| author | wetmore |
| Fri, 11 May 2018 15:53:12 -0700 | |
| branch | JDK-8145252-TLS13-branch |
| changeset 56542 | 56aaa6cb3693 |
| parent 49571 | 7c82bb507446 |
| permissions | -rw-r--r-- |
|
38380
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
1 |
Keystores used for the JSSE regression test suite. |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
2 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
3 |
keystore |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
4 |
truststore |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
5 |
========== |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
6 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
7 |
These are the primary two keystores and contain entries for testing most |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
8 |
of the JSSE regression test files. There are three entries, one RSA-based, |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
9 |
one DSA-based and one EC-based. If they expire, simply recreate them |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
10 |
using keytool and most of the test cases should work. |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
11 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
12 |
The password on both files is: |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
13 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
14 |
passphrase |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
15 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
16 |
There are no individual key entry passwords at this time. |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
17 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
18 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
19 |
keystore entries |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
20 |
================ |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
21 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
22 |
Alias name: dummy |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
23 |
----------------- |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
24 |
Creation date: May 16, 2016 |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
25 |
Entry type: PrivateKeyEntry |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
26 |
Certificate chain length: 1 |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
27 |
Certificate[1]: |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
28 |
Owner: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
29 |
Issuer: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
30 |
Serial number: 57399b87 |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
31 |
Valid from: Mon May 16 10:06:38 UTC 2016 until: Sat May 16 10:06:38 UTC 2026 |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
32 |
Signature algorithm name: SHA256withRSA |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
33 |
Version: 1 |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
34 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
35 |
This can be generated using hacked (update the keytool source code so that |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
36 |
it can be used for version 1 X.509 certificate) keytool command: |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
37 |
% keytool -genkeypair -alias dummy -keyalg RSA -keysize 2048 \ |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
38 |
-sigalg SHA256withRSA \ |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
39 |
-dname "CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US" \ |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
40 |
-validity 3652 -keypass passphrase -keystore keystore -storepass passphrase |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
41 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
42 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
43 |
Alias name: dummyecdsa |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
44 |
---------------------- |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
45 |
Creation date: May 16, 2016 |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
46 |
Entry type: PrivateKeyEntry |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
47 |
Certificate chain length: 1 |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
48 |
Certificate[1]: |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
49 |
Owner: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
50 |
Issuer: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
51 |
Serial number: 57399c1d |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
52 |
Valid from: Mon May 16 10:09:01 UTC 2016 until: Sat May 16 10:09:01 UTC 2026 |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
53 |
Signature algorithm name: SHA256withECDSA |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
54 |
Version: 1 |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
55 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
56 |
This can be generated using hacked (update the keytool source code so that |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
57 |
it can be used for version 1 X.509 certificate) keytool command: |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
58 |
% keytool -genkeypair -alias dummy -keyalg EC -keysize 256 \ |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
59 |
-sigalg SHA256withECDSA \ |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
60 |
-dname "CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US" \ |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
61 |
-validity 3652 -keypass passphrase -keystore keystore -storepass passphrase |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
62 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
63 |
Alias name: dummydsa |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
64 |
-------------------- |
|
49571
7c82bb507446
8190333: sun/security/ssl/X509KeyManager/PreferredKey.java failed with "Failed to get the preferable key aliases"
amjiang
parents:
47474
diff
changeset
|
65 |
Creation date: Mar 29, 2018 |
|
38380
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
66 |
Entry type: PrivateKeyEntry |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
67 |
Certificate chain length: 1 |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
68 |
Certificate[1]: |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
69 |
Owner: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
70 |
Issuer: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US |
|
49571
7c82bb507446
8190333: sun/security/ssl/X509KeyManager/PreferredKey.java failed with "Failed to get the preferable key aliases"
amjiang
parents:
47474
diff
changeset
|
71 |
Serial number: 324d85f0 |
|
7c82bb507446
8190333: sun/security/ssl/X509KeyManager/PreferredKey.java failed with "Failed to get the preferable key aliases"
amjiang
parents:
47474
diff
changeset
|
72 |
Valid from: Thu Mar 29 16:06:34 PDT 2018 until: Tue Mar 28 16:06:34 PDT 2028 |
|
7c82bb507446
8190333: sun/security/ssl/X509KeyManager/PreferredKey.java failed with "Failed to get the preferable key aliases"
amjiang
parents:
47474
diff
changeset
|
73 |
Signature algorithm name: SHA256withDSA |
|
7c82bb507446
8190333: sun/security/ssl/X509KeyManager/PreferredKey.java failed with "Failed to get the preferable key aliases"
amjiang
parents:
47474
diff
changeset
|
74 |
Version: 3 |
|
38380
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
75 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
76 |
This can be generated using hacked (update the keytool source code so that |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
77 |
it can be used for version 1 X.509 certificate) keytool command: |
|
49571
7c82bb507446
8190333: sun/security/ssl/X509KeyManager/PreferredKey.java failed with "Failed to get the preferable key aliases"
amjiang
parents:
47474
diff
changeset
|
78 |
% keytool -genkeypair -alias dummydsa -keyalg DSA -keysize 1024 \ |
|
7c82bb507446
8190333: sun/security/ssl/X509KeyManager/PreferredKey.java failed with "Failed to get the preferable key aliases"
amjiang
parents:
47474
diff
changeset
|
79 |
-sigalg SHA256withDSA \ |
|
38380
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
80 |
-dname "CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US" \ |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
81 |
-validity 3652 -keypass passphrase -keystore keystore -storepass passphrase |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
82 |
|
| 56542 | 83 |
Alias name: dummyecrsa |
84 |
-------------------- |
|
85 |
Creation date: Apr 13, 2018 |
|
86 |
Entry type: PrivateKeyEntry |
|
87 |
Certificate chain length: 2 |
|
88 |
Certificate[1]: |
|
89 |
Owner: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US |
|
90 |
Issuer: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US |
|
91 |
Serial number: 6f2d1faa |
|
92 |
Valid from: Fri Apr 13 16:20:55 CST 2018 until: Wed Apr 12 16:20:55 CST 2028 |
|
93 |
Version: 3 |
|
94 |
||
95 |
This can be generated by using keytool command: |
|
96 |
% keytool -genkeypair -alias dummyecrsa -keyalg EC -keysize 256 \ |
|
97 |
-keypass passphrase -storepass passphrase -keystore keystore \ |
|
98 |
-dname "CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US" |
|
99 |
% keytool -certreq -alias dummyecrsa -storepass passphrase -keystore keystore \ |
|
100 |
-file ecrsa.csr |
|
101 |
% keytool -gencert -alias dummy -storepass passphrase -keystore keystore \ |
|
102 |
-validity 3652 -infile ecrsa.csr -outfile ecrsa.cer |
|
103 |
% keytool -importcert -alias dummyecrsa -storepass passphrase -keystore keystore \ |
|
104 |
-file ecrsa.cer |
|
105 |
||
|
38380
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
106 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
107 |
truststore entries |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
108 |
================== |
| 56542 | 109 |
This key store contains only trusted certificate entries. The same |
110 |
certificates, except dummyecrsa, are used in both keystore and truststore. |
|
|
38380
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
111 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
112 |
|
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
113 |
unknown_keystore |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
114 |
================ |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
115 |
A keystore you can use when you don't want things to be verified. |
|
24e6bb1a50ac
8157035: Use stronger algorithms and keys for JSSE testing
xuelei
parents:
diff
changeset
|
116 |
Use this with keystore/truststore, and you'll never get a match. |