diff --git a/test/jdk/sun/security/mscapi/KeyStoreCompatibilityMode.java b/test/jdk/sun/security/mscapi/KeyStoreCompatibilityMode.java index b18abca674fbcb97972bf8698209919206f7aa96..573cf9fad0b675ebd01ee623a7b38375ccffbad3 100644 --- a/test/jdk/sun/security/mscapi/KeyStoreCompatibilityMode.java +++ b/test/jdk/sun/security/mscapi/KeyStoreCompatibilityMode.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,8 +22,15 @@ */ /** - * @see KeyStoreCompatibilityMode.sh - */ + * @test + * @bug 6324294 6931562 8180570 + * @requires os.family == "windows" + * @run main KeyStoreCompatibilityMode + * @run main/othervm -Dsun.security.mscapi.keyStoreCompatibilityMode=true KeyStoreCompatibilityMode + * @run main/othervm -Dsun.security.mscapi.keyStoreCompatibilityMode=false KeyStoreCompatibilityMode -disable + * @summary Confirm that a null stream or password is not permitted when + * compatibility mode is enabled (and vice versa). +*/ import java.io.*; import java.security.Provider; diff --git a/test/jdk/sun/security/mscapi/KeyStoreCompatibilityMode.sh b/test/jdk/sun/security/mscapi/KeyStoreCompatibilityMode.sh deleted file mode 100644 index 80a9d5654200d4a9167be248285577632da24305..0000000000000000000000000000000000000000 --- a/test/jdk/sun/security/mscapi/KeyStoreCompatibilityMode.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -# @test -# @bug 6324294 6931562 -# @requires os.family == "windows" -# @run shell KeyStoreCompatibilityMode.sh -# @summary Confirm that a null stream or password is not permitted when -# compatibility mode is enabled (and vice versa). - -OS=`uname -s` -case "$OS" in - Windows* | CYGWIN* ) - - # 'uname -m' does not give us enough information - - # should rely on $PROCESSOR_IDENTIFIER (as is done in Defs-windows.gmk), - # but JTREG does not pass this env variable when executing a shell script. - # - # execute test program - rely on it to exit if platform unsupported - - ${TESTJAVA}/bin/javac -d . ${TESTSRC}\\KeyStoreCompatibilityMode.java - - # mode implicitly enabled - ${TESTJAVA}/bin/java ${TESTVMOPTS} KeyStoreCompatibilityMode - - # mode explicitly enabled - ${TESTJAVA}/bin/java ${TESTVMOPTS} \ - -Dsun.security.mscapi.keyStoreCompatibilityMode="true" \ - KeyStoreCompatibilityMode - - # mode explicitly disabled - ${TESTJAVA}/bin/java ${TESTVMOPTS} \ - -Dsun.security.mscapi.keyStoreCompatibilityMode="false" \ - KeyStoreCompatibilityMode -disable - - exit - ;; - - * ) - echo "This test is not intended for '$OS' - passing test" - exit 0 - ;; -esac - diff --git a/test/jdk/sun/security/mscapi/KeytoolChangeAlias.java b/test/jdk/sun/security/mscapi/KeytoolChangeAlias.java new file mode 100644 index 0000000000000000000000000000000000000000..7b48dca9b7a5f018bd84483c652ee4330105de20 --- /dev/null +++ b/test/jdk/sun/security/mscapi/KeytoolChangeAlias.java @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import jdk.test.lib.SecurityTools; + +import java.security.KeyStore; + +/* + * @test + * @bug 6415696 6931562 8180570 + * @requires os.family == "windows" + * @library /test/lib + * @library /test/jdk/java/security/testlibrary + * @summary Test "keytool -changealias" using the Microsoft CryptoAPI provider. + */ +public class KeytoolChangeAlias { + public static void main(String[] args) throws Exception { + + KeyStore ks = KeyStore.getInstance("Windows-MY"); + ks.load(null, null); + + try { + ks.setCertificateEntry("246810", CertUtils.getCertFromFile("246810.cer")); + + if (ks.containsAlias("13579")) { + ks.deleteEntry("13579"); + } + + int