提交 59d86364 编写于 作者: M mduigou

Merge

......@@ -44,7 +44,6 @@ SUNWprivate_1.1 {
Java_sun_nio_ch_EPollArrayWrapper_interrupt;
Java_sun_nio_ch_EPollArrayWrapper_offsetofData;
Java_sun_nio_ch_EPollArrayWrapper_sizeofEPollEvent;
Java_sun_nio_ch_EPoll_init;
Java_sun_nio_ch_EPoll_eventSize;
Java_sun_nio_ch_EPoll_eventsOffset;
Java_sun_nio_ch_EPoll_dataOffset;
......@@ -129,7 +128,6 @@ SUNWprivate_1.1 {
Java_sun_nio_fs_GnomeFileTypeDetector_probeUsingGio;
Java_sun_nio_fs_GnomeFileTypeDetector_initializeGnomeVfs;
Java_sun_nio_fs_GnomeFileTypeDetector_probeUsingGnomeVfs;
Java_sun_nio_fs_LinuxWatchService_init;
Java_sun_nio_fs_LinuxWatchService_eventSize;
Java_sun_nio_fs_LinuxWatchService_eventOffsets;
Java_sun_nio_fs_LinuxWatchService_inotifyInit;
......
......@@ -99,8 +99,6 @@ class EPoll {
// -- Native methods --
private static native void init();
private static native int eventSize();
private static native int eventsOffset();
......@@ -116,6 +114,5 @@ class EPoll {
static {
Util.load();
init();
}
}
......@@ -432,8 +432,6 @@ class LinuxWatchService
// -- native methods --
private static native void init();
// sizeof inotify_event
private static native int eventSize();
......@@ -461,6 +459,5 @@ class LinuxWatchService
System.loadLibrary("nio");
return null;
}});
init();
}
}
......@@ -34,55 +34,7 @@
#include <dlfcn.h>
#include <unistd.h>
#include <sys/types.h>
#ifdef __cplusplus
extern "C" {
#endif
/* epoll_wait(2) man page */
typedef union epoll_data {
void *ptr;
int fd;
__uint32_t u32;
__uint64_t u64;
} epoll_data_t;
struct epoll_event {
__uint32_t events; /* Epoll events */
epoll_data_t data; /* User data variable */
} __attribute__ ((__packed__));
#ifdef __cplusplus
}
#endif
/*
* epoll event notification is new in 2.6 kernel. As the offical build
* platform for the JDK is on a 2.4-based distribution then we must
* obtain the addresses of the epoll functions dynamically.
*/
typedef int (*epoll_create_t)(int size);
typedef int (*epoll_ctl_t) (int epfd, int op, int fd, struct epoll_event *event);
typedef int (*epoll_wait_t) (int epfd, struct epoll_event *events, int maxevents, int timeout);
static epoll_create_t epoll_create_func;
static epoll_ctl_t epoll_ctl_func;
static epoll_wait_t epoll_wait_func;
JNIEXPORT void JNICALL
Java_sun_nio_ch_EPoll_init(JNIEnv *env, jclass this)
{
epoll_create_func = (epoll_create_t) dlsym(RTLD_DEFAULT, "epoll_create");
epoll_ctl_func = (epoll_ctl_t) dlsym(RTLD_DEFAULT, "epoll_ctl");
epoll_wait_func = (epoll_wait_t) dlsym(RTLD_DEFAULT, "epoll_wait");
if ((epoll_create_func == NULL) || (epoll_ctl_func == NULL) ||
(epoll_wait_func == NULL)) {
JNU_ThrowInternalError(env, "unable to get address of epoll functions, pre-2.6 kernel?");
}
}
#include <sys/epoll.h>
JNIEXPORT jint JNICALL
Java_sun_nio_ch_EPoll_eventSize(JNIEnv* env, jclass this)
......@@ -108,7 +60,7 @@ Java_sun_nio_ch_EPoll_epollCreate(JNIEnv *env, jclass c) {
* epoll_create expects a size as a hint to the kernel about how to
* dimension internal structures. We can't predict the size in advance.
