| author | weijun |
| Fri, 15 Nov 2019 09:06:58 +0800 | |
| changeset 59104 | 046e4024e55a |
| parent 47216 | 71c04702a3d5 |
| permissions | -rw-r--r-- |
|
39046
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
1 |
/* |
| 59104 | 2 |
* Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. |
|
39046
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
4 |
* |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
8 |
* |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
13 |
* accompanied this code). |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
14 |
* |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
15 |
* You should have received a copy of the GNU General Public License version |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
18 |
* |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
20 |
* or visit www.oracle.com if you need additional information or have any |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
21 |
* questions. |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
22 |
*/ |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
23 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
24 |
/* |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
25 |
* @test |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
26 |
* @bug 6968542 |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
27 |
* @summary keytool -importcert cannot deal with duplicate certs |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
28 |
* @modules java.base/sun.security.tools.keytool |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
29 |
* @compile -XDignore.symbol.file DupImport.java |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
30 |
* @run main DupImport pkcs12 |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
31 |
* @run main DupImport jks |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
32 |
*/ |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
33 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
34 |
import java.io.File; |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
35 |
import java.nio.file.Files; |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
36 |
import java.nio.file.Paths; |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
37 |
import java.security.KeyStore; |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
38 |
import java.security.cert.Certificate; |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
39 |
import java.security.cert.X509Certificate; |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
40 |
import java.util.ArrayList; |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
41 |
import java.util.Arrays; |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
42 |
import java.util.List; |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
43 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
44 |
public class DupImport {
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
45 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
46 |
static String storeType = null; |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
47 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
48 |
public static void main(String[] args) throws Exception {
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
49 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
50 |
storeType = args[0]; |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
51 |
Files.deleteIfExists(Paths.get("dup.ks"));
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
52 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
53 |
// Create chain: root -> int -> me |
| 59104 | 54 |
run("-genkeypair -keyalg DSA -alias me -dname CN=Me");
|
55 |
run("-genkeypair -keyalg DSA -alias int -dname CN=Int");
|
|
56 |
run("-genkeypair -keyalg DSA -alias root -dname CN=Root");
|
|
|
39046
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
57 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
58 |
run("-certreq -alias int -file int.req");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
59 |
run("-gencert -infile int.req -alias root -rfc -outfile int.resp");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
60 |
run("-importcert -file int.resp -alias int");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
61 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
62 |
run("-certreq -alias me -file me.req");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
63 |
run("-gencert -infile me.req -alias int -rfc -outfile me.resp");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
64 |
run("-importcert -file me.resp -alias me");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
65 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
66 |
// Export certs |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
67 |
run("-exportcert -alias me -file me -rfc");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
68 |
run("-exportcert -alias int -file int -rfc");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
69 |
run("-exportcert -alias root -file root -rfc");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
70 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
71 |
// test 1: just the 3 certs |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
72 |
test("me", "int", "root");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
73 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
74 |
// test 2: 3 chains (without root) concatenated |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
75 |
test("me", "int", "int", "root");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
76 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
77 |
// test 3: 3 full chains concatenated |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
78 |
test("me", "int", "root", "int", "root", "root");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
79 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
80 |
// test 4: a mess |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
81 |
test("root", "me", "int", "int", "me", "me", "root", "int");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
82 |
} |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
83 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
84 |
// Run keytool command with common options |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
85 |
static void run(String s) throws Exception {
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
86 |
sun.security.tools.keytool.Main.main(( |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
87 |
"-keystore dup.ks -storepass changeit -keypass changeit " |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
88 |
+ "-storetype " + storeType + " -debug " |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
89 |
+ s).split(" "));
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
90 |
} |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
91 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
92 |
// Test "cat files... | keytool -import" |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
93 |
static void test(String... files) throws Exception {
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
94 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
95 |
System.out.println("Testing " + Arrays.toString(files));
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
96 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
97 |
List<String> all = new ArrayList<>(); |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
98 |
for (String file : files) {
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
99 |
all.addAll(Files.readAllLines(Paths.get(file))); |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
100 |
} |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
101 |
Files.write(Paths.get("reply"), all);
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
102 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
103 |
run("-importcert -file reply -alias me");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
104 |
KeyStore ks = KeyStore.getInstance( |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
105 |
new File("dup.ks"), "changeit".toCharArray());
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
106 |
Certificate[] chain = ks.getCertificateChain("me");
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
107 |
if (chain.length != 3) {
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
108 |
throw new Exception("Length is " + chain.length);
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
109 |
} |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
110 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
111 |
checkName(chain[0], "CN=Me"); |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
112 |
checkName(chain[1], "CN=Int"); |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
113 |
checkName(chain[2], "CN=Root"); |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
114 |
} |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
115 |
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
116 |
// Check if c's dname is expected |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
117 |
static void checkName(Certificate c, String expected) throws Exception {
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
118 |
X509Certificate x = (X509Certificate)c; |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
119 |
String name = x.getSubjectX500Principal().toString(); |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
120 |
if (!expected.equals(name)) {
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
121 |
throw new Exception("Expected " + expected + ", but " + name);
|
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
122 |
} |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
123 |
} |
|
db1dddd32a8f
6968542: keytool -importcert cannot deal with duplicate certs
weijun
parents:
diff
changeset
|
124 |
} |