├── cryptotest ├── tests │ ├── test.jks │ ├── test.jks.orig │ ├── SaslServerFactoryBase.java │ ├── regenerateTestStoreChain1.sh │ ├── MessageDigestTests.java │ ├── SecureRandomTests.java │ ├── TrustManagerFactoryTests.java │ ├── PolicyTests.java │ ├── SaslClientFactoryTests.java │ ├── KeyManagerFactoryTests.java │ ├── TerminalFactoryTests.java │ ├── AlgorithmParameterGeneratorTests.java │ ├── KeyStoreTests.java │ ├── SaslServerFactoryTests.java │ ├── ConfigurationTests.java │ ├── KeyPairGeneratorTests.java │ ├── SSLContextTests.java │ ├── CertStoreTests.java │ ├── KeyAgreementTests.java │ ├── KeyInfoFactoryTests.java │ ├── CertPathBuilderTests.java │ ├── MacTests.java │ ├── CertPathValidatorTests.java │ ├── SaslServerFactoryGssapiTest.java │ ├── TestProviders.java │ ├── KEMTests.java │ ├── SecretKeyFactoryTests.java │ ├── CertificateFactoryTests.java │ ├── AlgorithmParametersTests.java │ ├── KeyGeneratorTests.java │ ├── CipherTests.java │ ├── XMLSignatureFactoryTests.java │ └── SignatureTests.java ├── utils │ ├── AlgorithmRunException.java │ ├── AlgorithmInstantiationException.java │ ├── AlgorithmIgnoredException.java │ ├── Xml.java │ ├── TestResult.java │ ├── ClassFinder.java │ ├── AlgorithmTest.java │ └── Misc.java ├── Settings.java └── CryptoTest.java ├── TEST.ROOT ├── .gitignore ├── PropDeps.java ├── LICENSE ├── README.md ├── Makefile ├── .github └── workflows │ └── test.yaml └── run.sh /cryptotest/tests/test.jks: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/judovana/CryptoTest/master/cryptotest/tests/test.jks -------------------------------------------------------------------------------- /cryptotest/tests/test.jks.orig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/judovana/CryptoTest/master/cryptotest/tests/test.jks.orig -------------------------------------------------------------------------------- /TEST.ROOT: -------------------------------------------------------------------------------- 1 | maxOutputSize=1000000 2 | # there are tests which requires preset krb kdc. 3 | # those will be skiped if such setup do not exists 4 | requires.extraPropDefns = PropDeps.java 5 | requires.properties = \ 6 | cryptotests.krb.kdc.enabled 7 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled class file 2 | *.class 3 | 4 | # Log file 5 | *.log 6 | 7 | # BlueJ files 8 | *.ctxt 9 | 10 | # Mobile Tools for Java (J2ME) 11 | .mtj.tmp/ 12 | 13 | # Package Files # 14 | *.jar 15 | *.war 16 | *.ear 17 | *.zip 18 | *.tar.gz 19 | *.rar 20 | 21 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml 22 | hs_err_pid* 23 | 24 | .idea/ 25 | *.iml 26 | 27 | # Directory with compiled classes made by Makefile 28 | classes 29 | 30 | # Jtreg dirs 31 | jtreg 32 | test.* 33 | 34 | jtreg*.tar.gz 35 | -------------------------------------------------------------------------------- /PropDeps.java: -------------------------------------------------------------------------------- 1 | import java.util.List; 2 | import java.util.ArrayList; 3 | import java.util.Map; 4 | import java.util.HashMap; 5 | import java.util.concurrent.Callable; 6 | 7 | public class PropDeps implements Callable> { 8 | 9 | boolean checkProp(String var) { 10 | String varval = System.getProperty(var); 11 | if (varval == null) { return true; } 12 | return ! varval.equalsIgnoreCase("1"); 13 | } 14 | 15 | @Override 16 | public Map call() { 17 | Map map = new HashMap(); 18 | map.put("cryptotests.krb.kdc.enabled", checkProp("cryptotests.skipAgentTests") ? "true": "false"); 19 | return map; 20 | } 21 | 22 | public static void main(String[] args) { 23 | for (Map.Entry entry: new PropDeps().call().entrySet()) { 24 | System.out.println(entry.getKey() + ": " + entry.getValue()); 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016, 2022 CryptoTests authors 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /cryptotest/utils/AlgorithmRunException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | package cryptotest.utils; 26 | 27 | /** 28 | * 29 | * for cases when we were not able to run the algorithm 30 | */ 31 | public class AlgorithmRunException extends Exception { 32 | 33 | public AlgorithmRunException(Exception ex) { 34 | super(ex); 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /cryptotest/utils/AlgorithmInstantiationException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | package cryptotest.utils; 26 | 27 | /** 28 | * 29 | * for cases when we were not even able to instantiate the algorithm 30 | */ 31 | public class AlgorithmInstantiationException extends Exception { 32 | 33 | public AlgorithmInstantiationException(Exception ex) { 34 | super(ex); 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /cryptotest/utils/AlgorithmIgnoredException.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2023 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | package cryptotest.utils; 26 | 27 | /** 28 | * 29 | * This exception indicates that algorithm testing was skipped 30 | * but is not treated as failure. 31 | * Possible use cases: 32 | * - testing of algorithm does not make sence (or does not fully work) 33 | * in given configuration (e.g. failure is NOT A BUG) 34 | * - testing of given algorithm is not yet implemented.. 35 | * (e.g. difficult to test) 36 | */ 37 | public class AlgorithmIgnoredException extends RuntimeException { 38 | 39 | public AlgorithmIgnoredException() { 40 | } 41 | 42 | public AlgorithmIgnoredException(String s) { 43 | super(s); 44 | } 45 | 46 | } 47 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CryptoTest 2 | Complete example of java crypto API 3 | 4 | This "test" is able to iterate through all algorithms (even aliases) which every java crypto provider provides. 5 | Every algorithm is initialised, and used. This is probably hugest collection of usages of java crypto api. I'm afraid some of the apis were not used in last 10 years anywhere else (eg xml parts, as they have much more suitable wrappers in JDK). 6 | 7 | ## Usage 8 | 9 | ## Jtregs 10 | A recomanded way to run this is via jtregs. The `run.sh` takes one argument - jdk to test. Optional second argument is bugid or directory to run. 11 | `run.sh` will download jtreg for you, unless there already is jtreg or unless you set `JTREG_HOME`. If you need custom runner, `JAVA_HOME` is accepted. 12 | 13 | Some of the test are using 3rd party agent machie which reply to **kerberos** login responses, set its hostname via `AGENT_HOSTNAME=agent.example.com`, if you do ot wish to run them set ` SKIP_AGENT_TESTS=1`. 14 | 15 | ### Make 16 | 17 | Set tested JDK using JAVA_HOME env. variable e.g.: 18 | ``` 19 | export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk 20 | ``` 21 | To run the whole thing, simply run make: 22 | ``` 23 | make 24 | ``` 25 | to set agent hostname, required by some tests, use AGENT_HOSTNAME parameter. (Agent expects to have same krb setup as expected by [jck](https://web.archive.org/web/20201126185131/https://icedtea.classpath.org/wiki/JCKDistilled#kerberos_prep). Use your domain for service prinicpal, e.g. http/service.example.com). 26 | ``` 27 | make AGENT_HOSTNAME=agent.example.com 28 | ``` 29 | to skip tests, which require agent, use SKIP_AGENT_TESTS parameter: 30 | ``` 31 | make SKIP_AGENT_TESTS=1 32 | ``` 33 | You can list individual tests using: 34 | ``` 35 | make list-tests 36 | ``` 37 | To Run some individual test use e.g.: 38 | ``` 39 | make CipherTests 40 | ``` 41 | 42 | ## Credits 43 | 44 | This project would never be created without extensive help of 45 | * sparkoo@github 46 | * oklinov@github 47 | * mzezulka@redhat 48 | * pmikova@redhat 49 | * zzambers@redhat 50 | * jvanek@redhat 51 | -------------------------------------------------------------------------------- /cryptotest/tests/SaslServerFactoryBase.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | package cryptotest.tests; 26 | 27 | import cryptotest.utils.AlgorithmTest; 28 | import cryptotest.utils.Misc; 29 | 30 | public abstract class SaslServerFactoryBase extends AlgorithmTest { 31 | 32 | 33 | @Override 34 | public String getTestedPart() { 35 | return "SaslServerFactory"; 36 | } 37 | 38 | protected void setSaslProps() { 39 | //allows us to read subject's credentials from sources different from 40 | //instantiated Subject, such as normal file or OS cache; for more information, please consult the following link: 41 | //http://docs.oracle.com/javase/7/docs/technotes/guides/security/jgss/tutorials/BasicClientServer.html#useSub 42 | System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); 43 | System.setProperty("java.security.krb5.conf",Misc.createTmpKrb5File().getPath()); 44 | } 45 | 46 | } 47 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | JAVA ?= $(shell if [ -n "$(JAVA_HOME)" ] ; then printf '%s/bin/java' "$(JAVA_HOME)" ; else printf 'java' ; fi ) 2 | JAVAC ?= $(shell if [ -n "$(JAVA_HOME)" ] ; then printf '%s/bin/javac' "$(JAVA_HOME)" ; else printf 'javac' ; fi ) 3 | 4 | JAVA_VERSION_MAJOR := $(shell "$(JAVA)" -version 2>&1 | grep version | head -n 1 | sed -E 's/^.*"(1[.])?([0-9]+).*$$/\2/g' ) 5 | 6 | MOD_ARGS := $(shell [ $(JAVA_VERSION_MAJOR) -gt 8 ] && printf '%s' ' --add-reads java.base=ALL-UNNAMED --add-exports java.base/com.sun.crypto.provider=ALL-UNNAMED --add-exports java.base/sun.security.internal.spec=ALL-UNNAMED --add-exports java.base/sun.security.ssl=ALL-UNNAMED --add-exports java.base/sun.security.x509=ALL-UNNAMED --add-reads java.security.jgss=ALL-UNNAMED --add-exports java.security.jgss/sun.security.jgss=ALL-UNNAMED --add-exports java.security.jgss/sun.security.jgss.krb5=ALL-UNNAMED --add-exports java.security.jgss/sun.security.krb5=ALL-UNNAMED --add-reads java.xml.crypto=ALL-UNNAMED --add-exports java.xml.crypto/org.jcp.xml.dsig.internal.dom=ALL-UNNAMED --add-opens java.base/java.security=ALL-UNNAMED ' ) 7 | JAVA_MOD_ARGS := $(MOD_ARGS) 8 | JAVAC_MOD_ARGS := $(shell [ $(JAVA_VERSION_MAJOR) -le 8 ] && printf '%s' '-XDignore.symbol.file=true ' ; printf '%s' "$(MOD_ARGS)" ) 9 | 10 | # to allow exclude tests for some jdk 11 | TESTS_EXCLUDE := $(shell printf '%s' ".*[.]sh" ; ) 12 | 13 | SKIP_AGENT_TESTS_ARG := $(shell [ 1 = "$(SKIP_AGENT_TESTS)" ] && printf '%s' '-Dcryptotests.skipAgentTests=1' ) 14 | AGENT_HOSTNAME_ARG := $(shell [ -n "$(AGENT_HOSTNAME)" ] && printf '%s=%s' '-Dcryptotests.agentHostName' "$(AGENT_HOSTNAME)" ) 15 | 16 | TEST_NAMES := $(patsubst cryptotest/tests/%Tests.java,%Tests,$(wildcard cryptotest/tests/*Tests.java)) 17 | 18 | .PHONY: clean CryptoTest all list-tests $(TEST_NAMES) 19 | 20 | all: CryptoTest 21 | 22 | clean: 23 | rm -rf classes 24 | 25 | classes: 26 | mkdir -p classes 27 | $(JAVAC) $(JAVAC_MOD_ARGS) -d classes $(shell find cryptotest -name '*.java' | grep -v -E "$(TESTS_EXCLUDE)" ) 28 | cp cryptotest/tests/test.jks classes/cryptotest/tests 29 | 30 | CryptoTest: | classes 31 | $(JAVA) $(JAVA_MOD_ARGS) -cp classes $(SKIP_AGENT_TESTS_ARG) $(AGENT_HOSTNAME_ARG) cryptotest.CryptoTest 32 | 33 | list-tests: 34 | @printf '%s\n' $(TEST_NAMES) | tr ' ' '\n' | sort 35 | 36 | $(TEST_NAMES): | classes 37 | $(JAVA) $(JAVA_MOD_ARGS) -cp classes $(SKIP_AGENT_TESTS_ARG) $(AGENT_HOSTNAME_ARG) cryptotest.tests.$@ 38 | -------------------------------------------------------------------------------- /cryptotest/utils/Xml.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | package cryptotest.utils; 26 | 27 | import java.io.ByteArrayInputStream; 28 | import java.io.IOException; 29 | import java.io.InputStream; 30 | import java.nio.charset.StandardCharsets; 31 | import javax.xml.parsers.DocumentBuilder; 32 | import javax.xml.parsers.DocumentBuilderFactory; 33 | import javax.xml.parsers.ParserConfigurationException; 34 | import org.w3c.dom.Document; 35 | import org.w3c.dom.Node; 36 | import org.xml.sax.SAXException; 37 | 38 | public class Xml { 39 | 40 | public static Node fakeXml() { 41 | try { 42 | return fakeXmlImpl(); 43 | } catch (Exception ex) { 44 | ex.printStackTrace(); 45 | return null; 46 | } 47 | } 48 | 49 | public static Node fakeXmlImpl() throws IOException, SAXException, ParserConfigurationException { 50 | DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory 51 | .newInstance(); 52 | DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); 53 | InputStream stream = new ByteArrayInputStream("".getBytes(StandardCharsets.UTF_8)); 54 | Document document = documentBuilder.parse(stream); 55 | return document.getDocumentElement(); 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /cryptotest/Settings.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | package cryptotest; 26 | 27 | 28 | public class Settings { 29 | 30 | private static boolean getBooleanProperty(String name, boolean defaultValue) { 31 | String val = System.getProperty(name); 32 | if (val != null) { 33 | String valLow = val.toLowerCase(); 34 | if (valLow.equals("1") || valLow.equals("true")) { 35 | return true; 36 | } else if (valLow.equals("0") || valLow.equals("false")) { 37 | return false; 38 | } 39 | } 40 | return defaultValue; 41 | } 42 | 43 | public static String agentHostName = System.getProperty("cryptotests.agentHostName"); 44 | 45 | public static boolean skipAgentTests = getBooleanProperty("cryptotests.skipAgentTests", false); 46 | //not only names of algorithms will be invoked, but also all aliases. Number of tests multiply by aprox 3, but right thing to do 47 | public static boolean testAliases = true; 48 | 49 | public static class VerbositySettings { 50 | 51 | public static boolean printAtts = true; 52 | public static boolean printAliases = true; 53 | //whether to stdout various byte[] crypto results 54 | public static boolean printResults = false; 55 | public static boolean printStacks = false; 56 | } 57 | 58 | } 59 | -------------------------------------------------------------------------------- /cryptotest/tests/regenerateTestStoreChain1.sh: -------------------------------------------------------------------------------- 1 | # The MIT License 2 | # 3 | # Copyright 2022 Red Hat, Inc. 4 | # 5 | # Permission is hereby granted, free of charge, to any person obtaining a copy 6 | # of this software and associated documentation files (the "Software"), to deal 7 | # in the Software without restriction, including without limitation the rights 8 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | # copies of the Software, and to permit persons to whom the Software is 10 | # furnished to do so, subject to the following conditions: 11 | # 12 | # The above copyright notice and this permission notice shall be included in 13 | # all copies or substantial portions of the Software. 14 | # 15 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | # THE SOFTWARE. 22 | 23 | # for CertPathValidatorTests 24 | set -ex 25 | STORE=test.jks 26 | PASSWD=password 27 | KS="-keystore $STORE" 28 | PS="-storepass $PASSWD" 29 | KP="-keypass $PASSWD" 30 | PSKS="$KS $PS" 31 | ca=companythatdoesnotexist 32 | chain1=intermediatecompanycertificate 33 | chain2=thirdcompany 34 | validity="-validity 2000" 35 | alg="-keyalg RSA" 36 | 37 | # clena legacy and new 38 | rm -fv *.pem 39 | keytool -list $PSKS ; 40 | for tcaw in $ca $chain1 $chain2 ca root server; do 41 | echo $tcaw ; 42 | keytool -delete -alias $tcaw $PSKS || true 43 | done 44 | keytool -list $PSKS ; 45 | 46 | # in original tutorial is bc:c 47 | keytool -genkeypair $PSKS $KP $validity $alg -alias root -ext bc:ca:true -dname "ou=root, o=root, c=root" 48 | keytool -genkeypair $PSKS $KP $validity $alg -alias ca -ext bc:ca:true -dname "ou=ca, o=ca, c=ca" 49 | keytool -genkeypair $PSKS $KP $validity $alg -alias server -dname "cn=server, ou=server, o=server, c=server" 50 | 51 | keytool $PSKS -alias root -exportcert -rfc > root.pem 52 | keytool $PSKS -certreq -alias ca | keytool $PSKS -gencert $validity -alias root -ext BC=0 -rfc > ca.pem 53 | 54 | cat root.pem ca.pem > cachain.pem 55 | keytool $PSKS -importcert -alias ca -file cachain.pem 56 | 57 | keytool $PSKS -certreq -alias server | keytool -$PSKS -gencert $validity -alias ca -ext ku:c=dig,keyEncipherment -rfc > server.pem 58 | cat root.pem ca.pem server.pem > serverchain.pem 59 | keytool $PSKS -importcert -alias server -file serverchain.pem 60 | 61 | rm -fv *.pem 62 | keytool -list -v $PSKS ; 63 | 64 | #see the difference between test.jks.orig and this new one. Here the server (thirdcomapny in orig) have chain length of FOUR (had just three) 65 | -------------------------------------------------------------------------------- /cryptotest/tests/MessageDigestTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1422738 29 | * @library / 30 | * @build cryptotest.tests.MessageDigestTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.TestResult 36 | * @run main/othervm cryptotest.tests.MessageDigestTests 37 | */ 38 | 39 | package cryptotest.tests; 40 | 41 | import cryptotest.utils.AlgorithmInstantiationException; 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | 46 | import java.security.