326 remove("x.jks.p1.cert"); |
338 remove("x.jks.p1.cert"); |
327 |
339 |
328 // name changes: genkeypair, importcert, exportcert |
340 // name changes: genkeypair, importcert, exportcert |
329 remove("x.jks"); |
341 remove("x.jks"); |
330 remove("x.jks.p1.cert"); |
342 remove("x.jks.p1.cert"); |
331 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -alias p1 -dname CN=olala"); |
343 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
332 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -alias p1 -file x.jks.p1.cert"); |
344 "-keypass changeit -genkeypair -alias p1 -dname CN=olala"); |
|
345 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
346 "-exportcert -alias p1 -file x.jks.p1.cert"); |
333 ks = loadStore("x.jks", "changeit", "JKS"); |
347 ks = loadStore("x.jks", "changeit", "JKS"); |
334 assertTrue(ks.getKey("p1", "changeit".toCharArray()) != null, |
348 assertTrue(ks.getKey("p1", "changeit".toCharArray()) != null, |
335 "key not DSA"); |
349 "key not DSA"); |
336 assertTrue(new File("x.jks.p1.cert").exists(), "p1 export err"); |
350 assertTrue(new File("x.jks.p1.cert").exists(), "p1 export err"); |
337 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias p1"); |
351 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
338 testOK("y\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -alias c1 -file x.jks.p1.cert"); // importcert, prompt for Yes/No |
352 "-delete -alias p1"); |
339 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -alias c2 -file x.jks.p1.cert -noprompt"); // importcert, -noprompt |
353 // importcert, prompt for Yes/No |
|
354 testOK("y\n", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
355 "-importcert -alias c1 -file x.jks.p1.cert"); |
|
356 // importcert, -noprompt |
|
357 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
358 "-importcert -alias c2 -file x.jks.p1.cert -noprompt"); |
340 ks = loadStore("x.jks", "changeit", "JKS"); |
359 ks = loadStore("x.jks", "changeit", "JKS"); |
341 assertTrue(ks.getCertificate("c1") != null, "import c1 err"); |
360 assertTrue(ks.getCertificate("c1") != null, "import c1 err"); |
342 |
361 |
343 // v3 |
362 // v3 |
344 byte[] encoded = ks.getCertificate("c1").getEncoded(); |
363 byte[] encoded = ks.getCertificate("c1").getEncoded(); |
345 X509CertImpl certImpl = new X509CertImpl(encoded); |
364 X509CertImpl certImpl = new X509CertImpl(encoded); |
346 assertTrue(certImpl.getVersion() == 3, "Version is not 3"); |
365 assertTrue(certImpl.getVersion() == 3, "Version is not 3"); |
347 |
366 |
348 // changealias and keyclone |
367 // changealias and keyclone |
349 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -alias p1 -dname CN=olala"); |
368 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
350 testOK("changeit\n", "-keystore x.jks -storetype JKS -changealias -alias p1 -destalias p11"); |
369 "-keypass changeit -genkeypair -alias p1 -dname CN=olala"); |
351 testOK("changeit\n", "-keystore x.jks -storetype JKS -changealias -alias c1 -destalias c11"); |
370 testOK("changeit\n", "-keystore x.jks -storetype JKS " + |
352 testOK("changeit\n\n", "-keystore x.jks -storetype JKS -keyclone -alias p11 -destalias p111"); // press ENTER when prompt for p111's keypass |
371 "-changealias -alias p1 -destalias p11"); |
|
372 testOK("changeit\n", "-keystore x.jks -storetype JKS " + |
|
373 "-changealias -alias c1 -destalias c11"); |
|
374 // press ENTER when prompt for p111's keypass |
|
375 testOK("changeit\n\n", "-keystore x.jks -storetype JKS " + |
|
376 "-keyclone -alias p11 -destalias p111"); |
353 ks = loadStore("x.jks", "changeit", "JKS"); |
377 ks = loadStore("x.jks", "changeit", "JKS"); |
354 assertTrue(!ks.containsAlias("p1"), "there is no p1"); |
378 assertTrue(!ks.containsAlias("p1"), "there is no p1"); |
355 assertTrue(!ks.containsAlias("c1"), "there is no c1"); |
379 assertTrue(!ks.containsAlias("c1"), "there is no c1"); |
356 assertTrue(ks.containsAlias("p11"), "there is p11"); |
380 assertTrue(ks.containsAlias("p11"), "there is p11"); |
357 assertTrue(ks.containsAlias("c11"), "there is c11"); |
381 assertTrue(ks.containsAlias("c11"), "there is c11"); |
358 assertTrue(ks.containsAlias("p111"), "there is p111"); |
382 assertTrue(ks.containsAlias("p111"), "there is p111"); |
359 |
383 |
360 // genSecKey |
384 // genSecKey |
361 remove("x.jceks"); |
385 remove("x.jceks"); |
362 testOK("changeit\nchangeit\n\n", "-keystore x.jceks -storetype JCEKS -genseckey -alias s1"); // DES, no need keysize |
386 // DES, no need keysize |
363 testFail("changeit\n\n", "-keystore x.jceks -storetype JCEKS -genseckey -alias s11 -keysize 128"); // DES, keysize cannot be 128 |
387 testOK("changeit\nchangeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
364 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS -genseckey -keyalg DESede -alias s2"); // DESede. no need keysize |
388 "-genseckey -alias s1"); |
365 testFail("changeit\n\n", "-keystore x.jceks -storetype AES -genseckey -keyalg Rijndael -alias s3"); // AES, need keysize |
389 // DES, keysize cannot be 128 |
366 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS -genseckey -keyalg AES -alias s3 -keysize 128"); |
390 testFail("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
367 // about keypass |
391 "-genseckey -alias s11 -keysize 128"); |
368 testOK("\n", "-keystore x.jceks -storetype JCEKS -storepass changeit -genseckey -alias s4"); // can accept storepass |
392 // DESede. no need keysize |
369 testOK("keypass\nkeypass\n", "-keystore x.jceks -storetype JCEKS -storepass changeit -genseckey -alias s5"); // or a new one |
393 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
370 testOK("bad\n\bad\nkeypass\nkeypass\n", "-keystore x.jceks -storetype JCEKS -storepass changeit -genseckey -alias s6"); // keypass must be valid (prompt 3 times) |
394 "-genseckey -keyalg DESede -alias s2"); |
371 testFail("bad\n\bad\nbad\n", "-keystore x.jceks -storetype JCEKS -storepass changeit -genseckey -alias s7"); // keypass must be valid (prompt 3 times) |
395 // AES, need keysize |
372 testFail("bad\n\bad\nbad\nkeypass\n", "-keystore x.jceks -storetype JCEKS -storepass changeit -genseckey -alias s7"); // keypass must be valid (prompt 3 times) |
396 testFail("changeit\n\n", "-keystore x.jceks -storetype AES " + |
|
397 "-genseckey -keyalg Rijndael -alias s3"); |
|
398 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
|
399 "-genseckey -keyalg AES -alias s3 -keysize 128"); |
|
400 // about keypass |
|
401 // can accept storepass |
|
402 testOK("\n", "-keystore x.jceks -storetype JCEKS -storepass changeit " + |
|
403 "-genseckey -alias s4"); |
|
404 // or a new one |
|
405 testOK("keypass\nkeypass\n", "-keystore x.jceks -storetype JCEKS " + |
|
406 "-storepass changeit -genseckey -alias s5"); |
|
407 // keypass must be valid (prompt 3 times) |
|
408 testOK("bad\n\bad\nkeypass\nkeypass\n", "-keystore x.jceks " + |
|
409 "-storetype JCEKS -storepass changeit -genseckey -alias s6"); |
|
410 // keypass must be valid (prompt 3 times) |
|
411 testFail("bad\n\bad\nbad\n", "-keystore x.jceks -storetype JCEKS " + |
|
412 "-storepass changeit -genseckey -alias s7"); |
|
413 // keypass must be valid (prompt 3 times) |
|
414 testFail("bad\n\bad\nbad\nkeypass\n", "-keystore x.jceks " + |
|
415 "-storetype JCEKS -storepass changeit -genseckey -alias s7"); |
373 ks = loadStore("x.jceks", "changeit", "JCEKS"); |
416 ks = loadStore("x.jceks", "changeit", "JCEKS"); |
374 assertTrue(ks.getKey("s1", "changeit".toCharArray()).getAlgorithm().equalsIgnoreCase("DES"), "s1 is DES"); |
417 assertTrue(ks.getKey("s1", "changeit".toCharArray()) |
375 assertTrue(ks.getKey("s1", "changeit".toCharArray()).getEncoded().length == 8, "DES is 56"); |
418 .getAlgorithm().equalsIgnoreCase("DES"), "s1 is DES"); |
376 assertTrue(ks.getKey("s2", "changeit".toCharArray()).getEncoded().length == 24, "DESede is 168"); |
419 assertTrue(ks.getKey("s1", "changeit".toCharArray()) |
377 assertTrue(ks.getKey("s2", "changeit".toCharArray()).getAlgorithm().equalsIgnoreCase("DESede"), "s2 is DESede"); |
420 .getEncoded().length == 8, "DES is 56"); |
378 assertTrue(ks.getKey("s3", "changeit".toCharArray()).getAlgorithm().equalsIgnoreCase("AES"), "s3 is AES"); |
421 assertTrue(ks.getKey("s2", "changeit".toCharArray()) |
379 assertTrue(ks.getKey("s4", "changeit".toCharArray()).getAlgorithm().equalsIgnoreCase("DES"), "s4 is DES"); |
422 .getEncoded().length == 24, "DESede is 168"); |
380 assertTrue(ks.getKey("s5", "keypass".toCharArray()).getAlgorithm().equalsIgnoreCase("DES"), "s5 is DES"); |
423 assertTrue(ks.getKey("s2", "changeit".toCharArray()) |
381 assertTrue(ks.getKey("s6", "keypass".toCharArray()).getAlgorithm().equalsIgnoreCase("DES"), "s6 is DES"); |
424 .getAlgorithm().equalsIgnoreCase("DESede"), "s2 is DESede"); |
|
425 assertTrue(ks.getKey("s3", "changeit".toCharArray()) |
|
426 .getAlgorithm().equalsIgnoreCase("AES"), "s3 is AES"); |
|
427 assertTrue(ks.getKey("s4", "changeit".toCharArray()) |
|
428 .getAlgorithm().equalsIgnoreCase("DES"), "s4 is DES"); |
|
429 assertTrue(ks.getKey("s5", "keypass".toCharArray()) |
|
430 .getAlgorithm().equalsIgnoreCase("DES"), "s5 is DES"); |
|
431 assertTrue(ks.getKey("s6", "keypass".toCharArray()) |
|
432 .getAlgorithm().equalsIgnoreCase("DES"), "s6 is DES"); |
382 assertTrue(!ks.containsAlias("s7"), "s7 not created"); |
433 assertTrue(!ks.containsAlias("s7"), "s7 not created"); |
383 |
434 |
384 // maybe we needn't test this, one day JKS will support SecretKey |
435 // maybe we needn't test this, one day JKS will support SecretKey |
385 //testFail("changeit\nchangeit\n", "-keystore x.jks -storetype JKS -genseckey -keyalg AES -alias s3 -keysize 128"); |
436 //testFail("changeit\nchangeit\n", "-keystore x.jks -storetype JKS " + |
|
437 // "-genseckey -keyalg AES -alias s3 -keysize 128"); |
386 |
438 |
387 // importKeyStore |
439 // importKeyStore |
388 remove("x.jks"); |
440 remove("x.jks"); |
389 remove("x.jceks"); |
441 remove("x.jceks"); |
390 testOK("changeit\nchangeit\n\n", "-keystore x.jceks -storetype JCEKS -genkeypair -alias p1 -dname CN=Olala"); // create 2 entries... |
442 // create 2 entries... |
391 testOK("", "-keystore x.jceks -storetype JCEKS -storepass changeit -importcert -alias c1 -file x.jks.p1.cert -noprompt"); // ... |
443 testOK("changeit\nchangeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
|
444 "-genkeypair -alias p1 -dname CN=Olala"); |
|
445 testOK("", "-keystore x.jceks -storetype JCEKS -storepass changeit " + |
|
446 "-importcert -alias c1 -file x.jks.p1.cert -noprompt"); |
392 ks = loadStore("x.jceks", "changeit", "JCEKS"); |
447 ks = loadStore("x.jceks", "changeit", "JCEKS"); |
393 assertTrue(ks.size() == 2, "2 entries in JCEKS"); |
448 assertTrue(ks.size() == 2, "2 entries in JCEKS"); |
394 // import, shouldn't mention destalias/srckeypass/destkeypass if srcalias is no given |
449 // import, shouldn't mention destalias/srckeypass/destkeypass |
395 testFail("changeit\nchangeit\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -destalias pp"); |
450 // if srcalias is no given |
396 testFail("changeit\nchangeit\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srckeypass changeit"); |
451 testFail("changeit\nchangeit\n", "-importkeystore " + |
397 testFail("changeit\nchangeit\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -destkeypass changeit"); |
452 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
453 "-destkeystore x.jks -deststoretype JKS -destalias pp"); |
|
454 testFail("changeit\nchangeit\n", "-importkeystore " + |
|
455 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
456 "-destkeystore x.jks -deststoretype JKS -srckeypass changeit"); |
|
457 testFail("changeit\nchangeit\n", "-importkeystore " + |
|
458 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
459 "-destkeystore x.jks -deststoretype JKS -destkeypass changeit"); |
398 // normal import |
460 // normal import |
399 testOK("changeit\nchangeit\nchangeit\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS"); |
461 testOK("changeit\nchangeit\nchangeit\n", "-importkeystore " + |
|
462 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
463 "-destkeystore x.jks -deststoretype JKS"); |
400 ks = loadStore("x.jks", "changeit", "JKS"); |
464 ks = loadStore("x.jks", "changeit", "JKS"); |
401 assertTrue(ks.size() == 2, "2 entries in JKS"); |
465 assertTrue(ks.size() == 2, "2 entries in JKS"); |
402 // import again, type yes to overwrite old entries |
