Details
-
Bug
-
Resolution: Fixed
-
P3
-
1.3.0, 5.0
-
tiger
-
generic, x86
-
generic, windows_nt
Description
JDK build
Tiger 1.5 b13
Since SHA256withRSA, SHA384withRSA, SHA512witRSA are new sig. algo. introduced for tiger
Testing Scenario
1. using keytool to generate a JCE Keystore with SHA384withRSA as signature algo.
2. write a test to retrieve the x509 cert from that JCE KeyStore
3. try to retrieve the sig. algo. name from that x509 cert
4. expecting SHA384withRSA, but I got 1.2.840.113549.1.1.12 which is the OID of that sig. algo.
How to reproduce
1. generate JCE Keystore using keytool
$JAVA_HOME/bin/keytool -genkey -storetype JCEKS -keyalg RSA -keysize 768 -sigalg SHA384withRSA -dname cn=YunKe -keypass keypasswd -keystore KeyStoreFromKeyTool -storepass storepasswd
2. list the keystore by using
$JAVA_HOME/bin/keytool -list -keystore KeyStoreFromKeyTool -storepass storepasswd -storetype JCEKS
3. copy and compile the following test code
=========================================================
import java.io.PrintStream;
import java.io.IOException;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.security.KeyStore;
import java.security.Security;
import javax.crypto.*;
public class testSigAlgo {
char [] passwdStore = new String("storepasswd").toCharArray();
char [] passwdKey = new String("keypasswd").toCharArray();
FileInputStream inStream = null;
String keyStoreName="KeyStoreFromKeyTool";
String alias="mykey";
public void run(String args[], PrintStream log, PrintStream out) {
try {
KeyStore ks = KeyStore.getInstance("jceks");
inStream = new FileInputStream(keyStoreName);
// load a keystore which was generated from keytool
ks.load(inStream, passwdStore);
out.println("Provider of KeyStore is " + ks.getProvider().getName());
out.println("Type of KeyStore is " + ks.getType());
X509Certificate cer = (X509Certificate) ks.getCertificate(alias);
out.println("The signature algo. OID is "+cer.getSigAlgOID());
out.println("The signature algo. Name is "+cer.getSigAlgName());
}
catch (Exception ex) {
out.println("ERROR: unexpected exception - ");
ex.printStackTrace();
out.println("STATUS:Failed.");
}
}
public static void main(String args[]) {
testSigAlgo jstest = new testSigAlgo();
jstest.run(args, System.err, System.out);
}
}
=========================================================
4. $JAVA_HOME/bin/java testSigAlgo
5. you will see
=========================================================
nm-dtf-004.SFBay.Sun.COM:/home/stuartk/tmp/JCE/KeyStore( 41 )%java testSigAlgo.^R
java testSigAlgo
Provider of KeyStore is SunJCE
Type of KeyStore is jceks
The signature algo. OID is 1.2.840.113549.1.1.12
The signature algo. Name is 1.2.840.113549.1.1.12
=========================================================
As you can see, I got the same output no matter which one I used
(either getSigAlgOID() or getSigAlgName())
Note:
The same test work with SHA1withRSA, MD2withRSA, MD5withRSA, only failed
with those new algo. (SHA256withRSA, SHA384withRSA, SHA512witRSA)
Tiger 1.5 b13
Since SHA256withRSA, SHA384withRSA, SHA512witRSA are new sig. algo. introduced for tiger
Testing Scenario
1. using keytool to generate a JCE Keystore with SHA384withRSA as signature algo.
2. write a test to retrieve the x509 cert from that JCE KeyStore
3. try to retrieve the sig. algo. name from that x509 cert
4. expecting SHA384withRSA, but I got 1.2.840.113549.1.1.12 which is the OID of that sig. algo.
How to reproduce
1. generate JCE Keystore using keytool
$JAVA_HOME/bin/keytool -genkey -storetype JCEKS -keyalg RSA -keysize 768 -sigalg SHA384withRSA -dname cn=YunKe -keypass keypasswd -keystore KeyStoreFromKeyTool -storepass storepasswd
2. list the keystore by using
$JAVA_HOME/bin/keytool -list -keystore KeyStoreFromKeyTool -storepass storepasswd -storetype JCEKS
3. copy and compile the following test code
=========================================================
import java.io.PrintStream;
import java.io.IOException;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.security.KeyStore;
import java.security.Security;
import javax.crypto.*;
public class testSigAlgo {
char [] passwdStore = new String("storepasswd").toCharArray();
char [] passwdKey = new String("keypasswd").toCharArray();
FileInputStream inStream = null;
String keyStoreName="KeyStoreFromKeyTool";
String alias="mykey";
public void run(String args[], PrintStream log, PrintStream out) {
try {
KeyStore ks = KeyStore.getInstance("jceks");
inStream = new FileInputStream(keyStoreName);
// load a keystore which was generated from keytool
ks.load(inStream, passwdStore);
out.println("Provider of KeyStore is " + ks.getProvider().getName());
out.println("Type of KeyStore is " + ks.getType());
X509Certificate cer = (X509Certificate) ks.getCertificate(alias);
out.println("The signature algo. OID is "+cer.getSigAlgOID());
out.println("The signature algo. Name is "+cer.getSigAlgName());
}
catch (Exception ex) {
out.println("ERROR: unexpected exception - ");
ex.printStackTrace();
out.println("STATUS:Failed.");
}
}
public static void main(String args[]) {
testSigAlgo jstest = new testSigAlgo();
jstest.run(args, System.err, System.out);
}
}
=========================================================
4. $JAVA_HOME/bin/java testSigAlgo
5. you will see
=========================================================
nm-dtf-004.SFBay.Sun.COM:/home/stuartk/tmp/JCE/KeyStore( 41 )%java testSigAlgo.^R
java testSigAlgo
Provider of KeyStore is SunJCE
Type of KeyStore is jceks
The signature algo. OID is 1.2.840.113549.1.1.12
The signature algo. Name is 1.2.840.113549.1.1.12
=========================================================
As you can see, I got the same output no matter which one I used
(either getSigAlgOID() or getSigAlgName())
Note:
The same test work with SHA1withRSA, MD2withRSA, MD5withRSA, only failed
with those new algo. (SHA256withRSA, SHA384withRSA, SHA512witRSA)
Attachments
Issue Links
- duplicates
-
JDK-4381928 Functional error in java.security.cert.X509Certificate.getSigAlgName
-
- Closed
-