Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8366708

Test Plan for JEP 524: PEM Encodings of Cryptographic Objects (Second Preview)

XMLWordPrintable

      PEM is a textual encoding used for storing and transferring security objects, such as asymmetric keys, certificates, and certificate revocation lists (CRLs). New API will allow minimal statements to easily convert PEM to Java type and viceversa.

      1 Test Methodology

      Testing should be done on PEM syntax, API functionality, Negative cases for API, Interop with BC/OpenSSL, optionally on manipulated PEM which makes it syntactically correct but generates improper Keypair.

      2 Test Inventory (optional)

      Existing Tests

      In addition to modifying existing tests that use KeyPair and PKCS8EncodedKeySpec and the first preview tests, it would be best to add new test scenarios. This is the list of the tests that specifically target the PEM API, so these may need to be updated:

      • test/jdk/java/security/PEM/PEMEncoderTest.java
      • test/jdk/java/security/PEM/PEMDecoderTest.java However, as PEMRecord is renamed to PEM and doesn't change its functionality, it should be automatically covered by the first preview tests after renaming.

      New Tests

      In order to test PEMEncoder, the tests involving KeyPair and PKCS8EncodedKeySpec could be added to the existing group of tests in test/jdk/java/security/PEM/PEMEncoder.java. Similar logic to the current tests could be used. The same should be applied to the PEMDecoder and test/jdk/java/security/PEM/PEMDecoderTest.java. Potentially, test/jdk/javax/crypto/EncryptedPrivateKeyInfo/EncryptKey.java could be updated as well if there are any direct changes to the Encrypted Private Key API This approach should also cover encryptKey in the process, as this is part of the tests mentioned above.

      As mentioned in the first preview test plan:

      • Convert PEM -> Key and match expected type/algo and any other spec.
      • Convert Key -> PEM and use the generated PEM to create self signed certificate, import into keystore etc.
      • Convert PEM to Cert/CRL and viceversa
      • Is the API Threadsafe?
      • Test reused API Instances
      • Compatibility with OpenSSL/BC

      Negative

      • Decode wrong PEM header/footer (private/public/cert/CRL) with wrong combination.
      • Any DerEncoded binary in PEM format to Key
      • Null/empty/Exception/ for API calls

      Interop with OpenSSL/BC

      • Refer BC library PEM -> Key and Key -> PEM usage. Test Cross compatibility for keys, certificate and crl.
      • Cross compatibility with OpenSSL for keys, certificate and crl.

      Deprecated Tests

      N/A

            myankelevich Mikhail Yankelevich
            rhalade Rajan Halade
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: