stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c4c6b1fe06
jdk-24/test/jdk/sun/security/mscapi/VeryLongAlias.java
Weijun Wang f77a658557 8153005: Upgrade the default PKCS12 encryption/MAC algorithms 
Reviewed-by: mullan
2020-10-30 13:23:33 +00:00

121 lines
4.3 KiB
Java
Raw Blame History

/*
* Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8223063 8153005
* @requires os.family == "windows"
* @library /test/lib
* @summary Support CNG RSA keys
*/
import jdk.test.lib.SecurityTools;
import jdk.test.lib.process.ProcessTools;
import java.io.File;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Random;
public class VeryLongAlias {
static String alias = String.format("%0512d", new Random().nextInt(100000));
public static void main(String[] args) throws Throwable {
// Using the old algorithms to make sure the file is recognized
// by the certutil command on old versions of Windows.
SecurityTools.keytool(
"-J-Dkeystore.pkcs12.legacy"
+ " -genkeypair -storetype pkcs12 -keystore ks"
+ " -storepass changeit -keyalg RSA -dname CN=A -alias "
+ alias);
String id = ((X509Certificate)KeyStore.getInstance(
new File("ks"), "changeit".toCharArray())
.getCertificate(alias)).getSerialNumber().toString(16);
try {
// Importing pkcs12 file. Long alias is only supported by CNG.
ProcessTools.executeCommand("certutil", "-v", "-p", "changeit",
"-csp", "Microsoft Software Key Storage Provider",
"-user", "-importpfx", "MY", "ks", "NoRoot,NoExport")
.shouldHaveExitValue(0);
test();
} finally {
ProcessTools.executeCommand("certutil", "-user", "-delstore", "MY",
id);
}
}
static void test() throws Exception {
char[] pass = "changeit".toCharArray();
KeyStore k1 = KeyStore.getInstance("Windows-MY");
k1.load(null, null);
KeyStore k2 = KeyStore.getInstance(new File("ks"), pass);
PrivateKey p1 = (PrivateKey)k1.getKey(alias, null);
PublicKey u1 = k1.getCertificate(alias).getPublicKey();
PrivateKey p2 = (PrivateKey)k2.getKey(alias, pass);
PublicKey u2 = k2.getCertificate(alias).getPublicKey();
System.out.println(p1.toString());
System.out.println(u1.toString());
if (!p1.toString().contains("type=CNG")) {
throw new Exception("Not a CNG key");
}
testSignature(p1, u1);
testSignature(p1, u2);
testSignature(p2, u1);
testSignature(p2, u2);
}
static void testSignature(PrivateKey p, PublicKey u) throws Exception {
byte[] data = "hello".getBytes();
for (String alg : List.of(
"NONEwithRSA", "SHA1withRSA",
"SHA256withRSA", "SHA512withRSA")) {
if (alg.contains("NONE")) {
data = MessageDigest.getInstance("SHA-256").digest(data);
}
Signature s1 = Signature.getInstance(alg);
Signature s2 = Signature.getInstance(alg);
s1.initSign(p);
s2.initVerify(u);
s1.update(data);
s2.update(data);
if (!s2.verify(s1.sign())) {
throw new Exception("Error");
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink