From ff74b293048600a6890cf132d6db9e2cfa278114 Mon Sep 17 00:00:00 2001 From: Artem Smotrakov Date: Tue, 26 Jan 2016 13:32:07 -0800 Subject: [PATCH] 8144539: Update PKCS11 tests to run with security manager Reviewed-by: valeriep, ascarpino --- .../security/pkcs11/Cipher/ReinitCipher.java | 17 +- .../pkcs11/Cipher/TestPKCS5PaddingError.java | 26 +-- .../security/pkcs11/Cipher/TestRSACipher.java | 24 +- .../pkcs11/Cipher/TestRSACipherWrap.java | 22 +- .../pkcs11/Cipher/TestRawRSACipher.java | 19 +- .../pkcs11/Cipher/TestSymmCiphers.java | 24 +- .../pkcs11/Cipher/TestSymmCiphersNoPad.java | 28 ++- .../security/pkcs11/KeyAgreement/TestDH.java | 24 +- .../pkcs11/KeyAgreement/TestInterop.java | 21 +- .../pkcs11/KeyAgreement/TestShort.java | 21 +- .../pkcs11/KeyGenerator/DESParity.java | 22 +- .../pkcs11/KeyGenerator/TestKeyGenerator.java | 18 +- .../pkcs11/KeyPairGenerator/TestDH2048.java | 17 +- jdk/test/sun/security/pkcs11/Mac/MacKAT.java | 7 +- .../sun/security/pkcs11/Mac/MacSameTest.java | 7 +- .../sun/security/pkcs11/Mac/ReinitMac.java | 17 +- .../pkcs11/MessageDigest/ByteBuffers.java | 16 +- .../pkcs11/MessageDigest/DigestKAT.java | 21 +- .../pkcs11/MessageDigest/ReinitDigest.java | 14 +- .../pkcs11/MessageDigest/TestCloning.java | 14 +- jdk/test/sun/security/pkcs11/PKCS11Test.java | 174 ++++++++++---- .../security/pkcs11/Secmod/AddPrivateKey.java | 32 ++- .../pkcs11/Secmod/AddTrustedCert.java | 28 ++- .../sun/security/pkcs11/Secmod/Crypto.java | 15 +- .../security/pkcs11/Secmod/GetPrivateKey.java | 25 +- .../pkcs11/Secmod/JksSetPrivateKey.java | 39 +++- .../security/pkcs11/Secmod/LoadKeystore.java | 10 +- .../security/pkcs11/Secmod/TrustAnchors.java | 25 +- jdk/test/sun/security/pkcs11/Secmod/policy | 6 + .../security/pkcs11/SecureRandom/Basic.java | 16 +- .../pkcs11/Signature/ByteBuffers.java | 23 +- .../security/pkcs11/Signature/TestDSA.java | 31 ++- .../pkcs11/Signature/TestDSAKeyLength.java | 24 +- .../pkcs11/Signature/TestRSAKeyLength.java | 24 +- .../security/pkcs11/ec/ReadCertificates.java | 54 +++-- .../sun/security/pkcs11/ec/ReadPKCS12.java | 83 ++++--- .../sun/security/pkcs11/ec/TestCurves.java | 45 ++-- jdk/test/sun/security/pkcs11/ec/TestECDH.java | 30 ++- .../sun/security/pkcs11/ec/TestECDH2.java | 40 ++-- .../sun/security/pkcs11/ec/TestECDSA.java | 45 ++-- .../sun/security/pkcs11/ec/TestECDSA2.java | 37 +-- .../sun/security/pkcs11/ec/TestECGenSpec.java | 21 +- .../security/pkcs11/ec/TestKeyFactory.java | 26 ++- jdk/test/sun/security/pkcs11/ec/policy | 7 + .../pkcs11/fips/TrustManagerTest.java | 37 +-- .../pkcs11/fips/TrustManagerTest.policy | 3 + jdk/test/sun/security/pkcs11/policy | 3 + jdk/test/sun/security/pkcs11/rsa/KeyWrap.java | 30 ++- .../sun/security/pkcs11/rsa/TestCACerts.java | 39 ++-- .../security/pkcs11/rsa/TestCACerts.policy | 7 + .../security/pkcs11/rsa/TestKeyFactory.java | 19 +- .../pkcs11/rsa/TestKeyPairGenerator.java | 24 +- .../pkcs11/rsa/TestKeyPairGenerator.policy | 4 + .../security/pkcs11/rsa/TestSignatures.java | 47 ++-- .../sun/security/pkcs11/rsa/rsakeys.ks.policy | 4 + .../security/pkcs11/sslecc/CipherTest.java | 32 ++- .../pkcs11/sslecc/ClientJSSEServerJSSE.java | 20 +- .../security/pkcs11/sslecc/JSSEServer.java | 27 ++- jdk/test/sun/security/pkcs11/sslecc/policy | 9 + .../security/pkcs11/tls/TestKeyMaterial.java | 216 +++++++++--------- .../pkcs11/tls/TestLeadingZeroesP11.java | 22 +- .../security/pkcs11/tls/TestMasterSecret.java | 161 ++++++------- .../pkcs11/tls/TestMasterSecret.policy | 8 + jdk/test/sun/security/pkcs11/tls/TestPRF.java | 168 +++++++------- .../security/pkcs11/tls/TestPremaster.java | 11 +- jdk/test/sun/security/pkcs11/tls/policy | 5 + 66 files changed, 1301 insertions(+), 834 deletions(-) create mode 100644 jdk/test/sun/security/pkcs11/Secmod/policy create mode 100644 jdk/test/sun/security/pkcs11/ec/policy create mode 100644 jdk/test/sun/security/pkcs11/fips/TrustManagerTest.policy create mode 100644 jdk/test/sun/security/pkcs11/policy create mode 100644 jdk/test/sun/security/pkcs11/rsa/TestCACerts.policy create mode 100644 jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.policy create mode 100644 jdk/test/sun/security/pkcs11/rsa/rsakeys.ks.policy create mode 100644 jdk/test/sun/security/pkcs11/sslecc/policy create mode 100644 jdk/test/sun/security/pkcs11/tls/TestMasterSecret.policy create mode 100644 jdk/test/sun/security/pkcs11/tls/policy diff --git a/jdk/test/sun/security/pkcs11/Cipher/ReinitCipher.java b/jdk/test/sun/security/pkcs11/Cipher/ReinitCipher.java index 2cd68b44a9b..db7098e5fdf 100644 --- a/jdk/test/sun/security/pkcs11/Cipher/ReinitCipher.java +++ b/jdk/test/sun/security/pkcs11/Cipher/ReinitCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,21 +28,22 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm ReinitCipher + * @run main/othervm ReinitCipher sm */ -import java.util.*; - -import java.security.*; - -import javax.crypto.*; -import javax.crypto.spec.*; +import java.security.Provider; +import java.util.Random; +import javax.crypto.Cipher; +import javax.crypto.spec.SecretKeySpec; public class ReinitCipher extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new ReinitCipher()); + main(new ReinitCipher(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("Cipher", "ARCFOUR") == null) { System.out.println("Not supported by provider, skipping"); diff --git a/jdk/test/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java b/jdk/test/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java index f0721daa2e5..5fa94cbfc54 100644 --- a/jdk/test/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java +++ b/jdk/test/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,16 +27,18 @@ * @summary Test internal PKCS5Padding impl with various error conditions. * @author Valerie Peng * @library .. + * @run main/othervm TestPKCS5PaddingError + * @run main/othervm TestPKCS5PaddingError sm */ -import java.io.*; -import java.nio.*; -import java.util.*; -import java.security.*; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.*; -import javax.crypto.spec.IvParameterSpec; +import java.security.AlgorithmParameters; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; public class TestPKCS5PaddingError extends PKCS11Test { private static class CI { // class for holding Cipher Information @@ -62,10 +64,8 @@ public class TestPKCS5PaddingError extends PKCS11Test { private static StringBuffer debugBuf = new StringBuffer(); + @Override public void main(Provider p) throws Exception { - boolean status = true; - Random random = new Random(); - try { byte[] plainText = new byte[200]; @@ -127,6 +127,6 @@ public class TestPKCS5PaddingError extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestPKCS5PaddingError()); + main(new TestPKCS5PaddingError(), args); } } diff --git a/jdk/test/sun/security/pkcs11/Cipher/TestRSACipher.java b/jdk/test/sun/security/pkcs11/Cipher/TestRSACipher.java index 876048f46cf..b9656a54086 100644 --- a/jdk/test/sun/security/pkcs11/Cipher/TestRSACipher.java +++ b/jdk/test/sun/security/pkcs11/Cipher/TestRSACipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,20 +28,28 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm TestRSACipher + * @run main/othervm TestRSACipher sm */ -import java.io.*; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.util.Arrays; +import java.util.Random; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; public class TestRSACipher extends PKCS11Test { private static final String[] RSA_ALGOS = { "RSA/ECB/PKCS1Padding", "RSA" }; + @Override public void main(Provider p) throws Exception { try { Cipher.getInstance(RSA_ALGOS[0], p); @@ -122,7 +130,7 @@ public class TestRSACipher extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestRSACipher()); + main(new TestRSACipher(), args); } } diff --git a/jdk/test/sun/security/pkcs11/Cipher/TestRSACipherWrap.java b/jdk/test/sun/security/pkcs11/Cipher/TestRSACipherWrap.java index c00b39942cc..8637302b547 100644 --- a/jdk/test/sun/security/pkcs11/Cipher/TestRSACipherWrap.java +++ b/jdk/test/sun/security/pkcs11/Cipher/TestRSACipherWrap.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,13 +27,20 @@ * @summary basic test for RSA cipher key wrapping functionality * @author Valerie Peng * @library .. + * @run main/othervm TestRSACipherWrap + * @run main/othervm TestRSACipherWrap sm */ -import java.io.*; -import java.util.*; -import java.security.*; - -import javax.crypto.*; +import java.security.GeneralSecurityException; +import java.security.InvalidParameterException; +import java.security.Key; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.util.Arrays; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; public class TestRSACipherWrap extends PKCS11Test { @@ -41,6 +48,7 @@ public class TestRSACipherWrap extends PKCS11Test { private static final String[] RSA_ALGOS = { "RSA/ECB/PKCS1Padding", "RSA" }; + @Override public void main(Provider p) throws Exception { try { Cipher.getInstance(RSA_ALGOS[0], p); @@ -104,6 +112,6 @@ public class TestRSACipherWrap extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestRSACipherWrap()); + main(new TestRSACipherWrap(), args); } } diff --git a/jdk/test/sun/security/pkcs11/Cipher/TestRawRSACipher.java b/jdk/test/sun/security/pkcs11/Cipher/TestRawRSACipher.java index 17ffe9553c2..cebe4224129 100644 --- a/jdk/test/sun/security/pkcs11/Cipher/TestRawRSACipher.java +++ b/jdk/test/sun/security/pkcs11/Cipher/TestRawRSACipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,16 +28,21 @@ * @author Valerie Peng * @library .. * @key randomness + * @run main/othervm TestRawRSACipher + * @run main/othervm TestRawRSACipher sm */ -import javax.crypto.*; -import java.io.*; -import javax.crypto.spec.SecretKeySpec; -import java.security.*; -import java.util.*; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.util.Arrays; +import java.util.Random; +import javax.crypto.Cipher; public class TestRawRSACipher extends PKCS11Test { + @Override public void main(Provider p) throws Exception { try { Cipher.getInstance("RSA/ECB/NoPadding", p); @@ -80,6 +85,6 @@ public class TestRawRSACipher extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestRawRSACipher()); + main(new TestRawRSACipher(), args); } } diff --git a/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java b/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java index e6b7f7d8a34..018edc7417a 100644 --- a/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java +++ b/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,16 +28,19 @@ * @author Valerie Peng * @library .. * @key randomness + * @run main/othervm TestSymmCiphers + * @run main/othervm TestSymmCiphers sm */ -import java.io.*; -import java.nio.*; -import java.util.*; -import java.security.*; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.*; -import javax.crypto.spec.IvParameterSpec; +import java.io.ByteArrayOutputStream; +import java.nio.ByteBuffer; +import java.security.AlgorithmParameters; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.util.Random; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; public class TestSymmCiphers extends PKCS11Test { @@ -81,6 +84,7 @@ public class TestSymmCiphers extends PKCS11Test { }; private static StringBuffer debugBuf = new StringBuffer(); + @Override public void main(Provider p) throws Exception { // NSS reports CKR_DEVICE_ERROR when the data passed to // its EncryptUpdate/DecryptUpdate is not multiple of blocks @@ -272,6 +276,6 @@ public class TestSymmCiphers extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestSymmCiphers()); + main(new TestSymmCiphers(), args); } } diff --git a/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java b/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java index 07d48649be5..2359e77bf03 100644 --- a/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java +++ b/jdk/test/sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,22 @@ * @author Valerie Peng * @library .. * @key randomness + * @run main/othervm TestSymmCiphersNoPad + * @run main/othervm TestSymmCiphersNoPad sm */ -import java.io.*; -import java.nio.*; -import java.util.*; - -import java.security.*; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.*; -import javax.crypto.spec.IvParameterSpec; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.InputStream; +import java.nio.ByteBuffer; +import java.security.AlgorithmParameters; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.util.Random; +import javax.crypto.Cipher; +import javax.crypto.CipherInputStream; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; public class TestSymmCiphersNoPad extends PKCS11Test { @@ -67,6 +72,7 @@ public class TestSymmCiphersNoPad extends PKCS11Test { private static StringBuffer debugBuf; + @Override public void main(Provider p) throws Exception { boolean status = true; Random random = new Random(); @@ -234,6 +240,6 @@ public class TestSymmCiphersNoPad extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestSymmCiphersNoPad()); + main(new TestSymmCiphersNoPad(), args); } } diff --git a/jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java b/jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java index 2c123a84a06..45e03897359 100644 --- a/jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java +++ b/jdk/test/sun/security/pkcs11/KeyAgreement/TestDH.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,17 +27,20 @@ * @summary Verify that DH works properly * @author Andreas Sterbenz * @library .. + * @run main/othervm TestDH + * @run main/othervm TestDH sm */ -import java.io.*; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.util.Arrays; +import javax.crypto.KeyAgreement; +import javax.crypto.SecretKey; public class TestDH extends PKCS11Test { + @Override public void main(Provider p) throws Exception { if (p.getService("KeyAgreement", "DH") == null) { System.out.println("DH not supported, skipping"); @@ -91,8 +94,9 @@ public class TestDH extends PKCS11Test { testAlgorithm(ka2, kp2, ka1, kp1, "TlsPremasterSecret"); } - private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1, KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception { - SecretKey key1 = null; + private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1, + KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception { + SecretKey key1; ka1.init(kp1.getPrivate()); ka1.doPhase(kp2.getPublic(), true); @@ -115,7 +119,7 @@ public class TestDH extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestDH()); + main(new TestDH(), args); } } diff --git a/jdk/test/sun/security/pkcs11/KeyAgreement/TestInterop.java b/jdk/test/sun/security/pkcs11/KeyAgreement/TestInterop.java index 95f1ce1c52f..15a96b9b19e 100644 --- a/jdk/test/sun/security/pkcs11/KeyAgreement/TestInterop.java +++ b/jdk/test/sun/security/pkcs11/KeyAgreement/TestInterop.