Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
dd50b1e9
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
dd50b1e9
编写于
7月 10, 2014
作者:
R
rhalade
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8041781: Need new regression tests for PBE keys
Reviewed-by: xuelei
上级
de548700
变更
3
显示空白变更内容
内联
并排
Showing
3 changed file
with
652 addition
and
0 deletion
+652
-0
test/com/sun/crypto/provider/Cipher/PBE/PBESealedObject.java
test/com/sun/crypto/provider/Cipher/PBE/PBESealedObject.java
+173
-0
test/com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java
test/com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java
+311
-0
test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java
...rypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java
+168
-0
未找到文件。
test/com/sun/crypto/provider/Cipher/PBE/PBESealedObject.java
0 → 100644
浏览文件 @
dd50b1e9
/*
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import
java.io.PrintStream
;
import
java.security.AlgorithmParameters
;
import
java.security.InvalidKeyException
;
import
java.security.Provider
;
import
java.security.Security
;
import
java.security.spec.AlgorithmParameterSpec
;
import
java.util.Arrays
;
import
java.util.Random
;
import
java.util.StringTokenizer
;
import
javax.crypto.Cipher
;
import
javax.crypto.SealedObject
;
import
javax.crypto.SecretKey
;
import
javax.crypto.SecretKeyFactory
;
import
javax.crypto.spec.PBEKeySpec
;
import
javax.crypto.spec.PBEParameterSpec
;
/**
* @test
* @bug 8041781
* @summary test if seal/unseal works correctly with PBE algorithms
* @author Yun Ke
* @author Bill Situ
* @author Alexander Fomin
* @run main PBESealedObject
*/
public
class
PBESealedObject
{
private
static
final
String
[]
PBEAlgorithms
=
{
"pbeWithMD5ANDdes"
,
"PBEWithMD5AndDES/CBC/PKCS5Padding"
,
"PBEWithMD5AndTripleDES"
,
"PBEWithMD5AndTripleDES/CBC/PKCS5Padding"
,
"PBEwithSHA1AndDESede"
,
"PBEwithSHA1AndDESede/CBC/PKCS5Padding"
,
"PBEwithSHA1AndRC2_40"
,
"PBEwithSHA1Andrc2_40/CBC/PKCS5Padding"
,
"PBEWithSHA1AndRC2_128"
,
"PBEWithSHA1andRC2_128/CBC/PKCS5Padding"
,
"PBEWithSHA1AndRC4_40"
,
"PBEWithsha1AndRC4_40/ECB/NoPadding"
,
"PBEWithSHA1AndRC4_128"
,
"pbeWithSHA1AndRC4_128/ECB/NoPadding"
,
"PBEWithHmacSHA1AndAES_128"
,
"PBEWithHmacSHA224AndAES_128"
,
"PBEWithHmacSHA256AndAES_128"
,
"PBEWithHmacSHA384AndAES_128"
,
"PBEWithHmacSHA512AndAES_128"
,
"PBEWithHmacSHA1AndAES_256"
,
"PBEWithHmacSHA224AndAES_256"
,
"PBEWithHmacSHA256AndAES_256"
,
"PBEWithHmacSHA384AndAES_256"
,
"PBEWithHmacSHA512AndAES_256"
};
public
static
void
main
(
String
[]
args
)
{
PBESealedObject
test
=
new
PBESealedObject
();
Provider
sunjce
=
Security
.
getProvider
(
"SunJCE"
);
if
(!
test
.
runAll
(
sunjce
,
System
.
out
))
{
throw
new
RuntimeException
(
"One or more tests have failed...."
