614 |
614 |
615 // Import: cacert, prompt, trusted, non-trusted, bad chain, not match |
615 // Import: cacert, prompt, trusted, non-trusted, bad chain, not match |
616 void sqeImportTest() throws Exception { |
616 void sqeImportTest() throws Exception { |
617 KeyStore ks; |
617 KeyStore ks; |
618 remove("x.jks"); |
618 remove("x.jks"); |
619 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
619 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
620 testOK("", "-keystore x.jks -storepass changeit -exportcert -file x.jks.p1.cert"); |
620 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert"); |
621 /* deleted */ testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey"); |
621 /* deleted */ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
622 testOK("", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
622 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
623 /* deleted */ testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey"); |
623 /* deleted */ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
624 testOK("yes\n", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert"); |
624 testOK("yes\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert"); |
625 ks = loadStore("x.jks", "changeit", "JKS"); |
625 ks = loadStore("x.jks", "changeit", "JKS"); |
626 assertTrue(ks.containsAlias("mykey"), "imported"); |
626 assertTrue(ks.containsAlias("mykey"), "imported"); |
627 /* deleted */ testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey"); |
627 /* deleted */ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
628 testOK("\n", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert"); |
628 testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert"); |
629 ks = loadStore("x.jks", "changeit", "JKS"); |
629 ks = loadStore("x.jks", "changeit", "JKS"); |
630 assertTrue(!ks.containsAlias("mykey"), "imported"); |
630 assertTrue(!ks.containsAlias("mykey"), "imported"); |
631 testOK("no\n", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert"); |
631 testOK("no\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert"); |
632 ks = loadStore("x.jks", "changeit", "JKS"); |
632 ks = loadStore("x.jks", "changeit", "JKS"); |
633 assertTrue(!ks.containsAlias("mykey"), "imported"); |
633 assertTrue(!ks.containsAlias("mykey"), "imported"); |
634 testFail("no\n", "-keystore x.jks -storepass changeit -importcert -file nonexist"); |
634 testFail("no\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file nonexist"); |
635 testFail("no\n", "-keystore x.jks -storepass changeit -importcert -file x.jks"); |
635 testFail("no\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks"); |
636 remove("x.jks"); |
636 remove("x.jks"); |
637 } |
637 } |
638 // keyclone: exist. nonexist err, cert err, dest exist, misc |
638 // keyclone: exist. nonexist err, cert err, dest exist, misc |
639 void sqeKeyclonetest() throws Exception { |
639 void sqeKeyclonetest() throws Exception { |
640 remove("x.jks"); |
640 remove("x.jks"); |
641 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
641 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
642 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -new newpass -keyclone -dest p0"); // new pass |
642 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -new newpass -keyclone -dest p0"); // new pass |
643 testOK("\n", "-keystore x.jks -storepass changeit -keypass changeit -keyclone -dest p1"); // new pass |
643 testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keyclone -dest p1"); // new pass |
644 testOK("\n", "-keystore x.jks -storepass changeit -keyclone -dest p2"); |
644 testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit -keyclone -dest p2"); |
645 testFail("\n", "-keystore x.jks -storepass changeit -keyclone -dest p2"); |
645 testFail("\n", "-keystore x.jks -storetype JKS -storepass changeit -keyclone -dest p2"); |
646 testFail("\n", "-keystore x.jks -storepass changeit -keyclone -dest p3 -alias noexist"); |
646 testFail("\n", "-keystore x.jks -storetype JKS -storepass changeit -keyclone -dest p3 -alias noexist"); |
647 // no cert |
647 // no cert |
648 testOK("", "-keystore x.jks -storepass changeit -exportcert -file x.jks.p1.cert"); |
648 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert"); |
649 testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey"); |
649 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
650 testOK("", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
650 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
651 testFail("", "-keystore x.jks -storepass changeit -keypass changeit -new newpass -keyclone -dest p0"); // new pass |
651 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -new newpass -keyclone -dest p0"); // new pass |
652 remove("x.jks"); |
652 remove("x.jks"); |
653 } |
653 } |
654 // keypasswd: exist, short, nonexist err, cert err, misc |
654 // keypasswd: exist, short, nonexist err, cert err, misc |
655 void sqeKeypasswdTest() throws Exception { |
655 void sqeKeypasswdTest() throws Exception { |
656 remove("x.jks"); |
656 remove("x.jks"); |
657 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
