author | weijun |
Fri, 15 Nov 2019 09:06:58 +0800 | |
changeset 59104 | 046e4024e55a |
parent 52996 | 2457d862a646 |
permissions | -rw-r--r-- |
52996
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
1 |
/* |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
2 |
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
4 |
* |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
8 |
* |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
13 |
* accompanied this code). |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
14 |
* |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
15 |
* You should have received a copy of the GNU General Public License version |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
18 |
* |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
20 |
* or visit www.oracle.com if you need additional information or have any |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
21 |
* questions. |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
22 |
*/ |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
23 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
24 |
/* |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
25 |
* @test |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
26 |
* @bug 8076190 |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
27 |
* @library /test/lib |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
28 |
* @modules java.base/sun.security.pkcs |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
29 |
* java.base/sun.security.x509 |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
30 |
* java.base/sun.security.util |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
31 |
* @summary Customizing the generation of a PKCS12 keystore |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
32 |
*/ |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
33 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
34 |
import jdk.test.lib.Asserts; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
35 |
import jdk.test.lib.SecurityTools; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
36 |
import jdk.test.lib.process.OutputAnalyzer; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
37 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
38 |
import java.io.File; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
39 |
import java.io.FileInputStream; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
40 |
import java.io.FileOutputStream; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
41 |
import java.io.IOException; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
42 |
import java.io.InputStream; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
43 |
import java.io.OutputStream; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
44 |
import java.io.UncheckedIOException; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
45 |
import java.nio.file.Files; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
46 |
import java.nio.file.Path; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
47 |
import java.security.KeyStore; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
48 |
import java.util.Base64; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
49 |
import java.util.Objects; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
50 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
51 |
import static jdk.test.lib.security.DerUtils.*; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
52 |
import static sun.security.x509.AlgorithmId.*; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
53 |
import static sun.security.pkcs.ContentInfo.*; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
54 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
55 |
public class ParamsTest { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
56 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
57 |
public static void main(String[] args) throws Throwable { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
58 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
59 |
// De-BASE64 textual files in ./params to `pwd` |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
60 |
Files.newDirectoryStream(Path.of(System.getProperty("test.src"), "params")) |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
61 |
.forEach(p -> { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
62 |
try (InputStream is = Files.newInputStream(p); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
63 |
OutputStream os = Files.newOutputStream(p.getFileName())){ |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
64 |
Base64.getMimeDecoder().wrap(is).transferTo(os); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
65 |
} catch (IOException e) { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
66 |
throw new UncheckedIOException(e); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
67 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
68 |
}); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
69 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
70 |
byte[] data; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
71 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
72 |
// openssl -> keytool interop check |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
73 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
74 |
// os2. no cert pbe, no mac. |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
75 |
check("os2", "a", null, "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
76 |
check("os2", "a", "changeit", "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
77 |
// You can even load it with a wrong storepass, controversial |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
78 |
check("os2", "a", "wrongpass", "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
79 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
80 |
// os3. no cert pbe, has mac. just like JKS |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
81 |
check("os3", "a", null, "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
82 |
check("os3", "a", "changeit", "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
83 |
// Cannot load with a wrong storepass, same as JKS |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
84 |
check("os3", "a", "wrongpass", "-", IOException.class, "-", "-"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
85 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
86 |
// os4. non default algs |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
87 |
check("os4", "a", "changeit", "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
88 |
