changeset 12817:a831c364751d

8075286: Additional tests for signature algorithm OIDs and transformation string Summary: SQE test co-location effort Reviewed-by: valeriep Contributed-by: sha.jiang@oracle.com
author valeriep
date Thu, 24 Sep 2015 18:16:56 +0000
parents b3d042c1c01b
children 551959336e36 8a9a7b1a3210
files test/com/sun/crypto/provider/NSASuiteB/TestAESOids.java test/com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java test/com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java test/sun/security/TestSignatureOidHelper.java test/sun/security/ec/NSASuiteB/TestSHAwithECDSASignatureOids.java test/sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java test/sun/security/provider/NSASuiteB/TestSHAOids.java test/sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java
diffstat 8 files changed, 973 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/NSASuiteB/TestAESOids.java	Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,194 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import static javax.crypto.Cipher.ENCRYPT_MODE;
+import static javax.crypto.Cipher.getMaxAllowedKeyLength;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.IvParameterSpec;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Test the AES algorithm OIDs in JDK.
+ *          OID and Algorithm transformation string should match.
+ *          Both could be able to be used to generate the algorithm instance.
+ * @run main TestAESOids
+ */
+public class TestAESOids {
+
+    private static final String PROVIDER_NAME = "SunJCE";
+    private static final byte[] INPUT = "1234567890123456".getBytes();
+
+    private static final List<DataTuple> DATA = Arrays.asList(
+            new DataTuple("2.16.840.1.101.3.4.1.1", "AES_128/ECB/NoPadding",
+                    128, "ECB"),
+            new DataTuple("2.16.840.1.101.3.4.1.2", "AES_128/CBC/NoPadding",
+                    128, "CBC"),
+            new DataTuple("2.16.840.1.101.3.4.1.3", "AES_128/OFB/NoPadding",
+                    128, "OFB"),
+            new DataTuple("2.16.840.1.101.3.4.1.4", "AES_128/CFB/NoPadding",
+                    128, "CFB"),
+            new DataTuple("2.16.840.1.101.3.4.1.21", "AES_192/ECB/NoPadding",
+                    192, "ECB"),
+            new DataTuple("2.16.840.1.101.3.4.1.22", "AES_192/CBC/NoPadding",
+                    192, "CBC"),
+            new DataTuple("2.16.840.1.101.3.4.1.23", "AES_192/OFB/NoPadding",
+                    192, "OFB"),
+            new DataTuple("2.16.840.1.101.3.4.1.24", "AES_192/CFB/NoPadding",
+                    192, "CFB"),
+            new DataTuple("2.16.840.1.101.3.4.1.41", "AES_256/ECB/NoPadding",
+                    256, "ECB"),
+            new DataTuple("2.16.840.1.101.3.4.1.42", "AES_256/CBC/NoPadding",
+                    256, "CBC"),
+            new DataTuple("2.16.840.1.101.3.4.1.43", "AES_256/OFB/NoPadding",
+                    256, "OFB"),
+            new DataTuple("2.16.840.1.101.3.4.1.44", "AES_256/CFB/NoPadding",
+                    256, "CFB"));
+
+    public static void main(String[] args) throws Exception {
+        for (DataTuple dataTuple : DATA) {
+            int maxAllowedKeyLength =
+                    getMaxAllowedKeyLength(dataTuple.algorithm);
+            boolean supportedKeyLength =
+                    maxAllowedKeyLength >= dataTuple.keyLength;
+
+            try {
+                runTest(dataTuple, supportedKeyLength);
+                System.out.println("passed");
+            } catch (InvalidKeyException ike) {
+                if (supportedKeyLength) {
+                    throw new RuntimeException(String.format(
+                            "The key length %d is supported, but test failed.",
+                            dataTuple.keyLength), ike);
+                } else {
+                    System.out.printf(
+                            "Catch expected InvalidKeyException due "
+                                    + "to the key length %d is greater than "
+                                    + "max supported key length %d%n",
