Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
95388526
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
95388526
编写于
12月 04, 2013
作者:
A
ascarpino
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8027218: TEST_BUG: sun/security/pkcs11/ec tests fail because of ever-changing key size restrictions
Reviewed-by: vinnie
上级
bea8a261
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
150 addition
and
108 deletion
+150
-108
test/sun/security/pkcs11/PKCS11Test.java
test/sun/security/pkcs11/PKCS11Test.java
+89
-0
test/sun/security/pkcs11/ec/ReadCertificates.java
test/sun/security/pkcs11/ec/ReadCertificates.java
+33
-21
test/sun/security/pkcs11/ec/TestCurves.java
test/sun/security/pkcs11/ec/TestCurves.java
+28
-87
未找到文件。
test/sun/security/pkcs11/PKCS11Test.java
浏览文件 @
95388526
...
...
@@ -29,6 +29,8 @@ import java.util.*;
import
java.lang.reflect.*
;
import
java.security.*
;
import
java.security.spec.ECGenParameterSpec
;
import
java.security.spec.ECParameterSpec
;
public
abstract
class
PKCS11Test
{
...
...
@@ -357,6 +359,93 @@ public abstract class PKCS11Test {
test
.
premain
(
p
);
}
// Generate a vector of supported elliptic curves of a given provider
static
Vector
<
ECParameterSpec
>
getKnownCurves
(
Provider
p
)
throws
Exception
{
int
index
;
int
begin
;
int
end
;
String
curve
;
KeyPair
kp
=
null
;
Vector
<
ECParameterSpec
>
results
=
new
Vector
<
ECParameterSpec
>();
// Get Curves to test from SunEC.
String
kcProp
=
Security
.
getProvider
(
"SunEC"
).
getProperty
(
"AlgorithmParameters.EC SupportedCurves"
);
if
(
kcProp
==
null
)
{
throw
new
RuntimeException
(
"\"AlgorithmParameters.EC SupportedCurves property\" not found"
);
}
System
.
out
.
println
(
"Finding supported curves using list from SunEC\n"
);
index
=
0
;
for
(;;)
{
// Each set of curve names is enclosed with brackets.
begin
=
kcProp
.
indexOf
(
'['
,
index
);
end
=
kcProp
.
indexOf
(
']'
,
index
);
if
(
begin
==
-
1
||
end
==
-
1
)
{
break
;
}
/*
* Each name is separated by a comma.
* Just get the first name in the set.
*/
index
=
end
+
1
;
begin
++;
end
=
kcProp
.
indexOf
(
','
,
begin
);
if
(
end
==
-
1
)
{
// Only one name in the set.
end
=
index
-
1
;
}
curve
=
kcProp
.
substring
(
begin
,
end
);
ECParameterSpec
e
=
getECParameterSpec
(
p
,
curve
);
System
.
out
.
print
(
"\t "
+
curve
+
": "
);
try
{
KeyPairGenerator
kpg
=
KeyPairGenerator
.
getInstance
(
"EC"
,
p
);
kpg
.
initialize
(
e
);
kp
=
kpg
.
generateKeyPair
();
results
.
add
(
e
);
System
.
out
.
println
(
"Supported"
);
}
catch
(
ProviderException
ex
)
{
System
.
out
.
println
(
"Unsupported: PKCS11: "
+
ex
.
getCause
().
getMessage
());
}
catch
(
InvalidAlgorithmParameterException
ex
)
{
System
.
out
.
println
(
"Unsupported: Key Length: "
+
ex
.
getMessage
());
}
}
if
(
results
.
size
()
==
0
)
{
throw
new
RuntimeException
(
"No supported EC curves found"
);
}
return
results
;
}
private
static
ECParameterSpec
getECParameterSpec
(
Provider
p
,
String
name
)
throws
Exception
{
AlgorithmParameters
parameters
=
AlgorithmParameters
.
getInstance
(
"EC"
,
p
);
parameters
.
init
(
new
ECGenParameterSpec
(
name
));
return
parameters
.
getParameterSpec
(
ECParameterSpec
.
class
);
}
// Check support for a curve with a provided Vector of EC support
boolean
checkSupport
(
Vector
<
ECParameterSpec
>
supportedEC
,
ECParameterSpec
curve
)
{
boolean
found
=
false
;
for
(
ECParameterSpec
ec:
supportedEC
)
{
if
(
ec
.
equals
(
curve
))
{
return
true
;
}
}
return
false
;
}
private
static
final
Map
<
String
,
String
[]>
osMap
;
...
...
test/sun/security/pkcs11/ec/ReadCertificates.java
浏览文件 @
95388526
...
...
@@ -37,6 +37,7 @@ import java.util.*;
import
java.security.cert.*
;
import
java.security.*
;
import
java.security.interfaces.*
;
import
java.security.spec.ECParameterSpec
;
import
javax.security.auth.x500.X500Principal
;
...
...
@@ -101,33 +102,44 @@ public class ReadCertificates extends PKCS11Test {
}
System
.
out
.
println
(
"OK: "
+
certs
.
size
()
+
" certificates."
);
// Get supported curves
Vector
<
ECParameterSpec
>
supportedEC
=
getKnownCurves
(
p
);
System
.
out
.
println
(
"Test Certs:\n"
);
for
(
X509Certificate
cert
:
certs
.
values
())
{
X509Certificate
issuer
=
certs
.
get
(
cert
.
getIssuerX500Principal
());
System
.
out
.
println
(
"Verifying "
+
cert
.
getSubjectX500Principal
()
+
"..."
);
System
.
out
.
print
(
"Verifying "
+
cert
.
getSubjectX500Principal
()
+
"... "
);
PublicKey
key
=
issuer
.
getPublicKey
();
// First try the provider under test (if it does not support the
// necessary algorithm then try any registered provider).
try
{
cert
.
verify
(
key
,
p
.
getName
());
}
catch
(
NoSuchAlgorithmException
e
)
{
System
.
out
.
println
(
"Warning: "
+
e
.
getMessage
()
+
". Trying another provider..."
);
cert
.
verify
(
key
);
}
catch
(
InvalidKeyException
e
)
{
// The root cause of the exception might be NSS not having
// "ECC Extended" support curves. If so, we can ignore it.
Throwable
t
=
e
;
while
(
t
.
getCause
()
!=
null
)
{
t
=
t
.
getCause
();
}
if
(
t
instanceof
sun
.
security
.
pkcs11
.
wrapper
.
PKCS11Exception
&&
t
.
getMessage
().
equals
(
"CKR_DOMAIN_PARAMS_INVALID"
)
&&
isNSS
(
p
)
&&
getNSSECC
()
==
ECCState
.
Basic
)
{
System
.
out
.
println
(
"Failed as expected. NSS Basic ECC."
);
// Check if curve is supported
if
(
issuer
.
getPublicKey
()
instanceof
ECPublicKey
)
{
if
(!
checkSupport
(
supportedEC
,
((
ECPublicKey
)
key
).
getParams
()))
{
System
.
out
.
println
(
"Curve not found. Skipped."
);
continue
;
}
throw
e
;
}
try
{
cert
.
verify
(
key
,
p
.
getName
());
System
.
out
.
println
(
"Pass."
);
}
catch
(
NoSuchAlgorithmException
e
)
{
System
.
out
.
println
(
"Warning: "
+
e
.
getMessage
()
+
". Trying another provider..."
);
cert
.
verify
(
key
);
}
catch
(
Exception
e
)
{
System
.
out
.
println
(
e
.
getMessage
());
if
(
key
instanceof
ECPublicKey
)
{
System
.
out
.
println
(
"Failed.\n\tCurve: "
+
((
ECPublicKey
)
key
).
getParams
()
+
"\n\tSignature Alg: "
+
cert
.
getSigAlgName
());
}
else
{
System
.
out
.
println
(
"Key: "
+
key
.
toString
());
}
System
.
err
.
println
(
"Verifying "
+
cert
.
getSubjectX500Principal
());
e
.
printStackTrace
();
}
}
// try some random invalid signatures to make sure we get the correct
...
...
test/sun/security/pkcs11/ec/TestCurves.java
浏览文件 @
95388526
...
...
@@ -56,47 +56,49 @@ public class TestCurves extends PKCS11Test {
return
;
}
// Check if this is sparc for later failure avoidance.
boolean
sparc
=
false
;
if
(
System
.
getProperty
(
"os.arch"
).
equals
(
"sparcv9"
))
{
sparc
=
true
;
System
.
out
.
println
(
"This is a sparcv9"
);
}
Random
random
=
new
Random
();
byte
[]
data
=
new
byte
[
2048
];
random
.
nextBytes
(
data
);
Vector
<
ECParameterSpec
>
curves
=
getKnownCurves
(
p
);
for
(
ECParameterSpec
params
:
curves
)
{
System
.
out
.
println
(
"Testing "
+
params
+
"..."
);
KeyPairGenerator
kpg
=
KeyPairGenerator
.
getInstance
(
"EC"
,
p
);
kpg
.
initialize
(
params
);
KeyPair
kp1
,
kp2
;
kp1
=
kpg
.
generateKeyPair
();
kp2
=
kpg
.
generateKeyPair
();
testSigning
(
p
,
"SHA1withECDSA"
,
data
,
kp1
,
kp2
);
// Check because Solaris ncp driver does not support these but
// Solaris metaslot causes them to be run.
try
{
kp1
=
kpg
.
generateKeyPair
(
);
kp2
=
kpg
.
generateKeyPair
(
);
}
catch
(
Exception
e
)
{
// The root cause of the exception might be NSS not having
// "ECC Extended" support curves. If so, we can ignore it.
if
(
e
instanceof
java
.
security
.