check("os4", "a", "wrongpass", "-", IOException.class, "-", "-"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
89 |
// no storepass no cert |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
90 |
check("os4", "a", null, "changeit", true, false, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
91 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
92 |
// os5. strong non default algs |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
93 |
check("os5", "a", "changeit", "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
94 |
check("os5", "a", "wrongpass", "-", IOException.class, "-", "-"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
95 |
// no storepass no cert |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
96 |
check("os5", "a", null, "changeit", true, false, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
97 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
98 |
// keytool |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
99 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
100 |
// Current default pkcs12 setting |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
101 |
keytool("-importkeystore -srckeystore ks -srcstorepass changeit " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
102 |
+ "-destkeystore ksnormal -deststorepass changeit"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
103 |
data = Files.readAllBytes(Path.of("ksnormal")); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
104 |
checkInt(data, "22", 100000); // Mac ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
105 |
checkAlg(data, "2000", SHA_oid); // Mac alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
106 |
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
107 |
checkInt(data, "110c010c010011", 50000); // key ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
108 |
checkAlg(data, "110c10", ENCRYPTED_DATA_OID); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
109 |
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
110 |
checkInt(data, "110c1101111", 50000); // cert ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
111 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
112 |
check("ksnormal", "a", "changeit", "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
113 |
check("ksnormal", "a", null, "changeit", true, false, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
114 |
check("ksnormal", "a", "wrongpass", "-", IOException.class, "-", "-"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
115 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
116 |
// Add a new entry with password-less settings, still has a storepass |
59104 | 117 |
keytool("-keystore ksnormal -genkeypair -keyalg DSA " |
118 |
+ "-storepass changeit -alias b -dname CN=b " |
|
52996
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
119 |
+ "-J-Dkeystore.pkcs12.certProtectionAlgorithm=NONE " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
120 |
+ "-J-Dkeystore.pkcs12.macAlgorithm=NONE"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
121 |
data = Files.readAllBytes(Path.of("ksnormal")); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
122 |
checkInt(data, "22", 100000); // Mac ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
123 |
checkAlg(data, "2000", SHA_oid); // Mac alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
124 |
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
125 |
checkInt(data, "110c010c010011", 50000); // key ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
126 |
checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid); // new key alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
127 |
checkInt(data, "110c010c110011", 50000); // new key ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
128 |
checkAlg(data, "110c10", ENCRYPTED_DATA_OID); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
129 |
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
130 |
checkInt(data, "110c1101111", 50000); // cert ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
131 |
check("ksnormal", "b", null, "changeit", true, false, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
132 |
check("ksnormal", "b", "changeit", "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
133 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
134 |
// Different keypbe alg, no cert pbe and no mac |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
135 |
keytool("-importkeystore -srckeystore ks -srcstorepass changeit " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
136 |
+ "-destkeystore ksnopass -deststorepass changeit " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
137 |
+ "-J-Dkeystore.pkcs12.keyProtectionAlgorithm=PBEWithSHA1AndRC4_128 " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
138 |
+ "-J-Dkeystore.pkcs12.certProtectionAlgorithm=NONE " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
139 |
+ "-J-Dkeystore.pkcs12.macAlgorithm=NONE"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
140 |
data = Files.readAllBytes(Path.of("ksnopass")); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
141 |
shouldNotExist(data, "2"); // no Mac |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
142 |
checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
143 |
checkInt(data, "110c010c010011", 50000); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
144 |
checkAlg(data, "110c10", DATA_OID); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
145 |
check("ksnopass", "a", null, "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
146 |
check("ksnopass", "a", "changeit", "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
147 |
check("ksnopass", "a", "wrongpass", "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
148 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
149 |
// Add a new entry with normal settings, still password-less |
59104 | 150 |
keytool("-keystore ksnopass -genkeypair -keyalg DSA " |
151 |
+ "-storepass changeit -alias b -dname CN=B"); |
|
52996
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
152 |
data = Files.readAllBytes(Path.of("ksnopass")); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
153 |
shouldNotExist(data, "2"); // no Mac |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
154 |
checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
155 |
checkInt(data, "110c010c010011", 50000); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
156 |
checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
157 |
checkInt(data, "110c010c110011", 50000); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
158 |