before = ks.size(); + + ks.store(null, null); // no-op, but let's do it before a keytool command + + SecurityTools.keytool("-changealias", + "-storetype", "Windows-My", + "-alias", "246810", + "-destalias", "13579").shouldHaveExitValue(0); + + ks.load(null, null); + + if (ks.size() != before) { + throw new Exception("error: unexpected number of entries in the " + + "Windows-MY store. Before: " + before + + ". After: " + ks.size()); + } + + if (!ks.containsAlias("13579")) { + throw new Exception("error: cannot find the new alias name" + + " in the Windows-MY store"); + } + } finally { + ks.deleteEntry("13579"); + ks.deleteEntry("246810"); + ks.store(null, null); + } + } +} diff --git a/test/jdk/sun/security/mscapi/KeytoolChangeAlias.sh b/test/jdk/sun/security/mscapi/KeytoolChangeAlias.sh deleted file mode 100644 index 1996490109c54d6114ac013171ecd50fdc00886e..0000000000000000000000000000000000000000 --- a/test/jdk/sun/security/mscapi/KeytoolChangeAlias.sh +++ /dev/null @@ -1,135 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - - -# @test -# @bug 6415696 6931562 -# @requires os.family == "windows" -# @run shell KeytoolChangeAlias.sh -# @summary Test "keytool -changealias" using the Microsoft CryptoAPI provider. - -# set a few environment variables so that the shell-script can run stand-alone -# in the source directory -if [ "${TESTSRC}" = "" ] ; then - TESTSRC="." -fi - -if [ "${TESTCLASSES}" = "" ] ; then - TESTCLASSES="." -fi - -if [ "${TESTJAVA}" = "" ] ; then - echo "TESTJAVA not set. Test cannot execute." - echo "FAILED!!!" - exit 1 -fi - -OS=`uname -s` -case "$OS" in - Windows* | CYGWIN* ) - - # 'uname -m' does not give us enough information - - # should rely on $PROCESSOR_IDENTIFIER (as is done in Defs-windows.gmk), - # but JTREG does not pass this env variable when executing a shell script. - # - # execute test program - rely on it to exit if platform unsupported - - echo "Creating the alias '246810' in the Windows-My store..." - ${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} \ - -import \ - -storetype Windows-My \ - -file ${TESTSRC}/246810.cer \ - -alias 246810 \ - -noprompt - - if [ $? -ne 0 ] ; then - exit $? - fi - - echo "Removing the alias '13579', if it is already present..." - ${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} \ - -list \ - -storetype Windows-My \ - -alias 13579 > /dev/null 2>&1 - - if [ $? ] ; then - ${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} \ - -delete \ - -storetype Windows-My \ - -alias 13579 \ - -noprompt - fi - - echo "Counting the entries in the store..." - count=`${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -list -storetype Windows-My | wc -l` - before=$count - - echo "Changing the alias name from '246810' to '13579'..." - - ${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} \ - -changealias \ - -storetype Windows-My \ - -alias 246810 \ - -destalias 13579 - - if [ $? -ne 0 ] ; then - exit $? - fi - - echo "Re-counting the entries in the store..." - count=`${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -list -storetype Windows-My | wc -l` - after=$count - - if [ ! $before = $after ]; then - echo "error: unexpected number of entries in the Windows-MY store" - exit 101 - fi - - echo "Confirming that the new alias is present..." - ${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} \ - -list \ - -storetype Windows-My \ - -alias 13579 > /dev/null 2>&1 - - if [ $? -ne 0 ] ; then - echo "error: cannot find the new alias name in the Windows-MY store" - exit 