1 /*
2  * Copyright (c) 2017, 2018, Red Hat, Inc. and/or its affiliates.
3  *
4  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5  *
6  * This code is free software; you can redistribute it and/or modify it
7  * under the terms of the GNU General Public License version 2 only, as
8  * published by the Free Software Foundation.
9  *
10  * This code is distributed in the hope that it will be useful, but WITHOUT
11  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
13  * version 2 for more details (a copy is included in the LICENSE file that
14  * accompanied this code).
15  *
16  * You should have received a copy of the GNU General Public License version
17  * 2 along with this work; if not, write to the Free Software Foundation,
18  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19  *
20  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
21  * or visit www.oracle.com if you need additional information or have any
22  * questions.
23  */
24 
25 /*
26  * @test
27  * @bug 8165996
28  * @summary Test NSS DB Sqlite
29  * @comment There is no NSS on Aix.
30  * @requires os.family != "aix"
31  * @library /test/lib ../
32  * @modules java.base/sun.security.rsa
33  *          java.base/sun.security.provider
34  *          java.base/sun.security.jca
35  *          java.base/sun.security.tools.keytool
36  *          java.base/sun.security.x509
37  *          java.base/com.sun.crypto.provider
38  *          jdk.crypto.cryptoki/sun.security.pkcs11:+open
39  * @run main/othervm/timeout=120 TestNssDbSqlite
40  * @author Martin Balao (mbalao@redhat.com)
41  */
42 
43 import java.security.PrivateKey;
44 import java.security.cert.Certificate;
45 import java.security.KeyStore;
46 import java.security.Provider;
47 import java.security.Signature;
48 
49 import sun.security.rsa.SunRsaSign;
50 import sun.security.jca.ProviderList;
51 import sun.security.jca.Providers;
52 import sun.security.tools.keytool.CertAndKeyGen;
53 import sun.security.x509.X500Name;
54 
55 public final class TestNssDbSqlite extends SecmodTest {
56 
57     private static final boolean enableDebug = true;
58 
59     private static Provider sunPKCS11NSSProvider;
60     private static Provider sunRsaSignProvider;
61     private static Provider sunJCEProvider;
62     private static KeyStore ks;
63     private static char[] passphrase = "test12".toCharArray();
64     private static PrivateKey privateKey;
65     private static Certificate certificate;
66 
main(String[] args)67     public static void main(String[] args) throws Exception {
68 
69         if (!initialize()) {
70             return;
71         }
72 
73         if (enableDebug) {
74             System.out.println("SunPKCS11 provider: " +
75                 sunPKCS11NSSProvider);
76         }
77 
78         testRetrieveKeysFromKeystore();
79 
80         System.out.println("Test PASS - OK");
81     }
82 
testRetrieveKeysFromKeystore()83     private static void testRetrieveKeysFromKeystore() throws Exception {
84 
85         String plainText = "known plain text";
86 
87         ks.setKeyEntry("root_ca_1", privateKey, passphrase,
88                 new Certificate[]{certificate});
89         PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase);
90 
91         Signature sS = Signature.getInstance(
92                 "SHA256withRSA", sunPKCS11NSSProvider);
93         sS.initSign(k1);
94         sS.update(plainText.getBytes());
95         byte[] generatedSignature = sS.sign();
96 
97         if (enableDebug) {
98             System.out.println("Generated signature: ");
99             for (byte b : generatedSignature) {
100                 System.out.printf("0x%02x, ", (int)(b) & 0xFF);
101             }
102             System.out.println("");
103         }
104 
105         Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider);
106         sV.initVerify(certificate);
107         sV.update(plainText.getBytes());
108         if(!sV.verify(generatedSignature)){
109             throw new Exception("Couldn't verify signature");
110         }
111     }
112 
initialize()113     private static boolean initialize() throws Exception {
114         return initializeProvider();
115     }
116 
initializeProvider()117     private static boolean initializeProvider() throws Exception {
118         useSqlite(true);
119         if (!initSecmod()) {
120             System.out.println("Cannot init security module database, skipping");
121             return false;
122         }
123 
124         sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg");
125         sunJCEProvider = new com.sun.crypto.provider.SunJCE();
126         sunRsaSignProvider = new SunRsaSign();
127         Providers.setProviderList(ProviderList.newList(
128                 sunJCEProvider, sunPKCS11NSSProvider,
129                 new sun.security.provider.Sun(), sunRsaSignProvider));
130 
131         ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider);
132         ks.load(null, passphrase);
133 
134         CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA");
135         gen.generate(2048);
136         privateKey = gen.getPrivateKey();
137         certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365);
138 
139         return true;
140     }
141 }
142