1 /* 2 * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /** 25 * @test 26 * @bug 8057810 27 * @summary New defaults for DSA keys in jarsigner and keytool 28 * @modules java.base/sun.security.pkcs 29 * java.base/sun.security.tools.keytool 30 * java.base/sun.security.util 31 * java.base/sun.security.x509 32 * jdk.jartool/sun.security.tools.jarsigner 33 * jdk.jartool/sun.tools.jar 34 */ 35 36 import sun.security.pkcs.PKCS7; 37 import sun.security.util.KeyUtil; 38 39 import java.io.FileInputStream; 40 import java.io.InputStream; 41 import java.nio.file.Files; 42 import java.nio.file.Paths; 43 import java.security.KeyStore; 44 import java.security.cert.X509Certificate; 45 import java.util.jar.JarFile; 46 47 public class DefaultSigalg { 48 main(String[] args)49 public static void main(String[] args) throws Exception { 50 51 // Three test cases 52 String[] keyalgs = {"DSA", "RSA", "EC"}; 53 // Expected default keytool sigalg 54 String[] sigalgs = {"SHA256withDSA", "SHA256withRSA", "SHA256withECDSA"}; 55 // Expected keysizes 56 int[] keysizes = {2048, 2048, 256}; 57 // Expected jarsigner digest alg used in signature 58 String[] digestalgs = {"SHA-256", "SHA-256", "SHA-256"}; 59 60 // Create a jar file 61 sun.tools.jar.Main m = 62 new sun.tools.jar.Main(System.out, System.err, "jar"); 63 Files.write(Paths.get("x"), new byte[10]); 64 if (!m.run("cvf a.jar x".split(" "))) { 65 throw new Exception("jar creation failed"); 66 } 67 68 // Generate keypairs and sign the jar 69 Files.deleteIfExists(Paths.get("jks")); 70 for (String keyalg: keyalgs) { 71 sun.security.tools.keytool.Main.main( 72 ("-keystore jks -storepass changeit -keypass changeit " + 73 "-dname CN=A -alias " + keyalg + " -genkeypair " + 74 "-keyalg " + keyalg).split(" ")); 75 sun.security.tools.jarsigner.Main.main( 76 ("-keystore jks -storepass changeit a.jar " + keyalg).split(" ")); 77 } 78 79 // Check result 80 KeyStore ks = KeyStore.getInstance("JKS"); 81 try (FileInputStream jks = new FileInputStream("jks"); 82 JarFile jf = new JarFile("a.jar")) { 83 ks.load(jks, "changeit".toCharArray()); 84 for (int i = 0; i<keyalgs.length; i++) { 85 String keyalg = keyalgs[i]; 86 // keytool 87 X509Certificate c = (X509Certificate) ks.getCertificate(keyalg); 88 String sigalg = c.getSigAlgName(); 89 if (!sigalg.equals(sigalgs[i])) { 90 throw new Exception( 91 "keytool sigalg for " + keyalg + " is " + sigalg); 92 } 93 int keysize = KeyUtil.getKeySize(c.getPublicKey()); 94 if (keysize != keysizes[i]) { 95 throw new Exception( 96 "keytool keysize for " + keyalg + " is " + keysize); 97 } 98 // jarsigner 99 String bk = "META-INF/" + keyalg + "." + keyalg; 100 try (InputStream is = jf.getInputStream(jf.getEntry(bk))) { 101 String digestalg = new PKCS7(is).getSignerInfos()[0] 102 .getDigestAlgorithmId().toString(); 103 if (!digestalg.equals(digestalgs[i])) { 104 throw new Exception( 105 "jarsigner digest of sig for " + keyalg 106 + " is " + digestalg); 107 } 108 } 109 } 110 } 111 } 112 } 113