-
Notifications
You must be signed in to change notification settings - Fork 112
/
DefaultSignatureAlgorithm.java
104 lines (90 loc) · 4.01 KB
/
DefaultSignatureAlgorithm.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8138766 8227059 8227595
* @summary New default -sigalg for keytool
* @library /test/lib
* @build java.base/sun.security.rsa.RSAKeyPairGenerator
* java.base/sun.security.provider.DSAKeyPairGenerator
* jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator
* @requires os.family != "solaris"
* @run main DefaultSignatureAlgorithm
* @modules jdk.crypto.ec
*/
// This test is excluded from Solaris because the RSA key pair generator
// is extremely slow there with a big keysize. Please note the fake
// KeyPairGenerator will not be used because of provider preferences.
import jdk.test.lib.Asserts;
import jdk.test.lib.SecurityTools;
import jdk.test.lib.process.OutputAnalyzer;
import java.io.File;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
public class DefaultSignatureAlgorithm {
static int pos = 0;
public static void main(String[] args) throws Exception {
check("RSA", 1024, null, "SHA256withRSA");
check("RSA", 3072, null, "SHA256withRSA");
check("RSA", 3073, null, "SHA384withRSA");
check("RSA", 7680, null, "SHA384withRSA");
check("RSA", 7681, null, "SHA512withRSA");
check("DSA", 1024, null, "SHA256withDSA");
check("DSA", 3072, null, "SHA256withDSA");
check("EC", 384, null, "SHA384withECDSA");
check("EC", 571, null, "SHA512withECDSA");
check("EC", 571, "SHA256withECDSA", "SHA256withECDSA");
}
private static void check(String keyAlg, int keySize,
String requestedSigAlg, String expectedSigAlg)
throws Exception {
String alias = keyAlg + keySize + "-" + pos++;
String sigAlgParam = requestedSigAlg == null
? ""
: (" -sigalg " + requestedSigAlg);
genkeypair(alias,
"-keyalg " + keyAlg + " -keysize " + keySize + sigAlgParam)
.shouldHaveExitValue(0);
KeyStore ks = KeyStore.getInstance(
new File("ks"), "changeit".toCharArray());
X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
Asserts.assertEQ(cert.getPublicKey().getAlgorithm(), keyAlg);
Asserts.assertEQ(cert.getSigAlgName(), expectedSigAlg);
}
static OutputAnalyzer genkeypair(String alias, String options)
throws Exception {
String patchArg = "-J--patch-module=java.base="
+ System.getProperty("test.classes")
+ File.separator + "patches" + File.separator + "java.base"
+ " -J--patch-module=jdk.crypto.ec="
+ System.getProperty("test.classes")
+ File.separator + "patches" + File.separator + "jdk.crypto.ec";;
return kt(patchArg + " -genkeypair -alias " + alias
+ " -dname CN=" + alias + " " + options);
}
static OutputAnalyzer kt(String cmd)
throws Exception {
return SecurityTools.keytool("-storepass changeit -keypass changeit "
+ "-keystore ks " + cmd);
}
}