+                            dataTuple.keyLength, maxAllowedKeyLength);
+                }
+            }
+        }
+    }
+
+    private static void runTest(DataTuple dataTuple,
+            boolean supportedKeyLength) throws NoSuchAlgorithmException,
+            NoSuchProviderException, NoSuchPaddingException,
+            InvalidKeyException, ShortBufferException,
+            IllegalBlockSizeException, BadPaddingException,
+            InvalidAlgorithmParameterException {
+        Cipher algorithmCipher = Cipher.getInstance(dataTuple.algorithm,
+                PROVIDER_NAME);
+        Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME);
+
+        if (algorithmCipher == null) {
+            throw new RuntimeException(
+                    String.format("Test failed: algorithm string %s getInstance"
+                            + " failed.%n", dataTuple.algorithm));
+        }
+
+        if (oidCipher == null) {
+            throw new RuntimeException(
+                    String.format("Test failed: OID %s getInstance failed.%n",
+                            dataTuple.oid));
+        }
+
+        if (!algorithmCipher.getAlgorithm().equals(dataTuple.algorithm)) {
+            throw new RuntimeException(String.format(
+                    "Test failed: algorithm string %s getInstance "
+                            + "doesn't generate expected algorithm.%n",
+                    dataTuple.algorithm));
+        }
+
+        KeyGenerator kg = KeyGenerator.getInstance("AES");
+        kg.init(dataTuple.keyLength);
+        SecretKey key = kg.generateKey();
+
+        // encrypt
+        algorithmCipher.init(ENCRYPT_MODE, key);
+        if (!supportedKeyLength) {
+            throw new RuntimeException(String.format(
+                    "The key length %d is not supported, so the initialization "
+                            + "of algorithmCipher should fail.%n",
+                    dataTuple.keyLength));
+        }
+
+        byte[] cipherText = new byte[algorithmCipher.getOutputSize(INPUT.length)];
+        int offset = algorithmCipher.update(INPUT, 0, INPUT.length,
+                cipherText, 0);
+        algorithmCipher.doFinal(cipherText, offset);
+
+        AlgorithmParameterSpec aps = null;
+        if (!dataTuple.mode.equalsIgnoreCase("ECB")) {
+            aps = new IvParameterSpec(algorithmCipher.getIV());
+        }
+
+        oidCipher.init(Cipher.DECRYPT_MODE, key, aps);
+        if (!supportedKeyLength) {
+            throw new RuntimeException(String.format(
+                    "The key length %d is not supported, so the "
+                            + "initialization of oidCipher should fail.%n",
+                    dataTuple.keyLength));
+        }
+
+        byte[] recoveredText = new byte[oidCipher.getOutputSize(cipherText.length)];
+        oidCipher.doFinal(cipherText, 0, cipherText.length, recoveredText);
+
+        // Comparison
+        if (!Arrays.equals(INPUT, recoveredText)) {
+            throw new RuntimeException(
+                    "Decrypted data is not the same as the original text");
+        }
+    }
+
+    private static class DataTuple {
+
+        private final String oid;
+        private final String algorithm;
+        private final int keyLength;
+        private final String mode;
+
+        private DataTuple(String oid, String algorithm, int keyLength,
+                String mode) {
+            this.oid = oid;
+            this.algorithm = algorithm;
+            this.keyLength = keyLength;
+            this.mode = mode;
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/NSASuiteB/TestAESWrapOids.java	Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,154 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import static javax.crypto.Cipher.getMaxAllowedKeyLength;
+
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Test the AESWrap algorithm OIDs in JDK.
+ *          OID and Algorithm transformation string should match.
+ *          Both could be able to be used to generate the algorithm instance.