*; 47 | 48 | public class MessageDigestTests extends AlgorithmTest { 49 | 50 | /** 51 | * @param args the command line arguments 52 | */ 53 | public static void main(String[] args) { 54 | TestResult r = new MessageDigestTests().mainLoop(); 55 | System.out.println(r.getExplanation()); 56 | System.out.println(r.toString()); 57 | r.assertItself(); 58 | } 59 | 60 | @Override 61 | protected void checkAlgorithm(Provider.Service service, String alias) throws 62 | AlgorithmInstantiationException, AlgorithmRunException { 63 | try { 64 | MessageDigest md = MessageDigest.getInstance(alias, service.getProvider()); 65 | byte[] b = new byte[]{1, 2, 3}; 66 | printResult(md.digest(b)); 67 | printResult(md.digest()); 68 | } catch (NoSuchAlgorithmException ex) { 69 | throw new AlgorithmInstantiationException(ex); 70 | } catch (UnsupportedOperationException | InvalidParameterException | ProviderException ex) { 71 | throw new AlgorithmRunException(ex); 72 | } 73 | 74 | } 75 | 76 | @Override 77 | public String getTestedPart() { 78 | return "MessageDigest"; 79 | } 80 | 81 | } 82 | -------------------------------------------------------------------------------- /cryptotest/tests/SecureRandomTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1422738 29 | * @library / 30 | * @build cryptotest.tests.SecureRandomTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.TestResult 36 | * @run main/othervm cryptotest.tests.SecureRandomTests 37 | */ 38 | 39 | package cryptotest.tests; 40 | 41 | import cryptotest.utils.AlgorithmInstantiationException; 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | 46 | import java.security.InvalidParameterException; 47 | import java.security.NoSuchAlgorithmException; 48 | import java.security.Provider; 49 | import java.security.ProviderException; 50 | 51 | public class SecureRandomTests extends AlgorithmTest { 52 | 53 | /** 54 | * @param args the command line arguments 55 | */ 56 | public static void main(String[] args) { 57 | TestResult r = new SecureRandomTests().mainLoop(); 58 | System.out.println(r.getExplanation()); 59 | System.out.println(r.toString()); 60 | r.assertItself(); 61 | } 62 | 63 | @Override 64 | protected void checkAlgorithm(Provider.Service service, String alias) throws 65 | AlgorithmInstantiationException, AlgorithmRunException { 66 | try { 67 | java.security.SecureRandom sr = java.security.SecureRandom.getInstance(alias, service.getProvider()); 68 | //blocking may wait really long time on headless system, so lets live with init only 69 | if (!service.getAlgorithm().equals("NativePRNGBlocking")) { 70 | int res = sr.nextInt(); 71 | AlgorithmTest.printResult(res); 72 | 73 | } 74 | } catch (NoSuchAlgorithmException ex) { 75 | throw new AlgorithmInstantiationException(ex); 76 | } catch (UnsupportedOperationException | InvalidParameterException | ProviderException ex) { 77 | throw new AlgorithmRunException(ex); 78 | } 79 | 80 | } 81 | 82 | @Override 83 | public String getTestedPart() { 84 | return "SecureRandom"; 85 | } 86 | 87 | } 88 | -------------------------------------------------------------------------------- /cryptotest/tests/TrustManagerFactoryTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | /* 25 | * @test 26 | * @modules java.base/java.security:open 27 | * @bug 1022017 28 | * @library / 29 | * @build cryptotest.tests.TrustManagerFactoryTests 30 | * cryptotest.Settings 31 | * cryptotest.utils.AlgorithmInstantiationException 32 | * cryptotest.utils.AlgorithmRunException 33 | * cryptotest.utils.AlgorithmTest 34 | * cryptotest.utils.TestResult 35 | * @run main/othervm cryptotest.tests.TrustManagerFactoryTests 36 | */ 37 | 38 | package cryptotest.tests; 39 | 40 | import cryptotest.utils.AlgorithmInstantiationException; 41 | import cryptotest.utils.AlgorithmRunException; 42 | import cryptotest.utils.AlgorithmTest; 43 | import cryptotest.utils.TestResult; 44 | 45 | import javax.net.ssl.TrustManager; 46 | import javax.net.ssl.TrustManagerFactory; 47 | import java.io.IOException; 48 | import java.security.KeyStore; 49 | import java.security.KeyStoreException; 50 | import java.security.NoSuchAlgorithmException; 51 | import java.security.Provider; 52 | import java.security.cert.CertificateException; 53 | 54 | public class TrustManagerFactoryTests extends AlgorithmTest { 55 | public static void main(String[] args) { 56 | TestResult r = new TrustManagerFactoryTests().mainLoop(); 57 | System.out.println(r.getExplanation()); 58 | System.out.println(r.toString()); 59 | r.assertItself(); 60 | } 61 | 62 | @Override 63 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 64 | try { 65 | TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(alias, service.getProvider()); 66 | 67 | KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 68 | ks.load(null, new char[]{104, 111, 118, 110, 111}); 69 | 70 | trustManagerFactory.init(ks); 71 | TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); 72 | 73 | if (trustManagers == null || trustManagers.length == 0) { 74 | throw new UnsupportedOperationException("trustManagers are null or 0 length for " + service.getAlgorithm() + " in" 75 | + service.getProvider().getName()); 76 | } 77 | } catch (CertificateException | KeyStoreException | IOException e) { 78 | throw new AlgorithmRunException(e); 79 | } catch (NoSuchAlgorithmException e) { 80 | throw new AlgorithmInstantiationException(e); 81 | } 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /cryptotest/tests/PolicyTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1022017 29 | * @library / 30 | * @build cryptotest.tests.PolicyTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.TestResult 36 | * @run main/othervm cryptotest.tests.PolicyTests 37 | */ 38 | 39 | package cryptotest.tests; 40 | 41 | import cryptotest.utils.AlgorithmInstantiationException; 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | 46 | import java.net.MalformedURLException; 47 | import java.net.URL; 48 | import java.security.CodeSigner; 49 | import java.security.CodeSource; 50 | import java.security.NoSuchAlgorithmException; 51 | import java.security.PermissionCollection; 52 | import java.security.Policy; 53 | import java.security.ProtectionDomain; 54 | import java.security.Provider; 55 | import java.util.PropertyPermission; 56 | 57 | public class PolicyTests extends AlgorithmTest { 58 | 59 | public static void main(String[] args) { 60 | TestResult r = new PolicyTests().mainLoop(); 61 | System.out.println(r.getExplanation()); 62 | System.out.println(r.toString()); 63 | r.assertItself(); 64 | } 65 | 66 | @Override 67 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, 68 | AlgorithmRunException { 69 | try { 70 | final CodeSource codeSource = new CodeSource(new URL("http://localhost"), (CodeSigner[]) null); 71 | Policy policy = Policy.getInstance(alias, null, service.getProvider()); 72 | 73 | policy.refresh(); 74 | PermissionCollection permissions = policy.getPermissions(codeSource); 75 | boolean versionPolicy = policy.implies(new ProtectionDomain(codeSource, null), 76 | new PropertyPermission("java.version", "read")); 77 | if (permissions == null || !versionPolicy) { 78 | throw new UnsupportedOperationException("Permission cant be reached for " + service.getAlgorithm() + 79 | " in" + service.getProvider().getName()); 80 | } 81 | } catch (NoSuchAlgorithmException e) { 82 | throw new AlgorithmInstantiationException(e); 83 | } catch (UnsupportedOperationException | MalformedURLException e) { 84 | throw new AlgorithmRunException(e); 85 | } 86 | } 87 | } 88 | -------------------------------------------------------------------------------- /cryptotest/tests/SaslClientFactoryTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1022017 29 | * @library / 30 | * @build cryptotest.tests.SaslClientFactoryTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.Misc 36 | * cryptotest.utils.TestResult 37 | * @run main/othervm cryptotest.tests.SaslClientFactoryTests 38 | */ 39 | 40 | package cryptotest.tests; 41 | 42 | import cryptotest.utils.AlgorithmInstantiationException; 43 | import cryptotest.utils.AlgorithmRunException; 44 | import cryptotest.utils.AlgorithmTest; 45 | import cryptotest.utils.Misc; 46 | import cryptotest.utils.TestResult; 47 | import java.security.Provider; 48 | import java.util.HashMap; 49 | import javax.security.sasl.Sasl; 50 | import javax.security.sasl.SaslClient; 51 | import javax.security.sasl.SaslException; 52 | 53 | public class SaslClientFactoryTests extends AlgorithmTest { 54 | 55 | public static void main(String[] args) { 56 | TestResult r = new SaslClientFactoryTests().mainLoop(); 57 | System.out.println(r.getExplanation()); 58 | System.out.println(r.toString()); 59 | r.assertItself(); 60 | } 61 | 62 | @Override 63 | public String getTestedPart() { 64 | return "SaslClientFactory"; 65 | } 66 | 67 | @Override 68 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 69 | System.setProperty("java.security.krb5.conf", 70 | Misc.createTmpKrb5File().getPath()); 71 | try { 72 | String[] mechanisms = new String[]{alias}; 73 | SaslClient client = Sasl.createSaslClient(mechanisms, "user1", 74 | "ldap", "127.0.0.1", new HashMap(), Misc.getNamePasswdRealmHandler()); //note that this ldap handler may use differrent replyes at the end (then kerberos one) 75 | if (client != null) { 76 | printResult("Mechanism is '" + client.getMechanismName() 77 | + "' and authentication is " + (client.isComplete() ? "" : "NOT ") 78 | + "complete"); 79 | } else { 80 | throw new AlgorithmRunException(new RuntimeException( 81 | String.format("client null, provider '%s' and alias '%s'", service.getAlgorithm(), alias))); 82 | } 83 | } catch (SaslException ex) { 84 | throw new AlgorithmInstantiationException(ex); 85 | } 86 | } 87 | } 88 | -------------------------------------------------------------------------------- /cryptotest/tests/KeyManagerFactoryTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1422738 29 | * @library / 30 | * @build cryptotest.tests.KeyManagerFactoryTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.TestResult 36 | * @run main/othervm cryptotest.tests.KeyManagerFactoryTests 37 | */ 38 | 39 | package cryptotest.tests; 40 | 41 | import cryptotest.utils.AlgorithmInstantiationException; 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | 46 | import javax.net.ssl.KeyManager; 47 | import javax.net.ssl.KeyManagerFactory; 48 | import java.io.IOException; 49 | import java.security.KeyStore; 50 | import java.security.KeyStoreException; 51 | import java.security.NoSuchAlgorithmException; 52 | import java.security.Provider; 53 | import java.security.UnrecoverableKeyException; 54 | import java.security.cert.CertificateException; 55 | 56 | public class KeyManagerFactoryTests extends AlgorithmTest { 57 | 58 | public static void main(String[] args) { 59 | TestResult r = new KeyManagerFactoryTests().mainLoop(); 60 | System.out.println(r.getExplanation()); 61 | System.out.println(r.toString()); 62 | r.assertItself(); 63 | } 64 | 65 | @Override 66 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, 67 | AlgorithmRunException { 68 | try { 69 | KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(alias, service.getProvider()); 70 | 71 | KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 72 | ks.load(null, new char[]{104, 111, 118, 110, 111}); 73 | 74 | keyManagerFactory.init(ks, new char[]{112, 114, 100, 101, 108}); 75 | 76 | KeyManager[] keyManagers = keyManagerFactory.getKeyManagers(); 77 | if (keyManagers == null || keyManagers.length == 0) { 78 | throw new UnsupportedOperationException("No KeyManagers for " + service.getAlgorithm() + " in" + 79 | service.getProvider().getName()); 80 | } 81 | } catch (UnsupportedOperationException | IOException | UnrecoverableKeyException | KeyStoreException | 82 | CertificateException e) { 83 | throw new AlgorithmRunException(e); 84 | } catch (NoSuchAlgorithmException e) { 85 | throw new AlgorithmInstantiationException(e); 86 | } 87 | } 88 | } 89 | -------------------------------------------------------------------------------- /cryptotest/utils/TestResult.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | package cryptotest.utils; 26 | 27 | public class TestResult { 28 | 29 | public void assertItself() { 30 | if (state.equals(State.FAILED)){ 31 | throw new RuntimeException(test.getName()+" failed with explanantion of "+explanation.length()+" chars long"); 32 | } 33 | } 34 | 35 | public static enum State { 36 | 37 | PASSED, FAILED; 38 | } 39 | 40 | private final String explanation; 41 | private final State state; 42 | private final Class test; 43 | private final int subtests; 44 | private final int failures; 45 | 46 | public TestResult(String explanation, State state, Class c, int total, int failures) { 47 | this.explanation = explanation; 48 | this.state = state; 49 | test = c; 50 | subtests = total; 51 | this.failures = failures; 52 | } 53 | 54 | public int getSubtests() { 55 | return subtests; 56 | } 57 | 58 | public static TestResult pass(String expl, Class c, int total) { 59 | return new TestResult(expl, State.PASSED, c, total, 0); 60 | } 61 | 62 | public static TestResult fail(String expl, Class c, int total, int failures) { 63 | return new TestResult(expl, State.FAILED, c, total, failures); 64 | } 65 | 66 | public String getExplanation() { 67 | return "Total checks: " + subtests + ", failed: " + failures + "\n" 68 | + explanation; 69 | } 70 | 71 | public Class getTest() { 72 | return test; 73 | } 74 | 75 | public State getState() { 76 | return state; 77 | } 78 | 79 | @Override 80 | public String toString() { 81 | return state.name() + ": " + test.getName(); 82 | } 83 | 84 | //to distuinguish from other test results 85 | public static class AlgorithmTestResult extends TestResult { 86 | 87 | private final int seen; 88 | 89 | public int getSeen() { 90 | return seen; 91 | } 92 | 93 | public AlgorithmTestResult(String explanation, State state, Class c, int total, int failures, int seen) { 94 | super(explanation, state, c, total, failures); 95 | this.seen = seen; 96 | } 97 | 98 | public static AlgorithmTestResult fail(String expl, Class c, int total, int failures, int seen) { 99 | return new AlgorithmTestResult(expl, State.FAILED, c, total, failures, seen); 100 | } 101 | 102 | public static AlgorithmTestResult pass(String expl, Class c, int total, int seen) { 103 | return new AlgorithmTestResult(expl, State.PASSED, c, total, 0, seen); 104 | } 105 | 106 | } 107 | } 108 | -------------------------------------------------------------------------------- /cryptotest/tests/TerminalFactoryTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * java.smartcardio/javax.smartcardio 29 | * @bug 1422738 30 | * @library / 31 | * @build cryptotest.tests.TerminalFactoryTests 32 | * cryptotest.Settings 33 | * cryptotest.utils.AlgorithmInstantiationException 34 | * cryptotest.utils.AlgorithmRunException 35 | * cryptotest.utils.AlgorithmTest 36 | * cryptotest.utils.TestResult 37 | * @run main/othervm cryptotest.tests.TerminalFactoryTests 38 | */ 39 | 40 | package cryptotest.tests; 41 | 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | import java.security.Provider; 46 | import javax.smartcardio.CardException; 47 | import javax.smartcardio.CardTerminals; 48 | import javax.smartcardio.TerminalFactory; 49 | 50 | /** 51 | * This test was supposed to test PCSC Terminal factory. Unfortunately, it can't be inicialized with PCSC provider as 52 | * usual for some reason, we are initing it with default method (that uses PCSC provider anyways). 53 | * However, this testcase no longer serves its purpose, if other providers appear. 54 | * @author Zdenek Zambersky, Petra Mikova 55 | */ 56 | public class TerminalFactoryTests extends AlgorithmTest { 57 | 58 | /** 59 | * @param args the command line arguments 60 | */ 61 | public static void main(String[] args) { 62 | TestResult r = new TerminalFactoryTests().mainLoop(); 63 | System.out.println(r.getExplanation()); 64 | System.out.println(r.toString()); 65 | r.assertItself(); 66 | } 67 | 68 | @Override 69 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmRunException { 70 | TerminalFactory tc 71 | = TerminalFactory 72 | .getDefault(); 73 | CardTerminals terminals = tc.terminals(); 74 | try { 75 | terminals.list(); 76 | } catch (CardException ex) { 77 | // we don't have smartcard readers attached to computer, 78 | // so exception is expected 79 | Throwable t = ex.getCause(); 80 | if(t == null || !t.getMessage() 81 | .equals("SCARD_E_NO_READERS_AVAILABLE")) { 82 | // SCARD_E_NO_READERS_AVAILABLE is expected as cause 83 | // otherwise throw AlgorithmRunException 84 | throw new AlgorithmRunException(ex); 85 | } 86 | 87 | } 88 | } 89 | 90 | 91 | @Override 92 | public String getTestedPart() { 93 | return "TerminalFactory"; 94 | } 95 | 96 | } 97 | -------------------------------------------------------------------------------- /cryptotest/tests/AlgorithmParameterGeneratorTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1422738 29 | * @library / 30 | * @build cryptotest.tests.AlgorithmParameterGeneratorTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.TestResult 36 | * @run main/othervm/timeout=10000 cryptotest.tests.AlgorithmParameterGeneratorTests 37 | */ 38 | 39 | package cryptotest.tests; 40 | 41 | import cryptotest.utils.AlgorithmInstantiationException; 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | import java.security.AlgorithmParameterGenerator; 46 | import java.security.AlgorithmParameters; 47 | import java.security.InvalidAlgorithmParameterException; 48 | import java.security.NoSuchAlgorithmException; 49 | import java.security.Provider; 50 | import java.security.SecureRandom; 51 | import java.security.spec.AlgorithmParameterSpec; 52 | import java.security.spec.DSAGenParameterSpec; 53 | import javax.crypto.spec.DHGenParameterSpec; 54 | 55 | 56 | public class AlgorithmParameterGeneratorTests extends AlgorithmTest { 57 | 58 | public static void main(String[] args) { 59 | TestResult r = new AlgorithmParameterGeneratorTests().mainLoop(); 60 | System.out.println(r.getExplanation()); 61 | System.out.println(r.toString()); 62 | r.assertItself(); 63 | } 64 | 65 | @Override 66 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 67 | 68 | try { 69 | AlgorithmParameterGenerator ap = AlgorithmParameterGenerator.getInstance(alias, service.getProvider()); 70 | ap.init(1024, new SecureRandom()); 71 | AlgorithmParameters algparams = ap.generateParameters(); 72 | AlgorithmParameterSpec specparam; 73 | AlgorithmParameterGenerator ap2 = AlgorithmParameterGenerator.getInstance(alias, service.getProvider()); 74 | // use service.getAlgorithm rather then alias, since for some DSA, there are more aliases e.g. 1.2.840.10040.4.1 75 | if ("DSA".equals(service.getAlgorithm())) { 76 | specparam = new DSAGenParameterSpec(1024, 160); 77 | } else { 78 | specparam = new DHGenParameterSpec(512, 12); 79 | } 80 | ap.init(specparam); 81 | AlgorithmParameters algparams2 = ap2.generateParameters(); 82 | 83 | } catch (NoSuchAlgorithmException ex) { 84 | throw new AlgorithmInstantiationException(ex); 85 | } catch (InvalidAlgorithmParameterException ex) { 86 | throw new AlgorithmRunException(ex); 87 | } 88 | 89 | } 90 | 91 | @Override 92 | public String getTestedPart() { 93 | return "AlgorithmParameterGenerator"; 94 | } 95 | } 96 | -------------------------------------------------------------------------------- /cryptotest/tests/KeyStoreTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1422738 29 | * @library / 30 | * @build cryptotest.tests.KeyStoreTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmIgnoredException 33 | * cryptotest.utils.AlgorithmInstantiationException 34 | * cryptotest.utils.AlgorithmRunException 35 | * cryptotest.utils.AlgorithmTest 36 | * cryptotest.utils.Misc 37 | * cryptotest.utils.TestResult 38 | * @run main/othervm cryptotest.tests.KeyStoreTests 39 | */ 40 | 41 | package cryptotest.tests; 42 | 43 | import cryptotest.utils.AlgorithmIgnoredException; 44 | import cryptotest.utils.AlgorithmInstantiationException; 45 | import cryptotest.utils.AlgorithmRunException; 46 | import cryptotest.utils.AlgorithmTest; 47 | import cryptotest.utils.Misc; 48 | import cryptotest.utils.TestResult; 49 | import java.io.IOException; 50 | import java.security.