New test/jdk/sun/security/pkcs11/Secmod/TestNssDbSqlite.java

   1 /*
   2  * Copyright (c) 2017, Red Hat, Inc. and/or its affiliates.
   3  *
   4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   5  *
   6  * This code is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License version 2 only, as
   8  * published by the Free Software Foundation.
   9  *
  10  * This code is distributed in the hope that it will be useful, but WITHOUT
  11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * version 2 for more details (a copy is included in the LICENSE file that
  14  * accompanied this code).
  15  *
  16  * You should have received a copy of the GNU General Public License version
  17  * 2 along with this work; if not, write to the Free Software Foundation,
  18  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  19  *
  20  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  21  * or visit www.oracle.com if you need additional information or have any
  22  * questions.
  23  */
  24 
  25 /*
  26  * @test
  27  * @bug 8165996
  28  * @summary Test NSS DB Sqlite
  29  * @comment There is no NSS on Aix.
  30  * @requires os.family != "aix"
  31  * @library ../
  32  * @modules java.base/sun.security.rsa
  33  *          java.base/sun.security.provider
  34  *          java.base/sun.security.jca
  35  *          java.base/sun.security.tools.keytool
  36  *          java.base/sun.security.x509
  37  *          java.base/com.sun.crypto.provider
  38  *          jdk.crypto.cryptoki/sun.security.pkcs11:+open
  39  * @run main/othervm/timeout=120 TestNssDbSqlite
  40  * @author Martin Balao (mbalao@redhat.com)
  41  */
  42 
  43 import java.security.PrivateKey;
  44 import java.security.cert.Certificate;
  45 import java.security.KeyStore;
  46 import java.security.Provider;
  47 import java.security.Signature;
  48 
  49 import sun.security.rsa.SunRsaSign;
  50 import sun.security.jca.ProviderList;
  51 import sun.security.jca.Providers;
  52 import sun.security.tools.keytool.CertAndKeyGen;
  53 import sun.security.x509.X500Name;
  54 
  55 public final class TestNssDbSqlite extends SecmodTest {
  56 
  57     private static final boolean enableDebug = true;
  58 
  59     private static Provider sunPKCS11NSSProvider;
  60     private static Provider sunRsaSignProvider;
  61     private static Provider sunJCEProvider;
  62     private static KeyStore ks;
  63     private static char[] passphrase = "test12".toCharArray();
  64     private static PrivateKey privateKey;
  65     private static Certificate certificate;
  66 
  67     public static void main(String[] args) throws Exception {
  68 
  69         initialize();
  70 
  71         if (enableDebug) {
  72             System.out.println("SunPKCS11 provider: " +
  73                 sunPKCS11NSSProvider);
  74         }
  75 
  76         testRetrieveKeysFromKeystore();
  77 
  78         System.out.println("Test PASS - OK");
  79     }
  80 
  81     private static void testRetrieveKeysFromKeystore() throws Exception {
  82 
  83         String plainText = "known plain text";
  84 
  85         ks.setKeyEntry("root_ca_1", privateKey, passphrase,
  86                 new Certificate[]{certificate});
  87         PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase);
  88 
  89         Signature sS = Signature.getInstance(
  90                 "SHA256withRSA", sunPKCS11NSSProvider);
  91         sS.initSign(k1);
  92         sS.update(plainText.getBytes());
  93         byte[] generatedSignature = sS.sign();
  94 
  95         if (enableDebug) {
  96             System.out.println("Generated signature: ");
  97             for (byte b : generatedSignature) {
  98                 System.out.printf("0x%02x, ", (int)(b) & 0xFF);
  99             }
 100             System.out.println("");
 101         }
 102 
 103         Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider);
 104         sV.initVerify(certificate);
 105         sV.update(plainText.getBytes());
 106         if(!sV.verify(generatedSignature)){
 107             throw new Exception("Couldn't verify signature");
 108         }
 109     }
 110 
 111     private static void initialize() throws Exception {
 112         initializeProvider();
 113     }
 114 
 115     private static void initializeProvider () throws Exception {
 116         useSqlite(true);
 117         if (!initSecmod()) {
 118             return;
 119         }
 120 
 121         sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg");
 122         sunJCEProvider = new com.sun.crypto.provider.SunJCE();
 123         sunRsaSignProvider = new SunRsaSign();
 124         Providers.setProviderList(ProviderList.newList(
 125                 sunJCEProvider, sunPKCS11NSSProvider,
 126                 new sun.security.provider.Sun(), sunRsaSignProvider));
 127 
 128         ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider);
 129         ks.load(null, passphrase);
 130 
 131         CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA");
 132         gen.generate(2048);
 133         privateKey = gen.getPrivateKey();
 134         certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365);
 135     }
 136 }