1 /* 2 * Copyright (c) 2017, Red Hat, Inc. and/or its affiliates. 3 * 4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 5 * 6 * This code is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 only, as 8 * published by the Free Software Foundation. 9 * 10 * This code is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13 * version 2 for more details (a copy is included in the LICENSE file that 14 * accompanied this code). 15 * 16 * You should have received a copy of the GNU General Public License version 17 * 2 along with this work; if not, write to the Free Software Foundation, 18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 * 20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 21 * or visit www.oracle.com if you need additional information or have any 22 * questions. 23 */ 24 25 /* 26 * @test 27 * @bug 8165996 28 * @summary Test NSS DB Sqlite 29 * @comment There is no NSS on Aix. 30 * @requires os.family != "aix" 31 * @library ../ 32 * @modules java.base/sun.security.rsa 33 * java.base/sun.security.provider 34 * java.base/sun.security.jca 35 * java.base/sun.security.tools.keytool 36 * java.base/sun.security.x509 37 * java.base/com.sun.crypto.provider 38 * jdk.crypto.cryptoki/sun.security.pkcs11:+open 39 * @run main/othervm/timeout=120 TestNssDbSqlite 40 * @author Martin Balao (mbalao@redhat.com) 41 */ 42 43 import java.security.PrivateKey; 44 import java.security.cert.Certificate; 45 import java.security.KeyStore; 46 import java.security.Provider; 47 import java.security.Signature; 48 49 import sun.security.rsa.SunRsaSign; 50 import sun.security.jca.ProviderList; 51 import sun.security.jca.Providers; 52 import sun.security.tools.keytool.CertAndKeyGen; 53 import sun.security.x509.X500Name; 54 55 public final class TestNssDbSqlite extends SecmodTest { 56 57 private static final boolean enableDebug = true; 58 59 private static Provider sunPKCS11NSSProvider; 60 private static Provider sunRsaSignProvider; 61 private static Provider sunJCEProvider; 62 private static KeyStore ks; 63 private static char[] passphrase = "test12".toCharArray(); 64 private static PrivateKey privateKey; 65 private static Certificate certificate; 66 67 public static void main(String[] args) throws Exception { 68 69 initialize(); 70 71 if (enableDebug) { 72 System.out.println("SunPKCS11 provider: " + 73 sunPKCS11NSSProvider); 74 } 75 76 testRetrieveKeysFromKeystore(); 77 78 System.out.println("Test PASS - OK"); 79 } 80 81 private static void testRetrieveKeysFromKeystore() throws Exception { 82 83 String plainText = "known plain text"; 84 85 ks.setKeyEntry("root_ca_1", privateKey, passphrase, 86 new Certificate[]{certificate}); 87 PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase); 88 89 Signature sS = Signature.getInstance( 90 "SHA256withRSA", sunPKCS11NSSProvider); 91 sS.initSign(k1); 92 sS.update(plainText.getBytes()); 93 byte[] generatedSignature = sS.sign(); 94 95 if (enableDebug) { 96 System.out.println("Generated signature: "); 97 for (byte b : generatedSignature) { 98 System.out.printf("0x%02x, ", (int)(b) & 0xFF); 99 } 100 System.out.println(""); 101 } 102 103 Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider); 104 sV.initVerify(certificate); 105 sV.update(plainText.getBytes()); 106 if(!sV.verify(generatedSignature)){ 107 throw new Exception("Couldn't verify signature"); 108 } 109 } 110 111 private static void initialize() throws Exception { 112 initializeProvider(); 113 } 114 115 private static void initializeProvider () throws Exception { 116 useSqlite(true); 117 if (!initSecmod()) { 118 return; 119 } 120 121 sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg"); 122 sunJCEProvider = new com.sun.crypto.provider.SunJCE(); 123 sunRsaSignProvider = new SunRsaSign(); 124 Providers.setProviderList(ProviderList.newList( 125 sunJCEProvider, sunPKCS11NSSProvider, 126 new sun.security.provider.Sun(), sunRsaSignProvider)); 127 128 ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider); 129 ks.load(null, passphrase); 130 131 CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA"); 132 gen.generate(2048); 133 privateKey = gen.getPrivateKey(); 134 certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365); 135 } 136 }