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,14 +26,18 @@ * @bug 7146728 * @summary Interop test for DH with secret that has a leading 0x00 byte * @library .. + * @run main/othervm TestInterop + * @run main/othervm TestInterop sm */ import java.math.BigInteger; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; -import javax.crypto.spec.*; +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.util.Arrays; +import javax.crypto.KeyAgreement; +import javax.crypto.spec.DHPrivateKeySpec; +import javax.crypto.spec.DHPublicKeySpec; public class TestInterop extends PKCS11Test { @@ -72,6 +76,7 @@ public class TestInterop extends PKCS11Test { + "30313414180008978013330410484011186019824874948204261839391153650949864" + "429505597086564709"); + @Override public void main(Provider prov) throws Exception { if (prov.getService("KeyAgreement", "DH") == null) { System.out.println("DH not supported, skipping"); @@ -138,6 +143,6 @@ public class TestInterop extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestInterop()); + main(new TestInterop(), args); } } diff --git a/jdk/test/sun/security/pkcs11/KeyAgreement/TestShort.java b/jdk/test/sun/security/pkcs11/KeyAgreement/TestShort.java index ee9332764c8..aec6c0c7c16 100644 --- a/jdk/test/sun/security/pkcs11/KeyAgreement/TestShort.java +++ b/jdk/test/sun/security/pkcs11/KeyAgreement/TestShort.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,15 +27,19 @@ * @summary KAT test for DH (normal and with secret that has leading a 0x00 byte) * @author Andreas Sterbenz * @library .. + * @run main/othervm TestShort + * @run main/othervm TestShort sm */ import java.math.BigInteger; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; -import javax.crypto.spec.*; +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.util.Arrays; +import javax.crypto.KeyAgreement; +import javax.crypto.spec.DHPrivateKeySpec; +import javax.crypto.spec.DHPublicKeySpec; public class TestShort extends PKCS11Test { @@ -83,6 +87,7 @@ public class TestShort extends PKCS11Test { + "1a:6a:15:d8:a4:8c:0a:ce:f0:15:03:0c:c2:56:82:a2:75:9b:49:fe:ed:60:c5:6e" + ":de:47:55:62:4f:16:20:6d:74:cc:7b:95:93:25:2c:ea"); + @Override public void main(Provider provider) throws Exception { if (provider.getService("KeyAgreement", "DH") == null) { System.out.println("DH not supported, skipping"); @@ -142,7 +147,7 @@ public class TestShort extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestShort()); + main(new TestShort(), args); } } diff --git a/jdk/test/sun/security/pkcs11/KeyGenerator/DESParity.java b/jdk/test/sun/security/pkcs11/KeyGenerator/DESParity.java index 2d7f77bc9c5..3c8b3a52283 100644 --- a/jdk/test/sun/security/pkcs11/KeyGenerator/DESParity.java +++ b/jdk/test/sun/security/pkcs11/KeyGenerator/DESParity.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,19 +28,21 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm DESParity + * @run main/othervm DESParity sm */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.spec.*; - -import javax.crypto.*; -import javax.crypto.spec.*; +import java.security.Provider; +import java.util.Random; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.DESKeySpec; +import javax.crypto.spec.DESedeKeySpec; +import javax.crypto.spec.SecretKeySpec; public class DESParity extends PKCS11Test { + @Override public void main(Provider p) throws Exception { if (p.getService("SecretKeyFactory", "DES") == null) { System.out.println("Not supported by provider, skipping"); @@ -73,7 +75,7 @@ public class DESParity extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new DESParity()); + main(new DESParity(), args); } } diff --git a/jdk/test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java b/jdk/test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java index 3bd7e96f117..e0f669f58e3 100644 --- a/jdk/test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java +++ b/jdk/test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,13 +27,16 @@ * @summary test the KeyGenerator * @author Andreas Sterbenz * @library .. + * @run main/othervm TestKeyGenerator + * @run main/othervm TestKeyGenerator sm */ -import java.util.*; - -import java.security.*; - -import javax.crypto.*; +import java.security.InvalidParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.ProviderException; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; enum TestResult { PASS, @@ -44,7 +47,7 @@ enum TestResult { public class TestKeyGenerator extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new TestKeyGenerator()); + main(new TestKeyGenerator(), args); } private TestResult test(String algorithm, int keyLen, Provider p, @@ -85,6 +88,7 @@ public class TestKeyGenerator extends PKCS11Test { return actual; } + @Override public void main(Provider p) throws Exception { test("DES", 0, p, TestResult.FAIL); test("DES", 56, p, TestResult.PASS); // ensure JCE-Compatibility diff --git a/jdk/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java b/jdk/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java index c11911a12fd..840e1ce3dcf 100644 --- a/jdk/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java +++ b/jdk/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,14 +27,14 @@ * @summary Ensure that 2048-bit DH key pairs can be generated * @author Valerie Peng * @library .. + * @run main/othervm TestDH2048 + * @run main/othervm TestDH2048 sm */ -import java.io.*; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; +import java.security.InvalidParameterException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; public class TestDH2048 extends PKCS11Test { @@ -47,6 +47,7 @@ public class TestDH2048 extends PKCS11Test { } } + @Override public void main(Provider p) throws Exception { if (p.getService("KeyPairGenerator", "DH") == null) { System.out.println("KPG for DH not supported, skipping"); @@ -61,6 +62,6 @@ public class TestDH2048 extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestDH2048()); + main(new TestDH2048(), args); } } diff --git a/jdk/test/sun/security/pkcs11/Mac/MacKAT.java b/jdk/test/sun/security/pkcs11/Mac/MacKAT.java index c7da9297159..d7679f91ffd 100644 --- a/jdk/test/sun/security/pkcs11/Mac/MacKAT.java +++ b/jdk/test/sun/security/pkcs11/Mac/MacKAT.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,7 +36,8 @@ import javax.crypto.spec.SecretKeySpec; * @summary Basic known-answer-test for Hmac algorithms * @author Andreas Sterbenz * @library .. - * @run main MacKAT + * @run main/othervm MacKAT + * @run main/othervm MacKAT sm */ public class MacKAT extends PKCS11Test { @@ -178,7 +179,7 @@ public class MacKAT extends PKCS11Test { }; public static void main(String[] args) throws Exception { - main(new MacKAT()); + main(new MacKAT(), args); } @Override diff --git a/jdk/test/sun/security/pkcs11/Mac/MacSameTest.java b/jdk/test/sun/security/pkcs11/Mac/MacSameTest.java index 21eae39b0c6..8d6689721fc 100644 --- a/jdk/test/sun/security/pkcs11/Mac/MacSameTest.java +++ b/jdk/test/sun/security/pkcs11/Mac/MacSameTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,7 +36,8 @@ import javax.crypto.spec.SecretKeySpec; * @summary Check if doFinal and update operation result in same Mac * @author Yu-Ching Valerie Peng, Bill Situ, Alexander Fomin * @library .. - * @run main MacSameTest + * @run main/othervm MacSameTest + * @run main/othervm MacSameTest sm * @key randomness */ public class MacSameTest extends PKCS11Test { @@ -57,7 +58,7 @@ public class MacSameTest extends PKCS11Test { * @param args the command line arguments */ public static void main(String[] args) throws Exception { - main(new MacSameTest()); + main(new MacSameTest(), args); } @Override diff --git a/jdk/test/sun/security/pkcs11/Mac/ReinitMac.java b/jdk/test/sun/security/pkcs11/Mac/ReinitMac.java index 68bef343889..39970d8df00 100644 --- a/jdk/test/sun/security/pkcs11/Mac/ReinitMac.java +++ b/jdk/test/sun/security/pkcs11/Mac/ReinitMac.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,21 +28,22 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm ReinitMac + * @run main/othervm ReinitMac sm */ -import java.util.*; - -import java.security.*; - -import javax.crypto.*; -import javax.crypto.spec.*; +import java.security.Provider; +import java.util.Random; +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; public class ReinitMac extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new ReinitMac()); + main(new ReinitMac(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("Mac", "HmacMD5") == null) { System.out.println(p + " does not support HmacMD5, skipping"); diff --git a/jdk/test/sun/security/pkcs11/MessageDigest/ByteBuffers.java b/jdk/test/sun/security/pkcs11/MessageDigest/ByteBuffers.java index 1b502a95bcf..eca0485c8a9 100644 --- a/jdk/test/sun/security/pkcs11/MessageDigest/ByteBuffers.java +++ b/jdk/test/sun/security/pkcs11/MessageDigest/ByteBuffers.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,19 +28,23 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm ByteBuffers + * @run main/othervm ByteBuffers sm */ -import java.util.*; -import java.nio.*; - -import java.security.*; +import java.nio.ByteBuffer; +import java.security.MessageDigest; +import java.security.Provider; +import java.util.Arrays; +import java.util.Random; public class ByteBuffers extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new ByteBuffers()); + main(new ByteBuffers(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("MessageDigest", "MD5") == null) { System.out.println("Provider does not support MD5, skipping"); diff --git a/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java b/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java index e6f948d064f..0f48f28c859 100644 --- a/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java +++ b/jdk/test/sun/security/pkcs11/MessageDigest/DigestKAT.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,19 +27,23 @@ * @summary Basic known-answer-test for all our MessageDigest algorithms * @author Andreas Sterbenz * @library .. + * @run main/othervm DigestKAT + * @run main/othervm DigestKAT sm */ -import java.io.*; -import java.util.*; - -import java.security.*; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.StringReader; +import java.security.MessageDigest; +import java.security.Provider; +import java.util.Arrays; public class DigestKAT extends PKCS11Test { private final static char[] hexDigits = "0123456789abcdef".toCharArray(); public static String toString(byte[] b) { - StringBuffer sb = new StringBuffer(b.length * 3); + StringBuilder sb = new StringBuilder(b.length * 3); for (int i = 0; i < b.length; i++) { int k = b[i] & 0xff; if (i != 0) { @@ -106,6 +110,7 @@ public class DigestKAT extends PKCS11Test { this.data = data; this.digest = digest; } + @Override void run(Provider p) throws Exception { if (p.getService("MessageDigest", alg) == null) { System.out.println("Skipped " + alg); @@ -123,7 +128,6 @@ public class DigestKAT extends PKCS11Test { System.out.println("out: " + DigestKAT.toString(myDigest)); throw new Exception("Digest test for " + alg + " failed"); } -// System.out.println("Passed " + alg); } } @@ -221,12 +225,13 @@ public class DigestKAT extends PKCS11Test { System.out.println("Done (" + (stop - start) + " ms)."); } + @Override public void main(Provider p) throws Exception{ runTests(tests, p); } public static void main(String[] args) throws Exception { - main(new DigestKAT()); + main(new DigestKAT(), args); } } diff --git a/jdk/test/sun/security/pkcs11/MessageDigest/ReinitDigest.java b/jdk/test/sun/security/pkcs11/MessageDigest/ReinitDigest.java index 2f8290a2a7a..9d8250c9ab0 100644 --- a/jdk/test/sun/security/pkcs11/MessageDigest/ReinitDigest.java +++ b/jdk/test/sun/security/pkcs11/MessageDigest/ReinitDigest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,18 +28,22 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm ReinitDigest + * @run main/othervm ReinitDigest sm */ -import java.util.*; - -import java.security.*; +import java.security.MessageDigest; +import java.security.Provider; +import java.util.Arrays; +import java.util.Random; public class ReinitDigest extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new ReinitDigest()); + main(new ReinitDigest(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("MessageDigest", "MD5") == null) { System.out.println("Provider does not support MD5, skipping"); diff --git a/jdk/test/sun/security/pkcs11/MessageDigest/TestCloning.java b/jdk/test/sun/security/pkcs11/MessageDigest/TestCloning.java index 5ea2264109f..0aca8fbf791 100644 --- a/jdk/test/sun/security/pkcs11/MessageDigest/TestCloning.java +++ b/jdk/test/sun/security/pkcs11/MessageDigest/TestCloning.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,11 +28,14 @@ * @author Valerie Peng * @library .. * @key randomness + * @run main/othervm TestCloning + * @run main/othervm TestCloning sm */ -import java.util.*; - -import java.security.*; +import java.security.MessageDigest; +import java.security.Provider; +import java.util.Arrays; +import java.util.Random; public class TestCloning extends PKCS11Test { @@ -41,13 +44,14 @@ public class TestCloning extends PKCS11Test { }; public static void main(String[] args) throws Exception { - main(new TestCloning()); + main(new TestCloning(), args); } private static final byte[] data1 = new byte[10]; private static final byte[] data2 = new byte[10*1024]; + @Override public void main(Provider p) throws Exception { Random r = new Random(); byte[] data1 = new byte[10]; diff --git a/jdk/test/sun/security/pkcs11/PKCS11Test.java b/jdk/test/sun/security/pkcs11/PKCS11Test.java index e0a17eaa87e..46621e1ae2e 100644 --- a/jdk/test/sun/security/pkcs11/PKCS11Test.java +++ b/jdk/test/sun/security/pkcs11/PKCS11Test.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,15 +24,38 @@ // common infrastructure for SunPKCS11 tests -import java.io.*; -import java.util.*; - -import java.security.