test/jdk/javax/security/auth/Destroyable/KeyDestructionTest.java - platform/libcore - Git at Google

 /*
  * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * version 2 for more details (a copy is included in the LICENSE file that
  * accompanied this code).
  *
  * You should have received a copy of the GNU General Public License version
  * 2 along with this work; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  *
  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */

 /*
  * @test
  * @bug 6263419
  * @summary No way to clean the memory for a java.security.Key
  */

 import java.security.*;
 import java.util.*;
 import javax.crypto.*;
 import javax.security.auth.Destroyable;
 import javax.security.auth.DestroyFailedException;

 public class KeyDestructionTest {
     public static void main(String[] args) throws Exception {
         KeyPair keypair = generateKeyPair("RSA", 1024);

         // Check keys that support and have implemented key destruction
         testKeyDestruction(new MyDestroyableSecretKey());
         testKeyDestruction(new MyDestroyablePrivateKey());

         // Check keys that support but have not implemented key destruction
         testNoKeyDestruction(generateSecretKey("AES", 128));
         testNoKeyDestruction(keypair.getPrivate());

         // Check keys that do not support key destruction
         try {
             testKeyDestruction(keypair.getPublic());
         } catch (UnsupportedOperationException uoe) {
             // not an error
             System.out.println(keypair.getPublic().getClass().getName() +
                 " keys do not support key destruction");
         }

         System.out.println("PASSED.");
     }

     // Check the behaviour of a key that implements key destruction
     private static void testKeyDestruction(Key key) throws Exception {
         String klass = key.getClass().getName();
         boolean hasUsable = key instanceof Usable;

         try {
             key.getAlgorithm();
             key.getFormat();
             if (allZero(key.getEncoded())) {
                 throw new Exception("error: key destroyed prematurely");
             }
         } catch (IllegalStateException ise) {
             throw new Exception("error: unexpected ISE", ise);
         }

         if (hasUsable) {
             ((Usable) key).useKey();
         }

         destroyKey(key);

         try {
             if (hasUsable) {
                 ((Usable) key).useKey();
             }
         } catch (IllegalStateException ise) {
             // not an error
         }

         try {
             key.getAlgorithm();
             key.getFormat();
             if (!allZero(key.getEncoded())) {
                 throw new Exception("error: key destroyed incorrectly");
             }
         } catch (IllegalStateException ise) {
             // not an error
         }

         System.out.println("A " + klass +
             " key has been successfully destroyed");
     }

     // Check the behaviour of a key that does not implement key destruction
     private static void testNoKeyDestruction(Destroyable key)
         throws Exception {
         String klass = key.getClass().getName();

         if (key.isDestroyed()) {
             throw new Exception("error: a " + klass +
                 " key has been unexpectedly destroyed");
         }
         try {
             key.destroy();
         } catch (DestroyFailedException dfe) {
             // not an error

             if (key.isDestroyed()) {
                 throw new Exception("error: a " + klass +
                     " key has been unexpectedly destroyed");
             }
             System.out.println(klass + " keys are not destroyable");
             return;
         }
         throw new Exception("error: key may been unexpectedly destroyed");
     }

     private static KeyPair generateKeyPair(String algorithm, int size)
         throws NoSuchAlgorithmException {
         KeyPairGenerator generator = KeyPairGenerator.getInstance(algorithm);
         generator.initialize(size);
         return generator.genKeyPair();
     }

     private static SecretKey generateSecretKey(String algorithm, int size)
         throws NoSuchAlgorithmException {
         KeyGenerator generator = KeyGenerator.getInstance(algorithm);
         generator.init(size);
         return generator.generateKey();
     }

     private static void destroyKey(Key key) throws Exception {
         String klass = key.getClass().getName();

         if (!(key instanceof Destroyable)) {
             throw new UnsupportedOperationException();
         }

