1
/*
2
 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/**
25
 * @test
26
 * @bug 8149802
27
 * @summary Ensure that Signature objects are reset after verification errored out.
28
 */
29
import java.util.Arrays;
30
import java.security.*;
31

32
public class ResetAfterException {
33

34
    public static void main(String[] args) throws Exception {
35

36
        byte[] data = "data to be signed".getBytes();
37
        byte[] shortBuffer = new byte[2];
38

39
        Provider[] provs = Security.getProviders();
40
        boolean failed = false;
41

42
        for (Provider p : provs) {
43
            Signature sig;
44
            try {
45
                sig = Signature.getInstance("SHA256withRSA", p);
46
            } catch (NoSuchAlgorithmException nsae) {
47
                // no support, skip
48
                continue;
49
            }
50

51
            boolean res = true;
52
            System.out.println("Testing Provider: " + p.getName());
53
            KeyPairGenerator keyGen = null;
54
            try {
55
                // It's possible that some provider, e.g. SunMSCAPI,
56
                // doesn't work well with keys from other providers
57
                // so we use the same provider to generate key first
58
                keyGen = KeyPairGenerator.getInstance("RSA", p);
59
            } catch (NoSuchAlgorithmException nsae) {
60
                keyGen = KeyPairGenerator.getInstance("RSA");
61
            }
62
            if (keyGen == null) {
63
                throw new RuntimeException("Error: No support for RSA KeyPairGenerator");
64
            }
65
            keyGen.initialize(1024);
66
            KeyPair keyPair = keyGen.generateKeyPair();
67

68
            sig.initSign(keyPair.getPrivate());
69
            sig.update(data);
70
            byte[] signature = sig.sign();
71
            // First check signing
72
            try {
73
                sig.update(data);
74
                // sign with short output buffer to cause exception
75
                int len = sig.sign(shortBuffer, 0, shortBuffer.length);
76
                System.out.println("FAIL: Should throw SE with short buffer");
77
                res = false;
78
            } catch (SignatureException e) {
79
                // expected exception; ignore
80
                System.out.println("Expected Ex for short output buffer: " + e);
81
            }
82
            // Signature object should reset after a failed generation
83
            sig.update(data);
84
            byte[] signature2 = sig.sign();
85
            if (!Arrays.equals(signature, signature2)) {
86
                System.out.println("FAIL: Generated different signature");
87
                res = false;
88
            } else {
89
                System.out.println("Generated same signature");
90
            }
91

92
            // Now, check signature verification
93
            sig.initVerify(keyPair.getPublic());
94
            sig.update(data);
95
            try {
96
                // first verify with valid signature bytes
97
                res = sig.verify(signature);
98
            } catch (SignatureException e) {
99
                System.out.println("FAIL: Valid signature rejected");
100
                e.printStackTrace();
101
                res = false;
102
            }
103

104
            try {
105
                sig.update(data);
106
                // verify with short signaure to cause exception
107
                if (sig.verify(shortBuffer)) {
108
                    System.out.println("FAIL: Invalid signature verified");
109
                    res = false;
110
                } else {
111
                    System.out.println("Invalid signature rejected");
112
                }
113
            } catch (SignatureException e) {
114
                // expected exception; ignore
115
                System.out.println("Expected Ex for short output buffer: " + e);
116
            }
117
            // Signature object should reset after an a failed verification
118
            sig.update(data);
119
            try {
120
                // verify with valid signature bytes again
121
                res = sig.verify(signature);
122
                if (!res) {
123
                    System.out.println("FAIL: Valid signature is rejected");
124
                } else {
125
                    System.out.println("Valid signature is accepted");
126
                }
127
            } catch (GeneralSecurityException e) {
128
                System.out.println("FAIL: Valid signature is rejected");
129
                e.printStackTrace();
130
                res = false;
131
            }
132
            failed |= !res;
133
        }
134
        if (failed) {
135
            throw new RuntimeException("One or more test failed");
136
        } else {
137
            System.out.println("Test Passed");
138
        }
139
   }
140
}
141

142