey priv1 = kf.generatePrivate(new PKCS8EncodedKeySpec(parse(priv1s)));
PublicKey pub2 = kf.generatePublic(new X509EncodedKeySpec(parse(pub2s)));
@ -121,7 +129,7 @@ public class TestECDH extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestECDH());
main(new TestECDH(), args);
}
}

40
jdk/test/sun/security/pkcs11/ec/TestECDH2.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,19 +30,25 @@
* @library ../../../../java/security/testlibrary
* @modules java.base/sun.security.util
* @compile -XDignore.symbol.file TestECDH2.java
* @run main TestECDH2
* @run main/othervm TestECDH2
* @run main/othervm TestECDH2 sm
*/
import java.io.*;
import java.util.*;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import javax.crypto.*;
import sun.security.util.ECUtil;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.util.Arrays;
import javax.crypto.KeyAgreement;
public class TestECDH2 extends PKCS11Test {
@ -81,7 +87,9 @@ public class TestECDH2 extends PKCS11Test {
private KeyPair genECKeyPair(String curvName, String privD, String pubX,
String pubY, Provider p) throws Exception {
ECParameterSpec ecParams = ECUtil.getECParameterSpec(p, curvName);
AlgorithmParameters params = AlgorithmParameters.getInstance("EC", p);
params.init(new ECGenParameterSpec(curvName));
ECParameterSpec ecParams = params.getParameterSpec(ECParameterSpec.class);
ECPrivateKeySpec privKeySpec =
new ECPrivateKeySpec(new BigInteger(privD, 16), ecParams);
ECPublicKeySpec pubKeySpec =
@ -98,19 +106,17 @@ public class TestECDH2 extends PKCS11Test {
return kpg.generateKeyPair();
}
public static void main(String[] args) throws Exception {
main(new TestECDH2());
main(new TestECDH2(), args);
}
@Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyAgreement", "ECDH") == null) {
System.out.println("ECDH not supported, skipping");
return;
}
if (isNSS(provider) && getNSSVersion() >= 3.11 &&
getNSSVersion() < 3.12) {
System.out.println("NSS 3.11 has a DER issue that recent " +
"version do not.");
if (isBadNSSVersion(provider)) {
return;
}

45
jdk/test/sun/security/pkcs11/ec/TestECDSA.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,13 +29,22 @@
* @library ..
* @library ../../../../java/security/testlibrary
* @key randomness
* @run main/othervm TestECDSA
* @run main/othervm TestECDSA sm policy
*/
import java.util.*;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.ECPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Random;
public class TestECDSA extends PKCS11Test {
@ -79,7 +88,8 @@ public class TestECDSA extends PKCS11Test {
private final static byte[] data2Raw = {};
private final static byte[] data2SHA = b("da:39:a3:ee:5e:6b:4b:0d:32:55:bf:ef:95:60:18:90:af:d8:07:09");
private static void verify(Provider provider, String alg, PublicKey key, byte[] data, byte[] sig, boolean result) throws Exception {
private static void verify(Provider provider, String alg, PublicKey key,
byte[] data, byte[] sig, boolean result) throws Exception {
Signature s = Signature.getInstance(alg, provider);
s.initVerify(key);
boolean r;
@ -105,9 +115,10 @@ public class TestECDSA extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestECDSA());
main(new TestECDSA(), args);
}
@Override
public void main(Provider provider) throws Exception {
long start = System.currentTimeMillis();
@ -116,25 +127,11 @@ public class TestECDSA extends PKCS11Test {
return;
}
if (isNSS(provider) && getNSSVersion() >= 3.11 &&
getNSSVersion() < 3.12) {
System.out.println("NSS 3.11 has a DER issue that recent " +
"version do not.");
if (isBadNSSVersion(provider)) {
return;
}
/*
* Use Solaris SPARC 11.2 or later to avoid an intermittent failure
* when running SunPKCS11-Solaris (8044554)
*/
if (provider.getName().equals("SunPKCS11-Solaris") &&
System.getProperty("os.name").equals("SunOS") &&
System.getProperty("os.arch").equals("sparcv9") &&
System.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +
"Solaris SPARC 11.2 or later, skipping");
if (isBadSolarisSparc(provider)) {
return;
}

37
jdk/test/sun/security/pkcs11/ec/TestECDSA2.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,18 +30,23 @@
* @library ../../../../java/security/testlibrary
* @modules java.base/sun.security.util
* @compile -XDignore.symbol.file TestECDSA2.java
* @run main TestECDSA2
* @run main/othervm TestECDSA2
* @run main/othervm TestECDSA2 sm
*/
import java.io.*;
import java.util.*;
import java.math.BigInteger;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import sun.security.util.ECUtil;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
public class TestECDSA2 extends PKCS11Test {
@ -78,7 +83,9 @@ public class TestECDSA2 extends PKCS11Test {
private KeyPair genECKeyPair(String curvName, String privD, String pubX,
String pubY, Provider p) throws Exception {
ECParameterSpec ecParams = ECUtil.getECParameterSpec(p, curvName);
AlgorithmParameters params = AlgorithmParameters.getInstance("EC", p);
params.init(new ECGenParameterSpec(curvName));
ECParameterSpec ecParams = params.getParameterSpec(ECParameterSpec.class);
ECPrivateKeySpec privKeySpec =
new ECPrivateKeySpec(new BigInteger(privD, 16), ecParams);
ECPublicKeySpec pubKeySpec =
@ -90,9 +97,10 @@ public class TestECDSA2 extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestECDSA2());
main(new TestECDSA2(), args);
}
@Override
public void main(Provider provider) throws Exception {
boolean testP256 =
(provider.getService("Signature", "SHA256withECDSA") != null);
@ -105,10 +113,7 @@ public class TestECDSA2 extends PKCS11Test {
return;
}
if (isNSS(provider) && getNSSVersion() >= 3.11 &&
getNSSVersion() < 3.12) {
System.out.println("NSS 3.11 has a DER issue that recent " +
"version do not.");
if (isBadNSSVersion(provider)) {
return;
}