ProviderException
)
{
testSigning
(
p
,
"SHA224withECDSA"
,
data
,
kp1
,
kp2
);
testSigning
(
p
,
"SHA256withECDSA"
,
data
,
kp1
,
kp2
);
testSigning
(
p
,
"SHA384withECDSA"
,
data
,
kp1
,
kp2
);
testSigning
(
p
,
"SHA512withECDSA"
,
data
,
kp1
,
kp2
);
}
catch
(
ProviderException
e
)
{
if
(
sparc
)
{
Throwable
t
=
e
.
getCause
();
if
(
t
instanceof
sun
.
security
.
pkcs11
.
wrapper
.
PKCS11Exception
&&
t
.
getMessage
().
equals
(
"CKR_DOMAIN_PARAMS_INVALID"
)
&&
isNSS
(
p
)
&&
(
getNSSECC
()
==
ECCState
.
Basic
)
&&
(!
params
.
toString
().
startsWith
(
"secp256r1"
)
&&
!
params
.
toString
().
startsWith
(
"secp384r1"
)
&&
!
params
.
toString
().
startsWith
(
"secp521r1"
)))
{
System
.
out
.
println
(
"NSS Basic ECC. Failure expected"
);
continue
;
if
(
t
instanceof
sun
.
security
.
pkcs11
.
wrapper
.
PKCS11Exception
&&
t
.
getMessage
().
equals
(
"CKR_ATTRIBUTE_VALUE_INVALID"
))
{
System
.
out
.
print
(
"-Failure not uncommon. Probably pre-T4."
);
}
else
{
throw
e
;
}
}
else
{
throw
e
;
}
throw
e
;
}
testSigning
(
p
,
"SHA1withECDSA"
,
data
,
kp1
,
kp2
);
testSigning
(
p
,
"SHA224withECDSA"
,
data
,
kp1
,
kp2
);
testSigning
(
p
,
"SHA256withECDSA"
,
data
,
kp1
,
kp2
);
testSigning
(
p
,
"SHA384withECDSA"
,
data
,
kp1
,
kp2
);
testSigning
(
p
,
"SHA512withECDSA"
,
data
,
kp1
,
kp2
);
// System.out.println();
System
.
out
.
println
();
KeyAgreement
ka1
=
KeyAgreement
.
getInstance
(
"ECDH"
,
p
);
ka1
.
init
(
kp1
.
getPrivate
());
...
...
@@ -116,70 +118,9 @@ public class TestCurves extends PKCS11Test {
System
.
out
.
println
(
"OK"
);
}
private
static
Vector
<
ECParameterSpec
>
getKnownCurves
(
Provider
p
)
throws
Exception
{
int
index
;
int
begin
;
int
end
;
String
curve
;
Vector
<
ECParameterSpec
>
results
=
new
Vector
<
ECParameterSpec
>();
// Get Curves to test from SunEC.
String
kcProp
=
Security
.
getProvider
(
"SunEC"
).
getProperty
(
"AlgorithmParameters.EC SupportedCurves"
);
if
(
kcProp
==
null
)
{
throw
new
RuntimeException
(
"\"AlgorithmParameters.EC SupportedCurves property\" not found"
);
}
index
=
0
;
for
(;;)
{
// Each set of curve names is enclosed with brackets.
begin
=
kcProp
.
indexOf
(
'['
,
index
);
end
=
kcProp
.
indexOf
(
']'
,
index
);
if
(
begin
==
-
1
||
end
==
-
1
)
{
break
;
}
/*
* Each name is separated by a comma.
* Just get the first name in the set.
*/
index
=
end
+
1
;
begin
++;
end
=
kcProp
.
indexOf
(
','
,
begin
);
if
(
end
==
-
1
)
{
// Only one name in the set.
end
=
index
-
1
;
}
curve
=
kcProp
.
substring
(
begin
,
end
);
results
.
add
(
getECParameterSpec
(
p
,
curve
));
}
if
(
results
.
size
()
==
0
)
{
throw
new
RuntimeException
(
"No supported EC curves found"
);
}
return
results
;
}
private
static
ECParameterSpec
getECParameterSpec
(
Provider
p
,
String
name
)
throws
Exception
{
AlgorithmParameters
parameters
=
AlgorithmParameters
.
getInstance
(
"EC"
,
p
);
parameters
.
init
(
new
ECGenParameterSpec
(
name
));
return
parameters
.
getParameterSpec
(
ECParameterSpec
.
class
);
}
private
static
void
testSigning
(
Provider
p
,
String
algorithm
,
byte
[]
data
,
KeyPair
kp1
,
KeyPair
kp2
)
throws
Exception
{
//
System.out.print(" " + algorithm);
System
.
out
.
print
(
" "
+
algorithm
);
Signature
s
=
Signature
.
getInstance
(
algorithm
,
p
);
s
.
initSign
(
kp1
.
getPrivate
());
s
.
update
(
data
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录