195 try { |
195 try { |
196 // Workaround for "8057810: Make SHA256withDSA the default |
196 // Workaround for "8057810: Make SHA256withDSA the default |
197 // jarsigner and keytool algorithm for DSA keys". Unfortunately |
197 // jarsigner and keytool algorithm for DSA keys". Unfortunately |
198 // SunPKCS11-NSS does not support SHA256withDSA yet. |
198 // SunPKCS11-NSS does not support SHA256withDSA yet. |
199 if (cmd.contains("p11-nss.txt") && cmd.contains("-genkey") |
199 if (cmd.contains("p11-nss.txt") && cmd.contains("-genkey") |
200 && !cmd.contains("-keyalg")) { |
200 && cmd.contains("DSA")) { |
201 cmd += " -sigalg SHA1withDSA -keysize 1024"; |
201 cmd += " -sigalg SHA1withDSA -keysize 1024"; |
202 } |
202 } |
203 test(input, cmd); |
203 test(input, cmd); |
204 } catch(Exception e) { |
204 } catch(Exception e) { |
205 afterFail(input, cmd, "OK"); |
205 afterFail(input, cmd, "OK"); |
350 |
350 |
351 // name changes: genkeypair, importcert, exportcert |
351 // name changes: genkeypair, importcert, exportcert |
352 remove("x.jks"); |
352 remove("x.jks"); |
353 remove("x.jks.p1.cert"); |
353 remove("x.jks.p1.cert"); |
354 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
354 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
355 "-keypass changeit -genkeypair -alias p1 -dname CN=olala"); |
355 "-keypass changeit -genkeypair -keyalg DSA -alias p1 -dname CN=olala"); |
356 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
356 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
357 "-exportcert -alias p1 -file x.jks.p1.cert"); |
357 "-exportcert -alias p1 -file x.jks.p1.cert"); |
358 ks = loadStore("x.jks", "changeit", "JKS"); |
358 ks = loadStore("x.jks", "changeit", "JKS"); |
359 assertTrue(ks.getKey("p1", "changeit".toCharArray()) != null, |
359 assertTrue(ks.getKey("p1", "changeit".toCharArray()) != null, |
360 "key not DSA"); |
360 "key not DSA"); |
375 X509CertImpl certImpl = new X509CertImpl(encoded); |
375 X509CertImpl certImpl = new X509CertImpl(encoded); |
376 assertTrue(certImpl.getVersion() == 3, "Version is not 3"); |
376 assertTrue(certImpl.getVersion() == 3, "Version is not 3"); |
377 |
377 |
378 // changealias and keyclone |
378 // changealias and keyclone |
379 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
379 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
380 "-keypass changeit -genkeypair -alias p1 -dname CN=olala"); |
380 "-keypass changeit -genkeypair -keyalg DSA -alias p1 -dname CN=olala"); |
381 testOK("changeit\n", "-keystore x.jks -storetype JKS " + |
381 testOK("changeit\n", "-keystore x.jks -storetype JKS " + |
382 "-changealias -alias p1 -destalias p11"); |
382 "-changealias -alias p1 -destalias p11"); |
383 testOK("changeit\n", "-keystore x.jks -storetype JKS " + |
383 testOK("changeit\n", "-keystore x.jks -storetype JKS " + |
384 "-changealias -alias c1 -destalias c11"); |
384 "-changealias -alias c1 -destalias c11"); |
385 // press ENTER when prompt for p111's keypass |
385 // press ENTER when prompt for p111's keypass |
394 |
394 |
395 // genSecKey |
395 // genSecKey |
396 remove("x.jceks"); |
396 remove("x.jceks"); |
397 // DES, no need keysize |
397 // DES, no need keysize |
398 testOK("changeit\nchangeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
398 testOK("changeit\nchangeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
399 "-genseckey -alias s1"); |
399 "-genseckey -keyalg DES -alias s1"); |
400 // DES, keysize cannot be 128 |
400 // DES, keysize cannot be 128 |
401 testFail("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
401 testFail("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
402 "-genseckey -alias s11 -keysize 128"); |
402 "-genseckey -keyalg DES -alias s11 -keysize 128"); |
403 // DESede. no need keysize |
403 // DESede. no need keysize |
404 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
404 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
405 "-genseckey -keyalg DESede -alias s2"); |
405 "-genseckey -keyalg DESede -alias s2"); |
406 // AES, need keysize |
406 // AES, need keysize |
407 testFail("changeit\n\n", "-keystore x.jceks -storetype AES " + |
407 testFail("changeit\n\n", "-keystore x.jceks -storetype AES " + |
409 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
409 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
410 "-genseckey -keyalg AES -alias s3 -keysize 128"); |
410 "-genseckey -keyalg AES -alias s3 -keysize 128"); |
411 // about keypass |
411 // about keypass |
412 // can accept storepass |
412 // can accept storepass |
413 testOK("\n", "-keystore x.jceks -storetype JCEKS -storepass changeit " + |
413 testOK("\n", "-keystore x.jceks -storetype JCEKS -storepass changeit " + |
414 "-genseckey -alias s4"); |
414 "-genseckey -keyalg DES -alias s4"); |
415 // or a new one |
415 // or a new one |
