File: EntryProtectionTest.java

package info (click to toggle)
openjdk-11 11.0.4%2B11-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 757,028 kB
  • sloc: java: 5,016,041; xml: 1,191,974; cpp: 934,731; ansic: 555,697; sh: 24,299; objc: 12,703; python: 3,602; asm: 3,415; makefile: 2,772; awk: 351; sed: 172; perl: 114; jsp: 24; csh: 3
file content (154 lines) | stat: -rw-r--r-- 7,005 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
 
/*
 * Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
import java.io.File;
import static java.lang.System.err;
import java.security.*;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Random;
import javax.crypto.spec.PBEParameterSpec;
import jdk.test.lib.RandomFactory;
import static java.lang.System.out;
import java.util.Arrays;

/**
 * @test
 * @bug 8048830
 * @summary Test for feature 'support stronger entry protection'. An entry is
 * stored to keystore with different PasswordProtection objects which are
 * specified by different PBE algorithms (use -Dseed=X to set PRNG seed)
 * @library /test/lib /lib/testlibrary ../
 * @key randomness
 * @build jdk.test.lib.RandomFactory
 * @run main EntryProtectionTest
 */
public class EntryProtectionTest {
    private static final char[] PASSWORD = "passwd".toCharArray();
    private static final String ALIAS = "testkey";
    private static final byte[] SALT = new byte[8];
    private static final int ITERATION_COUNT = 1024;
    private static final List<KeyStore.PasswordProtection> PASSWORD_PROTECTION
            = new ArrayList<>();
    private static final String KEYSTORE_PATH = System.getProperty(
            "test.classes" + File.separator + "ks.pkcs12",
            "." + File.separator + "ks.pkcs12");

    private void runTest() throws Exception {
            KeyStore ksIn = Utils.loadKeyStore(KEYSTORE_PATH,
                    Utils.KeyStoreType.pkcs12, PASSWORD);
            KeyStore ksTest = KeyStore
                    .getInstance(Utils.KeyStoreType.pkcs12.name());
            ksTest.load(null);
            Certificate cert = ksIn.getCertificate(ALIAS);
            Key key = ksIn.getKey(ALIAS, PASSWORD);
            KeyStore.Entry keyStoreEntry = new KeyStore.PrivateKeyEntry(
                    (PrivateKey) key, new Certificate[]{cert});
            for (KeyStore.PasswordProtection passwordAlgorithm :
                    PASSWORD_PROTECTION) {
                out.println("Try to use: " +
                        passwordAlgorithm.getProtectionAlgorithm());
                ksTest.setEntry(ALIAS, keyStoreEntry, passwordAlgorithm);
                KeyStore.Entry entryRead = ksTest.getEntry(ALIAS,
                        new KeyStore.PasswordProtection(PASSWORD));
                if (!isPrivateKeyEntriesEqual((KeyStore.PrivateKeyEntry)
                        keyStoreEntry, (KeyStore.PrivateKeyEntry)entryRead)) {
                    err.println("Original entry in KeyStore: " + keyStoreEntry);
                    err.println("Enc/Dec entry : " + entryRead);
                    throw new RuntimeException(
                            String.format(
                                    "Decrypted & original enities do "
                                    + "not match. Algo: %s, Actual: %s, "
                                    + "Expected: %s",
                                    passwordAlgorithm.getProtectionAlgorithm(),
                                    entryRead, keyStoreEntry));
                }
                ksTest.deleteEntry(ALIAS);
            }
            out.println("Test Passed");
    }

    public static void main(String args[]) throws Exception {
        EntryProtectionTest entryProtectionTest = new EntryProtectionTest();
        entryProtectionTest.setUp();
        entryProtectionTest.runTest();
    }

    private void setUp() {
        out.println("Using KEYSTORE_PATH:"+KEYSTORE_PATH);
        Utils.createKeyStore(Utils.KeyStoreType.pkcs12, KEYSTORE_PATH, ALIAS);
        Random rand = RandomFactory.getRandom();
        rand.nextBytes(SALT);
        out.print("Salt: ");
        for (byte b : SALT) {
            out.format("%02X ", b);
        }
        out.println("");
        PASSWORD_PROTECTION
                .add(new KeyStore.PasswordProtection(PASSWORD,
                                "PBEWithMD5AndDES", new PBEParameterSpec(SALT,
                                        ITERATION_COUNT)));
        PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD,
                "PBEWithSHA1AndDESede", null));
        PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD,
                "PBEWithSHA1AndRC2_40", null));
        PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD,
                "PBEWithSHA1AndRC2_128", null));
        PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD,
                "PBEWithSHA1AndRC4_40", null));
        PASSWORD_PROTECTION.add(new KeyStore.PasswordProtection(PASSWORD,
                "PBEWithSHA1AndRC4_128", null));
    }

    /**
     * Checks whether given two KeyStore.PrivateKeyEntry parameters are equal
     * The KeyStore.PrivateKeyEntry fields like {privateKey, certificateChain[]}
     * are checked for equality and another field Set<attributes> is not checked
     * as default implementation adds few PKCS12 attributes during read
     * operation
     * @param  first
     *         parameter is of type KeyStore.PrivateKeyEntry
     * @param  second
     *         parameter is of type KeyStore.PrivateKeyEntry
     * @return boolean
     *         true when both the KeyStore.PrivateKeyEntry fields are equal
    */
    boolean isPrivateKeyEntriesEqual(KeyStore.PrivateKeyEntry first,
            KeyStore.PrivateKeyEntry second) {
        //compare privateKey
        if (!Arrays.equals(first.getPrivateKey().getEncoded(),
                second.getPrivateKey().getEncoded())) {
            err.println("Mismatch found in privateKey!");
            return false;
        }
        //compare certificateChain[]
        if (!Arrays.equals(first.getCertificateChain(),
                second.getCertificateChain())) {
            err.println("Mismatch found in certificate chain!");
            return false;
        }
        return true;
    }
}