102 - fi - - echo "Removing the new alias '13579'..." - ${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} \ - -delete \ - -storetype Windows-My \ - -alias 13579 > /dev/null 2>&1 - - echo done. - exit 0 - ;; - - * ) - echo "This test is not intended for '$OS' - passing test" - exit 0 - ;; -esac diff --git a/test/jdk/sun/security/mscapi/PublicKeyInterop.java b/test/jdk/sun/security/mscapi/PublicKeyInterop.java index 6fb05bdaf10df55342bd9865b32ecff477844f6d..6f0b4bc85c9a36aaa6889613575b57d12847af11 100644 --- a/test/jdk/sun/security/mscapi/PublicKeyInterop.java +++ b/test/jdk/sun/security/mscapi/PublicKeyInterop.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,13 +22,19 @@ */ /** - * @see PublicKeyInterop.sh + * @test + * @bug 6888925 8180570 + * @summary SunMSCAPI's Cipher can't use RSA public keys obtained from other sources. + * @requires os.family == "windows" + * @library /test/lib + * @modules java.base/sun.security.util */ import java.security.*; import java.util.*; import javax.crypto.*; +import jdk.test.lib.SecurityTools; import sun.security.util.HexDumpEncoder; /* @@ -38,12 +44,31 @@ import sun.security.util.HexDumpEncoder; public class PublicKeyInterop { public static void main(String[] arg) throws Exception { + + SecurityTools.keytool("-genkeypair", + "-storetype", "Windows-My", + "-keyalg", "RSA", + "-alias", "6888925", + "-dname", "cn=6888925,c=US", + "-noprompt").shouldHaveExitValue(0); + + try { + run(); + } finally { + KeyStore ks = KeyStore.getInstance("Windows-MY"); + ks.load(null, null); + ks.deleteEntry("6888925"); + ks.store(null, null); + } + } + + static void run() throws Exception { + KeyStore ks = KeyStore.getInstance("Windows-MY"); ks.load(null, null); System.out.println("Loaded keystore: Windows-MY"); - PublicKey myPuKey = - (PublicKey) ks.getCertificate("6888925").getPublicKey(); + PublicKey myPuKey = ks.getCertificate("6888925").getPublicKey(); System.out.println("Public key is a " + myPuKey.getClass().getName()); PrivateKey myPrKey = (PrivateKey) ks.getKey("6888925", null); System.out.println("Private key is a " + myPrKey.getClass().getName()); diff --git a/test/jdk/sun/security/mscapi/PublicKeyInterop.sh b/test/jdk/sun/security/mscapi/PublicKeyInterop.sh deleted file mode 100644 index aab5ab878449d90616aafe4c04d6e02c2dfa49c3..0000000000000000000000000000000000000000 --- a/test/jdk/sun/security/mscapi/PublicKeyInterop.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -# @test -# @bug 6888925 -# @requires os.family == "windows" -# @run shell PublicKeyInterop.sh -# @summary SunMSCAPI's Cipher can't use RSA public keys obtained from other -# sources. -# - -# set a few environment variables so that the shell-script can run stand-alone -# in the source directory -if [ "${TESTSRC}" = "" ] ; then - TESTSRC="." -fi - -if [ "${TESTCLASSES}" = "" ] ; then - TESTCLASSES="." -fi - -if [ "${TESTJAVA}" = "" ] ; then - echo "TESTJAVA not set. Test cannot execute." - echo "FAILED!!!" - exit 1 -fi - -OS=`uname -s` -case "$OS" in - Windows* | CYGWIN* ) - - echo "Creating a temporary RSA keypair in the Windows-My store..." - ${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} \ - -genkeypair \ - -storetype Windows-My \ - -keyalg RSA \ - -alias 6888925 \ - -dname "cn=6888925,c=US" \ - -noprompt - - echo - echo "Running the test..." - ${TESTJAVA}/bin/javac --add-exports java.base/sun.security.util=ALL-UNNAMED \ - ${TESTTOOLVMOPTS} ${TESTJAVACOPTS} -d . ${TESTSRC}\\PublicKeyInterop.java - ${TESTJAVA}/bin/java --add-exports