Path: blob/master/test/jdk/sun/security/tools/jarsigner/DefaultSigalg.java
41152 views
/*1* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/**24* @test25* @bug 805781026* @summary New defaults for DSA keys in jarsigner and keytool27* @modules java.base/sun.security.pkcs28* java.base/sun.security.tools.keytool29* java.base/sun.security.util30* java.base/sun.security.x50931* jdk.jartool/sun.security.tools.jarsigner32* jdk.jartool/sun.tools.jar33*/3435import sun.security.pkcs.PKCS7;36import sun.security.util.KeyUtil;3738import java.io.FileInputStream;39import java.io.InputStream;40import java.nio.file.Files;41import java.nio.file.Paths;42import java.security.KeyStore;43import java.security.cert.X509Certificate;44import java.util.jar.JarFile;4546public class DefaultSigalg {4748public static void main(String[] args) throws Exception {4950// Three test cases51String[] keyalgs = {"DSA", "RSA", "EC"};52// Expected default keytool sigalg53String[] sigalgs = {"SHA256withDSA", "SHA256withRSA", "SHA256withECDSA"};54// Expected keysizes55int[] keysizes = {2048, 2048, 256};56// Expected jarsigner digest alg used in signature57String[] digestalgs = {"SHA-256", "SHA-256", "SHA-256"};5859// Create a jar file60sun.tools.jar.Main m =61new sun.tools.jar.Main(System.out, System.err, "jar");62Files.write(Paths.get("x"), new byte[10]);63if (!m.run("cvf a.jar x".split(" "))) {64throw new Exception("jar creation failed");65}6667// Generate keypairs and sign the jar68Files.deleteIfExists(Paths.get("jks"));69for (String keyalg: keyalgs) {70sun.security.tools.keytool.Main.main(71("-keystore jks -storepass changeit -keypass changeit " +72"-dname CN=A -alias " + keyalg + " -genkeypair " +73"-keyalg " + keyalg).split(" "));74sun.security.tools.jarsigner.Main.main(75("-keystore jks -storepass changeit a.jar " + keyalg).split(" "));76}7778// Check result79KeyStore ks = KeyStore.getInstance("JKS");80try (FileInputStream jks = new FileInputStream("jks");81JarFile jf = new JarFile("a.jar")) {82ks.load(jks, "changeit".toCharArray());83for (int i = 0; i<keyalgs.length; i++) {84String keyalg = keyalgs[i];85// keytool86X509Certificate c = (X509Certificate) ks.getCertificate(keyalg);87String sigalg = c.getSigAlgName();88if (!sigalg.equals(sigalgs[i])) {89throw new Exception(90"keytool sigalg for " + keyalg + " is " + sigalg);91}92int keysize = KeyUtil.getKeySize(c.getPublicKey());93if (keysize != keysizes[i]) {94throw new Exception(95"keytool keysize for " + keyalg + " is " + keysize);96}97// jarsigner98String bk = "META-INF/" + keyalg + "." + keyalg;99try (InputStream is = jf.getInputStream(jf.getEntry(bk))) {100String digestalg = new PKCS7(is).getSignerInfos()[0]101.getDigestAlgorithmId().toString();102if (!digestalg.equals(digestalgs[i])) {103throw new Exception(104"jarsigner digest of sig for " + keyalg105+ " is " + digestalg);106}107}108}109}110}111}112113114