Mercurial > hg > icedtea8-forest > jdk
changeset 12478:5ee8253969dd icedtea-3.4.0pre01
8144539, PR3337: Update PKCS11 tests to run with security manager
Reviewed-by: valeriep, ascarpino
line wrap: on
line diff
--- a/test/sun/security/pkcs11/Cipher/ReinitCipher.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Cipher/ReinitCipher.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,21 +28,22 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm ReinitCipher + * @run main/othervm ReinitCipher sm */ -import java.util.*; - -import java.security.*; - -import javax.crypto.*; -import javax.crypto.spec.*; +import java.security.Provider; +import java.util.Random; +import javax.crypto.Cipher; +import javax.crypto.spec.SecretKeySpec; public class ReinitCipher extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new ReinitCipher()); + main(new ReinitCipher(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("Cipher", "ARCFOUR") == null) { System.out.println("Not supported by provider, skipping");
--- a/test/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Cipher/TestPKCS5PaddingError.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,16 +27,18 @@ * @summary Test internal PKCS5Padding impl with various error conditions. * @author Valerie Peng * @library .. + * @run main/othervm TestPKCS5PaddingError + * @run main/othervm TestPKCS5PaddingError sm */ -import java.io.*; -import java.nio.*; -import java.util.*; -import java.security.*; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.*; -import javax.crypto.spec.IvParameterSpec; +import java.security.AlgorithmParameters; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; public class TestPKCS5PaddingError extends PKCS11Test { private static class CI { // class for holding Cipher Information @@ -62,10 +64,8 @@ private static StringBuffer debugBuf = new StringBuffer(); + @Override public void main(Provider p) throws Exception { - boolean status = true; - Random random = new Random(); - try { byte[] plainText = new byte[200]; @@ -127,6 +127,6 @@ } public static void main(String[] args) throws Exception { - main(new TestPKCS5PaddingError()); + main(new TestPKCS5PaddingError(), args); } }
--- a/test/sun/security/pkcs11/Cipher/TestRSACipher.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Cipher/TestRSACipher.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,20 +28,28 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm TestRSACipher + * @run main/othervm TestRSACipher sm */ -import java.io.*; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.util.Arrays; +import java.util.Random; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; public class TestRSACipher extends PKCS11Test { private static final String[] RSA_ALGOS = { "RSA/ECB/PKCS1Padding", "RSA" }; + @Override public void main(Provider p) throws Exception { try { Cipher.getInstance(RSA_ALGOS[0], p); @@ -122,7 +130,7 @@ } public static void main(String[] args) throws Exception { - main(new TestRSACipher()); + main(new TestRSACipher(), args); } }
--- a/test/sun/security/pkcs11/Cipher/TestRSACipherWrap.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Cipher/TestRSACipherWrap.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,13 +27,20 @@ * @summary basic test for RSA cipher key wrapping functionality * @author Valerie Peng * @library .. + * @run main/othervm TestRSACipherWrap + * @run main/othervm TestRSACipherWrap sm */ -import java.io.*; -import java.util.*; -import java.security.*; - -import javax.crypto.*; +import java.security.GeneralSecurityException; +import java.security.InvalidParameterException; +import java.security.Key; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.util.Arrays; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; public class TestRSACipherWrap extends PKCS11Test { @@ -41,6 +48,7 @@ private static final String[] RSA_ALGOS = { "RSA/ECB/PKCS1Padding", "RSA" }; + @Override public void main(Provider p) throws Exception { try { Cipher.getInstance(RSA_ALGOS[0], p); @@ -104,6 +112,6 @@ } public static void main(String[] args) throws Exception { - main(new TestRSACipherWrap()); + main(new TestRSACipherWrap(), args); } }
--- a/test/sun/security/pkcs11/Cipher/TestRawRSACipher.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Cipher/TestRawRSACipher.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,16 +28,21 @@ * @author Valerie Peng * @library .. * @key randomness + * @run main/othervm TestRawRSACipher + * @run main/othervm TestRawRSACipher sm */ -import javax.crypto.*; -import java.io.*; -import javax.crypto.spec.SecretKeySpec; -import java.security.*; -import java.util.*; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.util.Arrays; +import java.util.Random; +import javax.crypto.Cipher; public class TestRawRSACipher extends PKCS11Test { + @Override public void main(Provider p) throws Exception { try { Cipher.getInstance("RSA/ECB/NoPadding", p); @@ -80,6 +85,6 @@ } public static void main(String[] args) throws Exception { - main(new TestRawRSACipher()); + main(new TestRawRSACipher(), args); } }
--- a/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Cipher/TestSymmCiphers.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,16 +28,19 @@ * @author Valerie Peng * @library .. * @key randomness + * @run main/othervm TestSymmCiphers + * @run main/othervm TestSymmCiphers sm */ -import java.io.*; -import java.nio.*; -import java.util.*; -import java.security.*; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.*; -import javax.crypto.spec.IvParameterSpec; +import java.io.ByteArrayOutputStream; +import java.nio.ByteBuffer; +import java.security.AlgorithmParameters; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.util.Random; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; public class TestSymmCiphers extends PKCS11Test { @@ -81,6 +84,7 @@ }; private static StringBuffer debugBuf = new StringBuffer(); + @Override public void main(Provider p) throws Exception { // NSS reports CKR_DEVICE_ERROR when the data passed to // its EncryptUpdate/DecryptUpdate is not multiple of blocks @@ -272,6 +276,6 @@ } public static void main(String[] args) throws Exception { - main(new TestSymmCiphers()); + main(new TestSymmCiphers(), args); } }
--- a/test/sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Cipher/TestSymmCiphersNoPad.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,22 @@ * @author Valerie Peng * @library .. * @key randomness + * @run main/othervm TestSymmCiphersNoPad + * @run main/othervm TestSymmCiphersNoPad sm */ -import java.io.*; -import java.nio.*; -import java.util.*; - -import java.security.*; -import java.security.spec.AlgorithmParameterSpec; - -import javax.crypto.*; -import javax.crypto.spec.IvParameterSpec; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.InputStream; +import java.nio.ByteBuffer; +import java.security.AlgorithmParameters; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.util.Random; +import javax.crypto.Cipher; +import javax.crypto.CipherInputStream; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; public class TestSymmCiphersNoPad extends PKCS11Test { @@ -67,6 +72,7 @@ private static StringBuffer debugBuf; + @Override public void main(Provider p) throws Exception { boolean status = true; Random random = new Random(); @@ -234,6 +240,6 @@ } public static void main(String[] args) throws Exception { - main(new TestSymmCiphersNoPad()); + main(new TestSymmCiphersNoPad(), args); } }
--- a/test/sun/security/pkcs11/KeyAgreement/TestDH.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/KeyAgreement/TestDH.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,17 +27,20 @@ * @summary Verify that DH works properly * @author Andreas Sterbenz * @library .. + * @run main/othervm TestDH + * @run main/othervm TestDH sm */ -import java.io.*; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.util.Arrays; +import javax.crypto.KeyAgreement; +import javax.crypto.SecretKey; public class TestDH extends PKCS11Test { + @Override public void main(Provider p) throws Exception { if (p.getService("KeyAgreement", "DH") == null) { System.out.println("DH not supported, skipping"); @@ -91,8 +94,9 @@ testAlgorithm(ka2, kp2, ka1, kp1, "TlsPremasterSecret"); } - private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1, KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception { - SecretKey key1 = null; + private static void testAlgorithm(KeyAgreement ka1, KeyPair kp1, + KeyAgreement ka2, KeyPair kp2, String algorithm) throws Exception { + SecretKey key1; ka1.init(kp1.getPrivate()); ka1.doPhase(kp2.getPublic(), true); @@ -115,7 +119,7 @@ } public static void main(String[] args) throws Exception { - main(new TestDH()); + main(new TestDH(), args); } }
--- a/test/sun/security/pkcs11/KeyAgreement/TestInterop.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/KeyAgreement/TestInterop.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,14 +26,18 @@ * @bug 7146728 * @summary Interop test for DH with secret that has a leading 0x00 byte * @library .. + * @run main/othervm TestInterop + * @run main/othervm TestInterop sm */ import java.math.BigInteger; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; -import javax.crypto.spec.*; +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.util.Arrays; +import javax.crypto.KeyAgreement; +import javax.crypto.spec.DHPrivateKeySpec; +import javax.crypto.spec.DHPublicKeySpec; public class TestInterop extends PKCS11Test { @@ -72,6 +76,7 @@ + "30313414180008978013330410484011186019824874948204261839391153650949864" + "429505597086564709"); + @Override public void main(Provider prov) throws Exception { if (prov.getService("KeyAgreement", "DH") == null) { System.out.println("DH not supported, skipping"); @@ -138,6 +143,6 @@ } public static void main(String[] args) throws Exception { - main(new TestInterop()); + main(new TestInterop(), args); } }
--- a/test/sun/security/pkcs11/KeyAgreement/TestShort.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/KeyAgreement/TestShort.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,15 +27,19 @@ * @summary KAT test for DH (normal and with secret that has leading a 0x00 byte) * @author Andreas Sterbenz * @library .. + * @run main/othervm TestShort + * @run main/othervm TestShort sm */ import java.math.BigInteger; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; -import javax.crypto.spec.*; +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.util.Arrays; +import javax.crypto.KeyAgreement; +import javax.crypto.spec.DHPrivateKeySpec; +import javax.crypto.spec.DHPublicKeySpec; public class TestShort extends PKCS11Test { @@ -83,6 +87,7 @@ + "1a:6a:15:d8:a4:8c:0a:ce:f0:15:03:0c:c2:56:82:a2:75:9b:49:fe:ed:60:c5:6e" + ":de:47:55:62:4f:16:20:6d:74:cc:7b:95:93:25:2c:ea"); + @Override public void main(Provider provider) throws Exception { if (provider.getService("KeyAgreement", "DH") == null) { System.out.println("DH not supported, skipping"); @@ -142,7 +147,7 @@ } public static void main(String[] args) throws Exception { - main(new TestShort()); + main(new TestShort(), args); } }
--- a/test/sun/security/pkcs11/KeyGenerator/DESParity.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/KeyGenerator/DESParity.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,19 +28,21 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm DESParity + * @run main/othervm DESParity sm */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.spec.*; - -import javax.crypto.*; -import javax.crypto.spec.*; +import java.security.Provider; +import java.util.Random; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.DESKeySpec; +import javax.crypto.spec.DESedeKeySpec; +import javax.crypto.spec.SecretKeySpec; public class DESParity extends PKCS11Test { + @Override public void main(Provider p) throws Exception { if (p.getService("SecretKeyFactory", "DES") == null) { System.out.println("Not supported by provider, skipping"); @@ -73,7 +75,7 @@ } public static void main(String[] args) throws Exception { - main(new DESParity()); + main(new DESParity(), args); } }
--- a/test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,13 +27,16 @@ * @summary test the KeyGenerator * @author Andreas Sterbenz * @library .. + * @run main/othervm TestKeyGenerator + * @run main/othervm TestKeyGenerator sm */ -import java.util.*; - -import java.security.*; - -import javax.crypto.*; +import java.security.InvalidParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.ProviderException; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; enum TestResult { PASS, @@ -44,7 +47,7 @@ public class TestKeyGenerator extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new TestKeyGenerator()); + main(new TestKeyGenerator(), args); } private TestResult test(String algorithm, int keyLen, Provider p, @@ -85,6 +88,7 @@ return actual; } + @Override public void main(Provider p) throws Exception { test("DES", 0, p, TestResult.FAIL); test("DES", 56, p, TestResult.PASS); // ensure JCE-Compatibility