21
jdk/test/sun/security/pkcs11/ec/TestECGenSpec.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,29 +27,32 @@
* @summary Verify that we can use ECGenParameterSpec
* @author Andreas Sterbenz
* @library ..
* @run main/othervm TestECGenSpec
* @run main/othervm TestECGenSpec sm
*/
import java.util.*;
import java.security.*;
import java.security.spec.*;
import java.security.AlgorithmParameters;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
public class TestECGenSpec extends PKCS11Test {
public static void main(String[] args) throws Exception {
main(new TestECGenSpec());
main(new TestECGenSpec(), args);
}
@Override
public void main(Provider p) throws Exception {
if (p.getService("Signature", "SHA1withECDSA") == null) {
System.out.println("Provider does not support ECDSA, skipping...");
return;
}
if (isNSS(p) && getNSSVersion() >= 3.11 && getNSSVersion() < 3.12) {
System.out.println("NSS 3.11 has a DER issue that recent " +
"version do not.");
if (isBadNSSVersion(p)) {
return;
}

26
jdk/test/sun/security/pkcs11/ec/TestKeyFactory.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,14 +27,23 @@
* @summary Test the P11ECKeyFactory
* @author Andreas Sterbenz
* @library ..
* @run main/othervm TestKeyFactory
* @run main/othervm TestKeyFactory sm
*/
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
public class TestKeyFactory extends PKCS11Test {
@ -111,9 +120,10 @@ public class TestKeyFactory extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestKeyFactory());
main(new TestKeyFactory(), args);
}
@Override
public void main(Provider p) throws Exception {
if (p.getService("KeyFactory", "EC") == null) {
System.out.println("Provider does not support EC, skipping");

7
jdk/test/sun/security/pkcs11/ec/policy Normal file
View File

@ -0,0 +1,7 @@
grant {
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "insertProvider.*";
permission java.security.SecurityPermission "removeProvider.*";
permission java.io.FilePermission "${test.src}/-", "read";
permission java.io.FilePermission "${closed.base}/-", "read";
};

37
jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,15 +29,21 @@
* @library ..
* @modules java.base/com.sun.net.ssl.internal.ssl
* @run main/othervm TrustManagerTest
* @run main/othervm TrustManagerTest sm TrustManagerTest.policy
*/
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.cert.*;
import javax.net.ssl.*;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.Policy;
import java.security.Provider;
import java.security.Security;
import java.security.URIParameter;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
// This test belongs more in JSSE than here, but the JSSE workspace does not
// have the NSS test infrastructure. It will live here for the time being.
@ -73,6 +79,12 @@ public class TrustManagerTest extends SecmodTest {
X509Certificate ca = loadCertificate("certs/ca.cer");
X509Certificate anchor = loadCertificate("certs/anchor.cer");
if (args.length > 1 && "sm".equals(args[0])) {
Policy.setPolicy(Policy.getInstance("JavaPolicy",
new URIParameter(new File(BASE, args[1]).toURI())));
System.setSecurityManager(new SecurityManager());
}
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(null, null);
trustStore.setCertificateEntry("anchor", anchor);
@ -90,11 +102,10 @@ public class TrustManagerTest extends SecmodTest {
}
private static X509Certificate loadCertificate(String name) throws Exception {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream in = new FileInputStream(BASE + SEP + name);
X509Certificate cert = (X509Certificate)cf.generateCertificate(in);
in.close();
return cert;
try (InputStream in = new FileInputStream(BASE + SEP + name)) {
return (X509Certificate) CertificateFactory.getInstance("X.509")
.generateCertificate(in);
}
}
}

3
jdk/test/sun/security/pkcs11/fips/TrustManagerTest.policy Normal file
View File

@ -0,0 +1,3 @@
grant {
};

3
jdk/test/sun/security/pkcs11/policy Normal file
View File

@ -0,0 +1,3 @@
grant {
permission java.lang.RuntimePermission "setSecurityManager";
};

30
jdk/test/sun/security/pkcs11/rsa/KeyWrap.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,18 +28,28 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
* @run main/othervm KeyWrap
* @run main/othervm KeyWrap sm
*/
import java.io.*;
import java.util.*;
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
public class KeyWrap extends PKCS11Test {
@Override
public void main(Provider p) throws Exception {
try {
Cipher.getInstance("RSA/ECB/PKCS1Padding", p);
@ -62,7 +72,7 @@ public class KeyWrap extends PKCS11Test {
PublicKey pub = (PublicKey)kf.translateKey(kp.getPublic());
PrivateKey priv = (PrivateKey)kf.translateKey(kp.getPrivate());
kp = new KeyPair(pub, priv);
} catch (Exception ee) {
} catch (NoSuchAlgorithmException | InvalidKeyException ee) {
ee.printStackTrace();
System.out.println("Provider does not support RSA, skipping");
return;
@ -93,7 +103,7 @@ public class KeyWrap extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new KeyWrap());
main(new KeyWrap(), args);
}
}