416 testOK("keypass\nkeypass\n", "-keystore x.jceks -storetype JCEKS " + |
416 testOK("keypass\nkeypass\n", "-keystore x.jceks -storetype JCEKS " + |
417 "-storepass changeit -genseckey -alias s5"); |
417 "-storepass changeit -genseckey -keyalg DES -alias s5"); |
418 // keypass must be valid (prompt 3 times) |
418 // keypass must be valid (prompt 3 times) |
419 testOK("bad\n\bad\nkeypass\nkeypass\n", "-keystore x.jceks " + |
419 testOK("bad\n\bad\nkeypass\nkeypass\n", "-keystore x.jceks " + |
420 "-storetype JCEKS -storepass changeit -genseckey -alias s6"); |
420 "-storetype JCEKS -storepass changeit -genseckey " + |
|
421 "-keyalg DES -alias s6"); |
421 // keypass must be valid (prompt 3 times) |
422 // keypass must be valid (prompt 3 times) |
422 testFail("bad\n\bad\nbad\n", "-keystore x.jceks -storetype JCEKS " + |
423 testFail("bad\n\bad\nbad\n", "-keystore x.jceks -storetype JCEKS " + |
423 "-storepass changeit -genseckey -alias s7"); |
424 "-storepass changeit -genseckey -keyalg DES -alias s7"); |
424 // keypass must be valid (prompt 3 times) |
425 // keypass must be valid (prompt 3 times) |
425 testFail("bad\n\bad\nbad\nkeypass\n", "-keystore x.jceks " + |
426 testFail("bad\n\bad\nbad\nkeypass\n", "-keystore x.jceks " + |
426 "-storetype JCEKS -storepass changeit -genseckey -alias s7"); |
427 "-storetype JCEKS -storepass changeit -genseckey -keyalg DES -alias s7"); |
427 ks = loadStore("x.jceks", "changeit", "JCEKS"); |
428 ks = loadStore("x.jceks", "changeit", "JCEKS"); |
428 assertTrue(ks.getKey("s1", "changeit".toCharArray()) |
429 assertTrue(ks.getKey("s1", "changeit".toCharArray()) |
429 .getAlgorithm().equalsIgnoreCase("DES"), "s1 is DES"); |
430 .getAlgorithm().equalsIgnoreCase("DES"), "s1 is DES"); |
430 assertTrue(ks.getKey("s1", "changeit".toCharArray()) |
431 assertTrue(ks.getKey("s1", "changeit".toCharArray()) |
431 .getEncoded().length == 8, "DES is 56"); |
432 .getEncoded().length == 8, "DES is 56"); |
450 // importKeyStore |
451 // importKeyStore |
451 remove("x.jks"); |
452 remove("x.jks"); |
452 remove("x.jceks"); |
453 remove("x.jceks"); |
453 // create 2 entries... |
454 // create 2 entries... |
454 testOK("changeit\nchangeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
455 testOK("changeit\nchangeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
455 "-genkeypair -alias p1 -dname CN=Olala"); |
456 "-genkeypair -keyalg DSA -alias p1 -dname CN=Olala"); |
456 testOK("", "-keystore x.jceks -storetype JCEKS -storepass changeit " + |
457 testOK("", "-keystore x.jceks -storetype JCEKS -storepass changeit " + |
457 "-importcert -alias c1 -file x.jks.p1.cert -noprompt"); |
458 "-importcert -alias c1 -file x.jks.p1.cert -noprompt"); |
458 ks = loadStore("x.jceks", "changeit", "JCEKS"); |
459 ks = loadStore("x.jceks", "changeit", "JCEKS"); |
459 assertTrue(ks.size() == 2, "2 entries in JCEKS"); |
460 assertTrue(ks.size() == 2, "2 entries in JCEKS"); |
460 // import, shouldn't mention destalias/srckeypass/destkeypass |
461 // import, shouldn't mention destalias/srckeypass/destkeypass |
530 |
531 |
531 // importkeystore single, different keypass |
532 // importkeystore single, different keypass |
532 remove("x.jks"); |
533 remove("x.jks"); |
533 // generate entry with different keypass |
534 // generate entry with different keypass |
534 testOK("changeit\nkeypass\nkeypass\n", "-keystore x.jceks " + |
535 testOK("changeit\nkeypass\nkeypass\n", "-keystore x.jceks " + |
535 "-storetype JCEKS -genkeypair -alias p2 -dname CN=Olala"); |
536 "-storetype JCEKS -genkeypair -keyalg DSA -alias p2 -dname CN=Olala"); |
536 // prompt |
537 // prompt |
537 testOK("changeit\nchangeit\nchangeit\nkeypass\n", "-importkeystore " + |
538 testOK("changeit\nchangeit\nchangeit\nkeypass\n", "-importkeystore " + |
538 "-srckeystore x.jceks -srcstoretype JCEKS " + |
539 "-srckeystore x.jceks -srcstoretype JCEKS " + |
539 "-destkeystore x.jks -deststoretype JKS -srcalias p2"); |
540 "-destkeystore x.jks -deststoretype JKS -srcalias p2"); |
540 ks = loadStore("x.jks", "changeit", "JKS"); |
541 ks = loadStore("x.jks", "changeit", "JKS"); |
579 |
580 |
580 // importkeystore, secretkey |
581 // importkeystore, secretkey |
581 remove("x.jks"); |
582 remove("x.jks"); |
582 // create SecretKeyEntry |
583 // create SecretKeyEntry |
583 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
584 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
584 "-genseckey -alias s1"); |
585 "-genseckey -keyalg DES -alias s1"); |
585 // create SecretKeyEntry |
586 // create SecretKeyEntry |
586 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
587 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
587 "-genseckey -alias s2"); |
588 "-genseckey -keyalg DES -alias s2"); |
588 // remove the keypass!=storepass one |
589 // remove the keypass!=storepass one |
