c70c37db8a
Provide system property "test.nss.lib.paths" for specifying a set of absolute paths to the custom NSS lib directories Reviewed-by: weijun, rhalade
142 lines
4.8 KiB
Java
142 lines
4.8 KiB
Java
/*
|
|
* Copyright (c) 2017, 2018, Red Hat, Inc. and/or its affiliates.
|
|
*
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/*
|
|
* @test
|
|
* @bug 8165996
|
|
* @summary Test NSS DB Sqlite
|
|
* @comment There is no NSS on Aix.
|
|
* @requires os.family != "aix"
|
|
* @library /test/lib ../
|
|
* @modules java.base/sun.security.rsa
|
|
* java.base/sun.security.provider
|
|
* java.base/sun.security.jca
|
|
* java.base/sun.security.tools.keytool
|
|
* java.base/sun.security.x509
|
|
* java.base/com.sun.crypto.provider
|
|
* jdk.crypto.cryptoki/sun.security.pkcs11:+open
|
|
* @run main/othervm/timeout=120 TestNssDbSqlite
|
|
* @author Martin Balao (mbalao@redhat.com)
|
|
*/
|
|
|
|
import java.security.PrivateKey;
|
|
import java.security.cert.Certificate;
|
|
import java.security.KeyStore;
|
|
import java.security.Provider;
|
|
import java.security.Signature;
|
|
|
|
import sun.security.rsa.SunRsaSign;
|
|
import sun.security.jca.ProviderList;
|
|
import sun.security.jca.Providers;
|
|
import sun.security.tools.keytool.CertAndKeyGen;
|
|
import sun.security.x509.X500Name;
|
|
|
|
public final class TestNssDbSqlite extends SecmodTest {
|
|
|
|
private static final boolean enableDebug = true;
|
|
|
|
private static Provider sunPKCS11NSSProvider;
|
|
private static Provider sunRsaSignProvider;
|
|
private static Provider sunJCEProvider;
|
|
private static KeyStore ks;
|
|
private static char[] passphrase = "test12".toCharArray();
|
|
private static PrivateKey privateKey;
|
|
private static Certificate certificate;
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
|
|
if (!initialize()) {
|
|
return;
|
|
}
|
|
|
|
if (enableDebug) {
|
|
System.out.println("SunPKCS11 provider: " +
|
|
sunPKCS11NSSProvider);
|
|
}
|
|
|
|
testRetrieveKeysFromKeystore();
|
|
|
|
System.out.println("Test PASS - OK");
|
|
}
|
|
|
|
private static void testRetrieveKeysFromKeystore() throws Exception {
|
|
|
|
String plainText = "known plain text";
|
|
|
|
ks.setKeyEntry("root_ca_1", privateKey, passphrase,
|
|
new Certificate[]{certificate});
|
|
PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase);
|
|
|
|
Signature sS = Signature.getInstance(
|
|
"SHA256withRSA", sunPKCS11NSSProvider);
|
|
sS.initSign(k1);
|
|
sS.update(plainText.getBytes());
|
|
byte[] generatedSignature = sS.sign();
|
|
|
|
if (enableDebug) {
|
|
System.out.println("Generated signature: ");
|
|
for (byte b : generatedSignature) {
|
|
System.out.printf("0x%02x, ", (int)(b) & 0xFF);
|
|
}
|
|
System.out.println("");
|
|
}
|
|
|
|
Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider);
|
|
sV.initVerify(certificate);
|
|
sV.update(plainText.getBytes());
|
|
if(!sV.verify(generatedSignature)){
|
|
throw new Exception("Couldn't verify signature");
|
|
}
|
|
}
|
|
|
|
private static boolean initialize() throws Exception {
|
|
return initializeProvider();
|
|
}
|
|
|
|
private static boolean initializeProvider() throws Exception {
|
|
useSqlite(true);
|
|
if (!initSecmod()) {
|
|
System.out.println("Cannot init security module database, skipping");
|
|
return false;
|
|
}
|
|
|
|
sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg");
|
|
sunJCEProvider = new com.sun.crypto.provider.SunJCE();
|
|
sunRsaSignProvider = new SunRsaSign();
|
|
Providers.setProviderList(ProviderList.newList(
|
|
sunJCEProvider, sunPKCS11NSSProvider,
|
|
new sun.security.provider.Sun(), sunRsaSignProvider));
|
|
|
|
ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider);
|
|
ks.load(null, passphrase);
|
|
|
|
CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA");
|
|
gen.generate(2048);
|
|
privateKey = gen.getPrivateKey();
|
|
certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365);
|
|
|
|
return true;
|
|
}
|
|
}
|