657 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
658 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -keypasswd -new newpass"); |
658 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keypasswd -new newpass"); |
659 /*change back*/ testOK("", "-keystore x.jks -storepass changeit -keypass newpass -keypasswd -new changeit"); |
659 /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit"); |
660 testOK("newpass\nnewpass\n", "-keystore x.jks -storepass changeit -keypass changeit -keypasswd"); |
660 testOK("newpass\nnewpass\n", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keypasswd"); |
661 /*change back*/ testOK("", "-keystore x.jks -storepass changeit -keypass newpass -keypasswd -new changeit"); |
661 /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit"); |
662 testOK("new\nnew\nnewpass\nnewpass\n", "-keystore x.jks -storepass changeit -keypass changeit -keypasswd"); |
662 testOK("new\nnew\nnewpass\nnewpass\n", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keypasswd"); |
663 /*change back*/ testOK("", "-keystore x.jks -storepass changeit -keypass newpass -keypasswd -new changeit"); |
663 /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit"); |
664 testOK("", "-keystore x.jks -storepass changeit -keypasswd -new newpass"); |
664 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypasswd -new newpass"); |
665 /*change back*/ testOK("", "-keystore x.jks -storepass changeit -keypass newpass -keypasswd -new changeit"); |
665 /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit"); |
666 testOK("changeit\n", "-keystore x.jks -keypasswd -new newpass"); |
666 testOK("changeit\n", "-keystore x.jks -storetype JKS -keypasswd -new newpass"); |
667 /*change back*/ testOK("", "-keystore x.jks -storepass changeit -keypass newpass -keypasswd -new changeit"); |
667 /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit"); |
668 testFail("", "-keystore x.jks -storepass badpass -keypass changeit -keypasswd -new newpass"); |
668 testFail("", "-keystore x.jks -storetype JKS -storepass badpass -keypass changeit -keypasswd -new newpass"); |
669 testFail("", "-keystore x.jks -storepass changeit -keypass bad -keypasswd -new newpass"); |
669 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass bad -keypasswd -new newpass"); |
670 // no cert |
670 // no cert |
671 testOK("", "-keystore x.jks -storepass changeit -exportcert -file x.jks.p1.cert"); |
671 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert"); |
672 testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey"); |
672 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
673 testOK("", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
673 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
674 testFail("", "-keystore x.jks -storepass changeit -keypass changeit -keypasswd -new newpass"); |
674 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keypasswd -new newpass"); |
675 // diff pass |
675 // diff pass |
676 testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey"); |
676 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
677 testOK("", "-keystore x.jks -storepass changeit -keypass keypass -genkeypair -dname CN=olala"); |
677 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass keypass -genkeypair -dname CN=olala"); |
678 testFail("", "-keystore x.jks -storepass changeit -keypasswd -new newpass"); |
678 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypasswd -new newpass"); |
679 testOK("keypass\n", "-keystore x.jks -storepass changeit -keypasswd -new newpass"); |
679 testOK("keypass\n", "-keystore x.jks -storetype JKS -storepass changeit -keypasswd -new newpass"); |
680 // i hate those misc test |
680 // i hate those misc test |
681 remove("x.jks"); |
681 remove("x.jks"); |
682 } |
682 } |
683 // list: -f -alias, exist, nonexist err; otherwise, check all shows, -rfc shows more, and misc |
683 // list: -f -alias, exist, nonexist err; otherwise, check all shows, -rfc shows more, and misc |
684 void sqeListTest() throws Exception { |
684 void sqeListTest() throws Exception { |
685 remove("x.jks"); |
685 remove("x.jks"); |
686 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
686 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
687 testOK("", "-keystore x.jks -storepass changeit -list"); |
687 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -list"); |
688 testOK("", "-keystore x.jks -storepass changeit -list -alias mykey"); |
688 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -list -alias mykey"); |
689 testFail("", "-keystore x.jks -storepass changeit -list -alias notexist"); |
689 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -list -alias notexist"); |
690 testFail("", "-keystore x.jks -storepass badpass -list -alias mykey"); |
690 testFail("", "-keystore x.jks -storetype JKS -storepass badpass -list -alias mykey"); |
691 testOK("", "-keystore x.jks -storepass changeit -keypass badpass -list -alias mykey"); // keypass ignore |
691 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass badpass -list -alias mykey"); // keypass ignore |
692 testOK("\n", "-keystore x.jks -list"); |