39
jdk/test/sun/security/pkcs11/rsa/TestCACerts.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,24 +28,28 @@
* @author Andreas Sterbenz
* @library ..
* @library ../../../../java/security/testlibrary
* @run main/othervm TestCACerts
* @run main/othervm TestCACerts sm TestCACerts.policy
*/
// this test serves as our known answer test
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.cert.*;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
public class TestCACerts extends PKCS11Test {
private final static char SEP = File.separatorChar;
public static void main(String[] args) throws Exception {
main(new TestCACerts());
main(new TestCACerts(), args);
}
@Override
public void main(Provider p) throws Exception {
/*
@ -53,9 +57,9 @@ public class TestCACerts extends PKCS11Test {
* when running SunPKCS11-Solaris (8044554)
*/
if (p.getName().equals("SunPKCS11-Solaris") &&
System.getProperty("os.name").equals("SunOS") &&
System.getProperty("os.arch").equals("sparcv9") &&
System.getProperty("os.version").compareTo("5.11") <= 0 &&
props.getProperty("os.name").equals("SunOS") &&
props.getProperty("os.arch").equals("sparcv9") &&
props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +
@ -67,12 +71,13 @@ public class TestCACerts extends PKCS11Test {
Providers.setAt(p, 1);
try {
String PROVIDER = p.getName();
String javaHome = System.getProperty("java.home");
String javaHome = props.getProperty("java.home");
String caCerts = javaHome + SEP + "lib" + SEP + "security" + SEP + "cacerts";
InputStream in = new FileInputStream(caCerts);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, null);
in.close();
KeyStore ks;
try (InputStream in = new FileInputStream(caCerts)) {
ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, null);
}
for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) {
String alias = (String)e.nextElement();
if (ks.isCertificateEntry(alias)) {

7
jdk/test/sun/security/pkcs11/rsa/TestCACerts.policy Normal file
View File

@ -0,0 +1,7 @@
grant {
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "insertProvider.*";
permission java.security.SecurityPermission "removeProvider.*";
permission java.util.PropertyPermission "java.home", "read";
permission java.io.FilePermission "${java.home}/lib/security/cacerts", "read";
};

19
jdk/test/sun/security/pkcs11/rsa/TestKeyFactory.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,26 +27,26 @@
* @summary Test KeyFactory of the new RSA provider
* @author Andreas Sterbenz
* @library ..
* @run main/othervm TestKeyFactory
* @run main/othervm TestKeyFactory sm rsakeys.ks.policy
*/
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
public class TestKeyFactory extends PKCS11Test {
private final static String BASE = System.getProperty("test.src", ".");
private static final char[] password = "test12".toCharArray();
static KeyStore getKeyStore() throws Exception {
InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"));
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, password);
in.close();
KeyStore ks;
try (InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"))) {
ks = KeyStore.getInstance("JKS");
ks.load(in, password);
}
return ks;
}
@ -128,9 +128,10 @@ public class TestKeyFactory extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestKeyFactory());
main(new TestKeyFactory(), args);
}
@Override
public void main(Provider p) throws Exception {
long start = System.currentTimeMillis();
KeyStore ks = getKeyStore();

24
jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,16 +30,20 @@
* @library /lib/testlibrary
* @build jdk.testlibrary.*
* @run main/othervm TestKeyPairGenerator
* @run main/othervm TestKeyPairGenerator sm TestKeyPairGenerator.policy
* @key intermittent randomness
*/
import java.io.*;
import java.util.*;
import java.math.BigInteger;
import java.security.*;
import java.security.interfaces.*;
import java.security.spec.*;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAKeyGenParameterSpec;
import jdk.testlibrary.RandomFactory;
public class TestKeyPairGenerator extends PKCS11Test {
@ -48,7 +52,8 @@ public class TestKeyPairGenerator extends PKCS11Test {
private static byte[] data;
private static void testSignature(String algorithm, PrivateKey privateKey, PublicKey publicKey) throws Exception {
private static void testSignature(String algorithm, PrivateKey privateKey,
PublicKey publicKey) throws Exception {
System.out.println("Testing " + algorithm + "...");
Signature s = Signature.getInstance(algorithm, provider);
s.initSign(privateKey);
@ -98,9 +103,10 @@ public class TestKeyPairGenerator extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestKeyPairGenerator());
main(new TestKeyPairGenerator(), args);
}
@Override
public void main(Provider p) throws Exception {
long start = System.currentTimeMillis();
provider = p;

4
jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.policy Normal file
View File

@ -0,0 +1,4 @@
grant {
permission java.lang.RuntimePermission "setSecurityManager";
permission java.util.PropertyPermission "seed", "read";
};

47
jdk/test/sun/security/pkcs11/rsa/TestSignatures.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,18 +28,25 @@
* @author Andreas Sterbenz
* @library ..
* @key randomness
* @run main/othervm TestSignatures
* @run main/othervm TestSignatures sm rsakeys.ks.policy
*/
import java.io.*;
import java.util.*;
import java.security.*;
import java.security.interfaces.*;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPublicKey;
import java.util.Enumeration;
import java.util.Random;
public class TestSignatures extends PKCS11Test {
private final static String BASE = System.getProperty("test.src", ".");
private static final char[] password = "test12".toCharArray();
private static Provider provider;
@ -47,14 +54,16 @@ public class TestSignatures extends PKCS11Test {
private static byte[] data;
static KeyStore getKeyStore() throws Exception {
InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"));
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, password);
in.close();
KeyStore ks;
try (InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"))) {
ks = KeyStore.getInstance("JKS");
ks.load(in, password);
}
return ks;
}
private static void testSignature(String algorithm, PrivateKey privateKey, PublicKey publicKey) throws Exception {
private static void testSignature(String algorithm, PrivateKey privateKey,
PublicKey publicKey) throws Exception {
System.out.println("Testing " + algorithm + "...");
Signature s = Signature.getInstance(algorithm, provider);
s.initSign(privateKey);
@ -78,7 +87,8 @@ public class TestSignatures extends PKCS11Test {
}
}
private static void test(PrivateKey privateKey, PublicKey publicKey) throws Exception {
private static void test(PrivateKey privateKey, PublicKey publicKey)
throws Exception {
testSignature("MD2withRSA", privateKey, publicKey);
testSignature("MD5withRSA", privateKey, publicKey);
testSignature("SHA1withRSA", privateKey, publicKey);
@ -93,9 +103,10 @@ public class TestSignatures extends PKCS11Test {
}
public static void main(String[] args) throws Exception {
main(new TestSignatures());
main(new TestSignatures(), args);
}
@Override
public void main(Provider p) throws Exception {
/*
@ -103,9 +114,9 @@ public class TestSignatures extends PKCS11Test {
* when running SunPKCS11-Solaris (8044554)
*/
if (p.getName().equals("SunPKCS11-Solaris") &&
System.getProperty("os.name").equals("SunOS") &&
System.getProperty("os.arch").equals("sparcv9") &&
System.getProperty("os.version").compareTo("5.11") <= 0 &&
props.getProperty("os.name").equals("SunOS") &&
props.getProperty("os.arch").equals("sparcv9") &&
props.getProperty("os.version").compareTo("5.11") <= 0 &&
getDistro().compareTo("11.2") < 0) {
System.out.println("SunPKCS11-Solaris provider requires " +