*; +import java.io.BufferedReader; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStreamReader; +import java.io.StringReader; +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyPairGenerator; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.ProviderException; +import java.security.Security; import java.security.spec.ECGenParameterSpec; import java.security.spec.ECParameterSpec; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.ServiceLoader; +import java.util.Set; public abstract class PKCS11Test { + private boolean enableSM = false; + + static final Properties props = System.getProperties(); + static final String PKCS11 = "PKCS11"; // directory of the test source @@ -40,7 +63,8 @@ public abstract class PKCS11Test { static final char SEP = File.separatorChar; - private final static String REL_CLOSED = "../../../../closed/sun/security/pkcs11".replace('/', SEP); + private static final String DEFAULT_POLICY = + BASE + SEP + ".." + SEP + "policy"; // directory corresponding to BASE in the /closed hierarchy static final String CLOSED_BASE; @@ -53,6 +77,9 @@ public abstract class PKCS11Test { String p1 = absBase.substring(0, k + 6); String p2 = absBase.substring(k + 5); CLOSED_BASE = p1 + "closed" + p2; + + // set it as a system property to make it available in policy file + System.setProperty("closed.base", CLOSED_BASE); } static String NSPR_PREFIX = ""; @@ -86,7 +113,7 @@ public abstract class PKCS11Test { if (p.getName().equals("SunPKCS11")) { found = true; break; - }; + } } catch (Exception e) { // ignore and move on to the next one } @@ -103,6 +130,19 @@ public abstract class PKCS11Test { pkcs11 = p; } + /* + * Use Solaris SPARC 11.2 or later to avoid an intermittent failure + * when running SunPKCS11-Solaris (8044554) + */ + static boolean isBadSolarisSparc(Provider p) { + if ("SunPKCS11-Solaris".equals(p.getName()) && badSolarisSparc) { + System.out.println("SunPKCS11-Solaris provider requires " + + "Solaris SPARC 11.2 or later, skipping"); + return true; + } + return false; + } + // Return a SunPKCS11 provider configured with the specified config file static Provider getSunPKCS11(String config) throws Exception { if (pkcs11 == null) { @@ -114,15 +154,43 @@ public abstract class PKCS11Test { public abstract void main(Provider p) throws Exception; private void premain(Provider p) throws Exception { - long start = System.currentTimeMillis(); - System.out.println("Running test with provider " + p.getName() + "..."); - main(p); - long stop = System.currentTimeMillis(); - System.out.println("Completed test with provider " + p.getName() + - " (" + (stop - start) + " ms)."); + // set a security manager and policy before a test case runs, + // and disable them after the test case finished + try { + if (enableSM) { + System.setSecurityManager(new SecurityManager()); + } + long start = System.currentTimeMillis(); + System.out.printf( + "Running test with provider %s (security manager %s) ...%n", + p.getName(), enableSM ? "enabled" : "disabled"); + main(p); + long stop = System.currentTimeMillis(); + System.out.println("Completed test with provider " + p.getName() + + " (" + (stop - start) + " ms)."); + } finally { + if (enableSM) { + System.setSecurityManager(null); + } + } } public static void main(PKCS11Test test) throws Exception { + main(test, null); + } + + public static void main(PKCS11Test test, String[] args) throws Exception { + if (args != null) { + if (args.length > 0 && "sm".equals(args[0])) { + test.enableSM = true; + } + if (test.enableSM) { + System.setProperty("java.security.policy", + (args.length > 1) ? BASE + SEP + args[1] + : DEFAULT_POLICY); + } + } + Provider[] oldProviders = Security.getProviders(); try { System.out.println("Beginning test run " + test.getClass().getName() + "..."); @@ -218,7 +286,6 @@ public abstract class PKCS11Test { } static String getNSSLibDir(String library) throws Exception { - Properties props = System.getProperties(); String osName = props.getProperty("os.name"); if (osName.startsWith("Win")) { osName = "Windows"; @@ -249,6 +316,15 @@ public abstract class PKCS11Test { return nssLibDir; } + static boolean isBadNSSVersion(Provider p) { + if (isNSS(p) && badNSSVersion) { + System.out.println("NSS 3.11 has a DER issue that recent " + + "version do not."); + return true; + } + return false; + } + protected static void safeReload(String lib) throws Exception { try { System.load(lib); @@ -317,34 +393,32 @@ public abstract class PKCS11Test { try { libfile = getNSSLibDir() + System.mapLibraryName(library); - FileInputStream is = new FileInputStream(libfile); - byte[] data = new byte[1000]; - int read = 0; + try (FileInputStream is = new FileInputStream(libfile)) { + byte[] data = new byte[1000]; + int read = 0; - while (is.available() > 0) { - if (read == 0) { - read = is.read(data, 0, 1000); - } else { - // Prepend last 100 bytes in case the header was split - // between the reads. - System.arraycopy(data, 900, data, 0, 100); - read = 100 + is.read(data, 100, 900); - } + while (is.available() > 0) { + if (read == 0) { + read = is.read(data, 0, 1000); + } else { + // Prepend last 100 bytes in case the header was split + // between the reads. + System.arraycopy(data, 900, data, 0, 100); + read = 100 + is.read(data, 100, 900); + } - s = new String(data, 0, read); - if ((i = s.indexOf(nssHeader)) > 0) { - found = true; - // If the nssHeader is before 920 we can break, otherwise - // we may not have the whole header so do another read. If - // no bytes are in the stream, that is ok, found is true. - if (i < 920) { - break; + s = new String(data, 0, read); + if ((i = s.indexOf(nssHeader)) > 0) { + found = true; + // If the nssHeader is before 920 we can break, otherwise + // we may not have the whole header so do another read. If + // no bytes are in the stream, that is ok, found is true. + if (i < 920) { + break; + } } } } - - is.close(); - } catch (Exception e) { e.printStackTrace(); } @@ -438,14 +512,13 @@ public abstract class PKCS11Test { } // Generate a vector of supported elliptic curves of a given provider - static Vector getKnownCurves(Provider p) throws Exception { + static List getKnownCurves(Provider p) throws Exception { int index; int begin; int end; String curve; - KeyPair kp = null; - Vector results = new Vector(); + List results = new ArrayList<>(); // Get Curves to test from SunEC. String kcProp = Security.getProvider("SunEC"). getProperty("AlgorithmParameters.EC SupportedCurves"); @@ -483,7 +556,7 @@ public abstract class PKCS11Test { try { KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p); kpg.initialize(e); - kp = kpg.generateKeyPair(); + kpg.generateKeyPair(); results.add(e); System.out.println("Supported"); } catch (ProviderException ex) { @@ -514,9 +587,8 @@ public abstract class PKCS11Test { } // Check support for a curve with a provided Vector of EC support - boolean checkSupport(Vector supportedEC, + boolean checkSupport(List supportedEC, ECParameterSpec curve) { - boolean found = false; for (ECParameterSpec ec: supportedEC) { if (ec.equals(curve)) { return true; @@ -529,7 +601,7 @@ public abstract class PKCS11Test { // Location of the NSS libraries on each supported platform static { - osMap = new HashMap(); + osMap = new HashMap<>(); osMap.put("SunOS-sparc-32", new String[]{"/usr/lib/mps/"}); osMap.put("SunOS-sparcv9-64", new String[]{"/usr/lib/mps/64/"}); osMap.put("SunOS-x86-32", new String[]{"/usr/lib/mps/"}); @@ -551,11 +623,20 @@ public abstract class PKCS11Test { private final static char[] hexDigits = "0123456789abcdef".toCharArray(); + static final boolean badNSSVersion = + getNSSVersion() >= 3.11 && getNSSVersion() < 3.12; + + static final boolean badSolarisSparc = + System.getProperty("os.name").equals("SunOS") && + System.getProperty("os.arch").equals("sparcv9") && + System.getProperty("os.version").compareTo("5.11") <= 0 && + getDistro().compareTo("11.2") < 0; + public static String toString(byte[] b) { if (b == null) { return "(null)"; } - StringBuffer sb = new StringBuffer(b.length * 3); + StringBuilder sb = new StringBuilder(b.length * 3); for (int i = 0; i < b.length; i++) { int k = b[i] & 0xff; if (i != 0) { @@ -637,8 +718,7 @@ public abstract class PKCS11Test { /** * Get the identifier for the operating system distribution */ - public String getDistro() { - + static String getDistro() { try (BufferedReader in = new BufferedReader(new InputStreamReader( Runtime.getRuntime().exec("uname -v").getInputStream()))) { diff --git a/jdk/test/sun/security/pkcs11/Secmod/AddPrivateKey.java b/jdk/test/sun/security/pkcs11/Secmod/AddPrivateKey.java index 56833bd2cc6..67c691a3bc2 100644 --- a/jdk/test/sun/security/pkcs11/Secmod/AddPrivateKey.java +++ b/jdk/test/sun/security/pkcs11/Secmod/AddPrivateKey.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,14 +28,26 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm AddPrivateKey + * @run main/othervm AddPrivateKey sm policy */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.KeyStore.*; -import java.security.cert.*; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.KeyFactory; +import java.security.KeyStore; +import java.security.KeyStore.PasswordProtection; +import java.security.KeyStore.PrivateKeyEntry; +import java.security.KeyStoreException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Security; +import java.security.Signature; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; // this test is currently only run for the NSS KeyStore provider, but it // is really a generic KeyStore test so it should be modified to run for @@ -63,6 +75,12 @@ public class AddPrivateKey extends SecmodTest { System.out.println(); Security.addProvider(p); + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + KeyStore ks = KeyStore.getInstance(PKCS11, p); ks.load(null, password); for (String alias : aliases(ks)) { diff --git a/jdk/test/sun/security/pkcs11/Secmod/AddTrustedCert.java b/jdk/test/sun/security/pkcs11/Secmod/AddTrustedCert.java index 6b2b545611a..2eedf3cd506 100644 --- a/jdk/test/sun/security/pkcs11/Secmod/AddTrustedCert.java +++ b/jdk/test/sun/security/pkcs11/Secmod/AddTrustedCert.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,14 +28,21 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm AddTrustedCert + * @run main/othervm AddTrustedCert sm policy */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.KeyStore.*; -import java.security.cert.*; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.KeyStore; +import java.security.KeyStore.TrustedCertificateEntry; +import java.security.Provider; +import java.security.Security; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Collections; +import java.util.TreeSet; public class AddTrustedCert extends SecmodTest { @@ -56,6 +63,13 @@ public class AddTrustedCert extends SecmodTest { System.out.println(p); Security.addProvider(p); + + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + KeyStore ks = KeyStore.getInstance(PKCS11, p); ks.load(null, password); Collection aliases = new TreeSet<>(Collections.list( diff --git a/jdk/test/sun/security/pkcs11/Secmod/Crypto.java b/jdk/test/sun/security/pkcs11/Secmod/Crypto.java index 735149f1c84..2e571051cbd 100644 --- a/jdk/test/sun/security/pkcs11/Secmod/Crypto.java +++ b/jdk/test/sun/security/pkcs11/Secmod/Crypto.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,9 +28,14 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm Crypto + * @run main/othervm Crypto sm policy */ -import java.security.*; +import java.io.File; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.security.Signature; public class Crypto extends SecmodTest { @@ -42,6 +47,12 @@ public class Crypto extends SecmodTest { String configName = BASE + SEP + "nsscrypto.cfg"; Provider p = getSunPKCS11(configName); + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p); KeyPair kp = kpg.generateKeyPair(); diff --git a/jdk/test/sun/security/pkcs11/Secmod/GetPrivateKey.java b/jdk/test/sun/security/pkcs11/Secmod/GetPrivateKey.java index a2547652348..b3170597b5d 100644 --- a/jdk/test/sun/security/pkcs11/Secmod/GetPrivateKey.java +++ b/jdk/test/sun/security/pkcs11/Secmod/GetPrivateKey.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,13 +29,19 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm GetPrivateKey + * @run main/othervm GetPrivateKey sm policy */ -import java.util.*; - -import java.security.*; -import java.security.KeyStore.*; -import java.security.cert.*; +import java.io.File; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.Security; +import java.security.Signature; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Collections; +import java.util.TreeSet; public class GetPrivateKey extends SecmodTest { @@ -49,6 +55,13 @@ public class GetPrivateKey extends SecmodTest { System.out.println(p); Security.addProvider(p); + + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + KeyStore ks = KeyStore.getInstance(PKCS11, p); ks.load(null, password); Collection aliases = new TreeSet<>( diff --git a/jdk/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java b/jdk/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java index e3a60befff4..7613fce9ba5 100644 --- a/jdk/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java +++ b/jdk/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,13 +28,19 @@ * @author Wang Weijun * @library .. * @run main/othervm JksSetPrivateKey + * @run main/othervm JksSetPrivateKey sm policy */ -import java.util.*; - -import java.security.*; -import java.security.KeyStore.*; -import java.security.cert.*; +import java.io.File; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.Security; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Collections; +import java.util.TreeSet; public class JksSetPrivateKey extends SecmodTest { @@ -48,9 +54,16 @@ public class JksSetPrivateKey extends SecmodTest { System.out.println(p); Security.addProvider(p); + + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + KeyStore ks = KeyStore.getInstance("PKCS11", p); ks.load(null, password); - Collection aliases = new TreeSet(Collections.list(ks.aliases())); + Collection aliases = new TreeSet<>(Collections.list(ks.aliases())); System.out.println("entries: " + aliases.size()); System.out.println(aliases); @@ -66,14 +79,14 @@ public class JksSetPrivateKey extends SecmodTest { jks.setKeyEntry("k1", privateKey, "changeit".toCharArray(), chain); throw new Exception("No, an NSS PrivateKey shouldn't be extractable and put inside a JKS keystore"); } catch (KeyStoreException e) { - System.err.println(e);; // This is OK + System.err.println(e); // This is OK } try { jks.setKeyEntry("k2", new DummyPrivateKey(), "changeit".toCharArray(), chain); throw new Exception("No, non-PKCS#8 key shouldn't be put inside a KeyStore"); } catch (KeyStoreException e) { - System.err.println(e);; // This is OK + System.err.println(e); // This is OK } System.out.println("OK"); @@ -81,35 +94,41 @@ public class JksSetPrivateKey extends SecmodTest { jks.setKeyEntry("k3", new DummyPrivateKey2(), "changeit".toCharArray(), chain); throw new Exception("No, not-extractble key shouldn't be put inside a KeyStore"); } catch (KeyStoreException e) { - System.err.println(e);; // This is OK + System.err.println(e); // This is OK } System.out.println("OK"); } } class DummyPrivateKey implements PrivateKey { + @Override public String getAlgorithm() { return "DUMMY"; } + @Override public String getFormat() { return "DUMMY"; } + @Override public byte[] getEncoded() { return "DUMMY".getBytes(); } } class DummyPrivateKey2 implements PrivateKey { + @Override public String getAlgorithm() { return "DUMMY"; } + @Override public String getFormat() { return "PKCS#8"; } + @Override public byte[] getEncoded() { return null; } diff --git a/jdk/test/sun/security/pkcs11/Secmod/LoadKeystore.java b/jdk/test/sun/security/pkcs11/Secmod/LoadKeystore.java index fd1aa694ddf..c08fe8446aa 100644 --- a/jdk/test/sun/security/pkcs11/Secmod/LoadKeystore.java +++ b/jdk/test/sun/security/pkcs11/Secmod/LoadKeystore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,7 @@ * questions. */ +import java.io.File; import java.io.IOException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -35,6 +36,7 @@ import java.util.Collections; * @summary Checks that PKCS#11 keystore can't be loaded with wrong password * @library ../ * @run main/othervm LoadKeystore + * @run main/othervm LoadKeystore sm policy */ public class LoadKeystore extends SecmodTest { @@ -50,6 +52,12 @@ public class LoadKeystore extends SecmodTest { System.out.println(); Security.addProvider(p); + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + try { System.out.println("Load keystore with wrong type"); KeyStore.getInstance("unknown", p); diff --git a/jdk/test/sun/security/pkcs11/Secmod/TrustAnchors.java b/jdk/test/sun/security/pkcs11/Secmod/TrustAnchors.java index 3d4a43bff30..277a51ec4c2 100644 --- a/jdk/test/sun/security/pkcs11/Secmod/TrustAnchors.java +++ b/jdk/test/sun/security/pkcs11/Secmod/TrustAnchors.