*; 51 | import java.security.cert.CertificateException; 52 | 53 | public class KeyStoreTests extends AlgorithmTest { 54 | 55 | /** 56 | * @param args the command line arguments 57 | */ 58 | public static void main(String[] args) { 59 | TestResult r = new KeyStoreTests().mainLoop(); 60 | System.out.println(r.getExplanation()); 61 | System.out.println(r.toString()); 62 | r.assertItself(); 63 | } 64 | 65 | @Override 66 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 67 | try { 68 | if (service.getProvider().getName().equals("SunMSCAPI") 69 | && alias.toUpperCase().endsWith("-LOCALMACHINE") 70 | && !Misc.hasWindowsAdmin()) { 71 | // SunMCAPI *-LOCALMACHINE keystores require Admin privileges: 72 | // https://github.com/openjdk/jdk/blob/9b911b492f56fbf94682535a1d20dde07c62940f/test/jdk/sun/security/mscapi/AllTypes.java#L48 73 | throw new AlgorithmIgnoredException(); 74 | } 75 | KeyStore ks = KeyStore.getInstance(alias, service.getProvider()); 76 | char[] pw = new char[]{'a', 'b'}; 77 | if (alias.startsWith("PKCS11")) { 78 | // in case of PKCS11 this is pin to PKCS11 token 79 | // (empty in default configuration) 80 | pw = new char[]{}; 81 | } 82 | ks.load(null, pw); 83 | printResult(ks.size()); 84 | printResult(ks.getType()); 85 | //creating cert is another story, so letting this be 86 | } catch (KeyStoreException | NoSuchAlgorithmException ex) { 87 | throw new AlgorithmInstantiationException(ex); 88 | } catch (UnsupportedOperationException | InvalidParameterException | ProviderException | IOException | CertificateException ex) { 89 | throw new AlgorithmRunException(ex); 90 | } 91 | } 92 | 93 | @Override 94 | public String getTestedPart() { 95 | return "KeyStore"; 96 | } 97 | 98 | } 99 | -------------------------------------------------------------------------------- /cryptotest/tests/SaslServerFactoryTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1422738 29 | * @library / 30 | * @build cryptotest.tests.SaslServerFactoryTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmIgnoredException 33 | * cryptotest.utils.AlgorithmInstantiationException 34 | * cryptotest.utils.AlgorithmRunException 35 | * cryptotest.utils.AlgorithmTest 36 | * cryptotest.utils.Misc 37 | * cryptotest.utils.TestResult 38 | * cryptotest.utils.SaslServerFactoryBase 39 | * @run main/othervm cryptotest.tests.SaslServerFactoryTests 40 | */ 41 | 42 | package cryptotest.tests; 43 | 44 | import cryptotest.Settings; 45 | import cryptotest.utils.AlgorithmIgnoredException; 46 | import cryptotest.utils.AlgorithmInstantiationException; 47 | import cryptotest.utils.AlgorithmRunException; 48 | import cryptotest.utils.AlgorithmTest; 49 | import cryptotest.utils.Misc; 50 | import cryptotest.utils.TestResult; 51 | import java.security.PrivilegedAction; 52 | import java.security.Provider; 53 | import java.util.HashMap; 54 | import java.util.Map; 55 | import javax.security.auth.Subject; 56 | import javax.security.auth.login.LoginContext; 57 | import javax.security.auth.login.LoginException; 58 | import javax.security.sasl.Sasl; 59 | import javax.security.sasl.SaslException; 60 | import javax.security.sasl.SaslServer; 61 | 62 | public class SaslServerFactoryTests extends SaslServerFactoryBase { 63 | 64 | public static void main(String[] args) { 65 | TestResult r = new SaslServerFactoryTests().mainLoop(); 66 | System.out.println(r.getExplanation()); 67 | System.out.println(r.toString()); 68 | r.assertItself(); 69 | } 70 | 71 | private final boolean debug = false; 72 | 73 | @Override 74 | public String getAlgorithmExcludeList() { 75 | return "GSSAPI"; 76 | } 77 | 78 | @Override 79 | public String getAlgorithmAllowList() { 80 | return null; 81 | } 82 | 83 | @Override 84 | protected void checkAlgorithm(Provider.Service service, final String alias) 85 | throws AlgorithmInstantiationException, AlgorithmRunException { 86 | try { 87 | setSaslProps(); 88 | final Map props = new HashMap<>(); 89 | if (!alias.equals("GSSAPI")) { 90 | SaslServer server = Sasl.createSaslServer(alias, 91 | "ldap", "user1", props, Misc.getNamePasswdRealmHandler()); 92 | if (server != null) { 93 | printResult("Mechanism is '" + server.getMechanismName() 94 | + "' and authentication is " + (server.isComplete() ? "" : "NOT ") 95 | + "complete"); 96 | } else { 97 | throw new AlgorithmRunException(new RuntimeException( 98 | String.format("server null, provider '%s' and alias '%s'", service.getAlgorithm(), alias))); 99 | } 100 | } else { 101 | throw new AlgorithmIgnoredException(); 102 | } 103 | } catch (SaslException ex) { 104 | throw new AlgorithmInstantiationException(ex); 105 | } 106 | } 107 | } 108 | -------------------------------------------------------------------------------- /cryptotest/tests/ConfigurationTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1422738 29 | * @library / 30 | * @build cryptotest.tests.ConfigurationTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.TestResult 36 | * @run main/othervm cryptotest.tests.ConfigurationTests 37 | */ 38 | 39 | package cryptotest.tests; 40 | 41 | import cryptotest.utils.AlgorithmInstantiationException; 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | 46 | import javax.security.auth.login.AppConfigurationEntry; 47 | import javax.security.auth.login.Configuration; 48 | import java.io.File; 49 | import java.io.FileWriter; 50 | import java.io.IOException; 51 | import java.security.NoSuchAlgorithmException; 52 | import java.security.Provider; 53 | import java.security.URIParameter; 54 | 55 | public class ConfigurationTests extends AlgorithmTest { 56 | 57 | public static void main(String[] args) { 58 | TestResult r = new ConfigurationTests().mainLoop(); 59 | System.out.println(r.getExplanation()); 60 | System.out.println(r.toString()); 61 | r.assertItself(); 62 | } 63 | 64 | @Override 65 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, 66 | AlgorithmRunException { 67 | File configFile = null; 68 | try { 69 | configFile = createConfigFile("javax.security.auth.login.Configuration", ".conf"); 70 | 71 | Configuration configuration = Configuration.getInstance(alias, new URIParameter(configFile.toURI()), 72 | service.getProvider()); 73 | 74 | configuration.refresh(); 75 | AppConfigurationEntry[] entries = configuration.getAppConfigurationEntry("test"); 76 | // check whether properties read from configuration file are ok 77 | if (!"cryptotest.tests.ConfigurationTests".equals(entries[0].getLoginModuleName()) || 78 | !AppConfigurationEntry.LoginModuleControlFlag.REQUIRED.equals(entries[0].getControlFlag())) { 79 | throw new UnsupportedOperationException("No Configuration info for " + service.getAlgorithm() + " in" + 80 | service.getProvider().getName()); 81 | } 82 | } catch (NoSuchAlgorithmException e) { 83 | throw new AlgorithmInstantiationException(e); 84 | } catch (Exception e) { 85 | throw new AlgorithmRunException(e); 86 | } finally { 87 | if (configFile != null) { 88 | configFile.delete(); 89 | } 90 | } 91 | } 92 | 93 | private File createConfigFile(String prefix, String suffix) throws IOException { 94 | File configFile = File.createTempFile(prefix, suffix); 95 | FileWriter fileWriter = new FileWriter(configFile); 96 | fileWriter.append("test {\n"); 97 | fileWriter.append(" cryptotest.tests.ConfigurationTests required;\n"); 98 | fileWriter.append("};\n"); 99 | fileWriter.close(); 100 | return configFile; 101 | } 102 | } 103 | -------------------------------------------------------------------------------- /cryptotest/tests/KeyPairGeneratorTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1022017 29 | * @library / 30 | * @build cryptotest.tests.KeyPairGeneratorTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.TestResult 36 | * @run main/othervm cryptotest.tests.KeyPairGeneratorTests 37 | */ 38 | 39 | package cryptotest.tests; 40 | 41 | import cryptotest.utils.AlgorithmInstantiationException; 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | 46 | import java.security.KeyPair; 47 | import java.security.KeyPairGenerator; 48 | import java.security.NoSuchAlgorithmException; 49 | import java.security.Provider; 50 | import java.security.SecureRandom; 51 | 52 | 53 | public class KeyPairGeneratorTests extends AlgorithmTest { 54 | private final SecureRandom random = new SecureRandom(new byte[]{6, 6, 6}); 55 | 56 | public static void main(String[] args) { 57 | TestResult r = new KeyPairGeneratorTests().mainLoop(); 58 | System.out.println(r.getExplanation()); 59 | System.out.println(r.toString()); 60 | r.assertItself(); 61 | } 62 | 63 | @Override 64 | protected void checkAlgorithm(Provider.Service service, String alias) throws 65 | AlgorithmInstantiationException, AlgorithmRunException { 66 | try { 67 | KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(alias, service.getProvider()); 68 | int keySize = 512; 69 | if (service.getAlgorithm().contains("EC")) { 70 | keySize = 256; 71 | } else if (service.getAlgorithm().contains("XDH") || service.getAlgorithm().contains("X25519") || service.getAlgorithm().contains("Ed25519") || service.getAlgorithm().contains("EdDSA")){ 72 | // https://docs.oracle.com/en/java/javase/11/security/oracle-providers.html#GUID-B1F2B3F3-F2A4-4FF5-8887-3B3335343B2A 73 | keySize = 255; 74 | } else if (service.getAlgorithm().contains("X448") || service.getAlgorithm().contains("Ed448")){ 75 | // https://docs.oracle.com/en/java/javase/11/security/oracle-providers.html#GUID-B1F2B3F3-F2A4-4FF5-8887-3B3335343B2A 76 | keySize = 448; 77 | } else if (service.getAlgorithm().contains("DH") || service.getAlgorithm().contains("DiffieHellman")) { 78 | // DH < 2048 disabled in DEFAULT, FIPS 79 | // https://access.redhat.com/articles/3642912 80 | keySize = 2048; 81 | } else if (service.getAlgorithm().contains("RSA")) { 82 | keySize = 2048; 83 | } 84 | keyPairGenerator.initialize(keySize, random); 85 | KeyPair pair = keyPairGenerator.genKeyPair(); 86 | 87 | if (pair == null || pair.getPrivate() == null || pair.getPublic() == null) { 88 | throw new UnsupportedOperationException("Generated key is null for " + service.getAlgorithm() + " in" 89 | + service.getProvider().getName()); 90 | } 91 | } catch (NoSuchAlgorithmException e) { 92 | throw new AlgorithmInstantiationException(e); 93 | } catch (UnsupportedOperationException e) { 94 | throw new AlgorithmRunException(e); 95 | } 96 | } 97 | } 98 | -------------------------------------------------------------------------------- /cryptotest/tests/SSLContextTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1422738 29 | * @library / 30 | * @build cryptotest.tests.SSLContextTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.TestResult 36 | * @run main/othervm cryptotest.tests.SSLContextTests 37 | */ 38 | 39 | package cryptotest.tests; 40 | 41 | import cryptotest.utils.AlgorithmInstantiationException; 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | 46 | import javax.net.ssl.KeyManagerFactory; 47 | import javax.net.ssl.SSLContext; 48 | import javax.net.ssl.SSLEngine; 49 | import javax.net.ssl.TrustManagerFactory; 50 | import java.io.IOException; 51 | import java.security.KeyManagementException; 52 | import java.security.KeyStore; 53 | import java.security.KeyStoreException; 54 | import java.security.NoSuchAlgorithmException; 55 | import java.security.Provider; 56 | import java.security.SecureRandom; 57 | import java.security.UnrecoverableKeyException; 58 | import java.security.cert.CertificateException; 59 | 60 | public class SSLContextTests extends AlgorithmTest { 61 | private final SecureRandom random = new SecureRandom(new byte[]{6, 6, 6}); 62 | 63 | public static void main(String[] args) { 64 | TestResult r = new SSLContextTests().mainLoop(); 65 | System.out.println(r.getExplanation()); 66 | System.out.println(r.toString()); 67 | r.assertItself(); 68 | } 69 | 70 | @Override 71 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, 72 | AlgorithmRunException { 73 | try { 74 | SSLContext sslContext = SSLContext.getInstance(alias, service.getProvider()); 75 | 76 | KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 77 | keyStore.load(null, new char[]{104, 111, 118, 110, 111}); 78 | 79 | KeyManagerFactory keyManagerFactory = KeyManagerFactory 80 | .getInstance(KeyManagerFactory.getDefaultAlgorithm()); 81 | keyManagerFactory.init(keyStore, new char[]{104, 111, 118, 110, 111}); 82 | 83 | TrustManagerFactory trustManagerFactory = TrustManagerFactory 84 | .getInstance(TrustManagerFactory.getDefaultAlgorithm()); 85 | trustManagerFactory.init(keyStore); 86 | 87 | //Default SSLContext is initialized automatically 88 | if (!service.getAlgorithm().equals("Default")) { 89 | sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), random); 90 | } 91 | 92 | SSLEngine sslEngine = sslContext.createSSLEngine(); 93 | if (sslEngine == null) { 94 | throw new UnsupportedOperationException("sslEngine can't be created for " + service.getAlgorithm() + 95 | " in" + service.getProvider().getName()); 96 | } 97 | } catch (IOException | CertificateException | UnrecoverableKeyException | KeyManagementException | 98 | KeyStoreException e) { 99 | throw new AlgorithmRunException(e); 100 | } catch (NoSuchAlgorithmException e) { 101 | throw new AlgorithmInstantiationException(e); 102 | } 103 | } 104 | } 105 | -------------------------------------------------------------------------------- /cryptotest/tests/CertStoreTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1422738 29 | * @library / 30 | * @build cryptotest.tests.CertStoreTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmIgnoredException 33 | * cryptotest.utils.AlgorithmInstantiationException 34 | * cryptotest.utils.AlgorithmRunException 35 | * cryptotest.utils.AlgorithmTest 36 | * cryptotest.utils.TestResult 37 | * @run main/othervm cryptotest.tests.CertStoreTests 38 | */ 39 | 40 | package cryptotest.tests; 41 | 42 | import cryptotest.utils.AlgorithmIgnoredException; 43 | import cryptotest.utils.AlgorithmInstantiationException; 44 | import cryptotest.utils.AlgorithmRunException; 45 | import cryptotest.utils.AlgorithmTest; 46 | import cryptotest.utils.TestResult; 47 | import java.security.*; 48 | import java.security.cert.CertSelector; 49 | import java.security.cert.CertStore; 50 | import java.security.cert.CertStoreParameters; 51 | import java.security.cert.CollectionCertStoreParameters; 52 | import java.security.cert.LDAPCertStoreParameters; 53 | import java.util.Arrays; 54 | import java.util.Collection; 55 | 56 | public class CertStoreTests extends AlgorithmTest { 57 | 58 | /** 59 | * @param args the command line arguments 60 | */ 61 | public static void main(String[] args) { 62 | TestResult r = new CertStoreTests().mainLoop(); 63 | System.out.println(r.getExplanation()); 64 | System.out.println(r.toString()); 65 | r.assertItself(); 66 | } 67 | 68 | @Override 69 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 70 | try { 71 | CertStoreParameters p = null; 72 | if (alias.equals("LDAP")) { 73 | p = new LDAPCertStoreParameters(); 74 | //this needs ldap server to finish 75 | throw new AlgorithmIgnoredException(); 76 | } else { 77 | p = new CollectionCertStoreParameters(); 78 | } 79 | CertStore ks = CertStore.getInstance(alias, p, service.getProvider()); 80 | printResult(ks.getType()); 81 | Collection cl = ks.getCertificates(new CertSelector() { 82 | @Override 83 | public boolean match(java.security.cert.Certificate cert) { 84 | return true; 85 | } 86 | 87 | @Override 88 | public Object clone() { 89 | try { 90 | return super.clone(); 91 | } catch (Exception ex) {; 92 | ex.printStackTrace(); 93 | return null; 94 | } 95 | } 96 | }); 97 | if (cl == null) { 98 | throw new AlgorithmRunException(new RuntimeException("Was nto possible to iterate through certstore")); 99 | } 100 | printResult(Arrays.toString(cl.toArray())); 101 | } catch (AlgorithmIgnoredException aie) { 102 | throw aie; 103 | } catch (NoSuchAlgorithmException ex) { 104 | throw new AlgorithmInstantiationException(ex); 105 | } catch (Exception ex) { 106 | throw new AlgorithmRunException(ex); 107 | } 108 | } 109 | 110 | @Override 111 | 112 | public String getTestedPart() { 113 | return "CertStore"; 114 | } 115 | 116 | } 117 | -------------------------------------------------------------------------------- /cryptotest/tests/KeyAgreementTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * java.base/com.sun.crypto.provider 29 | * java.base/sun.security.internal.spec 30 | * @bug 1422738 31 | * @library / 32 | * @build cryptotest.tests.KeyAgreementTests 33 | * cryptotest.Settings 34 | * cryptotest.utils.AlgorithmInstantiationException 35 | * cryptotest.utils.AlgorithmRunException 36 | * cryptotest.utils.AlgorithmTest 37 | * cryptotest.utils.KeysNaiveGenerator 38 | * cryptotest.utils.Misc 39 | * cryptotest.utils.TestResult 40 | * @run main/othervm cryptotest.tests.KeyAgreementTests 41 | */ 42 | 43 | package cryptotest.tests; 44 | 45 | import cryptotest.utils.AlgorithmInstantiationException; 46 | import cryptotest.utils.AlgorithmRunException; 47 | import cryptotest.utils.AlgorithmTest; 48 | import cryptotest.utils.TestResult; 49 | 50 | import java.security.*; 51 | import java.security.spec.PKCS8EncodedKeySpec; 52 | import java.security.spec.X509EncodedKeySpec; 53 | import javax.crypto.KeyAgreement; 54 | import cryptotest.utils.KeysNaiveGenerator; 55 | import cryptotest.utils.Misc; 56 | 57 | public class KeyAgreementTests extends AlgorithmTest { 58 | 59 | public static void main(String[] args) { 60 | TestResult r = new KeyAgreementTests().mainLoop(); 61 | System.out.println(r.getExplanation()); 62 | System.out.println(r.toString()); 63 | r.assertItself(); 64 | } 65 | 66 | @Override 67 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 68 | 69 | try { 70 | KeyAgreement kagr = KeyAgreement.getInstance(alias, service.getProvider()); 71 | KeyPair keypair; 72 | String keyType = alias; 73 | if ("ECDH".equals(keyType)) { 74 | keyType = "EC"; 75 | } 76 | keypair = KeysNaiveGenerator.getKeyPairGenerator(keyType, service.getProvider()).generateKeyPair(); 77 | PrivateKey pk = keypair.getPrivate(); 78 | printResult(pk.getEncoded()); 79 | PublicKey pubkey = keypair.getPublic(); 80 | printResult(pubkey.getEncoded()); 81 | kagr.init(pk); 82 | // do not print result, can return none (see the documentation) 83 | kagr.doPhase(pubkey, true); 84 | 85 | if (!Misc.isPkcs11Fips(service.getProvider())) { 86 | /* pkcs11 in FIPS mode cannot obtain raw secrets (CKR_ATTRIBUTE_SENSITIVE) 87 | https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/4687075d8ccf/src/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java#l140 88 | */ 89 | printResult(kagr.generateSecret()); 90 | } else { 91 | /* pkcs11 only supports TlsPremasterSecret algorithm, see: 92 | https://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/4687075d8ccf/src/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java#l172 93 | */ 94 | printResult(kagr.generateSecret("TlsPremasterSecret").toString()); 95 | } 96 | } catch (NoSuchAlgorithmException ex) { 97 | throw new AlgorithmInstantiationException(ex); 98 | } catch (InvalidKeyException|NullPointerException ex) { 99 | throw new AlgorithmRunException(ex); 100 | } 101 | } 102 | 103 | @Override 104 | public String getTestedPart() { 105 | return "KeyAgreement"; 106 | 107 | 108 | } 109 | 110 | } 111 | -------------------------------------------------------------------------------- /.github/workflows/test.yaml: -------------------------------------------------------------------------------- 1 | name: "test" 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - "*" 7 | push: 8 | branches: 9 | - "*" 10 | 11 | jobs: 12 | test-linux: 13 | name: "Linux Jtreg" 14 | runs-on: "ubuntu-latest" 15 | strategy: 16 | fail-fast: false 17 | matrix: 18 | jdkconf: 19 | - JDK 8 20 | - JDK 11 21 | - JDK 17 22 | - JDK 21 23 | - JDK Latest 24 | include: 25 | - jdkconf: JDK 8 26 | jdkver: "8" 27 | - jdkconf: JDK 11 28 | jdkver: "11" 29 | - jdkconf: JDK 17 30 | jdkver: "17" 31 | - jdkconf: JDK 21 32 | jdkver: "21" 33 | - jdkconf: JDK Latest 34 | jdkver: "21" 35 | steps: 36 | - uses: actions/checkout@v3 37 | - name: Set up JDK 38 | uses: actions/setup-java@v3 39 | with: 40 | distribution: 'temurin' 41 | java-version: ${{ matrix.jdkver}} 42 | - name: Run 43 | run: SKIP_AGENT_TESTS=1 ./run.sh "${JAVA_HOME}" 44 | - name: Upload results 45 | if: ${{ always() }} 46 | uses: actions/upload-artifact@v3 47 | with: 48 | path: "test.*.tar.gz" 49 | 50 | test-macos: 51 | name: "MacOS Jtreg" 52 | runs-on: "macos-latest" 53 | strategy: 54 | fail-fast: false 55 | matrix: 56 | jdkconf: 57 | - JDK 11 58 | - JDK 17 59 | - JDK 21 60 | include: 61 | - jdkconf: JDK 11 62 | jdkver: "11" 63 | - jdkconf: JDK 17 64 | jdkver: "17" 65 | - jdkconf: JDK 21 66 | jdkver: "21" 67 | steps: 68 | - uses: actions/checkout@v3 69 | - name: Set up JDK 70 | uses: actions/setup-java@v3 71 | with: 72 | distribution: 'temurin' 73 | java-version: ${{ matrix.jdkver}} 74 | - name: Run 75 | run: SKIP_AGENT_TESTS=1 ./run.sh "${JAVA_HOME}" 76 | - name: Upload results 77 | if: ${{ always() }} 78 | uses: actions/upload-artifact@v3 79 | with: 80 | path: "test.