--- a/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/KeyPairGenerator/TestDH2048.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,14 +27,14 @@ * @summary Ensure that DH key pairs can be generated for 512 - 8192 bits * @author Valerie Peng * @library .. + * @run main/othervm TestDH2048 + * @run main/othervm TestDH2048 sm */ -import java.io.*; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; +import java.security.InvalidParameterException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; public class TestDH2048 extends PKCS11Test { @@ -47,6 +47,7 @@ } } + @Override public void main(Provider p) throws Exception { if (p.getService("KeyPairGenerator", "DH") == null) { System.out.println("KPG for DH not supported, skipping"); @@ -95,6 +96,6 @@ } public static void main(String[] args) throws Exception { - main(new TestDH2048()); + main(new TestDH2048(), args); } }
--- a/test/sun/security/pkcs11/Mac/MacKAT.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Mac/MacKAT.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,7 +36,8 @@ * @summary Basic known-answer-test for Hmac algorithms * @author Andreas Sterbenz * @library .. - * @run main MacKAT + * @run main/othervm MacKAT + * @run main/othervm MacKAT sm */ public class MacKAT extends PKCS11Test { @@ -178,7 +179,7 @@ }; public static void main(String[] args) throws Exception { - main(new MacKAT()); + main(new MacKAT(), args); } @Override
--- a/test/sun/security/pkcs11/Mac/MacSameTest.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Mac/MacSameTest.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -36,7 +36,8 @@ * @summary Check if doFinal and update operation result in same Mac * @author Yu-Ching Valerie Peng, Bill Situ, Alexander Fomin * @library .. - * @run main MacSameTest + * @run main/othervm MacSameTest + * @run main/othervm MacSameTest sm * @key randomness */ public class MacSameTest extends PKCS11Test { @@ -57,7 +58,7 @@ * @param args the command line arguments */ public static void main(String[] args) throws Exception { - main(new MacSameTest()); + main(new MacSameTest(), args); } @Override
--- a/test/sun/security/pkcs11/Mac/ReinitMac.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Mac/ReinitMac.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,21 +28,22 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm ReinitMac + * @run main/othervm ReinitMac sm */ -import java.util.*; - -import java.security.*; - -import javax.crypto.*; -import javax.crypto.spec.*; +import java.security.Provider; +import java.util.Random; +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; public class ReinitMac extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new ReinitMac()); + main(new ReinitMac(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("Mac", "HmacMD5") == null) { System.out.println(p + " does not support HmacMD5, skipping");
--- a/test/sun/security/pkcs11/MessageDigest/ByteBuffers.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/MessageDigest/ByteBuffers.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,19 +28,23 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm ByteBuffers + * @run main/othervm ByteBuffers sm */ -import java.util.*; -import java.nio.*; - -import java.security.*; +import java.nio.ByteBuffer; +import java.security.MessageDigest; +import java.security.Provider; +import java.util.Arrays; +import java.util.Random; public class ByteBuffers extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new ByteBuffers()); + main(new ByteBuffers(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("MessageDigest", "MD5") == null) { System.out.println("Provider does not support MD5, skipping");
--- a/test/sun/security/pkcs11/MessageDigest/DigestKAT.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/MessageDigest/DigestKAT.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,19 +27,23 @@ * @summary Basic known-answer-test for all our MessageDigest algorithms * @author Andreas Sterbenz * @library .. + * @run main/othervm DigestKAT + * @run main/othervm DigestKAT sm */ -import java.io.*; -import java.util.*; - -import java.security.*; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.StringReader; +import java.security.MessageDigest; +import java.security.Provider; +import java.util.Arrays; public class DigestKAT extends PKCS11Test { private final static char[] hexDigits = "0123456789abcdef".toCharArray(); public static String toString(byte[] b) { - StringBuffer sb = new StringBuffer(b.length * 3); + StringBuilder sb = new StringBuilder(b.length * 3); for (int i = 0; i < b.length; i++) { int k = b[i] & 0xff; if (i != 0) { @@ -106,6 +110,7 @@ this.data = data; this.digest = digest; } + @Override void run(Provider p) throws Exception { if (p.getService("MessageDigest", alg) == null) { System.out.println("Skipped " + alg); @@ -123,7 +128,6 @@ System.out.println("out: " + DigestKAT.toString(myDigest)); throw new Exception("Digest test for " + alg + " failed"); } -// System.out.println("Passed " + alg); } } @@ -221,12 +225,13 @@ System.out.println("Done (" + (stop - start) + " ms)."); } + @Override public void main(Provider p) throws Exception{ runTests(tests, p); } public static void main(String[] args) throws Exception { - main(new DigestKAT()); + main(new DigestKAT(), args); } }
--- a/test/sun/security/pkcs11/MessageDigest/ReinitDigest.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/MessageDigest/ReinitDigest.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,18 +28,22 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm ReinitDigest + * @run main/othervm ReinitDigest sm */ -import java.util.*; - -import java.security.*; +import java.security.MessageDigest; +import java.security.Provider; +import java.util.Arrays; +import java.util.Random; public class ReinitDigest extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new ReinitDigest()); + main(new ReinitDigest(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("MessageDigest", "MD5") == null) { System.out.println("Provider does not support MD5, skipping");
--- a/test/sun/security/pkcs11/MessageDigest/TestCloning.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/MessageDigest/TestCloning.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,11 +28,14 @@ * @author Valerie Peng * @library .. * @key randomness + * @run main/othervm TestCloning + * @run main/othervm TestCloning sm */ -import java.util.*; - -import java.security.*; +import java.security.MessageDigest; +import java.security.Provider; +import java.util.Arrays; +import java.util.Random; public class TestCloning extends PKCS11Test { @@ -41,13 +44,14 @@ }; public static void main(String[] args) throws Exception { - main(new TestCloning()); + main(new TestCloning(), args); } private static final byte[] data1 = new byte[10]; private static final byte[] data2 = new byte[10*1024]; + @Override public void main(Provider p) throws Exception { Random r = new Random(); byte[] data1 = new byte[10];
--- a/test/sun/security/pkcs11/PKCS11Test.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/PKCS11Test.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -24,16 +24,39 @@ // common infrastructure for SunPKCS11 tests -import java.io.*; -import java.util.*; -import java.lang.reflect.*; - -import java.security.*; +import java.io.BufferedReader; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStreamReader; +import java.io.StringReader; +import java.lang.reflect.Constructor; +import java.security.AlgorithmParameters; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyPairGenerator; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.ProviderException; +import java.security.Security; import java.security.spec.ECGenParameterSpec; import java.security.spec.ECParameterSpec; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.ServiceLoader; +import java.util.Set; public abstract class PKCS11Test { + private boolean enableSM = false; + + static final Properties props = System.getProperties(); + static final String PKCS11 = "PKCS11"; // directory of the test source @@ -41,7 +64,8 @@ static final char SEP = File.separatorChar; - private final static String REL_CLOSED = "../../../../closed/sun/security/pkcs11".replace('/', SEP); + private static final String DEFAULT_POLICY = + BASE + SEP + ".." + SEP + "policy"; // directory corresponding to BASE in the /closed hierarchy static final String CLOSED_BASE; @@ -54,6 +78,9 @@ String p1 = absBase.substring(0, k + 6); String p2 = absBase.substring(k + 5); CLOSED_BASE = p1 + "closed" + p2; + + // set it as a system property to make it available in policy file + System.setProperty("closed.base", CLOSED_BASE); } static String NSPR_PREFIX = ""; @@ -73,6 +100,19 @@ static double softoken3_version = -1; static double nss3_version = -1; + /* + * Use Solaris SPARC 11.2 or later to avoid an intermittent failure + * when running SunPKCS11-Solaris (8044554) + */ + static boolean isBadSolarisSparc(Provider p) { + if ("SunPKCS11-Solaris".equals(p.getName()) && badSolarisSparc) { + System.out.println("SunPKCS11-Solaris provider requires " + + "Solaris SPARC 11.2 or later, skipping"); + return true; + } + return false; + } + static Provider getSunPKCS11(String config) throws Exception { Class clazz = Class.forName("sun.security.pkcs11.SunPKCS11"); Constructor cons = clazz.getConstructor(new Class[] {String.class}); @@ -83,14 +123,43 @@ public abstract void main(Provider p) throws Exception; private void premain(Provider p) throws Exception { - long start = System.currentTimeMillis(); - System.out.println("Running test with provider " + p.getName() + "..."); - main(p); - long stop = System.currentTimeMillis(); - System.out.println("Completed test with provider " + p.getName() + " (" + (stop - start) + " ms)."); + // set a security manager and policy before a test case runs, + // and disable them after the test case finished + try { + if (enableSM) { + System.setSecurityManager(new SecurityManager()); + } + long start = System.currentTimeMillis(); + System.out.printf( + "Running test with provider %s (security manager %s) ...%n", + p.getName(), enableSM ? "enabled" : "disabled"); + main(p); + long stop = System.currentTimeMillis(); + System.out.println("Completed test with provider " + p.getName() + + " (" + (stop - start) + " ms)."); + } finally { + if (enableSM) { + System.setSecurityManager(null); + } + } } public static void main(PKCS11Test test) throws Exception { + main(test, null); + } + + public static void main(PKCS11Test test, String[] args) throws Exception { + if (args != null) { + if (args.length > 0 && "sm".equals(args[0])) { + test.enableSM = true; + } + if (test.enableSM) { + System.setProperty("java.security.policy", + (args.length > 1) ? BASE + SEP + args[1] + : DEFAULT_POLICY); + } + } + Provider[] oldProviders = Security.getProviders(); try { System.out.println("Beginning test run " + test.getClass().getName() + "..."); @@ -186,7 +255,6 @@ } static String getNSSLibDir(String library) throws Exception { - Properties props = System.getProperties(); String osName = props.getProperty("os.name"); if (osName.startsWith("Win")) { osName = "Windows"; @@ -215,6 +283,15 @@ return nssLibDir; } + static boolean isBadNSSVersion(Provider p) { + if (isNSS(p) && badNSSVersion) { + System.out.println("NSS 3.11 has a DER issue that recent " + + "version do not."); + return true; + } + return false; + } + protected static void safeReload(String lib) throws Exception { try { System.load(lib); @@ -283,34 +360,32 @@ try { libfile = getNSSLibDir() + System.mapLibraryName(library); - FileInputStream is = new FileInputStream(libfile); - byte[] data = new byte[1000]; - int read = 0; + try (FileInputStream is = new FileInputStream(libfile)) { + byte[] data = new byte[1000]; + int read = 0; - while (is.available() > 0) { - if (read == 0) { - read = is.read(data, 0, 1000); - } else { - // Prepend last 100 bytes in case the header was split - // between the reads. - System.arraycopy(data, 900, data, 0, 100); - read = 100 + is.read(data, 100, 900); - } + while (is.available() > 0) { + if (read == 0) { + read = is.read(data, 0, 1000); + } else { + // Prepend last 100 bytes in case the header was split + // between the reads. + System.arraycopy(data, 900, data, 0, 100); + read = 100 + is.read(data, 100, 900); + } - s = new String(data, 0, read); - if ((i = s.indexOf(nssHeader)) > 0) { - found = true; - // If the nssHeader is before 920 we can break, otherwise - // we may not have the whole header so do another read. If - // no bytes are in the stream, that is ok, found is true. - if (i < 