/* * Copyright (c) 2017, 2018, Red Hat, Inc. and/or its affiliates. * * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @bug 8165996 * @summary Test NSS DB Sqlite * @comment There is no NSS on Aix. * @requires os.family != "aix" * @library /test/lib ../ * @modules java.base/sun.security.rsa * java.base/sun.security.provider * java.base/sun.security.jca * java.base/sun.security.tools.keytool * java.base/sun.security.x509 * java.base/com.sun.crypto.provider * jdk.crypto.cryptoki/sun.security.pkcs11:+open * @run main/othervm/timeout=120 TestNssDbSqlite * @author Martin Balao (mbalao@redhat.com) */ import java.security.PrivateKey; import java.security.cert.Certificate; import java.security.KeyStore; import java.security.Provider; import java.security.Signature; import sun.security.rsa.SunRsaSign; import sun.security.jca.ProviderList; import sun.security.jca.Providers; import sun.security.tools.keytool.CertAndKeyGen; import sun.security.x509.X500Name; public final class TestNssDbSqlite extends SecmodTest { private static final boolean enableDebug = true; private static Provider sunPKCS11NSSProvider; private static Provider sunRsaSignProvider; private static Provider sunJCEProvider; private static KeyStore ks; private static char[] passphrase = "test12".toCharArray(); private static PrivateKey privateKey; private static Certificate certificate; public static void main(String[] args) throws Exception { if (!initialize()) { return; } if (enableDebug) { System.out.println("SunPKCS11 provider: " + sunPKCS11NSSProvider); } testRetrieveKeysFromKeystore(); System.out.println("Test PASS - OK"); } private static void testRetrieveKeysFromKeystore() throws Exception { String plainText = "known plain text"; ks.setKeyEntry("root_ca_1", privateKey, passphrase, new Certificate[]{certificate}); PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase); Signature sS = Signature.getInstance( "SHA256withRSA", sunPKCS11NSSProvider); sS.initSign(k1); sS.update(plainText.getBytes()); byte[] generatedSignature = sS.sign(); if (enableDebug) { System.out.println("Generated signature: "); for (byte b : generatedSignature) { System.out.printf("0x%02x, ", (int)(b) & 0xFF); } System.out.println(""); } Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider); sV.initVerify(certificate); sV.update(plainText.getBytes()); if(!sV.verify(generatedSignature)){ throw new Exception("Couldn't verify signature"); } } private static boolean initialize() throws Exception { return initializeProvider(); } private static boolean initializeProvider() throws Exception { useSqlite(true); if (!initSecmod()) { System.out.println("Cannot init security module database, skipping"); return false; } sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg"); sunJCEProvider = new com.sun.crypto.provider.SunJCE(); sunRsaSignProvider = new SunRsaSign(); Providers.setProviderList(ProviderList.newList( sunJCEProvider, sunPKCS11NSSProvider, new sun.security.provider.Sun(), sunRsaSignProvider)); ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider); ks.load(null, passphrase); CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA"); gen.generate(2048); privateKey = gen.getPrivateKey(); certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365); return true; } }