OpenJDK / jdk / jdk12

changeset 39344:7a2263aa5b3d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8153948: sun/security/mscapi/ShortRSAKey1024.sh fails with "Field length overflow" Reviewed-by: coffeys, xuelei
author igerasim
date Mon, 04 Jul 2016 16:25:11 +0300
parents 3dbae815788f
children 344e8211e184
files jdk/test/ProblemList.txt jdk/test/sun/security/mscapi/ShortRSAKeyWithinTLS.java
diffstat 2 files changed, 79 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/jdk/test/ProblemList.txt	Mon Jul 04 10:50:28 2016 +0000
+++ b/jdk/test/ProblemList.txt	Mon Jul 04 16:25:11 2016 +0300
@@ -212,8 +212,6 @@
 
 sun/security/tools/keytool/ListKeychainStore.sh                 8156889 macosx-all
 
-sun/security/mscapi/ShortRSAKey1024.sh                          8153948 windows-all
-
 sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java      8026393 generic-all
 
 sun/security/pkcs11/Cipher/ReinitCipher.java                    8077138,8023434 windows-all
--- a/jdk/test/sun/security/mscapi/ShortRSAKeyWithinTLS.java	Mon Jul 04 10:50:28 2016 +0000
+++ b/jdk/test/sun/security/mscapi/ShortRSAKeyWithinTLS.java	Mon Jul 04 16:25:11 2016 +0300
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,10 @@
  */
 
 import java.io.*;
+import java.net.*;
+import java.util.*;
 import java.security.*;
+import java.security.cert.*;
 import javax.net.*;
 import javax.net.ssl.*;
 
@@ -71,22 +74,34 @@
     void doServerSide() throws Exception {
 
         // load the key store
-        KeyStore ks = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
-        ks.load(null, null);
+        serverKS = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
+        serverKS.load(null, null);
         System.out.println("Loaded keystore: Windows-MY");
 
         // check key size
-        checkKeySize(ks);
+        checkKeySize(serverKS);
 
         // initialize the SSLContext
         KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
-        kmf.init(ks, null);
+        kmf.init(serverKS, null);
 
         TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
-        tmf.init(ks);
+        tmf.init(serverKS);
+        TrustManager[] tms = tmf.getTrustManagers();
+        if (tms == null || tms.length == 0) {
+            throw new Exception("unexpected trust manager implementation");
+        } else {
+            if (!(tms[0] instanceof X509TrustManager)) {
+                throw new Exception("unexpected trust manager" +
+                        " implementation: " +
+                        tms[0].getClass().getCanonicalName());
+            }
+        }
+        serverTM = new MyExtendedX509TM((X509TrustManager)tms[0]);
+        tms = new TrustManager[] {serverTM};
 
         SSLContext ctx = SSLContext.getInstance("TLS");
-        ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+        ctx.init(kmf.getKeyManagers(), tms, null);
 
         ServerSocketFactory ssf = ctx.getServerSocketFactory();
         SSLServerSocket sslServerSocket = (SSLServerSocket)
@@ -228,6 +243,8 @@
 
     Thread clientThread = null;
     Thread serverThread = null;
+    KeyStore serverKS;
+    MyExtendedX509TM serverTM;
 
     /*
      * Primary constructor, used to drive remainder of the test.
@@ -348,5 +365,60 @@
             }
         }
     }
+
+
+    class MyExtendedX509TM extends X509ExtendedTrustManager
+            implements X509TrustManager {
+
+        X509TrustManager tm;
+
+        MyExtendedX509TM(X509TrustManager tm) {
+            this.tm = tm;
+        }
+
+        public void checkClientTrusted(X509Certificate chain[], String authType)
+                throws CertificateException {
+            tm.checkClientTrusted(chain, authType);
+        }
+
+        public void checkServerTrusted(X509Certificate chain[], String authType)
+                throws CertificateException {
+            tm.checkServerTrusted(chain, authType);
+        }
+
+        public X509Certificate[] getAcceptedIssuers() {
+            List<X509Certificate> certs = new ArrayList<>();
+            try {
+                for (X509Certificate c : tm.getAcceptedIssuers()) {
+                    if (serverKS.getCertificateAlias(c).equals(keyAlias))
+                        certs.add(c);
+                }
+            } catch (KeyStoreException kse) {
+                throw new RuntimeException(kse);
+            }
+            return certs.toArray(new X509Certificate[certs.size()]);
+        }
+
+        public void checkClientTrusted(X509Certificate[] chain, String authType,
+                Socket socket) throws CertificateException {
+            tm.checkClientTrusted(chain, authType);
+        }
+
+        public void checkServerTrusted(X509Certificate[] chain, String authType,
+                Socket socket) throws CertificateException {
+            tm.checkServerTrusted(chain, authType);
+        }
+
+        public void checkClientTrusted(X509Certificate[] chain, String authType,
+            SSLEngine engine) throws CertificateException {
+            tm.checkClientTrusted(chain, authType);
+        }
+
+        public void checkServerTrusted(X509Certificate[] chain, String authType,
+            SSLEngine engine) throws CertificateException {
+            tm.checkServerTrusted(chain, authType);
+        }
+    }
+
 }
© 2007, 2022 Oracle and/or its affiliates
Terms of Use · Privacy · Trademarks