589 testOK("changeit\n", "-keystore x.jceks -storetype JCEKS " + |
590 testOK("changeit\n", "-keystore x.jceks -storetype JCEKS " + |
590 "-delete -alias p2"); |
591 "-delete -alias p2"); |
591 ks = loadStore("x.jceks", "changeit", "JCEKS"); |
592 ks = loadStore("x.jceks", "changeit", "JCEKS"); |
592 // p1, c1, s1, s2 |
593 // p1, c1, s1, s2 |
627 testFail("changeit\nchangeit\n", "-keystore x.jks -storetype JKS " + |
628 testFail("changeit\nchangeit\n", "-keystore x.jks -storetype JKS " + |
628 "-genkeypair -alias p1 -dname CN=olala"); |
629 "-genkeypair -alias p1 -dname CN=olala"); |
629 remove("x.jks"); |
630 remove("x.jks"); |
630 // just type ENTER means keypass=storepass |
631 // just type ENTER means keypass=storepass |
631 testOK("changeit\nchangeit\n\n", "-keystore x.jks -storetype JKS " + |
632 testOK("changeit\nchangeit\n\n", "-keystore x.jks -storetype JKS " + |
632 "-genkeypair -alias p1 -dname CN=olala"); |
633 "-genkeypair -keyalg DSA -alias p1 -dname CN=olala"); |
633 remove("x.p12"); |
634 remove("x.p12"); |
634 // PKCS12 only need storepass |
635 // PKCS12 only need storepass |
635 testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit " + |
636 testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit " + |
636 "-genkeypair -alias p0 -dname CN=olala"); |
637 "-genkeypair -keyalg DSA -alias p0 -dname CN=olala"); |
637 testOK("changeit\n", "-keystore x.p12 -storetype PKCS12 " + |
638 testOK("changeit\n", "-keystore x.p12 -storetype PKCS12 " + |
638 "-genkeypair -alias p1 -dname CN=olala"); |
639 "-genkeypair -keyalg DSA -alias p1 -dname CN=olala"); |
639 // when specify keypass, make sure keypass==storepass... |
640 // when specify keypass, make sure keypass==storepass... |
640 testOK("changeit\n", "-keystore x.p12 -keypass changeit " + |
641 testOK("changeit\n", "-keystore x.p12 -keypass changeit " + |
641 "-storetype PKCS12 -genkeypair -keyalg DSA -alias p3 -dname CN=olala"); |
642 "-storetype PKCS12 -genkeypair -keyalg DSA -alias p3 -dname CN=olala"); |
642 assertTrue(err.indexOf("Warning") == -1, |
643 assertTrue(err.indexOf("Warning") == -1, |
643 "PKCS12 silent when keypass == storepass"); |
644 "PKCS12 silent when keypass == storepass"); |
656 |
657 |
657 // pkcs12 |
658 // pkcs12 |
658 remove("x.p12"); |
659 remove("x.p12"); |
659 // PKCS12 only need storepass |
660 // PKCS12 only need storepass |
660 testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit " + |
661 testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit " + |
661 "-genkeypair -alias p0 -dname CN=olala"); |
662 "-genkeypair -keyalg DSA -alias p0 -dname CN=olala"); |
662 testOK("", "-storepass changeit -keystore x.p12 -storetype PKCS12 " + |
663 testOK("", "-storepass changeit -keystore x.p12 -storetype PKCS12 " + |
663 "-genkeypair -alias p1 -dname CN=olala"); |
664 "-genkeypair -keyalg DSA -alias p1 -dname CN=olala"); |
664 // when specify keypass, make sure keypass==storepass... |
665 // when specify keypass, make sure keypass==storepass... |
665 testOK("", "-storepass changeit -keystore x.p12 -keypass changeit " + |
666 testOK("", "-storepass changeit -keystore x.p12 -keypass changeit " + |
666 "-storetype PKCS12 -genkeypair -keyalg DSA -alias p3 -dname CN=olala"); |
667 "-storetype PKCS12 -genkeypair -keyalg DSA -alias p3 -dname CN=olala"); |
667 assertTrue(err.indexOf("Warning") == -1, |
668 assertTrue(err.indexOf("Warning") == -1, |
668 "PKCS12 silent when keypass == storepass"); |
669 "PKCS12 silent when keypass == storepass"); |
694 assertTrue(out.indexOf("Your keystore contains 0 entries") != -1, |
695 assertTrue(out.indexOf("Your keystore contains 0 entries") != -1, |
695 "*** MAKE SURE YOU HAVE NO ENTRIES IN YOUR PKCS11 KEYSTORE " + |
696 "*** MAKE SURE YOU HAVE NO ENTRIES IN YOUR PKCS11 KEYSTORE " + |
696 "BEFORE THIS TEST ***"); |
697 "BEFORE THIS TEST ***"); |
697 |
698 |
698 testOK("", p11Arg + |
699 testOK("", p11Arg + |
699 "-storepass test12 -genkeypair -alias p1 -dname CN=olala"); |
700 "-storepass test12 -genkeypair -keyalg DSA -alias p1 -dname CN=olala"); |
700 testOK("test12\n", p11Arg + "-genkeypair -alias p2 -dname CN=olala2"); |
701 testOK("test12\n", p11Arg + "-genkeypair -keyalg DSA -alias p2 -dname CN=olala2"); |
701 // cannot provide keypass for PKCS11 |
702 // cannot provide keypass for PKCS11 |
702 testFail("test12\n", p11Arg + |
703 testFail("test12\n", p11Arg + |
703 "-keypass test12 -genkeypair -alias p3 -dname CN=olala3"); |
704 "-keypass test12 -genkeypair -keyalg DSA -alias p3 -dname CN=olala3"); |
704 // cannot provide keypass for PKCS11 |
705 // cannot provide keypass for PKCS11 |
705 testFail("test12\n", p11Arg + |
706 testFail("test12\n", p11Arg + |
706 "-keypass nonsense -genkeypair -alias p3 -dname CN=olala3"); |
707 "-keypass nonsense -genkeypair -keyalg DSA -alias p3 -dname CN=olala3"); |
707 |
