Mercurial > hg > icedtea8-forest > jdk

view test/sun/security/tools/jarsigner/ec.sh @ 14943:78875da14d05

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8172404: Tools should warn if weak algorithms are used before restricting them Reviewed-by: mullan, weijun, andrew, mbalao Contributed-by: Hai-May Chao <hai-may.chao@oracle.com>
author weijun
date Fri, 17 Apr 2020 20:11:39 +0800
parents 56c5df40f2fe
children
line wrap: on
line source

#
# Copyright (c) 2009, 2020, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#

# @test
# @bug 6870812
# @summary enhance security tools to use ECC algorithm
#

if [ "${TESTJAVA}" = "" ] ; then
  JAVAC_CMD=`which javac`
  TESTJAVA=`dirname $JAVAC_CMD`/..
fi

# set platform-dependent variables
OS=`uname -s`
case "$OS" in
  Windows_* )
    FS="\\"
    ;;
  * )
    FS="/"
    ;;
esac

KS=ec.jks
JFILE=ec.jar

KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS"
JAR=$TESTJAVA${FS}bin${FS}jar
JARSIGNER=$TESTJAVA${FS}bin${FS}jarsigner

rm $KS $JFILE
echo A > A
$JAR cvf $JFILE A

$KT -alias ca -dname CN=ca -keyalg ec -genkey -validity 300 -ext bc:c || exit 11

$KT -alias a -dname CN=a -keyalg ec -genkey || exit 11
$KT -alias a -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias a || exit 111

$KT -alias b -dname CN=b -keyalg ec -genkey || exit 12
$KT -alias b -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias b || exit 121

# Ensure that key length is sufficient for the intended hash (SHA512withECDSA)
$KT -alias c -dname CN=c -keyalg ec -genkey -keysize 521 || exit 13
$KT -alias c -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias c || exit 131

$KT -alias x -dname CN=x -keyalg ec -genkey -validity 300 || exit 14
$KT -alias x -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias x || exit 141

$JARSIGNER -keystore $KS -storepass changeit $JFILE a -debug -strict || exit 21
$JARSIGNER -keystore $KS -storepass changeit $JFILE b -debug -strict -sigalg SHA256withECDSA || exit 22
$JARSIGNER -keystore $KS -storepass changeit $JFILE c -debug -strict -sigalg SHA512withECDSA || exit 23

$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE a -debug -strict || exit 31
$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE b -debug -strict || exit 32
$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE c -debug -strict || exit 33

# Not signed by x, should exit with non-zero
$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE x -debug -strict && exit 34

exit 0