*.tar.gz" 81 | 82 | test-windows-cygwin: 83 | name: "Windows-cygwin Jtreg" 84 | runs-on: "windows-latest" 85 | defaults: 86 | run: 87 | shell: C:\tools\cygwin\bin\bash.exe --login --norc -o igncr '{0}' 88 | strategy: 89 | fail-fast: false 90 | matrix: 91 | jdkconf: 92 | - JDK 8 93 | - JDK 11 94 | - JDK 17 95 | - JDK 21 96 | include: 97 | - jdkconf: JDK 8 98 | jdkver: "8" 99 | - jdkconf: JDK 11 100 | jdkver: "11" 101 | - jdkconf: JDK 17 102 | jdkver: "17" 103 | - jdkconf: JDK 21 104 | jdkver: "21" 105 | steps: 106 | - uses: actions/checkout@v3 107 | - name: Set up Cygwin 108 | uses: egor-tensin/setup-cygwin@v4 109 | with: 110 | packages: wget tar bash dos2unix 111 | - name: Set up JDK 112 | uses: actions/setup-java@v3 113 | with: 114 | distribution: 'temurin' 115 | java-version: ${{ matrix.jdkver}} 116 | - name: Run 117 | run: | 118 | set -ex 119 | cd "$GITHUB_WORKSPACE" ; pwd; ls -l 120 | echo "it seems default shell do not honour -o igncr nor --norc" 121 | dos2unix -v run.sh 122 | find cryptotest -type f -name "*.sh" -exec dos2unix -v {} \; 123 | bash.exe --login --norc -o igncr -c "cd \"$GITHUB_WORKSPACE\" && SKIP_AGENT_TESTS=1 ./run.sh \"${JAVA_HOME}\"" 124 | - name: Upload results 125 | if: ${{ always() }} 126 | uses: actions/upload-artifact@v3 127 | with: 128 | path: "test.*.tar.gz" 129 | 130 | test-windows-msys2: 131 | name: "Windows-msys2 Jtreg" 132 | runs-on: "windows-latest" 133 | strategy: 134 | fail-fast: false 135 | matrix: 136 | jdkconf: 137 | - JDK 8 138 | - JDK 11 139 | - JDK 17 140 | - JDK 21 141 | include: 142 | - jdkconf: JDK 8 143 | jdkver: "8" 144 | - jdkconf: JDK 11 145 | jdkver: "11" 146 | - jdkconf: JDK 17 147 | jdkver: "17" 148 | - jdkconf: JDK 21 149 | jdkver: "21" 150 | steps: 151 | - uses: actions/checkout@v3 152 | - name: Set up JDK 153 | uses: actions/setup-java@v3 154 | with: 155 | distribution: 'temurin' 156 | java-version: ${{ matrix.jdkver}} 157 | - uses: msys2/setup-msys2@v2 158 | with: 159 | update: true 160 | install: wget tar 161 | - name: Prepare env 162 | shell: msys2 {0} 163 | run: SKIP_AGENT_TESTS=1 ./run.sh "${JAVA_HOME}" 164 | - name: Upload results 165 | if: ${{ always() }} 166 | uses: actions/upload-artifact@v3 167 | with: 168 | path: "test.*.tar.gz" 169 | -------------------------------------------------------------------------------- /cryptotest/tests/KeyInfoFactoryTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * java.base/com.sun.crypto.provider 29 | * java.base/sun.security.internal.spec 30 | * java.base/sun.security.ssl 31 | * java.xml.crypto/org.jcp.xml.dsig.internal.dom 32 | * @bug 1022017 33 | * @library / 34 | * @build cryptotest.tests.KeyInfoFactoryTests 35 | * cryptotest.Settings 36 | * cryptotest.utils.AlgorithmInstantiationException 37 | * cryptotest.utils.AlgorithmRunException 38 | * cryptotest.utils.AlgorithmTest 39 | * cryptotest.utils.KeysNaiveGenerator 40 | * cryptotest.utils.TestResult 41 | * @run main/othervm cryptotest.tests.KeyInfoFactoryTests 42 | */ 43 | 44 | package cryptotest.tests; 45 | 46 | import cryptotest.utils.AlgorithmInstantiationException; 47 | import cryptotest.utils.AlgorithmRunException; 48 | import cryptotest.utils.AlgorithmTest; 49 | import cryptotest.utils.KeysNaiveGenerator; 50 | import cryptotest.utils.TestResult; 51 | import org.jcp.xml.dsig.internal.dom.DOMKeyName; 52 | 53 | import javax.xml.crypto.NoSuchMechanismException; 54 | import javax.xml.crypto.dsig.keyinfo.KeyInfo; 55 | import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory; 56 | import javax.xml.crypto.dsig.keyinfo.KeyName; 57 | import javax.xml.crypto.dsig.keyinfo.KeyValue; 58 | import javax.xml.crypto.dsig.keyinfo.PGPData; 59 | import javax.xml.crypto.dsig.keyinfo.RetrievalMethod; 60 | import javax.xml.crypto.dsig.keyinfo.X509Data; 61 | import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial; 62 | import java.math.BigInteger; 63 | import java.security.NoSuchAlgorithmException; 64 | import java.security.Provider; 65 | import java.util.Arrays; 66 | import java.util.Collections; 67 | 68 | public class KeyInfoFactoryTests extends AlgorithmTest { 69 | public static void main(String[] args) { 70 | TestResult r = new KeyInfoFactoryTests().mainLoop(); 71 | System.out.println(r.getExplanation()); 72 | System.out.println(r.toString()); 73 | r.assertItself(); 74 | } 75 | 76 | @Override 77 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, 78 | AlgorithmRunException { 79 | try { 80 | KeyInfoFactory keyInfoFactory = KeyInfoFactory.getInstance(alias, service.getProvider()); 81 | 82 | KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(new DOMKeyName("blabol"))); 83 | KeyName keyName = keyInfoFactory.newKeyName("blabol"); 84 | PGPData pgpData = keyInfoFactory.newPGPData(new byte[]{1, 2, 3, 4, 5, 6, 7, 8}); 85 | RetrievalMethod retrievalMethod = keyInfoFactory.newRetrievalMethod("bbb"); 86 | KeyValue keyValue = null; 87 | try { 88 | keyValue = keyInfoFactory.newKeyValue(KeysNaiveGenerator.getRsaKeyPair(service.getProvider()).getPublic()); 89 | } catch (NoSuchAlgorithmException e) { 90 | e.printStackTrace(); 91 | } 92 | X509Data x509Data = keyInfoFactory.newX509Data(Arrays.asList(new byte[]{1, 2, 3, 4, 5, 6, 7, 8})); 93 | X509IssuerSerial x509IssuerSerial = keyInfoFactory.newX509IssuerSerial("CN=Jon Doe", BigInteger.ONE); 94 | 95 | if (keyInfo == null || keyName == null || pgpData == null || retrievalMethod == null || keyValue == null 96 | || x509Data == null || x509IssuerSerial == null) { 97 | throw new UnsupportedOperationException("No key info for " + service.getAlgorithm() + " in" + 98 | service.getProvider().getName()); 99 | } 100 | } catch (NoSuchMechanismException e) { 101 | throw new AlgorithmInstantiationException(e); 102 | } catch (Exception e) { 103 | throw new AlgorithmRunException(e); 104 | } 105 | } 106 | } 107 | -------------------------------------------------------------------------------- /cryptotest/tests/CertPathBuilderTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * java.base/com.sun.crypto.provider 29 | * java.base/sun.security.internal.spec 30 | * java.base/sun.security.ssl 31 | * java.base/sun.security.x509 32 | * @bug 1422738 33 | * @library / 34 | * @build cryptotest.tests.CertPathBuilderTests 35 | * cryptotest.Settings 36 | * cryptotest.utils.AlgorithmInstantiationException 37 | * cryptotest.utils.AlgorithmRunException 38 | * cryptotest.utils.AlgorithmTest 39 | * cryptotest.utils.KeysNaiveGenerator 40 | * cryptotest.utils.TestResult 41 | * @run main/othervm cryptotest.tests.CertPathBuilderTests 42 | */ 43 | 44 | package cryptotest.tests; 45 | 46 | import cryptotest.utils.AlgorithmInstantiationException; 47 | import cryptotest.utils.AlgorithmRunException; 48 | import cryptotest.utils.AlgorithmTest; 49 | import cryptotest.utils.KeysNaiveGenerator; 50 | import cryptotest.utils.TestResult; 51 | import sun.security.x509.X509CertImpl; 52 | import java.security.cert.X509Certificate; 53 | import java.io.InputStream; 54 | 55 | import javax.security.auth.x500.X500Principal; 56 | import java.io.IOException; 57 | import java.security.InvalidAlgorithmParameterException; 58 | import java.security.KeyPair; 59 | import java.security.KeyStore; 60 | import java.security.KeyStoreException; 61 | import java.security.NoSuchAlgorithmException; 62 | import java.security.Provider; 63 | import java.security.PublicKey; 64 | import java.security.cert.CertPathBuilder; 65 | import java.security.cert.CertPathBuilderException; 66 | import java.security.cert.CertStore; 67 | import java.security.cert.Certificate; 68 | import java.security.cert.CertificateException; 69 | import java.security.cert.CollectionCertStoreParameters; 70 | import java.security.cert.PKIXBuilderParameters; 71 | import java.security.cert.TrustAnchor; 72 | import java.security.cert.X509CertSelector; 73 | import java.util.Arrays; 74 | import java.util.HashSet; 75 | import java.util.Set; 76 | 77 | public class CertPathBuilderTests extends AlgorithmTest { 78 | 79 | public static void main(String[] args) { 80 | TestResult r = new CertPathBuilderTests().mainLoop(); 81 | System.out.println(r.getExplanation()); 82 | System.out.println(r.toString()); 83 | r.assertItself(); 84 | } 85 | 86 | @Override 87 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 88 | try { 89 | CertPathBuilder certPathBuilder = CertPathBuilder.getInstance(alias, service.getProvider()); 90 | 91 | KeyStore ks = KeyStore.getInstance("JKS"); 92 | try (InputStream is = CertPathValidatorTests.class.getResourceAsStream("test.jks")) { 93 | ks.load(is, "password".toCharArray()); 94 | } 95 | 96 | Certificate serverCrt = ks.getCertificate("server"); 97 | Certificate caCrt = ks.getCertificate("ca"); 98 | 99 | CertStore cs = CertStore.getInstance("Collection", 100 | new CollectionCertStoreParameters( 101 | Arrays.asList( 102 | serverCrt, 103 | caCrt 104 | ) 105 | ) 106 | ); 107 | 108 | Set trustAnchors = new HashSet<>(); 109 | trustAnchors.add(new TrustAnchor((X509Certificate) caCrt, null)); 110 | 111 | X509CertSelector target = new X509CertSelector(); 112 | 113 | PKIXBuilderParameters params = new PKIXBuilderParameters(trustAnchors, target); 114 | params.addCertStore(cs); 115 | 116 | certPathBuilder.build(params); 117 | } catch (IOException | CertificateException | InvalidAlgorithmParameterException | CertPathBuilderException | KeyStoreException e) { 118 | throw new AlgorithmRunException(e); 119 | } catch (NoSuchAlgorithmException e) { 120 | throw new AlgorithmInstantiationException(e); 121 | } 122 | } 123 | 124 | } 125 | -------------------------------------------------------------------------------- /cryptotest/tests/MacTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * java.base/com.sun.crypto.provider 29 | * java.base/sun.security.internal.spec 30 | * java.base/sun.security.ssl 31 | * @bug 1022017 32 | * @library / 33 | * @build cryptotest.tests.MacTests 34 | * cryptotest.Settings 35 | * cryptotest.utils.AlgorithmInstantiationException 36 | * cryptotest.utils.AlgorithmRunException 37 | * cryptotest.utils.AlgorithmTest 38 | * cryptotest.utils.KeysNaiveGenerator 39 | * cryptotest.utils.TestResult 40 | * @run main/othervm cryptotest.tests.MacTests 41 | */ 42 | 43 | package cryptotest.tests; 44 | 45 | import cryptotest.utils.AlgorithmInstantiationException; 46 | import cryptotest.utils.AlgorithmRunException; 47 | import cryptotest.utils.AlgorithmTest; 48 | import cryptotest.utils.KeysNaiveGenerator; 49 | import cryptotest.utils.TestResult; 50 | 51 | import java.security.*; 52 | import java.security.spec.InvalidKeySpecException; 53 | import javax.crypto.KeyGenerator; 54 | import javax.crypto.Mac; 55 | import javax.crypto.spec.PBEParameterSpec; 56 | 57 | public class MacTests extends AlgorithmTest { 58 | 59 | /** 60 | * @param args the command line arguments 61 | */ 62 | public static void main(String[] args) { 63 | TestResult r = new MacTests().mainLoop(); 64 | System.out.println(r.getExplanation()); 65 | System.out.println(r.toString()); 66 | r.assertItself(); 67 | } 68 | 69 | @Override 70 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 71 | try { 72 | Mac md = Mac.getInstance(alias, service.getProvider()); 73 | byte[] b = new byte[]{1, 2, 3}; 74 | Provider provider = service.getProvider(); 75 | String algorithm = service.getAlgorithm(); 76 | String generatorAlgorithm; 77 | 78 | if (algorithm.contains("PBE")) { 79 | //cool, the pbe key is not ointerface pbekey, so salt do nto bubble formkey to algorithm:-/ 80 | Key key = KeysNaiveGenerator.getPbeKeyWithSalt(); 81 | //so we need to pass salt and ioterations by param 82 | PBEParameterSpec parmas = new PBEParameterSpec(new byte[]{1, 2, 3, 4, 5, 6, 7, 8}, 5); 83 | md.init(key, parmas); 84 | } else { 85 | KeyGenerator kg; 86 | Key key; 87 | try { 88 | generatorAlgorithm = algorithm; 89 | if (algorithm.startsWith("SslMac")) { 90 | /* 91 | Fixes SslMac* (e.g. SslMacMD5) as these do not have 92 | keygens, Hmac keygens seem to work there 93 | */ 94 | generatorAlgorithm = algorithm.replace("SslMac", "Hmac"); 95 | } else if (algorithm.startsWith("HmacSHA512/")) { 96 | /* 97 | Truncated SHA-512 variants (e.g. HmacSHA512/224) 98 | */ 99 | generatorAlgorithm = "HmacSHA512"; 100 | } 101 | kg = KeysNaiveGenerator.getKeyGenerator(generatorAlgorithm, provider); 102 | key = kg.generateKey(); 103 | } catch (NoSuchAlgorithmException e) { 104 | // use workaround, when there are no keygens available 105 | key = KeysNaiveGenerator.getMacKeyFromTlsKeyMaterial(provider); 106 | } 107 | md.init(key); 108 | } 109 | 110 | md.update(b); 111 | printResult(md.doFinal()); 112 | } catch (NoSuchAlgorithmException ex) { 113 | throw new AlgorithmInstantiationException(ex); 114 | } catch (InvalidKeyException | InvalidKeySpecException | InvalidAlgorithmParameterException ex) { 115 | throw new AlgorithmRunException(ex); 116 | } 117 | 118 | } 119 | 120 | @Override 121 | public String getTestedPart() { 122 | return "Mac"; 123 | } 124 | 125 | } 126 | -------------------------------------------------------------------------------- /cryptotest/tests/CertPathValidatorTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1022017 29 | * @library / 30 | * @build cryptotest.tests.CertPathValidatorTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.TestResult 36 | * @run main/othervm cryptotest.tests.CertPathValidatorTests 37 | */ 38 | 39 | package cryptotest.tests; 40 | 41 | import cryptotest.utils.AlgorithmInstantiationException; 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | import java.io.IOException; 46 | import java.io.InputStream; 47 | import java.security.*; 48 | import java.security.cert.*; 49 | import java.util.ArrayList; 50 | import java.util.Collections; 51 | import java.util.List; 52 | 53 | /** 54 | * 55 | * The root certificate must be marked as a CA, which can be done by issuing this command: 56 | * keytool -genkeypair -alias -keystore -storepass -keypass -ext bc=ca:true 57 | * 58 | * ugh, see regenerateTestStoreChain1.sh 59 | * 60 | */ 61 | 62 | public class CertPathValidatorTests extends AlgorithmTest { 63 | 64 | private KeyStore caStore; 65 | 66 | public static void main(String[] args) { 67 | TestResult r = new CertPathValidatorTests().mainLoop(); 68 | System.out.println(r.getExplanation()); 69 | System.out.println(r.toString()); 70 | r.assertItself(); 71 | } 72 | 73 | @Override 74 | public String getTestedPart() { 75 | return "CertPathValidator"; 76 | } 77 | 78 | @Override 79 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 80 | try { 81 | loadKeyStore(); 82 | 83 | CertPathValidator pathValidator = CertPathValidator.getInstance(alias, service.getProvider()); 84 | CertificateFactory factory = CertificateFactory.getInstance("X.509"); 85 | CertPath certPath = factory.generateCertPath(getCertificates()); 86 | PKIXParameters certPathParams = new PKIXParameters( 87 | Collections. 88 | singleton(new TrustAnchor((X509Certificate) caStore.getCertificate("root"), 89 | null)) 90 | ); 91 | //skip revocation status check, test otherwise fails 92 | certPathParams.setRevocationEnabled(false); 93 | CertPathValidatorResult validatorResult = pathValidator.validate(certPath, certPathParams); 94 | } catch (NoSuchAlgorithmException | CertificateException | InvalidAlgorithmParameterException | KeyStoreException 95 | | IOException | UnrecoverableKeyException ex) { 96 | throw new AlgorithmInstantiationException(ex); 97 | } catch (CertPathValidatorException ex) { 98 | throw new AlgorithmRunException(ex); 99 | } 100 | } 101 | 102 | private void loadKeyStore() throws KeyStoreException, IOException, 103 | NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException { 104 | try (InputStream is = CertPathValidatorTests.class.getResourceAsStream("test.jks")) { 105 | KeyStore caKs = KeyStore.getInstance("JKS"); 106 | caKs.load(is, "password".toCharArray()); 107 | caStore = caKs; 108 | } 109 | } 110 | 111 | private List getCertificates() throws KeyStoreException, IOException, 112 | NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException { 113 | List result = new ArrayList<>(); 114 | //root certificate does not need to be added as the algorithm 115 | //can already determine whether this last intermediate cert has been 116 | //signed by a root CA or not 117 | result.add((X509Certificate) caStore.getCertificate("server")); //order is important 118 | result.add((X509Certificate) caStore.getCertificate("ca")); 119 | return result; 120 | } 121 | } 122 | -------------------------------------------------------------------------------- /cryptotest/tests/SaslServerFactoryGssapiTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1422738 1066099 29 | * @library / 30 | * @build cryptotest.tests.SaslServerFactoryTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmIgnoredException 33 | * cryptotest.utils.AlgorithmInstantiationException 34 | * cryptotest.utils.AlgorithmRunException 35 | * cryptotest.utils.AlgorithmTest 36 | * cryptotest.utils.Misc 37 | * cryptotest.utils.TestResult 38 | * cryptotest.utils.SaslServerFactoryBase 39 | * @requires cryptotests.krb.kdc.enabled == "true" 40 | * @run main/othervm 41 | * -Djava.net.preferIPv4Stack=true 42 | * -Dsun.security.krb5.debug=true 43 | * -Dsun.security.jgss.debug=true 44 | * -Djava.security.debug=logincontext,policy,scl,gssloginconfig 45 | * cryptotest.tests.SaslServerFactoryGssapiTest 46 | */ 47 | 48 | package cryptotest.tests; 49 | 50 | import cryptotest.Settings; 51 | import cryptotest.utils.AlgorithmIgnoredException; 52 | import cryptotest.utils.AlgorithmInstantiationException; 53 | import cryptotest.utils.AlgorithmRunException; 54 | import cryptotest.utils.AlgorithmTest; 55 | import cryptotest.utils.Misc; 56 | import cryptotest.utils.TestResult; 57 | import java.security.PrivilegedAction; 58 | import java.security.Provider; 59 | import java.util.HashMap; 60 | import java.util.Map; 61 | import javax.security.auth.Subject; 62 | import javax.security.auth.login.LoginContext; 63 | import javax.security.auth.login.LoginException; 64 | import javax.security.sasl.Sasl; 65 | import javax.security.sasl.SaslException; 66 | import javax.security.sasl.SaslServer; 67 | 68 | public class SaslServerFactoryGssapiTest extends SaslServerFactoryBase { 69 | 70 | public static void main(String[] args) { 71 | TestResult r = new SaslServerFactoryGssapiTest().mainLoop(); 72 | System.out.println(r.getExplanation()); 73 | System.out.println(r.toString()); 74 | r.assertItself(); 75 | } 76 | 77 | private final boolean debug = false; 78 | 79 | @Override 80 | public String getAlgorithmExcludeList() { 81 | return null; 82 | } 83 | 84 | @Override 85 | public String getAlgorithmAllowList() { 86 | return "GSSAPI"; 87 | } 88 | 89 | @Override 90 | protected void checkAlgorithm(Provider.Service service, final String alias) 91 | throws AlgorithmInstantiationException, AlgorithmRunException { 92 | try { 93 | setSaslProps(); 94 | final Map props = new HashMap<>(); 95 | if (alias.equals("GSSAPI")) { 96 | Misc.checkAgentConfig(); 97 | if (debug) { 98 | System.setProperty("sun.security.jgss.debug", "true"); 99 | System.setProperty("sun.security.krb5.debug", "true"); 100 | System.setProperty("java.security.debug", "logincontext,policy,scl,gssloginconfig"); 101 | } 102 | final LoginContext lc = new LoginContext("user1", new Subject(), Misc.getNamePasswdRealmHandler(), Misc.getKrb5Configuration()); 103 | lc.login(); 104 | final Subject subject = lc.getSubject(); 105 | Subject.doAs(subject, new PrivilegedSubjectAction(alias, props)); 106 | } else { 107 | throw new AlgorithmIgnoredException(); 108 | } 109 | } catch (LoginException ex) { 110 | throw new AlgorithmInstantiationException(ex); 111 | } 112 | } 113 | 114 | private class PrivilegedSubjectAction implements PrivilegedAction { 115 | 116 | private final String alias; 117 | private final Map props; 118 | 119 | public PrivilegedSubjectAction(String alias, Map props) { 120 | this.alias = alias; 121 | this.props = props; 122 | } 123 | 124 | @Override 125 | public Void run() { 126 | try { 127 | SaslServer server = Sasl.createSaslServer(alias, 128 | "ldap", "JCKTEST", props, Misc.getNamePasswdRealmHandler()); 129 | if (server == null) { 130 | throw new RuntimeException("SaslServer is null"); 131 | } else { 132 | printResult("SaslServer has been successfully created."); 133 | } 134 | 135 | } catch (SaslException ex) { 136 | throw new RuntimeException(ex); 137 | } 138 | return null; 139 | } 140 | } 141 | } 142 | -------------------------------------------------------------------------------- /cryptotest/tests/TestProviders.