920) { - break; + s = new String(data, 0, read); + if ((i = s.indexOf(nssHeader)) > 0) { + found = true; + // If the nssHeader is before 920 we can break, otherwise + // we may not have the whole header so do another read. If + // no bytes are in the stream, that is ok, found is true. + if (i < 920) { + break; + } } } } - - is.close(); - } catch (Exception e) { e.printStackTrace(); } @@ -404,14 +479,13 @@ } // Generate a vector of supported elliptic curves of a given provider - static Vector<ECParameterSpec> getKnownCurves(Provider p) throws Exception { + static List<ECParameterSpec> getKnownCurves(Provider p) throws Exception { int index; int begin; int end; String curve; - KeyPair kp = null; - Vector<ECParameterSpec> results = new Vector<ECParameterSpec>(); + List<ECParameterSpec> results = new ArrayList<>(); // Get Curves to test from SunEC. String kcProp = Security.getProvider("SunEC"). getProperty("AlgorithmParameters.EC SupportedCurves"); @@ -449,7 +523,7 @@ try { KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p); kpg.initialize(e); - kp = kpg.generateKeyPair(); + kpg.generateKeyPair(); results.add(e); System.out.println("Supported"); } catch (ProviderException ex) { @@ -480,9 +554,8 @@ } // Check support for a curve with a provided Vector of EC support - boolean checkSupport(Vector<ECParameterSpec> supportedEC, + boolean checkSupport(List<ECParameterSpec> supportedEC, ECParameterSpec curve) { - boolean found = false; for (ECParameterSpec ec: supportedEC) { if (ec.equals(curve)) { return true; @@ -495,7 +568,7 @@ // Location of the NSS libraries on each supported platform static { - osMap = new HashMap<String,String[]>(); + osMap = new HashMap<>(); osMap.put("SunOS-sparc-32", new String[]{"/usr/lib/mps/"}); osMap.put("SunOS-sparcv9-64", new String[]{"/usr/lib/mps/64/"}); osMap.put("SunOS-x86-32", new String[]{"/usr/lib/mps/"}); @@ -513,11 +586,20 @@ private final static char[] hexDigits = "0123456789abcdef".toCharArray(); + static final boolean badNSSVersion = + getNSSVersion() >= 3.11 && getNSSVersion() < 3.12; + + static final boolean badSolarisSparc = + System.getProperty("os.name").equals("SunOS") && + System.getProperty("os.arch").equals("sparcv9") && + System.getProperty("os.version").compareTo("5.11") <= 0 && + getDistro().compareTo("11.2") < 0; + public static String toString(byte[] b) { if (b == null) { return "(null)"; } - StringBuffer sb = new StringBuffer(b.length * 3); + StringBuilder sb = new StringBuilder(b.length * 3); for (int i = 0; i < b.length; i++) { int k = b[i] & 0xff; if (i != 0) { @@ -608,8 +690,7 @@ /** * Get the identifier for the operating system distribution */ - public String getDistro() { - + static String getDistro() { try (BufferedReader in = new BufferedReader(new InputStreamReader( Runtime.getRuntime().exec("uname -v").getInputStream()))) {
--- a/test/sun/security/pkcs11/Secmod/AddPrivateKey.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Secmod/AddPrivateKey.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,15 +28,27 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm AddPrivateKey + * @run main/othervm AddPrivateKey sm policy * @key randomness */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.KeyStore.*; -import java.security.cert.*; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.KeyFactory; +import java.security.KeyStore; +import java.security.KeyStore.PasswordProtection; +import java.security.KeyStore.PrivateKeyEntry; +import java.security.KeyStoreException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Security; +import java.security.Signature; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; // this test is currently only run for the NSS KeyStore provider, but it // is really a generic KeyStore test so it should be modified to run for @@ -64,6 +76,12 @@ System.out.println(); Security.addProvider(p); + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + KeyStore ks = KeyStore.getInstance(PKCS11, p); ks.load(null, password); for (String alias : aliases(ks)) {
--- a/test/sun/security/pkcs11/Secmod/AddTrustedCert.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Secmod/AddTrustedCert.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,14 +28,21 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm AddTrustedCert + * @run main/othervm AddTrustedCert sm policy */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.KeyStore.*; -import java.security.cert.*; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.KeyStore; +import java.security.KeyStore.TrustedCertificateEntry; +import java.security.Provider; +import java.security.Security; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Collections; +import java.util.TreeSet; public class AddTrustedCert extends SecmodTest { @@ -56,6 +63,13 @@ System.out.println(p); Security.addProvider(p); + + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + KeyStore ks = KeyStore.getInstance(PKCS11, p); ks.load(null, password); Collection<String> aliases = new TreeSet<>(Collections.list(
--- a/test/sun/security/pkcs11/Secmod/Crypto.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Secmod/Crypto.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,10 +28,15 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm Crypto + * @run main/othervm Crypto sm policy * @key randomness */ -import java.security.*; +import java.io.File; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.security.Signature; public class Crypto extends SecmodTest { @@ -43,6 +48,12 @@ String configName = BASE + SEP + "nsscrypto.cfg"; Provider p = getSunPKCS11(configName); + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p); KeyPair kp = kpg.generateKeyPair();
--- a/test/sun/security/pkcs11/Secmod/GetPrivateKey.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Secmod/GetPrivateKey.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,14 +28,20 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm GetPrivateKey + * @run main/othervm GetPrivateKey sm policy * @key randomness */ -import java.util.*; - -import java.security.*; -import java.security.KeyStore.*; -import java.security.cert.*; +import java.io.File; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.Security; +import java.security.Signature; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Collections; +import java.util.TreeSet; public class GetPrivateKey extends SecmodTest { @@ -49,6 +55,13 @@ System.out.println(p); Security.addProvider(p); + + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + KeyStore ks = KeyStore.getInstance(PKCS11, p); ks.load(null, password); Collection<String> aliases = new TreeSet<>(
--- a/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,13 +28,19 @@ * @author Wang Weijun * @library .. * @run main/othervm JksSetPrivateKey + * @run main/othervm JksSetPrivateKey sm policy */ -import java.util.*; - -import java.security.*; -import java.security.KeyStore.*; -import java.security.cert.*; +import java.io.File; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.Security; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Collections; +import java.util.TreeSet; public class JksSetPrivateKey extends SecmodTest { @@ -48,9 +54,16 @@ System.out.println(p); Security.addProvider(p); + + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + KeyStore ks = KeyStore.getInstance("PKCS11", p); ks.load(null, password); - Collection<String> aliases = new TreeSet<String>(Collections.list(ks.aliases())); + Collection<String> aliases = new TreeSet<>(Collections.list(ks.aliases())); System.out.println("entries: " + aliases.size()); System.out.println(aliases); @@ -66,14 +79,14 @@ jks.setKeyEntry("k1", privateKey, "changeit".toCharArray(), chain); throw new Exception("No, an NSS PrivateKey shouldn't be extractable and put inside a JKS keystore"); } catch (KeyStoreException e) { - System.err.println(e);; // This is OK + System.err.println(e); // This is OK } try { jks.setKeyEntry("k2", new DummyPrivateKey(), "changeit".toCharArray(), chain); throw new Exception("No, non-PKCS#8 key shouldn't be put inside a KeyStore"); } catch (KeyStoreException e) { - System.err.println(e);; // This is OK + System.err.println(e); // This is OK } System.out.println("OK"); @@ -81,35 +94,41 @@ jks.setKeyEntry("k3", new DummyPrivateKey2(), "changeit".toCharArray(), chain); throw new Exception("No, not-extractble key shouldn't be put inside a KeyStore"); } catch (KeyStoreException e) { - System.err.println(e);; // This is OK + System.err.println(e); // This is OK } System.out.println("OK"); } } class DummyPrivateKey implements PrivateKey { + @Override public String getAlgorithm() { return "DUMMY"; } + @Override public String getFormat() { return "DUMMY"; } + @Override public byte[] getEncoded() { return "DUMMY".getBytes(); } } class DummyPrivateKey2 implements PrivateKey { + @Override public String getAlgorithm() { return "DUMMY"; } + @Override public String getFormat() { return "PKCS#8"; } + @Override public byte[] getEncoded() { return null; }
--- a/test/sun/security/pkcs11/Secmod/LoadKeystore.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Secmod/LoadKeystore.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,6 +21,7 @@ * questions. */ +import java.io.File; import java.io.IOException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -35,6 +36,7 @@ * @summary Checks that PKCS#11 keystore can't be loaded with wrong password * @library ../ * @run main/othervm LoadKeystore + * @run main/othervm LoadKeystore sm policy */ public class LoadKeystore extends SecmodTest { @@ -50,6 +52,12 @@ System.out.println(); Security.addProvider(p); + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + try { System.out.println("Load keystore with wrong type"); KeyStore.getInstance("unknown", p);
--- a/test/sun/security/pkcs11/Secmod/TrustAnchors.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Secmod/TrustAnchors.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,13 +28,17 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm TrustAnchors + * @run main/othervm TrustAnchors sm policy */ -import java.util.*; - -import java.security.*; -import java.security.KeyStore.*; -import java.security.cert.*; +import java.io.File; +import java.security.KeyStore; +import java.security.Provider; +import java.security.Security; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Collections; +import java.util.TreeSet; public class TrustAnchors extends SecmodTest { @@ -55,9 +59,16 @@ System.out.println(p); Security.addProvider(p); + + if (args.length > 1 && "sm".equals(args[0])) { + System.setProperty("java.security.policy", + BASE + File.separator + args[1]); + System.setSecurityManager(new SecurityManager()); + } + KeyStore ks = KeyStore.getInstance("PKCS11", p); ks.load(null, null); - Collection<String> aliases = new TreeSet<String>(Collections.list(ks.aliases())); + Collection<String> aliases = new TreeSet<>(Collections.list(ks.aliases())); System.out.println("entries: " + aliases.size()); System.out.println(aliases);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs11/Secmod/policy Sat May 06 23:47:22 2017 +0100 @@ -0,0 +1,6 @@ +grant { + permission java.security.SecurityPermission "authProvider.*"; + permission java.io.FilePermission "${test.src}/-", "read"; + permission java.io.FilePermission "${pkcs11test.nss.db}/-", "read"; + permission java.io.FilePermission "${pkcs11test.nss.libdir}/-", "read"; +}; \ No newline at end of file
--- a/test/sun/security/pkcs11/SecureRandom/Basic.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/SecureRandom/Basic.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,17 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm Basic + * @run main/othervm Basic sm */ -import java.io.*; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.SecureRandom; public class Basic extends PKCS11Test { + @Override public void main(Provider p) throws Exception { SecureRandom random; try { @@ -58,7 +58,7 @@ } public static void main(String[] args) throws Exception { - main(new Basic()); + main(new Basic(), args); } }
--- a/test/sun/security/pkcs11/Signature/ByteBuffers.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Signature/ByteBuffers.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,19 +28,24 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm ByteBuffers + * @run main/othervm ByteBuffers sm */ -import java.util.*; -import java.nio.*; - -import java.security.*; +import java.nio.ByteBuffer; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.security.Signature; +import java.util.Random; public class ByteBuffers extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new ByteBuffers()); + main(new ByteBuffers(), args); } + @Override public void main(Provider p) throws Exception { /* @@ -48,9 +53,9 @@ * when running SunPKCS11-Solaris provider (8044554) */ if (p.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && + props.getProperty("os.name").equals("SunOS") && + props.getProperty("os.arch").equals("sparcv9") && + props.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println("SunPKCS11-Solaris provider requires " +