);
}
}
public
boolean
runAll
(
Provider
p
,
PrintStream
out
)
{
boolean
finalResult
=
true
;
for
(
String
algorithm
:
PBEAlgorithms
)
{
out
.
println
(
"Running test with "
+
algorithm
+
":"
);
try
{
if
(!
runTest
(
p
,
algorithm
,
out
))
{
finalResult
=
false
;
out
.
println
(
"STATUS: Failed"
);
}
else
{
out
.
println
(
"STATUS: Passed"
);
}
}
catch
(
Exception
ex
)
{
finalResult
=
false
;
ex
.
printStackTrace
(
out
);
out
.
println
(
"STATUS:Failed"
);
}
}
return
finalResult
;
}
// Have a generic throws Exception as it can throw many different exceptions
public
boolean
runTest
(
Provider
p
,
String
algo
,
PrintStream
out
)
throws
Exception
{
byte
[]
salt
=
new
byte
[
8
];
int
ITERATION_COUNT
=
1000
;
AlgorithmParameters
pbeParams
=
null
;
String
baseAlgo
=
new
StringTokenizer
(
algo
,
"/"
).
nextToken
().
toUpperCase
();
boolean
isAES
=
baseAlgo
.
contains
(
"AES"
);
try
{
// Initialization
Cipher
ci
=
Cipher
.
getInstance
(
algo
,
p
);
new
Random
().
nextBytes
(
salt
);
AlgorithmParameterSpec
aps
=
new
PBEParameterSpec
(
salt
,
ITERATION_COUNT
);
SecretKeyFactory
skf
=
SecretKeyFactory
.
getInstance
(
baseAlgo
,
p
);
SecretKey
key
=
skf
.
generateSecret
(
new
PBEKeySpec
(
"Secret Lover"
.
toCharArray
()));
// Seal
if
(
isAES
)
{
ci
.
init
(
Cipher
.
ENCRYPT_MODE
,
key
);
pbeParams
=
ci
.
getParameters
();
}
else
{
ci
.
init
(
Cipher
.
ENCRYPT_MODE
,
key
,
aps
);
}
SealedObject
so
=
new
SealedObject
(
key
,
ci
);
// Unseal and compare
if
(
isAES
)
{
ci
.
init
(
Cipher
.
DECRYPT_MODE
,
key
,
pbeParams
);
}
else
{
ci
.
init
(
Cipher
.
DECRYPT_MODE
,
key
,
aps
);
}
SecretKey
unsealedKey
;
unsealedKey
=
(
SecretKey
)
so
.
getObject
(
ci
);
if
(!
Arrays
.
equals
(
unsealedKey
.
getEncoded
(),
key
.
getEncoded
()))
{
return
false
;
}
unsealedKey
=
(
SecretKey
)
so
.
getObject
(
key
);
if
(!
Arrays
.
equals
(
unsealedKey
.
getEncoded
(),
key
.
getEncoded
()))
{
return
false
;
}
unsealedKey
=
(
SecretKey
)
so
.
getObject
(
key
,
"SunJCE"
);
return
Arrays
.
equals
(
unsealedKey
.
getEncoded
(),
key
.
getEncoded
());
}
catch
(
InvalidKeyException
ex
)
{
if
(
baseAlgo
.
endsWith
(
"TRIPLEDES"
)
||
baseAlgo
.
endsWith
(
"AES_256"
))
{
out
.