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | package cryptotest.tests; 26 | 27 | import cryptotest.Settings; 28 | import cryptotest.utils.TestResult; 29 | import java.security.Provider; 30 | import java.security.Security; 31 | import java.util.ArrayList; 32 | import java.util.Arrays; 33 | import java.util.List; 34 | import java.util.Map; 35 | import java.util.Set; 36 | 37 | /* 38 | * @test 39 | * @modules java.base/java.security:open 40 | * @bug 1022017 41 | * @library / 42 | * @build cryptotest.tests.TestProviders 43 | * cryptotest.Settings 44 | * cryptotest.utils.TestResult 45 | * @run main/othervm cryptotest.tests.TestProviders 46 | */ 47 | 48 | public class TestProviders { 49 | 50 | private static String[] mustBeProviders; 51 | private static List mustNotBeProviders; 52 | 53 | static { 54 | String v = System.getProperty("java.version"); 55 | //currently we have it on on jdk7 on rhels only 56 | if (v.startsWith("1.7")) { 57 | mustBeProviders = new String[]{"SunPKCS11-NSS"}; 58 | mustNotBeProviders = Arrays.asList(new String[]{}); 59 | } else { 60 | mustBeProviders = new String[]{}; 61 | mustNotBeProviders = Arrays.asList(new String[]{"SunPKCS11-NSS"}); 62 | } 63 | } 64 | 65 | /** 66 | * @param args the command line arguments 67 | */ 68 | public static void main(String[] args) { 69 | TestResult r = new TestProviders().doTest(); 70 | System.out.println(r.getExplanation()); 71 | System.out.println(r.toString()); 72 | r.assertItself(); 73 | 74 | } 75 | 76 | public TestResult doTest() { 77 | int seenProviders = 0; 78 | //for "storing" of passes 79 | List removeableMustBeProviders = new ArrayList<>(mustBeProviders.length); 80 | removeableMustBeProviders.addAll(Arrays.asList(mustBeProviders)); 81 | //for storing of failures 82 | List foundBadProviders = new ArrayList<>(0); 83 | System.out.println("running: " + this.getClass().getName()); 84 | System.out.println("provider\tatts"); 85 | System.out.println("--------------------------------------------"); 86 | for (Provider provider : Security.getProviders()) { 87 | seenProviders++; 88 | System.out.println(seenProviders + ") " + provider.getName()); 89 | if (removeableMustBeProviders.remove(provider.getName())) { 90 | System.out.println("test hit: this provider was requested"); 91 | } 92 | if (mustNotBeProviders.contains(provider.getName())) { 93 | System.out.println("test hit: this provider was supposed to be missing"); 94 | foundBadProviders.add(provider.getName()); 95 | } 96 | if (Settings.VerbositySettings.printAtts) { 97 | System.out.println("\t**************atts**************"); 98 | Set> s = provider.entrySet(); 99 | for (Map.Entry entry : s) { 100 | System.out.println("\t" + entry.getKey() + "=" + entry.getValue()); 101 | } 102 | for (String key : provider.stringPropertyNames()) { 103 | System.out.println("\t" + key + "=" + provider.getProperty(key)); 104 | } 105 | } 106 | 107 | } 108 | String result = "Checked " + seenProviders + " providers\n"; 109 | int apearingbadProviders = foundBadProviders.size(); 110 | if (apearingbadProviders == 0) { 111 | result += "no bad provider appeared (from total of " + mustNotBeProviders.size() + ": " + Arrays.toString(mustNotBeProviders.toArray()) + ")\n"; 112 | } else { 113 | result += foundBadProviders.size() + " bad providers (namely: " + Arrays.toString(foundBadProviders.toArray()) + ") appeared (from total of " + mustNotBeProviders.size() + ": " + Arrays.toString(mustNotBeProviders.toArray()) + ")\n"; 114 | } 115 | int missingExpectedProviders = removeableMustBeProviders.size(); 116 | if (missingExpectedProviders == 0) { 117 | result += "all expected providers appeared (from total of " + mustBeProviders.length + ": " + Arrays.toString(mustBeProviders) + ")]n"; 118 | } else { 119 | result += removeableMustBeProviders.size() + " expected providers (namely: " + Arrays.toString(removeableMustBeProviders.toArray()) + ") did not appeared (from total of " + mustBeProviders.length + ": " + Arrays.toString(mustBeProviders) + ")\n"; 120 | } 121 | int failures = apearingbadProviders + missingExpectedProviders; 122 | result += "failed: " + failures + " providers"; 123 | if (failures == 0) { 124 | return TestResult.pass(result, this.getClass(), seenProviders); 125 | } else { 126 | return TestResult.fail(result, this.getClass(), seenProviders, failures); 127 | } 128 | 129 | } 130 | 131 | } 132 | -------------------------------------------------------------------------------- /cryptotest/tests/KEMTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2023 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @requires jdk.version.major >= 21 28 | * @modules java.base/java.security:open 29 | * java.base/sun.security.internal.spec 30 | * @bug 6666666 31 | * @library / 32 | * @build cryptotest.tests.KEMTests 33 | * cryptotest.Settings 34 | * cryptotest.utils.AlgorithmIgnoredException 35 | * cryptotest.utils.AlgorithmInstantiationException 36 | * cryptotest.utils.AlgorithmRunException 37 | * cryptotest.utils.AlgorithmTest 38 | * cryptotest.utils.KeysNaiveGenerator 39 | * cryptotest.utils.TestResult 40 | * @run main/othervm cryptotest.tests.KEMTests 41 | */ 42 | 43 | package cryptotest.tests; 44 | 45 | import cryptotest.utils.AlgorithmIgnoredException; 46 | import cryptotest.utils.AlgorithmInstantiationException; 47 | import cryptotest.utils.AlgorithmRunException; 48 | import cryptotest.utils.AlgorithmTest; 49 | import cryptotest.utils.KeysNaiveGenerator; 50 | import cryptotest.utils.TestResult; 51 | import java.security.*; 52 | import javax.crypto.*; 53 | import java.lang.reflect.*; 54 | import java.util.Arrays; 55 | 56 | public class KEMTests extends AlgorithmTest { 57 | 58 | /** 59 | * @param args the command line arguments 60 | */ 61 | public static void main(String[] args) { 62 | TestResult r = new KEMTests().mainLoop(); 63 | System.out.println(r.getExplanation()); 64 | System.out.println(r.toString()); 65 | r.assertItself(); 66 | } 67 | 68 | public static Object kem_getInstance(String alias, Provider p) throws Exception { 69 | Class c = Class.forName("javax.crypto.KEM"); 70 | Method m = c.getDeclaredMethod("getInstance", String.class, Provider.class); 71 | return m.invoke(null, alias, p); 72 | } 73 | 74 | public static Object kem_newEncapsulator(Object kem, PublicKey key) throws Exception { 75 | Class c = Class.forName("javax.crypto.KEM"); 76 | Method m = c.getDeclaredMethod("newEncapsulator", PublicKey.class); 77 | return m.invoke(kem, key); 78 | } 79 | 80 | public static Object kem_newDecapsulator(Object kem, PrivateKey key) throws Exception { 81 | Class c = Class.forName("javax.crypto.KEM"); 82 | Method m = c.getDeclaredMethod("newDecapsulator", PrivateKey.class); 83 | return m.invoke(kem, key); 84 | } 85 | 86 | public static Object encapsulator_encapsulate(Object e) throws Exception { 87 | Class c = Class.forName("javax.crypto.KEM$Encapsulator"); 88 | Method m = c.getDeclaredMethod("encapsulate"); 89 | return m.invoke(e); 90 | } 91 | 92 | public static Object encapsulated_encapsulation(Object e) throws Exception { 93 | Class c = Class.forName("javax.crypto.KEM$Encapsulated"); 94 | Method m = c.getDeclaredMethod("encapsulation"); 95 | return m.invoke(e); 96 | } 97 | 98 | public static Object encapsulated_key(Object e) throws Exception { 99 | Class c = Class.forName("javax.crypto.KEM$Encapsulated"); 100 | Method m = c.getDeclaredMethod("key"); 101 | return m.invoke(e); 102 | } 103 | 104 | public static Object decapsulator_decapsulate(Object d, Object o) throws Exception { 105 | Class c = Class.forName("javax.crypto.KEM$Decapsulator"); 106 | Method m = c.getDeclaredMethod("decapsulate", byte[].class); 107 | return m.invoke(d, o); 108 | } 109 | 110 | @Override 111 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 112 | try { 113 | Object kem = kem_getInstance(alias, service.getProvider()); 114 | KeyPairGenerator kpg = null; 115 | if (service.getAlgorithm().equals("DHKEM")) { 116 | kpg = KeysNaiveGenerator.getKeyPairGenerator("X25519", service.getProvider()); 117 | } else { 118 | throw new RuntimeException("Unsupported KEM algorithm: " + service.getAlgorithm()); 119 | } 120 | KeyPair kp = kpg.generateKeyPair(); 121 | Object sender = kem_newEncapsulator(kem, kp.getPublic()); 122 | Object encapsulated = encapsulator_encapsulate(sender); 123 | Object encapsulation = encapsulated_encapsulation(encapsulated); 124 | SecretKey k1 = (SecretKey) encapsulated_key(encapsulated); 125 | 126 | Object receiver = kem_newDecapsulator(kem, kp.getPrivate()); 127 | SecretKey k2 = (SecretKey) decapsulator_decapsulate(receiver, encapsulation); 128 | 129 | if (!Arrays.equals(k1.getEncoded(), k2.getEncoded())) { 130 | throw new Exception("Keys are not equal"); 131 | } 132 | } catch (AlgorithmIgnoredException aie) { 133 | throw aie; 134 | } catch (NoSuchAlgorithmException ex) { 135 | throw new AlgorithmInstantiationException(ex); 136 | } catch (Exception ex) { 137 | throw new AlgorithmRunException(ex); 138 | } 139 | } 140 | } 141 | -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ############################################################################################### 4 | # bash run.sh jdk [bug] 5 | # bash run.sh jdk [dir] 6 | # to run without jtreg (without this wrapper), your compilation and runtime on jdk11 and up, will need to be amended: 7 | # javac -d $dir $clases --add-reads java.base=ALL-UNNAMED --add-exports java.base/com.sun.crypto.provider=ALL-UNNAMED --add-exports java.base/sun.security.internal.spec=ALL-UNNAMED --add-exports java.base/sun.security.ssl=ALL-UNNAMED --add-exports java.base/sun.security.x509=ALL-UNNAMED --add-reads java.security.jgss=ALL-UNNAMED --add-exports java.security.jgss/sun.security.jgss=ALL-UNNAMED --add-exports java.security.jgss/sun.security.jgss.krb5=ALL-UNNAMED 8 | # see also acompanying makefile 9 | ################################################################################################ 10 | 11 | SCRIPT_SOURCE="${BASH_SOURCE[0]}" 12 | while [ -h "$SCRIPT_SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink 13 | SCRIPT_DIR="$( cd -P "$( dirname "$SCRIPT_SOURCE" )" && pwd )" 14 | SCRIPT_SOURCE="$(readlink "$SCRIPT_SOURCE")" 15 | # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located 16 | [[ $SCRIPT_SOURCE != /* ]] && SCRIPT_SOURCE="$SCRIPT_DIR/$SCRIPT_SOURCE" 17 | done 18 | readonly SCRIPT_DIR="$( cd -P "$( dirname "$SCRIPT_SOURCE" )" && pwd )" 19 | 20 | pushd ${SCRIPT_DIR} 21 | 22 | OS=`uname -s` 23 | CYGWIN="false" 24 | case "$OS" in 25 | Windows_* | CYGWIN_NT* ) 26 | PS=";" 27 | FS="\\" 28 | CYGWIN="true" 29 | ;; 30 | * ) 31 | echo "Non cygwin system!" 32 | ;; 33 | esac 34 | 35 | READLINK_F="-f" 36 | readlink $READLINK_F "." || READLINK_F="" 37 | 38 | envVarArg="-e:CUSTOM_DUMMY_VARIABLE=true,JAVA_TOOL_OPTIONS,OTOOL_BUILD_ARCH,DISPLAY" 39 | keys=$(env | grep OTOOL_ | sed "s/=.*//") 40 | for key in $keys; do 41 | envVarArg="$envVarArg,$key" 42 | done 43 | 44 | set -e 45 | set -o pipefail 46 | 47 | JAVA="${1}" 48 | if [ "x$JAVA" == "x" ] ; then 49 | echo "Jdk is mandatory param (bugid is optional)" 50 | exit 1 51 | fi 52 | 53 | if [ "x$CYGWIN" == "xtrue" ] ; then 54 | JAVA="$(cygpath -aw "${JAVA}")" 55 | fi 56 | 57 | if [ "x$JAVA_HOME" == "x" ] ; then 58 | JAVA_HOME="$(dirname $(dirname $(readlink $READLINK_F $(which javac))))" 59 | fi 60 | 61 | if [ "x$CYGWIN" == "xtrue" ] ; then 62 | JAVA_HOME="$(cygpath -aw "${JAVA_HOME}")" 63 | fi 64 | 65 | TIME=$(date +%s) 66 | BUGID="${2}" 67 | 68 | FOLDER="${SCRIPT_DIR}" 69 | if [ "x$CYGWIN" == "xtrue" ] ; then 70 | FOLDER="$(cygpath -aw "${FOLDER}")" 71 | fi 72 | if [ "x$BUGID" != "x" -a -e "$BUGID" ] ; then 73 | FOLDER="$BUGID" 74 | BUGID="" 75 | elif [ "x$BUGID" != "x" ]; then 76 | BUGID="-bug:$BUGID" 77 | fi 78 | 79 | if [ ! "x$FORCE_TMP_JTREG" == "x" ] ; then 80 | ddir=`mktemp -d` 81 | pushd "$ddir" 82 | ball=forcedJtreg.tar.gz 83 | curl -L -o "$ball" "$FORCE_TMP_JTREG" 84 | tar -xf "$ball" 85 | popd 86 | JTREG_HOME="$ddir/jtreg" 87 | fi 88 | 89 | if [ "x$JTREG_HOME" == "x" ] ; then 90 | JTREG_HOME="$SCRIPT_DIR/jtreg" 91 | else 92 | if [ ! -e "$JTREG_HOME/lib/jtreg.jar" ] ; then 93 | echo "You have jtreg home set, but it do not contain lib/jtreg.jar" 94 | exit 1 95 | fi 96 | fi 97 | 98 | if [ "x$JDK_MAJOR" == "x" ] ; then 99 | JDK_MAJOR=8 100 | if [[ -e "$JAVA/bin/jshell" || -e "$JAVA/bin/jshell.exe" ]] ; then 101 | jshellScript="$(mktemp)" 102 | printf "System.out.print(Runtime.version().major())\n/exit" > "${jshellScript}" 103 | if [ "x$CYGWIN" == "xtrue" ] ; then 104 | jshellScript="$(cygpath -aw "${jshellScript}")" 105 | fi 106 | JDK_MAJOR=$( "$JAVA/bin/jshell" "${jshellScript}" 2> /dev/null | grep -v -e "Started recording" -e "copy recording data to file" -e "^$" -e "\[" ) 107 | rm "${jshellScript}" 108 | fi 109 | fi 110 | echo "treating jdk as: $JDK_MAJOR" 111 | 112 | if [ ! -e "$JTREG_HOME" ] ; then 113 | if [ "0$JDK_MAJOR" -le "8" ] ; then 114 | ball=jtreg-6+1-jtrfix.tar.gz 115 | curl -L -o "$ball" "https://github.com/andrlos/jtreg/releases/download/6.1-jtrfix-V01.0/$ball" 116 | else 117 | ball=jtreg-7.3.1+1-jtrfix.tar.gz 118 | curl -L -o "$ball" "https://github.com/andrlos/jtreg/releases/download/7.3.1%2B1-jtrfix-V01.0/$ball" 119 | fi 120 | tar -xf $ball 121 | fi 122 | 123 | AGENT_OPT="" 124 | if [ ! "${SKIP_AGENT_TESTS:-}" = "false" ] && [ -n "${SKIP_AGENT_TESTS:-}" ] ; then 125 | AGENT_OPT="-javaoption:-Dcryptotests.skipAgentTests=1" 126 | else 127 | if [ -n "${AGENT_HOSTNAME:-}" ] ; then 128 | AGENT_OPT="-javaoption:-Dcryptotests.agentHostName=$AGENT_HOSTNAME" 129 | else 130 | echo "You have not set SKIP_AGENT_TESTS and you have empty AGENT_HOSTNAME" 131 | echo "set SKIP_AGENT_TESTS to false or 1 to skip kdc requiring tests, or.. better" 132 | echo "set AGENT_HOSTNAME to host, where the kerberos server resides, to run also all SaslServerFactoryTests and GssApiMechanismTests" 133 | echo "The automated creation of this server is limited, and work in progress" 134 | exit 1 135 | fi 136 | 137 | fi 138 | 139 | echo Running with $JAVA... 140 | 141 | 142 | JTREG_JAR="$JTREG_HOME/lib/jtreg.jar" 143 | if [ "x$CYGWIN" == "xtrue" ] ; then 144 | JTREG_JAR="$(cygpath -aw "${JTREG_JAR}")" 145 | fi 146 | 147 | jtWork="test.${TIME}/jdk/work" 148 | jtReport="test.${TIME}/jdk/report" 149 | 150 | r=0 151 | mkdir -p "${jtWork}" "${jtReport}" 152 | "${JAVA_HOME}/bin/java" -jar "$JTREG_JAR" -v1 -a -ignore:quiet \ 153 | -w:"${jtWork}" -r:"${jtReport}" \ 154 | -jdk:"$JAVA" \ 155 | -xml \ 156 | $BUGID \ 157 | $AGENT_OPT \ 158 | $envVarArg \ 159 | $FOLDER | tee test.${TIME}/tests.log || r=$? 160 | 161 | tar -czf test.${TIME}.tar.gz "${jtWork}" "${jtReport}" || echo "Packing of results tarball failed" 162 | 163 | popd 164 | 165 | if [ ! `readlink $READLINK_F ${SCRIPT_DIR}` == `pwd` ] ; then 166 | mv ${SCRIPT_DIR}/test.${TIME} . 167 | mv -v ${SCRIPT_DIR}/test.${TIME}.tar.gz . || echo "Moving of results tarball failed" 168 | fi 169 | 170 | if ! [ -f test.${TIME}/tests.log ] ; then 171 | echo "Missing tests.log!" 1>&2 172 | exit 1 173 | fi 174 | 175 | # passes should be present in tests.log 176 | grep -Eqi '^passed:' test.${TIME}/tests.log || exit 1 177 | # check for failures/errors in tests.log 178 | ! grep -Eqi '^(failed|error):' test.${TIME}/tests.log || exit 1 179 | 180 | exit $r 181 | -------------------------------------------------------------------------------- /cryptotest/tests/SecretKeyFactoryTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * java.base/sun.security.internal.spec 29 | * @bug 1022017 30 | * @library / 31 | * @build cryptotest.tests.SecretKeyFactoryTests 32 | * cryptotest.Settings 33 | * cryptotest.utils.AlgorithmIgnoredException 34 | * cryptotest.utils.AlgorithmInstantiationException 35 | * cryptotest.utils.AlgorithmRunException 36 | * cryptotest.utils.AlgorithmTest 37 | * cryptotest.utils.KeysNaiveGenerator 38 | * cryptotest.utils.Misc 39 | * cryptotest.utils.TestResult 40 | * @run main/othervm cryptotest.tests.SecretKeyFactoryTests 41 | */ 42 | 43 | package cryptotest.tests; 44 | 45 | import cryptotest.utils.AlgorithmIgnoredException; 46 | import cryptotest.utils.AlgorithmInstantiationException; 47 | import cryptotest.utils.AlgorithmRunException; 48 | import cryptotest.utils.AlgorithmTest; 49 | import cryptotest.utils.TestResult; 50 | import cryptotest.utils.KeysNaiveGenerator; 51 | import cryptotest.utils.Misc; 52 | 53 | import javax.crypto.SecretKey; 54 | import javax.crypto.SecretKeyFactory; 55 | import javax.crypto.spec.DESKeySpec; 56 | import javax.crypto.spec.DESedeKeySpec; 57 | import javax.crypto.spec.PBEKeySpec; 58 | import javax.crypto.spec.SecretKeySpec; 59 | import java.security.InvalidKeyException; 60 | import java.security.NoSuchAlgorithmException; 61 | import java.security.Provider; 62 | import java.security.SecureRandom; 63 | import java.security.spec.InvalidKeySpecException; 64 | import java.security.spec.KeySpec; 65 | import java.util.Random; 66 | 67 | public class SecretKeyFactoryTests extends AlgorithmTest { 68 | private Random random = new SecureRandom(new byte[]{6, 6, 6}); 69 | 70 | public static void main(String[] args) { 71 | TestResult r = new SecretKeyFactoryTests().mainLoop(); 72 | System.out.println(r.getExplanation()); 73 | System.out.println(r.toString()); 74 | r.assertItself(); 75 | } 76 | 77 | @Override 78 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, 79 | AlgorithmRunException { 80 | try { 81 | SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(alias, service.getProvider()); 82 | KeySpec keySpec; 83 | SecretKey secretKey; 84 | Provider p = service.getProvider(); 85 | boolean pkcs11fips = Misc.isPkcs11Fips(p); 86 | 87 | // order of conditions is important! 