708 |
708 testOK("", p11Arg + "-storepass test12 -list"); |
709 testOK("", p11Arg + "-storepass test12 -list"); |
709 assertTrue(out.indexOf("Your keystore contains 2 entries") != -1, |
710 assertTrue(out.indexOf("Your keystore contains 2 entries") != -1, |
710 "2 entries in p11"); |
711 "2 entries in p11"); |
711 |
712 |
807 // Import: cacert, prompt, trusted, non-trusted, bad chain, not match |
808 // Import: cacert, prompt, trusted, non-trusted, bad chain, not match |
808 void sqeImportTest() throws Exception { |
809 void sqeImportTest() throws Exception { |
809 KeyStore ks; |
810 KeyStore ks; |
810 remove("x.jks"); |
811 remove("x.jks"); |
811 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
812 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
812 "-keypass changeit -genkeypair -dname CN=olala"); |
813 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); |
813 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
814 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
814 "-exportcert -file x.jks.p1.cert"); |
815 "-exportcert -file x.jks.p1.cert"); |
815 /* deleted */ testOK("", "-keystore x.jks -storetype JKS " + |
816 /* deleted */ testOK("", "-keystore x.jks -storetype JKS " + |
816 "-storepass changeit -delete -alias mykey"); |
817 "-storepass changeit -delete -alias mykey"); |
817 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
818 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
840 } |
841 } |
841 // keyclone: exist. nonexist err, cert err, dest exist, misc |
842 // keyclone: exist. nonexist err, cert err, dest exist, misc |
842 void sqeKeyclonetest() throws Exception { |
843 void sqeKeyclonetest() throws Exception { |
843 remove("x.jks"); |
844 remove("x.jks"); |
844 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
845 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
845 "-keypass changeit -genkeypair -dname CN=olala"); |
846 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); |
846 // new pass |
847 // new pass |
847 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
848 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
848 "-keypass changeit -new newpass -keyclone -dest p0"); |
849 "-keypass changeit -new newpass -keyclone -dest p0"); |
849 // new pass |
850 // new pass |
850 testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit " + |
851 testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit " + |
869 } |
870 } |
870 // keypasswd: exist, short, nonexist err, cert err, misc |
871 // keypasswd: exist, short, nonexist err, cert err, misc |
871 void sqeKeypasswdTest() throws Exception { |
872 void sqeKeypasswdTest() throws Exception { |
872 remove("x.jks"); |
873 remove("x.jks"); |
873 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
874 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
874 "-keypass changeit -genkeypair -dname CN=olala"); |
875 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); |
875 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
876 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
876 "-keypass changeit -keypasswd -new newpass"); |
877 "-keypass changeit -keypasswd -new newpass"); |
877 /*change back*/ testOK("", "-keystore x.jks -storetype JKS " + |
878 /*change back*/ testOK("", "-keystore x.jks -storetype JKS " + |
878 "-storepass changeit -keypass newpass -keypasswd -new changeit"); |
879 "-storepass changeit -keypass newpass -keypasswd -new changeit"); |
879 testOK("newpass\nnewpass\n", "-keystore x.jks -storetype JKS " + |
880 testOK("newpass\nnewpass\n", "-keystore x.jks -storetype JKS " + |
907 "-keypass changeit -keypasswd -new newpass"); |
908 "-keypass changeit -keypasswd -new newpass"); |
908 // diff pass |
909 // diff pass |
909 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
910 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
910 "-delete -alias mykey"); |
911 "-delete -alias mykey"); |
911 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
912 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
912 "-keypass keypass -genkeypair -dname CN=olala"); |
913 "-keypass keypass -genkeypair -keyalg DSA -dname CN=olala"); |
913 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
914 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
914 "-keypasswd -new newpass"); |
915 "-keypasswd -new newpass"); |
915 testOK("keypass\n", "-keystore x.jks -storetype JKS " + |
916 testOK("keypass\n", "-keystore x.jks -storetype JKS " + |
916 "-storepass changeit -keypasswd -new newpass"); |
917 "-storepass changeit -keypasswd -new newpass"); |
917 // i hate those misc test |
918 // i hate those misc test |
920 // list: -f -alias, exist, nonexist err; |
921 // list: -f -alias, exist, nonexist err; |
921 // otherwise, check all shows, -rfc shows more, and misc |
922 // otherwise, check all shows, -rfc shows more, and misc |