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,13 +28,17 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm TrustAnchors + * @run main/othervm TrustAnchors sm policy */ -import java.util.*; - -import java.security.*; -import java.security.KeyStore.*; -import java.security.cert.*; +import java.io.File; +import java.security.KeyStore; +import java.security.Provider; +import java.security.Security; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Collections; +import java.util.TreeSet; public class TrustAnchors extends SecmodTest { @@ -57,9 +61,16 @@ public class TrustAnchors extends SecmodTest { System.out.println(p); Security.addProvider(p); + + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + KeyStore ks = KeyStore.getInstance("PKCS11", p); ks.load(null, null); - Collection aliases = new TreeSet(Collections.list(ks.aliases())); + Collection aliases = new TreeSet<>(Collections.list(ks.aliases())); System.out.println("entries: " + aliases.size()); System.out.println(aliases); diff --git a/jdk/test/sun/security/pkcs11/Secmod/policy b/jdk/test/sun/security/pkcs11/Secmod/policy new file mode 100644 index 00000000000..e4c95ca6dd5 --- /dev/null +++ b/jdk/test/sun/security/pkcs11/Secmod/policy @@ -0,0 +1,6 @@ +grant { + permission java.security.SecurityPermission "authProvider.*"; + permission java.io.FilePermission "${test.src}/-", "read"; + permission java.io.FilePermission "${pkcs11test.nss.db}/-", "read"; + permission java.io.FilePermission "${pkcs11test.nss.libdir}/-", "read"; +}; \ No newline at end of file diff --git a/jdk/test/sun/security/pkcs11/SecureRandom/Basic.java b/jdk/test/sun/security/pkcs11/SecureRandom/Basic.java index f9bfb1759ef..8c2c1686f73 100644 --- a/jdk/test/sun/security/pkcs11/SecureRandom/Basic.java +++ b/jdk/test/sun/security/pkcs11/SecureRandom/Basic.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,17 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm Basic + * @run main/othervm Basic sm */ -import java.io.*; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.SecureRandom; public class Basic extends PKCS11Test { + @Override public void main(Provider p) throws Exception { SecureRandom random; try { @@ -58,7 +58,7 @@ public class Basic extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new Basic()); + main(new Basic(), args); } } diff --git a/jdk/test/sun/security/pkcs11/Signature/ByteBuffers.java b/jdk/test/sun/security/pkcs11/Signature/ByteBuffers.java index d45063a8eda..39e4424af35 100644 --- a/jdk/test/sun/security/pkcs11/Signature/ByteBuffers.java +++ b/jdk/test/sun/security/pkcs11/Signature/ByteBuffers.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,19 +28,24 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm ByteBuffers + * @run main/othervm ByteBuffers sm */ -import java.util.*; -import java.nio.*; - -import java.security.*; +import java.nio.ByteBuffer; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.security.Signature; +import java.util.Random; public class ByteBuffers extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new ByteBuffers()); + main(new ByteBuffers(), args); } + @Override public void main(Provider p) throws Exception { /* @@ -48,9 +53,9 @@ public class ByteBuffers extends PKCS11Test { * when running SunPKCS11-Solaris provider (8044554) */ if (p.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && + props.getProperty("os.name").equals("SunOS") && + props.getProperty("os.arch").equals("sparcv9") && + props.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println("SunPKCS11-Solaris provider requires " + diff --git a/jdk/test/sun/security/pkcs11/Signature/TestDSA.java b/jdk/test/sun/security/pkcs11/Signature/TestDSA.java index 2b81bb3a333..c4fcf5d5956 100644 --- a/jdk/test/sun/security/pkcs11/Signature/TestDSA.java +++ b/jdk/test/sun/security/pkcs11/Signature/TestDSA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,14 +28,24 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm TestDSA + * @run main/othervm TestDSA sm */ -import java.io.*; -import java.util.*; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.StringReader; import java.math.BigInteger; - -import java.security.*; -import java.security.spec.*; +import java.security.KeyFactory; +import java.security.MessageDigest; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.spec.DSAPrivateKeySpec; +import java.security.spec.DSAPublicKeySpec; +import java.util.Random; public class TestDSA extends PKCS11Test { @@ -102,9 +112,10 @@ public class TestDSA extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestDSA()); + main(new TestDSA(), args); } + @Override public void main(Provider provider) throws Exception { long start = System.currentTimeMillis(); @@ -115,9 +126,9 @@ public class TestDSA extends PKCS11Test { * when running SunPKCS11-Solaris (8044554) */ if (provider.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && + props.getProperty("os.name").equals("SunOS") && + props.getProperty("os.arch").equals("sparcv9") && + props.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println("SunPKCS11-Solaris provider requires " + diff --git a/jdk/test/sun/security/pkcs11/Signature/TestDSAKeyLength.java b/jdk/test/sun/security/pkcs11/Signature/TestDSAKeyLength.java index efe97077628..f671bba3bd7 100644 --- a/jdk/test/sun/security/pkcs11/Signature/TestDSAKeyLength.java +++ b/jdk/test/sun/security/pkcs11/Signature/TestDSAKeyLength.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -20,6 +20,7 @@ * or visit www.oracle.com if you need additional information or have any * questions. */ + /* * @test * @bug 7200306 8029158 @@ -27,19 +28,24 @@ * with unsupported key sizes * @library .. * @key randomness + * @run main/othervm TestDSAKeyLength + * @run main/othervm TestDSAKeyLength sm */ - -import java.security.*; -import java.security.spec.*; -import java.security.interfaces.*; +import java.security.InvalidKeyException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.security.SecureRandom; +import java.security.Signature; public class TestDSAKeyLength extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new TestDSAKeyLength()); + main(new TestDSAKeyLength(), args); } + @Override public void main(Provider provider) throws Exception { if (isNSS(provider) && getNSSVersion() >= 3.14) { System.out.println("Skip testing NSS " + getNSSVersion()); @@ -51,9 +57,9 @@ public class TestDSAKeyLength extends PKCS11Test { * when running SunPKCS11-Solaris (8044554) */ if (provider.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && + props.getProperty("os.name").equals("SunOS") && + props.getProperty("os.arch").equals("sparcv9") && + props.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println("SunPKCS11-Solaris provider requires " + diff --git a/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java b/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java index 0b79e68d20c..43341472e99 100644 --- a/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java +++ b/jdk/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,14 +27,26 @@ * @summary Make sure initSign/initVerify() check RSA key lengths * @author Yu-Ching Valerie Peng * @library .. + * @run main/othervm TestRSAKeyLength + * @run main/othervm TestRSAKeyLength sm */ -import java.security.*; +import java.security.InvalidKeyException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignedObject; public class TestRSAKeyLength extends PKCS11Test { + public static void main(String[] args) throws Exception { - main(new TestRSAKeyLength()); + main(new TestRSAKeyLength(), args); } + + @Override public void main(Provider p) throws Exception { /* @@ -42,9 +54,9 @@ public class TestRSAKeyLength extends PKCS11Test { * when running SunPKCS11-Solaris (8044554) */ if (p.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && + props.getProperty("os.name").equals("SunOS") && + props.getProperty("os.arch").equals("sparcv9") && + props.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println("SunPKCS11-Solaris provider requires " + diff --git a/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java b/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java index 82b7f4abc26..4c0bbfba8f6 100644 --- a/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java +++ b/jdk/test/sun/security/pkcs11/ec/ReadCertificates.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,16 +29,31 @@ * @author Andreas Sterbenz * @library .. * @library ../../../../java/security/testlibrary + * @run main/othervm ReadCertificates + * @run main/othervm ReadCertificates sm policy */ -import java.io.*; -import java.util.*; - -import java.security.cert.*; -import java.security.*; -import java.security.interfaces.*; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.SignatureException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.security.interfaces.ECPublicKey; import java.security.spec.ECParameterSpec; - +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; import javax.security.auth.x500.X500Principal; public class ReadCertificates extends PKCS11Test { @@ -49,16 +64,18 @@ public class ReadCertificates extends PKCS11Test { private static Collection readCertificates(File file) throws Exception { System.out.println("Loading " + file.getName() + "..."); - InputStream in = new FileInputStream(file); - Collection certs = (Collection)factory.generateCertificates(in); - in.close(); + Collection certs; + try (InputStream in = new FileInputStream(file)) { + certs = (Collection)factory.generateCertificates(in); + } return certs; } public static void main(String[] args) throws Exception { - main(new ReadCertificates()); + main(new ReadCertificates(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("Signature", "SHA1withECDSA") == null) { System.out.println("Provider does not support ECDSA, skipping..."); @@ -79,7 +96,7 @@ public class ReadCertificates extends PKCS11Test { } catch (CertificateException e) { // ignore } - Map certs = new LinkedHashMap(); + Map certs = new LinkedHashMap<>(); File dir = new File(BASE, "certs"); File closedDir = new File(CLOSED_BASE, "certs"); @@ -103,7 +120,7 @@ public class ReadCertificates extends PKCS11Test { System.out.println("OK: " + certs.size() + " certificates."); // Get supported curves - Vector supportedEC = getKnownCurves(p); + List supportedEC = getKnownCurves(p); System.out.println("Test Certs:\n"); for (X509Certificate cert : certs.values()) { @@ -127,7 +144,8 @@ public class ReadCertificates extends PKCS11Test { System.out.println("Warning: " + e.getMessage() + ". Trying another provider..."); cert.verify(key); - } catch (Exception e) { + } catch (CertificateException | InvalidKeyException | + NoSuchProviderException | SignatureException e) { System.out.println(e.getMessage()); if (key instanceof ECPublicKey) { System.out.println("Failed.\n\tCurve: " + @@ -145,7 +163,7 @@ public class ReadCertificates extends PKCS11Test { // try some random invalid signatures to make sure we get the correct // error System.out.println("Checking incorrect signatures..."); - List certList = new ArrayList(certs.values()); + List certList = new ArrayList<>(certs.values()); for (int i = 0; i < 20; i++) { X509Certificate cert, signer; do { @@ -161,9 +179,7 @@ public class ReadCertificates extends PKCS11Test { } else { throw new Exception("Verified invalid signature"); } - } catch (SignatureException e) { - System.out.println("OK: " + e); - } catch (InvalidKeyException e) { + } catch (SignatureException | InvalidKeyException e) { System.out.println("OK: " + e); } } diff --git a/jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java b/jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java index 112470509fe..3252b08d195 100644 --- a/jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java +++ b/jdk/test/sun/security/pkcs11/ec/ReadPKCS12.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,26 +29,41 @@ * @library .. * @library ../../../../java/security/testlibrary * @key randomness + * @run main/othervm ReadPKCS12 + * @run main/othervm ReadPKCS12 sm policy */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.interfaces.*; -import java.security.cert.*; +import java.io.BufferedReader; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.FileReader; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; import java.security.cert.Certificate; - -import javax.security.auth.x500.X500Principal; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Random; public class ReadPKCS12 extends PKCS11Test { private final static boolean COPY = false; public static void main(String[] args) throws Exception { - main(new ReadPKCS12()); + main(new ReadPKCS12(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("Signature", "SHA1withECDSA") == null) { System.out.println("Provider does not support ECDSA, skipping..."); @@ -71,29 +86,30 @@ public class ReadPKCS12 extends PKCS11Test { KeyStore ks2; if (COPY) { ks2 = KeyStore.getInstance("JKS"); - InputStream in = new FileInputStream("keystore.old"); - ks2.load(in, "passphrase".toCharArray()); - in.close(); + try (InputStream in = new FileInputStream("keystore.old")) { + ks2.load(in, "passphrase".toCharArray()); + } } File dir = new File(BASE, "pkcs12"); File closedDir = new File(CLOSED_BASE, "pkcs12"); - Map passwords = new HashMap(); - BufferedReader reader = new BufferedReader(new FileReader((new File(BASE, "p12passwords.txt")))); - while (true) { - String line = reader.readLine(); - if (line == null) { - break; + Map passwords = new HashMap<>(); + try (BufferedReader reader = new BufferedReader( + new FileReader(new File(BASE, "p12passwords.txt")))) { + while (true) { + String line = reader.readLine(); + if (line == null) { + break; + } + line = line.trim(); + if ((line.length() == 0) || line.startsWith("#")) { + continue; + } + String[] s = line.split(" "); + passwords.put(s[0], s[1].toCharArray()); } - line = line.trim(); - if ((line.length() == 0) || line.startsWith("#")) { - continue; - } - String[] s = line.split(" "); - passwords.put(s[0], s[1].toCharArray()); } - reader.close(); for (File file : concat(dir.listFiles(), closedDir.listFiles())) { String name = file.getName(); @@ -108,10 +124,11 @@ public class ReadPKCS12 extends PKCS11Test { password = passwords.get("*"); } - InputStream in = new FileInputStream(file); - KeyStore ks = KeyStore.getInstance("PKCS12"); - ks.load(in, password); - in.close(); + KeyStore ks; + try (InputStream in = new FileInputStream(file)) { + ks = KeyStore.getInstance("PKCS12"); + ks.load(in, password); + } List aliases = Collections.list(ks.aliases()); System.out.println("Aliases: " + aliases); @@ -147,9 +164,9 @@ public class ReadPKCS12 extends PKCS11Test { } if (COPY) { - OutputStream out = new FileOutputStream("keystore.new"); - ks2.store(out, "passphrase".toCharArray()); - out.close(); + try (OutputStream out = new FileOutputStream("keystore.new")) { + ks2.store(out, "passphrase".toCharArray()); + } } System.out.println("OK"); diff --git a/jdk/test/sun/security/pkcs11/ec/TestCurves.java b/jdk/test/sun/security/pkcs11/ec/TestCurves.java index 3ada7788cf9..d8e52a9aa69 100644 --- a/jdk/test/sun/security/pkcs11/ec/TestCurves.java +++ b/jdk/test/sun/security/pkcs11/ec/TestCurves.