java.base/sun.security.util=ALL-UNNAMED \ - ${TESTVMOPTS} PublicKeyInterop - - rc=$? - - echo - echo "Removing the temporary RSA keypair from the Windows-My store..." - ${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} \ - -delete \ - -storetype Windows-My \ - -alias 6888925 - - echo done. - exit $rc - ;; - - * ) - echo "This test is not intended for '$OS' - passing test" - exit 0 - ;; -esac diff --git a/test/jdk/sun/security/mscapi/RSAEncryptDecrypt.java b/test/jdk/sun/security/mscapi/RSAEncryptDecrypt.java index 5b23c253c51add7f97f348f504676023838e32c5..18ad012ff9a9041837f4dc5219da526df7b37b19 100644 --- a/test/jdk/sun/security/mscapi/RSAEncryptDecrypt.java +++ b/test/jdk/sun/security/mscapi/RSAEncryptDecrypt.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,7 +23,12 @@ /** - * @see RSAEncryptDecrypt.sh + * @test + * @bug 6457422 6931562 8180570 + * @summary Confirm that plaintext can be encrypted and then decrypted using the + * RSA cipher in the SunMSCAPI crypto provider. NOTE: The RSA cipher is + * absent from the SunMSCAPI provider in OpenJDK builds. + * @requires os.family == "windows" */ import javax.crypto.Cipher; diff --git a/test/jdk/sun/security/mscapi/RSAEncryptDecrypt.sh b/test/jdk/sun/security/mscapi/RSAEncryptDecrypt.sh deleted file mode 100644 index 9c5efb656b80bc2830eeaaea4652c9b84c152b40..0000000000000000000000000000000000000000 --- a/test/jdk/sun/security/mscapi/RSAEncryptDecrypt.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - -# @test -# @bug 6457422 6931562 -# @requires os.family == "windows" -# @run shell RSAEncryptDecrypt.sh -# @summary Confirm that plaintext can be encrypted and then decrypted using the -# RSA cipher in the SunMSCAPI crypto provider. NOTE: The RSA cipher is -# absent from the SunMSCAPI provider in OpenJDK builds. - -# set a few environment variables so that the shell-script can run stand-alone -# in the source directory -if [ "${TESTSRC}" = "" ] ; then - TESTSRC="." -fi - -if [ "${TESTCLASSES}" = "" ] ; then - TESTCLASSES="." -fi - -if [ "${TESTJAVA}" = "" ] ; then - echo "TESTJAVA not set. Test cannot execute." - echo "FAILED!!!" - exit 1 -fi - - -OS=`uname -s` -case "$OS" in - Windows* | CYGWIN* ) - - # - # Workaround for 6449799 - # - if [ "${SystemDrive}" = "" ]; then - SystemRoot="`dosname "${SystemRoot}"`" - export SystemRoot - SystemDrive="`echo ${SystemRoot} | cut -d'/' -f1`" - export SystemDrive - fi - - # 'uname -m' does not give us enough information - - # should rely on $PROCESSOR_IDENTIFIER (as is done in - # Defs-windows.gmk), but JTREG does not pass this env variable - # when executing a shell script. - # - # execute test program - rely on it to exit if platform - # unsupported - - ${TESTJAVA}/bin/javac -d . ${TESTSRC}\\RSAEncryptDecrypt.java - ${TESTJAVA}/bin/java ${TESTVMOPTS} RSAEncryptDecrypt - exit - ;; - - * ) - echo "This test is not intended for '$OS' - passing test" - exit 0 - ;; -esac - diff --git a/test/jdk/sun/security/mscapi/ShortRSAKey1024.sh b/test/jdk/sun/security/mscapi/ShortRSAKey1024.sh deleted file mode 100644 index 67f5ecba390c53e9f523745bfc5c490512826539..0000000000000000000000000000000000000000 --- a/test/jdk/sun/security/mscapi/ShortRSAKey1024.sh +++ /dev/null @@ -1,116 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - - -# @test -# @bug 7106773 -# @summary 512 bits RSA key cannot work with SHA384 and SHA512 -# @requires os.family == "windows" -# @run shell ShortRSAKey1024.sh 1024 -# @run shell ShortRSAKey1024.sh 768 -# @run shell ShortRSAKey1024.sh 