|
1 /* |
|
2 * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. |
|
8 * |
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 * version 2 for more details (a copy is included in the LICENSE file that |
|
13 * accompanied this code). |
|
14 * |
|
15 * You should have received a copy of the GNU General Public License version |
|
16 * 2 along with this work; if not, write to the Free Software Foundation, |
|
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 * |
|
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 * or visit www.oracle.com if you need additional information or have any |
|
21 * questions. |
|
22 */ |
|
23 |
|
24 import jdk.test.lib.Asserts; |
|
25 import jdk.test.lib.SecurityTools; |
|
26 import jdk.test.lib.process.OutputAnalyzer; |
|
27 |
|
28 import java.io.File; |
|
29 import java.security.KeyStore; |
|
30 import java.security.interfaces.ECKey; |
|
31 |
|
32 /** |
|
33 * @test |
|
34 * @bug 8213400 |
|
35 * @summary Support choosing group name in keytool keypair generation |
|
36 * @library /test/lib |
|
37 */ |
|
38 |
|
39 public class GroupName { |
|
40 |
|
41 private static final String COMMON = "-keystore ks " |
|
42 + "-storepass changeit -keypass changeit -debug"; |
|
43 |
|
44 public static void main(String[] args) throws Throwable { |
|
45 gen("a", "-keyalg RSA -groupname secp256r1") |
|
46 .shouldHaveExitValue(1); |
|
47 |
|
48 gen("b", "-keyalg EC") |
|
49 .shouldHaveExitValue(0) |
|
50 .shouldNotContain("Specifying -keysize for generating EC keys is deprecated"); |
|
51 checkCurveName("b", "secp256r1"); |
|
52 |
|
53 gen("c", "-keyalg EC -keysize 256") |
|
54 .shouldHaveExitValue(0) |
|
55 .shouldContain("Specifying -keysize for generating EC keys is deprecated") |
|
56 .shouldContain("please use \"-groupname secp256r1\" instead."); |
|
57 checkCurveName("c", "secp256r1"); |
|
58 |
|
59 gen("d", "-keyalg EC -keysize 256 -groupname secp256r1") |
|
60 .shouldHaveExitValue(1) |
|
61 .shouldContain("Cannot specify both -groupname and -keysize"); |
|
62 |
|
63 gen("e", "-keyalg EC -groupname secp256r1") |
|
64 .shouldHaveExitValue(0) |
|
65 .shouldNotContain("Specifying -keysize for generating EC keys is deprecated"); |
|
66 checkCurveName("e", "secp256r1"); |
|
67 |
|
68 gen("f", "-keyalg EC -groupname brainpoolP256r1") |
|
69 .shouldHaveExitValue(0) |
|
70 .shouldNotContain("Specifying -keysize for generating EC keys is deprecated"); |
|
71 checkCurveName("f", "brainpoolP256r1"); |
|
72 } |
|
73 |
|
74 private static void checkCurveName(String a, String name) |
|
75 throws Exception { |
|
76 KeyStore ks = KeyStore.getInstance(new File("ks"), "changeit".toCharArray()); |
|
77 ECKey key = (ECKey)ks.getCertificate(a).getPublicKey(); |
|
78 // The following check is highly implementation dependent. In OpenJDK, |
|
79 // params.toString() should contain all alternative names and the OID. |
|
80 Asserts.assertTrue(key.getParams().toString().contains(name)); |
|
81 } |
|
82 |
|
83 private static OutputAnalyzer kt(String cmd) throws Throwable { |
|
84 return SecurityTools.keytool(COMMON + " " + cmd); |
|
85 } |
|
86 |
|
87 private static OutputAnalyzer gen(String a, String extra) throws Throwable { |
|
88 return kt("-genkeypair -alias " + a + " -dname CN=" + a + " " + extra); |
|
89 } |
|
90 } |