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,53 +29,46 @@ * @library .. * @modules jdk.crypto.pkcs11/sun.security.pkcs11.wrapper * @compile -XDignore.symbol.file TestCurves.java - * @run main TestCurves + * @run main/othervm TestCurves + * @run main/othervm TestCurves sm * @key randomness */ -import java.util.*; - -import java.security.*; -import java.security.spec.*; - -import javax.crypto.*; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.security.ProviderException; +import java.security.Signature; +import java.security.spec.ECParameterSpec; +import java.util.Arrays; +import java.util.List; +import java.util.Random; +import javax.crypto.KeyAgreement; public class TestCurves extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new TestCurves()); + main(new TestCurves(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("KeyAgreement", "ECDH") == null) { System.out.println("Not supported by provider, skipping"); return; } - if (isNSS(p) && getNSSVersion() >= 3.11 && getNSSVersion() < 3.12) { - System.out.println("NSS 3.11 has a DER issue that recent " + - "version do not."); + if (isBadNSSVersion(p)) { return; } - /* - * Use Solaris SPARC 11.2 or later to avoid an intermittent failure - * when running SunPKCS11-Solaris (8044554) - */ - if (p.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && - getDistro().compareTo("11.2") < 0) { - - System.out.println("SunPKCS11-Solaris provider requires " + - "Solaris SPARC 11.2 or later, skipping"); + if (isBadSolarisSparc(p)) { return; } // Check if this is sparc for later failure avoidance. boolean sparc = false; - if (System.getProperty("os.arch").equals("sparcv9")) { + if (props.getProperty("os.arch").equals("sparcv9")) { sparc = true; System.out.println("This is a sparcv9"); } @@ -84,7 +77,7 @@ public class TestCurves extends PKCS11Test { byte[] data = new byte[2048]; random.nextBytes(data); - Vector curves = getKnownCurves(p); + List curves = getKnownCurves(p); for (ECParameterSpec params : curves) { System.out.println("Testing " + params + "..."); KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p); diff --git a/jdk/test/sun/security/pkcs11/ec/TestECDH.java b/jdk/test/sun/security/pkcs11/ec/TestECDH.java index 8d950818560..421f46ccfc2 100644 --- a/jdk/test/sun/security/pkcs11/ec/TestECDH.java +++ b/jdk/test/sun/security/pkcs11/ec/TestECDH.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,16 +28,21 @@ * @author Andreas Sterbenz * @library .. * @library ../../../../java/security/testlibrary + * @run main/othervm TestECDH + * @run main/othervm TestECDH sm policy */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.spec.*; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; import java.security.interfaces.ECPublicKey; - -import javax.crypto.*; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import java.util.Arrays; +import javax.crypto.KeyAgreement; public class TestECDH extends PKCS11Test { @@ -55,6 +60,7 @@ public class TestECDH extends PKCS11Test { private final static String secret163 = "04:ae:71:c1:c6:4d:f4:34:4d:72:70:a4:64:65:7f:2d:88:2d:3f:50:be"; + @Override public void main(Provider p) throws Exception { if (p.getService("KeyAgreement", "ECDH") == null) { System.out.println("Provider does not support ECDH, skipping"); @@ -89,10 +95,12 @@ public class TestECDH extends PKCS11Test { System.out.println("OK"); } - private final static void test(Provider p, String pub1s, String priv1s, String pub2s, String priv2s, String secrets) throws Exception { + private final static void test(Provider p, String pub1s, String priv1s, + String pub2s, String priv2s, String secrets) throws Exception { KeyFactory kf = KeyFactory.getInstance("EC", p); PublicKey pub1 = kf.generatePublic(new X509EncodedKeySpec(parse(pub1s))); - System.out.println("Testing using parameters " + ((ECPublicKey)pub1).getParams() + "..."); + System.out.println("Testing using parameters " + + ((ECPublicKey)pub1).getParams() + "..."); PrivateKey priv1 = kf.generatePrivate(new PKCS8EncodedKeySpec(parse(priv1s))); PublicKey pub2 = kf.generatePublic(new X509EncodedKeySpec(parse(pub2s))); @@ -121,7 +129,7 @@ public class TestECDH extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestECDH()); + main(new TestECDH(), args); } } diff --git a/jdk/test/sun/security/pkcs11/ec/TestECDH2.java b/jdk/test/sun/security/pkcs11/ec/TestECDH2.java index d5b03ae32aa..dee7a706ce7 100644 --- a/jdk/test/sun/security/pkcs11/ec/TestECDH2.java +++ b/jdk/test/sun/security/pkcs11/ec/TestECDH2.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,19 +30,25 @@ * @library ../../../../java/security/testlibrary * @modules java.base/sun.security.util * @compile -XDignore.symbol.file TestECDH2.java - * @run main TestECDH2 + * @run main/othervm TestECDH2 + * @run main/othervm TestECDH2 sm */ -import java.io.*; -import java.util.*; import java.math.BigInteger; - -import java.security.*; -import java.security.spec.*; -import java.security.interfaces.*; -import javax.crypto.*; - -import sun.security.util.ECUtil; +import java.security.AlgorithmParameters; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.spec.ECGenParameterSpec; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; +import java.util.Arrays; +import javax.crypto.KeyAgreement; public class TestECDH2 extends PKCS11Test { @@ -81,7 +87,9 @@ public class TestECDH2 extends PKCS11Test { private KeyPair genECKeyPair(String curvName, String privD, String pubX, String pubY, Provider p) throws Exception { - ECParameterSpec ecParams = ECUtil.getECParameterSpec(p, curvName); + AlgorithmParameters params = AlgorithmParameters.getInstance("EC", p); + params.init(new ECGenParameterSpec(curvName)); + ECParameterSpec ecParams = params.getParameterSpec(ECParameterSpec.class); ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(new BigInteger(privD, 16), ecParams); ECPublicKeySpec pubKeySpec = @@ -98,19 +106,17 @@ public class TestECDH2 extends PKCS11Test { return kpg.generateKeyPair(); } public static void main(String[] args) throws Exception { - main(new TestECDH2()); + main(new TestECDH2(), args); } + @Override public void main(Provider provider) throws Exception { if (provider.getService("KeyAgreement", "ECDH") == null) { System.out.println("ECDH not supported, skipping"); return; } - if (isNSS(provider) && getNSSVersion() >= 3.11 && - getNSSVersion() < 3.12) { - System.out.println("NSS 3.11 has a DER issue that recent " + - "version do not."); + if (isBadNSSVersion(provider)) { return; } diff --git a/jdk/test/sun/security/pkcs11/ec/TestECDSA.java b/jdk/test/sun/security/pkcs11/ec/TestECDSA.java index b1bd35f4783..9e0b8401aa9 100644 --- a/jdk/test/sun/security/pkcs11/ec/TestECDSA.java +++ b/jdk/test/sun/security/pkcs11/ec/TestECDSA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,13 +29,22 @@ * @library .. * @library ../../../../java/security/testlibrary * @key randomness + * @run main/othervm TestECDSA + * @run main/othervm TestECDSA sm policy */ -import java.util.*; - -import java.security.*; -import java.security.spec.*; -import java.security.interfaces.*; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.MessageDigest; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.interfaces.ECPublicKey; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import java.util.Random; public class TestECDSA extends PKCS11Test { @@ -79,7 +88,8 @@ public class TestECDSA extends PKCS11Test { private final static byte[] data2Raw = {}; private final static byte[] data2SHA = b("da:39:a3:ee:5e:6b:4b:0d:32:55:bf:ef:95:60:18:90:af:d8:07:09"); - private static void verify(Provider provider, String alg, PublicKey key, byte[] data, byte[] sig, boolean result) throws Exception { + private static void verify(Provider provider, String alg, PublicKey key, + byte[] data, byte[] sig, boolean result) throws Exception { Signature s = Signature.getInstance(alg, provider); s.initVerify(key); boolean r; @@ -105,9 +115,10 @@ public class TestECDSA extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestECDSA()); + main(new TestECDSA(), args); } + @Override public void main(Provider provider) throws Exception { long start = System.currentTimeMillis(); @@ -116,25 +127,11 @@ public class TestECDSA extends PKCS11Test { return; } - if (isNSS(provider) && getNSSVersion() >= 3.11 && - getNSSVersion() < 3.12) { - System.out.println("NSS 3.11 has a DER issue that recent " + - "version do not."); + if (isBadNSSVersion(provider)) { return; } - /* - * Use Solaris SPARC 11.2 or later to avoid an intermittent failure - * when running SunPKCS11-Solaris (8044554) - */ - if (provider.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && - getDistro().compareTo("11.2") < 0) { - - System.out.println("SunPKCS11-Solaris provider requires " + - "Solaris SPARC 11.2 or later, skipping"); + if (isBadSolarisSparc(provider)) { return; } diff --git a/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java b/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java index b3f234a5b0f..c2cd7188a03 100644 --- a/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java +++ b/jdk/test/sun/security/pkcs11/ec/TestECDSA2.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,18 +30,23 @@ * @library ../../../../java/security/testlibrary * @modules java.base/sun.security.util * @compile -XDignore.symbol.file TestECDSA2.java - * @run main TestECDSA2 + * @run main/othervm TestECDSA2 + * @run main/othervm TestECDSA2 sm */ -import java.io.*; -import java.util.*; import java.math.BigInteger; - -import java.security.*; -import java.security.spec.*; -import java.security.interfaces.*; - -import sun.security.util.ECUtil; +import java.security.AlgorithmParameters; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.spec.ECGenParameterSpec; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; public class TestECDSA2 extends PKCS11Test { @@ -78,7 +83,9 @@ public class TestECDSA2 extends PKCS11Test { private KeyPair genECKeyPair(String curvName, String privD, String pubX, String pubY, Provider p) throws Exception { - ECParameterSpec ecParams = ECUtil.getECParameterSpec(p, curvName); + AlgorithmParameters params = AlgorithmParameters.getInstance("EC", p); + params.init(new ECGenParameterSpec(curvName)); + ECParameterSpec ecParams = params.getParameterSpec(ECParameterSpec.class); ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(new BigInteger(privD, 16), ecParams); ECPublicKeySpec pubKeySpec = @@ -90,9 +97,10 @@ public class TestECDSA2 extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestECDSA2()); + main(new TestECDSA2(), args); } + @Override public void main(Provider provider) throws Exception { boolean testP256 = (provider.getService("Signature", "SHA256withECDSA") != null); @@ -105,10 +113,7 @@ public class TestECDSA2 extends PKCS11Test { return; } - if (isNSS(provider) && getNSSVersion() >= 3.11 && - getNSSVersion() < 3.12) { - System.out.println("NSS 3.11 has a DER issue that recent " + - "version do not."); + if (isBadNSSVersion(provider)) { return; } diff --git a/jdk/test/sun/security/pkcs11/ec/TestECGenSpec.java b/jdk/test/sun/security/pkcs11/ec/TestECGenSpec.java index 1dd2c326048..829b44ee7d9 100644 --- a/jdk/test/sun/security/pkcs11/ec/TestECGenSpec.java +++ b/jdk/test/sun/security/pkcs11/ec/TestECGenSpec.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,29 +27,32 @@ * @summary Verify that we can use ECGenParameterSpec * @author Andreas Sterbenz * @library .. + * @run main/othervm TestECGenSpec + * @run main/othervm TestECGenSpec sm */ -import java.util.*; - -import java.security.*; -import java.security.spec.*; +import java.security.AlgorithmParameters; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; import java.security.interfaces.ECPublicKey; +import java.security.spec.ECGenParameterSpec; +import java.security.spec.ECParameterSpec; public class TestECGenSpec extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new TestECGenSpec()); + main(new TestECGenSpec(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("Signature", "SHA1withECDSA") == null) { System.out.println("Provider does not support ECDSA, skipping..."); return; } - if (isNSS(p) && getNSSVersion() >= 3.11 && getNSSVersion() < 3.12) { - System.out.println("NSS 3.11 has a DER issue that recent " + - "version do not."); + if (isBadNSSVersion(p)) { return; } diff --git a/jdk/test/sun/security/pkcs11/ec/TestKeyFactory.java b/jdk/test/sun/security/pkcs11/ec/TestKeyFactory.java index 6df2fbb1320..519c861ce3d 100644 --- a/jdk/test/sun/security/pkcs11/ec/TestKeyFactory.java +++ b/jdk/test/sun/security/pkcs11/ec/TestKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,14 +27,23 @@ * @summary Test the P11ECKeyFactory * @author Andreas Sterbenz * @library .. + * @run main/othervm TestKeyFactory + * @run main/othervm TestKeyFactory sm */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.interfaces.*; -import java.security.spec.*; +import java.security.Key; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; +import java.security.spec.KeySpec; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import java.util.Arrays; public class TestKeyFactory extends PKCS11Test { @@ -111,9 +120,10 @@ public class TestKeyFactory extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestKeyFactory()); + main(new TestKeyFactory(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("KeyFactory", "EC") == null) { System.out.println("Provider does not support EC, skipping"); diff --git a/jdk/test/sun/security/pkcs11/ec/policy b/jdk/test/sun/security/pkcs11/ec/policy new file mode 100644 index 00000000000..c850c16bc58 --- /dev/null +++ b/jdk/test/sun/security/pkcs11/ec/policy @@ -0,0 +1,7 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.security.SecurityPermission "insertProvider.