--- a/test/sun/security/pkcs11/Signature/TestDSA.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Signature/TestDSA.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,14 +28,24 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm TestDSA + * @run main/othervm TestDSA sm */ -import java.io.*; -import java.util.*; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.StringReader; import java.math.BigInteger; - -import java.security.*; -import java.security.spec.*; +import java.security.KeyFactory; +import java.security.MessageDigest; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignatureException; +import java.security.spec.DSAPrivateKeySpec; +import java.security.spec.DSAPublicKeySpec; +import java.util.Random; public class TestDSA extends PKCS11Test { @@ -102,9 +112,10 @@ } public static void main(String[] args) throws Exception { - main(new TestDSA()); + main(new TestDSA(), args); } + @Override public void main(Provider provider) throws Exception { long start = System.currentTimeMillis(); @@ -115,9 +126,9 @@ * when running SunPKCS11-Solaris (8044554) */ if (provider.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && + props.getProperty("os.name").equals("SunOS") && + props.getProperty("os.arch").equals("sparcv9") && + props.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println("SunPKCS11-Solaris provider requires " +
--- a/test/sun/security/pkcs11/Signature/TestDSAKeyLength.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Signature/TestDSAKeyLength.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -20,6 +20,7 @@ * or visit www.oracle.com if you need additional information or have any * questions. */ + /* * @test * @bug 7200306 8029158 @@ -27,19 +28,24 @@ * with unsupported key sizes * @library .. * @key randomness + * @run main/othervm TestDSAKeyLength + * @run main/othervm TestDSAKeyLength sm */ - -import java.security.*; -import java.security.spec.*; -import java.security.interfaces.*; +import java.security.InvalidKeyException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.security.SecureRandom; +import java.security.Signature; public class TestDSAKeyLength extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new TestDSAKeyLength()); + main(new TestDSAKeyLength(), args); } + @Override public void main(Provider provider) throws Exception { if (isNSS(provider) && getNSSVersion() >= 3.14) { System.out.println("Skip testing NSS " + getNSSVersion()); @@ -51,9 +57,9 @@ * when running SunPKCS11-Solaris (8044554) */ if (provider.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && + props.getProperty("os.name").equals("SunOS") && + props.getProperty("os.arch").equals("sparcv9") && + props.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println("SunPKCS11-Solaris provider requires " +
--- a/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/Signature/TestRSAKeyLength.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,14 +27,26 @@ * @summary Make sure initSign/initVerify() check RSA key lengths * @author Yu-Ching Valerie Peng * @library .. + * @run main/othervm TestRSAKeyLength + * @run main/othervm TestRSAKeyLength sm */ -import java.security.*; +import java.security.InvalidKeyException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.SignedObject; public class TestRSAKeyLength extends PKCS11Test { + public static void main(String[] args) throws Exception { - main(new TestRSAKeyLength()); + main(new TestRSAKeyLength(), args); } + + @Override public void main(Provider p) throws Exception { /* @@ -42,9 +54,9 @@ * when running SunPKCS11-Solaris (8044554) */ if (p.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && + props.getProperty("os.name").equals("SunOS") && + props.getProperty("os.arch").equals("sparcv9") && + props.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println("SunPKCS11-Solaris provider requires " +
--- a/test/sun/security/pkcs11/ec/ReadCertificates.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/ec/ReadCertificates.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,16 +29,31 @@ * @author Andreas Sterbenz * @library .. * @library ../../../../java/security/testlibrary + * @run main/othervm ReadCertificates + * @run main/othervm ReadCertificates sm policy */ -import java.io.*; -import java.util.*; - -import java.security.cert.*; -import java.security.*; -import java.security.interfaces.*; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.SignatureException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.security.interfaces.ECPublicKey; import java.security.spec.ECParameterSpec; - +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; import javax.security.auth.x500.X500Principal; public class ReadCertificates extends PKCS11Test { @@ -49,16 +64,18 @@ private static Collection<X509Certificate> readCertificates(File file) throws Exception { System.out.println("Loading " + file.getName() + "..."); - InputStream in = new FileInputStream(file); - Collection<X509Certificate> certs = (Collection<X509Certificate>)factory.generateCertificates(in); - in.close(); + Collection<X509Certificate> certs; + try (InputStream in = new FileInputStream(file)) { + certs = (Collection<X509Certificate>)factory.generateCertificates(in); + } return certs; } public static void main(String[] args) throws Exception { - main(new ReadCertificates()); + main(new ReadCertificates(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("Signature", "SHA1withECDSA") == null) { System.out.println("Provider does not support ECDSA, skipping..."); @@ -79,7 +96,7 @@ } catch (CertificateException e) { // ignore } - Map<X500Principal,X509Certificate> certs = new LinkedHashMap<X500Principal,X509Certificate>(); + Map<X500Principal,X509Certificate> certs = new LinkedHashMap<>(); File dir = new File(BASE, "certs"); File closedDir = new File(CLOSED_BASE, "certs"); @@ -103,7 +120,7 @@ System.out.println("OK: " + certs.size() + " certificates."); // Get supported curves - Vector<ECParameterSpec> supportedEC = getKnownCurves(p); + List<ECParameterSpec> supportedEC = getKnownCurves(p); System.out.println("Test Certs:\n"); for (X509Certificate cert : certs.values()) { @@ -127,7 +144,8 @@ System.out.println("Warning: " + e.getMessage() + ". Trying another provider..."); cert.verify(key); - } catch (Exception e) { + } catch (CertificateException | InvalidKeyException | + NoSuchProviderException | SignatureException e) { System.out.println(e.getMessage()); if (key instanceof ECPublicKey) { System.out.println("Failed.\n\tCurve: " + @@ -145,7 +163,7 @@ // try some random invalid signatures to make sure we get the correct // error System.out.println("Checking incorrect signatures..."); - List<X509Certificate> certList = new ArrayList<X509Certificate>(certs.values()); + List<X509Certificate> certList = new ArrayList<>(certs.values()); for (int i = 0; i < 20; i++) { X509Certificate cert, signer; do { @@ -155,9 +173,7 @@ try { cert.verify(signer.getPublicKey()); throw new Exception("Verified invalid signature"); - } catch (SignatureException e) { - System.out.println("OK: " + e); - } catch (InvalidKeyException e) { + } catch (SignatureException | InvalidKeyException e) { System.out.println("OK: " + e); } }
--- a/test/sun/security/pkcs11/ec/ReadPKCS12.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/ec/ReadPKCS12.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,26 +29,41 @@ * @library .. * @library ../../../../java/security/testlibrary * @key randomness + * @run main/othervm ReadPKCS12 + * @run main/othervm ReadPKCS12 sm policy */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.interfaces.*; -import java.security.cert.*; +import java.io.BufferedReader; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.FileReader; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; import java.security.cert.Certificate; - -import javax.security.auth.x500.X500Principal; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Random; public class ReadPKCS12 extends PKCS11Test { private final static boolean COPY = false; public static void main(String[] args) throws Exception { - main(new ReadPKCS12()); + main(new ReadPKCS12(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("Signature", "SHA1withECDSA") == null) { System.out.println("Provider does not support ECDSA, skipping..."); @@ -71,29 +86,30 @@ KeyStore ks2; if (COPY) { ks2 = KeyStore.getInstance("JKS"); - InputStream in = new FileInputStream("keystore.old"); - ks2.load(in, "passphrase".toCharArray()); - in.close(); + try (InputStream in = new FileInputStream("keystore.old")) { + ks2.load(in, "passphrase".toCharArray()); + } } File dir = new File(BASE, "pkcs12"); File closedDir = new File(CLOSED_BASE, "pkcs12"); - Map<String,char[]> passwords = new HashMap<String,char[]>(); - BufferedReader reader = new BufferedReader(new FileReader((new File(BASE, "p12passwords.txt")))); - while (true) { - String line = reader.readLine(); - if (line == null) { - break; + Map<String,char[]> passwords = new HashMap<>(); + try (BufferedReader reader = new BufferedReader( + new FileReader(new File(BASE, "p12passwords.txt")))) { + while (true) { + String line = reader.readLine(); + if (line == null) { + break; + } + line = line.trim(); + if ((line.length() == 0) || line.startsWith("#")) { + continue; + } + String[] s = line.split(" "); + passwords.put(s[0], s[1].toCharArray()); } - line = line.trim(); - if ((line.length() == 0) || line.startsWith("#")) { - continue; - } - String[] s = line.split(" "); - passwords.put(s[0], s[1].toCharArray()); } - reader.close(); for (File file : concat(dir.listFiles(), closedDir.listFiles())) { String name = file.getName(); @@ -108,10 +124,11 @@ password = passwords.get("*"); } - InputStream in = new FileInputStream(file); - KeyStore ks = KeyStore.getInstance("PKCS12"); - ks.load(in, password); - in.close(); + KeyStore ks; + try (InputStream in = new FileInputStream(file)) { + ks = KeyStore.getInstance("PKCS12"); + ks.load(in, password); + } List<String> aliases = Collections.list(ks.aliases()); System.out.println("Aliases: " + aliases); @@ -147,9 +164,9 @@ } if (COPY) { - OutputStream out = new FileOutputStream("keystore.new"); - ks2.store(out, "passphrase".toCharArray()); - out.close(); + try (OutputStream out = new FileOutputStream("keystore.new")) { + ks2.store(out, "passphrase".toCharArray()); + } } System.out.println("OK");
--- a/test/sun/security/pkcs11/ec/TestCurves.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/ec/TestCurves.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,53 +28,46 @@ * @author Andreas Sterbenz * @library .. * @compile -XDignore.symbol.file TestCurves.java - * @run main TestCurves + * @run main/othervm TestCurves + * @run main/othervm TestCurves sm * @key randomness */ -import java.util.*; - -import java.security.*; -import java.security.spec.*; - -import javax.crypto.*; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; +import java.security.ProviderException; +import java.security.Signature; +import java.security.spec.ECParameterSpec; +import java.util.Arrays; +import java.util.List; +import java.util.Random; +import javax.crypto.KeyAgreement; public class TestCurves extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new TestCurves()); + main(new TestCurves(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("KeyAgreement", "ECDH") == null) { System.out.println("Not supported by provider, skipping"); return; } - if (isNSS(p) && getNSSVersion() >= 3.11 && getNSSVersion() < 3.12) { - System.out.println("NSS 3.11 has a DER issue that recent " + - "version do not."); + if (isBadNSSVersion(p)) { return; } - /* - * Use Solaris SPARC 11.2 or later to avoid an intermittent failure - * when running SunPKCS11-Solaris (8044554) - */ - if (p.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && - getDistro().compareTo("11.2") < 0) { - - System.out.println("SunPKCS11-Solaris provider requires " + - "Solaris SPARC 11.2 or later, skipping"); + if (isBadSolarisSparc(p)) { return; } // Check if this is sparc for later failure avoidance. boolean sparc = false; - if (System.getProperty("os.arch").equals("sparcv9")) { + if (props.getProperty("os.arch").equals("sparcv9")) { sparc = true; System.out.println("This is a sparcv9"); } @@ -83,7 +76,7 @@ byte[] data = new byte[2048]; random.nextBytes(data); - Vector<ECParameterSpec> curves = getKnownCurves(p); + List<ECParameterSpec> curves = getKnownCurves(p); for (ECParameterSpec params : curves) { System.out.println("Testing " + params + "..."); KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", p);
