8192988: keytool should support -storepasswd for pkcs12 keystores
Reviewed-by: mullan
/*
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8010125 8192988
* @summary keytool should support -storepasswd for pkcs12 keystores
* @library /test/lib
* @build jdk.test.lib.SecurityTools
* jdk.test.lib.Utils
* jdk.test.lib.Asserts
* jdk.test.lib.JDKToolFinder
* jdk.test.lib.JDKToolLauncher
* jdk.test.lib.Platform
* jdk.test.lib.process.*
* @run main JKStoPKCS12
*/
import jdk.test.lib.Asserts;
import jdk.test.lib.SecurityTools;
import jdk.test.lib.process.OutputAnalyzer;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.util.Collections;
public class JKStoPKCS12 {
static String srcStorePass, srcKeyPass;
public static void main(String[] args) throws Exception {
// Part 1: JKS keystore with same storepass and keypass
genJKS("pass1111", "pass1111");
// Change storepass, keypass also changes
convert("pass2222", null);
// You can keep storepass unchanged
convert("pass1111", null);
// Or change storepass and keypass both, explicitly
convert("pass2222", "pass2222");
// Part 2: JKS keystore with different storepass and keypass
Files.delete(Paths.get("jks"));
genJKS("pass1111", "pass2222");
// Can use old keypass as new storepass so new storepass and keypass are same
convert("pass2222", null);
// Or specify both storepass and keypass to brand new ones
convert("pass3333", "pass3333");
// Or change storepass, keypass also changes. Remember to provide srckeypass
convert("pass1111", null);
}
// Generate JKS keystore with srcStorePass and srcKeyPass
static void genJKS(String storePass, String keyPass)
throws Exception {
srcStorePass = storePass;
srcKeyPass = keyPass;
kt("-genkeypair -keystore jks -storetype jks "
+ "-alias me -dname CN=Me -keyalg rsa "
+ "-storepass " + srcStorePass + " -keypass " + srcKeyPass)
.shouldHaveExitValue(0);
}
// Convert JKS to PKCS12 with destStorePass and destKeyPass (optional)
static void convert(String destStorePass, String destKeyPass)
throws Exception {
String cmd = "-importkeystore -noprompt"
+ " -srcstoretype jks -srckeystore jks"
+ " -destkeystore p12 -deststoretype pkcs12"
+ " -srcstorepass " + srcStorePass
+ " -deststorepass " + destStorePass;
// Must import by alias (-srckeypass not available when importing all)
if (!srcStorePass.equals(srcKeyPass)) {
cmd += " -srcalias me";
cmd += " -srckeypass " + srcKeyPass;
}
if (destKeyPass != null) {
cmd += " -destkeypass " + destKeyPass;
}
kt(cmd).shouldHaveExitValue(0);
// Confirms the storepass and keypass are all correct
KeyStore.getInstance(new File("p12"), destStorePass.toCharArray())
.getKey("me", destStorePass.toCharArray());
Files.delete(Paths.get("p12"));
}
static OutputAnalyzer kt(String arg) throws Exception {
return SecurityTools.keytool(arg);
}
}