466 // import again, type yes to overwrite old entries |
403 testOK("changeit\nchangeit\ny\ny\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS"); |
467 testOK("changeit\nchangeit\ny\ny\n", "-importkeystore " + |
|
468 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
469 "-destkeystore x.jks -deststoretype JKS"); |
404 ks = loadStore("x.jks", "changeit", "JKS"); |
470 ks = loadStore("x.jks", "changeit", "JKS"); |
405 // import again, specify -nopromt |
471 // import again, specify -nopromt |
406 testOK("changeit\nchangeit\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -noprompt"); |
472 testOK("changeit\nchangeit\n", "-importkeystore " + |
|
473 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
474 "-destkeystore x.jks -deststoretype JKS -noprompt"); |
407 assertTrue(err.indexOf("Warning") != -1, "noprompt will warn"); |
475 assertTrue(err.indexOf("Warning") != -1, "noprompt will warn"); |
408 ks = loadStore("x.jks", "changeit", "JKS"); |
476 ks = loadStore("x.jks", "changeit", "JKS"); |
409 assertTrue(ks.size() == 2, "2 entries in JKS"); |
477 assertTrue(ks.size() == 2, "2 entries in JKS"); |
410 // import again, type into new aliases when prompted |
478 // import again, type into new aliases when prompted |
411 testOK("changeit\nchangeit\n\ns1\n\ns2\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS"); |
479 testOK("changeit\nchangeit\n\ns1\n\ns2\n", "-importkeystore " + |
|
480 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
481 "-destkeystore x.jks -deststoretype JKS"); |
412 ks = loadStore("x.jks", "changeit", "JKS"); |
482 ks = loadStore("x.jks", "changeit", "JKS"); |
413 assertTrue(ks.size() == 4, "4 entries in JKS"); |
483 assertTrue(ks.size() == 4, "4 entries in JKS"); |
414 |
484 |
415 // importkeystore single |
485 // importkeystore single |
416 remove("x.jks"); |
486 // normal |
417 testOK("changeit\nchangeit\nchangeit\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srcalias p1"); // normal |
487 remove("x.jks"); |
|
488 testOK("changeit\nchangeit\nchangeit\n", "-importkeystore " + |
|
489 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
490 "-destkeystore x.jks -deststoretype JKS -srcalias p1"); |
418 ks = loadStore("x.jks", "changeit", "JKS"); |
491 ks = loadStore("x.jks", "changeit", "JKS"); |
419 assertTrue(ks.size() == 1, "1 entries in JKS"); |
492 assertTrue(ks.size() == 1, "1 entries in JKS"); |
420 testOK("changeit\nchangeit\ny\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srcalias p1"); // overwrite |
493 // overwrite |
|
494 testOK("changeit\nchangeit\ny\n", "-importkeystore " + |
|
495 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
496 "-destkeystore x.jks -deststoretype JKS -srcalias p1"); |
421 ks = loadStore("x.jks", "changeit", "JKS"); |
497 ks = loadStore("x.jks", "changeit", "JKS"); |
422 assertTrue(ks.size() == 1, "1 entries in JKS"); |
498 assertTrue(ks.size() == 1, "1 entries in JKS"); |
423 testOK("changeit\nchangeit\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srcalias p1 -noprompt"); // noprompt |
499 // noprompt |
|
500 testOK("changeit\nchangeit\n", "-importkeystore " + |
|
501 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
502 "-destkeystore x.jks -deststoretype JKS " + |
|
503 "-srcalias p1 -noprompt"); |
424 ks = loadStore("x.jks", "changeit", "JKS"); |
504 ks = loadStore("x.jks", "changeit", "JKS"); |
425 assertTrue(ks.size() == 1, "1 entries in JKS"); |
505 assertTrue(ks.size() == 1, "1 entries in JKS"); |
426 testOK("changeit\nchangeit\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srcalias p1 -destalias p2"); // rename |
506 // rename |
|
507 testOK("changeit\nchangeit\n", "-importkeystore " + |
|
508 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
509 "-destkeystore x.jks -deststoretype JKS " + |
|
510 "-srcalias p1 -destalias p2"); |
427 ks = loadStore("x.jks", "changeit", "JKS"); |
511 ks = loadStore("x.jks", "changeit", "JKS"); |
428 assertTrue(ks.size() == 2, "2 entries in JKS"); |
512 assertTrue(ks.size() == 2, "2 entries in JKS"); |
429 testOK("changeit\nchangeit\n\nnewalias\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srcalias p1"); // another rename |
513 // another rename |
|
514 testOK("changeit\nchangeit\n\nnewalias\n", "-importkeystore " + |
|
515 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
516 "-destkeystore x.jks -deststoretype JKS -srcalias p1"); |
430 ks = loadStore("x.jks", "changeit", "JKS"); |
517 ks = loadStore("x.jks", "changeit", "JKS"); |
431 assertTrue(ks.size() == 3, "3 entries in JKS"); |
518 assertTrue(ks.size() == 3, "3 entries in JKS"); |
432 |
519 |
433 // importkeystore single, different keypass |
520 // importkeystore single, different keypass |
434 remove("x.jks"); |
521 remove("x.jks"); |
435 testOK("changeit\nkeypass\nkeypass\n", "-keystore x.jceks -storetype JCEKS -genkeypair -alias p2 -dname CN=Olala"); // generate entry with different keypass |
522 // generate entry with different keypass |
436 testOK("changeit\nchangeit\nchangeit\nkeypass\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srcalias p2"); // prompt |
523 testOK("changeit\nkeypass\nkeypass\n", "-keystore x.jceks " + |
|
524 "-storetype JCEKS -genkeypair -alias p2 -dname CN=Olala"); |
|
525 // prompt |
|
526 testOK("changeit\nchangeit\nchangeit\nkeypass\n", "-importkeystore " + |
|
527 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
528 "-destkeystore x.jks -deststoretype JKS -srcalias p2"); |
437 ks = loadStore("x.jks", "changeit", "JKS"); |
529 ks = loadStore("x.jks", "changeit", "JKS"); |
438 assertTrue(ks.size() == 1, "1 entries in JKS"); |
530 assertTrue(ks.size() == 1, "1 entries in JKS"); |
439 testOK("changeit\nchangeit\nkeypass\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srcalias p2 -destalias p3 -destkeypass keypass2"); // diff destkeypass |
531 // diff destkeypass |
|
532 testOK("changeit\nchangeit\nkeypass\n", "-importkeystore " + |
|
533 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
534 "-destkeystore x.jks -deststoretype JKS " + |
|
535 "-srcalias p2 -destalias p3 -destkeypass keypass2"); |
440 ks = loadStore("x.jks", "changeit", "JKS"); |
536 ks = loadStore("x.jks", "changeit", "JKS"); |
441 assertTrue(ks.size() == 2, "2 entries in JKS"); |
537 assertTrue(ks.size() == 2, "2 entries in JKS"); |
442 assertTrue(ks.getKey("p2", "keypass".toCharArray()) != null, "p2 has old password"); |
538 assertTrue(ks.getKey("p2", "keypass".toCharArray()) != null, |
443 assertTrue(ks.getKey("p3", "keypass2".toCharArray()) != null, "p3 has new password"); |
539 "p2 has old password"); |
|
540 assertTrue(ks.getKey("p3", "keypass2".toCharArray()) != null, |
|
541 "p3 has new password"); |
444 |
542 |
445 // importkeystore single, cert |
543 // importkeystore single, cert |
446 remove("x.jks"); |
544 remove("x.jks"); |
447 testOK("changeit\nchangeit\nchangeit\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srcalias c1"); // normal |
545 // normal |
448 testOK("changeit\n\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srcalias c1 -destalias c2"); // in fact srcstorepass can be ignored |
546 testOK("changeit\nchangeit\nchangeit\n", "-importkeystore " + |
|
547 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
548 "-destkeystore x.jks -deststoretype JKS -srcalias c1"); |
|
549 // in fact srcstorepass can be ignored |
|
550 testOK("changeit\n\n", "-importkeystore " + |
|
551 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
552 "-destkeystore x.jks -deststoretype JKS " + |
|
553 "-srcalias c1 -destalias c2"); |
449 assertTrue(err.indexOf("WARNING") != -1, "But will warn"); |
554 assertTrue(err.indexOf("WARNING") != -1, "But will warn"); |
450 testOK("changeit\n\ny\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srcalias c1 -destalias c2"); // 2nd import, press y to overwrite ... |
555 // 2nd import, press y to overwrite ... |
451 testOK("changeit\n\n\nc3\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srcalias c1 -destalias c2"); // ... or rename |
556 testOK("changeit\n\ny\n", "-importkeystore " + |
452 ks = loadStore("x.jks", "changeit", "JKS"); |
557 "-srckeystore x.jceks -srcstoretype JCEKS " + |
453 assertTrue(ks.size() == 3, "3 entries in JKS"); // c1, c2, c3 |
558 "-destkeystore x.jks -deststoretype JKS " + |
|
559 "-srcalias c1 -destalias c2"); |
|
560 // ... or rename |
|
561 testOK("changeit\n\n\nc3\n", "-importkeystore " + |
|
562 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
563 "-destkeystore x.jks -deststoretype JKS " + |
|
564 "-srcalias c1 -destalias c2"); |
|
565 ks = loadStore("x.jks", "changeit", "JKS"); |
|
566 // c1, c2, c3 |
|
567 assertTrue(ks.size() == 3, "3 entries in JKS"); |
454 |
568 |
455 // importkeystore, secretkey |
569 // importkeystore, secretkey |
456 remove("x.jks"); |
570 remove("x.jks"); |
457 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS -genseckey -alias s1"); // create SecretKeyEntry |
571 // create SecretKeyEntry |
458 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS -genseckey -alias s2"); // create SecretKeyEntry |
572 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
459 testOK("changeit\n", "-keystore x.jceks -storetype JCEKS -delete -alias p2"); // remove the keypass!=storepass one |
573 "-genseckey -alias s1"); |
|
574 // create SecretKeyEntry |
|
575 testOK("changeit\n\n", "-keystore x.jceks -storetype JCEKS " + |
|
576 "-genseckey -alias s2"); |
|
577 // remove the keypass!=storepass one |
|
578 testOK("changeit\n", "-keystore x.jceks -storetype JCEKS " + |
|
579 "-delete -alias p2"); |
460 ks = loadStore("x.jceks", "changeit", "JCEKS"); |
580 ks = loadStore("x.jceks", "changeit", "JCEKS"); |
461 assertTrue(ks.size() == 4, "4 entries in JCEKS"); // p1, c1, s1, s2 |
581 // p1, c1, s1, s2 |
462 testOK("changeit\nchangeit\nchangeit\n", "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS -srcalias s1"); // normal |
582 assertTrue(ks.size() == 4, "4 entries in JCEKS"); |
|
583 // normal |
|
584 testOK("changeit\nchangeit\nchangeit\n", "-importkeystore " + |
|
585 "-srckeystore x.jceks -srcstoretype JCEKS " + |
|
586 "-destkeystore x.jks -deststoretype JKS -srcalias s1"); |
463 assertTrue(err.indexOf("not imported") != -1, "Not imported"); |
587 assertTrue(err.indexOf("not imported") != -1, "Not imported"); |
464 assertTrue(err.indexOf("Cannot store non-PrivateKeys") != -1, "Not imported"); |
588 assertTrue(err.indexOf("Cannot store non-PrivateKeys") != -1, |
465 |
589 "Not imported"); |
466 // Importing a JCEKS keystore to a JKS one. Will warn for the 2 SecretKey entries |
590 |
|
591 // Importing a JCEKS keystore to a JKS one. Will warn |
|
592 // for the 2 SecretKey entries |
467 |
593 |
468 remove("x.jks"); |
594 remove("x.jks"); |
469 // Two "no" answers to bypass warnings |
595 // Two "no" answers to bypass warnings |
470 testOK("\n\n", "-srcstorepass changeit -deststorepass changeit -importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS"); // normal |
596 // normal |
|
597 testOK("\n\n", "-srcstorepass changeit -deststorepass changeit " + |
|
598 "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS " + |
|
599 "-destkeystore x.jks -deststoretype JKS"); |
471 assertTrue(err.indexOf("s1 not") != -1, "s1 not"); |
600 assertTrue(err.indexOf("s1 not") != -1, "s1 not"); |
472 assertTrue(err.indexOf("s2 not") != -1, "s2 not"); |
601 assertTrue(err.indexOf("s2 not") != -1, "s2 not"); |
473 assertTrue(err.indexOf("c1 success") != -1, "c1 success"); |
602 assertTrue(err.indexOf("c1 success") != -1, "c1 success"); |
474 assertTrue(err.indexOf("p1 success") != -1, "p1 success"); |
603 assertTrue(err.indexOf("p1 success") != -1, "p1 success"); |
475 remove("x.jks"); |
604 remove("x.jks"); |
476 // One "yes" to stop |
605 // One "yes" to stop |
477 testOK("yes\n", "-srcstorepass changeit -deststorepass changeit -importkeystore -srckeystore x.jceks -srcstoretype JCEKS -destkeystore x.jks -deststoretype JKS"); // normal |
606 // normal |
478 // maybe c1 or p1 has been imported before s1 or s2 is touched, anyway we know yesNo is only asked once. |
607 testOK("yes\n", "-srcstorepass changeit -deststorepass changeit " + |
|
608 "-importkeystore -srckeystore x.jceks -srcstoretype JCEKS " + |
|
609 "-destkeystore x.jks -deststoretype JKS"); |
|
610 // maybe c1 or p1 has been imported before s1 or s2 is touched, |
|
611 // anyway we know yesNo is only asked once. |
479 |
612 |
480 // pkcs12 |
613 // pkcs12 |
481 remove("x.jks"); |
614 remove("x.jks"); |
482 testFail("changeit\nchangeit\n", "-keystore x.jks -storetype JKS -genkeypair -alias p1 -dname CN=olala"); // JKS prompt for keypass |
615 // JKS prompt for keypass |
483 remove("x.jks"); |
616 testFail("changeit\nchangeit\n", "-keystore x.jks -storetype JKS " + |
484 testOK("changeit\nchangeit\n\n", "-keystore x.jks -storetype JKS -genkeypair -alias p1 -dname CN=olala"); // just type ENTER means keypass=storepass |
617 "-genkeypair -alias p1 -dname CN=olala"); |
|
618 remove("x.jks"); |
|
619 // just type ENTER means keypass=storepass |
|
620 testOK("changeit\nchangeit\n\n", "-keystore x.jks -storetype JKS " + |
|
621 "-genkeypair -alias p1 -dname CN=olala"); |
485 remove("x.p12"); |
622 remove("x.p12"); |
486 testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit -genkeypair -alias p0 -dname CN=olala"); // PKCS12 only need storepass |
623 // PKCS12 only need storepass |
487 testOK("changeit\n", "-keystore x.p12 -storetype PKCS12 -genkeypair -alias p1 -dname CN=olala"); |
624 testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit " + |
488 testOK("changeit\n", "-keystore x.p12 -keypass changeit -storetype PKCS12 -genkeypair -alias p3 -dname CN=olala"); // when specify keypass, make sure keypass==storepass... |
625 "-genkeypair -alias p0 -dname CN=olala"); |
489 assertTrue(err.indexOf("Warning") == -1, "PKCS12 silent when keypass == storepass"); |
626 testOK("changeit\n", "-keystore x.p12 -storetype PKCS12 " + |
490 testOK("changeit\n", "-keystore x.p12 -keypass another -storetype PKCS12 -genkeypair -alias p2 -dname CN=olala"); // otherwise, print a warning |
627 "-genkeypair -alias p1 -dname CN=olala"); |
491 assertTrue(err.indexOf("Warning") != -1, "PKCS12 warning when keypass != storepass"); |
628 // when specify keypass, make sure keypass==storepass... |
492 testFail("", "-keystore x.p12 -storepass changeit -storetype PKCS12 -keypasswd -new changeit -alias p3"); // no -keypasswd for PKCS12 |
629 testOK("changeit\n", "-keystore x.p12 -keypass changeit " + |
493 testOK("", "-keystore x.p12 -storepass changeit -storetype PKCS12 -changealias -alias p3 -destalias p33"); |
630 "-storetype PKCS12 -genkeypair -alias p3 -dname CN=olala"); |
494 testOK("", "-keystore x.p12 -storepass changeit -storetype PKCS12 -keyclone -alias p33 -destalias p3"); |
631 assertTrue(err.indexOf("Warning") == -1, |
|
632 "PKCS12 silent when keypass == storepass"); |
|
633 // otherwise, print a warning |
|
634 testOK("changeit\n", "-keystore x.p12 -keypass another" + |
|
635 " -storetype PKCS12 -genkeypair -alias p2 -dname CN=olala"); |
|
636 assertTrue(err.indexOf("Warning") != -1, |
|
637 "PKCS12 warning when keypass != storepass"); |
|
638 // no -keypasswd for PKCS12 |
|
639 testFail("", "-keystore x.p12 -storepass changeit -storetype PKCS12" + |
|
640 " -keypasswd -new changeit -alias p3"); |
|
641 testOK("", "-keystore x.p12 -storepass changeit -storetype PKCS12 " + |
|
642 "-changealias -alias p3 -destalias p33"); |
|
643 testOK("", "-keystore x.p12 -storepass changeit -storetype PKCS12 " + |
|
644 "-keyclone -alias p33 -destalias p3"); |
495 |
645 |
496 // pkcs12 |
646 // pkcs12 |
497 remove("x.p12"); |
647 remove("x.p12"); |
498 testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit -genkeypair -alias p0 -dname CN=olala"); // PKCS12 only need storepass |
648 // PKCS12 only need storepass |
499 testOK("", "-storepass changeit -keystore x.p12 -storetype PKCS12 -genkeypair -alias p1 -dname CN=olala"); |
649 testOK("", "-keystore x.p12 -storetype PKCS12 -storepass changeit " + |
500 testOK("", "-storepass changeit -keystore x.p12 -keypass changeit -storetype PKCS12 -genkeypair -alias p3 -dname CN=olala"); // when specify keypass, make sure keypass==storepass... |
650 "-genkeypair -alias p0 -dname CN=olala"); |
501 assertTrue(err.indexOf("Warning") == -1, "PKCS12 silent when keypass == storepass"); |
651 testOK("", "-storepass changeit -keystore x.p12 -storetype PKCS12 " + |
502 testOK("", "-storepass changeit -keystore x.p12 -keypass another -storetype PKCS12 -genkeypair -alias p2 -dname CN=olala"); // otherwise, print a warning |
652 "-genkeypair -alias p1 -dname CN=olala"); |
503 assertTrue(err.indexOf("Warning") != -1, "PKCS12 warning when keypass != storepass"); |
653 // when specify keypass, make sure keypass==storepass... |
|
654 testOK("", "-storepass changeit -keystore x.p12 -keypass changeit " + |
|
655 "-storetype PKCS12 -genkeypair -alias p3 -dname CN=olala"); |
|
656 assertTrue(err.indexOf("Warning") == -1, |
|
657 "PKCS12 silent when keypass == storepass"); |
|
658 // otherwise, print a warning |
|
659 testOK("", "-storepass changeit -keystore x.p12 -keypass another " + |
|
660 "-storetype PKCS12 -genkeypair -alias p2 -dname CN=olala"); |
|
661 assertTrue(err.indexOf("Warning") != -1, |
|
662 "PKCS12 warning when keypass != storepass"); |
504 |
663 |
505 remove("x.jks"); |
664 remove("x.jks"); |
506 remove("x.jceks"); |
665 remove("x.jceks"); |
507 remove("x.p12"); |
666 remove("x.p12"); |
508 remove("x2.jceks"); |
667 remove("x2.jceks"); |
510 remove("x.jks.p1.cert"); |
669 remove("x.jks.p1.cert"); |
511 } |
670 } |
512 |
671 |
513 void testPKCS11() throws Exception { |
672 void testPKCS11() throws Exception { |
514 KeyStore ks; |
673 KeyStore ks; |
515 // pkcs11, the password maybe different and maybe PKCS11 is not supported |
674 // pkcs11, the password maybe different and maybe PKCS11 not supported |
516 |
675 |
517 // in case last test is not executed successfully |
676 // in case last test is not executed successfully |
518 testAnyway("", p11Arg + "-storepass test12 -delete -alias p1"); |
677 testAnyway("", p11Arg + "-storepass test12 -delete -alias p1"); |
519 testAnyway("", p11Arg + "-storepass test12 -delete -alias p2"); |
678 testAnyway("", p11Arg + "-storepass test12 -delete -alias p2"); |
520 testAnyway("", p11Arg + "-storepass test12 -delete -alias p3"); |
679 testAnyway("", p11Arg + "-storepass test12 -delete -alias p3"); |
521 testAnyway("", p11Arg + "-storepass test12 -delete -alias nss"); |
680 testAnyway("", p11Arg + "-storepass test12 -delete -alias nss"); |
522 |
681 |
523 testOK("", p11Arg + "-storepass test12 -list"); |
682 testOK("", p11Arg + "-storepass test12 -list"); |
524 assertTrue(out.indexOf("Your keystore contains 0 entries") != -1, "*** MAKE SURE YOU HAVE NO ENTRIES IN YOUR PKCS11 KEYSTORE BEFORE THIS TEST ***"); |
683 assertTrue(out.indexOf("Your keystore contains 0 entries") != -1, |
525 |
684 "*** MAKE SURE YOU HAVE NO ENTRIES IN YOUR PKCS11 KEYSTORE " + |
526 testOK("", p11Arg + "-storepass test12 -genkeypair -alias p1 -dname CN=olala"); |
685 "BEFORE THIS TEST ***"); |
|
686 |
|
687 testOK("", p11Arg + |
|
688 "-storepass test12 -genkeypair -alias p1 -dname CN=olala"); |
527 testOK("test12\n", p11Arg + "-genkeypair -alias p2 -dname CN=olala2"); |
689 testOK("test12\n", p11Arg + "-genkeypair -alias p2 -dname CN=olala2"); |
528 testFail("test12\n", p11Arg + "-keypass test12 -genkeypair -alias p3 -dname CN=olala3"); // cannot provide keypass for PKCS11 |
690 // cannot provide keypass for PKCS11 |
529 testFail("test12\n", p11Arg + "-keypass nonsense -genkeypair -alias p3 -dname CN=olala3"); // cannot provide keypass for PKCS11 |
691 testFail("test12\n", p11Arg + |
|
692 "-keypass test12 -genkeypair -alias p3 -dname CN=olala3"); |
|
693 // cannot provide keypass for PKCS11 |
|
694 testFail("test12\n", p11Arg + |
|
695 "-keypass nonsense -genkeypair -alias p3 -dname CN=olala3"); |
530 |
696 |
531 testOK("", p11Arg + "-storepass test12 -list"); |
697 testOK("", p11Arg + "-storepass test12 -list"); |
532 assertTrue(out.indexOf("Your keystore contains 2 entries") != -1, "2 entries in p11"); |
698 assertTrue(out.indexOf("Your keystore contains 2 entries") != -1, |
|
699 "2 entries in p11"); |
533 |
700 |
534 testOK("test12\n", p11Arg + "-alias p1 -changealias -destalias p3"); |
701 testOK("test12\n", p11Arg + "-alias p1 -changealias -destalias p3"); |
535 testOK("", p11Arg + "-storepass test12 -list -alias p3"); |
702 testOK("", p11Arg + "-storepass test12 -list -alias p3"); |
536 testFail("", p11Arg + "-storepass test12 -list -alias p1"); |
703 testFail("", p11Arg + "-storepass test12 -list -alias p1"); |
537 |
704 |
538 testOK("test12\n", p11Arg + "-alias p3 -keyclone -destalias p1"); |
705 testOK("test12\n", p11Arg + "-alias p3 -keyclone -destalias p1"); |
539 testFail("", p11Arg + "-storepass test12 -list -alias p3"); // in PKCS11, keyclone will delete old |
706 // in PKCS11, keyclone will delete old |
|
707 testFail("", p11Arg + "-storepass test12 -list -alias p3"); |
540 testOK("", p11Arg + "-storepass test12 -list -alias p1"); |
708 testOK("", p11Arg + "-storepass test12 -list -alias p1"); |
541 |
709 |
542 testFail("test12\n", p11Arg + "-alias p1 -keypasswd -new another"); // cannot change password for PKCS11 |
710 // cannot change password for PKCS11 |
|
711 testFail("test12\n", p11Arg + "-alias p1 -keypasswd -new another"); |
543 |
712 |
544 testOK("", p11Arg + "-storepass test12 -list"); |
713 testOK("", p11Arg + "-storepass test12 -list"); |
545 assertTrue(out.indexOf("Your keystore contains 2 entries") != -1, "2 entries in p11"); |
714 assertTrue(out.indexOf("Your keystore contains 2 entries") != -1, |
|
715 "2 entries in p11"); |
546 |
716 |
547 testOK("", p11Arg + "-storepass test12 -delete -alias p1"); |
717 testOK("", p11Arg + "-storepass test12 -delete -alias p1"); |
548 testOK("", p11Arg + "-storepass test12 -delete -alias p2"); |
718 testOK("", p11Arg + "-storepass test12 -delete -alias p2"); |
549 |
719 |
550 testOK("", p11Arg + "-storepass test12 -list"); |
720 testOK("", p11Arg + "-storepass test12 -list"); |
551 assertTrue(out.indexOf("Your keystore contains 0 entries") != -1, "*** MAKE SURE YOU HAVE NO ENTRIES IN YOUR PKCS11 KEYSTORE BEFORE THIS TEST ***"); |
721 assertTrue(out.indexOf("Your keystore contains 0 entries") != -1, |
|
722 "*** MAKE SURE YOU HAVE NO ENTRIES IN YOUR PKCS11 KEYSTORE" + |
|
723 " BEFORE THIS TEST ***"); |
552 } |
724 } |
553 |
725 |
554 void testPKCS11ImportKeyStore() throws Exception { |
726 void testPKCS11ImportKeyStore() throws Exception { |
555 |
727 |
556 KeyStore ks; |
728 KeyStore ks; |
557 testOK("", p11Arg + "-storepass test12 -genkeypair -alias p1 -dname CN=olala"); |
729 testOK("", p11Arg + |
|
730 "-storepass test12 -genkeypair -alias p1 -dname CN=olala"); |
558 testOK("test12\n", p11Arg + "-genkeypair -alias p2 -dname CN=olala2"); |
731 testOK("test12\n", p11Arg + "-genkeypair -alias p2 -dname CN=olala2"); |
559 // test importkeystore for pkcs11 |
732 // test importkeystore for pkcs11 |
560 |
733 |
561 remove("x.jks"); |
734 remove("x.jks"); |
562 // pkcs11 -> jks |
735 // pkcs11 -> jks |
563 testOK("changeit\nchangeit\ntest12\n", srcP11Arg + "-importkeystore -destkeystore x.jks -deststoretype JKS -srcalias p1"); |
736 testOK("changeit\nchangeit\ntest12\n", srcP11Arg + |
564 assertTrue(err.indexOf("not imported") != -1, "cannot import key without destkeypass"); |
737 ("-importkeystore -destkeystore x.jks -deststoretype JKS " + |
|
738 "-srcalias p1")); |
|
739 assertTrue(err.indexOf("not imported") != -1, |
|
740 "cannot import key without destkeypass"); |
565 ks = loadStore("x.jks", "changeit", "JKS"); |
741 ks = loadStore("x.jks", "changeit", "JKS"); |
566 assertTrue(!ks.containsAlias("p1"), "p1 is not imported"); |
742 assertTrue(!ks.containsAlias("p1"), "p1 is not imported"); |
567 |
743 |
568 testOK("changeit\ntest12\n", srcP11Arg + "-importkeystore -destkeystore x.jks -deststoretype JKS -srcalias p1 -destkeypass changeit"); |
744 testOK("changeit\ntest12\n", srcP11Arg + |
569 testOK("changeit\ntest12\n", srcP11Arg + "-importkeystore -destkeystore x.jks -deststoretype JKS -srcalias p2 -destkeypass changeit"); |
745 ("-importkeystore -destkeystore x.jks -deststoretype JKS " + |
|
746 "-srcalias p1 -destkeypass changeit")); |
|
747 testOK("changeit\ntest12\n", srcP11Arg + |
|
748 ("-importkeystore -destkeystore x.jks -deststoretype JKS " + |
|
749 "-srcalias p2 -destkeypass changeit")); |
570 ks = loadStore("x.jks", "changeit", "JKS"); |
750 ks = loadStore("x.jks", "changeit", "JKS"); |
571 assertTrue(ks.containsAlias("p1"), "p1 is imported"); |
751 assertTrue(ks.containsAlias("p1"), "p1 is imported"); |
572 assertTrue(ks.containsAlias("p2"), "p2 is imported"); |
752 assertTrue(ks.containsAlias("p2"), "p2 is imported"); |
573 // jks -> pkcs11 |
753 // jks -> pkcs11 |
574 testOK("", p11Arg + "-storepass test12 -delete -alias p1"); |