692 testOK("\n", "-keystore x.jks -storetype JKS -list"); |
693 assertTrue(err.indexOf("WARNING") != -1, "no storepass"); |
693 assertTrue(err.indexOf("WARNING") != -1, "no storepass"); |
694 testOK("changeit\n", "-keystore x.jks -list"); |
694 testOK("changeit\n", "-keystore x.jks -storetype JKS -list"); |
695 assertTrue(err.indexOf("WARNING") == -1, "has storepass"); |
695 assertTrue(err.indexOf("WARNING") == -1, "has storepass"); |
696 testFail("badpass\n", "-keystore x.jks -list"); |
696 testFail("badpass\n", "-keystore x.jks -storetype JKS -list"); |
697 // misc |
697 // misc |
698 testFail("", "-keystore aa\\bb//cc -storepass changeit -list"); |
698 testFail("", "-keystore aa\\bb//cc -storepass changeit -list"); |
699 testFail("", "-keystore nonexisting -storepass changeit -list"); |
699 testFail("", "-keystore nonexisting -storepass changeit -list"); |
700 testFail("", "-keystore badkeystore -storepass changeit -list"); |
700 testFail("", "-keystore badkeystore -storepass changeit -list"); |
701 remove("x.jks"); |
701 remove("x.jks"); |
702 } |
702 } |
703 // selfcert: exist, non-exist err, cert err, sig..., dname, wrong keypass, misc |
703 // selfcert: exist, non-exist err, cert err, sig..., dname, wrong keypass, misc |
704 void sqeSelfCertTest() throws Exception { |
704 void sqeSelfCertTest() throws Exception { |
705 remove("x.jks"); |
705 remove("x.jks"); |
706 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
706 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
707 testOK("", "-keystore x.jks -storepass changeit -selfcert"); |
707 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert"); |
708 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -selfcert"); |
708 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -selfcert"); |
709 testFail("", "-keystore x.jks -storepass changeit -keypass changeit -selfcert -alias nonexisting"); // not exist |
709 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -selfcert -alias nonexisting"); // not exist |
710 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -selfcert -dname CN=NewName"); |
710 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -selfcert -dname CN=NewName"); |
711 testFail("", "-keystore x.jks -storepass changeit -keypass changeit -selfcert -sigalg MD5withRSA"); // sig not compatible |
711 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -selfcert -sigalg MD5withRSA"); // sig not compatible |
712 testFail("", "-keystore x.jks -storepass wrong -keypass changeit -selfcert"); // bad pass |
712 testFail("", "-keystore x.jks -storetype JKS -storepass wrong -keypass changeit -selfcert"); // bad pass |
713 testFail("", "-keystore x.jks -storepass changeit -keypass wrong -selfcert"); // bad pass |
713 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass wrong -selfcert"); // bad pass |
714 //misc |
714 //misc |
715 testFail("", "-keystore nonexist -storepass changeit -keypass changeit -selfcert"); |
715 testFail("", "-keystore nonexist -storepass changeit -keypass changeit -selfcert"); |
716 testFail("", "-keystore aa//dd\\gg -storepass changeit -keypass changeit -selfcert"); |
716 testFail("", "-keystore aa//dd\\gg -storepass changeit -keypass changeit -selfcert"); |
717 // diff pass |
717 // diff pass |
718 remove("x.jks"); |
718 remove("x.jks"); |
719 testOK("", "-keystore x.jks -storepass changeit -keypass keypass -genkeypair -dname CN=olala"); |
719 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass keypass -genkeypair -dname CN=olala"); |
720 testFail("", "-keystore x.jks -storepass changeit -selfcert"); |
720 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert"); |
721 testOK("keypass\n", "-keystore x.jks -storepass changeit -selfcert"); |
721 testOK("keypass\n", "-keystore x.jks -storetype JKS -storepass changeit -selfcert"); |
722 |
722 |
723 testOK("", "-keystore x.jks -storepass changeit -exportcert -file x.jks.p1.cert"); |
723 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert"); |
724 testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey"); |
724 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
725 testOK("", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
725 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
726 testFail("", "-keystore x.jks -storepass changeit -selfcert"); // certentry cannot do selfcert |
726 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert"); // certentry cannot do selfcert |
727 remove("x.jks"); |
727 remove("x.jks"); |
728 } |
728 } |
729 // storepass: bad old, short new, misc |
729 // storepass: bad old, short new, misc |
730 void sqeStorepassTest() throws Exception { |
730 void sqeStorepassTest() throws Exception { |
731 remove("x.jks"); |
731 remove("x.jks"); |
732 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
732 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
733 testOK("", "-storepasswd -keystore x.jks -storepass changeit -new newstore"); // all in arg |
733 testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass changeit -new newstore"); // all in arg |
734 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storepass newstore -new changeit"); |