4
jdk/test/sun/security/pkcs11/rsa/rsakeys.ks.policy Normal file
View File

@ -0,0 +1,4 @@
grant {
permission java.lang.RuntimePermission "setSecurityManager";
permission java.io.FilePermission "${test.src}/rsakeys.ks", "read";
};

32
jdk/test/sun/security/pkcs11/sslecc/CipherTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -47,7 +47,8 @@ public class CipherTest {
// use any available port for the server socket
static volatile int serverPort = 0;
final int THREADS;
static final int THREADS = Integer.getInteger("numThreads", 4);
static final String TEST_SRC = System.getProperty("test.src", ".");
// assume that if we do not read anything for 20 seconds, something
// has gone wrong
@ -68,6 +69,7 @@ public class CipherTest {
this.cipherTest = cipherTest;
}
@Override
public abstract void run();
void handleRequest(InputStream in, OutputStream out) throws IOException {
@ -117,6 +119,7 @@ public class CipherTest {
return TLSCipherStatus.isEnabled(cipherSuite, protocol);
}
@Override
public String toString() {
String s = cipherSuite + " in " + protocol + " mode";
if (clientAuth != null) {
@ -260,7 +263,6 @@ public class CipherTest {
private boolean failed;
private CipherTest(PeerFactory peerFactory) throws IOException {
THREADS = Integer.parseInt(System.getProperty("numThreads", "4"));
factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket socket = (SSLSocket)factory.createSocket();
String[] cipherSuites = socket.getSupportedCipherSuites();
@ -350,6 +352,7 @@ public class CipherTest {
this.cipherTest = cipherTest;
}
@Override
public final void run() {
while (true) {
TestParameters params = cipherTest.getTest();
@ -405,10 +408,11 @@ public class CipherTest {
private static KeyStore readKeyStore(String name) throws Exception {
File file = new File(PATH, name);
InputStream in = new FileInputStream(file);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(in, passwd);
in.close();
KeyStore ks;
try (InputStream in = new FileInputStream(file)) {
ks = KeyStore.getInstance("JKS");
ks.load(in, passwd);
}
return ks;
}
@ -421,7 +425,7 @@ public class CipherTest {
} else {
relPath = pathToStores;
}
PATH = new File(System.getProperty("test.src", "."), relPath);
PATH = new File(TEST_SRC, relPath);
CipherTest.peerFactory = peerFactory;
System.out.print(
"Initializing test '" + peerFactory.getName() + "'...");
@ -494,16 +498,19 @@ class AlwaysTrustManager implements X509TrustManager {
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// empty
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// empty
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
@ -522,6 +529,7 @@ class MyX509KeyManager extends X509ExtendedKeyManager {
this.authType = "ECDSA".equals(authType) ? "EC" : authType;
}
@Override
public String[] getClientAliases(String keyType, Principal[] issuers) {
if (authType == null) {
return null;
@ -529,6 +537,7 @@ class MyX509KeyManager extends X509ExtendedKeyManager {
return keyManager.getClientAliases(authType, issuers);
}
@Override
public String chooseClientAlias(String[] keyType, Principal[] issuers,
Socket socket) {
if (authType == null) {
@ -538,6 +547,7 @@ class MyX509KeyManager extends X509ExtendedKeyManager {
issuers, socket);
}
@Override
public String chooseEngineClientAlias(String[] keyType,
Principal[] issuers, SSLEngine engine) {
if (authType == null) {
@ -547,24 +557,29 @@ class MyX509KeyManager extends X509ExtendedKeyManager {
issuers, engine);
}
@Override
public String[] getServerAliases(String keyType, Principal[] issuers) {
throw new UnsupportedOperationException("Servers not supported");
}
@Override
public String chooseServerAlias(String keyType, Principal[] issuers,
Socket socket) {
throw new UnsupportedOperationException("Servers not supported");
}
@Override
public String chooseEngineServerAlias(String keyType, Principal[] issuers,
SSLEngine engine) {
throw new UnsupportedOperationException("Servers not supported");
}
@Override
public X509Certificate[] getCertificateChain(String alias) {
return keyManager.getCertificateChain(alias);
}
@Override
public PrivateKey getPrivateKey(String alias) {
return keyManager.getPrivateKey(alias);
}
@ -577,6 +592,7 @@ class DaemonThreadFactory implements ThreadFactory {
private final static ThreadFactory DEFAULT = Executors.defaultThreadFactory();
@Override
public Thread newThread(Runnable r) {
Thread t = DEFAULT.newThread(r);
t.setDaemon(true);

20
jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -34,25 +34,28 @@
* @library ..
* @library ../../../../java/security/testlibrary
* @run main/othervm ClientJSSEServerJSSE
* @run main/othervm ClientJSSEServerJSSE sm policy
*/
import java.security.*;
import java.security.Provider;
import java.security.Security;
public class ClientJSSEServerJSSE extends PKCS11Test {
private static String[] cmdArgs;
public static void main(String[] args) throws Exception {
cmdArgs = args;
main(new ClientJSSEServerJSSE());
}
public void main(Provider p) throws Exception {
// reset security properties to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
Security.setProperty("jdk.certpath.disabledAlgorithms", "");
cmdArgs = args;
main(new ClientJSSEServerJSSE(), args);
}
@Override
public void main(Provider p) throws Exception {
if (p.getService("KeyFactory", "EC") == null) {
System.out.println("Provider does not support EC, skipping");
return;
@ -64,14 +67,17 @@ public class ClientJSSEServerJSSE extends PKCS11Test {
private static class JSSEFactory extends CipherTest.PeerFactory {
@Override
String getName() {
return "Client JSSE - Server JSSE";
}
@Override
CipherTest.Client newClient(CipherTest cipherTest) throws Exception {
return new JSSEClient(cipherTest);
}
@Override
CipherTest.Server newServer(CipherTest cipherTest) throws Exception {
return new JSSEServer(cipherTest);
}