754 testOK("", p11Arg + "-storepass test12 -delete -alias p1"); |
575 testOK("", p11Arg + "-storepass test12 -delete -alias p2"); |
755 testOK("", p11Arg + "-storepass test12 -delete -alias p2"); |
576 testOK("test12\nchangeit\n", p11Arg + "-importkeystore -srckeystore x.jks -srcstoretype JKS"); |
756 testOK("test12\nchangeit\n", p11Arg + |
|
757 "-importkeystore -srckeystore x.jks -srcstoretype JKS"); |
577 testOK("", p11Arg + "-storepass test12 -list -alias p1"); |
758 testOK("", p11Arg + "-storepass test12 -list -alias p1"); |
578 testOK("", p11Arg + "-storepass test12 -list -alias p2"); |
759 testOK("", p11Arg + "-storepass test12 -list -alias p2"); |
579 testOK("", p11Arg + "-storepass test12 -list"); |
760 testOK("", p11Arg + "-storepass test12 -list"); |
580 assertTrue(out.indexOf("Your keystore contains 2 entries") != -1, "2 entries in p11"); |
761 assertTrue(out.indexOf("Your keystore contains 2 entries") != -1, |
|
762 "2 entries in p11"); |
581 // clean up |
763 // clean up |
582 testOK("", p11Arg + "-storepass test12 -delete -alias p1"); |
764 testOK("", p11Arg + "-storepass test12 -delete -alias p1"); |
583 testOK("", p11Arg + "-storepass test12 -delete -alias p2"); |
765 testOK("", p11Arg + "-storepass test12 -delete -alias p2"); |
584 testOK("", p11Arg + "-storepass test12 -list"); |
766 testOK("", p11Arg + "-storepass test12 -list"); |
585 assertTrue(out.indexOf("Your keystore contains 0 entries") != -1, "empty p11"); |
767 assertTrue(out.indexOf("Your keystore contains 0 entries") != -1, |
586 |
768 "empty p11"); |
587 remove("x.jks"); |
769 |
588 } |
770 remove("x.jks"); |
589 |
771 } |
590 // The sqeTest reflects the test suggested by judy.gao and bill.situ at |
772 |
591 // /net/sqesvr-nfs/global/nfs/sec/ws_6.0_int/security/src/SecurityTools/Keytool |
773 // Selected sqeTest |
592 // |
|
593 void sqeTest() throws Exception { |
774 void sqeTest() throws Exception { |
594 FileOutputStream fos = new FileOutputStream("badkeystore"); |
775 FileOutputStream fos = new FileOutputStream("badkeystore"); |
595 for (int i=0; i<100; i++) { |
776 for (int i=0; i<100; i++) { |
596 fos.write(i); |
777 fos.write(i); |
597 } |
778 } |
614 |
795 |
615 // Import: cacert, prompt, trusted, non-trusted, bad chain, not match |
796 // Import: cacert, prompt, trusted, non-trusted, bad chain, not match |
616 void sqeImportTest() throws Exception { |
797 void sqeImportTest() throws Exception { |
617 KeyStore ks; |
798 KeyStore ks; |
618 remove("x.jks"); |
799 remove("x.jks"); |
619 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
800 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
620 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert"); |
801 "-keypass changeit -genkeypair -dname CN=olala"); |
621 /* deleted */ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
802 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
622 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
803 "-exportcert -file x.jks.p1.cert"); |
623 /* deleted */ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
804 /* deleted */ testOK("", "-keystore x.jks -storetype JKS " + |
624 testOK("yes\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert"); |
805 "-storepass changeit -delete -alias mykey"); |
|
806 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
807 "-importcert -file x.jks.p1.cert -noprompt"); |
|
808 /* deleted */ testOK("", "-keystore x.jks -storetype JKS " + |
|
809 "-storepass changeit -delete -alias mykey"); |
|
810 testOK("yes\n", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
811 "-importcert -file x.jks.p1.cert"); |
625 ks = loadStore("x.jks", "changeit", "JKS"); |
812 ks = loadStore("x.jks", "changeit", "JKS"); |
626 assertTrue(ks.containsAlias("mykey"), "imported"); |
813 assertTrue(ks.containsAlias("mykey"), "imported"); |
627 /* deleted */ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
814 /* deleted */ testOK("", "-keystore x.jks -storetype JKS " + |
628 testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert"); |
815 "-storepass changeit -delete -alias mykey"); |
|
816 testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
817 "-importcert -file x.jks.p1.cert"); |
629 ks = loadStore("x.jks", "changeit", "JKS"); |
818 ks = loadStore("x.jks", "changeit", "JKS"); |
630 assertTrue(!ks.containsAlias("mykey"), "imported"); |
819 assertTrue(!ks.containsAlias("mykey"), "imported"); |
631 testOK("no\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert"); |
820 testOK("no\n", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
821 "-importcert -file x.jks.p1.cert"); |
632 ks = loadStore("x.jks", "changeit", "JKS"); |
822 ks = loadStore("x.jks", "changeit", "JKS"); |
633 assertTrue(!ks.containsAlias("mykey"), "imported"); |
823 assertTrue(!ks.containsAlias("mykey"), "imported"); |
634 testFail("no\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file nonexist"); |
824 testFail("no\n", "-keystore x.jks -storetype JKS -storepass changeit " + |
635 testFail("no\n", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks"); |
825 "-importcert -file nonexist"); |
|
826 testFail("no\n", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
827 "-importcert -file x.jks"); |
636 remove("x.jks"); |
828 remove("x.jks"); |
637 } |
829 } |
638 // keyclone: exist. nonexist err, cert err, dest exist, misc |
830 // keyclone: exist. nonexist err, cert err, dest exist, misc |
639 void sqeKeyclonetest() throws Exception { |
831 void sqeKeyclonetest() throws Exception { |
640 remove("x.jks"); |
832 remove("x.jks"); |
641 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
833 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
642 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -new newpass -keyclone -dest p0"); // new pass |
834 "-keypass changeit -genkeypair -dname CN=olala"); |
643 testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keyclone -dest p1"); // new pass |
835 // new pass |
644 testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit -keyclone -dest p2"); |
836 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
645 testFail("\n", "-keystore x.jks -storetype JKS -storepass changeit -keyclone -dest p2"); |
837 "-keypass changeit -new newpass -keyclone -dest p0"); |
646 testFail("\n", "-keystore x.jks -storetype JKS -storepass changeit -keyclone -dest p3 -alias noexist"); |
838 // new pass |
|
839 testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
840 "-keypass changeit -keyclone -dest p1"); |
|
841 testOK("\n", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
842 "-keyclone -dest p2"); |
|
843 testFail("\n", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
844 "-keyclone -dest p2"); |
|
845 testFail("\n", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
846 "-keyclone -dest p3 -alias noexist"); |
647 // no cert |
847 // no cert |
648 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert"); |
848 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
649 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
849 "-exportcert -file x.jks.p1.cert"); |
650 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
850 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
651 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -new newpass -keyclone -dest p0"); // new pass |
851 "-delete -alias mykey"); |
|
852 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
853 "-importcert -file x.jks.p1.cert -noprompt"); |
|
854 // new pass |
|
855 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
856 "-keypass changeit -new newpass -keyclone -dest p0"); |
652 remove("x.jks"); |
857 remove("x.jks"); |
653 } |
858 } |
654 // keypasswd: exist, short, nonexist err, cert err, misc |
859 // keypasswd: exist, short, nonexist err, cert err, misc |
655 void sqeKeypasswdTest() throws Exception { |
860 void sqeKeypasswdTest() throws Exception { |
656 remove("x.jks"); |
861 remove("x.jks"); |
657 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
862 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
658 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keypasswd -new newpass"); |
863 "-keypass changeit -genkeypair -dname CN=olala"); |
659 /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit"); |
864 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
660 testOK("newpass\nnewpass\n", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keypasswd"); |
865 "-keypass changeit -keypasswd -new newpass"); |
661 /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit"); |
866 /*change back*/ testOK("", "-keystore x.jks -storetype JKS " + |
662 testOK("new\nnew\nnewpass\nnewpass\n", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keypasswd"); |
867 "-storepass changeit -keypass newpass -keypasswd -new changeit"); |
663 /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit"); |
868 testOK("newpass\nnewpass\n", "-keystore x.jks -storetype JKS " + |
664 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypasswd -new newpass"); |
869 "-storepass changeit -keypass changeit -keypasswd"); |
665 /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit"); |
870 /*change back*/ testOK("", "-keystore x.jks -storetype JKS " + |
666 testOK("changeit\n", "-keystore x.jks -storetype JKS -keypasswd -new newpass"); |
871 "-storepass changeit -keypass newpass -keypasswd -new changeit"); |
667 /*change back*/ testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass newpass -keypasswd -new changeit"); |
872 testOK("new\nnew\nnewpass\nnewpass\n", "-keystore x.jks " + |
668 testFail("", "-keystore x.jks -storetype JKS -storepass badpass -keypass changeit -keypasswd -new newpass"); |
873 "-storetype JKS -storepass changeit -keypass changeit -keypasswd"); |
669 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass bad -keypasswd -new newpass"); |
874 /*change back*/ testOK("", "-keystore x.jks -storetype JKS " + |
|
875 "-storepass changeit -keypass newpass -keypasswd -new changeit"); |
|
876 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
877 "-keypasswd -new newpass"); |
|
878 /*change back*/ testOK("", "-keystore x.jks -storetype JKS " + |
|
879 "-storepass changeit -keypass newpass -keypasswd -new changeit"); |
|
880 testOK("changeit\n", "-keystore x.jks -storetype JKS " + |
|
881 "-keypasswd -new newpass"); |
|
882 /*change back*/ testOK("", "-keystore x.jks -storetype JKS " + |
|
883 "-storepass changeit -keypass newpass -keypasswd -new changeit"); |
|
884 testFail("", "-keystore x.jks -storetype JKS -storepass badpass " + |
|
885 "-keypass changeit -keypasswd -new newpass"); |
|
886 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
887 "-keypass bad -keypasswd -new newpass"); |
670 // no cert |
888 // no cert |
671 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert"); |
889 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
672 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
890 "-exportcert -file x.jks.p1.cert"); |
673 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
891 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
674 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -keypasswd -new newpass"); |
892 "-delete -alias mykey"); |
|
893 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
894 "-importcert -file x.jks.p1.cert -noprompt"); |
|
895 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
896 "-keypass changeit -keypasswd -new newpass"); |
675 // diff pass |
897 // diff pass |
676 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
898 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
677 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass keypass -genkeypair -dname CN=olala"); |
899 "-delete -alias mykey"); |
678 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypasswd -new newpass"); |
900 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
679 testOK("keypass\n", "-keystore x.jks -storetype JKS -storepass changeit -keypasswd -new newpass"); |
901 "-keypass keypass -genkeypair -dname CN=olala"); |
|
902 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
903 "-keypasswd -new newpass"); |
|
904 testOK("keypass\n", "-keystore x.jks -storetype JKS " + |
|
905 "-storepass changeit -keypasswd -new newpass"); |
680 // i hate those misc test |
906 // i hate those misc test |
681 remove("x.jks"); |
907 remove("x.jks"); |
682 } |
908 } |
683 // list: -f -alias, exist, nonexist err; otherwise, check all shows, -rfc shows more, and misc |
909 // list: -f -alias, exist, nonexist err; |
|
910 // otherwise, check all shows, -rfc shows more, and misc |
684 void sqeListTest() throws Exception { |
911 void sqeListTest() throws Exception { |
685 remove("x.jks"); |
912 remove("x.jks"); |
686 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
913 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
914 "-keypass changeit -genkeypair -dname CN=olala"); |
687 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -list"); |
915 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -list"); |
688 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -list -alias mykey"); |
916 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
689 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -list -alias notexist"); |
917 "-list -alias mykey"); |
690 testFail("", "-keystore x.jks -storetype JKS -storepass badpass -list -alias mykey"); |
918 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
691 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass badpass -list -alias mykey"); // keypass ignore |
919 "-list -alias notexist"); |
|
920 testFail("", "-keystore x.jks -storetype JKS -storepass badpass " + |
|
921 "-list -alias mykey"); |
|
922 // keypass ignore |
|
923 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
924 "-keypass badpass -list -alias mykey"); |
692 testOK("\n", "-keystore x.jks -storetype JKS -list"); |
925 testOK("\n", "-keystore x.jks -storetype JKS -list"); |
693 assertTrue(err.indexOf("WARNING") != -1, "no storepass"); |
926 assertTrue(err.indexOf("WARNING") != -1, "no storepass"); |
694 testOK("changeit\n", "-keystore x.jks -storetype JKS -list"); |
927 testOK("changeit\n", "-keystore x.jks -storetype JKS -list"); |
695 assertTrue(err.indexOf("WARNING") == -1, "has storepass"); |
928 assertTrue(err.indexOf("WARNING") == -1, "has storepass"); |
696 testFail("badpass\n", "-keystore x.jks -storetype JKS -list"); |
929 testFail("badpass\n", "-keystore x.jks -storetype JKS -list"); |
698 testFail("", "-keystore aa\\bb//cc -storepass changeit -list"); |
931 testFail("", "-keystore aa\\bb//cc -storepass changeit -list"); |
699 testFail("", "-keystore nonexisting -storepass changeit -list"); |
932 testFail("", "-keystore nonexisting -storepass changeit -list"); |
700 testFail("", "-keystore badkeystore -storepass changeit -list"); |
933 testFail("", "-keystore badkeystore -storepass changeit -list"); |
701 remove("x.jks"); |
934 remove("x.jks"); |
702 } |
935 } |
703 // selfcert: exist, non-exist err, cert err, sig..., dname, wrong keypass, misc |
936 // selfcert: exist, non-exist err, cert err, sig, dname, wrong keypass, misc |
704 void sqeSelfCertTest() throws Exception { |
937 void sqeSelfCertTest() throws Exception { |
705 remove("x.jks"); |
938 remove("x.jks"); |
706 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
939 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
940 "-keypass changeit -genkeypair -dname CN=olala"); |
707 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert"); |
941 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert"); |
708 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -selfcert"); |
942 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
709 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -selfcert -alias nonexisting"); // not exist |
943 "-keypass changeit -selfcert"); |
710 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -selfcert -dname CN=NewName"); |
944 // not exist |
711 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -selfcert -sigalg MD5withRSA"); // sig not compatible |
945 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
712 testFail("", "-keystore x.jks -storetype JKS -storepass wrong -keypass changeit -selfcert"); // bad pass |
946 "-keypass changeit -selfcert -alias nonexisting"); |
713 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass wrong -selfcert"); // bad pass |
947 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
948 "-keypass changeit -selfcert -dname CN=NewName"); |
|
949 // sig not compatible |
|
950 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
951 "-keypass changeit -selfcert -sigalg MD5withRSA"); |
|
952 // bad pass |
|
953 testFail("", "-keystore x.jks -storetype JKS -storepass wrong " + |
|
954 "-keypass changeit -selfcert"); |
|
955 // bad pass |
|
956 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
957 "-keypass wrong -selfcert"); |
714 //misc |
958 //misc |
715 testFail("", "-keystore nonexist -storepass changeit -keypass changeit -selfcert"); |
959 testFail("", "-keystore nonexist -storepass changeit " + |
716 testFail("", "-keystore aa//dd\\gg -storepass changeit -keypass changeit -selfcert"); |
960 "-keypass changeit -selfcert"); |
|
961 testFail("", "-keystore aa//dd\\gg -storepass changeit " + |
|
962 "-keypass changeit -selfcert"); |
717 // diff pass |
963 // diff pass |
718 remove("x.jks"); |
964 remove("x.jks"); |
719 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass keypass -genkeypair -dname CN=olala"); |
965 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
720 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert"); |
966 "-keypass keypass -genkeypair -dname CN=olala"); |
721 testOK("keypass\n", "-keystore x.jks -storetype JKS -storepass changeit -selfcert"); |
967 testFail("", "-keystore x.jks -storetype JKS " + |
722 |
968 "-storepass changeit -selfcert"); |
723 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert"); |
969 testOK("keypass\n", "-keystore x.jks -storetype JKS " + |
724 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
970 "-storepass changeit -selfcert"); |
725 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
971 |
726 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -selfcert"); // certentry cannot do selfcert |
972 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
973 "-exportcert -file x.jks.p1.cert"); |
|
974 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
975 "-delete -alias mykey"); |
|
976 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
977 "-importcert -file x.jks.p1.cert -noprompt"); |
|
978 // certentry cannot do selfcert |
|
979 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
980 "-selfcert"); |
727 remove("x.jks"); |
981 remove("x.jks"); |
728 } |
982 } |
729 // storepass: bad old, short new, misc |
983 // storepass: bad old, short new, misc |
730 void sqeStorepassTest() throws Exception { |
984 void sqeStorepassTest() throws Exception { |
731 remove("x.jks"); |
985 remove("x.jks"); |
732 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
986 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
733 testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass changeit -new newstore"); // all in arg |
987 "-keypass changeit -genkeypair -dname CN=olala"); |
734 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit"); |
988 // all in arg |
735 testOK("changeit\nnewstore\nnewstore\n", "-storepasswd -keystore x.jks -storetype JKS"); // all not in arg, new twice |
989 testOK("", "-storepasswd -keystore x.jks -storetype JKS " + |
736 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit"); |
990 "-storepass changeit -new newstore"); |
737 testOK("changeit\n", "-storepasswd -keystore x.jks -storetype JKS -new newstore"); // new in arg |
991 /* Change back */ testOK("", "-storepasswd -keystore x.jks" + |
738 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit"); |
992 " -storetype JKS -storepass newstore -new changeit"); |
739 testOK("newstore\nnewstore\n", "-storepasswd -keystore x.jks -storetype JKS -storepass changeit"); // old in arg |
993 // all not in arg, new twice |
740 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit"); |
994 testOK("changeit\nnewstore\nnewstore\n", "-storepasswd " + |
741 testOK("new\nnew\nnewstore\nnewstore\n", "-storepasswd -keystore x.jks -storetype JKS -storepass changeit"); // old in arg |
995 "-keystore x.jks -storetype JKS"); |
742 /* Change back */ testOK("", "-storepasswd -keystore x.jks -storetype JKS -storepass newstore -new changeit"); |
996 /* Change back */ testOK("", "-storepasswd -keystore x.jks " + |
743 testFail("", "-storepasswd -keystore x.jks -storetype JKS -storepass badold -new newstore"); // bad old |
997 "-storetype JKS -storepass newstore -new changeit"); |
744 testFail("", "-storepasswd -keystore x.jks -storetype JKS -storepass changeit -new new"); // short new |
998 // new in arg |
|
999 testOK("changeit\n", "-storepasswd -keystore x.jks " + |
|
1000 "-storetype JKS -new newstore"); |
|
1001 /* Change back */ testOK("", "-storepasswd -keystore x.jks " + |
|
1002 "-storetype JKS -storepass newstore -new changeit"); |
|
1003 // old in arg |
|
1004 testOK("newstore\nnewstore\n", "-storepasswd -keystore x.jks " + |
|
1005 "-storetype JKS -storepass changeit"); |
|
1006 /* Change back */ testOK("", "-storepasswd -keystore x.jks " + |
|
1007 "-storetype JKS -storepass newstore -new changeit"); |
|
1008 // old in arg |
|
1009 testOK("new\nnew\nnewstore\nnewstore\n", "-storepasswd " + |
|
1010 "-keystore x.jks -storetype JKS -storepass changeit"); |
|
1011 /* Change back */ testOK("", "-storepasswd -keystore x.jks " + |
|
1012 "-storetype JKS -storepass newstore -new changeit"); |
|
1013 // bad old |
|
1014 testFail("", "-storepasswd -keystore x.jks -storetype JKS " + |
|
1015 "-storepass badold -new newstore"); |
|
1016 // short new |
|
1017 testFail("", "-storepasswd -keystore x.jks -storetype JKS " + |
|
1018 "-storepass changeit -new new"); |
745 // misc |
1019 // misc |
746 testFail("", "-storepasswd -keystore nonexist -storepass changeit -new newstore"); // non exist |
1020 // non exist |
747 testFail("", "-storepasswd -keystore badkeystore -storepass changeit -new newstore"); // bad file |
1021 testFail("", "-storepasswd -keystore nonexist " + |
748 testFail("", "-storepasswd -keystore aa\\bb//cc//dd -storepass changeit -new newstore"); // bad file |
1022 "-storepass changeit -new newstore"); |
|
1023 // bad file |
|
1024 testFail("", "-storepasswd -keystore badkeystore " + |
|
1025 "-storepass changeit -new newstore"); |
|
1026 // bad file |
|
1027 testFail("", "-storepasswd -keystore aa\\bb//cc//dd " + |
|
1028 "-storepass changeit -new newstore"); |
749 remove("x.jks"); |
1029 remove("x.jks"); |
750 } |
1030 } |
751 |
1031 |
752 void sqeGenkeyTest() throws Exception { |
1032 void sqeGenkeyTest() throws Exception { |
753 |
1033 |
754 remove("x.jks"); |
1034 remove("x.jks"); |
755 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
1035 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
756 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
1036 "-keypass changeit -genkeypair -dname CN=olala"); |
757 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias newentry"); |
1037 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
758 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias newentry"); |
1038 "-keypass changeit -genkeypair -dname CN=olala"); |
759 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg DSA -alias n1"); |
1039 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
760 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -alias n2"); |
1040 "-keypass changeit -genkeypair -dname CN=olala -alias newentry"); |
761 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg NoSuchAlg -alias n3"); |
1041 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
762 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 56 -alias n4"); |
1042 "-keypass changeit -genkeypair -dname CN=olala -alias newentry"); |
763 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 999 -alias n5"); |
1043 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
764 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 512 -alias n6"); |
1044 "-keypass changeit -genkeypair -dname CN=olala -keyalg DSA " + |
765 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 1024 -alias n7"); |
1045 "-alias n1"); |
766 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -sigalg NoSuchAlg -alias n8"); |
1046 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
767 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg MD2withRSA -alias n9"); |
1047 "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + |
768 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg MD5withRSA -alias n10"); |
1048 "-alias n2"); |
769 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg SHA1withRSA -alias n11"); |
1049 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
770 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA -sigalg NoSuchAlg -alias n12"); |