*/
int epfd = (*epoll_create_func)(256);
int epfd = epoll_create(256);
if (epfd < 0) {
JNU_ThrowIOExceptionWithLastError(env, "epoll_create failed");
}
......@@ -125,7 +77,7 @@ Java_sun_nio_ch_EPoll_epollCtl(JNIEnv *env, jclass c, jint epfd,
event.events = events;
event.data.fd = fd;
RESTARTABLE((*epoll_ctl_func)(epfd, (int)opcode, (int)fd, &event), res);
RESTARTABLE(epoll_ctl(epfd, (int)opcode, (int)fd, &event), res);
return (res == 0) ? 0 : errno;
}
......@@ -137,7 +89,7 @@ Java_sun_nio_ch_EPoll_epollWait(JNIEnv *env, jclass c,
struct epoll_event *events = jlong_to_ptr(address);
int res;
RESTARTABLE((*epoll_wait_func)(epfd, events, numfds, -1), res);
RESTARTABLE(epoll_wait(epfd, events, numfds, -1), res);
if (res < 0) {
JNU_ThrowIOExceptionWithLastError(env, "epoll_wait failed");
}
......
......@@ -33,33 +33,10 @@
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/poll.h>
#include <sys/inotify.h>
#include "sun_nio_fs_LinuxWatchService.h"
/* inotify.h may not be available at build time */
#ifdef __cplusplus
extern "C" {
#endif
struct inotify_event
{
int wd;
uint32_t mask;
uint32_t cookie;
uint32_t len;
char name __flexarr;
};
#ifdef __cplusplus
}
#endif
typedef int inotify_init_func(void);
typedef int inotify_add_watch_func(int fd, const char* path, uint32_t mask);
typedef int inotify_rm_watch_func(int fd, uint32_t wd);
inotify_init_func* my_inotify_init_func = NULL;
inotify_add_watch_func* my_inotify_add_watch_func = NULL;
inotify_rm_watch_func* my_inotify_rm_watch_func = NULL;
static void throwUnixException(JNIEnv* env, int errnum) {
jobject x = JNU_NewObjectByName(env, "sun/nio/fs/UnixException",
"(I)V", errnum);
......@@ -68,22 +45,6 @@ static void throwUnixException(JNIEnv* env, int errnum) {
}
}
JNIEXPORT void JNICALL
Java_sun_nio_fs_LinuxWatchService_init(JNIEnv *env, jclass clazz)
{
my_inotify_init_func = (inotify_init_func*)
dlsym(RTLD_DEFAULT, "inotify_init");
my_inotify_add_watch_func =
(inotify_add_watch_func*) dlsym(RTLD_DEFAULT, "inotify_add_watch");
my_inotify_rm_watch_func =
(inotify_rm_watch_func*) dlsym(RTLD_DEFAULT, "inotify_rm_watch");
if ((my_inotify_init_func == NULL) || (my_inotify_add_watch_func == NULL) ||
(my_inotify_rm_watch_func == NULL)) {
JNU_ThrowInternalError(env, "unable to get address of inotify functions");
}
}
JNIEXPORT jint JNICALL
Java_sun_nio_fs_LinuxWatchService_eventSize(JNIEnv *env, jclass clazz)
{
......@@ -111,7 +72,7 @@ JNIEXPORT jint JNICALL
Java_sun_nio_fs_LinuxWatchService_inotifyInit
(JNIEnv* env, jclass clazz)
{
int ifd = (*my_inotify_init_func)();
int ifd = inotify_init();
if (ifd == -1) {
throwUnixException(env, errno);
}
......@@ -125,7 +86,7 @@ Java_sun_nio_fs_LinuxWatchService_inotifyAddWatch
int wfd = -1;
const char* path = (const char*)jlong_to_ptr(address);
wfd = (*my_inotify_add_watch_func)((int)fd, path, mask);
wfd = inotify_add_watch((int)fd, path, mask);
if (wfd == -1) {
throwUnixException(env, errno);
}
......@@ -136,7 +97,7 @@ JNIEXPORT void JNICALL
Java_sun_nio_fs_LinuxWatchService_inotifyRmWatch
(JNIEnv* env, jclass clazz, jint fd, jint wd)
{
int err = (*my_inotify_rm_watch_func)((int)fd, (int)wd);
int err = inotify_rm_watch((int)fd, (int)wd);
if (err == -1)
throwUnixException(env, errno);
}
......@@ -166,7 +127,6 @@ Java_sun_nio_fs_LinuxWatchService_socketpair
res[1] = (jint)sp[1];
(*env)->SetIntArrayRegion(env, sv, 0, 2, &res[0]);
}
}
JNIEXPORT jint JNICALL
......@@ -190,6 +150,4 @@ Java_sun_nio_fs_LinuxWatchService_poll
}
}
return (jint)n;
}
......@@ -50,6 +50,9 @@ import sun.security.rsa.RSAKeyFactory;
* following algorithm names:
*
* . "SHA1withRSA"
* . "SHA256withRSA"
* . "SHA384withRSA"
* . "SHA512withRSA"
* . "MD5withRSA"
* . "MD2withRSA"
*
......@@ -63,7 +66,10 @@ abstract class RSASignature extends java.security.SignatureSpi
// message digest implementation we use
private final MessageDigest messageDigest;
// flag indicating whether the digest is reset
// message digest name
private final String messageDigestAlgorithm;
// flag indicating whether the digest has been reset
private boolean needsReset;
// the signing key
......@@ -73,10 +79,15 @@ abstract class RSASignature extends java.security.SignatureSpi
private Key publicKey = null;
/**
* Constructs a new RSASignature. Used by subclasses.
