1 /* 2 * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 6323647 27 * @summary Verify that the SunJSSE trustmanager works correctly in FIPS mode 28 * @author Andreas Sterbenz 29 * @library .. 30 * @modules java.base/com.sun.net.ssl.internal.ssl 31 * @run main/othervm TrustManagerTest 32 */ 33 34 import java.io.*; 35 import java.util.*; 36 37 import java.security.*; 38 import java.security.cert.*; 39 40 import javax.net.ssl.*; 41 42 // This test belongs more in JSSE than here, but the JSSE workspace does not 43 // have the NSS test infrastructure. It will live here for the time being. 44 45 public class TrustManagerTest extends SecmodTest { 46 47 public static void main(String[] args) throws Exception { 48 if (initSecmod() == false) { 49 return; 50 } 51 52 if ("sparc".equals(System.getProperty("os.arch")) == false) { 53 // we have not updated other platforms with the proper NSS libraries yet 54 System.out.println("Test currently works only on solaris-sparc, skipping"); 55 return; 56 } 57 58 String configName = BASE + SEP + "fips.cfg"; 59 Provider p = getSunPKCS11(configName); 60 61 System.out.println(p); 62 Security.addProvider(p); 63 64 Security.removeProvider("SunJSSE"); 65 Provider jsse = new com.sun.net.ssl.internal.ssl.Provider(p); 66 Security.addProvider(jsse); 67 System.out.println(jsse.getInfo()); 68 69 KeyStore ks = KeyStore.getInstance("PKCS11", p); 70 ks.load(null, "test12".toCharArray()); 71 72 X509Certificate server = loadCertificate("certs/server.cer"); 73 X509Certificate ca = loadCertificate("certs/ca.cer"); 74 X509Certificate anchor = loadCertificate("certs/anchor.cer"); 75 76 KeyStore trustStore = KeyStore.getInstance("JKS"); 77 trustStore.load(null, null); 78 trustStore.setCertificateEntry("anchor", anchor); 79 80 TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); 81 tmf.init(trustStore); 82 83 X509TrustManager tm = (X509TrustManager)tmf.getTrustManagers()[0]; 84 85 X509Certificate[] chain = {server, ca, anchor}; 86 87 tm.checkServerTrusted(chain, "RSA"); 88 89 System.out.println("OK"); 90 } 91 92 private static X509Certificate loadCertificate(String name) throws Exception { 93 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 94 InputStream in = new FileInputStream(BASE + SEP + name); 95 X509Certificate cert = (X509Certificate)cf.generateCertificate(in); 96 in.close(); 97 return cert; 98 } 99 100 }