1050 "-keypass changeit -genkeypair -dname CN=olala " + |
771 testFail("", "-keystore badkeystore -storepass changeit -keypass changeit -genkeypair -dname CN=olala -alias n14"); |
1051 "-keyalg NoSuchAlg -alias n3"); |
772 testFail("", "-keystore x.jks -storetype JKS -storepass badpass -keypass changeit -genkeypair -dname CN=olala -alias n16"); |
1052 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
773 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CNN=olala -alias n17"); |
1053 "-keypass changeit -genkeypair -dname CN=olala -keysize 56 " + |
|
1054 "-alias n4"); |
|
1055 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1056 "-keypass changeit -genkeypair -dname CN=olala -keysize 999 " + |
|
1057 "-alias n5"); |
|
1058 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1059 "-keypass changeit -genkeypair -dname CN=olala -keysize 512 " + |
|
1060 "-alias n6"); |
|
1061 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1062 "-keypass changeit -genkeypair -dname CN=olala -keysize 1024 " + |
|
1063 "-alias n7"); |
|
1064 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1065 "-keypass changeit -genkeypair -dname CN=olala " + |
|
1066 "-sigalg NoSuchAlg -alias n8"); |
|
1067 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1068 "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + |
|
1069 "-sigalg MD2withRSA -alias n9"); |
|
1070 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1071 "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + |
|
1072 "-sigalg MD5withRSA -alias n10"); |
|
1073 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1074 "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + |
|
1075 "-sigalg SHA1withRSA -alias n11"); |
|
1076 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit " + |
|
1077 "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA " + |
|
1078 "-sigalg NoSuchAlg -alias n12"); |
|
1079 testFail("", "-keystore badkeystore -storepass changeit " + |
|
1080 "-keypass changeit -genkeypair -dname CN=olala " + |
|
1081 "-alias n14"); |
|
1082 testFail("", "-keystore x.jks -storetype JKS -storepass badpass " + |
|
1083 "-keypass changeit -genkeypair -dname CN=olala -alias n16"); |
|
1084 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1085 "-keypass changeit -genkeypair -dname CNN=olala -alias n17"); |
774 remove("x.jks"); |
1086 remove("x.jks"); |
775 } |
1087 } |
776 |
1088 |
777 void sqeExportTest() throws Exception { |
1089 void sqeExportTest() throws Exception { |
778 remove("x.jks"); |
1090 remove("x.jks"); |
779 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -export -file mykey.cert -alias mykey"); // nonexist |
1091 // nonexist |
780 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
1092 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
781 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -export -file mykey.cert -alias mykey"); |
1093 "-export -file mykey.cert -alias mykey"); |
782 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
1094 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
783 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -import -file mykey.cert -noprompt -alias c1"); |
1095 "-keypass changeit -genkeypair -dname CN=olala"); |
784 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -export -file mykey.cert2 -alias c1"); |
1096 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
785 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit -export -file mykey.cert2 -alias c1"); |
1097 "-export -file mykey.cert -alias mykey"); |
786 testFail("", "-keystore nonexistkeystore -storepass changeit -export -file mykey.cert2 -alias c1"); |
1098 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
787 testFail("", "-keystore badkeystore -storepass changeit -export -file mykey.cert2 -alias c1"); |
1099 "-delete -alias mykey"); |
788 testFail("", "-keystore x.jks -storetype JKS -storepass badpass -export -file mykey.cert2 -alias c1"); |
1100 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1101 "-import -file mykey.cert -noprompt -alias c1"); |
|
1102 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1103 "-export -file mykey.cert2 -alias c1"); |
|
1104 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit " + |
|
1105 "-export -file mykey.cert2 -alias c1"); |
|
1106 testFail("", "-keystore nonexistkeystore -storepass changeit " + |
|
1107 "-export -file mykey.cert2 -alias c1"); |
|
1108 testFail("", "-keystore badkeystore -storepass changeit " + |
|
1109 "-export -file mykey.cert2 -alias c1"); |
|
1110 testFail("", "-keystore x.jks -storetype JKS -storepass badpass " + |
|
1111 "-export -file mykey.cert2 -alias c1"); |
789 remove("mykey.cert"); |
1112 remove("mykey.cert"); |
790 remove("mykey.cert2"); |
1113 remove("mykey.cert2"); |
791 remove("x.jks"); |
1114 remove("x.jks"); |
792 } |
1115 } |
793 |
1116 |
794 void sqeDeleteTest() throws Exception { |
1117 void sqeDeleteTest() throws Exception { |
795 remove("x.jks"); |
1118 remove("x.jks"); |
796 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); // nonexist |
1119 // nonexist |
797 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
1120 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
798 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
1121 "-delete -alias mykey"); |
799 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
1122 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
800 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit -delete -alias mykey"); // keystore name illegal |
1123 "-keypass changeit -genkeypair -dname CN=olala"); |
801 testFail("", "-keystore nonexistkeystore -storepass changeit -delete -alias mykey"); // keystore not exist |
1124 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
802 testFail("", "-keystore badkeystore -storepass changeit -delete -alias mykey"); // keystore invalid |
1125 "-delete -alias mykey"); |
803 testFail("", "-keystore x.jks -storetype JKS -storepass xxxxxxxx -delete -alias mykey"); // wrong pass |
1126 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1127 "-keypass changeit -genkeypair -dname CN=olala"); |
|
1128 // keystore name illegal |
|
1129 testFail("", "-keystore aa\\bb//cc\\dd -storepass changeit " + |
|
1130 "-delete -alias mykey"); |
|
1131 // keystore not exist |
|
1132 testFail("", "-keystore nonexistkeystore -storepass changeit " + |
|
1133 "-delete -alias mykey"); |
|
1134 // keystore invalid |
|
1135 testFail("", "-keystore badkeystore -storepass changeit " + |
|
1136 "-delete -alias mykey"); |
|
1137 // wrong pass |
|
1138 testFail("", "-keystore x.jks -storetype JKS -storepass xxxxxxxx " + |
|
1139 "-delete -alias mykey"); |
804 remove("x.jks"); |
1140 remove("x.jks"); |
805 } |
1141 } |
806 |
1142 |
807 void sqeCsrTest() throws Exception { |
1143 void sqeCsrTest() throws Exception { |
808 remove("x.jks"); |
1144 remove("x.jks"); |
809 remove("x.jks.p1.cert"); |
1145 remove("x.jks.p1.cert"); |
810 remove("csr1"); |
1146 remove("csr1"); |
811 // PrivateKeyEntry can do certreq |
1147 // PrivateKeyEntry can do certreq |
812 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keysize 1024"); |
1148 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
813 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -alias mykey"); |
1149 "-keypass changeit -genkeypair -dname CN=olala -keysize 1024"); |
814 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1"); |
1150 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
815 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -sigalg SHA1withDSA"); |
1151 "-certreq -file csr1 -alias mykey"); |
816 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -sigalg MD5withRSA"); // unmatched sigalg |
1152 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1153 "-certreq -file csr1"); |
|
1154 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1155 "-certreq -file csr1 -sigalg SHA1withDSA"); |
|
1156 // unmatched sigalg |
|
1157 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1158 "-certreq -file csr1 -sigalg MD5withRSA"); |
817 // misc test |
1159 // misc test |
818 testFail("", "-keystore x.jks -storetype JKS -storepass badstorepass -certreq -file csr1"); // bad storepass |
1160 // bad storepass |
819 testOK("changeit\n", "-keystore x.jks -storetype JKS -certreq -file csr1"); // storepass from terminal |
1161 testFail("", "-keystore x.jks -storetype JKS -storepass badstorepass " + |
820 testFail("\n", "-keystore x.jks -storetype JKS -certreq -file csr1"); // must provide storepass |
1162 "-certreq -file csr1"); |
821 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -keypass badkeypass -certreq -file csr1"); // bad keypass |
1163 // storepass from terminal |
822 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file aa\\bb//cc\\dd"); // bad filepath |
1164 testOK("changeit\n", "-keystore x.jks -storetype JKS " + |
823 testFail("", "-keystore noexistks -storepass changeit -certreq -file csr1"); // non-existing keystore |
1165 "-certreq -file csr1"); |
|
1166 // must provide storepass |
|
1167 testFail("\n", "-keystore x.jks -storetype JKS " + |
|
1168 "-certreq -file csr1"); |
|
1169 // bad keypass |
|
1170 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1171 "-keypass badkeypass -certreq -file csr1"); |
|
1172 // bad filepath |
|
1173 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1174 "-certreq -file aa\\bb//cc\\dd"); |
|
1175 // non-existing keystore |
|
1176 testFail("", "-keystore noexistks -storepass changeit " + |
|
1177 "-certreq -file csr1"); |
824 // Try the RSA private key |
1178 // Try the RSA private key |
825 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
1179 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
826 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala -keyalg RSA"); |
1180 "-delete -alias mykey"); |
827 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -alias mykey"); |
1181 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
828 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1"); |
1182 "-keypass changeit -genkeypair -dname CN=olala -keyalg RSA"); |
829 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -sigalg SHA1withDSA"); // unmatched sigalg |
1183 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
830 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -sigalg MD5withRSA"); |
1184 "-certreq -file csr1 -alias mykey"); |
|
1185 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1186 "-certreq -file csr1"); |
|
1187 // unmatched sigalg |
|
1188 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1189 "-certreq -file csr1 -sigalg SHA1withDSA"); |
|
1190 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1191 "-certreq -file csr1 -sigalg MD5withRSA"); |
831 // TrustedCertificateEntry cannot do certreq |
1192 // TrustedCertificateEntry cannot do certreq |
832 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -exportcert -file x.jks.p1.cert"); |
1193 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
833 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -delete -alias mykey"); |
1194 "-exportcert -file x.jks.p1.cert"); |
834 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -importcert -file x.jks.p1.cert -noprompt"); |
1195 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
835 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1 -alias mykey"); |
1196 "-delete -alias mykey"); |
836 testFail("", "-keystore x.jks -storetype JKS -storepass changeit -certreq -file csr1"); |
1197 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1198 "-importcert -file x.jks.p1.cert -noprompt"); |
|
1199 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1200 "-certreq -file csr1 -alias mykey"); |
|
1201 testFail("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1202 "-certreq -file csr1"); |
837 remove("x.jks"); |
1203 remove("x.jks"); |
838 remove("x.jks.p1.cert"); |
1204 remove("x.jks.p1.cert"); |
839 remove("csr1"); |
1205 remove("csr1"); |
840 } |
1206 } |
841 |
1207 |
842 void sqePrintcertTest() throws Exception { |
1208 void sqePrintcertTest() throws Exception { |
843 remove("x.jks"); |
1209 remove("x.jks"); |
844 remove("mykey.cert"); |
1210 remove("mykey.cert"); |
845 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -keypass changeit -genkeypair -dname CN=olala"); |
1211 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
846 testOK("", "-keystore x.jks -storetype JKS -storepass changeit -export -file mykey.cert -alias mykey"); |