println
(
"Expected exception , keyStrength > 128 within"
+
algo
);
return
true
;
}
throw
ex
;
}
}
}
test/com/sun/crypto/provider/Cipher/PBE/PBKDF2Translate.java
0 → 100644
浏览文件 @
dd50b1e9
/*
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import
java.security.InvalidKeyException
;
import
java.security.NoSuchAlgorithmException
;
import
java.security.spec.InvalidKeySpecException
;
import
java.util.Arrays
;
import
java.util.Random
;
import
javax.crypto.SecretKey
;
import
javax.crypto.SecretKeyFactory
;
import
javax.crypto.interfaces.PBEKey
;
import
javax.crypto.spec.PBEKeySpec
;
/**
* @test
* @bug 8041781
* @summary Verify if the SecretKeyFactory.translateKey() method works
* @author Alexander Fomin
* @run main PBKDF2Translate
*/
public
class
PBKDF2Translate
{
private
static
final
String
[]
ALGO_TO_TEST
=
{
"PBKDF2WithHmacSHA1"
,
"PBKDF2WithHmacSHA224"
,
"PBKDF2WithHmacSHA256"
,
"PBKDF2WithHmacSHA384"
,
"PBKDF2WithHmacSHA512"
};
private
static
final
String
PASS_PHRASE
=
"some hidden string"
;
private
static
final
int
ITERATION_COUNT
=
1000
;
private
static
final
int
KEY_SIZE
=
128
;
private
final
String
algoToTest
;
private
final
byte
[]
salt
=
new
byte
[
8
];
public
static
void
main
(
String
[]
args
)
throws
Exception
{
boolean
failed
=
false
;
for
(
String
algo
:
ALGO_TO_TEST
)
{
System
.
out
.
println
(
"Testing "
+
algo
+
":"
);
PBKDF2Translate
theTest
=
new
PBKDF2Translate
(
algo
);
try
{
if
(!
theTest
.
testMyOwnSecretKey
()
||
!
theTest
.
generateAndTranslateKey
()
||
!
theTest
.
translateSpoiledKey
())
{
// we don't want to set failed to false
failed
=
true
;
}
}
catch
(
InvalidKeyException
|
NoSuchAlgorithmException
|
InvalidKeySpecException
e
)
{
e
.
printStackTrace
(
System
.
err
);
failed
=
true
;
}
}
if
(
failed
)
{
throw
new
RuntimeException
(
"One or more tests failed...."
);
}
}
public
PBKDF2Translate
(
String
algoToTest
)
{
this
.
algoToTest
=
algoToTest
;
new
Random
().
nextBytes
(
this
.
salt
);
}
/**
* The test case scenario implemented in the method: - derive PBKDF2 key
* using the given algorithm; - translate the key - check if the translated
* and original keys have the same key value.
*
* @return true if the test case passed; false - otherwise.
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
* @throws InvalidKeyException
*/
public
boolean
generateAndTranslateKey
()
throws
NoSuchAlgorithmException
,
InvalidKeySpecException
,
InvalidKeyException
{
// derive PBKDF2 key
SecretKey
key1
=
getSecretKeyForPBKDF2
(
algoToTest
);
// translate key
SecretKeyFactory
skf
=
SecretKeyFactory
.
getInstance
(
algoToTest
);
SecretKey
key2
=
skf
.
translateKey
(
key1
);
// check if it still the same after translation
if
(!
Arrays
.
equals
(
key1
.
getEncoded
(),
key2
.
getEncoded
()))
{
System
.
err
.
println
(
"generateAndTranslateKey test case failed: the "
+
"key1 and key2 values in its primary encoding format are "
+
"not the same for "
+
algoToTest
+
"algorithm."
);
return
false
;
}
return
true
;
}
/**
* The test case scenario implemented in the method: - derive Key1 for the
* given PBKDF2 algorithm - create my own secret Key2 as an instance of a
* class implements PBEKey - translate Key2 - check if the key value of the
* translated key and Key1 are the same.
*
* @return true if the test case passed; false - otherwise.
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
* @throws InvalidKeyException
*/
public
boolean
testMyOwnSecretKey
()
throws
NoSuchAlgorithmException
,
InvalidKeySpecException
,
InvalidKeyException
{
SecretKey
key1
=
getSecretKeyForPBKDF2
(
algoToTest
);
SecretKey
key2
=
getMyOwnSecretKey
();
// Is it actually the same?
if
(!
Arrays
.
equals
(
key1
.
getEncoded
(),
key2
.
getEncoded
()))
{
System
.
err
.
println
(
"We shouldn't be here. The key1 and key2 values "
+
"in its primary encoding format have to be the same!"