+ * @run main TestAESWrapOids
+ */
+public class TestAESWrapOids {
+
+    private static final String PROVIDER_NAME = "SunJCE";
+
+    private static final List<DataTuple> DATA = Arrays.asList(
+            new DataTuple("2.16.840.1.101.3.4.1.5", "AESWrap_128", 128),
+            new DataTuple("2.16.840.1.101.3.4.1.25", "AESWrap_192", 192),
+            new DataTuple("2.16.840.1.101.3.4.1.45", "AESWrap_256", 256));
+
+    public static void main(String[] args) throws Exception {
+        for (DataTuple dataTuple : DATA) {
+            int maxAllowedKeyLength = getMaxAllowedKeyLength(
+                    dataTuple.algorithm);
+            boolean supportedKeyLength =
+                    maxAllowedKeyLength >= dataTuple.keyLength;
+
+            try {
+                runTest(dataTuple, supportedKeyLength);
+                System.out.println("passed");
+            } catch (InvalidKeyException ike) {
+                if (supportedKeyLength) {
+                    throw new RuntimeException(String.format(
+                            "The key length %d is supported, but test failed.",
+                            dataTuple.keyLength), ike);
+                } else {
+                    System.out.printf(
+                            "Catch expected InvalidKeyException "
+                                    + "due to the key length %d is greater "
+                                    + "than max supported key length %d%n",
+                            dataTuple.keyLength, maxAllowedKeyLength);
+                }
+            }
+        }
+    }
+
+    private static void runTest(DataTuple dataTuple, boolean supportedKeyLength)
+            throws NoSuchAlgorithmException, NoSuchProviderException,
+            NoSuchPaddingException, InvalidKeyException,
+            IllegalBlockSizeException {
+        Cipher algorithmCipher = Cipher.getInstance(
+                dataTuple.algorithm, PROVIDER_NAME);
+        Cipher oidCipher = Cipher.getInstance(dataTuple.oid, PROVIDER_NAME);
+
+        if (algorithmCipher == null) {
+            throw new RuntimeException(String.format(
+                    "Test failed: algorithm string %s getInstance failed.%n",
+                    dataTuple.algorithm));
+        }
+
+        if (oidCipher == null) {
+            throw new RuntimeException(
+                    String.format("Test failed: OID %s getInstance failed.%n",
+                            dataTuple.oid));
+        }
+
+        if (!algorithmCipher.getAlgorithm().equals(
+                dataTuple.algorithm)) {
+            throw new RuntimeException(String.format(
+                    "Test failed: algorithm string %s getInstance "
+                            + "doesn't generate expected algorithm.%n",
+                    dataTuple.oid));
+        }
+
+        KeyGenerator kg = KeyGenerator.getInstance("AES");
+        kg.init(dataTuple.keyLength);
+        SecretKey key = kg.generateKey();
+
+        // Wrap the key
+        algorithmCipher.init(Cipher.WRAP_MODE, key);
+        if (!supportedKeyLength) {
+            throw new RuntimeException(String.format(
+                    "The key length %d is not supported, so the initialization"
+                            + " of algorithmCipher should fail.%n",
+                    dataTuple.keyLength));
+        }
+
+        // Unwrap the key
+        oidCipher.init(Cipher.UNWRAP_MODE, key);
+        if (!supportedKeyLength) {
+            throw new RuntimeException(String.format(
+                    "The key length %d is not supported, so the initialization"
+                            + " of oidCipher should fail.%n",
+                    dataTuple.keyLength));
+        }
+
+        byte[] keyWrapper = algorithmCipher.wrap(key);
+        Key unwrappedKey = oidCipher.unwrap(keyWrapper, "AES",
+                Cipher.SECRET_KEY);
+
+        // Comparison
+        if (!Arrays.equals(key.getEncoded(), unwrappedKey.getEncoded())) {
+            throw new RuntimeException("Key comparison failed");
+        }
+    }
+
+    private static class DataTuple {
+
+        private final String oid;
+        private final String algorithm;
+        private final int keyLength;
+
+        private DataTuple(String oid, String algorithm, int keyLength) {
+            this.oid = oid;
+            this.algorithm = algorithm;
+            this.keyLength = keyLength;
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/com/sun/crypto/provider/NSASuiteB/TestHmacSHAOids.java	Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,116 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.Mac;
+import javax.crypto.SecretKey;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Test the HmacSHA algorithm OIDs in JDK.
+ *          OID and Algorithm transformation string should match.
+ *          Both could be able to be used to generate the algorithm instance.