checkAlg(data, "110c10", DATA_OID); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
159 |
check("ksnopass", "a", null, "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
160 |
check("ksnopass", "b", null, "changeit", true, true, true); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
161 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
162 |
keytool("-importkeystore -srckeystore ks -srcstorepass changeit " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
163 |
+ "-destkeystore ksnewic -deststorepass changeit " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
164 |
+ "-J-Dkeystore.pkcs12.macIterationCount=5555 " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
165 |
+ "-J-Dkeystore.pkcs12.certPbeIterationCount=6666 " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
166 |
+ "-J-Dkeystore.pkcs12.keyPbeIterationCount=7777"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
167 |
data = Files.readAllBytes(Path.of("ksnewic")); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
168 |
checkInt(data, "22", 5555); // Mac ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
169 |
checkAlg(data, "2000", SHA_oid); // Mac alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
170 |
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
171 |
checkInt(data, "110c010c010011", 7777); // key ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
172 |
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
173 |
checkInt(data, "110c1101111", 6666); // cert ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
174 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
175 |
// keypbe alg cannot be NONE |
59104 | 176 |
keytool("-keystore ksnewic -genkeypair -keyalg DSA " |
177 |
+ "-storepass changeit -alias b -dname CN=B " |
|
52996
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
178 |
+ "-J-Dkeystore.pkcs12.keyProtectionAlgorithm=NONE") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
179 |
.shouldContain("NONE AlgorithmParameters not available") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
180 |
.shouldHaveExitValue(1); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
181 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
182 |
// new entry new keypbe alg (and default ic), else unchanged |
59104 | 183 |
keytool("-keystore ksnewic -genkeypair -keyalg DSA " |
184 |
+ "-storepass changeit -alias b -dname CN=B " |
|
52996
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
185 |
+ "-J-Dkeystore.pkcs12.keyProtectionAlgorithm=PBEWithSHA1AndRC4_128"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
186 |
data = Files.readAllBytes(Path.of("ksnewic")); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
187 |
checkInt(data, "22", 5555); // Mac ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
188 |
checkAlg(data, "2000", SHA_oid); // Mac alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
189 |
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
190 |
checkInt(data, "110c010c010011", 7777); // key ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
191 |
checkAlg(data, "110c010c11000", pbeWithSHA1AndRC4_128_oid); // new key alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
192 |
checkInt(data, "110c010c110011", 50000); // new key ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
193 |
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
194 |
checkInt(data, "110c1101111", 6666); // cert ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
195 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
196 |
// Check KeyStore loading multiple keystores |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
197 |
KeyStore ks = KeyStore.getInstance("pkcs12"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
198 |
try (FileInputStream fis = new FileInputStream("ksnormal"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
199 |
FileOutputStream fos = new FileOutputStream("ksnormaldup")) { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
200 |
ks.load(fis, "changeit".toCharArray()); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
201 |
ks.store(fos, "changeit".toCharArray()); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
202 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
203 |
data = Files.readAllBytes(Path.of("ksnormaldup")); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
204 |
checkInt(data, "22", 100000); // Mac ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
205 |
checkAlg(data, "2000", SHA_oid); // Mac alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
206 |
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
207 |
checkInt(data, "110c010c010011", 50000); // key ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
208 |
checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid); // new key alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
209 |
checkInt(data, "110c010c110011", 50000); // new key ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
210 |
checkAlg(data, "110c10", ENCRYPTED_DATA_OID); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
211 |
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
212 |
checkInt(data, "110c1101111", 50000); // cert ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
213 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
214 |
try (FileInputStream fis = new FileInputStream("ksnopass"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
215 |
FileOutputStream fos = new FileOutputStream("ksnopassdup")) { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
216 |
ks.load(fis, "changeit".toCharArray()); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
217 |
ks.store(fos, "changeit".toCharArray()); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
218 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
219 |
data = Files.readAllBytes(Path.of("ksnopassdup")); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
220 |
shouldNotExist(data, "2"); // no Mac |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
221 |
checkAlg(data, "110c010c01000", pbeWithSHA1AndRC4_128_oid); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
222 |
checkInt(data, "110c010c010011", 50000); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
223 |
checkAlg(data, "110c010c11000", pbeWithSHA1AndDESede_oid); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
224 |
checkInt(data, "110c010c110011", 50000); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
225 |
checkAlg(data, "110c10", DATA_OID); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
226 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
227 |
try (FileInputStream fis = new FileInputStream("ksnewic"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
228 |
FileOutputStream fos = new FileOutputStream("ksnewicdup")) { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
229 |
ks.load(fis, "changeit".toCharArray()); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
230 |
ks.store(fos, "changeit".toCharArray()); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
231 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
232 |
data = Files.readAllBytes(Path.of("ksnewicdup")); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
233 |
checkInt(data, "22", 5555); // Mac ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
234 |
checkAlg(data, "2000", SHA_oid); // Mac alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
235 |
checkAlg(data, "110c010c01000", pbeWithSHA1AndDESede_oid); // key alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
236 |
checkInt(data, "110c010c010011", 7777); // key ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
237 |
checkAlg(data, "110c010c11000", pbeWithSHA1AndRC4_128_oid); // new key alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
238 |
checkInt(data, "110c010c110011", 50000); // new key ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
239 |
checkAlg(data, "110c110110", pbeWithSHA1AndRC2_40_oid); // cert alg |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
240 |
checkInt(data, "110c1101111", 6666); // cert ic |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
241 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
242 |
// Check keytool behavior |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
243 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
244 |
// ksnormal has password |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
245 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
246 |
keytool("-list -keystore ksnormal") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
247 |
.shouldContain("WARNING WARNING WARNING") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
248 |
.shouldContain("Certificate chain length: 0"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
249 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
250 |
SecurityTools.setResponse("changeit"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
251 |
keytool("-list -keystore ksnormal") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
252 |
.shouldNotContain("WARNING WARNING WARNING") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
253 |
.shouldContain("Certificate fingerprint"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
254 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
255 |
// ksnopass is password-less |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
256 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
257 |
keytool("-list -keystore ksnopass") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
258 |
.shouldNotContain("WARNING WARNING WARNING") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
259 |
.shouldContain("Certificate fingerprint"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
260 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
261 |
// -certreq prompts for keypass |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
262 |
SecurityTools.setResponse("changeit"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
263 |
keytool("-certreq -alias a -keystore ksnopass") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
264 |
.shouldContain("Enter key password for <a>") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
265 |
.shouldContain("-----BEGIN NEW CERTIFICATE REQUEST-----") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
266 |
.shouldHaveExitValue(0); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
267 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
268 |
// -certreq -storepass works fine |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
269 |
keytool("-certreq -alias a -keystore ksnopass -storepass changeit") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
270 |
.shouldNotContain("Enter key password for <a>") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
271 |
.shouldContain("-----BEGIN NEW CERTIFICATE REQUEST-----") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
272 |
.shouldHaveExitValue(0); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
273 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
274 |
// -certreq -keypass also works fine |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
275 |
keytool("-certreq -alias a -keystore ksnopass -keypass changeit") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
276 |
.shouldNotContain("Enter key password for <a>") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
277 |
.shouldContain("-----BEGIN NEW CERTIFICATE REQUEST-----") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
278 |
.shouldHaveExitValue(0); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
279 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
280 |
// -importkeystore prompts for srckeypass |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
281 |
SecurityTools.setResponse("changeit", "changeit"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
282 |
keytool("-importkeystore -srckeystore ksnopass " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
283 |
+ "-destkeystore jks3 -deststorepass changeit") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
284 |
.shouldContain("Enter key password for <a>") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
285 |
.shouldContain("Enter key password for <b>") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
286 |
.shouldContain("2 entries successfully imported"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
287 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
288 |
// ksnopass2 is ksnopass + 2 cert entries |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
289 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
290 |
ks = KeyStore.getInstance(new File("ksnopass"), (char[])null); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
291 |
ks.setCertificateEntry("aa", ks.getCertificate("a")); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
292 |
ks.setCertificateEntry("bb", ks.getCertificate("b")); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
293 |
try (FileOutputStream fos = new FileOutputStream("ksnopass2")) { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
294 |
ks.store(fos, null); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
295 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
296 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
297 |
// -importkeystore prompts for srckeypass for private keys |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
298 |
// and no prompt for certs |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
299 |
SecurityTools.setResponse("changeit", "changeit"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
300 |
keytool("-importkeystore -srckeystore ksnopass2 " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
301 |
+ "-destkeystore jks5 -deststorepass changeit") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
302 |
.shouldContain("Enter key password for <a>") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
303 |
.shouldContain("Enter key password for <b>") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
304 |
.shouldNotContain("Enter key password for <aa>") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
305 |
.shouldNotContain("Enter key password for <bb>") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
306 |
.shouldContain("4 entries successfully imported"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
307 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
308 |
// ksonlycert has only cert entries |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
309 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
310 |
ks.deleteEntry("a"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
311 |
ks.deleteEntry("b"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
312 |
try (FileOutputStream fos = new FileOutputStream("ksonlycert")) { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
313 |
ks.store(fos, null); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
314 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
315 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
316 |
// -importkeystore does not prompt at all |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
317 |
keytool("-importkeystore -srckeystore ksonlycert " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
318 |
+ "-destkeystore jks6 -deststorepass changeit") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
319 |
.shouldNotContain("Enter key password for <aa>") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
320 |
.shouldNotContain("Enter key password for <bb>") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
321 |
.shouldContain("2 entries successfully imported"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
322 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
323 |
// create a new password-less keystore |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
324 |
keytool("-keystore ksnopass -exportcert -alias a -file a.cert -rfc"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
325 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
326 |
// Normally storepass is prompted for |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
327 |
keytool("-keystore kscert1 -importcert -alias a -file a.cert -noprompt") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
328 |
.shouldContain("Enter keystore password:"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
329 |
keytool("-keystore kscert2 -importcert -alias a -file a.cert -noprompt " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
330 |
+ "-J-Dkeystore.pkcs12.certProtectionAlgorithm=NONE") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
331 |
.shouldContain("Enter keystore password:"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
332 |
keytool("-keystore kscert3 -importcert -alias a -file a.cert -noprompt " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
333 |
+ "-J-Dkeystore.pkcs12.macAlgorithm=NONE") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
334 |
.shouldContain("Enter keystore password:"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
335 |
// ... but not if it's password-less |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
336 |
keytool("-keystore kscert4 -importcert -alias a -file a.cert -noprompt " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
337 |
+ "-J-Dkeystore.pkcs12.certProtectionAlgorithm=NONE " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
338 |
+ "-J-Dkeystore.pkcs12.macAlgorithm=NONE") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
339 |
.shouldNotContain("Enter keystore password:"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
340 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
341 |
// still prompt for keypass for genkeypair and certreq |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
342 |
SecurityTools.setResponse("changeit", "changeit"); |
59104 | 343 |
keytool("-keystore ksnopassnew -genkeypair -keyalg DSA " |
344 |
+ "-alias a -dname CN=A " |
|
52996
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
345 |
+ "-J-Dkeystore.pkcs12.certProtectionAlgorithm=NONE " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
346 |
+ "-J-Dkeystore.pkcs12.macAlgorithm=NONE") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
347 |
.shouldNotContain("Enter keystore password:") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
348 |
.shouldContain("Enter key password for <a>"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
349 |
keytool("-keystore ksnopassnew -certreq -alias a") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
350 |
.shouldNotContain("Enter keystore password:") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
351 |
.shouldContain("Enter key password for <a>"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
352 |
keytool("-keystore ksnopassnew -list -v -alias a") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
353 |
.shouldNotContain("Enter keystore password:") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
354 |
.shouldNotContain("Enter key password for <a>"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
355 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
356 |
// params only read on demand |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
357 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
358 |
// keyPbeIterationCount is used by -genkeypair |
59104 | 359 |
keytool("-keystore ksgenbadkeyic -genkeypair -keyalg DSA " |
360 |
+ "-alias a -dname CN=A " |
|
52996
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
361 |
+ "-storepass changeit " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
362 |
+ "-J-Dkeystore.pkcs12.keyPbeIterationCount=abc") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
363 |
.shouldContain("keyPbeIterationCount is not a number: abc") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
364 |
.shouldHaveExitValue(1); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
365 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
366 |
