JDK-836732: Refactor PEM API tests requiring PEMRecord usage

myankelev · myankelev · commit 08e0fdb2bece · 2025-11-17T16:48:37.000Z
diff --git a/test/jdk/sun/security/rsa/TestKeyFactory.java b/test/jdk/sun/security/rsa/TestKeyFactory.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,14 +26,28 @@
  * @bug 4853305 8023980 8254717
  * @summary Test KeyFactory of the new RSA provider
  * @author Andreas Sterbenz
+ * @enablePreview
  */
 
-import java.io.*;
-import java.util.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.KeyStore;
+import java.security.PEM;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.interfaces.RSAPrivateCrtKey;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.RSAPrivateCrtKeySpec;
+import java.security.spec.RSAPrivateKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.security.spec.X509EncodedKeySpec;
 
-import java.security.*;
-import java.security.interfaces.*;
-import java.security.spec.*;
+import java.util.Arrays;
+import java.util.Enumeration;
 
 public class TestKeyFactory {
 
@@ -83,9 +97,9 @@ public class TestKeyFactory {
 
     private static final PrivateKey P1_PRIV;
     private static final PublicKey P1_PUB;
-
     static {
-        byte[] encodedPriv = Base64.getDecoder().decode(PKCS1_PRIV_STR);
+        byte[] encodedPriv =
+                new PEM("PRIVATE KEY", PKCS1_PRIV_STR).decode();
         P1_PRIV = new PrivateKey() {
             @Override
             public String getAlgorithm() {
@@ -100,7 +114,7 @@ public byte[] getEncoded() {
                 return encodedPriv.clone();
             }
         };
-        byte[] encodedPub = Base64.getDecoder().decode(PKCS1_PUB_STR);
+        byte[] encodedPub = new PEM("PRIVATE KEY", PKCS1_PUB_STR).decode();
         P1_PUB = new PublicKey() {
             @Override
             public String getAlgorithm() {
@@ -130,15 +144,15 @@ static KeyStore getKeyStore() throws Exception {
      * equivalent
      */
     private static void testKey(Key key1, Key key2) throws Exception {
-        if (key2.getAlgorithm().equals("RSA") == false) {
+        if (!key2.getAlgorithm().equals("RSA")) {
             throw new Exception("Algorithm not RSA");
         }
         if (key1 instanceof PublicKey) {
-            if (key2.getFormat().equals("X.509") == false) {
+            if (!key2.getFormat().equals("X.509")) {
                 throw new Exception("Format not X.509");
             }
         } else if (key1 instanceof PrivateKey) {
-            if (key2.getFormat().equals("PKCS#8") == false) {
+            if (!key2.getFormat().equals("PKCS#8")) {
                 throw new Exception("Format not PKCS#8: " + key2.getFormat());
             }
         }
@@ -204,18 +218,23 @@ private static void testPrivate(KeyFactory kf, PrivateKey key)
         KeySpec rsaSpec2 = kf.getKeySpec(key, RSAPrivateKeySpec.class);
         PrivateKey key6 = kf.generatePrivate(rsaSpec2);
         testKey(key6, key6);
-        if (key instanceof RSAPrivateCrtKey) {
-            RSAPrivateCrtKey rsaKey = (RSAPrivateCrtKey)key;
+        if (key instanceof RSAPrivateCrtKey rsaKey) {
             KeySpec rsaSpec3 = new RSAPrivateCrtKeySpec(rsaKey.getModulus(),
-                    rsaKey.getPublicExponent(), rsaKey.getPrivateExponent(), rsaKey.getPrimeP(), rsaKey.getPrimeQ(),
-                    rsaKey.getPrimeExponentP(), rsaKey.getPrimeExponentQ(), rsaKey.getCrtCoefficient(), rsaKey.getParams());
+                    rsaKey.getPublicExponent(),
+                    rsaKey.getPrivateExponent(),
+                    rsaKey.getPrimeP(),
+                    rsaKey.getPrimeQ(),
+                    rsaKey.getPrimeExponentP(),
+                    rsaKey.getPrimeExponentQ(),
+                    rsaKey.getCrtCoefficient(),
+                    rsaKey.getParams());
             PrivateKey key7 = kf.generatePrivate(rsaSpec3);
             testKey(key6, key7);
         }
     }
 
     private static void test(KeyFactory kf, Key key) throws Exception {
-        if (key.getAlgorithm().equals("RSA") == false) {
+        if (!key.getAlgorithm().equals("RSA")) {
             System.out.println("Not an RSA key, ignoring");
         }
         if (key instanceof PublicKey) {
diff --git a/test/jdk/sun/security/rsa/pss/PSSKeyCompatibility.java b/test/jdk/sun/security/rsa/pss/PSSKeyCompatibility.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,32 +21,34 @@
  * questions.
  */
 
-import java.io.ByteArrayInputStream;
 import java.security.Key;
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
+import java.security.PEM;
+import java.security.PEMDecoder;
+import java.security.PEMEncoder;
 import java.security.PrivateKey;
 import java.security.PublicKey;
+import java.security.Security;
 import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPrivateCrtKey;
 import java.security.interfaces.RSAPublicKey;
 import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.RSAPrivateCrtKeySpec;
 import java.security.spec.RSAPublicKeySpec;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.Arrays;
-import java.util.Base64;
 
 /**
  * @test
  * @bug 8242335
  * @summary OpenSSL generated compatibility test with RSASSA-PSS Java.
+ * @enablePreview
  * @run main PSSKeyCompatibility
  */
+
 public class PSSKeyCompatibility {
 
     private static final String ALGO = "RSASSA-PSS";
@@ -74,26 +76,34 @@ private static boolean validatePrivate(String algorithm, String provider,
             String type) {
 
         try {
-            KeyFactory kf = KeyFactory.getInstance(algorithm, provider);
-            PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(
-                    Base64.getMimeDecoder().decode(type));
-            PrivateKey priv = kf.generatePrivate(privSpec);
+            final PEMDecoder decoder = PEMDecoder.of()
+                    .withFactory(Security.getProvider(provider));
+            final PrivateKey priv = decoder.decode(
+                    new PEM("PRIVATE KEY", type).toString(),
+                    PrivateKey.class
+            );
 
-            RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey) priv;
-            PrivateKey priv1 = kf.generatePrivate(new RSAPrivateCrtKeySpec(
-                    crtKey.getModulus(),
-                    crtKey.getPublicExponent(),
-                    crtKey.getPrivateExponent(),
-                    crtKey.getPrimeP(),
-                    crtKey.getPrimeQ(),
-                    crtKey.getPrimeExponentP(),
-                    crtKey.getPrimeExponentQ(),
-                    crtKey.getCrtCoefficient(),
-                    crtKey.getParams()
-            ));
-            equals(priv, priv1);
+            if (priv instanceof RSAPrivateCrtKey crtKey) {
+                final KeyFactory kf = KeyFactory.getInstance(algorithm, provider);
+                final PrivateKey priv1 =
+                        kf.generatePrivate(new RSAPrivateCrtKeySpec(
+                                crtKey.getModulus(),
+                                crtKey.getPublicExponent(),
+                                crtKey.getPrivateExponent(),
+                                crtKey.getPrimeP(),
+                                crtKey.getPrimeQ(),
+                                crtKey.getPrimeExponentP(),
+                                crtKey.getPrimeExponentQ(),
+                                crtKey.getCrtCoefficient(),
+                                crtKey.getParams()
+                        ));
+                equals(priv, priv1);
+            } else {
+                throw new RuntimeException(
+                        "Private key is not RSAPrivateCrtKey");
+            }
         } catch (NoSuchAlgorithmException | InvalidKeySpecException
-                | NoSuchProviderException e) {
+                 | NoSuchProviderException e) {
             e.printStackTrace(System.out);
             return false;
         }
@@ -105,22 +115,28 @@ private static boolean validateCert(String algorithm, String provider,
             String type) {
 
         try {
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-            Certificate cert = cf.generateCertificate(
-                    new ByteArrayInputStream(type.getBytes()));
+            final Certificate cert = PEMDecoder.of()
+                    .decode(type, X509Certificate.class);
             System.out.println(cert);
-            KeyFactory kf = KeyFactory.getInstance(algorithm, provider);
-            X509EncodedKeySpec pubSpec = kf.getKeySpec(
-                    cert.getPublicKey(), X509EncodedKeySpec.class);
-            PublicKey pub = kf.generatePublic(pubSpec);
-            PublicKey pub1 = kf.generatePublic(new RSAPublicKeySpec(
-                    ((RSAPublicKey) pub).getModulus(),
-                    ((RSAPublicKey) pub).getPublicExponent(),
-                    ((RSAPublicKey) pub).getParams()));
+
+            final PEMDecoder decoder = PEMDecoder.of()
+                    .withFactory(Security.getProvider(provider));
+            final RSAPublicKey pub = decoder.decode(
+                    PEMEncoder.of().encodeToString(
+                            new X509EncodedKeySpec(
+                                    cert.getPublicKey().getEncoded())
+                    ),
+                    RSAPublicKey.class);
+
+            final KeyFactory kf = KeyFactory.getInstance(algorithm, provider);
+            final PublicKey pub1 = kf.generatePublic(new RSAPublicKeySpec(
+                    pub.getModulus(),
+                    pub.getPublicExponent(),
+                    pub.getParams()));
             equals(cert.getPublicKey(), pub);
             equals(pub, pub1);
-        } catch (CertificateException | NoSuchAlgorithmException
-                | InvalidKeySpecException | NoSuchProviderException e) {
+        } catch (NoSuchAlgorithmException
+                 | InvalidKeySpecException | NoSuchProviderException e) {
             e.printStackTrace(System.out);
             return false;
         }
diff --git a/test/jdk/sun/security/validator/PKIXValAndRevCheckTests.java b/test/jdk/sun/security/validator/PKIXValAndRevCheckTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2019, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,13 +27,14 @@
  * @summary Stapled OCSPResponses should be added to PKIXRevocationChecker
  *          irrespective of revocationEnabled flag
  * @library /test/lib
+ * @enablePreview
  * @modules java.base/sun.security.validator
  * @build jdk.test.lib.Convert
  * @run main PKIXValAndRevCheckTests
  */
 