922 void sqeListTest() throws Exception { |
923 void sqeListTest() throws Exception { |
923 remove("x.jks"); |
924 remove("x.jks"); |
924 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
925 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
925 "-keypass changeit -genkeypair -dname CN=olala"); |
926 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); |
926 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -list"); |
927 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -list"); |
927 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
928 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
928 "-list -alias mykey"); |
929 "-list -alias mykey"); |
929 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
930 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
930 "-list -alias notexist"); |
931 "-list -alias notexist"); |
946 } |
947 } |
947 // selfcert: exist, non-exist err, cert err, sig, dname, wrong keypass, misc |
948 // selfcert: exist, non-exist err, cert err, sig, dname, wrong keypass, misc |
948 void sqeSelfCertTest() throws Exception { |
949 void sqeSelfCertTest() throws Exception { |
949 remove("x.jks"); |
950 remove("x.jks"); |
950 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
951 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
951 "-keypass changeit -genkeypair -dname CN=olala"); |
952 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); |
952 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert"); |
953 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert"); |
953 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
954 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
954 "-keypass changeit -selfcert"); |
955 "-keypass changeit -selfcert"); |
955 // not exist |
956 // not exist |
956 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
957 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
972 testFail("", "-keystore aa//dd\\gg -storepass changeit " + |
973 testFail("", "-keystore aa//dd\\gg -storepass changeit " + |
973 "-keypass changeit -selfcert"); |
974 "-keypass changeit -selfcert"); |
974 // diff pass |
975 // diff pass |
975 remove("x.jks"); |
976 remove("x.jks"); |
976 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
977 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
977 "-keypass keypass -genkeypair -dname CN=olala"); |
978 "-keypass keypass -genkeypair -keyalg DSA -dname CN=olala"); |
978 testFail("", "-keystore x.jks -storetype JKS " + |
979 testFail("", "-keystore x.jks -storetype JKS " + |
979 "-storepass changeit -selfcert"); |
980 "-storepass changeit -selfcert"); |
980 testOK("keypass\n", "-keystore x.jks -storetype JKS " + |
981 testOK("keypass\n", "-keystore x.jks -storetype JKS " + |
981 "-storepass changeit -selfcert"); |
982 "-storepass changeit -selfcert"); |
982 |
983 |
993 } |
994 } |
994 // storepass: bad old, short new, misc |
995 // storepass: bad old, short new, misc |
995 void sqeStorepassTest() throws Exception { |
996 void sqeStorepassTest() throws Exception { |
996 remove("x.jks"); |
997 remove("x.jks"); |
997 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
998 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
998 "-keypass changeit -genkeypair -dname CN=olala"); |
999 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); |
999 // all in arg |
1000 // all in arg |
1000 testOK("", "-storepasswd -keystore x.jks -storetype JKS " + |
1001 testOK("", "-storepasswd -keystore x.jks -storetype JKS " + |
1001 "-storepass changeit -new newstore"); |
1002 "-storepass changeit -new newstore"); |
1002 /* Change back */ testOK("", "-storepasswd -keystore x.jks" + |
1003 /* Change back */ testOK("", "-storepasswd -keystore x.jks" + |
1003 " -storetype JKS -storepass newstore -new changeit"); |
1004 " -storetype JKS -storepass newstore -new changeit"); |
1042 |
1043 |
1043 void sqeGenkeyTest() throws Exception { |
1044 void sqeGenkeyTest() throws Exception { |
1044 |
1045 |
1045 remove("x.jks"); |
1046 remove("x.jks"); |
1046 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1047 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1047 "-keypass changeit -genkeypair -dname CN=olala"); |
1048 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); |
1048 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1049 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1049 "-keypass changeit -genkeypair -dname CN=olala"); |
1050 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); |
1050 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1051 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1051 "-keypass changeit -genkeypair -dname CN=olala -alias newentry"); |
1052 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -alias newentry"); |
