Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/sun/security/pkcs12/ParamsPreferences.java
41149 views
1
/*

2
 * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
import jdk.test.lib.SecurityTools;

25
import sun.security.util.KnownOIDs;

26


27
import java.nio.file.Files;

28
import java.nio.file.Path;

29
import java.util.ArrayList;

30
import java.util.List;

31
import java.util.Map;

32


33
import static jdk.test.lib.security.DerUtils.*;

34
import static sun.security.util.KnownOIDs.*;

35


36
/*

37
 * @test

38
 * @bug 8076190 8242151 8153005 8266293

39
 * @library /test/lib

40
 * @modules java.base/sun.security.pkcs

41
 *          java.base/sun.security.util

42
 * @summary Checks the preferences order of pkcs12 params, whether it's

43
 *          a system property or a security property, whether the name has

44
 *          "pkcs12" or "PKCS12", whether the legacy property is set.

45
 */

46
public class ParamsPreferences {

47


48
    public static final void main(String[] args) throws Exception {

49
        int c = 0;

50


51
        // default

52
        test(c++,

53
                Map.of(),

54
                Map.of(),

55
                PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,

56
                PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,

57
                SHA_256, 10000);

58


59
        // legacy settings

60
        test(c++,

61
                Map.of("keystore.pkcs12.legacy", ""),

62
                Map.of(),

63
                PBEWithSHA1AndRC2_40, 50000,

64
                PBEWithSHA1AndDESede, 50000,

65
                SHA_1, 100000);

66


67
        // legacy override everything else

68
        test(c++,

69
                Map.of("keystore.pkcs12.legacy", "",

70
                        "keystore.pkcs12.certProtectionAlgorithm", "PBEWithHmacSHA256AndAES_128",

71
                        "keystore.pkcs12.certPbeIterationCount", 3000,

72
                        "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithHmacSHA256AndAES_128",

73
                        "keystore.pkcs12.keyPbeIterationCount", 4000,

74
                        "keystore.pkcs12.macAlgorithm", "HmacPBESHA384",

75
                        "keystore.pkcs12.macIterationCount", 2000),

76
                Map.of(),

77
                PBEWithSHA1AndRC2_40, 50000,

78
                PBEWithSHA1AndDESede, 50000,

79
                SHA_1, 100000);

80


81
        // password-less with system property

82
        test(c++,

83
                Map.of("keystore.pkcs12.certProtectionAlgorithm", "NONE",

84
                        "keystore.pkcs12.macAlgorithm", "NONE"),

85
                Map.of(),

86
                null,

87
                PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,

88
                null);

89


90
        // password-less with security property

91
        test(c++,

92
                Map.of(),

93
                Map.of("keystore.pkcs12.certProtectionAlgorithm", "NONE",

94
                        "keystore.pkcs12.macAlgorithm", "NONE"),

95
                null,

96
                PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,

97
                null);

98


99
        // back to with storepass by overriding security property with system property

100
        test(c++,

101
                Map.of("keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndDESede",

102
                        "keystore.pkcs12.macAlgorithm", "HmacPBESHA256"),

103
                Map.of("keystore.pkcs12.certProtectionAlgorithm", "NONE",

104
                        "keystore.pkcs12.macAlgorithm", "NONE"),

105
                PBEWithSHA1AndDESede, 10000,

106
                PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,

107
                SHA_256, 10000);

108


109
        // back to with storepass by using "" to force hardcoded default

110
        test(c++,

111
                Map.of("keystore.pkcs12.certProtectionAlgorithm", "",

112
                        "keystore.pkcs12.keyProtectionAlgorithm", "",

113
                        "keystore.pkcs12.macAlgorithm", ""),

114
                Map.of("keystore.pkcs12.certProtectionAlgorithm", "NONE",

115
                        "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",

116
                        "keystore.pkcs12.macAlgorithm", "NONE"),

117
                PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,

118
                PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,

119
                SHA_256, 10000);

120


121
        // change everything with system property

122
        test(c++,

123
                Map.of("keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndDESede",

124
                        "keystore.pkcs12.certPbeIterationCount", 3000,

125
                        "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",

126
                        "keystore.pkcs12.keyPbeIterationCount", 4000,

127
                        "keystore.pkcs12.macAlgorithm", "HmacPBESHA256",

128
                        "keystore.pkcs12.macIterationCount", 2000),

129
                Map.of(),

130
                PBEWithSHA1AndDESede, 3000,

131
                PBEWithSHA1AndRC2_40, 4000,

132
                SHA_256, 2000);

133


134
        // change everything with security property

135
        test(c++,

136
                Map.of(),

137
                Map.of("keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndDESede",

138
                        "keystore.pkcs12.certPbeIterationCount", 3000,

139
                        "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",

140
                        "keystore.pkcs12.keyPbeIterationCount", 4000,

141
                        "keystore.pkcs12.macAlgorithm", "HmacPBESHA256",

142
                        "keystore.pkcs12.macIterationCount", 2000),

143
                PBEWithSHA1AndDESede, 3000,

144
                PBEWithSHA1AndRC2_40, 4000,

145
                SHA_256, 2000);

146


147
        // override security property with system property

148
        test(c++,

149
                Map.of("keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndDESede",

150
                        "keystore.pkcs12.certPbeIterationCount", 13000,

151
                        "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40",

152
                        "keystore.pkcs12.keyPbeIterationCount", 14000,

153
                        "keystore.pkcs12.macAlgorithm", "HmacPBESHA256",

154
                        "keystore.pkcs12.macIterationCount", 12000),

155
                Map.of("keystore.pkcs12.certProtectionAlgorithm", "PBEWithSHA1AndRC2_40",

156
                        "keystore.pkcs12.certPbeIterationCount", 3000,

157
                        "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndDESede",

158
                        "keystore.pkcs12.keyPbeIterationCount", 4000,

159
                        "keystore.pkcs12.macAlgorithm", "HmacPBESHA1",

160
                        "keystore.pkcs12.macIterationCount", 2000),

161
                PBEWithSHA1AndDESede, 13000,

162
                PBEWithSHA1AndRC2_40, 14000,

163
                SHA_256, 12000);

164


165
        // check keyProtectionAlgorithm old behavior. Preferences of

166
        // 4 different settings.

