pkcs11/KeyStore/SecretKeysBasic.java

151N/A/*
2362N/A * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
151N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
151N/A *
151N/A * This code is free software; you can redistribute it and/or modify it
151N/A * under the terms of the GNU General Public License version 2 only, as
151N/A * published by the Free Software Foundation.
151N/A *
151N/A * This code is distributed in the hope that it will be useful, but WITHOUT
151N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
151N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
151N/A * version 2 for more details (a copy is included in the LICENSE file that
151N/A * accompanied this code).
151N/A *
151N/A * You should have received a copy of the GNU General Public License version
151N/A * 2 along with this work; if not, write to the Free Software Foundation,
151N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
151N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
151N/A */
151N/A
151N/Aimport java.io.*;
151N/Aimport java.util.*;
151N/Aimport java.lang.reflect.*;
151N/A
151N/Aimport java.security.*;
151N/Aimport java.security.cert.*;
151N/Aimport java.security.spec.*;
151N/Aimport java.security.interfaces.*;
151N/Aimport java.math.BigInteger;
151N/A
151N/Aimport javax.crypto.*;
151N/Aimport javax.crypto.spec.*;
151N/A
151N/Apublic class SecretKeysBasic extends PKCS11Test {
151N/A
151N/A    private static final char SEP = File.separatorChar;
151N/A    private static char[] tokenPwd;
151N/A    private static final char[] nssPwd =
151N/A            new char[]{'t', 'e', 's', 't', '1', '2'};
151N/A    private static final char[] solarisPwd =
151N/A            new char[]{'p', 'i', 'n'};
151N/A    private static SecretKey sk1;
151N/A    private static SecretKey sk2;
151N/A    private static SecretKey softkey;
151N/A    private static KeyStore ks;
151N/A    private static final String KS_TYPE = "PKCS11";
151N/A    private static Provider provider;
151N/A
151N/A    public static void main(String[] args) throws Exception {
151N/A        main(new SecretKeysBasic());
151N/A    }
151N/A
151N/A    public void main(Provider p) throws Exception {
151N/A        this.provider = p;
151N/A
151N/A        // create secret key
151N/A        byte[] keyVal = new byte[16];
151N/A        (new SecureRandom()).nextBytes(keyVal);
151N/A        // NSS will throw CKR_HOST_MEMORY if calling C_DecryptInit w/
151N/A        // (keyVal[0] == 0)
151N/A        if (keyVal[0] == 0) {
151N/A            keyVal[0] = 1;
151N/A        }
151N/A        softkey = new SecretKeySpec(keyVal, "AES");
151N/A        dumpKey("softkey", softkey);
151N/A
151N/A        KeyGenerator kg = KeyGenerator.getInstance("DESede", provider);
151N/A        sk1 = kg.generateKey();
151N/A        dumpKey("skey1", sk1);
151N/A        sk2 = kg.generateKey();
151N/A        dumpKey("skey2", sk2);
151N/A
151N/A        String token = System.getProperty("TOKEN");
151N/A
151N/A        if (token == null || token.length() == 0) {
151N/A            System.out.println("Error: missing TOKEN system property");
151N/A            throw new Exception("token arg required");
151N/A        }
151N/A
151N/A        if ("nss".equals(token)) {
151N/A            tokenPwd = nssPwd;
151N/A        } else if ("solaris".equals(token)) {
151N/A            tokenPwd = solarisPwd;
151N/A        }
151N/A
151N/A        int testnum = 1;
151N/A        doTest();
151N/A    }
151N/A
151N/A    private static boolean checkSecretKeyEntry(String alias,
151N/A            SecretKey expected,
151N/A            boolean saveBeforeCheck)
151N/A            throws Exception {
151N/A        if (saveBeforeCheck) {
151N/A            ks.setKeyEntry(alias, expected, null, null);
151N/A        }
151N/A        SecretKey result = (SecretKey) (ks.getKey(alias, null));
151N/A        String keyEncFormat = result.getFormat();
