1/*
2 * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/*
25 * @test
26 * @bug 6273877 6322208 6275523
27 * @summary make sure we can access the NSS softtoken KeyStore
28 *          and use a private key
29 * @author Andreas Sterbenz
30 * @library ..
31 * @modules jdk.crypto.cryptoki
32 * @run main/othervm GetPrivateKey
33 * @run main/othervm GetPrivateKey sm policy
34 */
35
36import java.io.File;
37import java.security.KeyStore;
38import java.security.PrivateKey;
39import java.security.Provider;
40import java.security.Security;
41import java.security.Signature;
42import java.security.cert.X509Certificate;
43import java.util.Collection;
44import java.util.Collections;
45import java.util.TreeSet;
46
47public class GetPrivateKey extends SecmodTest {
48
49    public static void main(String[] args) throws Exception {
50        if (initSecmod() == false) {
51            return;
52        }
53
54        String configName = BASE + SEP + "nss.cfg";
55        Provider p = getSunPKCS11(configName);
56
57        System.out.println(p);
58        Security.addProvider(p);
59
60        if (args.length > 1 && "sm".equals(args[0])) {
61            System.setProperty("java.security.policy",
62                    BASE + File.separator + args[1]);
63            System.setSecurityManager(new SecurityManager());
64        }
65
66        KeyStore ks = KeyStore.getInstance(PKCS11, p);
67        ks.load(null, password);
68        Collection<String> aliases = new TreeSet<>(
69                Collections.list(ks.aliases()));
70        System.out.println("entries: " + aliases.size());
71        System.out.println(aliases);
72
73        PrivateKey privateKey = (PrivateKey)ks.getKey(keyAlias, password);
74        System.out.println(privateKey);
75
76        byte[] data = generateData(1024);
77
78        System.out.println("Signing...");
79        Signature signature = Signature.getInstance("MD5withRSA");
80        signature.initSign(privateKey);
81        signature.update(data);
82        byte[] sig = signature.sign();
83
84        X509Certificate[] chain =
85                (X509Certificate[]) ks.getCertificateChain(keyAlias);
86        signature.initVerify(chain[0].getPublicKey());
87        signature.update(data);
88        boolean ok = signature.verify(sig);
89        if (ok == false) {
90            throw new Exception("Signature verification error");
91        }
92
93        System.out.println("OK");
94
95    }
96
97}
98