734 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit"); |
735 testOK("changeit\nnewstore\nnewstore\n", "-storepasswd -keystore x.jks"); // all not in arg, new twice |
735 testOK("changeit\nnewstore\nnewstore\n", "-storepasswd -keystore x.jks -storetype JKS"); // all not in arg, new twice |
736 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storepass newstore -new changeit"); |
736 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit"); |
737 testOK("changeit\n", "-storepasswd -keystore x.jks -new newstore"); // new in arg |
737 testOK("changeit\n", "-storepasswd -keystore x.jks -storetype JKS -new newstore"); // new in arg |
738 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storepass newstore -new changeit"); |
738 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit"); |
739 testOK("newstore\nnewstore\n", "-storepasswd -keystore x.jks -storepass changeit"); // old in arg |
739 testOK("newstore\nnewstore\n", "-storepasswd -keystore x.jks -storetype JKS -storepass changeit"); // old in arg |
740 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storepass newstore -new changeit"); |
740 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit"); |
741 testOK("new\nnew\nnewstore\nnewstore\n", "-storepasswd -keystore x.jks -storepass changeit"); // old in arg |
741 testOK("new\nnew\nnewstore\nnewstore\n", "-storepasswd -keystore x.jks -storetype JKS -storepass changeit"); // old in arg |
742 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storepass newstore -new changeit"); |
742 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit"); |
743 testFail("", "-storepasswd -keystore x.jks -storepass badold -new newstore"); // bad old |
743 testFail("", "-storepasswd -keystore x.jks -storetype JKS -storepass badold -new newstore"); // bad old |
744 testFail("", "-storepasswd -keystore x.jks -storepass changeit -new new"); // short new |
744 testFail("", "-storepasswd -keystore x.jks -storetype JKS -storepass changeit -new new"); // short new |
745 // misc |
745 // misc |
746 testFail("", "-storepasswd -keystore nonexist -storepass changeit -new newstore"); // non exist |
746 testFail("", "-storepasswd -keystore nonexist -storepass changeit -new newstore"); // non exist |
747 testFail("", "-storepasswd -keystore badkeystore -storepass changeit -new newstore"); // bad file |
747 testFail("", "-storepasswd -keystore badkeystore -storepass changeit -new newstore"); // bad file |
748 testFail("", "-storepasswd -keystore aa\\bb//cc//dd -storepass changeit -new newstore"); // bad file |
748 testFail("", "-storepasswd -keystore aa\\bb//cc//dd -storepass changeit -new newstore"); // bad file |
749 remove("x.jks"); |
749 remove("x.jks"); |
750 } |
750 } |
751 |
751 |
752 void sqeGenkeyTest() throws Exception { |
752 void sqeGenkeyTest() throws Exception { |
753 |
753 |
754 remove("x.jks"); |
754 remove("x.jks"); |
755 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
755 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
756 testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
756 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
757 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias newentry"); |
757 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias newentry"); |
758 testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias newentry"); |
758 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias newentry"); |
759 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg DSA -alias n1"); |
759 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg DSA -alias n1"); |
760 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -alias n2"); |
760 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -alias n2"); |
761 testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg NoSuchAlg -alias n3"); |
761 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg NoSuchAlg -alias n3"); |
762 testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 56 -alias n4"); |
762 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 56 -alias n4"); |
763 testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 999 -alias n5"); |
763 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 999 -alias n5"); |
764 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 512 -alias n6"); |
764 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 512 -alias n6"); |
765 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 1024 -alias n7"); |
765 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 1024 -alias n7"); |
766 testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -sigalg NoSuchAlg -alias n8"); |
766 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -sigalg NoSuchAlg -alias n8"); |
767 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg MD2withRSA -alias n9"); |
767 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg MD2withRSA -alias n9"); |
768 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg MD5withRSA -alias n10"); |
768 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg MD5withRSA -alias n10"); |
769 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg SHA1withRSA -alias n11"); |