--- a/test/sun/security/pkcs11/ec/TestECDH.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/ec/TestECDH.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,16 +28,21 @@ * @author Andreas Sterbenz * @library .. * @library ../../../../java/security/testlibrary + * @run main/othervm TestECDH + * @run main/othervm TestECDH sm policy */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.spec.*; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; import java.security.interfaces.ECPublicKey; - -import javax.crypto.*; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import java.util.Arrays; +import javax.crypto.KeyAgreement; public class TestECDH extends PKCS11Test { @@ -55,6 +60,7 @@ private final static String secret163 = "04:ae:71:c1:c6:4d:f4:34:4d:72:70:a4:64:65:7f:2d:88:2d:3f:50:be"; + @Override public void main(Provider p) throws Exception { if (p.getService("KeyAgreement", "ECDH") == null) { System.out.println("Provider does not support ECDH, skipping"); @@ -89,10 +95,12 @@ System.out.println("OK"); } - private final static void test(Provider p, String pub1s, String priv1s, String pub2s, String priv2s, String secrets) throws Exception { + private final static void test(Provider p, String pub1s, String priv1s, + String pub2s, String priv2s, String secrets) throws Exception { KeyFactory kf = KeyFactory.getInstance("EC", p); PublicKey pub1 = kf.generatePublic(new X509EncodedKeySpec(parse(pub1s))); - System.out.println("Testing using parameters " + ((ECPublicKey)pub1).getParams() + "..."); + System.out.println("Testing using parameters " + + ((ECPublicKey)pub1).getParams() + "..."); PrivateKey priv1 = kf.generatePrivate(new PKCS8EncodedKeySpec(parse(priv1s))); PublicKey pub2 = kf.generatePublic(new X509EncodedKeySpec(parse(pub2s))); @@ -121,7 +129,7 @@ } public static void main(String[] args) throws Exception { - main(new TestECDH()); + main(new TestECDH(), args); } }
--- a/test/sun/security/pkcs11/ec/TestECDH2.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/ec/TestECDH2.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,19 +29,25 @@ * @library .. * @library ../../../../java/security/testlibrary * @compile -XDignore.symbol.file TestECDH2.java - * @run main TestECDH2 + * @run main/othervm TestECDH2 + * @run main/othervm TestECDH2 sm */ -import java.io.*; -import java.util.*; import java.math.BigInteger; - -import java.security.*; -import java.security.spec.*; -import java.security.interfaces.*; -import javax.crypto.*; - -import sun.security.util.ECUtil; +import java.security.AlgorithmParameters; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.spec.ECGenParameterSpec; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; +import java.util.Arrays; +import javax.crypto.KeyAgreement; public class TestECDH2 extends PKCS11Test { @@ -80,7 +86,9 @@ private KeyPair genECKeyPair(String curvName, String privD, String pubX, String pubY, Provider p) throws Exception { - ECParameterSpec ecParams = ECUtil.getECParameterSpec(p, curvName); + AlgorithmParameters params = AlgorithmParameters.getInstance("EC", p); + params.init(new ECGenParameterSpec(curvName)); + ECParameterSpec ecParams = params.getParameterSpec(ECParameterSpec.class); ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(new BigInteger(privD, 16), ecParams); ECPublicKeySpec pubKeySpec = @@ -97,19 +105,17 @@ return kpg.generateKeyPair(); } public static void main(String[] args) throws Exception { - main(new TestECDH2()); + main(new TestECDH2(), args); } + @Override public void main(Provider provider) throws Exception { if (provider.getService("KeyAgreement", "ECDH") == null) { System.out.println("ECDH not supported, skipping"); return; } - if (isNSS(provider) && getNSSVersion() >= 3.11 && - getNSSVersion() < 3.12) { - System.out.println("NSS 3.11 has a DER issue that recent " + - "version do not."); + if (isBadNSSVersion(provider)) { return; }
--- a/test/sun/security/pkcs11/ec/TestECDSA.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/ec/TestECDSA.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,13 +29,22 @@ * @library .. * @library ../../../../java/security/testlibrary * @key randomness + * @run main/othervm TestECDSA + * @run main/othervm TestECDSA sm policy */ -import java.util.*; - -import java.security.*; -import java.security.spec.*; -import java.security.interfaces.*; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.MessageDigest; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.interfaces.ECPublicKey; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import java.util.Random; public class TestECDSA extends PKCS11Test { @@ -79,7 +88,8 @@ private final static byte[] data2Raw = {}; private final static byte[] data2SHA = b("da:39:a3:ee:5e:6b:4b:0d:32:55:bf:ef:95:60:18:90:af:d8:07:09"); - private static void verify(Provider provider, String alg, PublicKey key, byte[] data, byte[] sig, boolean result) throws Exception { + private static void verify(Provider provider, String alg, PublicKey key, + byte[] data, byte[] sig, boolean result) throws Exception { Signature s = Signature.getInstance(alg, provider); s.initVerify(key); boolean r; @@ -105,9 +115,10 @@ } public static void main(String[] args) throws Exception { - main(new TestECDSA()); + main(new TestECDSA(), args); } + @Override public void main(Provider provider) throws Exception { long start = System.currentTimeMillis(); @@ -116,25 +127,11 @@ return; } - if (isNSS(provider) && getNSSVersion() >= 3.11 && - getNSSVersion() < 3.12) { - System.out.println("NSS 3.11 has a DER issue that recent " + - "version do not."); + if (isBadNSSVersion(provider)) { return; } - /* - * Use Solaris SPARC 11.2 or later to avoid an intermittent failure - * when running SunPKCS11-Solaris (8044554) - */ - if (provider.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && - getDistro().compareTo("11.2") < 0) { - - System.out.println("SunPKCS11-Solaris provider requires " + - "Solaris SPARC 11.2 or later, skipping"); + if (isBadSolarisSparc(provider)) { return; }
--- a/test/sun/security/pkcs11/ec/TestECDSA2.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/ec/TestECDSA2.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,18 +29,23 @@ * @library .. * @library ../../../../java/security/testlibrary * @compile -XDignore.symbol.file TestECDSA2.java - * @run main TestECDSA2 + * @run main/othervm TestECDSA2 + * @run main/othervm TestECDSA2 sm */ -import java.io.*; -import java.util.*; import java.math.BigInteger; - -import java.security.*; -import java.security.spec.*; -import java.security.interfaces.*; - -import sun.security.util.ECUtil; +import java.security.AlgorithmParameters; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.spec.ECGenParameterSpec; +import java.security.spec.ECParameterSpec; +import java.security.spec.ECPoint; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; public class TestECDSA2 extends PKCS11Test { @@ -77,7 +82,9 @@ private KeyPair genECKeyPair(String curvName, String privD, String pubX, String pubY, Provider p) throws Exception { - ECParameterSpec ecParams = ECUtil.getECParameterSpec(p, curvName); + AlgorithmParameters params = AlgorithmParameters.getInstance("EC", p); + params.init(new ECGenParameterSpec(curvName)); + ECParameterSpec ecParams = params.getParameterSpec(ECParameterSpec.class); ECPrivateKeySpec privKeySpec = new ECPrivateKeySpec(new BigInteger(privD, 16), ecParams); ECPublicKeySpec pubKeySpec = @@ -89,9 +96,10 @@ } public static void main(String[] args) throws Exception { - main(new TestECDSA2()); + main(new TestECDSA2(), args); } + @Override public void main(Provider provider) throws Exception { boolean testP256 = (provider.getService("Signature", "SHA256withECDSA") != null); @@ -104,10 +112,7 @@ return; } - if (isNSS(provider) && getNSSVersion() >= 3.11 && - getNSSVersion() < 3.12) { - System.out.println("NSS 3.11 has a DER issue that recent " + - "version do not."); + if (isBadNSSVersion(provider)) { return; }
--- a/test/sun/security/pkcs11/ec/TestECGenSpec.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/ec/TestECGenSpec.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,29 +27,32 @@ * @summary Verify that we can use ECGenParameterSpec * @author Andreas Sterbenz * @library .. + * @run main/othervm TestECGenSpec + * @run main/othervm TestECGenSpec sm */ -import java.util.*; - -import java.security.*; -import java.security.spec.*; +import java.security.AlgorithmParameters; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Provider; import java.security.interfaces.ECPublicKey; +import java.security.spec.ECGenParameterSpec; +import java.security.spec.ECParameterSpec; public class TestECGenSpec extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new TestECGenSpec()); + main(new TestECGenSpec(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("Signature", "SHA1withECDSA") == null) { System.out.println("Provider does not support ECDSA, skipping..."); return; } - if (isNSS(p) && getNSSVersion() >= 3.11 && getNSSVersion() < 3.12) { - System.out.println("NSS 3.11 has a DER issue that recent " + - "version do not."); + if (isBadNSSVersion(p)) { return; }
--- a/test/sun/security/pkcs11/ec/TestKeyFactory.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/ec/TestKeyFactory.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,14 +27,23 @@ * @summary Test the P11ECKeyFactory * @author Andreas Sterbenz * @library .. + * @run main/othervm TestKeyFactory + * @run main/othervm TestKeyFactory sm */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.interfaces.*; -import java.security.spec.*; +import java.security.Key; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.spec.ECPrivateKeySpec; +import java.security.spec.ECPublicKeySpec; +import java.security.spec.KeySpec; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import java.util.Arrays; public class TestKeyFactory extends PKCS11Test { @@ -111,9 +120,10 @@ } public static void main(String[] args) throws Exception { - main(new TestKeyFactory()); + main(new TestKeyFactory(), args); } + @Override public void main(Provider p) throws Exception { if (p.getService("KeyFactory", "EC") == null) { System.out.println("Provider does not support EC, skipping");
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs11/ec/policy Sat May 06 23:47:22 2017 +0100 @@ -0,0 +1,7 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.security.SecurityPermission "insertProvider.*"; + permission java.security.SecurityPermission "removeProvider.*"; + permission java.io.FilePermission "${test.src}/-", "read"; + permission java.io.FilePermission "${closed.base}/-", "read"; +}; \ No newline at end of file
--- a/test/sun/security/pkcs11/fips/TrustManagerTest.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/fips/TrustManagerTest.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,15 +28,21 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm TrustManagerTest + * @run main/othervm TrustManagerTest sm TrustManagerTest.policy */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.cert.*; - -import javax.net.ssl.*; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.KeyStore; +import java.security.Policy; +import java.security.Provider; +import java.security.Security; +import java.security.URIParameter; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; // This test belongs more in JSSE than here, but the JSSE workspace does not // have the NSS test infrastructure. It will live here for the time being. @@ -72,6 +78,12 @@ X509Certificate ca = loadCertificate("certs/ca.cer"); X509Certificate anchor = loadCertificate("certs/anchor.cer"); + if (args.length > 1 && "sm".equals(args[0])) { + Policy.setPolicy(Policy.getInstance("JavaPolicy", + new URIParameter(new File(BASE, args[1]).toURI()))); + System.setSecurityManager(new SecurityManager()); + } + KeyStore trustStore = KeyStore.getInstance("JKS"); trustStore.load(null, null); trustStore.setCertificateEntry("anchor", anchor); @@ -89,11 +101,10 @@ } private static X509Certificate loadCertificate(String name) throws Exception { - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - InputStream in = new FileInputStream(BASE + SEP + name); - X509Certificate cert = (X509Certificate)cf.generateCertificate(in); - in.close(); - return cert; + try (InputStream in = new FileInputStream(BASE + SEP + name)) { + return (X509Certificate) CertificateFactory.getInstance("X.509") + .generateCertificate(in); + } } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs11/fips/TrustManagerTest.policy Sat May 06 23:47:22 2017 +0100 @@ -0,0 +1,3 @@ +grant { + +}; \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs11/policy Sat May 06 23:47:22 2017 +0100 @@ -0,0 +1,3 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; +}; \ No newline at end of file
--- a/test/sun/security/pkcs11/rsa/KeyWrap.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/rsa/KeyWrap.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2007, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,18 +28,28 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm KeyWrap + * @run main/othervm KeyWrap sm */ -import java.io.*; -import java.util.*; - -import java.security.*; - -import javax.crypto.*; -import javax.crypto.spec.*; +import java.security.GeneralSecurityException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.util.Random; +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.spec.SecretKeySpec; public class KeyWrap extends PKCS11Test { + @Override public void main(Provider p) throws Exception { try { Cipher.getInstance("RSA/ECB/PKCS1Padding", p); @@ -62,7 +72,7 @@ PublicKey pub = (PublicKey)kf.translateKey(kp.getPublic()); PrivateKey priv = (PrivateKey)kf.translateKey(kp.getPrivate()); kp = new KeyPair(pub, priv); - } catch (Exception ee) { + } catch (NoSuchAlgorithmException | InvalidKeyException ee) { ee.printStackTrace(); System.out.println("Provider does not support RSA, skipping"); return; @@ -93,7 +103,7 @@ } public static void main(String[] args) throws Exception { - main(new KeyWrap()); + main(new KeyWrap(), args); } }
--- a/test/sun/security/pkcs11/rsa/TestCACerts.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/rsa/TestCACerts.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,24 +27,28 @@ * @summary Test the new RSA provider can verify all the RSA certs in the cacerts file * @author Andreas Sterbenz * @library .. + * @run main/othervm TestCACerts + * @run main/othervm TestCACerts sm TestCACerts.policy */ // this test serves as our known answer test -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.cert.*; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.KeyStore; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Security; +import java.security.cert.X509Certificate; +import java.util.Enumeration; public class TestCACerts extends PKCS11Test { - private final static char SEP = File.separatorChar; - public static void main(String[] args) throws Exception { - main(new TestCACerts()); + main(new TestCACerts(), args); } + @Override public void main(Provider p) throws Exception { /* @@ -52,9 +56,9 @@ * when running SunPKCS11-Solaris (8044554) */ if (p.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && + props.getProperty("os.name").equals("SunOS") && + props.getProperty("os.arch").equals("sparcv9") && + props.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println("SunPKCS11-Solaris provider requires " + @@ -66,12 +70,13 @@ Security.addProvider(p); try { String PROVIDER = p.getName(); - String javaHome = System.getProperty("java.home"); + String javaHome = props.getProperty("java.home"); String caCerts = javaHome + SEP + "lib" + SEP + "security" + SEP + "cacerts"; - InputStream in = new FileInputStream(caCerts); - KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); - ks.load(in, null); - in.close(); + KeyStore ks; + try (InputStream in = new FileInputStream(caCerts)) { + ks = KeyStore.getInstance(KeyStore.getDefaultType()); + ks.load(in, null); + } for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) { String alias = (String)e.nextElement(); if (ks.isCertificateEntry(alias)) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs11/rsa/TestCACerts.policy Sat May 06 23:47:22 2017 +0100 @@ -0,0 +1,7 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.security.SecurityPermission "insertProvider.*"; + permission java.security.SecurityPermission "removeProvider.*"; + permission java.util.PropertyPermission "java.home", "read"; + permission java.io.FilePermission "${java.home}/lib/security/cacerts", "read"; +}; \ No newline at end of file
--- a/test/sun/security/pkcs11/rsa/TestKeyFactory.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/rsa/TestKeyFactory.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,26 +27,26 @@ * @summary Test KeyFactory of the new RSA provider * @author Andreas Sterbenz * @library .. + * @run main/othervm TestKeyFactory + * @run main/othervm TestKeyFactory sm rsakeys.ks.policy */ import java.io.*; import java.util.*; import java.security.*; -import java.security.interfaces.*; import java.security.spec.*; public class TestKeyFactory extends PKCS11Test { - private final static String BASE = System.getProperty("test.src", "."); - private static final char[] password = "test12".toCharArray(); static KeyStore getKeyStore() throws Exception { - InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks")); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(in, password); - in.close(); + KeyStore ks; + try (InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"))) { + ks = KeyStore.getInstance("JKS"); + ks.load(in, password); + } return ks; } @@ -128,9 +128,10 @@ } public static void main(String[] args) throws Exception { - main(new TestKeyFactory()); + main(new TestKeyFactory(), args); } + @Override public void main(Provider p) throws Exception { long start = System.currentTimeMillis(); KeyStore ks = getKeyStore();
--- a/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,16 +28,21 @@ * @author Andreas Sterbenz * @library .. * @run main/othervm TestKeyPairGenerator + * @run main/othervm TestKeyPairGenerator sm TestKeyPairGenerator.policy * @key intermittent randomness */ -import java.io.*; -import java.util.*; import java.math.BigInteger; - -import java.security.*; -import java.security.interfaces.*; -import java.security.spec.*; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.interfaces.RSAPrivateCrtKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.RSAKeyGenParameterSpec; +import java.util.Random; public class TestKeyPairGenerator extends PKCS11Test { @@ -45,7 +50,8 @@ private static byte[] data; - private static void testSignature(String algorithm, PrivateKey privateKey, PublicKey publicKey) throws Exception { + private static void testSignature(String algorithm, PrivateKey privateKey, + PublicKey publicKey) throws Exception { System.out.println("Testing " + algorithm + "..."); Signature s = Signature.getInstance(algorithm, provider); s.initSign(privateKey); @@ -95,9 +101,10 @@ } public static void main(String[] args) throws Exception { - main(new TestKeyPairGenerator()); + main(new TestKeyPairGenerator(), args); } + @Override public void main(Provider p) throws Exception { long start = System.currentTimeMillis(); provider = p;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs11/rsa/TestKeyPairGenerator.policy Sat May 06 23:47:22 2017 +0100 @@ -0,0 +1,4 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.util.PropertyPermission "seed", "read"; +}; \ No newline at end of file
--- a/test/sun/security/pkcs11/rsa/TestSignatures.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/rsa/TestSignatures.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -28,18 +28,25 @@ * @author Andreas Sterbenz * @library .. * @key randomness + * @run main/othervm TestSignatures + * @run main/othervm TestSignatures sm rsakeys.ks.policy */ -import java.io.*; -import java.util.*; - -import java.security.*; -import java.security.interfaces.*; +import java.io.File; +import java.io.FileInputStream; +import java.io.InputStream; +import java.security.KeyFactory; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.Signature; +import java.security.interfaces.RSAPublicKey; +import java.util.Enumeration; +import java.util.Random; public class TestSignatures extends PKCS11Test { - private final static String BASE = System.getProperty("test.src", "."); - private static final char[] password = "test12".toCharArray(); private static Provider provider; @@ -47,14 +54,16 @@ private static byte[] data; static KeyStore getKeyStore() throws Exception { - InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks")); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(in, password); - in.close(); + KeyStore ks; + try (InputStream in = new FileInputStream(new File(BASE, "rsakeys.ks"))) { + ks = KeyStore.getInstance("JKS"); + ks.load(in, password); + } return ks; } - private static void testSignature(String algorithm, PrivateKey privateKey, PublicKey publicKey) throws Exception { + private static void testSignature(String algorithm, PrivateKey privateKey, + PublicKey publicKey) throws Exception { System.out.println("Testing " + algorithm + "..."); Signature s = Signature.getInstance(algorithm, provider); s.initSign(privateKey); @@ -78,7 +87,8 @@ } } - private static void test(PrivateKey privateKey, PublicKey publicKey) throws Exception { + private static void test(PrivateKey privateKey, PublicKey publicKey) + throws Exception { testSignature("MD2withRSA", privateKey, publicKey); testSignature("MD5withRSA", privateKey, publicKey); testSignature("SHA1withRSA", privateKey, publicKey); @@ -93,9 +103,10 @@ } public static void main(String[] args) throws Exception { - main(new TestSignatures()); + main(new TestSignatures(), args); } + @Override public void main(Provider p) throws Exception { /* @@ -103,9 +114,9 @@ * when running SunPKCS11-Solaris (8044554) */ if (p.getName().equals("SunPKCS11-Solaris") && - System.getProperty("os.name").equals("SunOS") && - System.getProperty("os.arch").equals("sparcv9") && - System.getProperty("os.version").compareTo("5.11") <= 0 && + props.getProperty("os.name").equals("SunOS") && + props.getProperty("os.arch").equals("sparcv9") && + props.getProperty("os.version").compareTo("5.11") <= 0 && getDistro().compareTo("11.2") < 0) { System.out.println("SunPKCS11-Solaris provider requires " +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs11/rsa/rsakeys.ks.policy Sat May 06 23:47:22 2017 +0100 @@ -0,0 +1,4 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.io.FilePermission "${test.src}/rsakeys.ks", "read"; +}; \ No newline at end of file
--- a/test/sun/security/pkcs11/sslecc/CipherTest.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/sslecc/CipherTest.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -47,7 +47,8 @@ // use any available port for the server socket static volatile int serverPort = 0; - final int THREADS; + static final int THREADS = Integer.getInteger("numThreads", 4); + static final String TEST_SRC = System.getProperty("test.src", "."); // assume that if we do not read anything for 20 seconds, something // has gone wrong @@ -68,6 +69,7 @@ this.cipherTest = cipherTest; } + @Override public abstract void run(); void handleRequest(InputStream in, OutputStream out) throws IOException { @@ -117,6 +119,7 @@ return TLSCipherStatus.isEnabled(cipherSuite, protocol); } + @Override public String toString() { String s = cipherSuite + " in " + protocol + " mode"; if (clientAuth != null) { @@ -260,7 +263,6 @@ private boolean failed; private CipherTest(PeerFactory peerFactory) throws IOException { - THREADS = Integer.parseInt(System.getProperty("numThreads", "4")); factory = (SSLSocketFactory)SSLSocketFactory.getDefault(); SSLSocket socket = (SSLSocket)factory.createSocket(); String[] cipherSuites = socket.getSupportedCipherSuites(); @@ -350,6 +352,7 @@ this.cipherTest = cipherTest; } + @Override public final void run() { while (true) { TestParameters params = cipherTest.getTest(); @@ -405,10 +408,11 @@ private static KeyStore readKeyStore(String name) throws Exception { File file = new File(PATH, name); - InputStream in = new FileInputStream(file); - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(in, passwd); - in.close(); + KeyStore ks; + try (InputStream in = new FileInputStream(file)) { + ks = KeyStore.getInstance("JKS"); + ks.load(in, passwd); + } return ks; } @@ -421,7 +425,7 @@ } else { relPath = pathToStores; } - PATH = new File(System.getProperty("test.src", "."), relPath); + PATH = new File(TEST_SRC, relPath); CipherTest.peerFactory = peerFactory; System.out.print( "Initializing test '" + peerFactory.getName() + "'..."); @@ -494,16 +498,19 @@ } + @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { // empty } + @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { // empty } + @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } @@ -522,6 +529,7 @@ this.authType = "ECDSA".equals(authType) ? "EC" : authType; } + @Override public String[] getClientAliases(String keyType, Principal[] issuers) { if (authType == null) { return null; @@ -529,6 +537,7 @@ return keyManager.getClientAliases(authType, issuers); } + @Override public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { if (authType == null) { @@ -538,6 +547,7 @@ issuers, socket); } + @Override public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine) { if (authType == null) { @@ -547,24 +557,29 @@ issuers, engine); } + @Override public String[] getServerAliases(String keyType, Principal[] issuers) { throw new UnsupportedOperationException("Servers not supported"); } + @Override public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { throw new UnsupportedOperationException("Servers not supported"); } + @Override public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) { throw new UnsupportedOperationException("Servers not supported"); } + @Override public X509Certificate[] getCertificateChain(String alias) { return keyManager.getCertificateChain(alias); } + @Override public PrivateKey getPrivateKey(String alias) { return keyManager.getPrivateKey(alias); } @@ -577,6 +592,7 @@ private final static ThreadFactory DEFAULT = Executors.defaultThreadFactory(); + @Override public Thread newThread(Runnable r) { Thread t = DEFAULT.newThread(r); t.setDaemon(true);