27
jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -21,16 +21,17 @@
* questions.
*/
import java.io.*;
import java.net.*;
import java.util.*;
import java.util.concurrent.*;
import java.security.*;
import java.security.cert.*;
import java.security.cert.Certificate;
import javax.net.ssl.*;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
class JSSEServer extends CipherTest.Server {
@ -48,15 +49,17 @@ class JSSEServer extends CipherTest.Server {
serverSocket.setWantClientAuth(true);
}
@Override
public void run() {
System.out.println("JSSE Server listening on port " + cipherTest.serverPort);
Executor exec = Executors.newFixedThreadPool
(cipherTest.THREADS, DaemonThreadFactory.INSTANCE);
(CipherTest.THREADS, DaemonThreadFactory.INSTANCE);
try {
while (true) {
final SSLSocket socket = (SSLSocket)serverSocket.accept();
socket.setSoTimeout(cipherTest.TIMEOUT);
Runnable r = new Runnable() {
@Override
public void run() {
try {
InputStream in = socket.getInputStream();

9
jdk/test/sun/security/pkcs11/sslecc/policy Normal file
View File

@ -0,0 +1,9 @@
grant {
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "insertProvider.*";
permission java.security.SecurityPermission "removeProvider.*";
permission java.util.PropertyPermission "test.src", "read";
permission java.util.PropertyPermission "numThreads", "read";
permission java.io.FilePermission "${test.src}/*", "read";
permission java.net.SocketPermission "127.0.0.1:*", "listen,resolve,accept,connect";
};