+ * @run main TestHmacSHAOids
+ */
+public class TestHmacSHAOids {
+
+    private static final String PROVIDER_NAME = "SunJCE";
+    private static final byte[] INPUT = "1234567890".getBytes();
+
+    private static final List<DataTuple> DATA = Arrays.asList(
+            new DataTuple("1.2.840.113549.2.7", "HmacSHA1"),
+            new DataTuple("1.2.840.113549.2.8", "HmacSHA224"),
+            new DataTuple("1.2.840.113549.2.9", "HmacSHA256"),
+            new DataTuple("1.2.840.113549.2.10", "HmacSHA384"),
+            new DataTuple("1.2.840.113549.2.11", "HmacSHA512"));
+
+    public static void main(String[] args) throws Exception {
+        for (DataTuple dataTuple : DATA) {
+            runTest(dataTuple);
+            System.out.println("passed");
+        }
+        System.out.println("All tests passed");
+    }
+
+    private static void runTest(DataTuple dataTuple)
+            throws NoSuchAlgorithmException, NoSuchProviderException,
+            InvalidKeyException {
+        Mac mcAlgorithm = Mac.getInstance(dataTuple.algorithm,
+                PROVIDER_NAME);
+        Mac mcOid = Mac.getInstance(dataTuple.oid, PROVIDER_NAME);
+
+        if (mcAlgorithm == null) {
+            throw new RuntimeException(String.format(
+                    "Test failed: Mac using algorithm "
+                            + "string %s getInstance failed.%n",
+                    dataTuple.algorithm));
+        }
+
+        if (mcOid == null) {
+            throw new RuntimeException(String.format(
+                    "Test failed: Mac using OID %s getInstance failed.%n",
+                    dataTuple.oid));
+        }
+
+        if (!mcAlgorithm.getAlgorithm().equals(dataTuple.algorithm)) {
+            throw new RuntimeException(String.format(
+                    "Test failed: Mac using algorithm string %s getInstance "
+                            + "doesn't generate expected algorithm.%n",
+                    dataTuple.algorithm));
+        }
+
+        KeyGenerator kg = KeyGenerator.getInstance(dataTuple.algorithm,
+                PROVIDER_NAME);
+        SecretKey key = kg.generateKey();
+
+        mcAlgorithm.init(key);
+        mcAlgorithm.update(INPUT);
+
+        mcOid.init(key);
+        mcOid.update(INPUT);
+
+        // Comparison
+        if (!Arrays.equals(mcAlgorithm.doFinal(), mcOid.doFinal())) {
+            throw new RuntimeException("Digest comparison failed: "
+                    + "the two MACs are not the same");
+        }
+    }
+
+    private static class DataTuple {
+
+        private final String oid;
+        private final String algorithm;
+
+        private DataTuple(String oid, String algorithm) {
+            this.oid = oid;
+            this.algorithm = algorithm;
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/TestSignatureOidHelper.java	Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,124 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.util.List;
+
+/*
+ * Utilities for testing the signature algorithm OIDs.
+ */
+public class TestSignatureOidHelper {
+
+    private static final byte[] INPUT = "1234567890".getBytes();
+
+    private final String algorithm;
+
+    private final String provider;
+
+    private final int keySize;
+
+    private final List<OidAlgorithmPair> data;
+
+    public TestSignatureOidHelper(String algorithm, String provider,
+            int keySize, List<OidAlgorithmPair> data) {
+        this.algorithm = algorithm;
+        this.provider = provider;
+        this.keySize = keySize;
+        this.data = data;
+    }
+
+    public void execute() throws Exception {
+        KeyPair keyPair = createKeyPair();
+        for (OidAlgorithmPair oidAlgorithmPair : data) {
+            runTest(oidAlgorithmPair, keyPair);
+            System.out.println("passed");
+        }
+        System.out.println("All tests passed");
+    }
+
+    private KeyPair createKeyPair()
+            throws NoSuchAlgorithmException, NoSuchProviderException {
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm,
+                provider);
+        keyGen.initialize(keySize);
+        return keyGen.generateKeyPair();
+    }
+
+    private void runTest(OidAlgorithmPair oidAlgorithmPair, KeyPair keyPair)
+            throws NoSuchAlgorithmException, NoSuchProviderException,
+            InvalidKeyException, SignatureException {
+        Signature sgAlgorithm =
+                Signature.getInstance(oidAlgorithmPair.algorithm, provider);
+        Signature sgOid = Signature.getInstance(oidAlgorithmPair.oid, provider);
+
+        if (sgAlgorithm == null) {
+            throw new RuntimeException(String.format(
+                    "Test failed: algorithm string %s getInstance failed.%n",
+                    oidAlgorithmPair.algorithm));
+        }
+
