1
/*
2
 * Copyright (c) 2009, 2020, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/*
25
 * @test
26
 * @bug 6870812
27
 * @summary enhance security tools to use ECC algorithm
28
 * @library /test/lib
29
 */
30

31
import jdk.test.lib.SecurityTools;
32
import jdk.test.lib.process.OutputAnalyzer;
33
import jdk.test.lib.util.JarUtils;
34

35
import java.nio.file.Files;
36
import java.nio.file.Path;
37
import java.util.List;
38

39
public class EC {
40
    static OutputAnalyzer kt(String cmd) throws Exception {
41
        return SecurityTools.keytool("-storepass changeit "
42
                + "-keypass changeit -keystore ks " + cmd);
43
    }
44

45
    static void gencert(String owner, String cmd) throws Exception {
46
        kt("-certreq -alias " + owner + " -file tmp.req")
47
                .shouldHaveExitValue(0);
48
        kt("-gencert -infile tmp.req -outfile tmp.cert " + cmd)
49
                .shouldHaveExitValue(0);
50
        kt("-import -alias " + owner + " -file tmp.cert")
51
                .shouldHaveExitValue(0);
52
    }
53

54
    static OutputAnalyzer js(String cmd) throws Exception {
55
        return SecurityTools.jarsigner("-keystore ks -storepass changeit " + cmd);
56
    }
57

58
    public static void main(String[] args) throws Exception {
59
        Files.write(Path.of("A"), List.of("A"));
60
        JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("A"));
61

62
        kt("-alias ca -dname CN=ca -keyalg ec -genkey -validity 300 -ext bc:c")
63
                .shouldHaveExitValue(0);
64
        kt("-alias a -dname CN=a -keyalg ec -genkey")
65
                .shouldHaveExitValue(0);
66
        gencert("a", "-alias ca -validity 300");
67

68
        kt("-alias b -dname CN=b -keyalg ec -genkey")
69
                .shouldHaveExitValue(0);
70
        gencert("b", "-alias ca -validity 300");
71

72
        // Ensure key length sufficient for intended hash (SHA512withECDSA)
73
        kt("-alias c -dname CN=c -keyalg ec -genkey -keysize 521")
74
                .shouldHaveExitValue(0);
75
        gencert("c", "-alias ca -validity 300");
76

77
        kt("-alias x -dname CN=x -keyalg ec -genkey -validity 300")
78
                .shouldHaveExitValue(0);
79
        gencert("x", "-alias ca -validity 300");
80

81
        js("a.jar a -debug -strict").shouldHaveExitValue(0);
82
        js("a.jar b -debug -strict -sigalg SHA256withECDSA").shouldHaveExitValue(0);
83
        js("a.jar c -debug -strict -sigalg SHA512withECDSA").shouldHaveExitValue(0);
84

85
        js("-verify a.jar a -debug -strict").shouldHaveExitValue(0);
86
        js("-verify a.jar b -debug -strict").shouldHaveExitValue(0);
87
        js("-verify a.jar c -debug -strict").shouldHaveExitValue(0);
88

89
        // Not signed by x, should exit with non-zero
90
        js("-verify a.jar x -debug -strict").shouldNotHaveExitValue(0);
91
    }
92
}
93

94