216
jdk/test/sun/security/pkcs11/tls/TestKeyMaterial.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,136 +28,138 @@
* @author Andreas Sterbenz
* @library ..
* @modules java.base/sun.security.internal.spec
* @run main/othervm TestKeyMaterial
* @run main/othervm TestKeyMaterial sm policy
*/
import java.io.*;
import java.util.*;
import java.security.Security;
import java.io.BufferedReader;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Provider;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.*;
import sun.security.internal.spec.*;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import sun.security.internal.spec.TlsKeyMaterialParameterSpec;
import sun.security.internal.spec.TlsKeyMaterialSpec;
public class TestKeyMaterial extends PKCS11Test {
private static int PREFIX_LENGTH = "km-master: ".length();
private static final int PREFIX_LENGTH = "km-master: ".length();
public static void main(String[] args) throws Exception {
main(new TestKeyMaterial());
main(new TestKeyMaterial(), args);
}
@Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyGenerator", "SunTlsKeyMaterial") == null) {
System.out.println("Provider does not support algorithm, skipping");
return;
}
InputStream in = new FileInputStream(new File(BASE, "keymatdata.txt"));
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
try (BufferedReader reader = Files.newBufferedReader(
Paths.get(BASE, "keymatdata.txt"))) {
int n = 0;
int lineNumber = 0;
int n = 0;
int lineNumber = 0;
byte[] master = null;
int major = 0;
int minor = 0;
byte[] clientRandom = null;
byte[] serverRandom = null;
String cipherAlgorithm = null;
int keyLength = 0;
int expandedKeyLength = 0;
int ivLength = 0;
int macLength = 0;
byte[] clientCipherBytes = null;
byte[] serverCipherBytes = null;
byte[] clientIv = null;
byte[] serverIv = null;
byte[] clientMacBytes = null;
byte[] serverMacBytes = null;
byte[] master = null;
int major = 0;
int minor = 0;
byte[] clientRandom = null;
byte[] serverRandom = null;
String cipherAlgorithm = null;
int keyLength = 0;
int expandedKeyLength = 0;
int ivLength = 0;
int macLength = 0;
byte[] clientCipherBytes = null;
byte[] serverCipherBytes = null;
byte[] clientIv = null;
byte[] serverIv = null;
byte[] clientMacBytes = null;
byte[] serverMacBytes = null;
while (true) {
String line = reader.readLine();
lineNumber++;
if (line == null) {
break;
while (true) {
String line = reader.readLine();
lineNumber++;
if (line == null) {
break;
}
if (line.startsWith("km-") == false) {
continue;
}
String data = line.substring(PREFIX_LENGTH);
if (line.startsWith("km-master:")) {
master = parse(data);
} else if (line.startsWith("km-major:")) {
major = Integer.parseInt(data);
} else if (line.startsWith("km-minor:")) {
minor = Integer.parseInt(data);
} else if (line.startsWith("km-crandom:")) {
clientRandom = parse(data);
} else if (line.startsWith("km-srandom:")) {
serverRandom = parse(data);
} else if (line.startsWith("km-cipalg:")) {
cipherAlgorithm = data;
} else if (line.startsWith("km-keylen:")) {
keyLength = Integer.parseInt(data);
} else if (line.startsWith("km-explen:")) {
expandedKeyLength = Integer.parseInt(data);
} else if (line.startsWith("km-ivlen:")) {
ivLength = Integer.parseInt(data);
} else if (line.startsWith("km-maclen:")) {
macLength = Integer.parseInt(data);
} else if (line.startsWith("km-ccipkey:")) {
clientCipherBytes = parse(data);
} else if (line.startsWith("km-scipkey:")) {
serverCipherBytes = parse(data);
} else if (line.startsWith("km-civ:")) {
clientIv = parse(data);
} else if (line.startsWith("km-siv:")) {
serverIv = parse(data);
} else if (line.startsWith("km-cmackey:")) {
clientMacBytes = parse(data);
} else if (line.startsWith("km-smackey:")) {
serverMacBytes = parse(data);
System.out.print(".");
n++;
KeyGenerator kg =
KeyGenerator.getInstance("SunTlsKeyMaterial", provider);
SecretKey masterKey =
new SecretKeySpec(master, "TlsMasterSecret");
TlsKeyMaterialParameterSpec spec =
new TlsKeyMaterialParameterSpec(masterKey, major, minor,
clientRandom, serverRandom, cipherAlgorithm,
keyLength, expandedKeyLength, ivLength, macLength,
null, -1, -1);
kg.init(spec);
TlsKeyMaterialSpec result =
(TlsKeyMaterialSpec)kg.generateKey();
match(lineNumber, clientCipherBytes,
result.getClientCipherKey(), cipherAlgorithm);
match(lineNumber, serverCipherBytes,
result.getServerCipherKey(), cipherAlgorithm);
match(lineNumber, clientIv, result.getClientIv(), "");
match(lineNumber, serverIv, result.getServerIv(), "");
match(lineNumber, clientMacBytes, result.getClientMacKey(), "");
match(lineNumber, serverMacBytes, result.getServerMacKey(), "");
} else {
throw new Exception("Unknown line: " + line);
}
}
if (line.startsWith("km-") == false) {
continue;
}
String data = line.substring(PREFIX_LENGTH);
if (line.startsWith("km-master:")) {
master = parse(data);
} else if (line.startsWith("km-major:")) {
major = Integer.parseInt(data);
} else if (line.startsWith("km-minor:")) {
minor = Integer.parseInt(data);
} else if (line.startsWith("km-crandom:")) {
clientRandom = parse(data);
} else if (line.startsWith("km-srandom:")) {
serverRandom = parse(data);
} else if (line.startsWith("km-cipalg:")) {
cipherAlgorithm = data;
} else if (line.startsWith("km-keylen:")) {
keyLength = Integer.parseInt(data);
} else if (line.startsWith("km-explen:")) {
expandedKeyLength = Integer.parseInt(data);
} else if (line.startsWith("km-ivlen:")) {
ivLength = Integer.parseInt(data);
} else if (line.startsWith("km-maclen:")) {
macLength = Integer.parseInt(data);
} else if (line.startsWith("km-ccipkey:")) {
clientCipherBytes = parse(data);
} else if (line.startsWith("km-scipkey:")) {
serverCipherBytes = parse(data);
} else if (line.startsWith("km-civ:")) {
clientIv = parse(data);
} else if (line.startsWith("km-siv:")) {
serverIv = parse(data);
} else if (line.startsWith("km-cmackey:")) {
clientMacBytes = parse(data);
} else if (line.startsWith("km-smackey:")) {
serverMacBytes = parse(data);
System.out.print(".");
n++;
KeyGenerator kg =
KeyGenerator.getInstance("SunTlsKeyMaterial", provider);
SecretKey masterKey =
new SecretKeySpec(master, "TlsMasterSecret");
TlsKeyMaterialParameterSpec spec =
new TlsKeyMaterialParameterSpec(masterKey, major, minor,
clientRandom, serverRandom, cipherAlgorithm,
keyLength, expandedKeyLength, ivLength, macLength,
null, -1, -1);
kg.init(spec);
TlsKeyMaterialSpec result =
(TlsKeyMaterialSpec)kg.generateKey();
match(lineNumber, clientCipherBytes,
result.getClientCipherKey(), cipherAlgorithm);
match(lineNumber, serverCipherBytes,
result.getServerCipherKey(), cipherAlgorithm);
match(lineNumber, clientIv, result.getClientIv(), "");
match(lineNumber, serverIv, result.getServerIv(), "");
match(lineNumber, clientMacBytes, result.getClientMacKey(), "");
match(lineNumber, serverMacBytes, result.getServerMacKey(), "");
} else {
throw new Exception("Unknown line: " + line);
if (n == 0) {
throw new Exception("no tests");
}
System.out.println();
System.out.println("OK: " + n + " tests");
}
if (n == 0) {
throw new Exception("no tests");
}
in.close();
System.out.println();
System.out.println("OK: " + n + " tests");
}
private static void stripParity(byte[] b) {

22
jdk/test/sun/security/pkcs11/tls/TestLeadingZeroesP11.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -27,15 +27,18 @@
* @summary Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement
* @library ..
* @author Pasi Eronen
* @run main/othervm TestLeadingZeroesP11
* @run main/othervm TestLeadingZeroesP11 sm
*/
import java.io.*;
import java.security.*;
import java.security.spec.*;
import java.security.interfaces.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import javax.crypto.interfaces.*;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.KeyAgreement;
/**
* Test that leading zeroes are stripped in TlsPremasterSecret case,
@ -48,9 +51,10 @@ import javax.crypto.interfaces.*;
public class TestLeadingZeroesP11 extends PKCS11Test {
public static void main(String[] args) throws Exception {
main(new TestLeadingZeroesP11());
main(new TestLeadingZeroesP11(), args);
}
@Override
public void main(Provider p) throws Exception {
// decode pre-generated keypairs