);
return
false
;
}
// Translate key
SecretKeyFactory
skf
=
SecretKeyFactory
.
getInstance
(
algoToTest
);
SecretKey
key3
=
skf
.
translateKey
(
key2
);
// Check if it still the same after translation
if
(!
Arrays
.
equals
(
key1
.
getEncoded
(),
key3
.
getEncoded
()))
{
System
.
err
.
println
(
"testMyOwnSecretKey test case failed: the key1 "
+
"and key3 values in its primary encoding format are not "
+
"the same for "
+
algoToTest
+
"algorithm."
);
return
false
;
}
return
true
;
}
/**
* The test case scenario implemented in the method: - create my own secret
* Key2 as an instance of a class implements PBEKey - spoil the key (set
* iteration count to 0, for example) - try to translate key -
* InvalidKeyException is expected.
*
* @return true if InvalidKeyException occurred; false - otherwise.
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
*/
public
boolean
translateSpoiledKey
()
throws
NoSuchAlgorithmException
,
InvalidKeySpecException
{
// derive the key
SecretKey
key1
=
getMyOwnSecretKey
();
// spoil the key
((
MyPBKDF2SecretKey
)
key1
).
spoil
();
// translate key
SecretKeyFactory
skf
=
SecretKeyFactory
.
getInstance
(
algoToTest
);
try
{
SecretKey
key2
=
skf
.
translateKey
(
key1
);
}
catch
(
InvalidKeyException
ike
)
{
// this is expected
return
true
;
}
return
false
;
}
/**
* Generate a PBKDF2 secret key using given algorithm.
*
* @param algoToDeriveKey PBKDF2 algorithm
* @return PBKDF2 secret key
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
*/
private
SecretKey
getSecretKeyForPBKDF2
(
String
algoToDeriveKey
)
throws
NoSuchAlgorithmException
,
InvalidKeySpecException
{
SecretKeyFactory
skf
=
SecretKeyFactory
.
getInstance
(
algoToDeriveKey
);
PBEKeySpec
spec
=
new
PBEKeySpec
(
PASS_PHRASE
.
toCharArray
(),
this
.
salt
,
ITERATION_COUNT
,
KEY_SIZE
);
return
skf
.
generateSecret
(
spec
);
}
/**
* Generate a secrete key as an instance of a class implements PBEKey.
*
* @return secrete key
* @throws InvalidKeySpecException
* @throws NoSuchAlgorithmException
*/
private
SecretKey
getMyOwnSecretKey
()
throws
InvalidKeySpecException
,
NoSuchAlgorithmException
{
return
new
MyPBKDF2SecretKey
(
PASS_PHRASE
,
this
.
algoToTest
,
this
.
salt
,
ITERATION_COUNT
,
KEY_SIZE
);
}
}
/**
* An utility class to check the SecretKeyFactory.translateKey() method.
*/
class
MyPBKDF2SecretKey
implements
PBEKey
{
private
final
byte
[]
key
;
private
final
byte
[]
salt
;
private
final
String
algorithm
;
private
final
int
keySize
,
keyLength
;
private
int
itereationCount
;
private
final
String
pass
;
@Override
public
String
getAlgorithm
()
{
return
algorithm
;
}
@Override
public
String
getFormat
()
{
return
"RAW"
;
}
@Override
public
byte
[]
getEncoded
()
{
byte
[]
copy
=
new
byte
[
keyLength
];
System
.
arraycopy
(
this
.
key
,
0
,
copy
,
0
,
keyLength
);
return
copy
;
}
/**
* The key is generating by SecretKeyFactory and its value just copying in
* the key field of MySecretKey class. So, this is real key derived using
* the given algorithm.
