1 /*
   2  * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 8138766 8227059 8227595
  27  * @summary New default -sigalg for keytool
  28  * @library /test/lib
  29  * @build java.base/sun.security.rsa.RSAKeyPairGenerator
  30  *        java.base/sun.security.provider.DSAKeyPairGenerator
  31  *        jdk.crypto.ec/sun.security.ec.ECKeyPairGenerator
  32  * @requires os.family != "solaris"
  33  * @run main DefaultSignatureAlgorithm
  34  * @modules jdk.crypto.ec
  35  */
  36 
  37 // This test is excluded from Solaris because the RSA key pair generator
  38 // is extremely slow there with a big keysize. Please note the fake
  39 // KeyPairGenerator will not be used because of provider preferences.
  40 
  41 import jdk.test.lib.Asserts;
  42 import jdk.test.lib.SecurityTools;
  43 import jdk.test.lib.process.OutputAnalyzer;
  44 
  45 import java.io.File;
  46 import java.security.KeyStore;
  47 import java.security.cert.X509Certificate;
  48 
  49 public class DefaultSignatureAlgorithm {
  50 
  51     static int pos = 0;
  52 
  53     public static void main(String[] args) throws Exception {
  54         check("RSA", 1024, null, "SHA256withRSA");
  55         check("RSA", 3072, null, "SHA256withRSA");
  56         check("RSA", 3073, null, "SHA384withRSA");
  57         check("RSA", 7680, null, "SHA384withRSA");
  58         check("RSA", 7681, null, "SHA512withRSA");
  59 
  60         check("DSA", 1024, null, "SHA256withDSA");
  61         check("DSA", 3072, null, "SHA256withDSA");
  62 
  63         check("EC", 192, null, "SHA256withECDSA");
  64         check("EC", 384, null, "SHA384withECDSA");
  65         check("EC", 571, null, "SHA512withECDSA");
  66 
  67         check("EC", 571, "SHA256withECDSA", "SHA256withECDSA");
  68     }
  69 
  70     private static void check(String keyAlg, int keySize,
  71             String requestedSigAlg, String expectedSigAlg)
  72             throws Exception {
  73         String alias = keyAlg + keySize + "-" + pos++;
  74         String sigAlgParam = requestedSigAlg == null
  75                 ? ""
  76                 : (" -sigalg " + requestedSigAlg);
  77         genkeypair(alias,
  78                 "-keyalg " + keyAlg + " -keysize " + keySize + sigAlgParam)
  79             .shouldHaveExitValue(0);
  80 
  81         KeyStore ks = KeyStore.getInstance(
  82                 new File("ks"), "changeit".toCharArray());
  83         X509Certificate cert = (X509Certificate)ks.getCertificate(alias);
  84         Asserts.assertEQ(cert.getPublicKey().getAlgorithm(), keyAlg);
  85         Asserts.assertEQ(cert.getSigAlgName(), expectedSigAlg);
  86     }
  87 
  88     static OutputAnalyzer genkeypair(String alias, String options)
  89             throws Exception {
  90         String patchArg = "-J-Djdk.sunec.disableNative=false " +
  91                 "-J--patch-module=java.base="
  92                 + System.getProperty("test.classes")
  93                 + File.separator + "patches" + File.separator + "java.base"
  94                 + " -J--patch-module=jdk.crypto.ec="
  95                 + System.getProperty("test.classes")
  96                 + File.separator + "patches" + File.separator + "jdk.crypto.ec";
  97         return kt(patchArg + " -genkeypair -alias " + alias
  98                 + " -dname CN=" + alias + " " + options);
  99     }
 100 
 101     static OutputAnalyzer kt(String cmd)
 102             throws Exception {
 103         return SecurityTools.keytool("-storepass changeit -keypass changeit "
 104                 + "-keystore ks " + cmd);
 105     }
 106 }