769 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg SHA1withRSA -alias n11"); |
770 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg NoSuchAlg -alias n12"); |
770 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg NoSuchAlg -alias n12"); |
771 testFail("", "-keystore badkeystore -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias n14"); |
771 testFail("", "-keystore badkeystore -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias n14"); |
772 testFail("", "-keystore x.jks -storepass badpass -keypass changeit -genkeypair -dname CN=olala -alias n16"); |
772 testFail("", "-keystore x.jks -storetype JKS -storepass badpass -keypass changeit -genkeypair -dname CN=olala -alias n16"); |
773 testFail("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CNN=olala -alias n17"); |
773 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CNN=olala -alias n17"); |
774 remove("x.jks"); |
774 remove("x.jks"); |
775 } |
775 } |
776 |
776 |
777 void sqeExportTest() throws Exception { |
777 void sqeExportTest() throws Exception { |
778 remove("x.jks"); |
778 remove("x.jks"); |
779 testFail("", "-keystore x.jks -storepass changeit -export -file mykey.cert -alias mykey"); // nonexist |
779 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -export -file mykey.cert -alias mykey"); // nonexist |
780 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
780 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
781 testOK("", "-keystore x.jks -storepass changeit -export -file mykey.cert -alias mykey"); |
781 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -export -file mykey.cert -alias mykey"); |
782 testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey"); |
782 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
783 testOK("", "-keystore x.jks -storepass changeit -import -file mykey.cert -noprompt -alias c1"); |
783 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -import -file mykey.cert -noprompt -alias c1"); |
784 testOK("", "-keystore x.jks -storepass changeit -export -file mykey.cert2 -alias c1"); |
784 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -export -file mykey.cert2 -alias c1"); |
785 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit -export -file mykey.cert2 -alias c1"); |
785 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit -export -file mykey.cert2 -alias c1"); |
786 testFail("", "-keystore nonexistkeystore -storepass changeit -export -file mykey.cert2 -alias c1"); |
786 testFail("", "-keystore nonexistkeystore -storepass changeit -export -file mykey.cert2 -alias c1"); |
787 testFail("", "-keystore badkeystore -storepass changeit -export -file mykey.cert2 -alias c1"); |
787 testFail("", "-keystore badkeystore -storepass changeit -export -file mykey.cert2 -alias c1"); |
788 testFail("", "-keystore x.jks -storepass badpass -export -file mykey.cert2 -alias c1"); |
788 testFail("", "-keystore x.jks -storetype JKS -storepass badpass -export -file mykey.cert2 -alias c1"); |
789 remove("mykey.cert"); |
789 remove("mykey.cert"); |
790 remove("mykey.cert2"); |
790 remove("mykey.cert2"); |
791 remove("x.jks"); |
791 remove("x.jks"); |
792 } |
792 } |
793 |
793 |
794 void sqeDeleteTest() throws Exception { |
794 void sqeDeleteTest() throws Exception { |
795 remove("x.jks"); |
795 remove("x.jks"); |
796 testFail("", "-keystore x.jks -storepass changeit -delete -alias mykey"); // nonexist |
796 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); // nonexist |
797 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
797 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
798 testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey"); |
798 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
799 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
799 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
800 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit -delete -alias mykey"); // keystore name illegal |
800 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit -delete -alias mykey"); // keystore name illegal |
801 testFail("", "-keystore nonexistkeystore -storepass changeit -delete -alias mykey"); // keystore not exist |
801 testFail("", "-keystore nonexistkeystore -storepass changeit -delete -alias mykey"); // keystore not exist |
802 testFail("", "-keystore badkeystore -storepass changeit -delete -alias mykey"); // keystore invalid |
802 testFail("", "-keystore badkeystore -storepass changeit -delete -alias mykey"); // keystore invalid |
803 testFail("", "-keystore x.jks -storepass xxxxxxxx -delete -alias mykey"); // wrong pass |
803 testFail("", "-keystore x.jks -storetype JKS -storepass xxxxxxxx -delete -alias mykey"); // wrong pass |
804 remove("x.jks"); |
804 remove("x.jks"); |
805 } |
805 } |
806 |
806 |
807 void sqeCsrTest() throws Exception { |
807 void sqeCsrTest() throws Exception { |
808 remove("x.jks"); |
808 remove("x.jks"); |
809 remove("x.jks.p1.cert"); |
809 remove("x.jks.p1.cert"); |
810 remove("csr1"); |
810 remove("csr1"); |
811 // PrivateKeyEntry can do certreq |
811 // PrivateKeyEntry can do certreq |
812 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 1024"); |
