Old test/jdk/sun/security/pkcs11/Secmod/TestNssDbSqlite.java

   1 /*
   2  * Copyright (c) 2017, Red Hat, Inc. and/or its affiliates.
   3  *
   4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   5  *
   6  * This code is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License version 2 only, as
   8  * published by the Free Software Foundation.
   9  *
  10  * This code is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * version 2 for more details (a copy is included in the LICENSE file that
  14  * accompanied this code).
  15  *
  16  * You should have received a copy of the GNU General Public License version
  17  * 2 along with this work; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  19  *
  20  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  21  * or visit www.oracle.com if you need additional information or have any
  22  * questions.
  23  */
  24 
  25 /*
  26  * @test
  27  * @bug 8165996
  28  * @summary Test NSS DB Sqlite
  29  * @library ../
  30  * @modules java.base/sun.security.rsa
  31  *          java.base/sun.security.provider
  32  *          java.base/sun.security.jca
  33  *          java.base/sun.security.tools.keytool
  34  *          java.base/sun.security.x509
  35  *          java.base/com.sun.crypto.provider
  36  *          jdk.crypto.cryptoki/sun.security.pkcs11:+open
  37  * @run main/othervm/timeout=120 TestNssDbSqlite
  38  * @author Martin Balao (mbalao@redhat.com)
  39  */
  40 
  41 import java.security.PrivateKey;
  42 import java.security.cert.Certificate;
  43 import java.security.KeyStore;
  44 import java.security.Provider;
  45 import java.security.Signature;
  46 
  47 import sun.security.rsa.SunRsaSign;
  48 import sun.security.jca.ProviderList;
  49 import sun.security.jca.Providers;
  50 import sun.security.tools.keytool.CertAndKeyGen;
  51 import sun.security.x509.X500Name;
  52 
  53 public final class TestNssDbSqlite extends SecmodTest {
  54 
  55     private static final boolean enableDebug = true;
  56 
  57     private static Provider sunPKCS11NSSProvider;
  58     private static Provider sunRsaSignProvider;
  59     private static Provider sunJCEProvider;
  60     private static KeyStore ks;
  61     private static char[] passphrase = "test12".toCharArray();
  62     private static PrivateKey privateKey;
  63     private static Certificate certificate;
  64 
  65     public static void main(String[] args) throws Exception {
  66 
  67         initialize();
  68 
  69         if (enableDebug) {
  70             System.out.println("SunPKCS11 provider: " +
  71                 sunPKCS11NSSProvider);
  72         }
  73 
  74         testRetrieveKeysFromKeystore();
  75 
  76         System.out.println("Test PASS - OK");
  77     }
  78 
  79     private static void testRetrieveKeysFromKeystore() throws Exception {
  80 
  81         String plainText = "known plain text";
  82 
  83         ks.setKeyEntry("root_ca_1", privateKey, passphrase,
  84                 new Certificate[]{certificate});
  85         PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase);
  86 
  87         Signature sS = Signature.getInstance(
  88                 "SHA256withRSA", sunPKCS11NSSProvider);
  89         sS.initSign(k1);
  90         sS.update(plainText.getBytes());
  91         byte[] generatedSignature = sS.sign();
  92 
  93         if (enableDebug) {
  94             System.out.println("Generated signature: ");
  95             for (byte b : generatedSignature) {
  96                 System.out.printf("0x%02x, ", (int)(b) & 0xFF);
  97             }
  98             System.out.println("");
  99         }
 100 
 101         Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider);
 102         sV.initVerify(certificate);
 103         sV.update(plainText.getBytes());
 104         if(!sV.verify(generatedSignature)){
 105             throw new Exception("Couldn't verify signature");
 106         }
 107     }
 108 
 109     private static void initialize() throws Exception {
 110         initializeProvider();
 111     }
 112 
 113     private static void initializeProvider () throws Exception {
 114         useSqlite(true);
 115         if (!initSecmod()) {
 116             return;
 117         }
 118 
 119         sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg");
 120         sunJCEProvider = new com.sun.crypto.provider.SunJCE();
 121         sunRsaSignProvider = new SunRsaSign();
 122         Providers.setProviderList(ProviderList.newList(
 123                 sunJCEProvider, sunPKCS11NSSProvider,
 124                 new sun.security.provider.Sun(), sunRsaSignProvider));
 125 
 126         ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider);
 127         ks.load(null, passphrase);
 128 
 129         CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA");
 130         gen.generate(2048);
 131         privateKey = gen.getPrivateKey();
 132         certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365);
 133     }
 134 }