88 | if (service.getAlgorithm().contains("PBE")) { 89 | keySpec = new PBEKeySpec(new char[]{'h', 'e', 's', 'l', 'o'}, generateBytes(8), 1); 90 | } else if (service.getAlgorithm().contains("DESede")) { 91 | keySpec = new DESedeKeySpec(generateBytes(24)); 92 | } else if (service.getAlgorithm().contains("DES")) { 93 | keySpec = new DESKeySpec(generateBytes(8)); 94 | } else if (service.getAlgorithm().contains("PBKDF2")) { 95 | keySpec = new PBEKeySpec(new char[]{'h', 'e', 's', 'l', 'o'}, generateBytes(8), 1, 512); 96 | } else if (service.getAlgorithm().contains("AES")) { 97 | keySpec = new SecretKeySpec(generateBytes(16), service.getAlgorithm()); 98 | } else if (service.getAlgorithm().contains("ARCFOUR")) { 99 | keySpec = new SecretKeySpec(generateBytes(8), service.getAlgorithm()); 100 | } else if (service.getAlgorithm().contains("ChaCha20")) { 101 | keySpec = new SecretKeySpec(generateBytes(32), service.getAlgorithm()); 102 | } else { 103 | keySpec = null; 104 | } 105 | 106 | if (!pkcs11fips 107 | || service.getAlgorithm().contains("PBE") 108 | || service.getAlgorithm().contains("PBKDF2")) { 109 | secretKey = secretKeyFactory.generateSecret(keySpec); 110 | } else { 111 | /* pkcs11 provider in fips mode does not support raw secrets ala *Spec */ 112 | secretKey = KeysNaiveGenerator.getKeyGenerator(service.getAlgorithm(), p).generateKey(); 113 | } 114 | 115 | if (pkcs11fips 116 | && (service.getAlgorithm().contains("PBE") || service.getAlgorithm().contains("PBKDF2"))) { 117 | // current support for PBE and PBKDF2 in PKCS11 provider does not support translateKey 118 | throw new AlgorithmIgnoredException(); 119 | } 120 | 121 | if (secretKey == null || secretKeyFactory.translateKey(secretKey) == null) { 122 | throw new UnsupportedOperationException("Generated key is null for " + service.getAlgorithm() + " in" 123 | + service.getProvider().getName()); 124 | } 125 | } catch (NoSuchAlgorithmException e) { 126 | throw new AlgorithmInstantiationException(e); 127 | } catch (UnsupportedOperationException | InvalidKeySpecException | InvalidKeyException e) { 128 | throw new AlgorithmRunException(e); 129 | } 130 | } 131 | 132 | private byte[] generateBytes(int length) { 133 | byte[] key = new byte[length]; 134 | random.nextBytes(key); 135 | return key; 136 | } 137 | } 138 | -------------------------------------------------------------------------------- /cryptotest/tests/CertificateFactoryTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1422738 29 | * @library / 30 | * @build cryptotest.tests.CertificateFactoryTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.TestResult 36 | * @run main/othervm cryptotest.tests.CertificateFactoryTests 37 | */ 38 | 39 | package cryptotest.tests; 40 | 41 | import cryptotest.utils.AlgorithmInstantiationException; 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | 46 | import java.io.ByteArrayInputStream; 47 | import java.io.InputStream; 48 | import java.nio.charset.Charset; 49 | import java.security.Provider; 50 | import java.security.cert.Certificate; 51 | import java.security.cert.CertificateException; 52 | import java.security.cert.CertificateFactory; 53 | 54 | public class CertificateFactoryTests extends AlgorithmTest { 55 | 56 | /* 57 | certificate used for testing, generated using: 58 | openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 9999 59 | */ 60 | String certString 61 | = "-----BEGIN CERTIFICATE-----\n" 62 | + "MIIF0TCCA7mgAwIBAgIJANwEZ6nMcMK+MA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNV\n" 63 | + "BAYTAkNaMRcwFQYDVQQIDA5DemVjaCBSZXB1YmxpYzENMAsGA1UEBwwEQnJubzEQ\n" 64 | + "MA4GA1UECgwHVGVzdGluZzEUMBIGA1UEAwwLZXhhbXBsZS5jb20xIDAeBgkqhkiG\n" 65 | + "9w0BCQEWEWVtYWlsQGV4YW1wbGUuY29tMB4XDTE3MDYwNzE2MTk1NVoXDTQ0MTAy\n" 66 | + "MjE2MTk1NVowfzELMAkGA1UEBhMCQ1oxFzAVBgNVBAgMDkN6ZWNoIFJlcHVibGlj\n" 67 | + "MQ0wCwYDVQQHDARCcm5vMRAwDgYDVQQKDAdUZXN0aW5nMRQwEgYDVQQDDAtleGFt\n" 68 | + "cGxlLmNvbTEgMB4GCSqGSIb3DQEJARYRZW1haWxAZXhhbXBsZS5jb20wggIiMA0G\n" 69 | + "CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn8oY5vhqFT4eyDNxgvM282P5LF5cb\n" 70 | + "GC4paJUj3YziEDWPTah5kYnCFIONJI74iTOt2/ftjfjIX1zeVeJmZVkF4N3fmxWr\n" 71 | + "1WG1WaHUxXhcVQopZy7WGRvpQVUDo/eSxt34tBSUpkE0Nzrtt4kcjpFSxoCVNeRI\n" 72 | + "oPUT/y2tSi33pH52RHkFyb37zjgAWLTtMGA5hNUdZ7hjyzzp7UeQbm0Wu+ndbAut\n" 73 | + "Ybc4EJXB9l1Ia879lcGH4+IpspDWP1T8P31N+qJykHQVkwOSlycbPrxDGA6DjACV\n" 74 | + "OV5v/kAidqHWHCQGHYsqWfRQWylT/g84NpakHy1ubVkZuzEydK4qGi4qQGWrxTkU\n" 75 | + "b3fUq2kWb6ILFSWLuLHe0Q9QLZkysK4M0eDXV6/qV1iYbYngsFPKZzH7EizL0DmY\n" 76 | + "aqnpF2ZZ1Nr57TXxLQAo6ckEfaZSctBrqYvgyhwN9iX2z2Xv5skOBeWqrTmVQeLo\n" 77 | + "lZkEeimgm8Gh/w5NHhaJ04OuuX5D0FAkLViLMXv62CnKnYejr+49VAhmOVkHFkLW\n" 78 | + "ok3Vumr7+PJbsiz4w8tfLRFllgG1P8Qqb2YfMiTKOxemLnw1yjfLaJHtuTF92rCc\n" 79 | + "QvMzAiDm4c56+tq+n2RMZ0WhzrvB1wKBLmv91ISEDhSDq0PBtMY/rkKJCmCY7n1S\n" 80 | + "EXNJ/9IpRx8LmwIDAQABo1AwTjAdBgNVHQ4EFgQU29O5KKvS2ZoFcZnANd9f72gc\n" 81 | + "93YwHwYDVR0jBBgwFoAU29O5KKvS2ZoFcZnANd9f72gc93YwDAYDVR0TBAUwAwEB\n" 82 | + "/zANBgkqhkiG9w0BAQsFAAOCAgEAbFLYEPK7HMKdfXVrXlyn2AdQJahWuEdplll7\n" 83 | + "71spW7TzdSXr8jh/MwKiHF+3TXVRhpoYBmjdWqLQsBweyfwQmLYXxi68ATD+Jsg7\n" 84 | + "vkTQ1Xe4gOeQhM57rKVY2xyS9bS6rucWLWvoBR75mlQWnEfIkIWyhAnfj8zuKSCA\n" 85 | + "yQTsJKMHQBrX+vALTBsm3MFiN41y8VtkORtCii3w4y6rEg/iEIJ0Eq3rzzNoDKIC\n" 86 | + "3tNk4UZ4Ye3+IeeJxT9NJvyASRMrSLOPfvSK69sbvXP5DuD5x6f5t29iDZJMs8cG\n" 87 | + "EQbUVTU13VSP/9FrCsjqS/uk2c9sNPPuGZGgMBUbITXiS1+7IgruL34e7VWA/p9c\n" 88 | + "k/hcWxGIvHd64mP4FISX0xWFUCDbBr7oVTFWtuBheJUT82KXgbqjrS6ssFRqzfj5\n" 89 | + "SOjbbdhAC6PuuNy3bT+pYJyz/NMfUkGbJVIIcDG/Dbn1pEWb/1Q/LmB415vdeU9+\n" 90 | + "5x7EMPl0cX1KkOv/hzYMMDNjXptm6rOzZZZJfkdPge/jhPOU82RJvNuFOELcJ17m\n" 91 | + "Lm1Wu9rAo6zAK/HzMlig4iWg48U316polHi6gnYOpO8ADXKeSdM/XUh06DCnguTv\n" 92 | + "0NqoU+HQzZKhkcJgyqf58UUWb4Ng6Jo3l2je3jgBqWC0p7vgSYV2/7wLekGmvD9g\n" 93 | + "ZdOpVzI=\n" 94 | + "-----END CERTIFICATE-----\n"; 95 | 96 | /** 97 | * @param args the command line arguments 98 | */ 99 | public static void main(String[] args) { 100 | TestResult r = new CertificateFactoryTests().mainLoop(); 101 | System.out.println(r.getExplanation()); 102 | System.out.println(r.toString()); 103 | r.assertItself(); 104 | } 105 | 106 | @Override 107 | protected void checkAlgorithm(Provider.Service service, String alias) throws 108 | AlgorithmInstantiationException, AlgorithmRunException { 109 | CertificateFactory cf = null; 110 | try { 111 | cf = CertificateFactory.getInstance(alias, service.getProvider()); 112 | //designed for(service.getAlgorithm().equals("X.509")) but attmpting for all with hope to fail 113 | byte[] certBytes = certString.getBytes(Charset.forName("UTF-8")); 114 | InputStream is = new ByteArrayInputStream(certBytes); 115 | 116 | Certificate cert = cf.generateCertificate(is); 117 | if (cert == null) { 118 | throw new AlgorithmRunException( 119 | new NullPointerException("generated certificate is null")); 120 | } 121 | } catch (CertificateException | IllegalArgumentException ex) { 122 | if (cf == null) { 123 | throw new AlgorithmInstantiationException(ex); 124 | } else { 125 | throw new AlgorithmRunException(ex); 126 | } 127 | } 128 | } 129 | 130 | @Override 131 | public String getTestedPart() { 132 | return "CertificateFactory"; 133 | } 134 | 135 | } 136 | -------------------------------------------------------------------------------- /cryptotest/utils/ClassFinder.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | package cryptotest.utils; 26 | 27 | import java.io.File; 28 | import java.io.FileInputStream; 29 | import java.io.IOException; 30 | import java.util.ArrayList; 31 | import java.util.Arrays; 32 | import java.util.HashSet; 33 | import java.util.List; 34 | import java.util.Set; 35 | import java.util.jar.JarEntry; 36 | import java.util.jar.JarInputStream; 37 | 38 | /** 39 | * utility class to find any Interface implementing classes in netx/icedtea-web 40 | */ 41 | public class ClassFinder { 42 | 43 | public static final String JAVA_CLASS_PATH_PROPERTY = "java.class.path"; 44 | public static final String CUSTOM_CLASS_PATH_PROPERTY = "custom.class.path"; 45 | public static final String BOOT_CLASS_PATH_PROPERTY = "sun.boot.class.path"; 46 | 47 | static public List> findAllAlgorithmTest() { 48 | List> r = ClassFinder.findAllMatchingTypes(AlgorithmTest.class); 49 | for (int i=0 ; i test=r.get(i); 51 | if ( test.getName().equals("cryptotest.utils.AlgorithmTest") 52 | || test.getName().equals("cryptotest.tests.SaslServerFactoryBase")) { 53 | r.remove(test); 54 | i--; 55 | } 56 | } 57 | return r; 58 | } 59 | 60 | static public List> findAllMatchingTypes(Class toFind) { 61 | List> returnedClasses = new ArrayList<>(); 62 | Set foundClasses = walkClassPath(toFind); 63 | for (Class clazz : foundClasses) { 64 | if (!clazz.isInterface()) { 65 | returnedClasses.add((Class) clazz); 66 | } 67 | } 68 | return returnedClasses; 69 | } 70 | 71 | static private Set walkClassPath(Class toFind) { 72 | Set results = new HashSet<>(); 73 | Set classPathRoots = getClassPathRoots(); 74 | for (String classpathEntry : classPathRoots) { 75 | //it would be nice to avoid base jdk jars/modules by some path name check like http://icedtea.classpath.org/hg/icedtea-web/file/bb764e3ccbc9/netx/net/sourceforge/jnlp/controlpanel/ClassFinder.java#l76 76 | if (true) { 77 | File f = new File(classpathEntry); 78 | if (!f.exists()) { 79 | continue; 80 | } 81 | if (f.isDirectory()) { 82 | traverse(f.getAbsolutePath(), f, toFind, results); 83 | } else if (classpathEntry.endsWith(".jar")) { 84 | File jar = new File(classpathEntry); 85 | try (FileInputStream fis = new FileInputStream(jar); JarInputStream is = new JarInputStream(fis)) { 86 | JarEntry entry; 87 | while ((entry = is.getNextJarEntry()) != null) { 88 | Class c = determine(entry.getName(), toFind); 89 | if (c != null) { 90 | results.add(c); 91 | } 92 | } 93 | } catch (IOException ex) { 94 | ex.printStackTrace(); 95 | } 96 | } else { 97 | continue; 98 | } 99 | } 100 | } 101 | return results; 102 | } 103 | 104 | static private Set getClassPathRoots() { 105 | String classapth1 = System.getProperty(CUSTOM_CLASS_PATH_PROPERTY); 106 | String classapth2 = System.getProperty(JAVA_CLASS_PATH_PROPERTY); 107 | String classapth3 = System.getProperty(BOOT_CLASS_PATH_PROPERTY); 108 | String classpath = ""; 109 | if (classapth1 != null) { 110 | classpath = classpath + classapth1 + File.pathSeparator; 111 | } 112 | if (classapth2 != null) { 113 | classpath = classpath + classapth2 + File.pathSeparator; 114 | } 115 | if (classapth3 != null) { 116 | classpath = classpath + classapth3 + File.pathSeparator; 117 | } 118 | String[] pathElements = classpath.split(File.pathSeparator); 119 | Set s = new HashSet<>(Arrays.asList(pathElements)); 120 | return s; 121 | } 122 | 123 | static private Class determine(String name, Class toFind) { 124 | if (!name.endsWith(".class")) { 125 | return null; 126 | } 127 | if (name.contains("$")) { 128 | return null; 129 | } 130 | name = name.replace(".class", ""); 131 | name = name.replace("/", "."); 132 | name = name.replace("\\", "."); 133 | if (!name.startsWith("cryptotest.")) { 134 | return null; 135 | } 136 | try { 137 | Class clazz = Class.forName(name); 138 | if (toFind.isAssignableFrom(clazz)) { 139 | return clazz; 140 | } 141 | } catch (Throwable ex) { 142 | //blacklisted classes 143 | //System.out.println(name); 144 | } 145 | return null; 146 | } 147 | 148 | static private void traverse(String root, File current, Class toFind, Set result) { 149 | File[] fs = current.listFiles(); 150 | for (File f : fs) { 151 | if (f.isDirectory()) { 152 | traverse(root, f, toFind, result); 153 | } else { 154 | String ff = f.getAbsolutePath(); 155 | String name = ff.substring(root.length()); 156 | while (name.startsWith(File.separator)) { 157 | name = name.substring(1); 158 | } 159 | Class c = determine(name, toFind); 160 | if (c != null) { 161 | result.add(c); 162 | } 163 | } 164 | 165 | } 166 | } 167 | 168 | } 169 | -------------------------------------------------------------------------------- /cryptotest/tests/AlgorithmParametersTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1022017 29 | * @library / 30 | * @build cryptotest.tests.AlgorithmParametersTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.TestResult 36 | * @run main/othervm cryptotest.tests.AlgorithmParametersTests 37 | */ 38 | 39 | package cryptotest.tests; 40 | 41 | import cryptotest.utils.AlgorithmInstantiationException; 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | 46 | import java.security.*; 47 | import java.io.IOException; 48 | import java.math.BigInteger; 49 | import java.security.spec.*; 50 | import javax.crypto.spec.DHParameterSpec; 51 | import javax.crypto.spec.GCMParameterSpec; 52 | import javax.crypto.spec.IvParameterSpec; 53 | import javax.crypto.spec.OAEPParameterSpec; 54 | import javax.crypto.spec.PBEParameterSpec; 55 | import javax.crypto.spec.PSource; 56 | import javax.crypto.spec.RC2ParameterSpec; 57 | 58 | public class AlgorithmParametersTests extends AlgorithmTest { 59 | 60 | public static void main(String[] args) { 61 | TestResult r = new AlgorithmParametersTests().mainLoop(); 62 | System.out.println(r.getExplanation()); 63 | System.out.println(r.toString()); 64 | r.assertItself(); 65 | } 66 | 67 | @Override 68 | protected void checkAlgorithm(Provider.Service service, String alias) throws 69 | AlgorithmInstantiationException, AlgorithmRunException { 70 | try { 71 | AlgorithmParameters c = AlgorithmParameters.getInstance(alias, service.getProvider()); 72 | AlgorithmParameterSpec params = null; 73 | //order important! 74 | if (service.getAlgorithm().contains("DSA")) { 75 | params = new DSAParameterSpec(BigInteger.ONE, BigInteger.ONE, BigInteger.ONE); 76 | } else if (service.getAlgorithm().contains("RSASSA")) { 77 | params = new PSSParameterSpec(10); 78 | } else if (service.getAlgorithm().contains("PBES2")) { 79 | //it looks like bug, PBES2 in its internal except name like PBES2WithHmacSHAxyzAES_abc 80 | params = new PBEParameterSpec(new byte[]{1, 2, 3, 4}, 10); 81 | } else if (service.getAlgorithm().contains("PBEWithHmacSHA") && service.getAlgorithm().contains("AES")) { 82 | // this constructoris useles, we ened the second params anyway 83 | //params = new PBEParameterSpec(new byte[]{1, 2, 3, 4}, 10); 84 | IvParameterSpec interParams = new IvParameterSpec(new byte[]{1, 2, 3, 4, 5, 6, 7, 8}); 85 | params = new PBEParameterSpec(new byte[]{1, 2, 3, 4}, 10, interParams); 86 | } else if (service.getAlgorithm().contains("PBEWithHmacSHA")) { 87 | params = new IvParameterSpec(new byte[]{1, 2, 3, 4, 5, 6, 7, 8}); 88 | } else if (service.getAlgorithm().contains("DiffieHellman")) { 89 | params = new DHParameterSpec(BigInteger.ONE, BigInteger.ONE); 90 | } else if (service.getAlgorithm().contains("GCM")) { 91 | //thjis construtor takes all, but when dec getEncoding, first number metters 92 | params = new GCMParameterSpec(110, new byte[]{1, 2, 3, 4, 5, 6, 7, 8}); 93 | } else if (service.getAlgorithm().contains("PBE")) { 94 | params = new PBEParameterSpec(new byte[]{1, 2, 3, 4}, 10); 95 | } else if (service.getAlgorithm().contains("AES")) { 96 | params = new IvParameterSpec(new byte[]{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16}); 97 | } else if (service.getAlgorithm().contains("RC2")) { 98 | //why does this constructor exists?!?!?! throws npe later.. 99 | //params = new RC2ParameterSpec(1); 100 | params = new RC2ParameterSpec(1, new byte[]{1, 2, 3, 4, 5, 6, 7, 8}); 101 | } else if (service.getAlgorithm().contains("Blowfish") || service.getAlgorithm().contains("DES")) { 102 | params = new IvParameterSpec(new byte[]{1, 2, 3, 4, 5, 6, 7, 8}); 103 | } else if (service.getAlgorithm().contains("OAEP")) { 104 | params = new OAEPParameterSpec("sha1", "MGF1", new MGF1ParameterSpec("sha1"), new PSource.PSpecified(new byte[]{1, 2, 3})); 105 | } else if (service.getAlgorithm().contains("EC")) { 106 | params = new ECGenParameterSpec("1.2.840.10045.3.1.7"); 107 | } else if (service.getAlgorithm().contains("ChaCha20")){ 108 | // must be 12 bytes long 109 | params = new IvParameterSpec(new byte[]{1,2,3,4,5,6,7,8,9,10,11,12}); 110 | } 111 | 112 | c.init(params); 113 | if (!service.getAlgorithm().contains("PBES2")) { 114 | printResult(c.getEncoded()); 115 | AlgorithmParameters c2 = AlgorithmParameters.getInstance(alias, service.getProvider()); 116 | byte[] encodedParams = c.getEncoded(); 117 | c2.init(encodedParams); 118 | } else { 119 | //pbes2 is broken. Its name should be something like PBES2WithHmacSHAxyzAES_lmn bt is not 120 | //maybe it got used somewhere internally, so lets now live with init only 121 | printResult(service.getAlgorithm() + ", " + alias + " inited, rub skipped"); 122 | } 123 | 124 | } catch (IOException | InvalidParameterSpecException ex) { 125 | throw new AlgorithmInstantiationException(ex); 126 | } catch (Exception ex) { 127 | throw new AlgorithmRunException(ex); 128 | } 129 | 130 | } 131 | 132 | @Override 133 | public String getTestedPart() { 134 | return "AlgorithmParameters"; 135 | } 136 | 137 | } 138 | -------------------------------------------------------------------------------- /cryptotest/tests/KeyGeneratorTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * java.base/com.sun.crypto.provider 29 | * java.base/sun.security.internal.spec 30 | * java.base/sun.security.ssl 31 | * @bug 1422738 32 | * @library / 33 | * @build cryptotest.tests.KeyGeneratorTests 34 | * cryptotest.Settings 35 | * cryptotest.utils.AlgorithmInstantiationException 36 | * cryptotest.utils.AlgorithmRunException 37 | * cryptotest.utils.AlgorithmTest 38 | * cryptotest.utils.KeysNaiveGenerator 39 | * cryptotest.utils.TestResult 40 | * @run main/othervm cryptotest.tests.KeyGeneratorTests 41 | */ 42 | 43 | package cryptotest.tests; 44 | 45 | import cryptotest.utils.AlgorithmInstantiationException; 46 | import cryptotest.utils.AlgorithmRunException; 47 | import cryptotest.utils.AlgorithmTest; 48 | import cryptotest.utils.KeysNaiveGenerator; 49 | import cryptotest.utils.TestResult; 50 | 51 | import java.security.