1212 "-keypass changeit -genkeypair -dname CN=olala"); |
|
1213 testOK("", "-keystore x.jks -storetype JKS -storepass changeit " + |
|
1214 "-export -file mykey.cert -alias mykey"); |
847 testFail("", "-printcert -file badkeystore"); |
1215 testFail("", "-printcert -file badkeystore"); |
848 testFail("", "-printcert -file a/b/c/d"); |
1216 testFail("", "-printcert -file a/b/c/d"); |
849 testOK("", "-printcert -file mykey.cert"); |
1217 testOK("", "-printcert -file mykey.cert"); |
850 FileInputStream fin = new FileInputStream("mykey.cert"); |
1218 FileInputStream fin = new FileInputStream("mykey.cert"); |
851 testOK(fin, "-printcert"); |
1219 testOK(fin, "-printcert"); |
1057 testOK("", pre+"ian4 -ext ian=ip:192.168.0.1"); |
1453 testOK("", pre+"ian4 -ext ian=ip:192.168.0.1"); |
1058 testOK("", pre+"ian5 -ext ian=oid:1.2.3.4"); |
1454 testOK("", pre+"ian5 -ext ian=oid:1.2.3.4"); |
1059 testOK("", pre+"ian235 -ext ian=uri:http://me.org,dns:me.org,oid:1.2.3.4"); |
1455 testOK("", pre+"ian235 -ext ian=uri:http://me.org,dns:me.org,oid:1.2.3.4"); |
1060 |
1456 |
1061 ks = loadStore("x.jks", "changeit", "JKS"); |
1457 ks = loadStore("x.jks", "changeit", "JKS"); |
1062 assertTrue(((X509CertImpl)ks.getCertificate("ian1")).getIssuerAlternativeNameExtension().isCritical()); |
1458 assertTrue(((X509CertImpl)ks.getCertificate("ian1")) |
1063 assertTrue(!((X509CertImpl)ks.getCertificate("ian2")).getIssuerAlternativeNameExtension().isCritical()); |
1459 .getIssuerAlternativeNameExtension().isCritical()); |
|
1460 assertTrue(!((X509CertImpl)ks.getCertificate("ian2")) |
|
1461 .getIssuerAlternativeNameExtension().isCritical()); |
1064 csan.check(ks, "ian1", 1, 1, "me@me.org"); |
1462 csan.check(ks, "ian1", 1, 1, "me@me.org"); |
1065 csan.check(ks, "ian2", 1, 6, "http://me.org"); |
1463 csan.check(ks, "ian2", 1, 6, "http://me.org"); |
1066 csan.check(ks, "ian3", 1, 2, "me.org"); |
1464 csan.check(ks, "ian3", 1, 2, "me.org"); |
1067 csan.check(ks, "ian4", 1, 7, "192.168.0.1"); |
1465 csan.check(ks, "ian4", 1, 7, "192.168.0.1"); |
1068 csan.check(ks, "ian5", 1, 8, "1.2.3.4"); |
1466 csan.check(ks, "ian5", 1, 8, "1.2.3.4"); |
1069 csan.check(ks, "ian235", 1, 2, "me.org", 6, "http://me.org", 8, "1.2.3.4"); |
1467 csan.check(ks, "ian235", 1, 2, "me.org", 6, "http://me.org", 8, "1.2.3.4"); |
1070 |
1468 |
1071 // SIA |
1469 // SIA |
1072 testOK("", pre+"sia1 -ext sia=care:uri:ldap://ca.com/cn=CA"); |
1470 testOK("", pre+"sia1 -ext sia=care:uri:ldap://ca.com/cn=CA"); |
1073 testOK("", pre+"sia2 -ext sia=ts:email:ts@ca.com"); |
1471 testOK("", pre+"sia2 -ext sia=ts:email:ts@ca.com"); |
1074 testFail("SIA never critical", pre+"sia3 -ext sia:critical=ts:email:ts@ca.com"); |
1472 testFail("SIA never critical", pre + |
|
1473 "sia3 -ext sia:critical=ts:email:ts@ca.com"); |
1075 |
1474 |
1076 ks = loadStore("x.jks", "changeit", "JKS"); |
1475 ks = loadStore("x.jks", "changeit", "JKS"); |
1077 class CheckSia { |
1476 class CheckSia { |
1078 void check(KeyStore ks, String alias, int type, Object... items) throws Exception { |
1477 void check(KeyStore ks, String alias, int type, Object... items) |
|
1478 throws Exception { |
1079 int pos = 0; |
1479 int pos = 0; |
1080 System.err.print("x"); |
1480 System.err.print("x"); |
1081 AccessDescription[] ads = null; |
1481 AccessDescription[] ads = null; |
1082 if (type == 0) { |
1482 if (type == 0) { |
1083 SubjectInfoAccessExtension siae = (SubjectInfoAccessExtension)((X509CertImpl)ks.getCertificate(alias)).getExtension(PKIXExtensions.SubjectInfoAccess_Id); |
1483 SubjectInfoAccessExtension siae = (SubjectInfoAccessExtension) |
1084 ads = siae.getAccessDescriptions().toArray(new AccessDescription[0]); |
1484 ((X509CertImpl)ks.getCertificate(alias)) |
|
1485 .getExtension(PKIXExtensions.SubjectInfoAccess_Id); |
|
1486 ads = siae.getAccessDescriptions() |
|
1487 .toArray(new AccessDescription[0]); |
1085 } else { |
1488 } else { |
1086 AuthorityInfoAccessExtension aiae = (AuthorityInfoAccessExtension)((X509CertImpl)ks.getCertificate(alias)).getExtension(PKIXExtensions.AuthInfoAccess_Id); |
1489 AuthorityInfoAccessExtension aiae = |
1087 ads = aiae.getAccessDescriptions().toArray(new AccessDescription[0]); |
1490 (AuthorityInfoAccessExtension) |
|
1491 ((X509CertImpl)ks.getCertificate(alias)) |
|
1492 .getExtension(PKIXExtensions.AuthInfoAccess_Id); |
|
1493 ads = aiae.getAccessDescriptions() |
|
1494 .toArray(new AccessDescription[0]); |
1088 } |
1495 } |
1089 Arrays.sort(ads, new Comparator<AccessDescription>() { |
1496 Arrays.sort(ads, new Comparator<AccessDescription>() { |
1090 @Override |
1497 @Override |
1091 public int compare(AccessDescription o1, AccessDescription o2) { |
1498 public int compare(AccessDescription o1, |
1092 return o1.getAccessMethod().toString().compareTo(o2.getAccessMethod().toString()); |
1499 AccessDescription o2) { |
|
1500 return o1.getAccessMethod().toString() |
|
1501 .compareTo(o2.getAccessMethod().toString()); |
1093 } |
1502 } |
1094 }); |
1503 }); |
1095 for (AccessDescription ad: ads) { |
1504 for (AccessDescription ad: ads) { |
1096 if (!ad.getAccessMethod().equals(items[pos++]) || |
1505 if (!ad.getAccessMethod().equals(items[pos++]) || |
1097 !new Integer(ad.getAccessLocation().getType()).equals(items[pos++])) { |
1506 !new Integer(ad.getAccessLocation().getType()) |
|
1507 .equals(items[pos++])) { |
1098 throw new RuntimeException("Not same type at " + pos); |
1508 throw new RuntimeException("Not same type at " + pos); |
1099 } |
1509 } |
1100 String name = null; |
1510 String name = null; |
1101 switch (ad.getAccessLocation().getType()) { |
1511 switch (ad.getAccessLocation().getType()) { |
1102 case 1: |
1512 case 1: |
1103 name = ((RFC822Name)ad.getAccessLocation().getName()).getName(); |
1513 name = ((RFC822Name)ad.getAccessLocation() |
|
1514 .getName()).getName(); |
1104 break; |
1515 break; |
1105 case 6: |
1516 case 6: |
1106 name = ((URIName)ad.getAccessLocation().getName()).getURI().toString(); |
1517 name = ((URIName)ad.getAccessLocation() |
|
1518 .getName()).getURI().toString(); |
1107 break; |
1519 break; |
1108 default: |
1520 default: |
1109 throw new RuntimeException("Not implemented: " + ad); |
1521 throw new RuntimeException("Not implemented: " + ad); |
1110 } |
1522 } |
1111 if (!name.equals(items[pos++])) { |
1523 if (!name.equals(items[pos++])) { |
1112 throw new Exception("Name not same for " + ad + " at pos " + pos); |
1524 throw new Exception("Name not same for " + ad + |
|
1525 " at pos " + pos); |
1113 } |
1526 } |
1114 } |
1527 } |
1115 } |
1528 } |
1116 } |
1529 } |
1117 CheckSia csia = new CheckSia(); |
1530 CheckSia csia = new CheckSia(); |
1118 assertTrue(!((X509CertImpl)ks.getCertificate("sia1")).getExtension(PKIXExtensions.SubjectInfoAccess_Id).isCritical()); |
1531 assertTrue(!((X509CertImpl)ks.getCertificate("sia1")) |
1119 csia.check(ks, "sia1", 0, AccessDescription.Ad_CAREPOSITORY_Id, 6, "ldap://ca.com/cn=CA"); |
1532 .getExtension(PKIXExtensions.SubjectInfoAccess_Id).isCritical()); |
1120 csia.check(ks, "sia2", 0, AccessDescription.Ad_TIMESTAMPING_Id, 1, "ts@ca.com"); |
1533 csia.check(ks, "sia1", 0, |
|
1534 AccessDescription.Ad_CAREPOSITORY_Id, 6, "ldap://ca.com/cn=CA"); |
|
1535 csia.check(ks, "sia2", |
|
1536 0, AccessDescription.Ad_TIMESTAMPING_Id, 1, "ts@ca.com"); |
1121 |
1537 |
1122 // AIA |
1538 // AIA |
1123 testOK("", pre+"aia1 -ext aia=cai:uri:ldap://ca.com/cn=CA"); |
1539 testOK("", pre+"aia1 -ext aia=cai:uri:ldap://ca.com/cn=CA"); |
1124 testOK("", pre+"aia2 -ext aia=ocsp:email:ocsp@ca.com"); |
1540 testOK("", pre+"aia2 -ext aia=ocsp:email:ocsp@ca.com"); |
1125 testFail("AIA never critical", pre+"aia3 -ext aia:critical=ts:email:ts@ca.com"); |
1541 testFail("AIA never critical", pre + |
1126 |
1542 "aia3 -ext aia:critical=ts:email:ts@ca.com"); |
1127 ks = loadStore("x.jks", "changeit", "JKS"); |
1543 |
1128 assertTrue(!((X509CertImpl)ks.getCertificate("aia1")).getExtension(PKIXExtensions.AuthInfoAccess_Id).isCritical()); |
1544 ks = loadStore("x.jks", "changeit", "JKS"); |
1129 csia.check(ks, "aia1", 1, AccessDescription.Ad_CAISSUERS_Id, 6, "ldap://ca.com/cn=CA"); |
1545 assertTrue(!((X509CertImpl)ks.getCertificate("aia1")) |
1130 csia.check(ks, "aia2", 1, AccessDescription.Ad_OCSP_Id, 1, "ocsp@ca.com"); |
1546 .getExtension(PKIXExtensions.AuthInfoAccess_Id).isCritical()); |
|
1547 csia.check(ks, "aia1", 1, |
|
1548 AccessDescription.Ad_CAISSUERS_Id, 6, "ldap://ca.com/cn=CA"); |
|
1549 csia.check(ks, "aia2", 1, |
|
1550 AccessDescription.Ad_OCSP_Id, 1, "ocsp@ca.com"); |
1131 |
1551 |
1132 // OID |
1552 // OID |
1133 testOK("", pre+"oid1 -ext 1.2.3:critical=0102"); |
1553 testOK("", pre+"oid1 -ext 1.2.3:critical=0102"); |
1134 testOK("", pre+"oid2 -ext 1.2.3"); |
1554 testOK("", pre+"oid2 -ext 1.2.3"); |
1135 testOK("", pre+"oid12 -ext 1.2.3 -ext 1.2.4=01:02:03"); |
1555 testOK("", pre+"oid12 -ext 1.2.3 -ext 1.2.4=01:02:03"); |
1136 |
1556 |
1137 ks = loadStore("x.jks", "changeit", "JKS"); |
1557 ks = loadStore("x.jks", "changeit", "JKS"); |
1138 class CheckOid { |
1558 class CheckOid { |
1139 void check(KeyStore ks, String alias, String oid, byte[] value) throws Exception { |
1559 void check(KeyStore ks, String alias, String oid, byte[] value) |
|
1560 throws Exception { |
1140 int pos = 0; |
1561 int pos = 0; |
1141 System.err.print("x"); |
1562 System.err.print("x"); |
1142 Extension ex = ((X509CertImpl)ks.getCertificate(alias)).getExtension(new ObjectIdentifier(oid)); |
1563 Extension ex = ((X509CertImpl)ks.getCertificate(alias)) |
|
1564 .getExtension(new ObjectIdentifier(oid)); |
1143 if (!Arrays.equals(value, ex.getValue())) { |
1565 if (!Arrays.equals(value, ex.getValue())) { |
1144 throw new RuntimeException("Not same content in " + alias + " for " + oid); |
1566 throw new RuntimeException("Not same content in " + |
|
1567 alias + " for " + oid); |
1145 } |
1568 } |
1146 } |
1569 } |
1147 } |
1570 } |
1148 CheckOid coid = new CheckOid(); |
1571 CheckOid coid = new CheckOid(); |
1149 assertTrue(((X509CertImpl)ks.getCertificate("oid1")).getExtension(new ObjectIdentifier("1.2.3")).isCritical()); |
1572 assertTrue(((X509CertImpl)ks.getCertificate("oid1")) |
1150 assertTrue(!((X509CertImpl)ks.getCertificate("oid2")).getExtension(new ObjectIdentifier("1.2.3")).isCritical()); |
1573 .getExtension(new ObjectIdentifier("1.2.3")).isCritical()); |
|
1574 assertTrue(!((X509CertImpl)ks.getCertificate("oid2")) |
|
1575 .getExtension(new ObjectIdentifier("1.2.3")).isCritical()); |
1151 coid.check(ks, "oid1", "1.2.3", new byte[]{1,2}); |
1576 coid.check(ks, "oid1", "1.2.3", new byte[]{1,2}); |
1152 coid.check(ks, "oid2", "1.2.3", new byte[]{}); |
1577 coid.check(ks, "oid2", "1.2.3", new byte[]{}); |
1153 coid.check(ks, "oid12", "1.2.3", new byte[]{}); |
1578 coid.check(ks, "oid12", "1.2.3", new byte[]{}); |
1154 coid.check(ks, "oid12", "1.2.4", new byte[]{1,2,3}); |
1579 coid.check(ks, "oid12", "1.2.4", new byte[]{1,2,3}); |
1155 |
1580 |
1208 void i18nTest() throws Exception { |
1634 void i18nTest() throws Exception { |
1209 // 1. keytool -help |
1635 // 1. keytool -help |
1210 remove("x.jks"); |
1636 remove("x.jks"); |
1211 testOK("", "-help"); |
1637 testOK("", "-help"); |
1212 |
1638 |
1213 // 2. keytool -genkey -v -keysize 512 Enter "a" for the keystore password. Check error (password too short). Enter "password" for the keystore password. Hit 'return' for "first and last name", "organizational unit", "City", "State", and "Country Code". Type "yes" when they ask you if everything is correct. Type 'return' for new key password. |
1639 // 2. keytool -genkey -v -keysize 512 Enter "a" for the keystore |
1214 testOK("a\npassword\npassword\nMe\nHere\nNow\nPlace\nPlace\nUS\nyes\n\n", "-genkey -v -keysize 512 -keystore x.jks -storetype JKS"); |
1640 // password. Check error (password too short). Enter "password" for |
|
1641 // the keystore password. Hit 'return' for "first and last name", |
|
1642 // "organizational unit", "City", "State", and "Country Code". |
|
1643 // Type "yes" when they ask you if everything is correct. |
|
1644 // Type 'return' for new key password. |
|
1645 testOK("a\npassword\npassword\nMe\nHere\nNow\nPlace\nPlace\nUS\nyes\n\n", |
|
1646 "-genkey -v -keysize 512 -keystore x.jks -storetype JKS"); |
1215 // 3. keytool -list -v -storepass password |
1647 // 3. keytool -list -v -storepass password |
1216 testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS"); |
1648 testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS"); |