512 - -# set a few environment variables so that the shell-script can run stand-alone -# in the source directory -if [ "${TESTSRC}" = "" ] ; then - TESTSRC="." -fi - -if [ "${TESTCLASSES}" = "" ] ; then - TESTCLASSES="." -fi - -if [ "${TESTJAVA}" = "" ] ; then - echo "TESTJAVA not set. Test cannot execute." - echo "FAILED!!!" - exit 1 -fi - -OS=`uname -s` -case "$OS" in - AIX | CYGWIN* | Darwin | Linux | SunOS ) - FS="/" - ;; - Windows_* ) - FS="\\" - ;; -esac - -BITS=$1 - -case "$OS" in - Windows* | CYGWIN* ) - - echo "Removing the keypair if it already exists (for unknown reason)..." - ${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} \ - -delete \ - -storetype Windows-My \ - -debug \ - -alias 7106773.$BITS - - echo "Creating a temporary RSA keypair in the Windows-My store..." - ${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} \ - -genkeypair \ - -storetype Windows-My \ - -keyalg RSA \ - -alias 7106773.$BITS \ - -keysize $BITS \ - -dname "cn=localhost,c=US" \ - -debug \ - -noprompt - - if [ "$?" -ne "0" ]; then - echo "Unable to generate key pair in Windows-My keystore" - exit 1 - fi - - echo - echo "Running the test..." - ${TESTJAVA}${FS}bin${FS}javac --add-exports java.base/sun.security.util=ALL-UNNAMED \ - ${TESTTOOLVMOPTS} ${TESTJAVACOPTS} -d . \ - ${TESTSRC}${FS}ShortRSAKeyWithinTLS.java - ${TESTJAVA}${FS}bin${FS}java --add-exports java.base/sun.security.util=ALL-UNNAMED \ - ${TESTVMOPTS} ShortRSAKeyWithinTLS 7106773.$BITS $BITS \ - TLSv1.2 TLS_DHE_RSA_WITH_AES_128_CBC_SHA - - rc=$? - - echo - echo "Removing the temporary RSA keypair from the Windows-My store..." - ${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} \ - -delete \ - -storetype Windows-My \ - -debug \ - -alias 7106773.$BITS - - echo "Done". - exit $rc - ;; - - * ) - echo "This test is not intended for '$OS' - passing test" - exit 0 - ;; -esac diff --git a/test/jdk/sun/security/mscapi/ShortRSAKeyWithinTLS.java b/test/jdk/sun/security/mscapi/ShortRSAKeyWithinTLS.java index 4a66abb290d3d569bb4cb5b2de7bf963e58fa77b..7b063a0047124f24569540dd5f5adc115853560d 100644 --- a/test/jdk/sun/security/mscapi/ShortRSAKeyWithinTLS.java +++ b/test/jdk/sun/security/mscapi/ShortRSAKeyWithinTLS.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,15 +21,30 @@ * questions. */ +/* + * @test + * @bug 7106773 8180570 + * @summary 512 bits RSA key cannot work with SHA384 and SHA512 + * @requires os.family == "windows" + * @modules java.base/sun.security.util + * java.base/sun.security.tools.keytool + * java.base/sun.security.x509 + * @run main ShortRSAKeyWithinTLS 1024 + * @run main ShortRSAKeyWithinTLS 768 + * @run main ShortRSAKeyWithinTLS 512 + */ import java.io.*; import java.net.*; +import java.security.cert.Certificate; import java.util.*; import java.security.*; import java.security.cert.*; import javax.net.*; import javax.net.ssl.*; +import sun.security.tools.keytool.CertAndKeyGen; import sun.security.util.KeyUtil; +import sun.security.x509.X500Name; public class ShortRSAKeyWithinTLS { @@ -217,28 +232,37 @@ public class ShortRSAKeyWithinTLS { private static String clientProtocol = null; private static String clientCiperSuite = null; - private static void parseArguments(String[] args) { - keyAlias = args[0]; - keySize = Integer.parseInt(args[1]); - - if (args.length > 2) { - clientProtocol = args[2]; - } - - if (args.length > 3) { - clientCiperSuite = args[3]; - } - } - public static void main(String[] args) throws Exception { if (debug) { System.setProperty("javax.net.debug", "all"); } - // Get