equal
deleted
inserted
replaced
1 /* |
1 /* |
2 * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. |
7 * published by the Free Software Foundation. |
47 public class PKCS12Passwd { |
47 public class PKCS12Passwd { |
48 |
48 |
49 public static void main(String[] args) throws Exception { |
49 public static void main(String[] args) throws Exception { |
50 |
50 |
51 // A PrivateKeyEntry |
51 // A PrivateKeyEntry |
52 kt("-genkeypair -alias a -dname CN=A") |
52 kt("-genkeypair -alias a -dname CN=A -keyalg DSA") |
53 .shouldHaveExitValue(0); |
53 .shouldHaveExitValue(0); |
54 |
54 |
55 // A TrustedCertificateEntry (genkeypair, export, delete, import) |
55 // A TrustedCertificateEntry (genkeypair, export, delete, import) |
56 kt("-genkeypair -alias b -dname CN=B") |
56 kt("-genkeypair -alias b -dname CN=B -keyalg DSA") |
57 .shouldHaveExitValue(0); |
57 .shouldHaveExitValue(0); |
58 kt("-exportcert -alias b -file b.cert") |
58 kt("-exportcert -alias b -file b.cert") |
59 .shouldHaveExitValue(0); |
59 .shouldHaveExitValue(0); |
60 kt("-delete -alias b") |
60 kt("-delete -alias b") |
61 .shouldHaveExitValue(0); |
61 .shouldHaveExitValue(0); |
88 // Other facts. Not necessarily the correct thing. |
88 // Other facts. Not necessarily the correct thing. |
89 |
89 |
90 // A PKCS12 keystore can be loaded as a JKS, and it follows JKS rules |
90 // A PKCS12 keystore can be loaded as a JKS, and it follows JKS rules |
91 // which means the storepass and keypass can be changed separately! |
91 // which means the storepass and keypass can be changed separately! |
92 |
92 |
93 ktFull("-genkeypair -alias a -dname CN=A -storetype pkcs12 " |
93 ktFull("-genkeypair -alias a -dname CN=A -storetype pkcs12 -keyalg DSA " |
94 + "-storepass changeit -keypass changeit -keystore p12") |
94 + "-storepass changeit -keypass changeit -keystore p12") |
95 .shouldHaveExitValue(0); |
95 .shouldHaveExitValue(0); |
96 |
96 |
97 // Only storepass is changed |
97 // Only storepass is changed |
98 ktFull("-storepasswd -storepass changeit -new newpass " |
98 ktFull("-storepasswd -storepass changeit -new newpass " |
110 |
110 |
111 // Conversely, a JKS keystore can be laoded as a PKCS12, and it follows |
111 // Conversely, a JKS keystore can be laoded as a PKCS12, and it follows |
112 // PKCS12 rules that both passwords are changed at the same time and |
112 // PKCS12 rules that both passwords are changed at the same time and |
113 // some commands are rejected. |
113 // some commands are rejected. |
114 |
114 |
115 ktFull("-genkeypair -alias a -dname CN=A -storetype jks " |
115 ktFull("-genkeypair -alias a -dname CN=A -storetype jks -keyalg DSA " |
116 + "-storepass changeit -keypass changeit -keystore jks") |
116 + "-storepass changeit -keypass changeit -keystore jks") |
117 .shouldHaveExitValue(0); |
117 .shouldHaveExitValue(0); |
118 |
118 |
119 // Both storepass and keypass changed. |
119 // Both storepass and keypass changed. |
120 ktFull("-storepasswd -storepass changeit -new newpass " |
120 ktFull("-storepasswd -storepass changeit -new newpass " |