+        if (sgOid == null) {
+            throw new RuntimeException(
+                    String.format("Test failed: OID %s getInstance failed.%n",
+                            oidAlgorithmPair.oid));
+        }
+
+        if (!sgAlgorithm.getAlgorithm().equals(oidAlgorithmPair.algorithm)) {
+            throw new RuntimeException(String.format(
+                    "Test failed: algorithm string %s getInstance "
+                            + "doesn't generate expected algorithm.%n",
+                    oidAlgorithmPair.algorithm));
+        }
+
+        sgAlgorithm.initSign(keyPair.getPrivate());
+        sgAlgorithm.update(INPUT);
+        sgOid.initVerify(keyPair.getPublic());
+        sgOid.update(INPUT);
+        if (!sgOid.verify(sgAlgorithm.sign())) {
+            throw new RuntimeException(
+                    "Signature verification failed unexpectedly");
+        }
+    }
+}
+
+class OidAlgorithmPair {
+
+    public final String oid;
+    public final String algorithm;
+
+    public OidAlgorithmPair(String oid, String algorithm) {
+        this.oid = oid;
+        this.algorithm = algorithm;
+    }
+
+    @Override
+    public String toString() {
+        return "[oid=" + oid + ", algorithm=" + algorithm + "]";
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/ec/NSASuiteB/TestSHAwithECDSASignatureOids.java	Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.util.Arrays;
+import java.util.List;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Test the SHAwithECDSA signature algorithm OIDs in JDK.
+ *          OID and algorithm transformation string should match.
+ *          Both could be able to be used to generate the algorithm instance.
+ * @compile ../../TestSignatureOidHelper.java
+ * @run main TestSHAwithECDSASignatureOids
+ */
+public class TestSHAwithECDSASignatureOids {
+
+    private static final List<OidAlgorithmPair> DATA = Arrays.asList(
+            new OidAlgorithmPair("1.2.840.10045.4.1", "SHA1withECDSA"),
+            new OidAlgorithmPair("1.2.840.10045.4.3.1", "SHA224withECDSA"),
+            new OidAlgorithmPair("1.2.840.10045.4.3.2", "SHA256withECDSA"),
+            new OidAlgorithmPair("1.2.840.10045.4.3.3", "SHA384withECDSA"),
+            new OidAlgorithmPair("1.2.840.10045.4.3.4", "SHA512withECDSA"));
+
+    public static void main(String[] args) throws Exception {
+        TestSignatureOidHelper helper = new TestSignatureOidHelper("EC",
+                "SunEC", 256, DATA);
+        helper.execute();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/provider/NSASuiteB/TestDSAGenParameterSpec.java	Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,185 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.AlgorithmParameterGenerator;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidParameterException;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.spec.DSAGenParameterSpec;
+import java.security.spec.DSAParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+import java.util.Arrays;
+import java.util.List;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Verify that DSAGenParameterSpec can and can only be used to generate
+ *          DSA within some certain range of key sizes as described in the class
+ *          specification (L, N) as (1024, 160), (2048, 224), (2048, 256) and
+ *          (3072, 256) should be OK for DSAGenParameterSpec. But the real
+ *          implementation SUN doesn't support (3072, 256).
+ * @run main TestDSAGenParameterSpec
+ */
+public class TestDSAGenParameterSpec {
+
+    private static final String ALGORITHM_NAME = "DSA";
+    private static final String PROVIDER_NAME = "SUN";
+
+    private static final List<DataTuple> DATA = Arrays.asList(
+            new DataTuple(1024, 160, true, true),
+            new DataTuple(2048, 224, true, true),
+            new DataTuple(2048, 256, true, true),
+            new DataTuple(3072, 256, true, false),
+            new DataTuple(1024, 224),
+            new DataTuple(2048, 160),
+            new DataTuple(4096, 256),
+            new DataTuple(512, 160),
+            new DataTuple(3072, 224));
+
+    private static void testDSAGenParameterSpec(DataTuple dataTuple)
+            throws NoSuchAlgorithmException, NoSuchProviderException,
+            InvalidParameterSpecException, InvalidAlgorithmParameterException {
+        System.out.printf("Test case: primePLen=%d, " + "subprimeQLen=%d%n",
+                dataTuple.primePLen, dataTuple.subprimeQLen);
+
+        AlgorithmParameterGenerator apg =
+                AlgorithmParameterGenerator.getInstance(ALGORITHM_NAME,
+                        PROVIDER_NAME);
+
+        DSAGenParameterSpec genParamSpec = createGenParameterSpec(dataTuple);
+        // genParamSpec will be null if IllegalAE is thrown when expected.