*"; + permission java.security.SecurityPermission "removeProvider.*"; + permission java.io.FilePermission "${test.src}/-", "read"; + permission java.io.FilePermission "${closed.base}/-", "read"; +}; \ No newline at end of file diff --git a/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java b/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java index 743b4562b87..619e8db530d 100644 --- a/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java +++ b/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,15 +29,21 @@ * @library .. * @modules java.base/com.sun.net.ssl.internal.ssl * @run main/othervm TrustManagerTest + * @run main/othervm TrustManagerTest sm TrustManagerTest.policy */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.cert.*; - -import javax.net.ssl.*; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.KeyStore; +import java.security.Policy; +import java.security.Provider; +import java.security.Security; +import java.security.URIParameter; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; // This test belongs more in JSSE than here, but the JSSE workspace does not // have the NSS test infrastructure. It will live here for the time being. @@ -73,6 +79,12 @@ public class TrustManagerTest extends SecmodTest { X509Certificate ca = loadCertificate("certs/ca.cer"); X509Certificate anchor = loadCertificate("certs/anchor.cer"); + if (args.length > 1 && "sm".equals(args[0])) { + Policy.setPolicy(Policy.getInstance("JavaPolicy", + new URIParameter(new File(BASE, args[1]).toURI()))); + System.setSecurityManager(new SecurityManager()); + } + KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(null, null); trustStore.setCertificateEntry("anchor", anchor); @@ -90,11 +102,10 @@ public class TrustManagerTest extends SecmodTest { } private static X509Certificate loadCertificate(String name) throws Exception { - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - InputStream in = new FileInputStream(BASE + SEP + name); - X509Certificate cert = (X509Certificate)cf.generateCertificate(in); - in.close(); - return cert; + try (InputStream in = new FileInputStream(BASE + SEP + name)) { + return (X509Certificate) CertificateFactory.getInstance("X.509") + .generateCertificate(in); + } } } diff --git a/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.policy b/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.policy new file mode 100644 index 00000000000..16bb57d4e1b --- /dev/null +++ b/jdk/test/sun/security/pkcs11/fips/TrustManagerTest.policy @@ -0,0 +1,3 @@ +grant { + +}; \ No newline at end of file diff --git a/jdk/test/sun/security/pkcs11/policy b/jdk/test/sun/security/pkcs11/policy new file mode 100644 index 00000000000..54281a78179 --- /dev/null +++ b/jdk/test/sun/security/pkcs11/policy @@ -0,0 +1,3 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; +}; \ No newline at end of file diff --git a/jdk/test/sun/security/pkcs11/rsa/KeyWrap.java b/jdk/test/sun/security/pkcs11/rsa/KeyWrap.java index 7f08481d6f7..e0bad7cd2d4 100644 --- a/jdk/test/sun/security/pkcs11/rsa/KeyWrap.java +++ b/jdk/test/sun/security/pkcs11/rsa/KeyWrap.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,18 +28,28 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm KeyWrap + * @run main/othervm KeyWrap sm */ -import java.io.*; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; -import javax.crypto.spec.*; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.util.Random; +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.spec.SecretKeySpec; public class KeyWrap extends PKCS11Test { + @Override public void main(Provider p) throws Exception { try { Cipher.getInstance("RSA/ECB/PKCS1Padding", p); @@ -62,7 +72,7 @@ public class KeyWrap extends PKCS11Test { PublicKey pub = (PublicKey)kf.translateKey(kp.getPublic()); PrivateKey priv = (PrivateKey)kf.translateKey(kp.getPrivate()); kp = new KeyPair(pub, priv); - } catch (Exception ee) { + } catch (NoSuchAlgorithmException | InvalidKeyException ee) { ee.printStackTrace(); System.out.println("Provider does not support RSA, skipping"); return; @@ -93,7 +103,7 @@ public class KeyWrap extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new KeyWrap()); + main(new KeyWrap(), args); } } diff --git a/jdk/test/sun/security/pkcs11/rsa/TestCACerts.java b/jdk/test/sun/security/pkcs11/rsa/TestCACerts.java index cd845c68201..24c16243585 100644 --- a/jdk/test/sun/security/pkcs11/rsa/TestCACerts.java +++ b/jdk/test/sun/security/pkcs11/rsa/TestCACerts.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,24 +28,28 @@ * @author Andreas Sterbenz * @library .. * @library ../../../../java/security/testlibrary + * @run main/othervm TestCACerts + * @run main/othervm TestCACerts sm TestCACerts.policy */ // this test serves as our known answer test -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.cert.*; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.KeyStore; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Security; +import java.security.cert.X509Certificate; +import java.util.Enumeration; public class TestCACerts extends PKCS11Test { - private final static char SEP = File.separatorChar; - public static void main(String[] args) throws Exception { - main(new TestCACerts()); + main(new TestCACerts(), args); } + @Override public void main(Provider p) throws Exception { /* @@ -53,9 +57,9 @@ public class TestCACerts extends PKCS11Test { * when running SunPKCS11-Solaris (8044554) */ if (p.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && + props.getProperty("os.name").equals("SunOS") && + props.getProperty("os.arch").equals("sparcv9") && + props.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println("SunPKCS11-Solaris provider requires " + @@ -67,12 +71,13 @@ public class TestCACerts extends PKCS11Test { Providers.setAt(p, 1); try { String PROVIDER = p.getName(); - String javaHome = System.getProperty("java.home"); + String javaHome = props.getProperty("java.home"); String caCerts = javaHome + SEP + "lib" + SEP + "security" + SEP + "cacerts"; - InputStream in = new FileInputStream(caCerts); - KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); - ks.load(in, null); - in.close(); + KeyStore ks; + try (InputStream in = new FileInputStream(caCerts)) { + ks = KeyStore.getInstance(KeyStore.getDefaultType()); + ks.load(in, null); + } for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) { String alias = (String)e.nextElement(); if (ks.isCertificateEntry(alias)) { diff --git a/jdk/test/sun/security/pkcs11/rsa/TestCACerts.policy b/jdk/test/sun/security/pkcs11/rsa/TestCACerts.policy new file mode 100644 index 00000000000..37f028361bc --- /dev/null +++ b/jdk/test/sun/security/pkcs11/rsa/TestCACerts.policy @@ -0,0 +1,7 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.security.SecurityPermission "insertProvider.*"; + permission java.security.SecurityPermission "removeProvider.*"; + permission java.util.PropertyPermission "java.home", "read"; + permission java.io.FilePermission "${java.home}/lib/security/cacerts", "read"; +}; \ No newline at end of file diff --git a/jdk/test/sun/security/pkcs11/rsa/TestKeyFactory.java b/jdk/test/sun/security/pkcs11/rsa/TestKeyFactory.java index 049be1046f9..802774285c3 100644 --- a/jdk/test/sun/security/pkcs11/rsa/TestKeyFactory.java +++ b/jdk/test/sun/security/pkcs11/rsa/TestKeyFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,26 +27,26 @@ * @summary Test KeyFactory of the new RSA provider * @author Andreas Sterbenz * @library .. + * @run main/othervm TestKeyFactory + * @run main/othervm TestKeyFactory sm rsakeys.ks.policy */ import java.io.*; import java.util.*; import java.security.*; -import java.security.interfaces.*; import java.security.spec.*; public class TestKeyFactory extends PKCS11Test { - private final static String BASE = System.getProperty("test.src", "."); - private static final char[] password = "test12".toCharArray(); static KeyStore getKeyStore() throws Exception { - InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks")); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(in, password); - in.close(); + KeyStore ks; + try (InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"))) { + ks = KeyStore.getInstance("JKS"); + ks.load(in, password); + } return ks; } @@ -128,9 +128,10 @@ public class TestKeyFactory extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestKeyFactory()); + main(new TestKeyFactory(), args); } + @Override public void main(Provider p) throws Exception { long start = System.currentTimeMillis(); KeyStore ks = getKeyStore(); diff --git a/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java b/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java index 655edd3b5a2..687a7a87bc1 100644 --- a/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java +++ b/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,16 +30,20 @@ * @library /lib/testlibrary * @build jdk.testlibrary.* * @run main/othervm TestKeyPairGenerator + * @run main/othervm TestKeyPairGenerator sm TestKeyPairGenerator.policy * @key intermittent randomness */ -import java.io.*; -import java.util.*; import java.math.BigInteger; - -import java.security.*; -import java.security.interfaces.*; -import java.security.spec.*; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.RSAKeyGenParameterSpec; import jdk.testlibrary.RandomFactory; public class TestKeyPairGenerator extends PKCS11Test { @@ -48,7 +52,8 @@ public class TestKeyPairGenerator extends PKCS11Test { private static byte[] data; - private static void testSignature(String algorithm, PrivateKey privateKey, PublicKey publicKey) throws Exception { + private static void testSignature(String algorithm, PrivateKey privateKey, + PublicKey publicKey) throws Exception { System.out.println("Testing " + algorithm + "..."); Signature s = Signature.getInstance(algorithm, provider); s.initSign(privateKey); @@ -98,9 +103,10 @@ public class TestKeyPairGenerator extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestKeyPairGenerator()); + main(new TestKeyPairGenerator(), args); } + @Override public void main(Provider p) throws Exception { long start = System.currentTimeMillis(); provider = p; diff --git a/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.policy b/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.policy new file mode 100644 index 00000000000..3f076e14679 --- /dev/null +++ b/jdk/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.policy @@ -0,0 +1,4 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.util.PropertyPermission "seed", "read"; +}; \ No newline at end of file diff --git a/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java b/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java index a6070ea675d..ae4718f4f56 100644 --- a/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java +++ b/jdk/test/sun/security/pkcs11/rsa/TestSignatures.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,18 +28,25 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm TestSignatures + * @run main/othervm TestSignatures sm rsakeys.ks.policy */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.interfaces.*; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.KeyFactory; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.interfaces.RSAPublicKey; +import java.util.Enumeration; +import java.util.Random; public class TestSignatures extends PKCS11Test { - private final static String BASE = System.getProperty("test.src", "."); - private static final char[] password = "test12".toCharArray(); private static Provider provider; @@ -47,14 +54,16 @@ public class TestSignatures extends PKCS11Test { private static byte[] data; static KeyStore getKeyStore() throws Exception { - InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks")); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(in, password); - in.close(); + KeyStore ks; + try (InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"))) { + ks = KeyStore.getInstance("JKS"); + ks.load(in, password); + } return ks; } - private static void testSignature(String algorithm, PrivateKey privateKey, PublicKey publicKey) throws Exception { + private static void testSignature(String algorithm, PrivateKey privateKey, + PublicKey publicKey) throws Exception { System.out.println("Testing " + algorithm + "..."); Signature s = Signature.getInstance(algorithm, provider); s.initSign(privateKey); @@ -78,7 +87,8 @@ public class TestSignatures extends PKCS11Test { } } - private static void test(PrivateKey privateKey, PublicKey publicKey) throws Exception { + private static void test(PrivateKey privateKey, PublicKey publicKey) + throws Exception { testSignature("MD2withRSA", privateKey, publicKey); testSignature("MD5withRSA", privateKey, publicKey); testSignature("SHA1withRSA", privateKey, publicKey); @@ -93,9 +103,10 @@ public class TestSignatures extends PKCS11Test { } public static void main(String[] args) throws Exception { - main(new TestSignatures()); + main(new TestSignatures(), args); } + @Override public void main(Provider p) throws Exception { /* @@ -103,9 +114,9 @@ public class TestSignatures extends PKCS11Test { * when running SunPKCS11-Solaris (8044554) */ if (p.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && + props.getProperty("os.name").equals("SunOS") && + props.getProperty("os.arch").equals("sparcv9") && + props.