253 lines
9.9 KiB
Java
253 lines
9.9 KiB
Java
/*
|
|
* Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/*
|
|
* @test
|
|
* @bug 6578658
|
|
* @modules java.base/sun.security.x509
|
|
* java.base/sun.security.tools.keytool
|
|
* @requires os.family == "windows"
|
|
* @summary Sign using the NONEwithRSA signature algorithm from SunMSCAPI
|
|
*/
|
|
|
|
import java.security.*;
|
|
import java.security.cert.X509Certificate;
|
|
import java.security.interfaces.RSAPrivateCrtKey;
|
|
import java.util.*;
|
|
import sun.security.tools.keytool.CertAndKeyGen;
|
|
import sun.security.x509.X500Name;
|
|
|
|
public class SignUsingNONEwithRSA {
|
|
|
|
private static final List<byte[]> precomputedHashes = Arrays.asList(
|
|
// A MD5 hash
|
|
new byte[] {
|
|
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10,
|
|
0x11, 0x12, 0x13, 0x14, 0x15, 0x16
|
|
},
|
|
// A SHA-1 hash
|
|
new byte[] {
|
|
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10,
|
|
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20
|
|
},
|
|
// A concatenation of SHA-1 and MD5 hashes (used during SSL handshake)
|
|
new byte[] {
|
|
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10,
|
|
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20,
|
|
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30,
|
|
0x31, 0x32, 0x33, 0x34, 0x35, 0x36
|
|
},
|
|
// A SHA-256 hash
|
|
new byte[] {
|
|
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10,
|
|
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20,
|
|
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30,
|
|
0x31, 0x32
|
|
},
|
|
// A SHA-384 hash
|
|
new byte[] {
|
|
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10,
|
|
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20,
|
|
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30,
|
|
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40,
|
|
0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48
|
|
},
|
|
// A SHA-512 hash
|
|
new byte[] {
|
|
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10,
|
|
0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x20,
|
|
0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30,
|
|
0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x40,
|
|
0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x50,
|
|
0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x60,
|
|
0x61, 0x62, 0x63, 0x64
|
|
});
|
|
|
|
private static List<byte[]> generatedSignatures = new ArrayList<>();
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
|
|
Provider[] providers = Security.getProviders("Signature.NONEwithRSA");
|
|
if (providers == null) {
|
|
System.out.println("No JCE providers support the " +
|
|
"'Signature.NONEwithRSA' algorithm");
|
|
System.out.println("Skipping this test...");
|
|
return;
|
|
|
|
} else {
|
|
System.out.println("The following JCE providers support the " +
|
|
"'Signature.NONEwithRSA' algorithm: ");
|
|
for (Provider provider : providers) {
|
|
System.out.println(" " + provider.getName());
|
|
}
|
|
}
|
|
System.out.println(
|
|
"Creating a temporary RSA keypair in the Windows-My store");
|
|
KeyStore ks = KeyStore.getInstance("Windows-MY");
|
|
ks.load(null, null);
|
|
CertAndKeyGen ckg = new CertAndKeyGen("RSA", "SHA1withRSA");
|
|
ckg.generate(1024);
|
|
RSAPrivateCrtKey k = (RSAPrivateCrtKey) ckg.getPrivateKey();
|
|
ks.setKeyEntry("6578658", k, null, new X509Certificate[]{
|
|
ckg.getSelfCertificate(new X500Name("cn=6578658,c=US"), 1000)
|
|
});
|
|
ks.store(null, null);
|
|
|
|
System.out.println("---------------------------------------------");
|
|
|
|
try {
|
|
KeyPair keys = getKeysFromKeyStore();
|
|
signAllUsing("SunMSCAPI", keys.getPrivate());
|
|
System.out.println("---------------------------------------------");
|
|
|
|
verifyAllUsing("SunMSCAPI", keys.getPublic());
|
|
System.out.println("---------------------------------------------");
|
|
|
|
verifyAllUsing("SunJCE", keys.getPublic());
|
|
System.out.println("---------------------------------------------");
|
|
|
|