the customized arguments. - parseArguments(args); + keyAlias = "7106773." + args[0]; + keySize = Integer.parseInt(args[0]); - new ShortRSAKeyWithinTLS(); + KeyStore ks = KeyStore.getInstance("Windows-MY"); + ks.load(null, null); + if (ks.containsAlias(keyAlias)) { + ks.deleteEntry(keyAlias); + } + + CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA"); + gen.generate(keySize); + + ks.setKeyEntry(keyAlias, gen.getPrivateKey(), null, + new Certificate[] { + gen.getSelfCertificate(new X500Name("cn=localhost,c=US"), 100) + }); + + clientProtocol = "TLSv1.2"; + clientCiperSuite = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; + + try { + new ShortRSAKeyWithinTLS(); + } finally { + ks.deleteEntry(keyAlias); + ks.store(null, null); + } } Thread clientThread = null; diff --git a/test/jdk/sun/security/mscapi/SignUsingSHA2withRSA.java b/test/jdk/sun/security/mscapi/SignUsingSHA2withRSA.java index 90973ecce4d5439d23e6e5f3da287f536d5c4b13..3a2c7472cb72a0a366ce7cbb22b20faf9480a3cb 100644 --- a/test/jdk/sun/security/mscapi/SignUsingSHA2withRSA.java +++ b/test/jdk/sun/security/mscapi/SignUsingSHA2withRSA.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -22,10 +22,19 @@ */ /** - * @see SignUsingSHA2withRSA.sh + * @test + * @bug 6753664 8180570 + * @summary Support SHA256 (and higher) in SunMSCAPI + * @requires os.family == "windows" + * @modules java.base/sun.security.tools.keytool + * java.base/sun.security.x509 */ +import sun.security.tools.keytool.CertAndKeyGen; +import sun.security.x509.X500Name; + import java.security.*; +import java.security.cert.Certificate; import java.util.*; public class SignUsingSHA2withRSA { @@ -37,6 +46,29 @@ public class SignUsingSHA2withRSA { private static List generatedSignatures = new ArrayList<>(); public static void main(String[] args) throws Exception { + KeyStore ks = KeyStore.getInstance("Windows-MY"); + ks.load(null, null); + if (ks.containsAlias("6753664")) { + ks.deleteEntry("6753664"); + } + + CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA"); + gen.generate(2048); + + ks.setKeyEntry("6753664", gen.getPrivateKey(), null, + new Certificate[] { + gen.getSelfCertificate(new X500Name("cn=localhost,c=US"), 100) + }); + + try { + run(); + } finally { + ks.deleteEntry("6753664"); + ks.store(null, null); + } + } + + static void run() throws Exception { Provider[] providers = Security.getProviders("Signature.SHA256withRSA"); if (providers == null) { diff --git a/test/jdk/sun/security/mscapi/SignUsingSHA2withRSA.sh b/test/jdk/sun/security/mscapi/SignUsingSHA2withRSA.sh deleted file mode 100644 index 26a0ad2e7a54ca5db9fe5d4085f5818978064e9a..0000000000000000000000000000000000000000 --- a/test/jdk/sun/security/mscapi/SignUsingSHA2withRSA.sh +++ /dev/null @@ -1,84 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - - -# @test -# @bug 6753664 -# @requires os.family == "windows" -# @run shell SignUsingSHA2withRSA.sh -# @summary Support SHA256 (and higher) in SunMSCAPI - -# set a few environment variables so that the shell-script can run stand-alone -# in the source directory -if [ "${TESTSRC}" = "" ] ; then - TESTSRC="." -fi - -if [ "${TESTCLASSES}" = "" ] ; then - TESTCLASSES="." -fi - -if [ "${TESTJAVA}" = "" ] ; then - echo "TESTJAVA not set. Test cannot execute." - echo "FAILED!!!" - exit 1 -fi - -OS=`uname -s` -case "$OS" in - Windows* | CYGWIN* ) - - echo "Creating a temporary RSA keypair in the Windows-My store..." - ${TESTJAVA}/bin/keytool \ - -genkeypair \ - -storetype Windows-My \ - -keyalg RSA \ - -alias 6753664 \ - -dname "cn=6753664,c=US" \ - -noprompt - - echo - echo "Running the test..." - ${TESTJAVA}/bin/javac -d . ${TESTSRC}\\SignUsingSHA2withRSA.java - ${TESTJAVA}/bin/java ${TESTVMOPTS} SignUsingSHA2withRSA - - rc=$? - - echo - echo "Removing the temporary RSA keypair from the Windows-My store..." - ${TESTJAVA}/bin/keytool \ - -delete \ - -storetype Windows-My \ - -alias 6753664 - - echo done. - exit $rc - ;; - - * ) - echo "This test is not intended for '$OS' - passing test" - exit 0 - ;; -esac diff --git a/test/jdk/sun/security/mscapi/nonUniqueAliases/NonUniqueAliases.java b/test/jdk/sun/security/mscapi/nonUniqueAliases/NonUniqueAliases.java new file mode 100644 index 0000000000000000000000000000000000000000..637adf51d99dcce656c30536ac5f383cdd64c2b4 --- /dev/null +++ b/test/jdk/sun/security/mscapi/nonUniqueAliases/NonUniqueAliases.java @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @ignore Uses certutil.exe that isn't guaranteed to be installed + * @bug 6483657 8154113 + * @requires os.family == "windows" + * @library /test/lib + * @summary Test "keytool -list" displays correctly same named certificates + */ + +import jdk.test.lib.process.ProcessTools; + +import java.security.KeyStore; +import java.util.Collections; + +public class NonUniqueAliases { + public static void main(String[] args) throws Throwable { + + try { + String testSrc = System.getProperty("test.src", "."); + + // removing the alias NonUniqueName if it already exists + ProcessTools.executeCommand("certutil", "-user", "-delstore", "MY", + "NonUniqueName"); + + // Importing 1st certificate into MY keystore using certutil tool + ProcessTools.executeCommand("certutil", "-user", "-addstore", "MY", + testSrc + "/nonUniq1.pem"); + + // Importing 2nd certificate into MY keystore using certutil tool + ProcessTools.executeCommand("certutil", "-user", "-addstore", "MY", + testSrc + "/nonUniq2.pem"); + + // Now we have 2 + checkCount(1, 1); + + ProcessTools.executeCommand("certutil", "-user", "-delstore", "MY", + "NonUniqueName"); + + // Now we have 2 + checkCount(0, 0); + } finally { + ProcessTools.executeCommand("certutil", "-user", "-delstore", "MY", + "NonUniqueName"); + } + } + + static void checkCount(int c0, int c1) throws Exception { + + KeyStore ks = KeyStore.getInstance("Windows-MY"); + ks.load(null, null); + + int count0 = 0, count1 = 0; + for (String alias : Collections.list(ks.aliases())) { + if (alias.equals("NonUniqueName")) { + count0++; + } + if (alias.equals("NonUniqueName (1)")) { + count1++; + } + } + if (count0 != c0) { + throw new Exception("error: unexpected number of entries (" + + count0 + ") in the Windows-MY store"); + } + if (count1 != c1) { + throw new Exception("error: unexpected number of entries (" + + count1 + ") in the Windows-MY store"); + } + } +} diff --git a/test/jdk/sun/security/mscapi/nonUniqueAliases/NonUniqueAliases.sh b/test/jdk/sun/security/mscapi/nonUniqueAliases/NonUniqueAliases.sh deleted file mode 100644 index b6e264cbafae5bd17cf4435bda0975116f0bcbb1..0000000000000000000000000000000000000000 --- a/test/jdk/sun/security/mscapi/nonUniqueAliases/NonUniqueAliases.