167


168
        test(c++,

169
                Map.of(),

170
                Map.of("keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128"),

171
                PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,

172
                PBEWithSHA1AndRC2_128, 10000,

173
                SHA_256, 10000);

174
        test(c++,

175
                Map.of(),

176
                Map.of("keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",

177
                        "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40"),

178
                PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,

179
                PBEWithSHA1AndRC2_40, 10000,

180
                SHA_256, 10000);

181
        test(c++,

182
                Map.of("keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_128"),

183
                Map.of("keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",

184
                        "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40"),

185
                PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,

186
                PBEWithSHA1AndRC4_128, 10000,

187
                SHA_256, 10000);

188
        test(c++,

189
                Map.of("keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_128",

190
                        "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC4_40"),

191
                Map.of("keystore.PKCS12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_128",

192
                        "keystore.pkcs12.keyProtectionAlgorithm", "PBEWithSHA1AndRC2_40"),

193
                PBES2, HmacSHA256, AES_256$CBC$NoPadding, 10000,

194
                PBEWithSHA1AndRC4_40, 10000,

195
                SHA_256, 10000);

196


197
        // 8266293

198
        test(c++,

199
                Map.of("keystore.pkcs12.keyProtectionAlgorithm", "PBEWithMD5AndDES",

200
                        "keystore.pkcs12.certProtectionAlgorithm", "PBEWithMD5AndDES"),

201
                Map.of(),

202
                PBEWithMD5AndDES, 10000,

203
                PBEWithMD5AndDES, 10000,

204
                SHA_256, 10000);

205
    }

206


207
    /**

208
     * Run once.

209
     *

210
     * @param sysProps system properties

211
     * @param secProps security properties

212
     * @param args     an array expected certPbeAlg (sub algs), certPbeIC,

213
     *                 keyPbeAlg (sub algs), keyPbeIc, macAlg, macIC.

214
     */

215
    static void test(int n, Map<String, ?> sysProps,

216
                     Map<String, ?> secProps,

217
                     Object... args) throws Exception {

218


219
        String cmd = "-keystore ks" + n + " -genkeypair -keyalg EC "

220
                + "-alias a -dname CN=A -storepass changeit "

221
                + "-J-Djava.security.properties=" + n + ".conf";

222


223
        for (var p : sysProps.entrySet()) {

224
            cmd += " -J-D" + p.getKey() + "=" + p.getValue();

225
        }

226


227
        List<String> jsConf = new ArrayList<>();

228
        for (var p : secProps.entrySet()) {

229
            jsConf.add(p.getKey() + "=" + p.getValue());

230
        }

231
        Files.write(Path.of(n + ".conf"), jsConf);

232
        System.out.println("--------- test starts ----------");

233
        System.out.println(jsConf);

234
        SecurityTools.keytool(cmd).shouldHaveExitValue(0);

235


236
        int i = 0;

237
        byte[] data = Files.readAllBytes(Path.of("ks" + n));

238


239
        // cert pbe alg + ic

240
        KnownOIDs certAlg = (KnownOIDs)args[i++];

241
        if (certAlg == null) {

242
            checkAlg(data, "110c10", Data);

243
        } else {

244
            checkAlg(data, "110c10", EncryptedData);

245
            checkAlg(data, "110c110110", certAlg);

246
            if (certAlg == PBES2) {

247
                checkAlg(data, "110c11011100", PBKDF2WithHmacSHA1);

248
                checkAlg(data, "110c1101110130", (KnownOIDs)args[i++]);

249
                checkAlg(data, "110c11011110", (KnownOIDs)args[i++]);

250
                checkInt(data, "110c110111011", (int) args[i++]);

251
            } else {

252
                checkInt(data, "110c1101111", (int) args[i++]);

253
            }

254
        }

255


256
        // key pbe alg + ic

257
        KnownOIDs keyAlg = (KnownOIDs)args[i++];

258
        checkAlg(data, "110c010c01000", keyAlg);

259
        if (keyAlg == PBES2) {

260
            checkAlg(data, "110c010c0100100", PBKDF2WithHmacSHA1);

261
            checkAlg(data, "110c010c010010130", (KnownOIDs)args[i++]);

262
            checkAlg(data, "110c010c0100110", (KnownOIDs)args[i++]);

263
            checkInt(data, "110c010c01001011", (int) args[i++]);

264
        } else {

265
            checkInt(data, "110c010c010011", (int) args[i++]);

266
        }

267


268
        // mac alg + ic

269
        KnownOIDs macAlg = (KnownOIDs)args[i++];

270
        if (macAlg == null) {

271
            shouldNotExist(data, "2");

272
        } else {

273
            checkAlg(data, "2000", macAlg);

274
            checkInt(data, "22", (int) args[i++]);

275
        }

276
    }

277
}

278


279