*; 52 | import javax.crypto.KeyGenerator; 53 | import javax.crypto.SecretKey; 54 | import sun.security.internal.spec.TlsKeyMaterialParameterSpec; 55 | import sun.security.internal.spec.TlsMasterSecretParameterSpec; 56 | import sun.security.internal.spec.TlsPrfParameterSpec; 57 | import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; 58 | 59 | public class KeyGeneratorTests extends AlgorithmTest { 60 | 61 | /** 62 | * @param args the command line arguments 63 | */ 64 | public static void main(String[] args) { 65 | TestResult r = new KeyGeneratorTests().mainLoop(); 66 | System.out.println(r.getExplanation()); 67 | System.out.println(r.toString()); 68 | r.assertItself(); 69 | } 70 | 71 | @Override 72 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 73 | try { 74 | Provider provider = service.getProvider(); 75 | KeyGenerator kg = KeyGenerator.getInstance(alias, service.getProvider()); 76 | int keyLength = 256; 77 | SecretKey result = null; 78 | if (service.getAlgorithm().contains("DESede")) { 79 | keyLength = 112; 80 | } else if (service.getAlgorithm().contains("DES")) { 81 | keyLength = 56; 82 | } 83 | //fixme replace all deprecated calls by correct instantiations 84 | //fixme repalce hardcoded versions by iterating over all version (can be hard by various versions not supported in various impls) 85 | // TLS 1.1: 3, 2 86 | // TLS 1.2: 3, 3 87 | if (service.getAlgorithm().contains("SunTlsRsaPremasterSecret")) { 88 | TlsRsaPremasterSecretParameterSpec params = KeysNaiveGenerator.getTlsPremasterParam(3, 3); 89 | kg.init(params); 90 | } else if (service.getAlgorithm().contains("SunTlsMasterSecret")) { 91 | // SunTlsMasterSecret used for tls < 1.2, SunTls12MasterSecret for tls >= 1.2 92 | // https://hg.openjdk.java.net/jdk-updates/jdk11u/file/db89b5b9b98b/src/java.base/share/classes/sun/security/ssl/SSLMasterKeyDerivation.java#l99 93 | TlsMasterSecretParameterSpec params = KeysNaiveGenerator.getTlsMasterParam(provider, 3, 2); 94 | kg.init(params); 95 | } else if (service.getAlgorithm().contains("SunTls12MasterSecret")) { 96 | TlsMasterSecretParameterSpec params = KeysNaiveGenerator.getTlsMasterParam(provider, 3, 3); 97 | kg.init(params); 98 | } else if (service.getAlgorithm().contains("SunTlsKeyMaterial")) { 99 | // SunTlsKeyMaterial used for tls < 1.2, SunTls12KeyMaterial for tls >= 1.2 100 | // https://hg.openjdk.java.net/jdk-updates/jdk11u/file/db89b5b9b98b/src/java.base/share/classes/sun/security/ssl/SSLTrafficKeyDerivation.java#l236 101 | TlsKeyMaterialParameterSpec params = KeysNaiveGenerator.getTlsKeyMaterialParam(provider, 3, 2); 102 | kg.init(params); 103 | } else if (service.getAlgorithm().contains("SunTls12KeyMaterial")) { 104 | TlsKeyMaterialParameterSpec params = KeysNaiveGenerator.getTlsKeyMaterialParam(provider, 3, 3); 105 | kg.init(params); 106 | } else if (service.getAlgorithm().contains("SunTlsPrf")) { 107 | // SunTlsPrf is used for tls < 1.2 108 | // https://hg.openjdk.java.net/jdk-updates/jdk11u/file/db89b5b9b98b/src/java.base/share/classes/sun/security/ssl/Finished.java#l225 109 | TlsPrfParameterSpec params = KeysNaiveGenerator.getTlsPrfParam(provider, 3, 2); 110 | kg.init(params); 111 | } else if (service.getAlgorithm().contains("SunTls12Prf")) { 112 | // SunTls12Prf is used for tls >= 1.2 113 | // https://hg.openjdk.java.net/jdk-updates/jdk11u/file/db89b5b9b98b/src/java.base/share/classes/sun/security/ssl/Finished.java#l276 114 | TlsPrfParameterSpec params = KeysNaiveGenerator.getTlsPrfParam(provider, 3, 3); 115 | kg.init(params); 116 | } else { 117 | //simple init 118 | kg.init(keyLength); 119 | } 120 | result = kg.generateKey(); 121 | if (result == null) { 122 | throw new UnsupportedOperationException("Generated key is null for " + service.getAlgorithm() + " in" + service.getProvider().getName()); 123 | } 124 | printResult(result.getEncoded()); 125 | } catch (NoSuchAlgorithmException ex) { 126 | throw new AlgorithmInstantiationException(ex); 127 | } catch (UnsupportedOperationException | InvalidParameterException | ProviderException | InvalidAlgorithmParameterException ex) { 128 | throw new AlgorithmRunException(ex); 129 | } 130 | 131 | } 132 | 133 | @Override 134 | public String getTestedPart() { 135 | return "KeyGenerator"; 136 | } 137 | 138 | } 139 | -------------------------------------------------------------------------------- /cryptotest/tests/CipherTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * java.base/com.sun.crypto.provider 29 | * java.base/sun.security.internal.spec 30 | * java.base/sun.security.ssl 31 | * @bug 1022017 32 | * @library / 33 | * @build cryptotest.tests.CipherTests 34 | * cryptotest.Settings 35 | * cryptotest.utils.AlgorithmInstantiationException 36 | * cryptotest.utils.AlgorithmRunException 37 | * cryptotest.utils.AlgorithmTest 38 | * cryptotest.utils.KeysNaiveGenerator 39 | * cryptotest.utils.TestResult 40 | * @run main/othervm cryptotest.tests.CipherTests 41 | */ 42 | 43 | package cryptotest.tests; 44 | 45 | import cryptotest.Settings; 46 | import cryptotest.utils.AlgorithmInstantiationException; 47 | import cryptotest.utils.AlgorithmRunException; 48 | import cryptotest.utils.AlgorithmTest; 49 | import cryptotest.utils.TestResult; 50 | 51 | import javax.crypto.*; 52 | import javax.crypto.spec.IvParameterSpec; 53 | import java.lang.reflect.Constructor; 54 | import java.lang.reflect.InvocationTargetException; 55 | import java.security.*; 56 | import java.security.spec.AlgorithmParameterSpec; 57 | import java.security.spec.InvalidKeySpecException; 58 | import java.util.HashMap; 59 | import java.util.Map; 60 | 61 | import static cryptotest.utils.KeysNaiveGenerator.*; 62 | 63 | public class CipherTests extends AlgorithmTest { 64 | 65 | /** 66 | * @param args the command line arguments 67 | */ 68 | public static void main(String[] args) { 69 | TestResult r = new CipherTests().mainLoop(); 70 | System.out.println(r.getExplanation()); 71 | System.out.println(r.toString()); 72 | r.assertItself(); 73 | } 74 | 75 | @Override 76 | protected void checkAlgorithm(Provider.Service service, String alias) throws 77 | AlgorithmInstantiationException, AlgorithmRunException { 78 | try { 79 | Cipher c = Cipher.getInstance(alias, service.getProvider()); 80 | int blockSize = c.getBlockSize(); 81 | byte[] b = generateBlock(blockSize > 0 ? blockSize : 16); 82 | 83 | Key key = null; 84 | AlgorithmParameterSpec initSpec = null; 85 | if (service.getAlgorithm().contains("RSA")) { 86 | key = getRsaPrivateKey(service.getProvider()); 87 | } else if (service.getAlgorithm().contains("PBE")) { 88 | key = getPbeKey(); 89 | } else if (service.getAlgorithm().contains("DESede")) { 90 | key = getDesedeKey(service.getProvider()); 91 | } else if (service.getAlgorithm().contains("DES")) { 92 | key = getDesKey(service.getProvider()); 93 | } else if (service.getAlgorithm().contains("Blowfish")) { 94 | key = getBlowfishKey(service.getProvider()); 95 | } else if (service.getAlgorithm().contains("AES_192") 96 | || service.getAlgorithm().contains("AESWrap_192")) { 97 | key = getAesKey192(service.getProvider()); 98 | } else if (service.getAlgorithm().contains("AES_256") 99 | || service.getAlgorithm().contains("AESWrap_256")) { 100 | key = getAesKey256(service.getProvider()); 101 | } else if (service.getAlgorithm().contains("AES")) { 102 | key = getAesKey(service.getProvider()); 103 | } else if (service.getAlgorithm().contains("RC2")) { 104 | key = getRc2Key(); 105 | } else if (service.getAlgorithm().contains("ARCFOUR")) { 106 | key = getArcFourKey(service.getProvider()); 107 | } else if (service.getAlgorithm().contains("ChaCha20-Poly1305")) { 108 | KeyGenerator kg = KeyGenerator.getInstance("ChaCha20"); 109 | b = new byte[]{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12}; 110 | initSpec = new IvParameterSpec(b); 111 | kg.init(256); 112 | key = KeyGenerator.getInstance("ChaCha20").generateKey(); 113 | 114 | } else if (service.getAlgorithm().contains("ChaCha20")) { 115 | KeyGenerator kg = KeyGenerator.getInstance("ChaCha20"); 116 | b = new byte[]{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12}; 117 | // use reflect api, jdk 8 does not have this class 118 | Class chacha = Class.forName("javax.crypto.spec.ChaCha20ParameterSpec"); 119 | Constructor chachaConstr = chacha.getConstructor(byte[].class, int.class); 120 | initSpec = (AlgorithmParameterSpec) chachaConstr.newInstance(b, 10); 121 | kg.init(256); 122 | key = KeyGenerator.getInstance("ChaCha20").generateKey(); 123 | } 124 | if (initSpec != null){ 125 | c.init(Cipher.ENCRYPT_MODE, key, initSpec); 126 | } 127 | else if (service.getAlgorithm().toLowerCase().contains("wrap") 128 | || service.getAlgorithm().contains("KW") 129 | || service.getAlgorithm().contains("KWP")) { 130 | c.init(Cipher.WRAP_MODE, key); 131 | AlgorithmTest.printResult(c.wrap(key)); 132 | } else { 133 | c.init(Cipher.ENCRYPT_MODE, key); 134 | AlgorithmTest.printResult(c.doFinal(b)); 135 | } 136 | } catch(NoSuchAlgorithmException | ClassNotFoundException | NoSuchMethodException | NoSuchPaddingException | InvalidKeySpecException | InvalidAlgorithmParameterException | InstantiationException | IllegalAccessException | InvocationTargetException | NullPointerException ex){ 137 | throw new AlgorithmInstantiationException(ex); 138 | } catch (IllegalBlockSizeException | BadPaddingException | InvalidKeyException | 139 | UnsupportedOperationException | InvalidParameterException | ProviderException ex) { 140 | throw new AlgorithmRunException(ex); 141 | } 142 | 143 | } 144 | 145 | @Override 146 | public String getTestedPart() { 147 | return "Cipher"; 148 | } 149 | 150 | private static byte[] generateBlock(int blockLength) { 151 | byte[] block = new byte[blockLength]; 152 | for (int i = 0; i < blockLength; i++) { 153 | //block[i] = i + 1; 154 | block[i] = 1; 155 | } 156 | return block; 157 | } 158 | } 159 | -------------------------------------------------------------------------------- /cryptotest/tests/XMLSignatureFactoryTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * @bug 1422738 29 | * @library / 30 | * @build cryptotest.tests.XMLSignatureFactoryTests 31 | * cryptotest.Settings 32 | * cryptotest.utils.AlgorithmInstantiationException 33 | * cryptotest.utils.AlgorithmRunException 34 | * cryptotest.utils.AlgorithmTest 35 | * cryptotest.utils.TestResult 36 | * @run main/othervm cryptotest.tests.XMLSignatureFactoryTests 37 | */ 38 | 39 | package cryptotest.tests; 40 | 41 | import cryptotest.utils.AlgorithmInstantiationException; 42 | import cryptotest.utils.AlgorithmRunException; 43 | import cryptotest.utils.AlgorithmTest; 44 | import cryptotest.utils.TestResult; 45 | import java.io.StringWriter; 46 | import java.security.InvalidAlgorithmParameterException; 47 | import java.security.KeyException; 48 | import java.security.KeyPair; 49 | import java.security.KeyPairGenerator; 50 | import java.security.NoSuchAlgorithmException; 51 | import java.security.Provider; 52 | import java.util.Collections; 53 | import javax.xml.crypto.MarshalException; 54 | import javax.xml.crypto.dsig.CanonicalizationMethod; 55 | import javax.xml.crypto.dsig.DigestMethod; 56 | import javax.xml.crypto.dsig.Reference; 57 | import javax.xml.crypto.dsig.SignatureMethod; 58 | import javax.xml.crypto.dsig.SignedInfo; 59 | import javax.xml.crypto.dsig.Transform; 60 | import javax.xml.crypto.dsig.XMLSignature; 61 | import javax.xml.crypto.dsig.XMLSignatureException; 62 | import javax.xml.crypto.dsig.XMLSignatureFactory; 63 | import javax.xml.crypto.dsig.dom.DOMSignContext; 64 | import javax.xml.crypto.dsig.keyinfo.KeyInfo; 65 | import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory; 66 | import javax.xml.crypto.dsig.keyinfo.KeyValue; 67 | import javax.xml.crypto.dsig.spec.TransformParameterSpec; 68 | import javax.xml.parsers.DocumentBuilderFactory; 69 | import javax.xml.parsers.ParserConfigurationException; 70 | import javax.xml.transform.OutputKeys; 71 | import javax.xml.transform.Transformer; 72 | import javax.xml.transform.TransformerConfigurationException; 73 | import javax.xml.transform.TransformerException; 74 | import javax.xml.transform.TransformerFactory; 75 | import javax.xml.transform.dom.DOMSource; 76 | import javax.xml.transform.stream.StreamResult; 77 | import org.w3c.dom.Attr; 78 | import org.w3c.dom.Document; 79 | import org.w3c.dom.Element; 80 | 81 | /** 82 | * 83 | * @author oklinovs 84 | */ 85 | public class XMLSignatureFactoryTests extends AlgorithmTest { 86 | 87 | public static void main(String[] args) { 88 | TestResult r = new XMLSignatureFactoryTests().mainLoop(); 89 | System.out.println(r.getExplanation()); 90 | System.out.println(r.toString()); 91 | r.assertItself(); 92 | } 93 | 94 | @Override 95 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 96 | try { 97 | XMLSignatureFactory factory = XMLSignatureFactory.getInstance(alias, service.getProvider()); 98 | 99 | Reference ref = factory.newReference("", factory.newDigestMethod(DigestMethod.SHA1, null), 100 | Collections.singletonList(factory.newTransform(Transform.ENVELOPED, (TransformParameterSpec)null)), null, null); 101 | 102 | SignedInfo si = factory.newSignedInfo(factory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (XMLSignature)null), 103 | factory.newSignatureMethod(SignatureMethod.DSA_SHA1, null), Collections.singletonList(ref)); 104 | 105 | KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); 106 | kpg.initialize(512); 107 | KeyPair kp = kpg.generateKeyPair(); 108 | 109 | KeyInfoFactory kif = factory.getKeyInfoFactory(); 110 | KeyValue kv = kif.newKeyValue(kp.getPublic()); 111 | 112 | KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); 113 | 114 | XMLSignature xmlSignature = factory.newXMLSignature(si, ki); 115 | Document document = createXMLDocument(); 116 | printResult(printDoc(document)); 117 | DOMSignContext context = new DOMSignContext(kp.getPrivate(), document.getDocumentElement()); 118 | xmlSignature.sign(context); 119 | printResult(printDoc(document)); 120 | 121 | 122 | } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | KeyException | ParserConfigurationException | MarshalException | XMLSignatureException e) { 123 | throw new AlgorithmInstantiationException(e); 124 | } 125 | } 126 | 127 | @Override 128 | public String getTestedPart() { 129 | return "XMLSignatureFactory"; 130 | } 131 | 132 | private Document createXMLDocument() throws ParserConfigurationException 133 | { 134 | DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); 135 | dbf.setNamespaceAware(true); 136 | Document doc = dbf.newDocumentBuilder().newDocument(); 137 | Element root = doc.createElement("root"); 138 | Element child = doc.createElement("child"); 139 | Attr attr = doc.createAttribute("attribute"); 140 | attr.setValue("value"); 141 | child.setAttributeNode(attr); 142 | child.appendChild(doc.createTextNode("text")); 143 | doc.appendChild(root); 144 | root.appendChild(child); 145 | return doc; 146 | } 147 | 148 | private String printDoc(Document doc) 149 | { 150 | String output = ""; 151 | try 152 | { 153 | TransformerFactory tf = TransformerFactory.newInstance(); 154 | Transformer transformer = tf.newTransformer(); 155 | transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); 156 | StringWriter writer = new StringWriter(); 157 | transformer.transform(new DOMSource(doc), new StreamResult(writer)); 158 | output = writer.getBuffer().toString().replaceAll("\n|\r", ""); 159 | } 160 | catch(TransformerConfigurationException e) { 161 | 162 | } catch (TransformerException ex) { 163 | 164 | } 165 | finally 166 | { 167 | return output; 168 | } 169 | } 170 | } 171 | -------------------------------------------------------------------------------- /cryptotest/CryptoTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | package cryptotest; 26 | 27 | import cryptotest.tests.TestProviders; 28 | import cryptotest.tests.TestServices; 29 | import cryptotest.utils.AlgorithmTest; 30 | import cryptotest.utils.ClassFinder; 31 | import cryptotest.utils.TestResult; 32 | import java.util.ArrayList; 33 | import java.util.List; 34 | 35 | // generated as 36 | // a=`find cryptotest/ | grep .java | sed s/.java// | sed "s;/;.;g"` 37 | // b=`echo $a` ; # to avoid quotes effect 38 | // for x in `ls | grep .java` ; do sed -i "s/@build.*/@build $b/" $x ; done 39 | /* 40 | * @test 41 | * @modules java.base/java.security:open 42 | * java.base/com.sun.crypto.provider 43 | * java.base/sun.security.internal.spec 44 | * java.base/sun.security.ssl 45 | * java.base/sun.security.x509 46 | * java.security.jgss/sun.security.jgss 47 | * java.security.jgss/sun.security.jgss.krb5 48 | * java.security.jgss/sun.security.krb5 49 | * java.smartcardio/javax.smartcardio 50 | * java.xml.crypto/org.jcp.xml.dsig.internal.dom 51 | * @bug 6666666 52 | * @library / 53 | * @build cryptotest.CryptoTest 54 | * cryptotest.Settings 55 | * cryptotest.utils.AlgorithmIgnoredException 56 | * cryptotest.tests.AlgorithmParameterGeneratorTests 57 | * cryptotest.tests.AlgorithmParametersTests 58 | * cryptotest.tests.CertificateFactoryTests 59 | * cryptotest.tests.CertPathBuilderTests 60 | * cryptotest.tests.CertPathValidatorTests 61 | * cryptotest.tests.CertStoreTests 62 | * cryptotest.tests.CipherTests 63 | * cryptotest.tests.ConfigurationTests 64 | * cryptotest.tests.GssApiMechanismTests 65 | * cryptotest.tests.KEMTests 66 | * cryptotest.tests.KeyAgreementTests 67 | * cryptotest.tests.KeyFactoryTests 68 | * cryptotest.tests.KeyGeneratorTests 69 | * cryptotest.tests.KeyInfoFactoryTests 70 | * cryptotest.tests.KeyManagerFactoryTests 71 | * cryptotest.tests.KeyPairGeneratorTests 72 | * cryptotest.tests.KeyStoreTests 73 | * cryptotest.tests.MacTests 74 | * cryptotest.tests.MessageDigestTests 75 | * cryptotest.tests.PolicyTests 76 | * cryptotest.tests.SaslClientFactoryTests 77 | * cryptotest.tests.SaslServerFactoryBase 78 | * cryptotest.tests.SaslServerFactoryTests 79 | * cryptotest.tests.SaslServerFactoryGssapiTest 80 | * cryptotest.tests.SecretKeyFactoryTests 81 | * cryptotest.tests.SecureRandomTests 82 | * cryptotest.tests.SignatureTests 83 | * cryptotest.tests.SSLContextTests 84 | * cryptotest.tests.TerminalFactoryTests 85 | * cryptotest.tests.TestProviders 86 | * cryptotest.tests.TestServices 87 | * cryptotest.tests.TransformServiceTests 88 | * cryptotest.tests.TrustManagerFactoryTests 89 | * cryptotest.tests.XMLSignatureFactoryTests 90 | * cryptotest.utils.AlgorithmInstantiationException 91 | * cryptotest.utils.AlgorithmRunException 92 | * cryptotest.utils.AlgorithmTest 93 | * cryptotest.utils.ClassFinder 94 | * cryptotest.utils.KeysNaiveGenerator 95 | * cryptotest.utils.Misc 96 | * cryptotest.utils.TestResult 97 | * cryptotest.utils.Xml 98 | * @run main/othervm/timeout=1800 cryptotest.CryptoTest 99 | */ 100 | 101 | public class CryptoTest { 102 | 103 | /** 104 | * pseudo testclass for test checking that numebr of services was always 105 | * same 106 | */ 107 | private static class ConstantServices { 108 | 109 | } 110 | 111 | /** 112 | * pseudo testclass for check that all services were tested 113 | */ 114 | private static class NoAlgorithmMissed { 115 | 116 | } 117 | 118 | /** 119 | * @param args the command line arguments 120 | * @throws java.lang.InstantiationException 121 | * @throws java.lang.IllegalAccessException 122 | */ 123 | public static void main(String[] args) throws InstantiationException, IllegalAccessException { 124 | 125 | List> alltests = ClassFinder.findAllAlgorithmTest(); 126 | System.out.println("Loaded test files: " + alltests.size()); 127 | List results = new ArrayList<>(alltests.size()); 128 | for (Class testClass : alltests) { 129 | AlgorithmTest test = testClass.newInstance(); 130 | results.add(test.doTest()); 131 | } 132 | 133 | results.add(new TestProviders().doTest()); 134 | results.add(new TestServices().doTest()); 135 | System.out.println("----------------------------------"); 136 | int maxSeen = Integer.MIN_VALUE; 137 | int minSeen = Integer.MAX_VALUE; 138 | int totalAlghoritmsChecked = 0; 139 | for (TestResult r : results) { 140 | System.out.println(r.getExplanation()); 141 | System.out.println(r.toString()); 142 | if (r instanceof TestResult.AlgorithmTestResult) { 143 | maxSeen = Math.max(maxSeen, ((TestResult.AlgorithmTestResult) r).getSeen()); 144 | minSeen = Math.min(minSeen, ((TestResult.AlgorithmTestResult) r).getSeen()); 145 | totalAlghoritmsChecked += r.getSubtests(); 146 | } 147 | } 148 | if (maxSeen != minSeen) { 149 | results.add(new TestResult("Number of checked services changed during test run " + maxSeen + "/" + minSeen, TestResult.State.FAILED, ConstantServices.class, 1, 1)); 150 | } else { 151 | results.add(new TestResult("Number of checked services changed during test run " + maxSeen, TestResult.State.PASSED, ConstantServices.class, 1, 0)); 152 | } 153 | System.out.println(results.get(results.size() - 1).getExplanation()); 154 | System.out.println(results.get(results.size() - 1).toString()); 155 | if (maxSeen != totalAlghoritmsChecked) { 156 | results.add(new TestResult("Some algorithms missed! Checked " + totalAlghoritmsChecked + " from " + maxSeen, TestResult.State.FAILED, NoAlgorithmMissed.class, 1, 1)); 157 | } else { 158 | results.add(new TestResult("Tested all " + totalAlghoritmsChecked + " algorithms", TestResult.State.PASSED, NoAlgorithmMissed.class, 1, 0)); 159 | } 160 | System.out.println(results.get(results.size() - 1).getExplanation()); 161 | System.out.println(results.get(results.size() - 1).toString()); 162 | System.out.println("----------------------------------"); 163 | int failures = 0; 164 | for (TestResult r : results) { 165 | System.out.println(r.toString()); 166 | if (r.getState() == TestResult.State.FAILED) { 167 | failures++; 168 | } 169 | } 170 | System.out.println("Test runs: " + results.size() + "; failed: " + failures); 171 | if (failures > 0) { 172 | throw new RuntimeException("Some tests failed: " + failures); 173 | } 174 | 175 | } 176 | 177 | } 178 | -------------------------------------------------------------------------------- /cryptotest/utils/AlgorithmTest.