1052 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1053 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1053 "-keypass changeit -genkeypair -dname CN=olala -alias newentry"); |
1054 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -alias newentry"); |
1054 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1055 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1055 "-keypass changeit -genkeypair -dname CN=olala -keyalg DSA " + |
1056 "-keypass changeit -genkeypair -dname CN=olala -keyalg DSA " + |
1056 "-alias n1"); |
1057 "-alias n1"); |
1057 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1058 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1058 "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + |
1059 "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + |
1059 "-alias n2"); |
1060 "-alias n2"); |
1060 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1061 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1061 "-keypass changeit -genkeypair -dname CN=olala " + |
1062 "-keypass changeit -genkeypair -dname CN=olala " + |
1062 "-keyalg NoSuchAlg -alias n3"); |
1063 "-keyalg NoSuchAlg -alias n3"); |
1063 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1064 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1064 "-keypass changeit -genkeypair -dname CN=olala -keysize 56 " + |
1065 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 56 " + |
1065 "-alias n4"); |
1066 "-alias n4"); |
1066 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1067 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1067 "-keypass changeit -genkeypair -dname CN=olala -keysize 999 " + |
1068 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 999 " + |
1068 "-alias n5"); |
1069 "-alias n5"); |
1069 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1070 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1070 "-keypass changeit -genkeypair -dname CN=olala -keysize 512 " + |
1071 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 512 " + |
1071 "-alias n6"); |
1072 "-alias n6"); |
1072 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1073 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1073 "-keypass changeit -genkeypair -dname CN=olala -keysize 1024 " + |
1074 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 1024 " + |
1074 "-alias n7"); |
1075 "-alias n7"); |
1075 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1076 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1076 "-keypass changeit -genkeypair -dname CN=olala " + |
1077 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala " + |
1077 "-sigalg NoSuchAlg -alias n8"); |
1078 "-sigalg NoSuchAlg -alias n8"); |
1078 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1079 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1079 "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + |
1080 "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + |
1080 "-sigalg MD2withRSA -alias n9"); |
1081 "-sigalg MD2withRSA -alias n9"); |
1081 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1082 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1086 "-sigalg SHA1withRSA -alias n11"); |
1087 "-sigalg SHA1withRSA -alias n11"); |
1087 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit " + |
1088 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit " + |
1088 "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + |
1089 "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + |
1089 "-sigalg NoSuchAlg -alias n12"); |
1090 "-sigalg NoSuchAlg -alias n12"); |
1090 testFail("", "-keystore badkeystore -storepass changeit " + |
1091 testFail("", "-keystore badkeystore -storepass changeit " + |
1091 "-keypass changeit -genkeypair -dname CN=olala " + |
1092 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala " + |
1092 "-alias n14"); |
1093 "-alias n14"); |
1093 testFail("", "-keystore x.jks -storetype JKS -storepass badpass " + |
1094 testFail("", "-keystore x.jks -storetype JKS -storepass badpass " + |
1094 "-keypass changeit -genkeypair -dname CN=olala -alias n16"); |
1095 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -alias n16"); |
1095 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1096 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1096 "-keypass changeit -genkeypair -dname CNN=olala -alias n17"); |
1097 "-keypass changeit -genkeypair -keyalg DSA -dname CNN=olala -alias n17"); |
1097 remove("x.jks"); |
1098 remove("x.jks"); |
1098 } |
1099 } |
1099 |
1100 |
1100 void sqeExportTest() throws Exception { |
1101 void sqeExportTest() throws Exception { |
1101 remove("x.jks"); |
1102 remove("x.jks"); |
1102 // nonexist |
1103 // nonexist |
1103 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1104 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1104 "-export -file mykey.cert -alias mykey"); |
1105 "-export -file mykey.cert -alias mykey"); |
