1 /*

     2  * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.

     8  *

     9  * This code is distributed in the hope that it will be useful, but WITHOUT

    10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    12  * version 2 for more details (a copy is included in the LICENSE file that

    13  * accompanied this code).

    14  *

    15  * You should have received a copy of the GNU General Public License version

    16  * 2 along with this work; if not, write to the Free Software Foundation,

    17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    18  *

    19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    20  * or visit www.oracle.com if you need additional information or have any

    21  * questions.

    22  */

    23 

    24 /*

    25  * @test

    26  * @bug 8172244

    27  * @summary Verify that no exception is thrown with empty cert chain

    28  *    in MSCAPI.

    29  * @requires os.family == "windows"

    30  * @modules java.base/sun.security.tools.keytool java.base/sun.security.x509

    31  * @run main/othervm --add-opens java.base/java.security=ALL-UNNAMED

    32  *      KeyStoreEmptyCertChain

    33  */

    34 

    35 import java.security.KeyStore;

    36 import java.security.cert.Certificate;

    37 import sun.security.x509.X500Name;

    38 import sun.security.tools.keytool.CertAndKeyGen;

    39 import java.security.KeyPairGenerator;

    40 import java.security.KeyPair;

    41 import java.security.PrivateKey;

    42 import java.security.KeyStoreSpi;

    43 import java.lang.reflect.*;

    44 

    45 public class KeyStoreEmptyCertChain {

    46 

    47     public static void main(String[] args) {

    48 

    49         try {

    50 

    51             KeyStore keyStore = KeyStore.getInstance("Windows-MY", "SunMSCAPI");

    52             keyStore.load(null, null);

    53 

    54             // Generate a certificate to use for testing

    55             CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA");

    56             gen.generate(2048);

    57             Certificate cert =

    58                 gen.getSelfCertificate(new X500Name("CN=test"), 3600);

    59             String alias = "JDK-8172244";

    60             char[] password = "password".toCharArray();

    61             KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");

    62 

    63             // generate a private key for the certificate

    64             kpg.initialize(2048);

    65             KeyPair keyPair = kpg.generateKeyPair();

    66             PrivateKey privKey = keyPair.getPrivate();

    67             // need to bypass checks to store the private key without the cert

    68             Field spiField = KeyStore.class.getDeclaredField("keyStoreSpi");

    69             spiField.setAccessible(true);

    70             KeyStoreSpi spi = (KeyStoreSpi) spiField.get(keyStore);

    71             spi.engineSetKeyEntry(alias, privKey, password, new Certificate[0]);

    72             keyStore.store(null, null);

    73 

    74             keyStore.getCertificateAlias(cert);

    75             keyStore.deleteEntry(alias);

    76             // test passes if no exception is thrown

    77         } catch (Exception ex) {

    78             throw new RuntimeException(ex);

    79         }

    80     }

    81 }