+        if (genParamSpec == null) {
+            return;
+        }
+
+        try {
+            apg.init(genParamSpec, null);
+            AlgorithmParameters param = apg.generateParameters();
+
+            checkParam(param, genParamSpec);
+            System.out.println("Test case passed");
+        } catch (InvalidParameterException ipe) {
+            // The DSAGenParameterSpec API support this, but the real
+            // implementation in SUN doesn't
+            if (!dataTuple.isSunProviderSupported) {
+                System.out.println("Test case passed: expected "
+                        + "InvalidParameterException is caught");
+            } else {
+                throw new RuntimeException("Test case failed.", ipe);
+            }
+        }
+    }
+
+    private static void checkParam(AlgorithmParameters param,
+            DSAGenParameterSpec genParam) throws InvalidParameterSpecException,
+                    NoSuchAlgorithmException, NoSuchProviderException,
+                    InvalidAlgorithmParameterException {
+        String algorithm = param.getAlgorithm();
+        if (!algorithm.equalsIgnoreCase(ALGORITHM_NAME)) {
+            throw new RuntimeException(
+                    "Unexpected type of parameters: " + algorithm);
+        }
+
+        DSAParameterSpec spec = param.getParameterSpec(DSAParameterSpec.class);
+        int valueL = spec.getP().bitLength();
+        int strengthP = genParam.getPrimePLength();
+        if (strengthP != valueL) {
+            System.out.printf("P: Expected %d but actual %d%n", strengthP,
+                    valueL);
+            throw new RuntimeException("Wrong P strength");
+        }
+
+        int valueN = spec.getQ().bitLength();
+        int strengthQ = genParam.getSubprimeQLength();
+        if (strengthQ != valueN) {
+            System.out.printf("Q: Expected %d but actual %d%n", strengthQ,
+                    valueN);
+            throw new RuntimeException("Wrong Q strength");
+        }
+
+        if (genParam.getSubprimeQLength() != genParam.getSeedLength()) {
+            System.out.println("Defaut seed length should be the same as Q.");
+            throw new RuntimeException("Wrong seed length");
+        }
+
+        // use the parameters to generate real DSA keys
+        KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM_NAME,
+                PROVIDER_NAME);
+        keyGen.initialize(spec);
+        keyGen.generateKeyPair();
+    }
+
+    private static DSAGenParameterSpec createGenParameterSpec(
+            DataTuple dataTuple) {
+        DSAGenParameterSpec genParamSpec = null;
+        try {
+            genParamSpec = new DSAGenParameterSpec(dataTuple.primePLen,
+                    dataTuple.subprimeQLen);
+            if (!dataTuple.isDSASpecSupported) {
+                throw new RuntimeException(
+                        "Test case failed: the key length must not supported");
+            }
+        } catch (IllegalArgumentException e) {
+            if (!dataTuple.isDSASpecSupported) {
+                System.out.println("Test case passed: expected "
+                        + "IllegalArgumentException is caught");
+            } else {
+                throw new RuntimeException("Test case failed: unexpected "
+                        + "IllegalArgumentException is thrown", e);
+            }
+        }
+
+        return genParamSpec;
+    }
+
+    public static void main(String[] args) throws Exception {
+        for (DataTuple dataTuple : DATA) {
+            testDSAGenParameterSpec(dataTuple);
+        }
+        System.out.println("All tests passed");
+    }
+
+    private static class DataTuple {
+
+        private int primePLen;
+        private int subprimeQLen;
+        private boolean isDSASpecSupported;
+        private boolean isSunProviderSupported;
+
+        private DataTuple(int primePLen, int subprimeQLen,
+                boolean isDSASpecSupported, boolean isSunProviderSupported) {
+            this.primePLen = primePLen;
+            this.subprimeQLen = subprimeQLen;
+            this.isDSASpecSupported = isDSASpecSupported;
+            this.isSunProviderSupported = isSunProviderSupported;
+        }
+
+        private DataTuple(int primePLen, int subprimeQLen) {
+            this(primePLen, subprimeQLen, false, false);
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/provider/NSASuiteB/TestSHAOids.java	Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.util.Arrays;
+import java.util.List;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Test the SHA algorithm OIDs in JDK.