         Destroyable dKey = (Destroyable) key;
         if (dKey.isDestroyed()) {
             throw new Exception("error: a " + klass +
                 " key has already been destroyed");
         }
         dKey.destroy();
         if (!dKey.isDestroyed()) {
             throw new Exception("error: a " + klass +
                 " key has NOT been destroyed");
         }
     }

     private static boolean allZero(byte[] bytes) {
         int count = 0;
         for (byte b : bytes) {
             if (b == 0x00) {
                 count++;
             }
         }
         return (bytes.length == count);
     }
 }

 interface Usable {
     public void useKey();
 }

 class MyDestroyableSecretKey implements SecretKey, Usable {
     private byte[] encoded = new byte[]{0x0F, 0x1F, 0x2F, 0x3F}; // non-zero
     private boolean isDestroyed = false;

     @Override
     public void useKey() {
         if (isDestroyed) {
             throw new IllegalStateException();
         }
     }

     @Override
     public String getAlgorithm() {
         return "MyDestroyableSecretKey algorithm";
     }

     @Override
     public String getFormat() {
         return "MyDestroyableSecretKey format";
     }

     @Override
     public byte[] getEncoded() {
         return this.encoded;
     }

     @Override
     public void destroy() throws DestroyFailedException {
         if (!this.isDestroyed) {
             Arrays.fill(encoded, (byte) 0);
             this.isDestroyed = true;
         }
     }

     @Override
     public boolean isDestroyed() {
         return this.isDestroyed;
     }
 }

 class MyDestroyablePrivateKey implements PrivateKey, Usable {
     private byte[] encoded = new byte[]{0x4F, 0x5F, 0x6F, 0x7F}; // non-zero
     private boolean isDestroyed = false;

     @Override
     public void useKey() {
         if (isDestroyed) {
             throw new IllegalStateException();
         }
     }

     @Override
     public String getAlgorithm() {
         return "MyDestroyablePrivateKey algorithm";
     }

     @Override
     public String getFormat() {
         return "MyDestroyablePrivateKey format";
     }

     @Override
     public byte[] getEncoded() {
         return this.encoded;
     }

     @Override
     public void destroy() throws DestroyFailedException {
         if (!this.isDestroyed) {
             Arrays.fill(encoded, (byte) 0);
             this.isDestroyed = true;
         }
     }

     @Override
     public boolean isDestroyed() {
         return this.isDestroyed;
     }
 }
	/*
	* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	/*
	* @test
	* @bug 6263419
	* @summary No way to clean the memory for a java.security.Key
	*/

	import java.security.*;
	import java.util.*;
	import javax.crypto.*;
	import javax.security.auth.Destroyable;
	import javax.security.auth.DestroyFailedException;

	public class KeyDestructionTest {
	public static void main(String[] args) throws Exception {
	KeyPair keypair = generateKeyPair("RSA", 1024);

	// Check keys that support and have implemented key destruction
	testKeyDestruction(new MyDestroyableSecretKey());
	testKeyDestruction(new MyDestroyablePrivateKey());

	// Check keys that support but have not implemented key destruction
	testNoKeyDestruction(generateSecretKey("AES", 128));
	testNoKeyDestruction(keypair.getPrivate());

	// Check keys that do not support key destruction
	try {
	testKeyDestruction(keypair.getPublic());
	} catch (UnsupportedOperationException uoe) {
	// not an error
	System.out.println(keypair.getPublic().getClass().getName() +
	" keys do not support key destruction");
	}

	System.out.println("PASSED.");
	}

	// Check the behaviour of a key that implements key destruction
	private static void testKeyDestruction(Key key) throws Exception {
	String klass = key.getClass().getName();
	boolean hasUsable = key instanceof Usable;

	try {
	key.getAlgorithm();
	key.getFormat();
	if (allZero(key.getEncoded())) {
	throw new Exception("error: key destroyed prematurely");
	}
	} catch (IllegalStateException ise) {
	throw new Exception("error: unexpected ISE", ise);
	}

	if (hasUsable) {
	((Usable) key).useKey();
	}

	destroyKey(key);

	try {
	if (hasUsable) {
	((Usable) key).useKey();
	}
	} catch (IllegalStateException ise) {
	// not an error
	}

	try {
	key.getAlgorithm();
	key.getFormat();
	if (!allZero(key.getEncoded())) {
	throw new Exception("error: key destroyed incorrectly");
	}
	} catch (IllegalStateException ise) {
	// not an error
	}

