1 /*
2 * Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /**
25 * @test
26 * @bug 8057810
27 * @summary New defaults for DSA keys in jarsigner and keytool
28 */
29
30 import sun.security.pkcs.PKCS7;
31 import sun.security.util.KeyUtil;
32
33 import java.io.FileInputStream;
34 import java.io.InputStream;
35 import java.nio.file.Files;
36 import java.nio.file.Paths;
37 import java.security.KeyStore;
38 import java.security.cert.X509Certificate;
39 import java.util.jar.JarFile;
40
41 public class DefaultSigalg {
42
43 public static void main(String[] args) throws Exception {
44
45 // Three test cases
46 String[] keyalgs = {"DSA", "RSA", "EC"};
47 // Expected default keytool sigalg
48 String[] sigalgs = {"SHA256withDSA", "SHA256withRSA", "SHA256withECDSA"};
49 // Expected keysizes
50 int[] keysizes = {2048, 2048, 256};
51 // Expected jarsigner digest alg used in signature
52 String[] digestalgs = {"SHA-256", "SHA-256", "SHA-256"};
53
54 // Create a jar file
55 sun.tools.jar.Main m =
56 new sun.tools.jar.Main(System.out, System.err, "jar");
57 Files.write(Paths.get("x"), new byte[10]);
58 if (!m.run("cvf a.jar x".split(" "))) {
59 throw new Exception("jar creation failed");
60 }
61
62 // Generate keypairs and sign the jar
63 Files.deleteIfExists(Paths.get("jks"));
64 for (String keyalg: keyalgs) {
65 sun.security.tools.keytool.Main.main(
66 ("-keystore jks -storepass changeit -keypass changeit " +
67 "-dname CN=A -alias " + keyalg + " -genkeypair " +
68 "-keyalg " + keyalg).split(" "));
69 sun.security.tools.jarsigner.Main.main(
70 ("-keystore jks -storepass changeit a.jar " + keyalg).split(" "));
71 }
72
73 // Check result
74 KeyStore ks = KeyStore.getInstance("JKS");
75 try (FileInputStream jks = new FileInputStream("jks");
76 JarFile jf = new JarFile("a.jar")) {
77 ks.load(jks, null);
78 for (int i = 0; i<keyalgs.length; i++) {
79 String keyalg = keyalgs[i];
80 // keytool
81 X509Certificate c = (X509Certificate) ks.getCertificate(keyalg);
82 String sigalg = c.getSigAlgName();
83 if (!sigalg.equals(sigalgs[i])) {
84 throw new Exception(
85 "keytool sigalg for " + keyalg + " is " + sigalg);
86 }
87 int keysize = KeyUtil.getKeySize(c.getPublicKey());
88 if (keysize != keysizes[i]) {
89 throw new Exception(
90 "keytool keysize for " + keyalg + " is " + keysize);
91 }
92 // jarsigner
93 String bk = "META-INF/" + keyalg + "." + keyalg;
94 try (InputStream is = jf.getInputStream(jf.getEntry(bk))) {
95 String digestalg = new PKCS7(is).getSignerInfos()[0]
96 .getDigestAlgorithmId().toString();
97 if (!digestalg.equals(digestalgs[i])) {
98 throw new Exception(
99 "jarsigner digest of sig for " + keyalg
100 + " is " + digestalg);
101 }
102 }
103 }
104 }
105 }
106 }