151N/A        if (keyEncFormat == null) {
151N/A            // sensitive or un-extractable keys - verify by encrypt/decrypt
151N/A            byte[] data = new byte[64];
151N/A            Cipher c =
151N/A                    Cipher.getInstance(result.getAlgorithm() + "/CBC/NoPadding",
151N/A                    provider);
151N/A            c.init(Cipher.ENCRYPT_MODE, expected);
151N/A            byte[] encOut = c.doFinal(data);
151N/A            c.init(Cipher.DECRYPT_MODE, result, c.getParameters());
151N/A            byte[] decOut = c.doFinal(encOut);
151N/A            if (!Arrays.equals(data, decOut)) {
151N/A                return false;
151N/A            }
151N/A        } else if (keyEncFormat.toUpperCase().equals("RAW")) {
151N/A            if (!Arrays.equals(result.getEncoded(), expected.getEncoded())) {
151N/A                dumpKey("\texpected:", expected);
151N/A                dumpKey("\treturns:", result);
151N/A                return false;
151N/A            }
151N/A        }
151N/A        return true;
151N/A    }
151N/A
151N/A    private static void dumpKey(String info, SecretKey key) {
151N/A        System.out.println(info + "> " + key);
151N/A        System.out.println("\tALGO=" + key.getAlgorithm());
151N/A        if (key.getFormat() != null) {
151N/A            System.out.println("\t[" + key.getFormat() + "] VALUE=" +
151N/A                    new BigInteger(key.getEncoded()));
151N/A        } else {
151N/A            System.out.println("\tVALUE=n/a");
151N/A        }
151N/A    }
151N/A
151N/A    private static void doTest() throws Exception {
151N/A        if (ks == null) {
151N/A            ks = KeyStore.getInstance(KS_TYPE, provider);
151N/A            ks.load(null, tokenPwd);
151N/A        }
151N/A
151N/A        System.out.println("Number of entries: " + ks.size());
151N/A        if (ks.size() != 0) {
151N/A            System.out.println("Deleting entries under aliases: ");
151N/A            for (Enumeration<String> aliases = ks.aliases();
151N/A                    aliases.hasMoreElements();) {
151N/A                String alias = aliases.nextElement();
151N/A                System.out.println("\t" + alias);
151N/A                ks.deleteEntry(alias);
151N/A            }
151N/A        }
151N/A
151N/A        String alias = "testSKey";
151N/A
151N/A        boolean testResult = checkSecretKeyEntry(alias, softkey, true);
151N/A        if (!testResult) {
151N/A            System.out.println("FAILURE: setKey() w/ softSecretKey failed");
151N/A        }
151N/A
151N/A        if (!checkSecretKeyEntry(alias, sk1, true)) {
151N/A            testResult = false;
151N/A            System.out.println("FAILURE: setKey() w/ skey1 failed");
151N/A        }
151N/A        if (!checkSecretKeyEntry(alias, sk2, true)) {
151N/A            testResult = false;
151N/A            System.out.println("FAILURE: setKey() w/ skey2 failed");
151N/A        }
151N/A
151N/A        ks.store(null);
151N/A        System.out.println("Reloading keystore...");
151N/A
151N/A        ks.load(null, "whatever".toCharArray());
151N/A        if (ks.size() != 1) {
151N/A            System.out.println("FAILURE: reload#1 ks.size() != 1");
151N/A        }
151N/A        if (!checkSecretKeyEntry(alias, sk2, false)) {
151N/A            testResult = false;
151N/A            System.out.println("FAILURE: reload#1 ks entry check failed");
151N/A        }
151N/A
151N/A        ks.deleteEntry(alias);
151N/A        ks.store(null);
151N/A
151N/A        System.out.println("Reloading keystore...");
151N/A        ks.load(null, "whatever".toCharArray());
151N/A        if (ks.size() != 0) {
151N/A            testResult = false;
151N/A            System.out.println("FAILURE: reload#2 ks.size() != 0");
151N/A        }
151N/A        if (!testResult) {
151N/A            throw new Exception("One or more test failed!");
151N/A        }
151N/A    }
151N/A}