1 /*
2 * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 6323647
27 * @summary Verify that the SunJSSE trustmanager works correctly in FIPS mode
28 * @author Andreas Sterbenz
29 * @library ..
30 * @modules java.base/com.sun.net.ssl.internal.ssl
31 * @run main/othervm TrustManagerTest
32 */
33
34 import java.io.*;
35 import java.util.*;
36
37 import java.security.*;
38 import java.security.cert.*;
39
40 import javax.net.ssl.*;
41
42 // This test belongs more in JSSE than here, but the JSSE workspace does not
43 // have the NSS test infrastructure. It will live here for the time being.
44
45 public class TrustManagerTest extends SecmodTest {
46
47 public static void main(String[] args) throws Exception {
48 if (initSecmod() == false) {
49 return;
50 }
51
52 if ("sparc".equals(System.getProperty("os.arch")) == false) {
53 // we have not updated other platforms with the proper NSS libraries yet
54 System.out.println("Test currently works only on solaris-sparc, skipping");
55 return;
56 }
57
58 String configName = BASE + SEP + "fips.cfg";
59 Provider p = getSunPKCS11(configName);
60
61 System.out.println(p);
62 Security.addProvider(p);
63
64 Security.removeProvider("SunJSSE");
65 Provider jsse = new com.sun.net.ssl.internal.ssl.Provider(p);
66 Security.addProvider(jsse);
67 System.out.println(jsse.getInfo());
68
69 KeyStore ks = KeyStore.getInstance("PKCS11", p);
70 ks.load(null, "test12".toCharArray());
71
72 X509Certificate server = loadCertificate("certs/server.cer");
73 X509Certificate ca = loadCertificate("certs/ca.cer");
74 X509Certificate anchor = loadCertificate("certs/anchor.cer");
75
76 KeyStore trustStore = KeyStore.getInstance("JKS");
77 trustStore.load(null, null);
78 trustStore.setCertificateEntry("anchor", anchor);
79
80 TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
81 tmf.init(trustStore);
82
83 X509TrustManager tm = (X509TrustManager)tmf.getTrustManagers()[0];
84
85 X509Certificate[] chain = {server, ca, anchor};
86
87 tm.checkServerTrusted(chain, "RSA");
88
89 System.out.println("OK");
90 }
91
92 private static X509Certificate loadCertificate(String name) throws Exception {
93 CertificateFactory cf = CertificateFactory.getInstance("X.509");
94 InputStream in = new FileInputStream(BASE + SEP + name);
95 X509Certificate cert = (X509Certificate)cf.generateCertificate(in);
96 in.close();
97 return cert;
98 }
99
100 }