keytool("-keystore ksnopassnew -exportcert -alias a -file a.cert"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
367 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
368 |
// but not used by -importcert |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
369 |
keytool("-keystore ksimpbadkeyic -importcert -alias a -file a.cert " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
370 |
+ "-noprompt -storepass changeit " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
371 |
+ "-J-Dkeystore.pkcs12.keyPbeIterationCount=abc") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
372 |
.shouldHaveExitValue(0); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
373 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
374 |
// None is used by -list |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
375 |
keytool("-keystore ksnormal -storepass changeit -list " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
376 |
+ "-J-Dkeystore.pkcs12.keyPbeIterationCount=abc " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
377 |
+ "-J-Dkeystore.pkcs12.certPbeIterationCount=abc " |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
378 |
+ "-J-Dkeystore.pkcs12.macIterationCount=abc") |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
379 |
.shouldHaveExitValue(0); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
380 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
381 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
382 |
/** |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
383 |
* Check keystore loading and key/cert reading. |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
384 |
* |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
385 |
* @param keystore the file name of keystore |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
386 |
* @param alias the key/cert to read |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
387 |
* @param storePass store pass to try out, can be null |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
388 |
* @param keypass key pass to try, can not be null |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
389 |
* @param expectedLoad expected result of keystore loading, true if non |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
390 |
* null, false if null, exception class if exception |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
391 |
* @param expectedCert expected result of cert reading |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
392 |
* @param expectedKey expected result of key reading |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
393 |
*/ |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
394 |
private static void check( |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
395 |
String keystore, |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
396 |
String alias, |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
397 |
String storePass, |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
398 |
String keypass, |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
399 |
Object expectedLoad, |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
400 |
Object expectedCert, |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
401 |
Object expectedKey) { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
402 |
KeyStore ks = null; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
403 |
Object actualLoad, actualCert, actualKey; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
404 |
String label = keystore + "-" + alias + "-" + storePass + "-" + keypass; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
405 |
try { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
406 |
ks = KeyStore.getInstance(new File(keystore), |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
407 |
storePass == null ? null : storePass.toCharArray()); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
408 |
actualLoad = ks != null; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
409 |
} catch (Exception e) { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
410 |
e.printStackTrace(System.out); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
411 |
actualLoad = e.getClass(); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
412 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
413 |
Asserts.assertEQ(expectedLoad, actualLoad, label + "-load"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
414 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
415 |
// If not loaded correctly, skip cert/key reading |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
416 |
if (!Objects.equals(actualLoad, true)) { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
417 |
return; |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
418 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
419 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
420 |
try { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
421 |
actualCert = (ks.getCertificate(alias) != null); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
422 |
} catch (Exception e) { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
423 |
e.printStackTrace(System.out); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
424 |
actualCert = e.getClass(); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
425 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
426 |
Asserts.assertEQ(expectedCert, actualCert, label + "-cert"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
427 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
428 |
try { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
429 |
actualKey = (ks.getKey(alias, keypass.toCharArray()) != null); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
430 |
} catch (Exception e) { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
431 |
e.printStackTrace(System.out); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
432 |
actualKey = e.getClass(); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
433 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
434 |
Asserts.assertEQ(expectedKey, actualKey, label + "-key"); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
435 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
436 |
|
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
437 |
static OutputAnalyzer keytool(String s) throws Throwable { |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
438 |
return SecurityTools.keytool(s); |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
439 |
} |
2457d862a646
8076190: Customizing the generation of a PKCS12 keystore
weijun
parents:
diff
changeset
|
440 |
} |