	System.out.println("A " + klass +
	" key has been successfully destroyed");
	}

	// Check the behaviour of a key that does not implement key destruction
	private static void testNoKeyDestruction(Destroyable key)
	throws Exception {
	String klass = key.getClass().getName();

	if (key.isDestroyed()) {
	throw new Exception("error: a " + klass +
	" key has been unexpectedly destroyed");
	}
	try {
	key.destroy();
	} catch (DestroyFailedException dfe) {
	// not an error

	if (key.isDestroyed()) {
	throw new Exception("error: a " + klass +
	" key has been unexpectedly destroyed");
	}
	System.out.println(klass + " keys are not destroyable");
	return;
	}
	throw new Exception("error: key may been unexpectedly destroyed");
	}

	private static KeyPair generateKeyPair(String algorithm, int size)
	throws NoSuchAlgorithmException {
	KeyPairGenerator generator = KeyPairGenerator.getInstance(algorithm);
	generator.initialize(size);
	return generator.genKeyPair();
	}

	private static SecretKey generateSecretKey(String algorithm, int size)
	throws NoSuchAlgorithmException {
	KeyGenerator generator = KeyGenerator.getInstance(algorithm);
	generator.init(size);
	return generator.generateKey();
	}

	private static void destroyKey(Key key) throws Exception {
	String klass = key.getClass().getName();

	if (!(key instanceof Destroyable)) {
	throw new UnsupportedOperationException();
	}

	Destroyable dKey = (Destroyable) key;
	if (dKey.isDestroyed()) {
	throw new Exception("error: a " + klass +
	" key has already been destroyed");
	}
	dKey.destroy();
	if (!dKey.isDestroyed()) {
	throw new Exception("error: a " + klass +
	" key has NOT been destroyed");
	}
	}

	private static boolean allZero(byte[] bytes) {
	int count = 0;
	for (byte b : bytes) {
	if (b == 0x00) {
	count++;
	}
	}
	return (bytes.length == count);
	}
	}

	interface Usable {
	public void useKey();
	}

	class MyDestroyableSecretKey implements SecretKey, Usable {
	private byte[] encoded = new byte[]{0x0F, 0x1F, 0x2F, 0x3F}; // non-zero
	private boolean isDestroyed = false;

	@Override
	public void useKey() {
	if (isDestroyed) {
	throw new IllegalStateException();
	}
	}

	@Override
	public String getAlgorithm() {
	return "MyDestroyableSecretKey algorithm";
	}

	@Override
	public String getFormat() {
	return "MyDestroyableSecretKey format";
	}

	@Override
	public byte[] getEncoded() {
	return this.encoded;
	}

	@Override
	public void destroy() throws DestroyFailedException {
	if (!this.isDestroyed) {
	Arrays.fill(encoded, (byte) 0);
	this.isDestroyed = true;
	}
	}

	@Override
	public boolean isDestroyed() {
	return this.isDestroyed;
	}
	}

	class MyDestroyablePrivateKey implements PrivateKey, Usable {
	private byte[] encoded = new byte[]{0x4F, 0x5F, 0x6F, 0x7F}; // non-zero
	private boolean isDestroyed = false;

	@Override
	public void useKey() {
	if (isDestroyed) {
	throw new IllegalStateException();
	}
	}

	@Override
	public String getAlgorithm() {
	return "MyDestroyablePrivateKey algorithm";
	}

	@Override
	public String getFormat() {
	return "MyDestroyablePrivateKey format";
	}

	@Override
	public byte[] getEncoded() {
	return this.encoded;
	}

	@Override
	public void destroy() throws DestroyFailedException {
	if (!this.isDestroyed) {
	Arrays.fill(encoded, (byte) 0);
	this.isDestroyed = true;
	}
	}

	@Override
	public boolean isDestroyed() {
	return this.isDestroyed;
	}
	}