1105 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1106 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1106 "-keypass changeit -genkeypair -dname CN=olala"); |
1107 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); |
1107 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1108 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1108 "-export -file mykey.cert -alias mykey"); |
1109 "-export -file mykey.cert -alias mykey"); |
1109 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1110 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1110 "-delete -alias mykey"); |
1111 "-delete -alias mykey"); |
1111 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1112 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1129 remove("x.jks"); |
1130 remove("x.jks"); |
1130 // nonexist |
1131 // nonexist |
1131 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1132 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1132 "-delete -alias mykey"); |
1133 "-delete -alias mykey"); |
1133 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1134 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1134 "-keypass changeit -genkeypair -dname CN=olala"); |
1135 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); |
1135 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1136 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1136 "-delete -alias mykey"); |
1137 "-delete -alias mykey"); |
1137 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1138 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1138 "-keypass changeit -genkeypair -dname CN=olala"); |
1139 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); |
1139 // keystore name illegal |
1140 // keystore name illegal |
1140 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit " + |
1141 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit " + |
1141 "-delete -alias mykey"); |
1142 "-delete -alias mykey"); |
1142 // keystore not exist |
1143 // keystore not exist |
1143 testFail("", "-keystore nonexistkeystore -storepass changeit " + |
1144 testFail("", "-keystore nonexistkeystore -storepass changeit " + |
1155 remove("x.jks"); |
1156 remove("x.jks"); |
1156 remove("x.jks.p1.cert"); |
1157 remove("x.jks.p1.cert"); |
1157 remove("csr1"); |
1158 remove("csr1"); |
1158 // PrivateKeyEntry can do certreq |
1159 // PrivateKeyEntry can do certreq |
1159 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1160 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1160 "-keypass changeit -genkeypair -dname CN=olala -keysize 1024"); |
1161 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala -keysize 1024"); |
1161 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1162 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1162 "-certreq -file csr1 -alias mykey"); |
1163 "-certreq -file csr1 -alias mykey"); |
1163 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1164 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1164 "-certreq -file csr1"); |
1165 "-certreq -file csr1"); |
1165 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1166 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1219 void sqePrintcertTest() throws Exception { |
1220 void sqePrintcertTest() throws Exception { |
1220 remove("x.jks"); |
1221 remove("x.jks"); |
1221 remove("mykey.cert"); |
1222 remove("mykey.cert"); |
1222 remove("myweakkey.cert"); |
1223 remove("myweakkey.cert"); |
1223 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1224 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1224 "-keypass changeit -genkeypair -dname CN=olala"); |
1225 "-keypass changeit -genkeypair -keyalg DSA -dname CN=olala"); |
1225 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1226 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1226 "-export -file mykey.cert -alias mykey"); |
1227 "-export -file mykey.cert -alias mykey"); |
1227 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1228 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
1228 "-keypass changeit -genkeypair -dname CN=weak -keyalg rsa " + |
1229 "-keypass changeit -genkeypair -dname CN=weak -keyalg rsa " + |
1229 "-keysize 512 -sigalg MD5withRSA -alias myweakkey"); |
1230 "-keysize 512 -sigalg MD5withRSA -alias myweakkey"); |
1676 void i18nTest() throws Exception { |
1677 void i18nTest() throws Exception { |
1677 // 1. keytool -help |
1678 // 1. keytool -help |
1678 remove("x.jks"); |
1679 remove("x.jks"); |
1679 testOK("", "-help"); |
1680 testOK("", "-help"); |
1680 |
1681 |
1681 // 2. keytool -genkey -v -keysize 512 Enter "a" for the keystore |
1682 // 2. keytool -genkey -keyalg DSA -v -keysize 512 Enter "a" for the keystore |
1682 // password. Check error (password too short). Enter "password" for |
1683 // password. Check error (password too short). Enter "password" for |
1683 // the keystore password. Hit 'return' for "first and last name", |
