Old test/jdk/sun/security/tools/keytool/fakegen/PSS.java

   1 /*
   2  * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 8215694 8222987 8225257
  27  * @summary keytool cannot generate RSASSA-PSS certificates
  28  * @library /test/lib
  29  * @build java.base/sun.security.rsa.RSAKeyPairGenerator
  30  * @modules java.base/sun.security.util
  31  *          java.base/sun.security.x509
  32  * @requires os.family != "solaris"
  33  * @run main PSS
  34  */
  35 
  36 // This test is excluded from Solaris because the 8192-bit RSA key pair
  37 // generator is extremely slow there. Please note the fake
  38 // KeyPairGenerator will not be used because of provider preferences.
  39 
  40 import jdk.test.lib.Asserts;
  41 import jdk.test.lib.SecurityTools;
  42 import jdk.test.lib.process.OutputAnalyzer;
  43 import jdk.test.lib.security.DerUtils;
  44 import sun.security.util.ObjectIdentifier;
  45 import sun.security.x509.AlgorithmId;
  46 
  47 import java.io.File;
  48 import java.security.KeyStore;
  49 import java.security.cert.X509Certificate;
  50 
  51 public class PSS {
  52 
  53     public static void main(String[] args) throws Exception {
  54 
  55         genkeypair("p", "-keyalg RSASSA-PSS -sigalg RSASSA-PSS")
  56                 .shouldHaveExitValue(0);
  57 
  58         genkeypair("a", "-keyalg RSA -sigalg RSASSA-PSS -keysize 2048")
  59                 .shouldHaveExitValue(0);
  60 
  61         genkeypair("b", "-keyalg RSA -sigalg RSASSA-PSS -keysize 4096")
  62                 .shouldHaveExitValue(0);
  63 
  64         genkeypair("c", "-keyalg RSA -sigalg RSASSA-PSS -keysize 8192")
  65                 .shouldHaveExitValue(0);
  66 
  67         KeyStore ks = KeyStore.getInstance(
  68                 new File("ks"), "changeit".toCharArray());
  69 
  70         check((X509Certificate)ks.getCertificate("p"), "RSASSA-PSS",
  71                 AlgorithmId.SHA256_oid);
  72 
  73         check((X509Certificate)ks.getCertificate("a"), "RSA",
  74                 AlgorithmId.SHA256_oid);
  75 
  76         check((X509Certificate)ks.getCertificate("b"), "RSA",
  77                 AlgorithmId.SHA384_oid);
  78 
  79         check((X509Certificate)ks.getCertificate("c"), "RSA",
  80                 AlgorithmId.SHA512_oid);
  81 
  82         // More commands
  83         kt("-certreq -alias p -sigalg RSASSA-PSS -file p.req")
  84                 .shouldHaveExitValue(0);
  85 
  86         kt("-gencert -alias a -sigalg RSASSA-PSS -infile p.req -outfile p.cert")
  87                 .shouldHaveExitValue(0);
  88 
  89         kt("-importcert -alias p -file p.cert")
  90                 .shouldHaveExitValue(0);
  91 
  92         kt("-selfcert -alias p -sigalg RSASSA-PSS")
  93                 .shouldHaveExitValue(0);
  94     }
  95 
  96     static OutputAnalyzer genkeypair(String alias, String options)
  97             throws Exception {
  98         String patchArg = "-J--patch-module=java.base=" + System.getProperty("test.classes")
  99                 + File.separator + "patches" + File.separator + "java.base";
 100         return kt(patchArg + " -genkeypair -alias " + alias
 101                 + " -dname CN=" + alias + " " + options);
 102     }
 103 
 104     static OutputAnalyzer kt(String cmd)
 105             throws Exception {
 106         return SecurityTools.keytool("-storepass changeit -keypass changeit "
 107                 + "-keystore ks " + cmd);
 108     }
 109 
 110     static void check(X509Certificate cert, String expectedKeyAlg,
 111             ObjectIdentifier expectedMdAlg) throws Exception {
 112         Asserts.assertEQ(cert.getPublicKey().getAlgorithm(), expectedKeyAlg);
 113         Asserts.assertEQ(cert.getSigAlgName(), "RSASSA-PSS");
 114         DerUtils.checkAlg(cert.getSigAlgParams(), "000", expectedMdAlg);
 115     }
 116 }