*/
RSASignature(String digestName) {
try {
messageDigest = MessageDigest.getInstance(digestName);
// Get the digest's canonical name
messageDigestAlgorithm = messageDigest.getAlgorithm();
} catch (NoSuchAlgorithmException e) {
throw new ProviderException(e);
......@@ -91,6 +102,24 @@ abstract class RSASignature extends java.security.SignatureSpi
}
}
public static final class SHA256 extends RSASignature {
public SHA256() {
super("SHA-256");
}
}
public static final class SHA384 extends RSASignature {
public SHA384() {
super("SHA-384");
}
}
public static final class SHA512 extends RSASignature {
public SHA512() {
super("SHA-512");
}
}
public static final class MD5 extends RSASignature {
public MD5() {
super("MD5");
......@@ -103,16 +132,7 @@ abstract class RSASignature extends java.security.SignatureSpi
}
}
/**
* Initializes this signature object with the specified
* public key for verification operations.
*
* @param publicKey the public key of the identity whose signature is
* going to be verified.
*
* @exception InvalidKeyException if the key is improperly
* encoded, parameters are missing, and so on.
*/
// initialize for signing. See JCA doc
protected void engineInitVerify(PublicKey key)
throws InvalidKeyException
{
......@@ -158,24 +178,12 @@ abstract class RSASignature extends java.security.SignatureSpi
publicKey = (sun.security.mscapi.RSAPublicKey) key;
}
if (needsReset) {
messageDigest.reset();
needsReset = false;
}
this.privateKey = null;
resetDigest();
}
/**
* Initializes this signature object with the specified
* private key for signing operations.
*
* @param privateKey the private key of the identity whose signature
* will be generated.
*
* @exception InvalidKeyException if the key is improperly
* encoded, parameters are missing, and so on.
*/
protected void engineInitSign(PrivateKey key)
throws InvalidKeyException
// initialize for signing. See JCA doc
protected void engineInitSign(PrivateKey key) throws InvalidKeyException
{
// This signature accepts only RSAPrivateKey
if ((key instanceof sun.security.mscapi.RSAPrivateKey) == false) {
......@@ -189,12 +197,25 @@ abstract class RSASignature extends java.security.SignatureSpi
null, RSAKeyPairGenerator.KEY_SIZE_MIN,
RSAKeyPairGenerator.KEY_SIZE_MAX);
this.publicKey = null;
resetDigest();
}
/**
* Resets the message digest if needed.
*/
private void resetDigest() {
if (needsReset) {
messageDigest.reset();
needsReset = false;
}
}
private byte[] getDigestValue() {
needsReset = false;
return messageDigest.digest();
}
/**
* Updates the data to be signed or verified
* using the specified byte.
......@@ -254,13 +275,12 @@ abstract class RSASignature extends java.security.SignatureSpi
*/
protected byte[] engineSign() throws SignatureException {
byte[] hash = messageDigest.digest();
needsReset = false;
byte[] hash = getDigestValue();
// Sign hash using MS Crypto APIs
byte[] result = signHash(hash, hash.length,
messageDigest.getAlgorithm(), privateKey.getHCryptProvider(),
messageDigestAlgorithm, privateKey.getHCryptProvider(),
privateKey.getHCryptKey());
// Convert signature array from little endian to big endian
......@@ -314,11 +334,10 @@ abstract class RSASignature extends java.security.SignatureSpi
protected boolean engineVerify(byte[] sigBytes)
throws SignatureException
{
byte[] hash = messageDigest.digest();
needsReset = false;
byte[] hash = getDigestValue();
return verifySignedHash(hash, hash.length,
messageDigest.getAlgorithm(), convertEndianArray(sigBytes),
messageDigestAlgorithm, convertEndianArray(sigBytes),
sigBytes.length, publicKey.getHCryptProvider(),
publicKey.getHCryptKey());
}
......