161
jdk/test/sun/security/pkcs11/tls/TestMasterSecret.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,111 +29,112 @@
* @library ..
* @modules java.base/sun.security.internal.interfaces
* java.base/sun.security.internal.spec
* @run main/othervm TestMasterSecret
* @run main/othervm TestMasterSecret sm TestMasterSecret.policy
*/
import java.io.*;
import java.util.*;
import java.security.Security;
import java.io.BufferedReader;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Provider;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.*;
import sun.security.internal.spec.*;
import javax.crypto.spec.SecretKeySpec;
import sun.security.internal.interfaces.TlsMasterSecret;
import sun.security.internal.spec.TlsMasterSecretParameterSpec;
public class TestMasterSecret extends PKCS11Test {
private static int PREFIX_LENGTH = "m-premaster: ".length();
private static final int PREFIX_LENGTH = "m-premaster: ".length();
public static void main(String[] args) throws Exception {
main(new TestMasterSecret());
main(new TestMasterSecret(), args);
}
@Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyGenerator", "SunTlsMasterSecret") == null) {
System.out.println("Not supported by provider, skipping");
return;
}
InputStream in = new FileInputStream(new File(BASE, "masterdata.txt"));
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
int n = 0;
int lineNumber = 0;
try (BufferedReader reader = Files.newBufferedReader(
Paths.get(BASE, "masterdata.txt"))) {
String algorithm = null;
byte[] premaster = null;
byte[] clientRandom = null;
byte[] serverRandom = null;
int protoMajor = 0;
int protoMinor = 0;
int preMajor = 0;
int preMinor = 0;
byte[] master = null;
int n = 0;
int lineNumber = 0;
while (true) {
String line = reader.readLine();
lineNumber++;
if (line == null) {
break;
}
if (line.startsWith("m-") == false) {
continue;
}
String data = line.substring(PREFIX_LENGTH);
if (line.startsWith("m-algorithm:")) {
algorithm = data;
} else if (line.startsWith("m-premaster:")) {
premaster = parse(data);
} else if (line.startsWith("m-crandom:")) {
clientRandom = parse(data);
} else if (line.startsWith("m-srandom:")) {
serverRandom = parse(data);
} else if (line.startsWith("m-protomajor:")) {
protoMajor = Integer.parseInt(data);
} else if (line.startsWith("m-protominor:")) {
protoMinor = Integer.parseInt(data);
} else if (line.startsWith("m-premajor:")) {
preMajor = Integer.parseInt(data);
} else if (line.startsWith("m-preminor:")) {
preMinor = Integer.parseInt(data);
} else if (line.startsWith("m-master:")) {
master = parse(data);
String algorithm = null;
byte[] premaster = null;
byte[] clientRandom = null;
byte[] serverRandom = null;
int protoMajor = 0;
int protoMinor = 0;
int preMajor = 0;
int preMinor = 0;
byte[] master = null;
System.out.print(".");
n++;
KeyGenerator kg =
KeyGenerator.getInstance("SunTlsMasterSecret", provider);
SecretKey premasterKey =
new SecretKeySpec(premaster, algorithm);
TlsMasterSecretParameterSpec spec =
new TlsMasterSecretParameterSpec(premasterKey,
protoMajor, protoMinor, clientRandom, serverRandom,
null, -1, -1);
kg.init(spec);
TlsMasterSecret key = (TlsMasterSecret)kg.generateKey();
byte[] enc = key.getEncoded();
if (Arrays.equals(master, enc) == false) {
throw new Exception("mismatch line: " + lineNumber);
while (true) {
String line = reader.readLine();
lineNumber++;
if (line == null) {
break;
}
if ((preMajor != key.getMajorVersion()) ||
(preMinor != key.getMinorVersion())) {
throw new Exception("version mismatch line: " + lineNumber);
if (line.startsWith("m-") == false) {
continue;
}
String data = line.substring(PREFIX_LENGTH);
if (line.startsWith("m-algorithm:")) {
algorithm = data;
} else if (line.startsWith("m-premaster:")) {
premaster = parse(data);
} else if (line.startsWith("m-crandom:")) {
clientRandom = parse(data);
} else if (line.startsWith("m-srandom:")) {
serverRandom = parse(data);
} else if (line.startsWith("m-protomajor:")) {
protoMajor = Integer.parseInt(data);
} else if (line.startsWith("m-protominor:")) {
protoMinor = Integer.parseInt(data);
} else if (line.startsWith("m-premajor:")) {
preMajor = Integer.parseInt(data);
} else if (line.startsWith("m-preminor:")) {
preMinor = Integer.parseInt(data);
} else if (line.startsWith("m-master:")) {
master = parse(data);
System.out.print(".");
n++;
KeyGenerator kg =
KeyGenerator.getInstance("SunTlsMasterSecret", provider);
SecretKey premasterKey =
new SecretKeySpec(premaster, algorithm);
TlsMasterSecretParameterSpec spec =
new TlsMasterSecretParameterSpec(premasterKey,
protoMajor, protoMinor, clientRandom, serverRandom,
null, -1, -1);
kg.init(spec);
TlsMasterSecret key = (TlsMasterSecret)kg.generateKey();
byte[] enc = key.getEncoded();
if (Arrays.equals(master, enc) == false) {
throw new Exception("mismatch line: " + lineNumber);
}
if ((preMajor != key.getMajorVersion()) ||
(preMinor != key.getMinorVersion())) {
throw new Exception("version mismatch line: " + lineNumber);
}
} else {
throw new Exception("Unknown line: " + line);
}
} else {
throw new Exception("Unknown line: " + line);
}
if (n == 0) {
throw new Exception("no tests");
}
System.out.println();
System.out.println("OK: " + n + " tests");
}
if (n == 0) {
throw new Exception("no tests");
}
in.close();
System.out.println();
System.out.println("OK: " + n + " tests");
}
}

8
jdk/test/sun/security/pkcs11/tls/TestMasterSecret.policy Normal file
View File

@ -0,0 +1,8 @@
grant {
permission java.lang.RuntimePermission "setSecurityManager";
permission java.io.FilePermission "${test.src}/*", "read";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.security.internal.spec";
permission java.lang.RuntimePermission
"accessClassInPackage.sun.security.internal.interfaces";
};