1684 // the keystore password. Hit 'return' for "first and last name", |
1684 // "organizational unit", "City", "State", and "Country Code". |
1685 // "organizational unit", "City", "State", and "Country Code". |
1685 // Type "yes" when they ask you if everything is correct. |
1686 // Type "yes" when they ask you if everything is correct. |
1686 // Type 'return' for new key password. |
1687 // Type 'return' for new key password. |
1687 testOK("a\npassword\npassword\nMe\nHere\nNow\nPlace\nPlace\nUS\nyes\n\n", |
1688 testOK("a\npassword\npassword\nMe\nHere\nNow\nPlace\nPlace\nUS\nyes\n\n", |
1688 "-genkey -v -keysize 512 -keystore x.jks -storetype JKS"); |
1689 "-genkey -keyalg DSA -v -keysize 512 -keystore x.jks -storetype JKS"); |
1689 // 3. keytool -list -v -storepass password |
1690 // 3. keytool -list -v -storepass password |
1690 testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS"); |
1691 testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS"); |
1691 // 4. keytool -list -v Type "a" for the keystore password. |
1692 // 4. keytool -list -v Type "a" for the keystore password. |
1692 // Check error (wrong keystore password). |
1693 // Check error (wrong keystore password). |
1693 testFail("a\n", "-list -v -keystore x.jks -storetype JKS"); |
1694 testFail("a\n", "-list -v -keystore x.jks -storetype JKS"); |
1694 assertTrue(ex.indexOf("password was incorrect") != -1); |
1695 assertTrue(ex.indexOf("password was incorrect") != -1); |
1695 // 5. keytool -genkey -v -keysize 512 Enter "password" as the password. |
1696 // 5. keytool - -keyalg DSA -v -keysize 512 Enter "password" as the password. |
1696 // Check error (alias 'mykey' already exists). |
1697 // Check error (alias 'mykey' already exists). |
1697 testFail("password\n", "-genkey -v -keysize 512" + |
1698 testFail("password\n", "-genkey -keyalg DSA -v -keysize 512" + |
1698 " -keystore x.jks -storetype JKS"); |
1699 " -keystore x.jks -storetype JKS"); |
1699 assertTrue(ex.indexOf("alias <mykey> already exists") != -1); |
1700 assertTrue(ex.indexOf("alias <mykey> already exists") != -1); |
1700 // 6. keytool -genkey -v -keysize 512 -alias mykey2 -storepass password |
1701 // 6. keytool -genkey -keyalg DSA -v -keysize 512 -alias mykey2 -storepass password |
1701 // Hit 'return' for "first and last name", "organizational unit", "City", |
1702 // Hit 'return' for "first and last name", "organizational unit", "City", |
1702 // "State", and "Country Code". Type "yes" when they ask you if |
1703 // "State", and "Country Code". Type "yes" when they ask you if |
1703 // everything is correct. Type 'return' for new key password. |
1704 // everything is correct. Type 'return' for new key password. |
1704 testOK("\n\n\n\n\n\nyes\n\n", "-genkey -v -keysize 512 -alias mykey2" + |
1705 testOK("\n\n\n\n\n\nyes\n\n", "-genkey -keyalg DSA -v -keysize 512 -alias mykey2" + |
1705 " -storepass password -keystore x.jks -storetype JKS"); |
1706 " -storepass password -keystore x.jks -storetype JKS"); |
1706 // 7. keytool -list -v Type 'password' for the store password. |
1707 // 7. keytool -list -v Type 'password' for the store password. |
1707 testOK("password\n", "-list -v -keystore x.jks -storetype JKS"); |
1708 testOK("password\n", "-list -v -keystore x.jks -storetype JKS"); |
1708 // 8. keytool -keypasswd -v -alias mykey2 -storepass password |
1709 // 8. keytool -keypasswd -v -alias mykey2 -storepass password |
1709 // Type "a" for the new key password. Type "aaaaaa" for the new key |
1710 // Type "a" for the new key password. Type "aaaaaa" for the new key |
1808 |
1809 |
1809 // tesing new option -srcProviderName |
1810 // tesing new option -srcProviderName |
1810 void sszzTest() throws Exception { |
1811 void sszzTest() throws Exception { |
1811 testAnyway("", NSS_P11_ARG+"-delete -alias nss -storepass test12"); |
1812 testAnyway("", NSS_P11_ARG+"-delete -alias nss -storepass test12"); |
1812 testAnyway("", NZZ_P11_ARG+"-delete -alias nss -storepass test12"); |
1813 testAnyway("", NZZ_P11_ARG+"-delete -alias nss -storepass test12"); |
1813 testOK("", NSS_P11_ARG+"-genkeypair -dname CN=NSS " + |
1814 testOK("", NSS_P11_ARG+"-genkeypair -keyalg DSA -dname CN=NSS " + |
1814 "-alias nss -storepass test12"); |
1815 "-alias nss -storepass test12"); |
1815 testOK("", NSS_SRC_P11_ARG + NZZ_P11_ARG + |
1816 testOK("", NSS_SRC_P11_ARG + NZZ_P11_ARG + |
1816 "-importkeystore -srcstorepass test12 -deststorepass test12"); |
1817 "-importkeystore -srcstorepass test12 -deststorepass test12"); |
1817 testAnyway("", NSS_P11_ARG+"-delete -alias nss -storepass test12"); |
1818 testAnyway("", NSS_P11_ARG+"-delete -alias nss -storepass test12"); |
1818 testAnyway("", NZZ_P11_ARG+"-delete -alias nss -storepass test12"); |
1819 testAnyway("", NZZ_P11_ARG+"-delete -alias nss -storepass test12"); |