+ *          OID and algorithm transformation string should match.
+ *          Both could be able to be used to generate the algorithm instance.
+ * @run main TestSHAOids
+ */
+public class TestSHAOids {
+
+    private static final String PROVIDER_NAME = "SUN";
+    private static final byte[] INPUT = "1234567890".getBytes();
+
+    private static final List<DataTuple> DATA = Arrays.asList(
+            new DataTuple("2.16.840.1.101.3.4.2.1", "SHA-256"),
+            new DataTuple("2.16.840.1.101.3.4.2.2", "SHA-384"),
+            new DataTuple("2.16.840.1.101.3.4.2.3", "SHA-512"),
+            new DataTuple("2.16.840.1.101.3.4.2.4", "SHA-224"));
+
+    public static void main(String[] args) throws Exception {
+        for (DataTuple dataTuple : DATA) {
+            runTest(dataTuple);
+            System.out.println("passed");
+        }
+        System.out.println("All tests passed");
+    }
+
+    private static void runTest(DataTuple dataTuple)
+            throws NoSuchAlgorithmException, NoSuchProviderException {
+        MessageDigest mdAlgorithm = MessageDigest.getInstance(
+                dataTuple.algorithm, PROVIDER_NAME);
+        MessageDigest mdOid = MessageDigest.getInstance(dataTuple.oid,
+                PROVIDER_NAME);
+
+        if (mdAlgorithm == null) {
+            throw new RuntimeException(String.format(
+                    "Test failed: algorithm string %s getInstance failed.%n",
+                    dataTuple.algorithm));
+        }
+
+        if (mdOid == null) {
+            throw new RuntimeException(
+                    String.format("Test failed: OID %s getInstance failed.%n",
+                            dataTuple.oid));
+        }
+
+        if (!mdAlgorithm.getAlgorithm().equals(dataTuple.algorithm)) {
+            throw new RuntimeException(String.format(
+                    "Test failed: algorithm string %s getInstance doesn't "
+                            + "generate expected algorithm.%n",
+                    dataTuple.algorithm));
+        }
+
+        mdAlgorithm.update(INPUT);
+        mdOid.update(INPUT);
+
+        // Comparison
+        if (!Arrays.equals(mdAlgorithm.digest(), mdOid.digest())) {
+            throw new RuntimeException("Digest comparison failed: "
+                    + "the two digests are not the same");
+        }
+    }
+
+    private static class DataTuple {
+
+        private final String oid;
+        private final String algorithm;
+
+        private DataTuple(String oid, String algorithm) {
+            this.oid = oid;
+            this.algorithm = algorithm;
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/provider/NSASuiteB/TestSHAwithDSASignatureOids.java	Thu Sep 24 18:16:56 2015 +0000
@@ -0,0 +1,47 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.util.Arrays;
+import java.util.List;
+
+/*
+ * @test
+ * @bug 8075286
+ * @summary Test the SHAwithDSA signature algorithm OIDs in JDK.
+ *          OID and algorithm transformation string should match.
+ *          Both could be able to be used to generate the algorithm instance.
+ * @compile ../../TestSignatureOidHelper.java
+ * @run main TestSHAwithDSASignatureOids
+ */
+public class TestSHAwithDSASignatureOids {
+
+    private static final List<OidAlgorithmPair> DATA = Arrays.asList(
+            new OidAlgorithmPair("2.16.840.1.101.3.4.3.1", "SHA224withDSA"),
+            new OidAlgorithmPair("2.16.840.1.101.3.4.3.2", "SHA256withDSA"));
+
+    public static void main(String[] args) throws Exception {
+        TestSignatureOidHelper helper = new TestSignatureOidHelper("DSA",
+                "SUN", 1024, DATA);
+        helper.execute();
+    }
+}