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println("SunPKCS11-Solaris provider requires " + diff --git a/jdk/test/sun/security/pkcs11/rsa/rsakeys.ks.policy b/jdk/test/sun/security/pkcs11/rsa/rsakeys.ks.policy new file mode 100644 index 00000000000..4a0b0d2c46d --- /dev/null +++ b/jdk/test/sun/security/pkcs11/rsa/rsakeys.ks.policy @@ -0,0 +1,4 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.io.FilePermission "${test.src}/rsakeys.ks", "read"; +}; \ No newline at end of file diff --git a/jdk/test/sun/security/pkcs11/sslecc/CipherTest.java b/jdk/test/sun/security/pkcs11/sslecc/CipherTest.java index 4ec23743b2a..f118d76d5c5 100644 --- a/jdk/test/sun/security/pkcs11/sslecc/CipherTest.java +++ b/jdk/test/sun/security/pkcs11/sslecc/CipherTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -47,7 +47,8 @@ public class CipherTest { // use any available port for the server socket static volatile int serverPort = 0; - final int THREADS; + static final int THREADS = Integer.getInteger("numThreads", 4); + static final String TEST_SRC = System.getProperty("test.src", "."); // assume that if we do not read anything for 20 seconds, something // has gone wrong @@ -68,6 +69,7 @@ public class CipherTest { this.cipherTest = cipherTest; } + @Override public abstract void run(); void handleRequest(InputStream in, OutputStream out) throws IOException { @@ -117,6 +119,7 @@ public class CipherTest { return TLSCipherStatus.isEnabled(cipherSuite, protocol); } + @Override public String toString() { String s = cipherSuite + " in " + protocol + " mode"; if (clientAuth != null) { @@ -260,7 +263,6 @@ public class CipherTest { private boolean failed; private CipherTest(PeerFactory peerFactory) throws IOException { - THREADS = Integer.parseInt(System.getProperty("numThreads", "4")); factory = (SSLSocketFactory)SSLSocketFactory.getDefault(); SSLSocket socket = (SSLSocket)factory.createSocket(); String[] cipherSuites = socket.getSupportedCipherSuites(); @@ -350,6 +352,7 @@ public class CipherTest { this.cipherTest = cipherTest; } + @Override public final void run() { while (true) { TestParameters params = cipherTest.getTest(); @@ -405,10 +408,11 @@ public class CipherTest { private static KeyStore readKeyStore(String name) throws Exception { File file = new File(PATH, name); - InputStream in = new FileInputStream(file); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(in, passwd); - in.close(); + KeyStore ks; + try (InputStream in = new FileInputStream(file)) { + ks = KeyStore.getInstance("JKS"); + ks.load(in, passwd); + } return ks; } @@ -421,7 +425,7 @@ public class CipherTest { } else { relPath = pathToStores; } - PATH = new File(System.getProperty("test.src", "."), relPath); + PATH = new File(TEST_SRC, relPath); CipherTest.peerFactory = peerFactory; System.out.print( "Initializing test '" + peerFactory.getName() + "'..."); @@ -494,16 +498,19 @@ class AlwaysTrustManager implements X509TrustManager { } + @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { // empty } + @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { // empty } + @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } @@ -522,6 +529,7 @@ class MyX509KeyManager extends X509ExtendedKeyManager { this.authType = "ECDSA".equals(authType) ? "EC" : authType; } + @Override public String[] getClientAliases(String keyType, Principal[] issuers) { if (authType == null) { return null; @@ -529,6 +537,7 @@ class MyX509KeyManager extends X509ExtendedKeyManager { return keyManager.getClientAliases(authType, issuers); } + @Override public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { if (authType == null) { @@ -538,6 +547,7 @@ class MyX509KeyManager extends X509ExtendedKeyManager { issuers, socket); } + @Override public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) { if (authType == null) { @@ -547,24 +557,29 @@ class MyX509KeyManager extends X509ExtendedKeyManager { issuers, engine); } + @Override public String[] getServerAliases(String keyType, Principal[] issuers) { throw new UnsupportedOperationException("Servers not supported"); } + @Override public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { throw new UnsupportedOperationException("Servers not supported"); } + @Override public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) { throw new UnsupportedOperationException("Servers not supported"); } + @Override public X509Certificate[] getCertificateChain(String alias) { return keyManager.getCertificateChain(alias); } + @Override public PrivateKey getPrivateKey(String alias) { return keyManager.getPrivateKey(alias); } @@ -577,6 +592,7 @@ class DaemonThreadFactory implements ThreadFactory { private final static ThreadFactory DEFAULT = Executors.defaultThreadFactory(); + @Override public Thread newThread(Runnable r) { Thread t = DEFAULT.newThread(r); t.setDaemon(true); diff --git a/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java b/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java index dea0495cd13..4a31b67c296 100644 --- a/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java +++ b/jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,25 +34,28 @@ * @library .. * @library ../../../../java/security/testlibrary * @run main/othervm ClientJSSEServerJSSE + * @run main/othervm ClientJSSEServerJSSE sm policy */ -import java.security.*; +import java.security.Provider; +import java.security.Security; public class ClientJSSEServerJSSE extends PKCS11Test { private static String[] cmdArgs; public static void main(String[] args) throws Exception { - cmdArgs = args; - main(new ClientJSSEServerJSSE()); - } - - public void main(Provider p) throws Exception { // reset security properties to make sure that the algorithms // and keys used in this test are not disabled. Security.setProperty("jdk.tls.disabledAlgorithms", ""); Security.setProperty("jdk.certpath.disabledAlgorithms", ""); + cmdArgs = args; + main(new ClientJSSEServerJSSE(), args); + } + + @Override + public void main(Provider p) throws Exception { if (p.getService("KeyFactory", "EC") == null) { System.out.println("Provider does not support EC, skipping"); return; @@ -64,14 +67,17 @@ public class ClientJSSEServerJSSE extends PKCS11Test { private static class JSSEFactory extends CipherTest.PeerFactory { + @Override String getName() { return "Client JSSE - Server JSSE"; } + @Override CipherTest.Client newClient(CipherTest cipherTest) throws Exception { return new JSSEClient(cipherTest); } + @Override CipherTest.Server newServer(CipherTest cipherTest) throws Exception { return new JSSEServer(cipherTest); } diff --git a/jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java b/jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java index af8d4b5a088..90c55e68e4a 100644 --- a/jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java +++ b/jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,16 +21,17 @@ * questions. */ -import java.io.*; -import java.net.*; -import java.util.*; -import java.util.concurrent.*; - -import java.security.*; -import java.security.cert.*; -import java.security.cert.Certificate; - -import javax.net.ssl.*; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.util.concurrent.Executor; +import java.util.concurrent.Executors; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.TrustManager; class JSSEServer extends CipherTest.Server { @@ -48,15 +49,17 @@ class JSSEServer extends CipherTest.Server { serverSocket.setWantClientAuth(true); } + @Override public void run() { System.out.println("JSSE Server listening on port " + cipherTest.serverPort); Executor exec = Executors.newFixedThreadPool - (cipherTest.THREADS, DaemonThreadFactory.INSTANCE); + (CipherTest.THREADS, DaemonThreadFactory.INSTANCE); try { while (true) { final SSLSocket socket = (SSLSocket)serverSocket.accept(); socket.setSoTimeout(cipherTest.TIMEOUT); Runnable r = new Runnable() { + @Override public void run() { try { InputStream in = socket.getInputStream(); diff --git a/jdk/test/sun/security/pkcs11/sslecc/policy b/jdk/test/sun/security/pkcs11/sslecc/policy new file mode 100644 index 00000000000..f95da0407a7 --- /dev/null +++ b/jdk/test/sun/security/pkcs11/sslecc/policy @@ -0,0 +1,9 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.security.SecurityPermission "insertProvider.*"; + permission java.security.SecurityPermission "removeProvider.*"; + permission java.util.PropertyPermission "test.src", "read"; + permission java.util.PropertyPermission "numThreads", "read"; + permission java.io.FilePermission "${test.src}/*", "read"; + permission java.net.SocketPermission "127.0.0.1:*", "listen,resolve,accept,connect"; +}; \ No newline at end of file diff --git a/jdk/test/sun/security/pkcs11/tls/TestKeyMaterial.java b/jdk/test/sun/security/pkcs11/tls/TestKeyMaterial.java index 99636d0e2aa..1511dff4d4b 100644 --- a/jdk/test/sun/security/pkcs11/tls/TestKeyMaterial.java +++ b/jdk/test/sun/security/pkcs11/tls/TestKeyMaterial.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,136 +28,138 @@ * @author Andreas Sterbenz * @library .. * @modules java.base/sun.security.internal.spec + * @run main/othervm TestKeyMaterial + * @run main/othervm TestKeyMaterial sm policy */ -import java.io.*; -import java.util.*; - -import java.security.Security; +import java.io.BufferedReader; +import java.nio.file.Files; +import java.nio.file.Paths; import java.security.Provider; - +import java.util.Arrays; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; - -import javax.crypto.spec.*; - -import sun.security.internal.spec.*; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import sun.security.internal.spec.TlsKeyMaterialParameterSpec; +import sun.security.internal.spec.TlsKeyMaterialSpec; public class TestKeyMaterial extends PKCS11Test { - private static int PREFIX_LENGTH = "km-master: ".length(); + private static final int PREFIX_LENGTH = "km-master: ".length(); public static void main(String[] args) throws Exception { - main(new TestKeyMaterial()); + main(new TestKeyMaterial(), args); } + @Override public void main(Provider provider) throws Exception { if (provider.getService("KeyGenerator", "SunTlsKeyMaterial") == null) { System.out.println("Provider does not support algorithm, skipping"); return; } - InputStream in = new FileInputStream(new File(BASE, "keymatdata.txt")); - BufferedReader reader = new BufferedReader(new InputStreamReader(in)); + try (BufferedReader reader = Files.newBufferedReader( + Paths.get(BASE, "keymatdata.txt"))) { - int n = 0; - int lineNumber = 0; + int n = 0; + int lineNumber = 0; - byte[] master = null; - int major = 0; - int minor = 0; - byte[] clientRandom = null; - byte[] serverRandom = null; - String cipherAlgorithm = null; - int keyLength = 0; - int expandedKeyLength = 0; - int ivLength = 0; - int macLength = 0; - byte[] clientCipherBytes = null; - byte[] serverCipherBytes = null; - byte[] clientIv = null; - byte[] serverIv = null; - byte[] clientMacBytes = null; - byte[] serverMacBytes = null; + byte[] master = null; + int major = 0; + int minor = 0; + byte[] clientRandom = null; + byte[] serverRandom = null; + String cipherAlgorithm = null; + int keyLength = 0; + int expandedKeyLength = 0; + int ivLength = 0; + int macLength = 0; + byte[] clientCipherBytes = null; + byte[] serverCipherBytes = null; + byte[] clientIv = null; + byte[] serverIv = null; + byte[] clientMacBytes = null; + byte[] serverMacBytes = null; - while (true) { - String line = reader.readLine(); - lineNumber++; - if (line == null) { - break; + while (true) { + String line = reader.readLine(); + lineNumber++; + if (line == null) { + break; + } + if (line.startsWith("km-") == false) { + continue; + } + String data = line.substring(PREFIX_LENGTH); + if (line.startsWith("km-master:")) { + master = parse(data); + } else if (line.startsWith("km-major:")) { + major = Integer.parseInt(data); + } else if (line.startsWith("km-minor:")) { + minor = Integer.parseInt(data); + } else if (line.startsWith("km-crandom:")) { + clientRandom = parse(data); + } else if (line.startsWith("km-srandom:")) { + serverRandom = parse(data); + } else if (line.startsWith("km-cipalg:")) { + cipherAlgorithm = data; + } else if (line.startsWith("km-keylen:")) { + keyLength = Integer.parseInt(data); + } else if (line.startsWith("km-explen:")) { + expandedKeyLength = Integer.parseInt(data); + } else if (line.startsWith("km-ivlen:")) { + ivLength = Integer.parseInt(data); + } else if (line.startsWith("km-maclen:")) { + macLength = Integer.parseInt(data); + } else if (line.startsWith("km-ccipkey:")) { + clientCipherBytes = parse(data); + } else if (line.startsWith("km-scipkey:")) { + serverCipherBytes = parse(data); + } else if (line.startsWith("km-civ:")) { + clientIv = parse(data); + } else if (line.startsWith("km-siv:")) { + serverIv = parse(data); + } else if (line.startsWith("km-cmackey:")) { + clientMacBytes = parse(data); + } else if (line.startsWith("km-smackey:")) { + serverMacBytes = parse(data); + + System.out.print("."); + n++; + + KeyGenerator kg = + KeyGenerator.getInstance("SunTlsKeyMaterial", provider); + SecretKey masterKey = + new SecretKeySpec(master, "TlsMasterSecret"); + TlsKeyMaterialParameterSpec spec = + new TlsKeyMaterialParameterSpec(masterKey, major, minor, + clientRandom, serverRandom, cipherAlgorithm, + keyLength, expandedKeyLength, ivLength, macLength, + null, -1, -1); + + kg.init(spec); + TlsKeyMaterialSpec result = + (TlsKeyMaterialSpec)kg.generateKey(); + match(lineNumber, clientCipherBytes, + result.getClientCipherKey(), cipherAlgorithm); + match(lineNumber, serverCipherBytes, + result.getServerCipherKey(), cipherAlgorithm); + match(lineNumber, clientIv, result.getClientIv(), ""); + match(lineNumber, serverIv, result.getServerIv(), ""); + match(lineNumber, clientMacBytes, result.getClientMacKey(), ""); + match(lineNumber, serverMacBytes, result.getServerMacKey(), ""); + + } else { + throw new Exception("Unknown line: " + line); + } } - if (line.startsWith("km-") == false) { - continue; - } - String data = line.substring(PREFIX_LENGTH); - if (line.startsWith("km-master:")) { - master = parse(data); - } else if (line.startsWith("km-major:")) { - major = Integer.parseInt(data); - } else if (line.startsWith("km-minor:")) { - minor = Integer.parseInt(data); - } else if (line.startsWith("km-crandom:")) { - clientRandom = parse(data); - } else if (line.startsWith("km-srandom:")) { - serverRandom = parse(data); - } else if (line.startsWith("km-cipalg:")) { - cipherAlgorithm = data; - } else if (line.startsWith("km-keylen:")) { - keyLength = Integer.parseInt(data); - } else if (line.startsWith("km-explen:")) { - expandedKeyLength = Integer.parseInt(data); - } else if (line.startsWith("km-ivlen:")) { - ivLength = Integer.parseInt(data); - } else if (line.startsWith("km-maclen:")) { - macLength = Integer.parseInt(data); - } else if (line.startsWith("km-ccipkey:")) { - clientCipherBytes = parse(data); - } else if (line.startsWith("km-scipkey:")) { - serverCipherBytes = parse(data); - } else if (line.startsWith("km-civ:")) { - clientIv = parse(data); - } else if (line.startsWith("km-siv:")) { - serverIv = parse(data); - } else if (line.startsWith("km-cmackey:")) { - clientMacBytes = parse(data); - } else if (line.startsWith("km-smackey:")) { - serverMacBytes = parse(data); - - System.out.print("."); - n++; - - KeyGenerator kg = - KeyGenerator.getInstance("SunTlsKeyMaterial", provider); - SecretKey masterKey = - new SecretKeySpec(master, "TlsMasterSecret"); - TlsKeyMaterialParameterSpec spec = - new TlsKeyMaterialParameterSpec(masterKey, major, minor, - clientRandom, serverRandom, cipherAlgorithm, - keyLength, expandedKeyLength, ivLength, macLength, - null, -1, -1); - - kg.init(spec); - TlsKeyMaterialSpec result = - (TlsKeyMaterialSpec)kg.generateKey(); - match(lineNumber, clientCipherBytes, - result.getClientCipherKey(), cipherAlgorithm); - match(lineNumber, serverCipherBytes, - result.getServerCipherKey(), cipherAlgorithm); - match(lineNumber, clientIv, result.getClientIv(), ""); - match(lineNumber, serverIv, result.getServerIv(), ""); - match(lineNumber, clientMacBytes, result.getClientMacKey(), ""); - match(lineNumber, serverMacBytes, result.getServerMacKey(), ""); - - } else { - throw new Exception("Unknown line: " + line); + if (n == 0) { + throw new Exception("no tests"); } + System.out.println(); + System.out.println("OK: " + n + " tests"); } - if (n == 0) { - throw new Exception("no tests"); - } - in.close(); - System.out.println(); - System.out.println("OK: " + n + " tests"); } private static void stripParity(byte[] b) { diff --git a/jdk/test/sun/security/pkcs11/tls/TestLeadingZeroesP11.java b/jdk/test/sun/security/pkcs11/tls/TestLeadingZeroesP11.java index ffaac041d33..a8d8f72a299 100644 --- a/jdk/test/sun/security/pkcs11/tls/TestLeadingZeroesP11.java +++ b/jdk/test/sun/security/pkcs11/tls/TestLeadingZeroesP11.