/*
* Copyright (c) 2005, 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -81,6 +81,12 @@ public final class SunMSCAPI extends Provider {
*/
map.put("Signature.SHA1withRSA",
"sun.security.mscapi.RSASignature$SHA1");
map.put("Signature.SHA256withRSA",
"sun.security.mscapi.RSASignature$SHA256");
map.put("Signature.SHA384withRSA",
"sun.security.mscapi.RSASignature$SHA384");
map.put("Signature.SHA512withRSA",
"sun.security.mscapi.RSASignature$SHA512");
map.put("Signature.MD5withRSA",
"sun.security.mscapi.RSASignature$MD5");
map.put("Signature.MD2withRSA",
......@@ -89,12 +95,16 @@ public final class SunMSCAPI extends Provider {
// supported key classes
map.put("Signature.SHA1withRSA SupportedKeyClasses",
"sun.security.mscapi.Key");
map.put("Signature.SHA256withRSA SupportedKeyClasses",
"sun.security.mscapi.Key");
map.put("Signature.SHA384withRSA SupportedKeyClasses",
"sun.security.mscapi.Key");
map.put("Signature.SHA512withRSA SupportedKeyClasses",
"sun.security.mscapi.Key");
map.put("Signature.MD5withRSA SupportedKeyClasses",
"sun.security.mscapi.Key");
map.put("Signature.MD2withRSA SupportedKeyClasses",
"sun.security.mscapi.Key");
map.put("Signature.NONEwithRSA SupportedKeyClasses",
"sun.security.mscapi.Key");
/*
* Key Pair Generator engines
......
......@@ -483,6 +483,7 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_mscapi_RSASignature_signHash
jbyte* pHashBuffer = NULL;
jbyte* pSignedHashBuffer = NULL;
jbyteArray jSignedHash = NULL;
HCRYPTPROV hCryptProvAlt = NULL;
__try
{
......@@ -492,8 +493,32 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_mscapi_RSASignature_signHash
// Acquire a hash object handle.
if (::CryptCreateHash(HCRYPTPROV(hCryptProv), algId, 0, 0, &hHash) == FALSE)
{
ThrowException(env, SIGNATURE_EXCEPTION, GetLastError());
__leave;
// Failover to using the PROV_RSA_AES CSP
DWORD cbData = 256;
BYTE pbData[256];
pbData[0] = '\0';
// Get name of the key container
::CryptGetProvParam((HCRYPTPROV)hCryptProv, PP_CONTAINER,
(BYTE *)pbData, &cbData, 0);
// Acquire an alternative CSP handle
if (::CryptAcquireContext(&hCryptProvAlt, LPCSTR(pbData), NULL,
PROV_RSA_AES, 0) == FALSE)
{
ThrowException(env, SIGNATURE_EXCEPTION, GetLastError());
__leave;
}
// Acquire a hash object handle.
if (::CryptCreateHash(HCRYPTPROV(hCryptProvAlt), algId, 0, 0,
&hHash) == FALSE)
{
ThrowException(env, SIGNATURE_EXCEPTION, GetLastError());
__leave;
}
}
// Copy hash from Java to native buffer
......@@ -546,6 +571,9 @@ JNIEXPORT jbyteArray JNICALL Java_sun_security_mscapi_RSASignature_signHash
}
__finally
{
if (hCryptProvAlt)
::CryptReleaseContext(hCryptProvAlt, 0);
if (pSignedHashBuffer)
delete [] pSignedHashBuffer;
......@@ -574,6 +602,7 @@ JNIEXPORT jboolean JNICALL Java_sun_security_mscapi_RSASignature_verifySignedHas
jbyte* pSignedHashBuffer = NULL;
DWORD dwSignedHashBufferLen = jSignedHashSize;
jboolean result = JNI_FALSE;
HCRYPTPROV hCryptProvAlt = NULL;
__try
{
......@@ -584,8 +613,32 @@ JNIEXPORT jboolean JNICALL Java_sun_security_mscapi_RSASignature_verifySignedHas
if (::CryptCreateHash(HCRYPTPROV(hCryptProv), algId, 0, 0, &hHash)
== FALSE)
{
ThrowException(env, SIGNATURE_EXCEPTION, GetLastError());
__leave;
// Failover to using the PROV_RSA_AES CSP
DWORD cbData = 256;
BYTE pbData[256];
pbData[0] = '\0';
// Get name of the key container
::CryptGetProvParam((HCRYPTPROV)hCryptProv, PP_CONTAINER,
(BYTE *)pbData, &cbData, 0);
// Acquire an alternative CSP handle
if (::CryptAcquireContext(&hCryptProvAlt, LPCSTR(pbData), NULL,
PROV_RSA_AES, 0) == FALSE)
{
ThrowException(env, SIGNATURE_EXCEPTION, GetLastError());
__leave;
}
// Acquire a hash object handle.
