<html>

<body>

<applet width=100 height=100 code=i18n.class>

</applet>

This is a multi-stage test.  Click on "done" when you have completed

reading these instructions.  For each instruction, make sure the output

from keytool is correct (you can read everything in english fine).

<ol>

<li>    rm ~/.keystore

        If you are on a Windows platform, delete the .keystore file in

        your home directory.

<li>	keytool -help

<li>	keytool -genkey -v -keysize 512

	Enter "a" for the keystore password.  Check error (password too short).

	Enter "password" for the keystore password.

        Re-enter "password" to confirm.

	Hit 'return' for "first and last name", "organizational unit",

	"organization", "City", "State", and "Country Code".

	Type "yes" when they ask you if everything is correct.

	Type 'return' for new key password.

<li>	keytool -list -v -storepass password

<li>	keytool -list -v

	Type "a" for the keystore password.

	Check error (wrong keystore password).

<li>	keytool -genkey -v -keysize 512

	Enter "password" as the password.

	Check error (alias 'mykey' already exists).

<li>	keytool -genkey -v -keysize 512 -alias mykey2 -storepass password

	Hit 'return' for "first and last name", "organizational unit",

	"organization", "City", "State", and "Country Code".

	Type "yes" when they ask you if everything is correct.

	Type 'return' for new key password.

<li>	keytool -list -v

	Type 'password' for the store password.

<li>	keytool -keypasswd -v -alias mykey2 -storepass password

	Type "a" for the new key password.

	Type "aaaaaa" for the new key password.

	Type "bbbbbb" when re-entering the new key password.

	Type "a" for the new key password.

	Check Error (too many failures).

<li>	keytool -keypasswd -v -alias mykey2 -storepass password

	Type "aaaaaa" for the new key password.

	Type "aaaaaa" when re-entering the new key password.

<li>	keytool -selfcert -v -alias mykey -storepass password

<li>	keytool -list -v -storepass password

<li>	keytool -export -v -alias mykey -file /tmp/cert -storepass password

<li>	keytool -import -v -file /tmp/cert -storepass password

	Check error (Certificate reply and cert are the same)

<li>	keytool -printcert -file /tmp/cert

<li>	keytool -list -storepass password -provider sun.security.provider.Sun

</ol>

Error tests

<ol>

<li>	keytool -storepasswd -storepass password -new abc

	Check error (password too short)

<!--li>	keytool -list -storetype PKCS11

	Check error (-keystore must be NONE)-->

<li>	keytool -storepasswd -storetype PKCS11 -keystore NONE

	Check error (unsupported operation)

<li>	keytool -keypasswd -storetype PKCS11 -keystore NONE

	Check error (unsupported operation)

<li>	keytool -list -protected -storepass password

	Check error (password can not be specified with -protected)

<li>	keytool -keypasswd -protected -keypass password

	Check error (password can not be specified with -protected)

<li>	keytool -keypasswd -protected -new password

	Check error (password can not be specified with -protected)

</ol>

MSCAPI tests (Only run on Windows)

<ol>

    <li>keytool -storetype Windows-MY -list

    should list entries (may be 0) without asking for password

    should not show ****** WARNING WARNING WARNING ****** lines

    <li>keytool -storetype Windows-MY -list -keystore NONE

    should list entries without asking for password

    <li>keytool -storetype Windows-MY -list -keystore other

    Error: storetype must be NONE

    <li>keytool -storetype Windows-MY -list -storepass changeit

    Error: storepass cannot be specfied

    <li>keytool -storetype Windows-MY -list -storepasswd

    Error: storepasswd not supported

</ol>

PKCS#11 tests

<ol>

<li>	sccs edit cert8.db key3.db

<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -genkey -alias genkey -dname cn=genkey -keysize 512 -keyalg rsa

<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list

<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list -alias genkey

<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -certreq -alias genkey -file genkey.certreq

<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -export -alias genkey -file genkey.cert

<li>	keytool -printcert -file genkey.cert

<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -selfcert -alias genkey -dname cn=selfCert

<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list -alias genkey -v

(check that cert subject DN is [cn=selfCert])

<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -delete -alias genkey

<li>	keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list

(check for empty database listing)

<li>	sccs unedit cert8.db key3.db

</ol>

If all the output (english) is correct, then the test passed.

Otherwise, the test failed.

Press "Pass" if ... press "Fail" otherwise.

</body>

</html>