1 /* 2 * Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /** 25 * @test 26 * @bug 8057810 27 * @summary New defaults for DSA keys in jarsigner and keytool 28 */ 29 30 import sun.security.pkcs.PKCS7; 31 import sun.security.util.KeyUtil; 32 33 import java.io.FileInputStream; 34 import java.io.InputStream; 35 import java.nio.file.Files; 36 import java.nio.file.Paths; 37 import java.security.KeyStore; 38 import java.security.cert.X509Certificate; 39 import java.util.jar.JarFile; 40 41 public class DefaultSigalg { 42 43 public static void main(String[] args) throws Exception { 44 45 // Three test cases 46 String[] keyalgs = {"DSA", "RSA", "EC"}; 47 // Expected default keytool sigalg 48 String[] sigalgs = {"SHA256withDSA", "SHA256withRSA", "SHA256withECDSA"}; 49 // Expected keysizes 50 int[] keysizes = {2048, 2048, 256}; 51 // Expected jarsigner digest alg used in signature 52 String[] digestalgs = {"SHA-256", "SHA-256", "SHA-256"}; 53 54 // Create a jar file 55 sun.tools.jar.Main m = 56 new sun.tools.jar.Main(System.out, System.err, "jar"); 57 Files.write(Paths.get("x"), new byte[10]); 58 if (!m.run("cvf a.jar x".split(" "))) { 59 throw new Exception("jar creation failed"); 60 } 61 62 // Generate keypairs and sign the jar 63 Files.deleteIfExists(Paths.get("jks")); 64 for (String keyalg: keyalgs) { 65 sun.security.tools.keytool.Main.main( 66 ("-keystore jks -storepass changeit -keypass changeit " + 67 "-dname CN=A -alias " + keyalg + " -genkeypair " + 68 "-keyalg " + keyalg).split(" ")); 69 sun.security.tools.jarsigner.Main.main( 70 ("-keystore jks -storepass changeit a.jar " + keyalg).split(" ")); 71 } 72 73 // Check result 74 KeyStore ks = KeyStore.getInstance("JKS"); 75 try (FileInputStream jks = new FileInputStream("jks"); 76 JarFile jf = new JarFile("a.jar")) { 77 ks.load(jks, null); 78 for (int i = 0; i<keyalgs.length; i++) { 79 String keyalg = keyalgs[i]; 80 // keytool 81 X509Certificate c = (X509Certificate) ks.getCertificate(keyalg); 82 String sigalg = c.getSigAlgName(); 83 if (!sigalg.equals(sigalgs[i])) { 84 throw new Exception( 85 "keytool sigalg for " + keyalg + " is " + sigalg); 86 } 87 int keysize = KeyUtil.getKeySize(c.getPublicKey()); 88 if (keysize != keysizes[i]) { 89 throw new Exception( 90 "keytool keysize for " + keyalg + " is " + keysize); 91 } 92 // jarsigner 93 String bk = "META-INF/" + keyalg + "." + keyalg; 94 try (InputStream is = jf.getInputStream(jf.getEntry(bk))) { 95 String digestalg = new PKCS7(is).getSignerInfos()[0] 96 .getDigestAlgorithmId().toString(); 97 if (!digestalg.equals(digestalgs[i])) { 98 throw new Exception( 99 "jarsigner digest of sig for " + keyalg 100 + " is " + digestalg); 101 } 102 } 103 } 104 } 105 } 106 }