diff -r 4ebc2e2fb97c -r 71c04702a3d5 test/jdk/sun/security/tools/keytool/DupImport.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/jdk/sun/security/tools/keytool/DupImport.java Tue Sep 12 19:03:39 2017 +0200 @@ -0,0 +1,124 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 6968542 + * @summary keytool -importcert cannot deal with duplicate certs + * @modules java.base/sun.security.tools.keytool + * @compile -XDignore.symbol.file DupImport.java + * @run main DupImport pkcs12 + * @run main DupImport jks + */ + +import java.io.File; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.security.KeyStore; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +public class DupImport { + + static String storeType = null; + + public static void main(String[] args) throws Exception { + + storeType = args[0]; + Files.deleteIfExists(Paths.get("dup.ks")); + + // Create chain: root -> int -> me + run("-genkeypair -alias me -dname CN=Me"); + run("-genkeypair -alias int -dname CN=Int"); + run("-genkeypair -alias root -dname CN=Root"); + + run("-certreq -alias int -file int.req"); + run("-gencert -infile int.req -alias root -rfc -outfile int.resp"); + run("-importcert -file int.resp -alias int"); + + run("-certreq -alias me -file me.req"); + run("-gencert -infile me.req -alias int -rfc -outfile me.resp"); + run("-importcert -file me.resp -alias me"); + + // Export certs + run("-exportcert -alias me -file me -rfc"); + run("-exportcert -alias int -file int -rfc"); + run("-exportcert -alias root -file root -rfc"); + + // test 1: just the 3 certs + test("me", "int", "root"); + + // test 2: 3 chains (without root) concatenated + test("me", "int", "int", "root"); + + // test 3: 3 full chains concatenated + test("me", "int", "root", "int", "root", "root"); + + // test 4: a mess + test("root", "me", "int", "int", "me", "me", "root", "int"); + } + + // Run keytool command with common options + static void run(String s) throws Exception { + sun.security.tools.keytool.Main.main(( + "-keystore dup.ks -storepass changeit -keypass changeit " + + "-storetype " + storeType + " -debug " + + s).split(" ")); + } + + // Test "cat files... | keytool -import" + static void test(String... files) throws Exception { + + System.out.println("Testing " + Arrays.toString(files)); + + List all = new ArrayList<>(); + for (String file : files) { + all.addAll(Files.readAllLines(Paths.get(file))); + } + Files.write(Paths.get("reply"), all); + + run("-importcert -file reply -alias me"); + KeyStore ks = KeyStore.getInstance( + new File("dup.ks"), "changeit".toCharArray()); + Certificate[] chain = ks.getCertificateChain("me"); + if (chain.length != 3) { + throw new Exception("Length is " + chain.length); + } + + checkName(chain[0], "CN=Me"); + checkName(chain[1], "CN=Int"); + checkName(chain[2], "CN=Root"); + } + + // Check if c's dname is expected + static void checkName(Certificate c, String expected) throws Exception { + X509Certificate x = (X509Certificate)c; + String name = x.getSubjectX500Principal().toString(); + if (!expected.equals(name)) { + throw new Exception("Expected " + expected + ", but " + name); + } + } +}