keys = generateKeys();
|
|
signAllUsing("SunJCE", keys.getPrivate());
|
|
System.out.println("---------------------------------------------");
|
|
|
|
verifyAllUsing("SunMSCAPI", keys.getPublic());
|
|
System.out.println("---------------------------------------------");
|
|
} finally {
|
|
System.out.println(
|
|
"Deleting temporary RSA keypair from Windows-My store");
|
|
ks.deleteEntry("6578658");
|
|
}
|
|
|
|
}
|
|
|
|
private static KeyPair getKeysFromKeyStore() throws Exception {
|
|
KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
|
|
ks.load(null, null);
|
|
System.out.println("Loaded keystore: Windows-MY");
|
|
|
|
Enumeration<String> e = ks.aliases();
|
|
PrivateKey privateKey = null;
|
|
PublicKey publicKey = null;
|
|
|
|
while (e.hasMoreElements()) {
|
|
String alias = e.nextElement();
|
|
if (alias.equals("6578658")) {
|
|
System.out.println("Loaded entry: " + alias);
|
|
privateKey = (PrivateKey) ks.getKey(alias, null);
|
|
publicKey = (PublicKey) ks.getCertificate(alias).getPublicKey();
|
|
}
|
|
}
|
|
if (privateKey == null || publicKey == null) {
|
|
throw new Exception("Cannot load the keys need to run this test");
|
|
}
|
|
|
|
return new KeyPair(publicKey, privateKey);
|
|
}
|
|
|
|
|
|
private static KeyPair generateKeys() throws Exception {
|
|
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
|
|
keyGen.initialize(1024, null);
|
|
KeyPair pair = keyGen.generateKeyPair();
|
|
PrivateKey privateKey = pair.getPrivate();
|
|
PublicKey publicKey = pair.getPublic();
|
|
|
|
if (privateKey == null || publicKey == null) {
|
|
throw new Exception("Cannot load the keys need to run this test");
|
|
}
|
|
|
|
return new KeyPair(publicKey, privateKey);
|
|
}
|
|
|
|
private static void signAllUsing(String providerName, PrivateKey privateKey)
|
|
throws Exception {
|
|
Signature sig1 = Signature.getInstance("NONEwithRSA", providerName);
|
|
if (sig1 == null) {
|
|
throw new Exception("'NONEwithRSA' is not supported");
|
|
}
|
|
if (sig1.getProvider() != null) {
|
|
System.out.println("Using NONEwithRSA signer from the " +
|
|
sig1.getProvider().getName() + " JCE provider");
|
|
} else {
|
|
System.out.println(
|
|
"Using NONEwithRSA signer from the internal JCE provider");
|
|
}
|
|
|
|
System.out.println("Using key: " + privateKey);
|
|
generatedSignatures.clear();
|
|
for (byte[] hash : precomputedHashes) {
|
|
sig1.initSign(privateKey);
|
|
sig1.update(hash);
|
|
|
|
try {
|
|
|
|
byte [] sigBytes = sig1.sign();
|
|
System.out.println("\nGenerated RSA signature over a " +
|
|
hash.length + "-byte hash (signature length: " +
|
|
sigBytes.length * 8 + " bits)");
|
|
System.out.println(String.format("0x%0" +
|
|
(sigBytes.length * 2) + "x",
|
|
new java.math.BigInteger(1, sigBytes)));
|
|
generatedSignatures.add(sigBytes);
|
|
|
|
} catch (SignatureException se) {
|
|
System.out.println("Error generating RSA signature: " + se);
|
|
}
|
|
}
|
|
}
|
|
|
|
private static void verifyAllUsing(String providerName, PublicKey publicKey)
|
|
throws Exception {
|
|
Signature sig1 = Signature.getInstance("NONEwithRSA", providerName);
|
|
if (sig1.getProvider() != null) {
|
|
System.out.println("\nUsing NONEwithRSA verifier from the " +
|
|
sig1.getProvider().getName() + " JCE provider");
|
|
} else {
|
|
System.out.println(
|
|
"\nUsing NONEwithRSA verifier from the internal JCE provider");
|
|
}
|
|
|
|
System.out.println("Using key: " + publicKey);
|
|
|
|
int i = 0;
|
|
for (byte[] hash : precomputedHashes) {
|
|
|
|
byte[] sigBytes = generatedSignatures.get(i++);
|
|
System.out.println("\nVerifying RSA Signature over a " +
|
|
hash.length + "-byte hash (signature length: " +
|
|
sigBytes.length * 8 + " bits)");
|
|
System.out.println(String.format("0x%0" +
|
|
(sigBytes.length * 2) + "x",
|
|
new java.math.BigInteger(1, sigBytes)));
|
|
|
|
sig1.initVerify(publicKey);
|
|
sig1.update(hash);
|
|
if (sig1.verify(sigBytes)) {
|
|
System.out.println("Verify PASSED");
|
|
} else {
|
|
throw new Exception("Verify FAILED");
|
|
}
|
|
}
|
|
}
|
|
}
|