-import java.io.ByteArrayInputStream;
-import java.io.UnsupportedEncodingException;
+import java.security.PEM;
+import java.security.PEMDecoder;
 import java.security.cert.CertPathValidator;
 import java.security.cert.CertPathValidatorException;
 import java.security.cert.CertPathValidatorException.BasicReason;
@@ -43,7 +44,6 @@
 import java.security.cert.PKIXRevocationChecker;
 import java.security.cert.TrustAnchor;
 import java.security.cert.X509Certificate;
-import java.util.Base64;
 import java.util.Collections;
 import java.util.Date;
 import java.util.List;
@@ -349,15 +349,24 @@ public class PKIXValAndRevCheckTests {
     static final Date VALID_DATE = new Date(1566007200000L);
 
     public static void main(String[] args) throws Exception {
-        CertificateFactory certFac = CertificateFactory.getInstance("X.509");
+        CertificateFactory certFac =
+                CertificateFactory.getInstance("X.509");
         CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
-        X509Certificate goodGuyCert = getCert(certFac, GOOD_SERVER_PEM);
-        X509Certificate badGuyCert = getCert(certFac, BAD_SERVER_PEM);
-        X509Certificate intCACert = getCert(certFac, INT_CA_PEM);
-        X509Certificate rootCACert = getCert(certFac, ROOT_CA_PEM);
-        byte[] goodOcspDer = pemToDer(GOOD_GUY_OCSP_PEM);
-        byte[] badOcspDer = pemToDer(BAD_GUY_OCSP_PEM);
-        byte[] intCAOcspDer = pemToDer(INT_CA_OCSP_PEM);
+        final PEMDecoder decoder = PEMDecoder.of();
+        X509Certificate goodGuyCert =
+                decoder.decode(GOOD_SERVER_PEM, X509Certificate.class);
+        X509Certificate badGuyCert =
+                decoder.decode(BAD_SERVER_PEM, X509Certificate.class);
+        X509Certificate intCACert =
+                decoder.decode(INT_CA_PEM, X509Certificate.class);
+        X509Certificate rootCACert =
+                decoder.decode(ROOT_CA_PEM, X509Certificate.class);
+        byte[] goodOcspDer =
+                new PEM("OCSP RESPONSE", GOOD_GUY_OCSP_PEM).decode();
+        byte[] badOcspDer =
+                new PEM("OCSP RESPONSE", BAD_GUY_OCSP_PEM).decode();
+        byte[] intCAOcspDer =
+                new PEM("OCSP RESPONSE",INT_CA_OCSP_PEM).decode();
         Set<TrustAnchor> trustAnchors =
                 Set.of(new TrustAnchor(rootCACert, null));
         PKIXRevocationChecker pkrc;
@@ -479,19 +488,4 @@ static void verifyCause(Throwable cause, Throwable expectedExc) {
             }
         }
     }
-
-    static X509Certificate getCert(CertificateFactory fac, String pemCert) {
-        try {
-            ByteArrayInputStream bais =
-                    new ByteArrayInputStream(pemCert.getBytes("UTF-8"));
-            return (X509Certificate)fac.generateCertificate(bais);
-        } catch (UnsupportedEncodingException | CertificateException exc) {
-            throw new RuntimeException(exc);
-        }
-    }
-
-    static byte[] pemToDer(String pemData) {
-        Base64.Decoder b64Dec = Base64.getMimeDecoder();
-        return b64Dec.decode(pemData);
-    }
 }