if (::CryptCreateHash(HCRYPTPROV(hCryptProvAlt), algId, 0, 0,
&hHash) == FALSE)
{
ThrowException(env, SIGNATURE_EXCEPTION, GetLastError());
__leave;
}
}
// Copy hash and signedHash from Java to native buffer
......@@ -616,6 +669,9 @@ JNIEXPORT jboolean JNICALL Java_sun_security_mscapi_RSASignature_verifySignedHas
__finally
{
if (hCryptProvAlt)
::CryptReleaseContext(hCryptProvAlt, 0);
if (pSignedHashBuffer)
delete [] pSignedHashBuffer;
......@@ -648,15 +704,27 @@ JNIEXPORT jobject JNICALL Java_sun_security_mscapi_RSAKeyPairGenerator_generateR
pszKeyContainerName = env->GetStringUTFChars(keyContainerName, NULL);
// Acquire a CSP context (create a new key container).
// Prefer a PROV_RSA_AES CSP, when available, due to its support
// for SHA-2-based signatures.
if (::CryptAcquireContext(
&hCryptProv,
pszKeyContainerName,
NULL,
PROV_RSA_FULL,
PROV_RSA_AES,
CRYPT_NEWKEYSET) == FALSE)
{
ThrowException(env, KEY_EXCEPTION, GetLastError());
__leave;
// Failover to using the default CSP (PROV_RSA_FULL)
if (::CryptAcquireContext(
&hCryptProv,
pszKeyContainerName,
NULL,
PROV_RSA_FULL,
CRYPT_NEWKEYSET) == FALSE)
{
ThrowException(env, KEY_EXCEPTION, GetLastError());
__leave;
}
}
// Generate an RSA keypair
......@@ -1849,15 +1917,27 @@ JNIEXPORT jobject JNICALL Java_sun_security_mscapi_RSASignature_importPublicKey
pbKeyBlob = (BYTE *) env->GetByteArrayElements(keyBlob, 0);
// Acquire a CSP context (create a new key container).
// Prefer a PROV_RSA_AES CSP, when available, due to its support
// for SHA-2-based signatures.
if (::CryptAcquireContext(
&hCryptProv,
NULL,
NULL,
PROV_RSA_FULL,
PROV_RSA_AES,
CRYPT_VERIFYCONTEXT) == FALSE)
{
ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
__leave;
// Failover to using the default CSP (PROV_RSA_FULL)
if (::CryptAcquireContext(
&hCryptProv,
NULL,
NULL,
PROV_RSA_FULL,
CRYPT_VERIFYCONTEXT) == FALSE)
{
ThrowException(env, KEYSTORE_EXCEPTION, GetLastError());
__leave;
}
}
// Import the public key
......
/*
* Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2009, 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -22,8 +22,14 @@
*/
import java.io.*;
import java.net.BindException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
import java.net.InetAddress;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.login.LoginException;
import sun.security.krb5.Asn1Exception;
import sun.security.krb5.Config;
public class BadKdc {
......@@ -34,8 +40,51 @@ public class BadKdc {
static final Pattern re = Pattern.compile(
">>> KDCCommunication: kdc=kdc.rabbit.hole UDP:(\\d)...., " +
"timeout=(\\d)000,");
/*
* There are several cases this test fails:
*
* 1. The random selected port is used by another process. No good way to
* prevent this happening, coz krb5.conf must be written before KDC starts.
