1 #

     2 # Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.

     3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4 #

     5 # This code is free software; you can redistribute it and/or modify it

     6 # under the terms of the GNU General Public License version 2 only, as

     7 # published by the Free Software Foundation.

     8 #

     9 # This code is distributed in the hope that it will be useful, but WITHOUT

    10 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    11 # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    12 # version 2 for more details (a copy is included in the LICENSE file that

    13 # accompanied this code).

    14 #

    15 # You should have received a copy of the GNU General Public License version

    16 # 2 along with this work; if not, write to the Free Software Foundation,

    17 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    18 #

    19 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    20 # or visit www.oracle.com if you need additional information or have any

    21 # questions.

    22 #

    23 

    24 # @test

    25 # @bug 8010125

    26 # @summary keytool -importkeystore could create a pkcs12 keystore with

    27 #  different storepass and keypass

    28 #

    29 

    30 if [ "${TESTJAVA}" = "" ] ; then

    31   JAVAC_CMD=`which javac`

    32   TESTJAVA=`dirname $JAVAC_CMD`/..

    33 fi

    34 

    35 # set platform-dependent variables

    36 OS=`uname -s`

    37 case "$OS" in

    38   Windows_* )

    39     FS="\\"

    40     ;;

    41   * )

    42     FS="/"

    43     ;;

    44 esac

    45 

    46 LANG=C

    47 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS}"

    48 

    49 # Part 1: JKS keystore with same storepass and keypass

    50 

    51 rm jks 2> /dev/null

    52 $KT -genkeypair -keystore jks -storetype jks -alias me -dname CN=Me \

    53 	-keyalg rsa -storepass pass1111 -keypass pass1111 || exit 11

    54 

    55 # Cannot only change storepass

    56 rm p12 2> /dev/null

    57 $KT -importkeystore -noprompt \

    58     -srcstoretype jks -srckeystore jks -destkeystore p12 -deststoretype pkcs12 \

    59     -srcstorepass pass1111 \

    60     -deststorepass pass2222 \

    61         && exit 12

    62 

    63 # You can keep storepass unchanged

    64 rm p12 2> /dev/null

    65 $KT -importkeystore -noprompt \

    66     -srcstoretype jks -srckeystore jks -destkeystore p12 -deststoretype pkcs12 \

    67     -srcstorepass pass1111 \

    68     -deststorepass pass1111 \

    69         || exit 13

    70 $KT -certreq -storetype pkcs12 -keystore p12 -alias me \

    71 	-storepass pass1111 -keypass pass1111 || exit 14

    72 

    73 # Or change storepass and keypass both

    74 rm p12 2> /dev/null

    75 $KT -importkeystore -noprompt \

    76     -srcstoretype jks -srckeystore jks -destkeystore p12 -deststoretype pkcs12 \

    77     -srcstorepass pass1111 \

    78     -deststorepass pass2222 -destkeypass pass2222 \

    79         || exit 15

    80 $KT -certreq -storetype pkcs12 -keystore p12 -alias me \

    81 	-storepass pass2222 -keypass pass2222 || exit 16

    82 

    83 # Part 2: JKS keystore with different storepass and keypass

    84 # Must import by alias (-srckeypass is not available when importing all)

    85 

    86 rm jks 2> /dev/null

    87 $KT -genkeypair -keystore jks -storetype jks -alias me -dname CN=Me \

    88 	-keyalg rsa -storepass pass1111 -keypass pass2222 || exit 21

    89 

    90 # Can use old keypass as new storepass so new storepass and keypass are same

    91 rm p12 2> /dev/null

    92 $KT -importkeystore -noprompt -srcalias me \

    93     -srcstoretype jks -srckeystore jks -destkeystore p12 -deststoretype pkcs12 \

    94     -srcstorepass pass1111 -srckeypass pass2222  \

    95 	-deststorepass pass2222 \

    96 	    || exit 22

    97 $KT -certreq -storetype pkcs12 -keystore p12 -alias me \

    98 	-storepass pass2222 -keypass pass2222 || exit 23

    99 

   100 # Or specify both storepass and keypass to brand new ones

   101 rm p12 2> /dev/null

   102 $KT -importkeystore -noprompt -srcalias me \

   103     -srcstoretype jks -srckeystore jks -destkeystore p12 -deststoretype pkcs12 \

   104     -srcstorepass pass1111 -srckeypass pass2222  \

   105 	-deststorepass pass3333 -destkeypass pass3333 \

   106 	    || exit 24

   107 $KT -certreq -storetype pkcs12 -keystore p12 -alias me \

   108 	-storepass pass3333 -keypass pass3333 || exit 25

   109 

   110 # Anyway you cannot make new storepass and keypass different

   111 rm p12 2> /dev/null

   112 $KT -importkeystore -noprompt -srcalias me \

   113     -srcstoretype jks -srckeystore jks -destkeystore p12 -deststoretype pkcs12 \

   114     -srcstorepass pass1111 -srckeypass pass2222  \

   115 	-deststorepass pass1111 \

   116 	    && exit 26

   117 

   118 exit 0