1217 // 4. keytool -list -v Type "a" for the keystore password. Check error (wrong keystore password). |
1649 // 4. keytool -list -v Type "a" for the keystore password. |
|
1650 // Check error (wrong keystore password). |
1218 testFail("a\n", "-list -v -keystore x.jks -storetype JKS"); |
1651 testFail("a\n", "-list -v -keystore x.jks -storetype JKS"); |
1219 assertTrue(ex.indexOf("password was incorrect") != -1); |
1652 assertTrue(ex.indexOf("password was incorrect") != -1); |
1220 // 5. keytool -genkey -v -keysize 512 Enter "password" as the password. Check error (alias 'mykey' already exists). |
1653 // 5. keytool -genkey -v -keysize 512 Enter "password" as the password. |
1221 testFail("password\n", "-genkey -v -keysize 512 -keystore x.jks -storetype JKS"); |
1654 // Check error (alias 'mykey' already exists). |
|
1655 testFail("password\n", "-genkey -v -keysize 512" + |
|
1656 " -keystore x.jks -storetype JKS"); |
1222 assertTrue(ex.indexOf("alias <mykey> already exists") != -1); |
1657 assertTrue(ex.indexOf("alias <mykey> already exists") != -1); |
1223 // 6. keytool -genkey -v -keysize 512 -alias mykey2 -storepass password Hit 'return' for "first and last name", "organizational unit", "City", "State", and "Country Code". Type "yes" when they ask you if everything is correct. Type 'return' for new key password. |
1658 // 6. keytool -genkey -v -keysize 512 -alias mykey2 -storepass password |
1224 testOK("\n\n\n\n\n\nyes\n\n", "-genkey -v -keysize 512 -alias mykey2 -storepass password -keystore x.jks -storetype JKS"); |
1659 // Hit 'return' for "first and last name", "organizational unit", "City", |
|
1660 // "State", and "Country Code". Type "yes" when they ask you if |
|
1661 // everything is correct. Type 'return' for new key password. |
|
1662 testOK("\n\n\n\n\n\nyes\n\n", "-genkey -v -keysize 512 -alias mykey2" + |
|
1663 " -storepass password -keystore x.jks -storetype JKS"); |
1225 // 7. keytool -list -v Type 'password' for the store password. |
1664 // 7. keytool -list -v Type 'password' for the store password. |
1226 testOK("password\n", "-list -v -keystore x.jks -storetype JKS"); |
1665 testOK("password\n", "-list -v -keystore x.jks -storetype JKS"); |
1227 // 8. keytool -keypasswd -v -alias mykey2 -storepass password Type "a" for the new key password. Type "aaaaaa" for the new key password. Type "bbbbbb" when re-entering the new key password. Type "a" for the new key password. Check Error (too many failures). |
1666 // 8. keytool -keypasswd -v -alias mykey2 -storepass password |
1228 testFail("a\naaaaaa\nbbbbbb\na\n", "-keypasswd -v -alias mykey2 -storepass password -keystore x.jks -storetype JKS"); |
1667 // Type "a" for the new key password. Type "aaaaaa" for the new key |
|
1668 // password. Type "bbbbbb" when re-entering the new key password. |
|
1669 // Type "a" for the new key password. Check Error (too many failures). |
|
1670 testFail("a\naaaaaa\nbbbbbb\na\n", "-keypasswd -v -alias mykey2" + |
|
1671 " -storepass password -keystore x.jks -storetype JKS"); |
1229 assertTrue(ex.indexOf("Too many failures - try later") != -1); |
1672 assertTrue(ex.indexOf("Too many failures - try later") != -1); |
1230 // 9. keytool -keypasswd -v -alias mykey2 -storepass password Type "aaaaaa" for the new key password. Type "aaaaaa" when re-entering the new key password. |
1673 // 9. keytool -keypasswd -v -alias mykey2 -storepass password |
1231 testOK("aaaaaa\naaaaaa\n", "-keypasswd -v -alias mykey2 -storepass password -keystore x.jks -storetype JKS"); |
1674 // Type "aaaaaa" for the new key password. Type "aaaaaa" |
|
1675 // when re-entering the new key password. |
|
1676 testOK("aaaaaa\naaaaaa\n", "-keypasswd -v -alias mykey2 " + |
|
1677 "-storepass password -keystore x.jks -storetype JKS"); |
1232 // 10. keytool -selfcert -v -alias mykey -storepass password |
1678 // 10. keytool -selfcert -v -alias mykey -storepass password |
1233 testOK("", "-selfcert -v -alias mykey -storepass password -keystore x.jks -storetype JKS"); |
1679 testOK("", "-selfcert -v -alias mykey -storepass password " + |
|
1680 "-keystore x.jks -storetype JKS"); |
1234 // 11. keytool -list -v -storepass password |
1681 // 11. keytool -list -v -storepass password |
1235 testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS"); |
1682 testOK("", "-list -v -storepass password -keystore x.jks -storetype JKS"); |
1236 // 12. keytool -export -v -alias mykey -file cert -storepass password |
1683 // 12. keytool -export -v -alias mykey -file cert -storepass password |
1237 remove("cert"); |
1684 remove("cert"); |
1238 testOK("", "-export -v -alias mykey -file cert -storepass password -keystore x.jks -storetype JKS"); |
1685 testOK("", "-export -v -alias mykey -file cert -storepass password " + |
1239 // 13. keytool -import -v -file cert -storepass password Check error (Certificate reply and cert are the same) |
1686 "-keystore x.jks -storetype JKS"); |
1240 testFail("", "-import -v -file cert -storepass password -keystore x.jks -storetype JKS"); |
1687 // 13. keytool -import -v -file cert -storepass password |
1241 assertTrue(ex.indexOf("Certificate reply and certificate in keystore are identical") != -1); |
1688 // Check error (Certificate reply and cert are the same) |
|
1689 testFail("", "-import -v -file cert -storepass password" + |
|
1690 " -keystore x.jks -storetype JKS"); |
|
1691 assertTrue(ex.indexOf("Certificate reply and certificate" + |
|
1692 " in keystore are identical") != -1); |
1242 // 14. keytool -printcert -file cert |
1693 // 14. keytool -printcert -file cert |
1243 testOK("", "-printcert -file cert -keystore x.jks -storetype JKS"); |
1694 testOK("", "-printcert -file cert -keystore x.jks -storetype JKS"); |
1244 remove("cert"); |
1695 remove("cert"); |
1245 // 15. keytool -list -storepass password -provider sun.security.provider.Sun |
1696 // 15. keytool -list -storepass password -provider sun.security.provider.Sun |
1246 testOK("", "-list -storepass password -provider sun.security.provider.Sun -keystore x.jks -storetype JKS"); |
1697 testOK("", "-list -storepass password" + |
|
1698 " -provider sun.security.provider.Sun" + |
|
1699 " -keystore x.jks -storetype JKS"); |
1247 |
1700 |
1248 //Error tests |
1701 //Error tests |
1249 |
1702 |
1250 // 1. keytool -storepasswd -storepass password -new abc Check error (password too short) |
1703 // 1. keytool -storepasswd -storepass password -new abc |
|
1704 // Check error (password too short) |
1251 testFail("", "-storepasswd -storepass password -new abc"); |
1705 testFail("", "-storepasswd -storepass password -new abc"); |
1252 assertTrue(ex.indexOf("New password must be at least 6 characters") != -1); |
1706 assertTrue(ex.indexOf("New password must be at least 6 characters") != -1); |
1253 // Changed, no NONE needed now |
1707 // Changed, no NONE needed now |
1254 // 2. keytool -list -storetype PKCS11 Check error (-keystore must be NONE) |
1708 // 2. keytool -list -storetype PKCS11 Check error (-keystore must be NONE) |
1255 //testFail("", "-list -storetype PKCS11"); |
1709 //testFail("", "-list -storetype PKCS11"); |
1256 //assertTrue(err.indexOf("keystore must be NONE") != -1); |
1710 //assertTrue(err.indexOf("keystore must be NONE") != -1); |
1257 // 3. keytool -storepasswd -storetype PKCS11 -keystore NONE Check error (unsupported operation) |
1711 // 3. keytool -storepasswd -storetype PKCS11 -keystore NONE |
|
1712 // Check error (unsupported operation) |
1258 testFail("", "-storepasswd -storetype PKCS11 -keystore NONE"); |
1713 testFail("", "-storepasswd -storetype PKCS11 -keystore NONE"); |
1259 assertTrue(ex.indexOf("UnsupportedOperationException") != -1); |
1714 assertTrue(ex.indexOf("UnsupportedOperationException") != -1); |
1260 // 4. keytool -keypasswd -storetype PKCS11 -keystore NONE Check error (unsupported operation) |
1715 // 4. keytool -keypasswd -storetype PKCS11 -keystore NONE |
|
1716 // Check error (unsupported operation) |
1261 testFail("", "-keypasswd -storetype PKCS11 -keystore NONE"); |
1717 testFail("", "-keypasswd -storetype PKCS11 -keystore NONE"); |
1262 assertTrue(ex.indexOf("UnsupportedOperationException") != -1); |
1718 assertTrue(ex.indexOf("UnsupportedOperationException") != -1); |
1263 // 5. keytool -list -protected -storepass password Check error (password can not be specified with -protected) |
1719 // 5. keytool -list -protected -storepass password |
1264 testFail("", "-list -protected -storepass password -keystore x.jks -storetype JKS"); |
1720 // Check error (password can not be specified with -protected) |
|
1721 testFail("", "-list -protected -storepass password " + |
|
1722 "-keystore x.jks -storetype JKS"); |
1265 assertTrue(ex.indexOf("if -protected is specified, then") != -1); |
1723 assertTrue(ex.indexOf("if -protected is specified, then") != -1); |
1266 // 6. keytool -keypasswd -protected -keypass password Check error (password can not be specified with -protected) |
1724 // 6. keytool -keypasswd -protected -keypass password |
1267 testFail("", "-keypasswd -protected -keypass password -keystore x.jks -storetype JKS"); |
1725 // Check error (password can not be specified with -protected) |
|
1726 testFail("", "-keypasswd -protected -keypass password " + |
|
1727 "-keystore x.jks -storetype JKS"); |
1268 assertTrue(ex.indexOf("if -protected is specified, then") != -1); |
1728 assertTrue(ex.indexOf("if -protected is specified, then") != -1); |
1269 // 7. keytool -keypasswd -protected -new password Check error (password can not be specified with -protected) |
1729 // 7. keytool -keypasswd -protected -new password |
1270 testFail("", "-keypasswd -protected -new password -keystore x.jks -storetype JKS"); |
1730 // Check error (password can not be specified with -protected) |
|
1731 testFail("", "-keypasswd -protected -new password " + |
|
1732 "-keystore x.jks -storetype JKS"); |
1271 assertTrue(ex.indexOf("if -protected is specified, then") != -1); |
1733 assertTrue(ex.indexOf("if -protected is specified, then") != -1); |
1272 remove("x.jks"); |
1734 remove("x.jks"); |
1273 } |
1735 } |
1274 |
1736 |
1275 void i18nPKCS11Test() throws Exception { |
1737 void i18nPKCS11Test() throws Exception { |
1276 //PKCS#11 tests |
1738 //PKCS#11 tests |
1277 |
1739 |
1278 // 1. sccs edit cert8.db key3.db |
1740 // 1. sccs edit cert8.db key3.db |
1279 //Runtime.getRuntime().exec("/usr/ccs/bin/sccs edit cert8.db key3.db"); |
1741 //Runtime.getRuntime().exec("/usr/ccs/bin/sccs edit cert8.db key3.db"); |
1280 testOK("", p11Arg + "-storepass test12 -genkey -alias genkey -dname cn=genkey -keysize 512 -keyalg rsa"); |
1742 testOK("", p11Arg + ("-storepass test12 -genkey -alias genkey" + |
|
1743 " -dname cn=genkey -keysize 512 -keyalg rsa")); |
1281 testOK("", p11Arg + "-storepass test12 -list"); |
1744 testOK("", p11Arg + "-storepass test12 -list"); |
1282 testOK("", p11Arg + "-storepass test12 -list -alias genkey"); |
1745 testOK("", p11Arg + "-storepass test12 -list -alias genkey"); |
1283 testOK("", p11Arg + "-storepass test12 -certreq -alias genkey -file genkey.certreq"); |
1746 testOK("", p11Arg + |
1284 testOK("", p11Arg + "-storepass test12 -export -alias genkey -file genkey.cert"); |
1747 "-storepass test12 -certreq -alias genkey -file genkey.certreq"); |
|
1748 testOK("", p11Arg + |
|
1749 "-storepass test12 -export -alias genkey -file genkey.cert"); |
1285 testOK("", "-printcert -file genkey.cert"); |
1750 testOK("", "-printcert -file genkey.cert"); |
1286 testOK("", p11Arg + "-storepass test12 -selfcert -alias genkey -dname cn=selfCert"); |
1751 testOK("", p11Arg + |
1287 testOK("", p11Arg + "-storepass test12 -list -alias genkey -v"); |
1752 "-storepass test12 -selfcert -alias genkey -dname cn=selfCert"); |
|
1753 testOK("", p11Arg + |
|
1754 "-storepass test12 -list -alias genkey -v"); |
1288 assertTrue(out.indexOf("Owner: CN=selfCert") != -1); |
1755 assertTrue(out.indexOf("Owner: CN=selfCert") != -1); |
1289 //(check that cert subject DN is [cn=selfCert]) |
1756 //(check that cert subject DN is [cn=selfCert]) |
1290 testOK("", p11Arg + "-storepass test12 -delete -alias genkey"); |
1757 testOK("", p11Arg + "-storepass test12 -delete -alias genkey"); |
1291 testOK("", p11Arg + "-storepass test12 -list"); |
1758 testOK("", p11Arg + "-storepass test12 -list"); |
1292 assertTrue(out.indexOf("Your keystore contains 0 entries") != -1); |
1759 assertTrue(out.indexOf("Your keystore contains 0 entries") != -1); |