Path: blob/master/test/jdk/sun/security/tools/keytool/fakegen/PSS.java
41155 views
/*1* Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 8215694 8222987 822525726* @summary keytool cannot generate RSASSA-PSS certificates27* @library /test/lib28* @build java.base/sun.security.rsa.RSAKeyPairGenerator29* @modules java.base/sun.security.util30* java.base/sun.security.x50931* @run main PSS32*/3334import jdk.test.lib.Asserts;35import jdk.test.lib.SecurityTools;36import jdk.test.lib.process.OutputAnalyzer;37import jdk.test.lib.security.DerUtils;38import sun.security.util.ObjectIdentifier;39import sun.security.x509.AlgorithmId;4041import java.io.File;42import java.security.KeyStore;43import java.security.cert.X509Certificate;4445public class PSS {4647public static void main(String[] args) throws Exception {4849genkeypair("p", "-keyalg RSASSA-PSS -sigalg RSASSA-PSS")50.shouldHaveExitValue(0);5152genkeypair("a", "-keyalg RSA -sigalg RSASSA-PSS -keysize 2048")53.shouldHaveExitValue(0);5455genkeypair("b", "-keyalg RSA -sigalg RSASSA-PSS -keysize 4096")56.shouldHaveExitValue(0);5758genkeypair("c", "-keyalg RSA -sigalg RSASSA-PSS -keysize 8192")59.shouldHaveExitValue(0);6061KeyStore ks = KeyStore.getInstance(62new File("ks"), "changeit".toCharArray());6364check((X509Certificate)ks.getCertificate("p"), "RSASSA-PSS",65AlgorithmId.SHA256_oid);6667check((X509Certificate)ks.getCertificate("a"), "RSA",68AlgorithmId.SHA256_oid);6970check((X509Certificate)ks.getCertificate("b"), "RSA",71AlgorithmId.SHA384_oid);7273check((X509Certificate)ks.getCertificate("c"), "RSA",74AlgorithmId.SHA512_oid);7576// More commands77kt("-certreq -alias p -sigalg RSASSA-PSS -file p.req")78.shouldHaveExitValue(0);7980kt("-gencert -alias a -sigalg RSASSA-PSS -infile p.req -outfile p.cert")81.shouldHaveExitValue(0);8283kt("-importcert -alias p -file p.cert")84.shouldHaveExitValue(0);8586kt("-selfcert -alias p -sigalg RSASSA-PSS")87.shouldHaveExitValue(0);88}8990static OutputAnalyzer genkeypair(String alias, String options)91throws Exception {92String patchArg = "-J--patch-module=java.base=" + System.getProperty("test.classes")93+ File.separator + "patches" + File.separator + "java.base";94return kt(patchArg + " -genkeypair -alias " + alias95+ " -dname CN=" + alias + " " + options);96}9798static OutputAnalyzer kt(String cmd)99throws Exception {100return SecurityTools.keytool("-storepass changeit -keypass changeit "101+ "-keystore ks " + cmd);102}103104static void check(X509Certificate cert, String expectedKeyAlg,105ObjectIdentifier expectedMdAlg) throws Exception {106Asserts.assertEQ(cert.getPublicKey().getAlgorithm(), expectedKeyAlg);107Asserts.assertEQ(cert.getSigAlgName(), "RSASSA-PSS");108DerUtils.checkAlg(cert.getSigAlgParams(), "000", expectedMdAlg);109}110}111112113