1 /* 2 * Copyright (c) 2017, Red Hat, Inc. and/or its affiliates. 3 * 4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 5 * 6 * This code is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 only, as 8 * published by the Free Software Foundation. 9 * 10 * This code is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13 * version 2 for more details (a copy is included in the LICENSE file that 14 * accompanied this code). 15 * 16 * You should have received a copy of the GNU General Public License version 17 * 2 along with this work; if not, write to the Free Software Foundation, 18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 * 20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 21 * or visit www.oracle.com if you need additional information or have any 22 * questions. 23 */ 24 25 /* 26 * @test 27 * @bug 8165996 28 * @summary Test NSS DB Sqlite 29 * @library ../ 30 * @modules java.base/sun.security.rsa 31 * java.base/sun.security.provider 32 * java.base/sun.security.jca 33 * java.base/sun.security.tools.keytool 34 * java.base/sun.security.x509 35 * java.base/com.sun.crypto.provider 36 * jdk.crypto.cryptoki/sun.security.pkcs11:+open 37 * @run main/othervm/timeout=120 TestNssDbSqlite 38 * @author Martin Balao (mbalao@redhat.com) 39 */ 40 41 import java.security.PrivateKey; 42 import java.security.cert.Certificate; 43 import java.security.KeyStore; 44 import java.security.Provider; 45 import java.security.Signature; 46 47 import sun.security.rsa.SunRsaSign; 48 import sun.security.jca.ProviderList; 49 import sun.security.jca.Providers; 50 import sun.security.tools.keytool.CertAndKeyGen; 51 import sun.security.x509.X500Name; 52 53 public final class TestNssDbSqlite extends SecmodTest { 54 55 private static final boolean enableDebug = true; 56 57 private static Provider sunPKCS11NSSProvider; 58 private static Provider sunRsaSignProvider; 59 private static Provider sunJCEProvider; 60 private static KeyStore ks; 61 private static char[] passphrase = "test12".toCharArray(); 62 private static PrivateKey privateKey; 63 private static Certificate certificate; 64 65 public static void main(String[] args) throws Exception { 66 67 initialize(); 68 69 if (enableDebug) { 70 System.out.println("SunPKCS11 provider: " + 71 sunPKCS11NSSProvider); 72 } 73 74 testRetrieveKeysFromKeystore(); 75 76 System.out.println("Test PASS - OK"); 77 } 78 79 private static void testRetrieveKeysFromKeystore() throws Exception { 80 81 String plainText = "known plain text"; 82 83 ks.setKeyEntry("root_ca_1", privateKey, passphrase, 84 new Certificate[]{certificate}); 85 PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase); 86 87 Signature sS = Signature.getInstance( 88 "SHA256withRSA", sunPKCS11NSSProvider); 89 sS.initSign(k1); 90 sS.update(plainText.getBytes()); 91 byte[] generatedSignature = sS.sign(); 92 93 if (enableDebug) { 94 System.out.println("Generated signature: "); 95 for (byte b : generatedSignature) { 96 System.out.printf("0x%02x, ", (int)(b) & 0xFF); 97 } 98 System.out.println(""); 99 } 100 101 Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider); 102 sV.initVerify(certificate); 103 sV.update(plainText.getBytes()); 104 if(!sV.verify(generatedSignature)){ 105 throw new Exception("Couldn't verify signature"); 106 } 107 } 108 109 private static void initialize() throws Exception { 110 initializeProvider(); 111 } 112 113 private static void initializeProvider () throws Exception { 114 useSqlite(true); 115 if (!initSecmod()) { 116 return; 117 } 118 119 sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg"); 120 sunJCEProvider = new com.sun.crypto.provider.SunJCE(); 121 sunRsaSignProvider = new SunRsaSign(); 122 Providers.setProviderList(ProviderList.newList( 123 sunJCEProvider, sunPKCS11NSSProvider, 124 new sun.security.provider.Sun(), sunRsaSignProvider)); 125 126 ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider); 127 ks.load(null, passphrase); 128 129 CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA"); 130 gen.generate(2048); 131 privateKey = gen.getPrivateKey(); 132 certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365); 133 } 134 }