--- a/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -35,9 +35,11 @@ * @library ../../../../java/security/testlibrary * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1" * ClientJSSEServerJSSE + * @run main/othervm ClientJSSEServerJSSE sm policy */ -import java.security.*; +import java.security.Provider; +import java.security.Security; public class ClientJSSEServerJSSE extends PKCS11Test { @@ -50,13 +52,14 @@ Security.setProperty("jdk.certpath.disabledAlgorithms", ""); cmdArgs = args; - main(new ClientJSSEServerJSSE()); + main(new ClientJSSEServerJSSE(), args); // now test without SunEC Provider System.setProperty("testWithoutSunEC", "true"); main(new ClientJSSEServerJSSE()); } + @Override public void main(Provider p) throws Exception { String testWithoutSunEC = System.getProperty("testWithoutSunEC"); @@ -81,14 +84,17 @@ private static class JSSEFactory extends CipherTest.PeerFactory { + @Override String getName() { return "Client JSSE - Server JSSE"; } + @Override CipherTest.Client newClient(CipherTest cipherTest) throws Exception { return new JSSEClient(cipherTest); } + @Override CipherTest.Server newServer(CipherTest cipherTest) throws Exception { return new JSSEServer(cipherTest); }
--- a/test/sun/security/pkcs11/sslecc/JSSEServer.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/sslecc/JSSEServer.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -21,16 +21,17 @@ * questions. */ -import java.io.*; -import java.net.*; -import java.util.*; -import java.util.concurrent.*; - -import java.security.*; -import java.security.cert.*; -import java.security.cert.Certificate; - -import javax.net.ssl.*; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.util.concurrent.Executor; +import java.util.concurrent.Executors; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.TrustManager; class JSSEServer extends CipherTest.Server { @@ -48,15 +49,17 @@ serverSocket.setWantClientAuth(true); } + @Override public void run() { System.out.println("JSSE Server listening on port " + cipherTest.serverPort); Executor exec = Executors.newFixedThreadPool - (cipherTest.THREADS, DaemonThreadFactory.INSTANCE); + (CipherTest.THREADS, DaemonThreadFactory.INSTANCE); try { while (true) { final SSLSocket socket = (SSLSocket)serverSocket.accept(); socket.setSoTimeout(cipherTest.TIMEOUT); Runnable r = new Runnable() { + @Override public void run() { try { InputStream in = socket.getInputStream();
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs11/sslecc/policy Sat May 06 23:47:22 2017 +0100 @@ -0,0 +1,9 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.security.SecurityPermission "insertProvider.*"; + permission java.security.SecurityPermission "removeProvider.*"; + permission java.util.PropertyPermission "test.src", "read"; + permission java.util.PropertyPermission "numThreads", "read"; + permission java.io.FilePermission "${test.src}/*", "read"; + permission java.net.SocketPermission "127.0.0.1:*", "listen,resolve,accept,connect"; +}; \ No newline at end of file
--- a/test/sun/security/pkcs11/tls/TestKeyMaterial.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/tls/TestKeyMaterial.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,137 +26,139 @@ * @bug 6316539 * @summary Known-answer-test for TlsKeyMaterial generator * @author Andreas Sterbenz + * @run main/othervm TestKeyMaterial + * @run main/othervm TestKeyMaterial sm policy * @library .. */ -import java.io.*; -import java.util.*; - -import java.security.Security; +import java.io.BufferedReader; +import java.nio.file.Files; +import java.nio.file.Paths; import java.security.Provider; - +import java.util.Arrays; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; - -import javax.crypto.spec.*; - -import sun.security.internal.spec.*; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import sun.security.internal.spec.TlsKeyMaterialParameterSpec; +import sun.security.internal.spec.TlsKeyMaterialSpec; public class TestKeyMaterial extends PKCS11Test { - private static int PREFIX_LENGTH = "km-master: ".length(); + private static final int PREFIX_LENGTH = "km-master: ".length(); public static void main(String[] args) throws Exception { - main(new TestKeyMaterial()); + main(new TestKeyMaterial(), args); } + @Override public void main(Provider provider) throws Exception { if (provider.getService("KeyGenerator", "SunTlsKeyMaterial") == null) { System.out.println("Provider does not support algorithm, skipping"); return; } - InputStream in = new FileInputStream(new File(BASE, "keymatdata.txt")); - BufferedReader reader = new BufferedReader(new InputStreamReader(in)); + try (BufferedReader reader = Files.newBufferedReader( + Paths.get(BASE, "keymatdata.txt"))) { + + int n = 0; + int lineNumber = 0; - int n = 0; - int lineNumber = 0; + byte[] master = null; + int major = 0; + int minor = 0; + byte[] clientRandom = null; + byte[] serverRandom = null; + String cipherAlgorithm = null; + int keyLength = 0; + int expandedKeyLength = 0; + int ivLength = 0; + int macLength = 0; + byte[] clientCipherBytes = null; + byte[] serverCipherBytes = null; + byte[] clientIv = null; + byte[] serverIv = null; + byte[] clientMacBytes = null; + byte[] serverMacBytes = null; - byte[] master = null; - int major = 0; - int minor = 0; - byte[] clientRandom = null; - byte[] serverRandom = null; - String cipherAlgorithm = null; - int keyLength = 0; - int expandedKeyLength = 0; - int ivLength = 0; - int macLength = 0; - byte[] clientCipherBytes = null; - byte[] serverCipherBytes = null; - byte[] clientIv = null; - byte[] serverIv = null; - byte[] clientMacBytes = null; - byte[] serverMacBytes = null; + while (true) { + String line = reader.readLine(); + lineNumber++; + if (line == null) { + break; + } + if (line.startsWith("km-") == false) { + continue; + } + String data = line.substring(PREFIX_LENGTH); + if (line.startsWith("km-master:")) { + master = parse(data); + } else if (line.startsWith("km-major:")) { + major = Integer.parseInt(data); + } else if (line.startsWith("km-minor:")) { + minor = Integer.parseInt(data); + } else if (line.startsWith("km-crandom:")) { + clientRandom = parse(data); + } else if (line.startsWith("km-srandom:")) { + serverRandom = parse(data); + } else if (line.startsWith("km-cipalg:")) { + cipherAlgorithm = data; + } else if (line.startsWith("km-keylen:")) { + keyLength = Integer.parseInt(data); + } else if (line.startsWith("km-explen:")) { + expandedKeyLength = Integer.parseInt(data); + } else if (line.startsWith("km-ivlen:")) { + ivLength = Integer.parseInt(data); + } else if (line.startsWith("km-maclen:")) { + macLength = Integer.parseInt(data); + } else if (line.startsWith("km-ccipkey:")) { + clientCipherBytes = parse(data); + } else if (line.startsWith("km-scipkey:")) { + serverCipherBytes = parse(data); + } else if (line.startsWith("km-civ:")) { + clientIv = parse(data); + } else if (line.startsWith("km-siv:")) { + serverIv = parse(data); + } else if (line.startsWith("km-cmackey:")) { + clientMacBytes = parse(data); + } else if (line.startsWith("km-smackey:")) { + serverMacBytes = parse(data); - while (true) { - String line = reader.readLine(); - lineNumber++; - if (line == null) { - break; - } - if (line.startsWith("km-") == false) { - continue; + System.out.print("."); + n++; + + KeyGenerator kg = + KeyGenerator.getInstance("SunTlsKeyMaterial", provider); + SecretKey masterKey = + new SecretKeySpec(master, "TlsMasterSecret"); + TlsKeyMaterialParameterSpec spec = + new TlsKeyMaterialParameterSpec(masterKey, major, minor, + clientRandom, serverRandom, cipherAlgorithm, + keyLength, expandedKeyLength, ivLength, macLength, + null, -1, -1); + + kg.init(spec); + TlsKeyMaterialSpec result = + (TlsKeyMaterialSpec)kg.generateKey(); + match(lineNumber, clientCipherBytes, + result.getClientCipherKey(), cipherAlgorithm); + match(lineNumber, serverCipherBytes, + result.getServerCipherKey(), cipherAlgorithm); + match(lineNumber, clientIv, result.getClientIv(), ""); + match(lineNumber, serverIv, result.getServerIv(), ""); + match(lineNumber, clientMacBytes, result.getClientMacKey(), ""); + match(lineNumber, serverMacBytes, result.getServerMacKey(), ""); + + } else { + throw new Exception("Unknown line: " + line); + } } - String data = line.substring(PREFIX_LENGTH); - if (line.startsWith("km-master:")) { - master = parse(data); - } else if (line.startsWith("km-major:")) { - major = Integer.parseInt(data); - } else if (line.startsWith("km-minor:")) { - minor = Integer.parseInt(data); - } else if (line.startsWith("km-crandom:")) { - clientRandom = parse(data); - } else if (line.startsWith("km-srandom:")) { - serverRandom = parse(data); - } else if (line.startsWith("km-cipalg:")) { - cipherAlgorithm = data; - } else if (line.startsWith("km-keylen:")) { - keyLength = Integer.parseInt(data); - } else if (line.startsWith("km-explen:")) { - expandedKeyLength = Integer.parseInt(data); - } else if (line.startsWith("km-ivlen:")) { - ivLength = Integer.parseInt(data); - } else if (line.startsWith("km-maclen:")) { - macLength = Integer.parseInt(data); - } else if (line.startsWith("km-ccipkey:")) { - clientCipherBytes = parse(data); - } else if (line.startsWith("km-scipkey:")) { - serverCipherBytes = parse(data); - } else if (line.startsWith("km-civ:")) { - clientIv = parse(data); - } else if (line.startsWith("km-siv:")) { - serverIv = parse(data); - } else if (line.startsWith("km-cmackey:")) { - clientMacBytes = parse(data); - } else if (line.startsWith("km-smackey:")) { - serverMacBytes = parse(data); - - System.out.print("."); - n++; - - KeyGenerator kg = - KeyGenerator.getInstance("SunTlsKeyMaterial", provider); - SecretKey masterKey = - new SecretKeySpec(master, "TlsMasterSecret"); - TlsKeyMaterialParameterSpec spec = - new TlsKeyMaterialParameterSpec(masterKey, major, minor, - clientRandom, serverRandom, cipherAlgorithm, - keyLength, expandedKeyLength, ivLength, macLength, - null, -1, -1); - - kg.init(spec); - TlsKeyMaterialSpec result = - (TlsKeyMaterialSpec)kg.generateKey(); - match(lineNumber, clientCipherBytes, - result.getClientCipherKey(), cipherAlgorithm); - match(lineNumber, serverCipherBytes, - result.getServerCipherKey(), cipherAlgorithm); - match(lineNumber, clientIv, result.getClientIv(), ""); - match(lineNumber, serverIv, result.getServerIv(), ""); - match(lineNumber, clientMacBytes, result.getClientMacKey(), ""); - match(lineNumber, serverMacBytes, result.getServerMacKey(), ""); - - } else { - throw new Exception("Unknown line: " + line); + if (n == 0) { + throw new Exception("no tests"); } - } - if (n == 0) { - throw new Exception("no tests"); + System.out.println(); + System.out.println("OK: " + n + " tests"); } - in.close(); - System.out.println(); - System.out.println("OK: " + n + " tests"); } private static void stripParity(byte[] b) {
--- a/test/sun/security/pkcs11/tls/TestLeadingZeroesP11.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/tls/TestLeadingZeroesP11.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,15 +27,18 @@ * @summary Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement * @library .. * @author Pasi Eronen + * @run main/othervm TestLeadingZeroesP11 + * @run main/othervm TestLeadingZeroesP11 sm */ -import java.io.*; -import java.security.*; -import java.security.spec.*; -import java.security.interfaces.*; -import javax.crypto.*; -import javax.crypto.spec.*; -import javax.crypto.interfaces.*; + +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.PublicKey; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import javax.crypto.KeyAgreement; /** * Test that leading zeroes are stripped in TlsPremasterSecret case, @@ -48,9 +51,10 @@ public class TestLeadingZeroesP11 extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new TestLeadingZeroesP11()); + main(new TestLeadingZeroesP11(), args); } + @Override public void main(Provider p) throws Exception { // decode pre-generated keypairs