812 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 1024"); |
813 testOK("", "-keystore x.jks -storepass changeit -certreq -file csr1 -alias mykey"); |
813 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -alias mykey"); |
814 testOK("", "-keystore x.jks -storepass changeit -certreq -file csr1"); |
814 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1"); |
815 testOK("", "-keystore x.jks -storepass changeit -certreq -file csr1 -sigalg SHA1withDSA"); |
815 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -sigalg SHA1withDSA"); |
816 testFail("", "-keystore x.jks -storepass changeit -certreq -file csr1 -sigalg MD5withRSA"); // unmatched sigalg |
816 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -sigalg MD5withRSA"); // unmatched sigalg |
817 // misc test |
817 // misc test |
818 testFail("", "-keystore x.jks -storepass badstorepass -certreq -file csr1"); // bad storepass |
818 testFail("", "-keystore x.jks -storetype JKS -storepass badstorepass -certreq -file csr1"); // bad storepass |
819 testOK("changeit\n", "-keystore x.jks -certreq -file csr1"); // storepass from terminal |
819 testOK("changeit\n", "-keystore x.jks -storetype JKS -certreq -file csr1"); // storepass from terminal |
820 testFail("\n", "-keystore x.jks -certreq -file csr1"); // must provide storepass |
820 testFail("\n", "-keystore x.jks -storetype JKS -certreq -file csr1"); // must provide storepass |
821 testFail("", "-keystore x.jks -storepass changeit -keypass badkeypass -certreq -file csr1"); // bad keypass |
821 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass badkeypass -certreq -file csr1"); // bad keypass |
822 testFail("", "-keystore x.jks -storepass changeit -certreq -file aa\\bb//cc\\dd"); // bad filepath |
822 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file aa\\bb//cc\\dd"); // bad filepath |
823 testFail("", "-keystore noexistks -storepass changeit -certreq -file csr1"); // non-existing keystore |
823 testFail("", "-keystore noexistks -storepass changeit -certreq -file csr1"); // non-existing keystore |
824 // Try the RSA private key |
824 // Try the RSA private key |
825 testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey"); |
825 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
826 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA"); |
826 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA"); |
827 testOK("", "-keystore x.jks -storepass changeit -certreq -file csr1 -alias mykey"); |
827 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -alias mykey"); |
828 testOK("", "-keystore x.jks -storepass changeit -certreq -file csr1"); |
828 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1"); |
829 testFail("", "-keystore x.jks -storepass changeit -certreq -file csr1 -sigalg SHA1withDSA"); // unmatched sigalg |
829 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -sigalg SHA1withDSA"); // unmatched sigalg |
830 testOK("", "-keystore x.jks -storepass changeit -certreq -file csr1 -sigalg MD5withRSA"); |
830 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -sigalg MD5withRSA"); |
831 // TrustedCertificateEntry cannot do certreq |
831 // TrustedCertificateEntry cannot do certreq |
832 testOK("", "-keystore x.jks -storepass changeit -exportcert -file x.jks.p1.cert"); |
832 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert"); |
833 testOK("", "-keystore x.jks -storepass changeit -delete -alias mykey"); |
833 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
834 testOK("", "-keystore x.jks -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
834 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
835 testFail("", "-keystore x.jks -storepass changeit -certreq -file csr1 -alias mykey"); |
835 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -alias mykey"); |
836 testFail("", "-keystore x.jks -storepass changeit -certreq -file csr1"); |
836 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1"); |
837 remove("x.jks"); |
837 remove("x.jks"); |
838 remove("x.jks.p1.cert"); |
838 remove("x.jks.p1.cert"); |
839 remove("csr1"); |
839 remove("csr1"); |
840 } |
840 } |
841 |
841 |
842 void sqePrintcertTest() throws Exception { |
842 void sqePrintcertTest() throws Exception { |
843 remove("x.jks"); |
843 remove("x.jks"); |
844 remove("mykey.cert"); |
844 remove("mykey.cert"); |
845 testOK("", "-keystore x.jks -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
845 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
846 testOK("", "-keystore x.jks -storepass changeit -export -file mykey.cert -alias mykey"); |
846 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -export -file mykey.cert -alias mykey"); |
847 testFail("", "-printcert -file badkeystore"); |
847 testFail("", "-printcert -file badkeystore"); |
848 testFail("", "-printcert -file a/b/c/d"); |
848 testFail("", "-printcert -file a/b/c/d"); |
849 testOK("", "-printcert -file mykey.cert"); |
849 testOK("", "-printcert -file mykey.cert"); |
850 FileInputStream fin = new FileInputStream("mykey.cert"); |
850 FileInputStream fin = new FileInputStream("mykey.cert"); |
851 testOK(fin, "-printcert"); |
851 testOK(fin, "-printcert"); |