*
* @param passPhrase some string intended to be a password
* @param algo PBKDF2 algorithm
* @param salt slat for PBKDF2
* @param iterationCount iteration count
* @param keySize key size in bits
* @throws InvalidKeySpecException
* @throws NoSuchAlgorithmException
*/
public
MyPBKDF2SecretKey
(
String
passPhrase
,
String
algo
,
byte
[]
salt
,
int
iterationCount
,
int
keySize
)
throws
InvalidKeySpecException
,
NoSuchAlgorithmException
{
this
.
algorithm
=
algo
;
this
.
salt
=
salt
;
this
.
itereationCount
=
iterationCount
;
this
.
keySize
=
keySize
;
this
.
pass
=
passPhrase
;
PBEKeySpec
spec
=
new
PBEKeySpec
(
passPhrase
.
toCharArray
(),
this
.
salt
,
iterationCount
,
this
.
keySize
);
SecretKeyFactory
keyFactory
=
SecretKeyFactory
.
getInstance
(
algo
);
SecretKey
realKey
=
keyFactory
.
generateSecret
(
spec
);
this
.
keyLength
=
realKey
.
getEncoded
().
length
;
this
.
key
=
new
byte
[
this
.
keyLength
];
System
.
arraycopy
(
realKey
.
getEncoded
(),
0
,
this
.
key
,
0
,
this
.
keyLength
);
}
@Override
public
int
getIterationCount
()
{
return
itereationCount
;
}
@Override
public
byte
[]
getSalt
()
{
return
salt
;
}
@Override
public
char
[]
getPassword
()
{
return
this
.
pass
.
toCharArray
();
}
/**
* Spoil the generated key (before translation) to cause an
* InvalidKeyException
*/
public
void
spoil
()
{
this
.
itereationCount
=
-
1
;
}
}
test/com/sun/crypto/provider/Cipher/PBE/TestCipherKeyWrapperPBEKey.java
0 → 100644
浏览文件 @
dd50b1e9
/*
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import
java.io.PrintStream
;
import
java.security.AlgorithmParameters
;
import
java.security.InvalidKeyException
;
import
java.security.Key
;
import
java.security.Provider
;
import
java.security.Security
;
import
java.security.spec.AlgorithmParameterSpec
;
import
java.util.Arrays
;
import
java.util.Random
;
import
java.util.StringTokenizer
;
import
javax.crypto.Cipher
;
import
javax.crypto.SecretKey
;
import
javax.crypto.SecretKeyFactory
;
import
javax.crypto.spec.PBEKeySpec
;
import
javax.crypto.spec.PBEParameterSpec
;
/**
* @test
* @bug 8041781
* @summary Test to see if key wrapper works correctly with PBEKey
* @author Yu-Ching (Valerie) PENG
* @author Bill Situ
* @author Yun Ke
* @run main TestCipherKeyWrapperPBEKey
*/
public
class
TestCipherKeyWrapperPBEKey
{
private
static
final
String
[]
PBEAlgorithms
=
{
"pbeWithMD5ANDdes"
,
"PBEWithMD5AndDES/CBC/PKCS5Padding"
,
"PBEWithMD5AndTripleDES"
,
"PBEWithMD5AndTripleDES/CBC/PKCS5Padding"
,
"PBEwithSHA1AndDESede"
,
"PBEwithSHA1AndDESede/CBC/PKCS5Padding"
,
"PBEwithSHA1AndRC2_40"
,
"PBEwithSHA1Andrc2_40/CBC/PKCS5Padding"
,
"PBEWithSHA1AndRC2_128"
,
"PBEWithSHA1andRC2_128/CBC/PKCS5Padding"
,
"PBEWithSHA1AndRC4_40"
,
"PBEWithsha1AndRC4_40/ECB/NoPadding"
,
"PBEWithSHA1AndRC4_128"
,
"pbeWithSHA1AndRC4_128/ECB/NoPadding"
,
"PBEWithHmacSHA1AndAES_128"
,
"PBEWithHmacSHA224AndAES_128"
,
"PBEWithHmacSHA256AndAES_128"
,
"PBEWithHmacSHA384AndAES_128"
,
"PBEWithHmacSHA512AndAES_128"
,
"PBEWithHmacSHA1AndAES_256"
,
"PBEWithHmacSHA224AndAES_256"
,
"PBEWithHmacSHA256AndAES_256"
,
"PBEWithHmacSHA384AndAES_256"
,
"PBEWithHmacSHA512AndAES_256"
};
public
static
void
main
(
String
[]
args
)
{
TestCipherKeyWrapperPBEKey
test
=
new
TestCipherKeyWrapperPBEKey
();
Provider
sunjce
=
Security
.