--- a/test/sun/security/pkcs11/tls/TestMasterSecret.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/tls/TestMasterSecret.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,111 +27,112 @@ * @summary Known-answer-test for TlsMasterSecret generator * @author Andreas Sterbenz * @library .. + * @run main/othervm TestMasterSecret + * @run main/othervm TestMasterSecret sm TestMasterSecret.policy */ -import java.io.*; -import java.util.*; - -import java.security.Security; +import java.io.BufferedReader; +import java.nio.file.Files; +import java.nio.file.Paths; import java.security.Provider; - +import java.util.Arrays; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; - -import javax.crypto.spec.*; - -import sun.security.internal.spec.*; +import javax.crypto.spec.SecretKeySpec; import sun.security.internal.interfaces.TlsMasterSecret; +import sun.security.internal.spec.TlsMasterSecretParameterSpec; public class TestMasterSecret extends PKCS11Test { - private static int PREFIX_LENGTH = "m-premaster: ".length(); + private static final int PREFIX_LENGTH = "m-premaster: ".length(); public static void main(String[] args) throws Exception { - main(new TestMasterSecret()); + main(new TestMasterSecret(), args); } + @Override public void main(Provider provider) throws Exception { if (provider.getService("KeyGenerator", "SunTlsMasterSecret") == null) { System.out.println("Not supported by provider, skipping"); return; } - InputStream in = new FileInputStream(new File(BASE, "masterdata.txt")); - BufferedReader reader = new BufferedReader(new InputStreamReader(in)); + + try (BufferedReader reader = Files.newBufferedReader( + Paths.get(BASE, "masterdata.txt"))) { + + int n = 0; + int lineNumber = 0; - int n = 0; - int lineNumber = 0; + String algorithm = null; + byte[] premaster = null; + byte[] clientRandom = null; + byte[] serverRandom = null; + int protoMajor = 0; + int protoMinor = 0; + int preMajor = 0; + int preMinor = 0; + byte[] master = null; - String algorithm = null; - byte[] premaster = null; - byte[] clientRandom = null; - byte[] serverRandom = null; - int protoMajor = 0; - int protoMinor = 0; - int preMajor = 0; - int preMinor = 0; - byte[] master = null; + while (true) { + String line = reader.readLine(); + lineNumber++; + if (line == null) { + break; + } + if (line.startsWith("m-") == false) { + continue; + } + String data = line.substring(PREFIX_LENGTH); + if (line.startsWith("m-algorithm:")) { + algorithm = data; + } else if (line.startsWith("m-premaster:")) { + premaster = parse(data); + } else if (line.startsWith("m-crandom:")) { + clientRandom = parse(data); + } else if (line.startsWith("m-srandom:")) { + serverRandom = parse(data); + } else if (line.startsWith("m-protomajor:")) { + protoMajor = Integer.parseInt(data); + } else if (line.startsWith("m-protominor:")) { + protoMinor = Integer.parseInt(data); + } else if (line.startsWith("m-premajor:")) { + preMajor = Integer.parseInt(data); + } else if (line.startsWith("m-preminor:")) { + preMinor = Integer.parseInt(data); + } else if (line.startsWith("m-master:")) { + master = parse(data); - while (true) { - String line = reader.readLine(); - lineNumber++; - if (line == null) { - break; - } - if (line.startsWith("m-") == false) { - continue; + System.out.print("."); + n++; + + KeyGenerator kg = + KeyGenerator.getInstance("SunTlsMasterSecret", provider); + SecretKey premasterKey = + new SecretKeySpec(premaster, algorithm); + TlsMasterSecretParameterSpec spec = + new TlsMasterSecretParameterSpec(premasterKey, + protoMajor, protoMinor, clientRandom, serverRandom, + null, -1, -1); + kg.init(spec); + TlsMasterSecret key = (TlsMasterSecret)kg.generateKey(); + byte[] enc = key.getEncoded(); + if (Arrays.equals(master, enc) == false) { + throw new Exception("mismatch line: " + lineNumber); + } + if ((preMajor != key.getMajorVersion()) || + (preMinor != key.getMinorVersion())) { + throw new Exception("version mismatch line: " + lineNumber); + } + } else { + throw new Exception("Unknown line: " + line); + } } - String data = line.substring(PREFIX_LENGTH); - if (line.startsWith("m-algorithm:")) { - algorithm = data; - } else if (line.startsWith("m-premaster:")) { - premaster = parse(data); - } else if (line.startsWith("m-crandom:")) { - clientRandom = parse(data); - } else if (line.startsWith("m-srandom:")) { - serverRandom = parse(data); - } else if (line.startsWith("m-protomajor:")) { - protoMajor = Integer.parseInt(data); - } else if (line.startsWith("m-protominor:")) { - protoMinor = Integer.parseInt(data); - } else if (line.startsWith("m-premajor:")) { - preMajor = Integer.parseInt(data); - } else if (line.startsWith("m-preminor:")) { - preMinor = Integer.parseInt(data); - } else if (line.startsWith("m-master:")) { - master = parse(data); - - System.out.print("."); - n++; - - KeyGenerator kg = - KeyGenerator.getInstance("SunTlsMasterSecret", provider); - SecretKey premasterKey = - new SecretKeySpec(premaster, algorithm); - TlsMasterSecretParameterSpec spec = - new TlsMasterSecretParameterSpec(premasterKey, - protoMajor, protoMinor, clientRandom, serverRandom, - null, -1, -1); - kg.init(spec); - TlsMasterSecret key = (TlsMasterSecret)kg.generateKey(); - byte[] enc = key.getEncoded(); - if (Arrays.equals(master, enc) == false) { - throw new Exception("mismatch line: " + lineNumber); - } - if ((preMajor != key.getMajorVersion()) || - (preMinor != key.getMinorVersion())) { - throw new Exception("version mismatch line: " + lineNumber); - } - } else { - throw new Exception("Unknown line: " + line); + if (n == 0) { + throw new Exception("no tests"); } - } - if (n == 0) { - throw new Exception("no tests"); + System.out.println(); + System.out.println("OK: " + n + " tests"); } - in.close(); - System.out.println(); - System.out.println("OK: " + n + " tests"); } }
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs11/tls/TestMasterSecret.policy Sat May 06 23:47:22 2017 +0100 @@ -0,0 +1,8 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.io.FilePermission "${test.src}/*", "read"; + permission java.lang.RuntimePermission + "accessClassInPackage.sun.security.internal.spec"; + permission java.lang.RuntimePermission + "accessClassInPackage.sun.security.internal.interfaces"; +}; \ No newline at end of file
--- a/test/sun/security/pkcs11/tls/TestPRF.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/tls/TestPRF.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,116 +27,116 @@ * @summary Basic known-answer-test for TlsPrf * @author Andreas Sterbenz * @library .. + * @run main/othervm TestPRF + * @run main/othervm TestPRF sm policy */ -import java.io.*; -import java.util.*; - -import java.security.Security; +import java.io.BufferedReader; +import java.nio.file.Files; +import java.nio.file.Paths; import java.security.Provider; - +import java.util.Arrays; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; - -import javax.crypto.spec.*; - -import sun.security.internal.spec.*; +import javax.crypto.spec.SecretKeySpec; +import sun.security.internal.spec.TlsPrfParameterSpec; public class TestPRF extends PKCS11Test { - private static int PREFIX_LENGTH = "prf-output: ".length(); + private static final int PREFIX_LENGTH = "prf-output: ".length(); public static void main(String[] args) throws Exception { - main(new TestPRF()); + main(new TestPRF(), args); } + @Override public void main(Provider provider) throws Exception { if (provider.getService("KeyGenerator", "SunTlsPrf") == null) { System.out.println("Provider does not support algorithm, skipping"); return; } - InputStream in = new FileInputStream(new File(BASE, "prfdata.txt")); - BufferedReader reader = new BufferedReader(new InputStreamReader(in)); + try (BufferedReader reader = Files.newBufferedReader( + Paths.get(BASE, "prfdata.txt"))) { - int n = 0; - int lineNumber = 0; + int n = 0; + int lineNumber = 0; - byte[] secret = null; - String label = null; - byte[] seed = null; - int length = 0; - byte[] output = null; + byte[] secret = null; + String label = null; + byte[] seed = null; + int length = 0; + byte[] output = null; - while (true) { - String line = reader.readLine(); - lineNumber++; - if (line == null) { - break; - } - if (line.startsWith("prf-") == false) { - continue; - } + while (true) { + String line = reader.readLine(); + lineNumber++; + if (line == null) { + break; + } + if (line.startsWith("prf-") == false) { + continue; + } - String data = line.substring(PREFIX_LENGTH); - if (line.startsWith("prf-secret:")) { - secret = parse(data); - } else if (line.startsWith("prf-label:")) { - label = data; - } else if (line.startsWith("prf-seed:")) { - seed = parse(data); - } else if (line.startsWith("prf-length:")) { - length = Integer.parseInt(data); - } else if (line.startsWith("prf-output:")) { - output = parse(data); + String data = line.substring(PREFIX_LENGTH); + if (line.startsWith("prf-secret:")) { + secret = parse(data); + } else if (line.startsWith("prf-label:")) { + label = data; + } else if (line.startsWith("prf-seed:")) { + seed = parse(data); + } else if (line.startsWith("prf-length:")) { + length = Integer.parseInt(data); + } else if (line.startsWith("prf-output:")) { + output = parse(data); - System.out.print("."); - n++; + System.out.print("."); + n++; - KeyGenerator kg = - KeyGenerator.getInstance("SunTlsPrf", provider); - SecretKey inKey; - if (secret == null) { - inKey = null; - } else { - inKey = new SecretKeySpec(secret, "Generic"); - } - TlsPrfParameterSpec spec = - new TlsPrfParameterSpec(inKey, label, seed, length, - null, -1, -1); - SecretKey key; - try { - kg.init(spec); - key = kg.generateKey(); - } catch (Exception e) { + KeyGenerator kg = + KeyGenerator.getInstance("SunTlsPrf", provider); + SecretKey inKey; if (secret == null) { - // This fails on Solaris, but since we never call this - // API for this case in JSSE, ignore the failure. - // (SunJSSE uses the CKM_TLS_KEY_AND_MAC_DERIVE - // mechanism) - System.out.print("X"); - continue; + inKey = null; + } else { + inKey = new SecretKeySpec(secret, "Generic"); } - System.out.println(); - throw new Exception("Error on line: " + lineNumber, e); + TlsPrfParameterSpec spec = + new TlsPrfParameterSpec(inKey, label, seed, length, + null, -1, -1); + SecretKey key; + try { + kg.init(spec); + key = kg.generateKey(); + } catch (Exception e) { + if (secret == null) { + // This fails on Solaris, but since we never call this + // API for this case in JSSE, ignore the failure. + // (SunJSSE uses the CKM_TLS_KEY_AND_MAC_DERIVE + // mechanism) + System.out.print("X"); + continue; + } + System.out.println(); + throw new Exception("Error on line: " + lineNumber, e); + } + byte[] enc = key.getEncoded(); + if (Arrays.equals(output, enc) == false) { + System.out.println(); + System.out.println("expected: " + toString(output)); + System.out.println("actual: " + toString(enc)); + throw new Exception("mismatch line: " + lineNumber); + } + } else { + throw new Exception("Unknown line: " + line); } - byte[] enc = key.getEncoded(); - if (Arrays.equals(output, enc) == false) { - System.out.println(); - System.out.println("expected: " + toString(output)); - System.out.println("actual: " + toString(enc)); - throw new Exception("mismatch line: " + lineNumber); - } - } else { - throw new Exception("Unknown line: " + line); + } + if (n == 0) { + throw new Exception("no tests"); } - } - if (n == 0) { - throw new Exception("no tests"); + System.out.println(); + System.out.println("OK: " + n + " tests"); } - in.close(); - System.out.println(); - System.out.println("OK: " + n + " tests"); } }
--- a/test/sun/security/pkcs11/tls/TestPremaster.java Sat May 06 22:33:17 2017 +0100 +++ b/test/sun/security/pkcs11/tls/TestPremaster.java Sat May 06 23:47:22 2017 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -27,23 +27,22 @@ * @summary Basic tests for TlsRsaPremasterSecret generator * @author Andreas Sterbenz * @library .. + * @run main/othervm TestPremaster + * @run main/othervm TestPremaster sm policy */ -import java.security.Security; import java.security.Provider; - import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; -import java.util.Formatter; - import sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec; public class TestPremaster extends PKCS11Test { public static void main(String[] args) throws Exception { - main(new TestPremaster()); + main(new TestPremaster(), args); } + @Override public void main(Provider provider) throws Exception { if (provider.getService( "KeyGenerator", "SunTlsRsaPremasterSecret") == null) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/pkcs11/tls/policy Sat May 06 23:47:22 2017 +0100 @@ -0,0 +1,5 @@ +grant { + permission java.lang.RuntimePermission "setSecurityManager"; + permission java.io.FilePermission "${test.src}/*", "read"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.internal.spec"; +}; \ No newline at end of file