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/sh - -# -# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. -# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -# -# This code is free software; you can redistribute it and/or modify it -# under the terms of the GNU General Public License version 2 only, as -# published by the Free Software Foundation. -# -# This code is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -# version 2 for more details (a copy is included in the LICENSE file that -# accompanied this code). -# -# You should have received a copy of the GNU General Public License version -# 2 along with this work; if not, write to the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -# or visit www.oracle.com if you need additional information or have any -# questions. -# - - -# @test -# @ignore Uses certutil.exe that isn't guaranteed to be installed -# @bug 6483657 -# @requires os.family == "windows" -# @run shell NonUniqueAliases.sh -# @summary Test "keytool -list" displays correcly same named certificates - -# set a few environment variables so that the shell-script can run stand-alone -# in the source directory -if [ "${TESTSRC}" = "" ] ; then - TESTSRC="." -fi - -if [ "${TESTCLASSES}" = "" ] ; then - TESTCLASSES="." -fi - -if [ "${TESTJAVA}" = "" ] ; then - echo "TESTJAVA not set. Test cannot execute." - echo "FAILED!!!" - exit 1 -fi - -OS=`uname -s` -case "$OS" in - Windows* | CYGWIN* ) - - # 'uname -m' does not give us enough information - - # should rely on $PROCESSOR_IDENTIFIER (as is done in Defs-windows.gmk), - # but JTREG does not pass this env variable when executing a shell script. - # - # execute test program - rely on it to exit if platform unsupported - - echo "removing the alias NonUniqueName if it already exists" - certutil -user -delstore MY NonUniqueName - - echo "Importing 1st certificate into MY keystore using certutil tool" - certutil -user -addstore MY ${TESTSRC}/nonUniq1.pem - - echo "Importing 2nd certificate into MY keystore using certutil tool" - certutil -user -addstore MY ${TESTSRC}/nonUniq2.pem - - echo "Listing certificates with keytool" - ${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -list -storetype Windows-My - - echo "Counting expected entries" - count0=`${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -list -storetype Windows-My | grep 'NonUniqueName,' | wc -l` - - if [ ! $count0 = 1 ]; then - echo "error: unexpected number of entries ($count0) in the Windows-MY store" - certutil -user -delstore MY NonUniqueName - exit 115 - fi - - echo "Counting expected entries" - count1=`${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -list -storetype Windows-My | grep 'NonUniqueName (1),' | wc -l` - - if [ ! $count1 = 1 ]; then - echo "error: unexpected number of entries ($count1) in the Windows-MY store" - certutil -user -delstore MY NonUniqueName - exit 116 - fi - - echo "Cleaning up" - certutil -user -delstore MY NonUniqueName - - exit 0 - ;; - - * ) - echo "This test is not intended for '$OS' - passing test" - exit 0 - ;; -esac diff --git a/test/lib/jdk/test/lib/SecurityTools.java b/test/lib/jdk/test/lib/SecurityTools.java index eb5f5018fddb1daa0b6c43dd570062839531acc5..240801fb87f67822d86f81dc715ff6b244cb60cc 100644 --- a/test/lib/jdk/test/lib/SecurityTools.java +++ b/test/lib/jdk/test/lib/SecurityTools.java @@ -43,8 +43,10 @@ public class SecurityTools { private static ProcessBuilder getProcessBuilder(String tool, List args) { JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK(tool) .addVMArg("-Duser.language=en") - .addVMArg("-Duser.country=US") - .addVMArg("-Djava.security.egd=file:/dev/./urandom"); + .addVMArg("-Duser.country=US"); + if (!Platform.isWindows()) { + launcher.addVMArg("-Djava.security.egd=file:/dev/./urandom"); + } for (String arg : args) { if (arg.startsWith("-J")) { launcher.addVMArg(arg.substring(2));