* There are two different outcomes:
*
* a. Cannot start the KDC. A BindException thrown.
* b. When trying to access a non-existing KDC, a response is received!
* Most likely a Asn1Exception thrown
*
* 2. Even if a KDC is started, and more than 20 seconds pass by, a timeout
* can still happens for the first UDP request. In fact, the KDC did not
* received it at all. This happens on almost all platforms, especially
* solaris-i586 and solaris-x64.
*
* To avoid them:
*
* 1. Catch those exceptions and ignore
*
* 2. a. Make the timeout longer? useless
* b. Read the output carefully, if there is a timeout, it's OK.
* Just make sure the retries times and KDCs are correct.
* This is tough.
* c. Feed the KDC a UDP packet first. The current "solution".
*/
public static void go(int[]... expected)
throws Exception {
try {
go0(expected);
} catch (BindException be) {
System.out.println("The random port is used by another process");
} catch (LoginException le) {
Throwable cause = le.getCause();
if (cause instanceof Asn1Exception) {
System.out.println("Bad packet possibly from another process");
return;
}
throw le;
}
}
public static void go0(int[]... expected)
throws Exception {
System.setProperty("sun.security.krb5.debug", "true");
// Make sure KDCs' ports starts with 1 and 2 and 3,
......@@ -78,20 +127,39 @@ public class BadKdc {
KDC k = new KDC(OneKDC.REALM, OneKDC.KDCHOST, p, true);
k.addPrincipal(OneKDC.USER, OneKDC.PASS);
k.addPrincipalRandKey("krbtgt/" + OneKDC.REALM);
// Feed a packet to newly started KDC to warm it up
System.err.println("-------- IGNORE THIS ERROR MESSAGE --------");
new DatagramSocket().send(
new DatagramPacket("Hello".getBytes(), 5,
InetAddress.getByName(OneKDC.KDCHOST), p));
return k;
}
private static void test(int... expected) throws Exception {
ByteArrayOutputStream bo = new ByteArrayOutputStream();
try {
test0(bo, expected);
} catch (Exception e) {
System.out.println("----------------- ERROR -----------------");
System.out.println(new String(bo.toByteArray()));
System.out.println("--------------- ERROR END ---------------");
throw e;
}
}
/**
* One round of test for max_retries and timeout.
* @param timeout the expected timeout
* @param expected the expected kdc# timeout kdc# timeout...
*/
private static void test(int... expected) throws Exception {
ByteArrayOutputStream bo = new ByteArrayOutputStream();
private static void test0(ByteArrayOutputStream bo, int... expected)
throws Exception {
PrintStream oldout = System.out;
System.setOut(new PrintStream(bo));
Context c = Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
System.setOut(oldout);
try {
Context.fromUserPass(OneKDC.USER, OneKDC.PASS, false);
} finally {
System.setOut(oldout);
}
String[] lines = new String(bo.toByteArray()).split("\n");
System.out.println("----------------- TEST -----------------");
......
/*
* Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @see SignUsingSHA2withRSA.sh
*/
import java.security.*;
import java.util.*;
public class SignUsingSHA2withRSA {
private static final byte[] toBeSigned = new byte[] {
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10
};
private static List<byte[]> generatedSignatures = new ArrayList<>();
public static void main(String[] args) throws Exception {
Provider[] providers = Security.getProviders("Signature.SHA256withRSA");
if (providers == null) {
System.out.println("No JCE providers support the " +
"'Signature.SHA256withRSA' algorithm");
System.out.println("Skipping this test...");
return;
} else {
System.out.println("The following JCE providers support the " +
"'Signature.SHA256withRSA' algorithm: ");
for (Provider provider : providers) {
System.out.println(" " + provider.getName());
}
}
System.out.println("-------------------------------------------------");
KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
ks.load(null, null);
System.out.println("Loaded keystore: Windows-MY");
Enumeration e = ks.aliases();
PrivateKey privateKey = null;
PublicKey publicKey = null;
while (e.hasMoreElements()) {
String alias = (String) e.nextElement();
if (alias.equals("6753664")) {
System.out.println("Loaded entry: " + alias);
privateKey = (PrivateKey) ks.getKey(alias, null);
publicKey = (PublicKey) ks.getCertificate(alias).getPublicKey();
}
}
if (privateKey == null || publicKey == null) {
throw new Exception("Cannot load the keys need to run this test");
}
System.out.println("-------------------------------------------------");
generatedSignatures.add(signUsing("SHA256withRSA", privateKey));
generatedSignatures.add(signUsing("SHA384withRSA", privateKey));
generatedSignatures.add(signUsing("SHA512withRSA", privateKey));
System.out.println("-------------------------------------------------");
verifyUsing("SHA256withRSA", publicKey, generatedSignatures.get(0));
verifyUsing("SHA384withRSA", publicKey, generatedSignatures.get(1));
verifyUsing("SHA512withRSA", publicKey, generatedSignatures.get(2));
System.out.println("-------------------------------------------------");
}
private static byte[] signUsing(String signAlgorithm,
PrivateKey privateKey) throws Exception {
// Must explicitly specify the SunMSCAPI JCE provider
// (otherwise SunJCE is chosen because it appears earlier in the list)
Signature sig1 = Signature.getInstance(signAlgorithm, "SunMSCAPI");
if (sig1 == null) {
throw new Exception("'" + signAlgorithm + "' is not supported");
}
System.out.println("Using " + signAlgorithm + " signer from the " +
sig1.getProvider().getName() + " JCE provider");
System.out.println("Using key: " + privateKey);
sig1.initSign(privateKey);
sig1.update(toBeSigned);
byte [] sigBytes = null;
try {
sigBytes = sig1.sign();
System.out.println("Generated RSA signature over a " +
toBeSigned.length + "-byte data (signature length: " +
sigBytes.length * 8 + " bits)");
System.out.println(String.format("0x%0" +
(sigBytes.length * 2) + "x",
new java.math.BigInteger(1, sigBytes)));
} catch (SignatureException se) {
System.out.println("Error generating RSA signature: " + se);
}
return sigBytes;
}
private static void verifyUsing(String signAlgorithm, PublicKey publicKey,
byte[] signature) throws Exception {
// Must explicitly specify the SunMSCAPI JCE provider
// (otherwise SunJCE is chosen because it appears earlier in the list)
Signature sig1 = Signature.getInstance(signAlgorithm, "SunMSCAPI");
if (sig1 == null) {
throw new Exception("'" + signAlgorithm + "' is not supported");
}
System.out.println("Using " + signAlgorithm + " verifier from the "
+ sig1.getProvider().getName() + " JCE provider");
System.out.println("Using key: " + publicKey);
System.out.println("\nVerifying RSA Signature over a " +
toBeSigned.length + "-byte data (signature length: " +
signature.length * 8 + " bits)");
System.out.println(String.format("0x%0" + (signature.length * 2) +
"x", new java.math.BigInteger(1, signature)));
sig1.initVerify(publicKey);
sig1.update(toBeSigned);
if (sig1.verify(signature)) {
System.out.println("Verify PASSED\n");
} else {
throw new Exception("Verify FAILED");
}
}
}
#!/bin/sh
#
# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
# @test
# @bug 6753664
# @run shell SignUsingSHA2withRSA.sh
# @summary Support SHA256 (and higher) in SunMSCAPI
# set a few environment variables so that the shell-script can run stand-alone
# in the source directory
if [ "${TESTSRC}" = "" ] ; then
TESTSRC="."
fi
if [ "${TESTCLASSES}" = "" ] ; then
TESTCLASSES="."
fi
if [ "${TESTJAVA}" = "" ] ; then
echo "TESTJAVA not set. Test cannot execute."
echo "FAILED!!!"
exit 1
fi
OS=`uname -s`
case "$OS" in
Windows* | CYGWIN* )
echo "Creating a temporary RSA keypair in the Windows-My store..."
${TESTJAVA}/bin/keytool \
-genkeypair \
-storetype Windows-My \
-keyalg RSA \
-alias 6753664 \
-dname "cn=6753664,c=US" \
-noprompt
echo
echo "Running the test..."
${TESTJAVA}/bin/javac -d . ${TESTSRC}\\SignUsingSHA2withRSA.java
${TESTJAVA}/bin/java SignUsingSHA2withRSA
rc=$?
echo
echo "Removing the temporary RSA keypair from the Windows-My store..."
${TESTJAVA}/bin/keytool \
-delete \
-storetype Windows-My \
-alias 6753664
echo done.
exit $rc
;;
* )
echo "This test is not intended for '$OS' - passing test"
exit 0
;;
esac
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册