8144806: sun/security/tools/keytool/standard.sh fails intermittently at deleting x.jks
Reviewed-by: weijun
Contributed-by: bhanu.prakash.gopularam@oracle.com
#
# Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
# @test
# @bug 7133495 8041740 8062264 8046777
# @summary [macosx] KeyChain KeyStore implementation retrieves only one private key entry
if [ "${TESTJAVA}" = "" ] ; then
JAVAC_CMD=`which javac`
TESTJAVA=`dirname $JAVAC_CMD`/..
fi
if [ "${TESTSRC}" = "" ] ; then
TESTSRC="."
fi
if [ "${TESTCLASSES}" = "" ] ; then
TESTCLASSES=`pwd`
fi
# Only run on MacOS
OS=`uname -s`
case "$OS" in
Darwin )
;;
* )
echo "Will not run test on: ${OS}"
exit 0;
;;
esac
PWD="xxxxxx"
KEYTOOL="${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -storetype KeychainStore -keystore NONE -storepass $PWD"
TEMPORARY_P12="$TESTCLASSES/7133495.p12"
TEMPORARY_KC="$TESTCLASSES/7133495.keychain"
TEMPORARY_LIST="$TESTCLASSES/7133495.tmp"
CLEANUP_P12="rm -f $TEMPORARY_P12"
CLEANUP_KC="security delete-keychain $TEMPORARY_KC"
CLEANUP_LIST="rm -f $TEMPORARY_LIST"
# Count the number of private key entries in the Keychain keystores
COUNT=`$KEYTOOL -list | grep PrivateKeyEntry | wc -l`
echo "Found $COUNT private key entries in the Keychain keystores"
# Create a temporary PKCS12 keystore containing 3 public/private keypairs
RESULT=`$CLEANUP_P12`
for i in X Y Z
do
${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -genkeypair \
-storetype PKCS12 \
-keystore $TEMPORARY_P12 \
-storepass $PWD \
-keyalg rsa \
-dname "CN=$i,OU=$i,O=$i,ST=$i,C=US" \
-alias 7133495-$i
if [ $? -ne 0 ]; then
echo "Error: cannot create keypair $i in the temporary PKCS12 keystore"
RESULT=`$CLEANUP_P12`
exit 1
fi
done
echo "Created a temporary PKCS12 keystore: $TEMPORARY_P12"
# Create a temporary keychain
security create-keychain -p $PWD $TEMPORARY_KC
if [ $? -ne 0 ]; then
echo "Error: cannot create the temporary keychain"
RESULT=`$CLEANUP_P12`
exit 2
fi
echo "Created a temporary keychain: $TEMPORARY_KC"
# Unlock the temporary keychain
security unlock-keychain -p $PWD $TEMPORARY_KC
if [ $? -ne 0 ]; then
echo "Error: cannot unlock the temporary keychain"
RESULT=`$CLEANUP_P12`
RESULT=`$CLEANUP_KC`
exit 3
fi
echo "Unlocked the temporary keychain"
# Import the keypairs from the PKCS12 keystore into the keychain
# (The '-A' option is used to lower the temporary keychain's access controls)
security import $TEMPORARY_P12 -k $TEMPORARY_KC -f pkcs12 -P $PWD -A
if [ $? -ne 0 ]; then
echo "Error: cannot import keypairs from PKCS12 keystore into the keychain"
RESULT=`$CLEANUP_P12`
RESULT=`$CLEANUP_KC`
exit 4
fi
echo "Imported keypairs from PKCS12 keystore into the keychain"
# Generate a 2048-bit RSA keypair and import into the temporary keychain
# (its private key is configured with non-default key usage settings)
certtool c k=$TEMPORARY_KC <<EOF
test
r
2048
y
b
s
y
A
US
A
A
y
EOF
# Adjust the keychain search order
echo "\"$TEMPORARY_KC\"" > $TEMPORARY_LIST
security list-keychains >> $TEMPORARY_LIST
security list-keychains -s `xargs < ${TEMPORARY_LIST}`
`$CLEANUP_LIST`
echo "Temporary keychain search order:"
security list-keychains
# Recount the number of private key entries in the Keychain keystores
# (3 private keys imported from PKCS12, 1 private key generated by 'certtool')
RECOUNT=`$KEYTOOL -list | grep PrivateKeyEntry | wc -l`
echo "Found $RECOUNT private key entries in the Keychain keystore"
if [ $RECOUNT -lt `expr $COUNT + 4` ]; then
echo "Error: expected >$COUNT private key entries in the Keychain keystores"
RESULT=`$CLEANUP_P12`
RESULT=`$CLEANUP_KC`
exit 5
fi
# Export a private key from the keychain (without supplying a password)
# Access controls have already been lowered (see 'security import ... -A' above)
${TESTJAVA}/bin/javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} -d . ${TESTSRC}/ExportPrivateKeyNoPwd.java || exit 6
${TESTJAVA}/bin/java ${TESTVMOPTS} ExportPrivateKeyNoPwd x
if [ $? -ne 0 ]; then
echo "Error exporting private key from the temporary keychain"
RESULT=`$CLEANUP_P12`
RESULT=`$CLEANUP_KC`
exit 6
fi
echo "Exported a private key from the temporary keychain"
RESULT=`$CLEANUP_P12`
if [ $? -ne 0 ]; then
echo "Error: cannot remove the temporary PKCS12 keystore"
exit 7
fi
echo "Removed the temporary PKCS12 keystore"
RESULT=`$CLEANUP_KC`
if [ $? -ne 0 ]; then
echo "Error: cannot remove the temporary keychain"
exit 8
fi
echo "Removed the temporary keychain"
exit 0