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | package cryptotest.utils; 26 | 27 | import cryptotest.Settings; 28 | import java.io.PrintWriter; 29 | import java.io.StringWriter; 30 | import java.security.Provider; 31 | import java.security.Security; 32 | import java.util.ArrayList; 33 | import java.util.Arrays; 34 | import java.util.List; 35 | 36 | 37 | public abstract class AlgorithmTest { 38 | 39 | private List failedInits = new ArrayList<>(); 40 | private List failedRuns = new ArrayList<>(); 41 | private List errorRuns = new ArrayList<>(); 42 | private int algorithmsSeen = 0; 43 | private int testsCount = 0; 44 | private boolean run; 45 | 46 | public String getTestedPart() { 47 | return this.getClass().getSimpleName().substring(0, this.getClass().getSimpleName().indexOf("Tests")); 48 | } 49 | 50 | public String getAlgorithmExcludeList() { 51 | return null; 52 | } 53 | public String getAlgorithmAllowList() { 54 | return null; 55 | } 56 | 57 | protected abstract void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException; 58 | 59 | private String generateTitle(Provider provider, Provider.Service service, String alias) { 60 | return Misc.generateTitle(testsCount, provider, service, alias); 61 | 62 | } 63 | 64 | public final TestResult doTest() { 65 | return mainLoop(); 66 | } 67 | 68 | protected final TestResult mainLoop() { 69 | if (run) { 70 | throw new RuntimeException("This test already run. Make new instance"); 71 | } 72 | System.out.println("running: " + this.getClass().getName()); 73 | run = true; 74 | Provider[] providers = Security.getProviders(); 75 | for (Provider provider : providers) { 76 | for (Provider.Service service : provider.getServices()) { 77 | //we can test each instance by its name or by its alias. Still setup is done only by name, as from 78 | // aliases it si very hard to be guessed 79 | for (String alias : Misc.createNames(service)) { 80 | algorithmsSeen++; 81 | String title = generateTitle(provider, service, alias); 82 | try { 83 | if (service.getType().equals(getTestedPart())) { 84 | if (getAlgorithmExcludeList() != null) { 85 | if (alias.matches(getAlgorithmExcludeList())) { 86 | continue; 87 | } 88 | } 89 | if (getAlgorithmAllowList() != null) { 90 | if (!alias.matches(getAlgorithmAllowList())) { 91 | continue; 92 | } 93 | } 94 | System.out.println(title); 95 | testsCount++; 96 | checkAlgorithm(service, alias); 97 | System.out.println("Passed"); 98 | } 99 | } catch (AlgorithmIgnoredException ex) { 100 | System.out.println("Ignored"); 101 | } catch (AlgorithmRunException ex) { 102 | failedRuns.add(new Exception(title, ex)); 103 | System.out.println(ex); 104 | System.out.println("failed to use: " + service.getAlgorithm() + " from " + provider); 105 | System.out.println("Failed"); 106 | if (Settings.VerbositySettings.printStacks) { 107 | System.err.println(title); 108 | ex.printStackTrace(); 109 | } 110 | } catch (AlgorithmInstantiationException ex) { 111 | failedInits.add(new Exception(title, ex)); 112 | System.out.println(ex); 113 | System.out.println("Failed to init: " + service.getAlgorithm() + " from " + provider); 114 | System.out.println("Failed"); 115 | if (Settings.VerbositySettings.printStacks) { 116 | System.err.println(title); 117 | ex.printStackTrace(); 118 | } 119 | } catch (Exception ex) { 120 | errorRuns.add(new Exception(title, ex)); 121 | System.out.println(ex); 122 | System.out.println("Error: " + service.getAlgorithm() + " from " + provider); 123 | System.out.println("Error"); 124 | if (Settings.VerbositySettings.printStacks) { 125 | System.err.println(title); 126 | ex.printStackTrace(); 127 | } 128 | } 129 | } 130 | 131 | } 132 | } 133 | int failed = (failedInits.size() + failedRuns.size() + errorRuns.size()); 134 | TestResult.AlgorithmTestResult r; 135 | if (failed == 0) { 136 | r = TestResult.AlgorithmTestResult.pass("All " + getTestedPart() + " passed", this.getClass(), testsCount, algorithmsSeen); 137 | } else { 138 | 139 | String expl = failed + " " + getTestedPart() + " failed\n"; 140 | expl = expl + "** failed runs: " + failedRuns.size() + " **\n"; 141 | for (Exception ex : failedRuns) { 142 | StringWriter stack = new StringWriter(); 143 | ex.printStackTrace(new PrintWriter(stack)); 144 | expl += stack.toString(); 145 | } 146 | expl = expl + "** failed inits: " + failedInits.size() + " **\n"; 147 | for (Exception ex : failedInits) { 148 | StringWriter stack = new StringWriter(); 149 | ex.printStackTrace(new PrintWriter(stack)); 150 | expl += stack.toString(); 151 | } 152 | expl = expl + "** error runs: " + errorRuns.size() + " **\n"; 153 | for (Exception ex : errorRuns) { 154 | StringWriter stack = new StringWriter(); 155 | ex.printStackTrace(new PrintWriter(stack)); 156 | expl += stack.toString(); 157 | } 158 | r = TestResult.AlgorithmTestResult.fail(expl, this.getClass(), testsCount, failed, algorithmsSeen); 159 | 160 | } 161 | return r; 162 | } 163 | 164 | protected static void printResult(String s) { 165 | if (Settings.VerbositySettings.printResults) { 166 | System.out.println(s); 167 | } 168 | } 169 | 170 | public static void printResult(int i) { 171 | printResult("[" + i + "]"); 172 | } 173 | 174 | public static void printResult(byte[] res) { 175 | printResult(Arrays.toString(res)); 176 | } 177 | 178 | public static void printResult(boolean res) { 179 | printResult(""+res); 180 | } 181 | 182 | } 183 | -------------------------------------------------------------------------------- /cryptotest/utils/Misc.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | package cryptotest.utils; 26 | 27 | import cryptotest.Settings; 28 | import java.io.File; 29 | import java.io.FileWriter; 30 | import java.io.IOException; 31 | import java.lang.reflect.InvocationTargetException; 32 | import java.lang.reflect.Method; 33 | import java.security.Provider; 34 | import java.util.ArrayList; 35 | import java.util.HashMap; 36 | import java.util.List; 37 | import javax.security.auth.callback.Callback; 38 | import javax.security.auth.callback.CallbackHandler; 39 | import javax.security.auth.callback.NameCallback; 40 | import javax.security.auth.callback.PasswordCallback; 41 | import javax.security.auth.callback.UnsupportedCallbackException; 42 | import javax.security.auth.login.AppConfigurationEntry; 43 | import javax.security.auth.login.Configuration; 44 | import javax.security.sasl.RealmCallback; 45 | import java.security.Provider; 46 | import java.security.Security; 47 | 48 | public class Misc { 49 | 50 | /* checks if provider is pksc11 in FIPS mode */ 51 | public static boolean isPkcs11Fips(Provider p) { 52 | if (p.getName().equals("SunPKCS11-NSS-FIPS")) { 53 | return true; 54 | } 55 | return false; 56 | } 57 | 58 | /* checks if there is pkcs11 FIPS provider in list of providers */ 59 | public static boolean pkcs11FipsPresent() { 60 | for (Provider p : Security.getProviders()) { 61 | if (isPkcs11Fips(p)) { 62 | return true; 63 | } 64 | } 65 | return false; 66 | } 67 | 68 | public static List getAliases(Provider.Service service) { 69 | try { 70 | return getAliasesImpl(service); 71 | } catch (Exception ex) { 72 | ex.printStackTrace(); 73 | System.out.println("Sry, reflection for aliases went mad"); 74 | return new ArrayList<>(0); 75 | } 76 | } 77 | 78 | private static List getAliasesImpl(Provider.Service service) throws 79 | InvocationTargetException, ClassNotFoundException, IllegalArgumentException, NoSuchMethodException, 80 | SecurityException, IllegalAccessException { 81 | Class cls = Class.forName("java.security.Provider$Service"); 82 | Method m = cls.getDeclaredMethod("getAliases"); 83 | m.setAccessible(true); 84 | return (List) m.invoke(service); 85 | } 86 | 87 | /* 88 | this method creates list of all names algorithm is known by. NAme is first, aliases follows 89 | */ 90 | static List createNames(Provider.Service service) { 91 | List r = new ArrayList<>(0); 92 | r.add(service.getAlgorithm()); 93 | if (Settings.testAliases) { 94 | r.addAll(getAliases(service)); 95 | } 96 | return r; 97 | } 98 | 99 | /* 100 | * geenrate name form counter, provider name, service name and service alias 101 | */ 102 | static String generateTitle(int seen, Provider provider, Provider.Service service, String callName) { 103 | return seen + ")\t" + provider.getName() + ": \t" + service.getAlgorithm() + "~" 104 | + callName + "\t (" + service.getType() + ")"; 105 | } 106 | 107 | public static String getAgentHostName() { 108 | return Settings.agentHostName; 109 | } 110 | 111 | public static String getAgentDomain() { 112 | String agentDomain = getAgentHostName(); 113 | if (agentDomain != null) { 114 | int index = agentDomain.lastIndexOf('.'); 115 | index = agentDomain.lastIndexOf('.', index - 1); 116 | if (index >= 0) { 117 | agentDomain = agentDomain.substring(index + 1); 118 | } 119 | } 120 | return agentDomain; 121 | } 122 | 123 | public static void checkAgentConfig() { 124 | if (Settings.skipAgentTests) { 125 | // tests requiring agent skipped 126 | throw new AlgorithmIgnoredException(); 127 | } 128 | if (getAgentHostName() == null) { 129 | // agent hostname not configured, fail 130 | throw new RuntimeException("Agent hostname not configured, see README.md for help."); 131 | } 132 | } 133 | 134 | public static File createTmpKrb5File() { 135 | File f = null; 136 | try { 137 | f = File.createTempFile("krb5", ".conf"); 138 | f.deleteOnExit(); 139 | } catch (IOException ex) { 140 | throw new RuntimeException(ex); 141 | } 142 | try (FileWriter fw = new FileWriter(f)) { 143 | //the domain_realm record is serving instead of finish hacking method 144 | String s = "[libdefaults]\n" 145 | + "default_realm = JCKTEST\n" 146 | + "ticket_lifetime = 36000\n" 147 | + "dns_lookup_realm = false\n" 148 | + "dns_lookup_kdc = false\n" 149 | + "ticket_lifetime = 24h\n" 150 | + "forwardable = true\n" 151 | + "allow_weak_crypto = true" 152 | + "\n" 153 | + "[realms]\n" 154 | + "JCKTEST = {\n" 155 | + "kdc = " + getAgentHostName() + "\n" 156 | + "admin_server = " + getAgentHostName() + "\n" 157 | + "default_domain = JCKTEST\n" 158 | + "}\n" 159 | + "\n" 160 | + "[domain_realm]\n" 161 | + "." + getAgentDomain() + " = JCKTEST\n" 162 | + "\n" 163 | + "[appdefaults]\n" 164 | + "autologin = true\n" 165 | + "forward = true\n" 166 | + "forwardable = true\n" 167 | + "encrypt = true\n"; 168 | fw.write(s); 169 | fw.flush(); 170 | } catch (IOException ex) { 171 | throw new RuntimeException(ex); 172 | } 173 | return f; 174 | } 175 | 176 | public static Configuration getKrb5Configuration() { 177 | return new Configuration() { 178 | @Override 179 | public AppConfigurationEntry[] getAppConfigurationEntry(String name) { 180 | return new AppConfigurationEntry[]{ 181 | new AppConfigurationEntry( 182 | "com.sun.security.auth.module.Krb5LoginModule", 183 | AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, 184 | new HashMap() 185 | ) 186 | }; 187 | } 188 | }; 189 | } 190 | 191 | public static CallbackHandler getNamePasswdRealmHandler() { 192 | final String credentials = "user1"; 193 | return new CallbackHandler() { 194 | @Override 195 | public void handle(Callback[] callbacks) throws UnsupportedCallbackException { 196 | for (Callback callback : callbacks) { 197 | if (callback instanceof NameCallback) { 198 | ((NameCallback) callback).setName(credentials); 199 | } else if (callback instanceof PasswordCallback) { 200 | ((PasswordCallback) callback).setPassword(credentials.toCharArray()); 201 | } else if (callback instanceof RealmCallback) { 202 | RealmCallback rc = (RealmCallback) callback; 203 | rc.setText(rc.getDefaultText()); 204 | } else { 205 | throw new UnsupportedCallbackException(callback, "Unrecognized SASL Callback"); 206 | } 207 | } 208 | } 209 | }; 210 | } 211 | 212 | // Based on: 213 | // https://github.com/openjdk/jdk/blob/9b911b492f56fbf94682535a1d20dde07c62940f/test/jdk/sun/security/mscapi/AllTypes.java#L55 214 | public static boolean hasWindowsAdmin() { 215 | try { 216 | Process p = Runtime.getRuntime().exec("reg query \"HKU\\S-1-5-19\""); 217 | p.waitFor(); 218 | return (p.exitValue() == 0); 219 | } catch (Exception ex) {} 220 | return false; 221 | } 222 | 223 | } 224 | -------------------------------------------------------------------------------- /cryptotest/tests/SignatureTests.java: -------------------------------------------------------------------------------- 1 | /* 2 | * The MIT License 3 | * 4 | * Copyright 2022 Red Hat, Inc. 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | */ 24 | 25 | /* 26 | * @test 27 | * @modules java.base/java.security:open 28 | * java.base/com.sun.crypto.provider 29 | * java.base/sun.security.internal.spec 30 | * java.base/sun.security.ssl 31 | * @bug 1022017 32 | * @library / 33 | * @build cryptotest.tests.SignatureTests 34 | * cryptotest.Settings 35 | * cryptotest.utils.AlgorithmIgnoredException 36 | * cryptotest.utils.AlgorithmInstantiationException 37 | * cryptotest.utils.AlgorithmRunException 38 | * cryptotest.utils.AlgorithmTest 39 | * cryptotest.utils.KeysNaiveGenerator 40 | * cryptotest.utils.TestResult 41 | * @run main/othervm/timeout=480 cryptotest.tests.SignatureTests 42 | */ 43 | 44 | package cryptotest.tests; 45 | 46 | import cryptotest.utils.AlgorithmIgnoredException; 47 | import cryptotest.utils.AlgorithmInstantiationException; 48 | import cryptotest.utils.AlgorithmRunException; 49 | import cryptotest.utils.AlgorithmTest; 50 | import static cryptotest.utils.KeysNaiveGenerator.getDsaPrivateKey; 51 | import static cryptotest.utils.KeysNaiveGenerator.getEcPrivateKey; 52 | import static cryptotest.utils.KeysNaiveGenerator.getRsaPrivateKey; 53 | import static cryptotest.utils.KeysNaiveGenerator.getDsaPrivateKey1024; 54 | import cryptotest.utils.TestResult; 55 | import cryptotest.utils.Misc; 56 | 57 | import java.security.*; 58 | import java.security.spec.MGF1ParameterSpec; 59 | import java.security.spec.PSSParameterSpec; 60 | 61 | public class SignatureTests extends AlgorithmTest { 62 | 63 | /** 64 | * @param args the command line arguments 65 | */ 66 | public static void main(String[] args) { 67 | TestResult r = new SignatureTests().mainLoop(); 68 | System.out.println(r.getExplanation()); 69 | System.out.println(r.toString()); 70 | r.assertItself(); 71 | } 72 | 73 | @Override 74 | protected void checkAlgorithm(Provider.Service service, String alias) throws AlgorithmInstantiationException, AlgorithmRunException { 75 | try { 76 | if (Misc.isPkcs11Fips(service.getProvider()) 77 | && service.getAlgorithm().contains("SHA3-")) { 78 | // skip: NSS does not support SHA3 (yet) 79 | // See: https://issues.redhat.com/browse/OPENJDK-826 80 | throw new AlgorithmIgnoredException(); 81 | } 82 | if (service.getAlgorithm().equals("HSS/LMS")) { 83 | // Signing is not supported (only verification) -> skip 84 | // See: https://github.com/openjdk/jdk/blob/a4e97aa4ebe6fcfc3ed9e45ed81df1d55e52d621/src/java.base/share/classes/sun/security/provider/HSS.java#L61 85 | throw new AlgorithmIgnoredException(); 86 | } 87 | Signature sig = Signature.getInstance(alias, service.getProvider()); 88 | //most of them are happy with rsa... 89 | PrivateKey key = getRsaPrivateKey(service.getProvider()); 90 | if (service.getAlgorithm().contains("EC")) { 91 | if (service.getProvider().getName().equals("SunMSCAPI")) { 92 | // SunMSCAPI provider currently does not have KeyPairGenerator 93 | // and does not support keys generated by other providers 94 | try { 95 | KeyPairGenerator.getInstance("EC", service.getProvider()); 96 | } catch (NoSuchAlgorithmException e) { 97 | // skip if KeyPairGenerator is not available 98 | throw new AlgorithmIgnoredException(); 99 | } 100 | } 101 | key = getEcPrivateKey(service.getProvider()); 102 | } else if (service.getAlgorithm().equals("Ed25519") || service.getAlgorithm().equals("EdDSA") || service.getAlgorithm().equals("Ed448")) { 103 | KeyPairGenerator kpg = KeyPairGenerator.getInstance(service.getAlgorithm(), service.getProvider()); 104 | KeyPair kp = kpg.generateKeyPair(); 105 | key = kp.getPrivate(); 106 | } else if (service.getAlgorithm().contains("DSA")) { 107 | //if (service.getAlgorithm().contains("SHA1")) { 108 | /* SHA1 is not sufficient for default DSA key size, 109 | throwing: 110 | java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size 111 | 112 | See: 113 | https://bugs.java.com/view_bug.do?bug_id=8184341 114 | http://hg.openjdk.java.net/jdk8u/jdk8u-dev/jdk/file/8a97a690a0b3/src/share/classes/sun/security/provider/DSA.java#l104 115 | 116 | 1024-bits is also needed for pkcs11 in fips mode, default size does not work there 117 | */ 118 | key = getDsaPrivateKey1024(service.getProvider()); 119 | /* 120 | } else { 121 | key = getDsaPrivateKey(service.getProvider()); 122 | } 123 | */ 124 | } else if (service.getAlgorithm().contains("RSASSA-PSS")){ 125 | KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", service.getProvider()); 126 | KeyPair kp = kpg.generateKeyPair(); 127 | key = kp.getPrivate(); 128 | PSSParameterSpec pssParam; 129 | // See: 130 | // https://github.com/openjdk/jdk11u/blob/73eef16128417f4a489c4dde47383bb4a00f39d4/src/java.base/share/classes/java/security/spec/PSSParameterSpec.java#L167 131 | // https://github.com/openjdk/jdk11u/blob/73eef16128417f4a489c4dde47383bb4a00f39d4/test/jdk/sun/security/mscapi/InteropWithSunRsaSign.java#L55 132 | if (service.getAlgorithm().contains("SHA512")) { 133 | pssParam = new PSSParameterSpec("SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 64, PSSParameterSpec.TRAILER_FIELD_BC); 134 | } else if (service.getAlgorithm().contains("SHA384")) { 135 | pssParam = new PSSParameterSpec("SHA-384", "MGF1", MGF1ParameterSpec.SHA384, 48, PSSParameterSpec.TRAILER_FIELD_BC); 136 | } else if (service.getAlgorithm().contains("SHA256")) { 137 | pssParam = new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, PSSParameterSpec.TRAILER_FIELD_BC); 138 | } else if (service.getAlgorithm().contains("SHA224")) { 139 | pssParam = new PSSParameterSpec("SHA-224", "MGF1", MGF1ParameterSpec.SHA224, 28, PSSParameterSpec.TRAILER_FIELD_BC); 140 | } else { 141 | // defaults (SHA1) 142 | pssParam = new PSSParameterSpec(20); 143 | } 144 | sig.setParameter(pssParam); 145 | } 146 | sig.initSign(key); 147 | //NONEwithDSA needs 20bytes 148 | byte[] b = new byte[]{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 149 | 15, 16, 17, 18, 19, 20}; 150 | sig.update(b); 151 | byte[] res = sig.sign(); 152 | AlgorithmTest.printResult(res); 153 | } catch (NoSuchAlgorithmException ex) { 154 | throw new AlgorithmInstantiationException(ex); 155 | } catch (InvalidKeyException | UnsupportedOperationException | InvalidParameterException | SignatureException | 156 | InvalidAlgorithmParameterException | ProviderException ex) { 157 | if (Misc.isPkcs11Fips(service.getProvider()) 158 | && ex.getMessage().startsWith("Unknown mechanism:") 159 | && (service.getAlgorithm().equals("SHA512withDSA") 160 | || service.getAlgorithm().equals("SHA384withDSA") 161 | || service.getAlgorithm().equals("SHA256withDSA") 162 | || service.getAlgorithm().equals("SHA224withDSA"))) { 163 | /* NOTABUG, see: 164 | https://bugzilla.redhat.com/show_bug.cgi?id=1868744 165 | */ 166 | throw new AlgorithmIgnoredException(); 167 | } 168 | throw new AlgorithmRunException(ex); 169 | } 170 | 171 | } 172 | 173 | @Override 174 | public String getTestedPart() { 175 | return "Signature"; 176 | } 177 | 178 | } 179 | --------------------------------------------------------------------------------