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,15 +27,18 @@ * @summary Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement * @library .. * @author Pasi Eronen + * @run main/othervm TestLeadingZeroesP11 + * @run main/othervm TestLeadingZeroesP11 sm */ -import java.io.*; -import java.security.*; -import java.security.spec.*; -import java.security.interfaces.*; -import javax.crypto.*; -import javax.crypto.spec.*; -import javax.crypto.interfaces.*; + +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import javax.crypto.KeyAgreement; /** * Test that leading zeroes are stripped in TlsPremasterSecret case, @@ -48,9 +51,10 @@ import javax.crypto.interfaces.*; public class TestLeadingZeroesP11 extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new TestLeadingZeroesP11()); + main(new TestLeadingZeroesP11(), args); } + @Override public void main(Provider p) throws Exception { // decode pre-generated keypairs diff --git a/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.java b/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.java index fb00bd7fbf0..855b8c21f13 100644 --- a/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.java +++ b/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,111 +29,112 @@ * @library .. * @modules java.base/sun.security.internal.interfaces * java.base/sun.security.internal.spec + * @run main/othervm TestMasterSecret + * @run main/othervm TestMasterSecret sm TestMasterSecret.policy */ -import java.io.*; -import java.util.*; - -import java.security.Security; +import java.io.BufferedReader; +import java.nio.file.Files; +import java.nio.file.Paths; import java.security.Provider; - +import java.util.Arrays; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; - -import javax.crypto.spec.*; - -import sun.security.internal.spec.*; +import javax.crypto.spec.SecretKeySpec; import sun.security.internal.interfaces.TlsMasterSecret; +import sun.security.internal.spec.TlsMasterSecretParameterSpec; public class TestMasterSecret extends PKCS11Test { - private static int PREFIX_LENGTH = "m-premaster: ".length(); + private static final int PREFIX_LENGTH = "m-premaster: ".length(); public static void main(String[] args) throws Exception { - main(new TestMasterSecret()); + main(new TestMasterSecret(), args); } + @Override public void main(Provider provider) throws Exception { if (provider.getService("KeyGenerator", "SunTlsMasterSecret") == null) { System.out.println("Not supported by provider, skipping"); return; } - InputStream in = new FileInputStream(new File(BASE, "masterdata.txt")); - BufferedReader reader = new BufferedReader(new InputStreamReader(in)); - int n = 0; - int lineNumber = 0; + try (BufferedReader reader = Files.newBufferedReader( + Paths.get(BASE, "masterdata.txt"))) { - String algorithm = null; - byte[] premaster = null; - byte[] clientRandom = null; - byte[] serverRandom = null; - int protoMajor = 0; - int protoMinor = 0; - int preMajor = 0; - int preMinor = 0; - byte[] master = null; + int n = 0; + int lineNumber = 0; - while (true) { - String line = reader.readLine(); - lineNumber++; - if (line == null) { - break; - } - if (line.startsWith("m-") == false) { - continue; - } - String data = line.substring(PREFIX_LENGTH); - if (line.startsWith("m-algorithm:")) { - algorithm = data; - } else if (line.startsWith("m-premaster:")) { - premaster = parse(data); - } else if (line.startsWith("m-crandom:")) { - clientRandom = parse(data); - } else if (line.startsWith("m-srandom:")) { - serverRandom = parse(data); - } else if (line.startsWith("m-protomajor:")) { - protoMajor = Integer.parseInt(data); - } else if (line.startsWith("m-protominor:")) { - protoMinor = Integer.parseInt(data); - } else if (line.startsWith("m-premajor:")) { - preMajor = Integer.parseInt(data); - } else if (line.startsWith("m-preminor:")) { - preMinor = Integer.parseInt(data); - } else if (line.startsWith("m-master:")) { - master = parse(data); + String algorithm = null; + byte[] premaster = null; + byte[] clientRandom = null; + byte[] serverRandom = null; + int protoMajor = 0; + int protoMinor = 0; + int preMajor = 0; + int preMinor = 0; + byte[] master = null; - System.out.print("."); - n++; - - KeyGenerator kg = - KeyGenerator.getInstance("SunTlsMasterSecret", provider); - SecretKey premasterKey = - new SecretKeySpec(premaster, algorithm); - TlsMasterSecretParameterSpec spec = - new TlsMasterSecretParameterSpec(premasterKey, - protoMajor, protoMinor, clientRandom, serverRandom, - null, -1, -1); - kg.init(spec); - TlsMasterSecret key = (TlsMasterSecret)kg.generateKey(); - byte[] enc = key.getEncoded(); - if (Arrays.equals(master, enc) == false) { - throw new Exception("mismatch line: " + lineNumber); + while (true) { + String line = reader.readLine(); + lineNumber++; + if (line == null) { + break; } - if ((preMajor != key.getMajorVersion()) || - (preMinor != key.getMinorVersion())) { - throw new Exception("version mismatch line: " + lineNumber); + if (line.startsWith("m-") == false) { + continue; + } + String data = line.substring(PREFIX_LENGTH); + if (line.startsWith("m-algorithm:")) { + algorithm = data; + } else if (line.startsWith("m-premaster:")) { + premaster = parse(data); + } else if (line.startsWith("m-crandom:")) { + clientRandom = parse(data); + } else if (line.startsWith("m-srandom:")) { + serverRandom = parse(data); + } else if (line.startsWith("m-protomajor:")) { + protoMajor = Integer.parseInt(data); + } else if (line.startsWith("m-protominor:")) { + protoMinor = Integer.parseInt(data); + } else if (line.startsWith("m-premajor:")) { + preMajor = Integer.parseInt(data); + } else if (line.startsWith("m-preminor:")) { + preMinor = Integer.parseInt(data); + } else if (line.startsWith("m-master:")) { + master = parse(data); + + System.out.print("."); + n++; + + KeyGenerator kg = + KeyGenerator.getInstance("SunTlsMasterSecret", provider); + SecretKey premasterKey = + new SecretKeySpec(premaster, algorithm); + TlsMasterSecretParameterSpec spec = + new TlsMasterSecretParameterSpec(premasterKey, + protoMajor, protoMinor, clientRandom, serverRandom, + null, -1, -1); + kg.init(spec); + TlsMasterSecret key = (TlsMasterSecret)kg.generateKey(); + byte[] enc = key.getEncoded(); + if (Arrays.equals(master, enc) == false) { + throw new Exception("mismatch line: " + lineNumber); + } + if ((preMajor != key.getMajorVersion()) || + (preMinor != key.getMinorVersion())) { + throw new Exception("version mismatch line: " + lineNumber); + } + } else { + throw new Exception("Unknown line: " + line); } - } else { - throw new Exception("Unknown line: " + line); } + if (n == 0) { + throw new Exception("no tests"); + } + System.out.println(); + System.out.println("OK: " + n + " tests"); } - if (n == 0) { - throw new Exception("no tests"); - } - in.close(); - System.out.println(); - System.out.println("OK: " + n + " tests"); } } diff --git a/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.policy b/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.policy new file mode 100644 index 00000000000..4b98541ad7a --- /dev/null +++ b/jdk/test/sun/security/pkcs11/tls/TestMasterSecret.policy @@ -0,0 +1,8 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.io.FilePermission "${test.src}/*", "read"; + permission java.lang.RuntimePermission + "accessClassInPackage.sun.security.internal.spec"; + permission java.lang.RuntimePermission + "accessClassInPackage.sun.security.internal.interfaces"; +}; \ No newline at end of file diff --git a/jdk/test/sun/security/pkcs11/tls/TestPRF.java b/jdk/test/sun/security/pkcs11/tls/TestPRF.java index eefffe70820..6e05ea64f90 100644 --- a/jdk/test/sun/security/pkcs11/tls/TestPRF.java +++ b/jdk/test/sun/security/pkcs11/tls/TestPRF.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,116 +28,116 @@ * @author Andreas Sterbenz * @library .. * @modules java.base/sun.security.internal.spec + * @run main/othervm TestPRF + * @run main/othervm TestPRF sm policy */ -import java.io.*; -import java.util.*; - -import java.security.Security; +import java.io.BufferedReader; +import java.nio.file.Files; +import java.nio.file.Paths; import java.security.Provider; - +import java.util.Arrays; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; - -import javax.crypto.spec.*; - -import sun.security.internal.spec.*; +import javax.crypto.spec.SecretKeySpec; +import sun.security.internal.spec.TlsPrfParameterSpec; public class TestPRF extends PKCS11Test { - private static int PREFIX_LENGTH = "prf-output: ".length(); + private static final int PREFIX_LENGTH = "prf-output: ".length(); public static void main(String[] args) throws Exception { - main(new TestPRF()); + main(new TestPRF(), args); } + @Override public void main(Provider provider) throws Exception { if (provider.getService("KeyGenerator", "SunTlsPrf") == null) { System.out.println("Provider does not support algorithm, skipping"); return; } - InputStream in = new FileInputStream(new File(BASE, "prfdata.txt")); - BufferedReader reader = new BufferedReader(new InputStreamReader(in)); + try (BufferedReader reader = Files.newBufferedReader( + Paths.get(BASE, "prfdata.txt"))) { - int n = 0; - int lineNumber = 0; + int n = 0; + int lineNumber = 0; - byte[] secret = null; - String label = null; - byte[] seed = null; - int length = 0; - byte[] output = null; + byte[] secret = null; + String label = null; + byte[] seed = null; + int length = 0; + byte[] output = null; - while (true) { - String line = reader.readLine(); - lineNumber++; - if (line == null) { - break; - } - if (line.startsWith("prf-") == false) { - continue; - } - - String data = line.substring(PREFIX_LENGTH); - if (line.startsWith("prf-secret:")) { - secret = parse(data); - } else if (line.startsWith("prf-label:")) { - label = data; - } else if (line.startsWith("prf-seed:")) { - seed = parse(data); - } else if (line.startsWith("prf-length:")) { - length = Integer.parseInt(data); - } else if (line.startsWith("prf-output:")) { - output = parse(data); - - System.out.print("."); - n++; - - KeyGenerator kg = - KeyGenerator.getInstance("SunTlsPrf", provider); - SecretKey inKey; - if (secret == null) { - inKey = null; - } else { - inKey = new SecretKeySpec(secret, "Generic"); + while (true) { + String line = reader.readLine(); + lineNumber++; + if (line == null) { + break; } - TlsPrfParameterSpec spec = - new TlsPrfParameterSpec(inKey, label, seed, length, - null, -1, -1); - SecretKey key; - try { - kg.init(spec); - key = kg.generateKey(); - } catch (Exception e) { + if (line.startsWith("prf-") == false) { + continue; + } + + String data = line.substring(PREFIX_LENGTH); + if (line.startsWith("prf-secret:")) { + secret = parse(data); + } else if (line.startsWith("prf-label:")) { + label = data; + } else if (line.startsWith("prf-seed:")) { + seed = parse(data); + } else if (line.startsWith("prf-length:")) { + length = Integer.parseInt(data); + } else if (line.startsWith("prf-output:")) { + output = parse(data); + + System.out.print("."); + n++; + + KeyGenerator kg = + KeyGenerator.getInstance("SunTlsPrf", provider); + SecretKey inKey; if (secret == null) { - // This fails on Solaris, but since we never call this - // API for this case in JSSE, ignore the failure. - // (SunJSSE uses the CKM_TLS_KEY_AND_MAC_DERIVE - // mechanism) - System.out.print("X"); - continue; + inKey = null; + } else { + inKey = new SecretKeySpec(secret, "Generic"); } - System.out.println(); - throw new Exception("Error on line: " + lineNumber, e); + TlsPrfParameterSpec spec = + new TlsPrfParameterSpec(inKey, label, seed, length, + null, -1, -1); + SecretKey key; + try { + kg.init(spec); + key = kg.generateKey(); + } catch (Exception e) { + if (secret == null) { + // This fails on Solaris, but since we never call this + // API for this case in JSSE, ignore the failure. + // (SunJSSE uses the CKM_TLS_KEY_AND_MAC_DERIVE + // mechanism) + System.out.print("X"); + continue; + } + System.out.println(); + throw new Exception("Error on line: " + lineNumber, e); + } + byte[] enc = key.getEncoded(); + if (Arrays.equals(output, enc) == false) { + System.out.println(); + System.out.println("expected: " + toString(output)); + System.out.println("actual: " + toString(enc)); + throw new Exception("mismatch line: " + lineNumber); + } + } else { + throw new Exception("Unknown line: " + line); } - byte[] enc = key.getEncoded(); - if (Arrays.equals(output, enc) == false) { - System.out.println(); - System.out.println("expected: " + toString(output)); - System.out.println("actual: " + toString(enc)); - throw new Exception("mismatch line: " + lineNumber); - } - } else { - throw new Exception("Unknown line: " + line); } + if (n == 0) { + throw new Exception("no tests"); + } + System.out.println(); + System.out.println("OK: " + n + " tests"); } - if (n == 0) { - throw new Exception("no tests"); - } - in.close(); - System.out.println(); - System.out.println("OK: " + n + " tests"); } } diff --git a/jdk/test/sun/security/pkcs11/tls/TestPremaster.java b/jdk/test/sun/security/pkcs11/tls/TestPremaster.java index 15b13ac8507..bbbbf2c376d 100644 --- a/jdk/test/sun/security/pkcs11/tls/TestPremaster.java +++ b/jdk/test/sun/security/pkcs11/tls/TestPremaster.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,23 +28,22 @@ * @author Andreas Sterbenz * @library .. * @modules java.base/sun.security.internal.spec + * @run main/othervm TestPremaster + * @run main/othervm TestPremaster sm policy */ -import java.security.Security; import java.security.Provider; - import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; -import java.util.Formatter; - import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; public class TestPremaster extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new TestPremaster()); + main(new TestPremaster(), args); } + @Override public void main(Provider provider) throws Exception { if (provider.getService( "KeyGenerator", "SunTlsRsaPremasterSecret") == null) { diff --git a/jdk/test/sun/security/pkcs11/tls/policy b/jdk/test/sun/security/pkcs11/tls/policy new file mode 100644 index 00000000000..6d161b9b2e5 --- /dev/null +++ b/jdk/test/sun/security/pkcs11/tls/policy @@ -0,0 +1,5 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.io.FilePermission "${test.src}/*", "read"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.internal.spec"; +}; \ No newline at end of file