getProvider
(
"SunJCE"
);
if
(!
test
.
runAll
(
sunjce
,
System
.
out
))
{
throw
new
RuntimeException
(
"One or more tests have failed...."
);
}
}
public
boolean
runAll
(
Provider
p
,
PrintStream
out
)
{
boolean
finalResult
=
true
;
for
(
String
algorithm
:
PBEAlgorithms
)
{
out
.
println
(
"Running test with "
+
algorithm
+
":"
);
try
{
if
(!
runTest
(
p
,
algorithm
,
out
))
{
finalResult
=
false
;
out
.
println
(
"STATUS: Failed"
);
}
else
{
out
.
println
(
"STATUS: Passed"
);
}
}
catch
(
Exception
ex
)
{
finalResult
=
false
;
ex
.
printStackTrace
(
out
);
out
.
println
(
"STATUS:Failed"
);
}
}
return
finalResult
;
}
// Have a generic throws Exception as it can throw many different exceptions
public
boolean
runTest
(
Provider
p
,
String
algo
,
PrintStream
out
)
throws
Exception
{
byte
[]
salt
=
new
byte
[
8
];
int
ITERATION_COUNT
=
1000
;
AlgorithmParameters
pbeParams
=
null
;
String
baseAlgo
=
new
StringTokenizer
(
algo
,
"/"
).
nextToken
().
toUpperCase
();
boolean
isAES
=
baseAlgo
.
contains
(
"AES"
);
try
{
// Initialization
new
Random
().
nextBytes
(
salt
);
AlgorithmParameterSpec
aps
=
new
PBEParameterSpec
(
salt
,
ITERATION_COUNT
);
SecretKeyFactory
skf
=
SecretKeyFactory
.
getInstance
(
baseAlgo
,
p
);
SecretKey
key
=
skf
.
generateSecret
(
new
PBEKeySpec
(
"Secret Key"
.
toCharArray
()));
Cipher
ci
=
Cipher
.
getInstance
(
algo
);
if
(
isAES
)
{
ci
.
init
(
Cipher
.
WRAP_MODE
,
key
);
pbeParams
=
ci
.
getParameters
();
}
else
{
ci
.
init
(
Cipher
.
WRAP_MODE
,
key
,
aps
);
}
byte
[]
keyWrapper
=
ci
.
wrap
(
key
);
if
(
isAES
)
{
ci
.
init
(
Cipher
.
UNWRAP_MODE
,
key
,
pbeParams
);
}
else
{
ci
.
init
(
Cipher
.
UNWRAP_MODE
,
key
,
aps
);
}
Key
unwrappedKey
=
ci
.
unwrap
(
keyWrapper
,
algo
,
Cipher
.
SECRET_KEY
);
if
(
baseAlgo
.
endsWith
(
"TRIPLEDES"
)
||
baseAlgo
.
endsWith
(
"AES_256"
))
{
out
.
print
(
"InvalidKeyException not thrown when keyStrength > 128"
);
return
false
;
}
return
(
Arrays
.
equals
(
key
.
getEncoded
(),
unwrappedKey
.
getEncoded
()));
}
catch
(
InvalidKeyException
ex
)
{
if
((
baseAlgo
.
endsWith
(
"TRIPLEDES"
)
||
baseAlgo
.
endsWith
(
"AES_256"
)))
{
out
.
println
(
"Expected InvalidKeyException, keyStrength > 128"
);
return
true
;
}
else
{
throw
ex
;
}
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录