168
jdk/test/sun/security/pkcs11/tls/TestPRF.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,116 +28,116 @@
* @author Andreas Sterbenz
* @library ..
* @modules java.base/sun.security.internal.spec
* @run main/othervm TestPRF
* @run main/othervm TestPRF sm policy
*/
import java.io.*;
import java.util.*;
import java.security.Security;
import java.io.BufferedReader;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Provider;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.*;
import sun.security.internal.spec.*;
import javax.crypto.spec.SecretKeySpec;
import sun.security.internal.spec.TlsPrfParameterSpec;
public class TestPRF extends PKCS11Test {
private static int PREFIX_LENGTH = "prf-output: ".length();
private static final int PREFIX_LENGTH = "prf-output: ".length();
public static void main(String[] args) throws Exception {
main(new TestPRF());
main(new TestPRF(), args);
}
@Override
public void main(Provider provider) throws Exception {
if (provider.getService("KeyGenerator", "SunTlsPrf") == null) {
System.out.println("Provider does not support algorithm, skipping");
return;
}
InputStream in = new FileInputStream(new File(BASE, "prfdata.txt"));
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
try (BufferedReader reader = Files.newBufferedReader(
Paths.get(BASE, "prfdata.txt"))) {
int n = 0;
int lineNumber = 0;
int n = 0;
int lineNumber = 0;
byte[] secret = null;
String label = null;
byte[] seed = null;
int length = 0;
byte[] output = null;
byte[] secret = null;
String label = null;
byte[] seed = null;
int length = 0;
byte[] output = null;
while (true) {
String line = reader.readLine();
lineNumber++;
if (line == null) {
break;
}
if (line.startsWith("prf-") == false) {
continue;
}
String data = line.substring(PREFIX_LENGTH);
if (line.startsWith("prf-secret:")) {
secret = parse(data);
} else if (line.startsWith("prf-label:")) {
label = data;
} else if (line.startsWith("prf-seed:")) {
seed = parse(data);
} else if (line.startsWith("prf-length:")) {
length = Integer.parseInt(data);
} else if (line.startsWith("prf-output:")) {
output = parse(data);
System.out.print(".");
n++;
KeyGenerator kg =
KeyGenerator.getInstance("SunTlsPrf", provider);
SecretKey inKey;
if (secret == null) {
inKey = null;
} else {
inKey = new SecretKeySpec(secret, "Generic");
while (true) {
String line = reader.readLine();
lineNumber++;
if (line == null) {
break;
}
TlsPrfParameterSpec spec =
new TlsPrfParameterSpec(inKey, label, seed, length,
null, -1, -1);
SecretKey key;
try {
kg.init(spec);
key = kg.generateKey();
} catch (Exception e) {
if (line.startsWith("prf-") == false) {
continue;
}
String data = line.substring(PREFIX_LENGTH);
if (line.startsWith("prf-secret:")) {
secret = parse(data);
} else if (line.startsWith("prf-label:")) {
label = data;
} else if (line.startsWith("prf-seed:")) {
seed = parse(data);
} else if (line.startsWith("prf-length:")) {
length = Integer.parseInt(data);
} else if (line.startsWith("prf-output:")) {
output = parse(data);
System.out.print(".");
n++;
KeyGenerator kg =
KeyGenerator.getInstance("SunTlsPrf", provider);
SecretKey inKey;
if (secret == null) {
// This fails on Solaris, but since we never call this
// API for this case in JSSE, ignore the failure.
// (SunJSSE uses the CKM_TLS_KEY_AND_MAC_DERIVE
// mechanism)
System.out.print("X");
continue;
inKey = null;
} else {
inKey = new SecretKeySpec(secret, "Generic");
}
System.out.println();
throw new Exception("Error on line: " + lineNumber, e);
TlsPrfParameterSpec spec =
new TlsPrfParameterSpec(inKey, label, seed, length,
null, -1, -1);
SecretKey key;
try {
kg.init(spec);
key = kg.generateKey();
} catch (Exception e) {
if (secret == null) {
// This fails on Solaris, but since we never call this
// API for this case in JSSE, ignore the failure.
// (SunJSSE uses the CKM_TLS_KEY_AND_MAC_DERIVE
// mechanism)
System.out.print("X");
continue;
}
System.out.println();
throw new Exception("Error on line: " + lineNumber, e);
}
byte[] enc = key.getEncoded();
if (Arrays.equals(output, enc) == false) {
System.out.println();
System.out.println("expected: " + toString(output));
System.out.println("actual: " + toString(enc));
throw new Exception("mismatch line: " + lineNumber);
}
} else {
throw new Exception("Unknown line: " + line);
}
byte[] enc = key.getEncoded();
if (Arrays.equals(output, enc) == false) {
System.out.println();
System.out.println("expected: " + toString(output));
System.out.println("actual: " + toString(enc));
throw new Exception("mismatch line: " + lineNumber);
}
} else {
throw new Exception("Unknown line: " + line);
}
if (n == 0) {
throw new Exception("no tests");
}
System.out.println();
System.out.println("OK: " + n + " tests");
}
if (n == 0) {
throw new Exception("no tests");
}
in.close();
System.out.println();
System.out.println("OK: " + n + " tests");
}
}

11
jdk/test/sun/security/pkcs11/tls/TestPremaster.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -28,23 +28,22 @@
* @author Andreas Sterbenz
* @library ..
* @modules java.base/sun.security.internal.spec
* @run main/othervm TestPremaster
* @run main/othervm TestPremaster sm policy
*/
import java.security.Security;
import java.security.Provider;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.util.Formatter;
import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec;
public class TestPremaster extends PKCS11Test {
public static void main(String[] args) throws Exception {
main(new TestPremaster());
main(new TestPremaster(), args);
}
@Override
public void main(Provider provider) throws Exception {
if (provider.getService(
"KeyGenerator", "SunTlsRsaPremasterSecret") == null) {

5
jdk/test/sun/security/pkcs11/tls/policy Normal file
View File

@ -0,0 +1,5 @@
grant {
permission java.lang.RuntimePermission "setSecurityManager";
permission java.io.FilePermission "${test.src}/*", "read";
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.internal.spec";
};