8180573: Refactor sun/security/tools shell tests to plain java tests
authorweijun
Fri, 12 Apr 2019 13:35:23 +0800
changeset 54521 8de62c4af8c7
parent 54520 f48312257bc6
child 54522 60bc754b9744
8180573: Refactor sun/security/tools shell tests to plain java tests Reviewed-by: rhalade, valeriep
test/jdk/sun/security/tools/jarsigner/AlgOptions.java
test/jdk/sun/security/tools/jarsigner/AlgOptions.sh
test/jdk/sun/security/tools/jarsigner/CertPolicy.java
test/jdk/sun/security/tools/jarsigner/CheckUsage.java
test/jdk/sun/security/tools/jarsigner/Collator.java
test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java
test/jdk/sun/security/tools/jarsigner/Crl.java
test/jdk/sun/security/tools/jarsigner/DefaultOptions.java
test/jdk/sun/security/tools/jarsigner/DiffEnd.java
test/jdk/sun/security/tools/jarsigner/EC.java
test/jdk/sun/security/tools/jarsigner/EmptyManifest.java
test/jdk/sun/security/tools/jarsigner/EntriesOrder.java
test/jdk/sun/security/tools/jarsigner/JvIndex.java
test/jdk/sun/security/tools/jarsigner/NameClash.java
test/jdk/sun/security/tools/jarsigner/NewSize7.java
test/jdk/sun/security/tools/jarsigner/OldSig.java
test/jdk/sun/security/tools/jarsigner/OnlyManifest.java
test/jdk/sun/security/tools/jarsigner/Options.java
test/jdk/sun/security/tools/jarsigner/PassType.java
test/jdk/sun/security/tools/jarsigner/PercentSign.java
test/jdk/sun/security/tools/jarsigner/PercentSign.sh
test/jdk/sun/security/tools/jarsigner/SameName.java
test/jdk/sun/security/tools/jarsigner/WeakSize.java
test/jdk/sun/security/tools/jarsigner/certpolicy.sh
test/jdk/sun/security/tools/jarsigner/checkusage.sh
test/jdk/sun/security/tools/jarsigner/collator.sh
test/jdk/sun/security/tools/jarsigner/concise_jarsigner.sh
test/jdk/sun/security/tools/jarsigner/crl.sh
test/jdk/sun/security/tools/jarsigner/default_options.sh
test/jdk/sun/security/tools/jarsigner/diffend.sh
test/jdk/sun/security/tools/jarsigner/ec.sh
test/jdk/sun/security/tools/jarsigner/emptymanifest.sh
test/jdk/sun/security/tools/jarsigner/jvindex.sh
test/jdk/sun/security/tools/jarsigner/nameclash.sh
test/jdk/sun/security/tools/jarsigner/newsize7.sh
test/jdk/sun/security/tools/jarsigner/oldsig.sh
test/jdk/sun/security/tools/jarsigner/onlymanifest.sh
test/jdk/sun/security/tools/jarsigner/passtype.sh
test/jdk/sun/security/tools/jarsigner/samename.sh
test/jdk/sun/security/tools/jarsigner/weaksize.sh
test/jdk/sun/security/tools/keytool/CloneKeyAskPassword.java
test/jdk/sun/security/tools/keytool/CloneKeyAskPassword.sh
test/jdk/sun/security/tools/keytool/DefaultOptions.java
test/jdk/sun/security/tools/keytool/EmptySubject.java
test/jdk/sun/security/tools/keytool/FileInHelp.java
test/jdk/sun/security/tools/keytool/ImportReadAll.java
test/jdk/sun/security/tools/keytool/KeyAlg.java
test/jdk/sun/security/tools/keytool/NewHelp.java
test/jdk/sun/security/tools/keytool/NoExtNPE.java
test/jdk/sun/security/tools/keytool/NoExtNPE.sh
test/jdk/sun/security/tools/keytool/Resource.java
test/jdk/sun/security/tools/keytool/SecretKeyKS.java
test/jdk/sun/security/tools/keytool/SecretKeyKS.sh
test/jdk/sun/security/tools/keytool/SecurityToolsTest.java
test/jdk/sun/security/tools/keytool/SelfIssued.java
test/jdk/sun/security/tools/keytool/StandardAlgName.java
test/jdk/sun/security/tools/keytool/StandardAlgName.sh
test/jdk/sun/security/tools/keytool/StorePasswords.java
test/jdk/sun/security/tools/keytool/StorePasswordsByShell.sh
test/jdk/sun/security/tools/keytool/TryStore.java
test/jdk/sun/security/tools/keytool/default_options.sh
test/jdk/sun/security/tools/keytool/emptysubject.sh
test/jdk/sun/security/tools/keytool/file-in-help.sh
test/jdk/sun/security/tools/keytool/i18n.html
test/jdk/sun/security/tools/keytool/i18n.java
test/jdk/sun/security/tools/keytool/i18n.sh
test/jdk/sun/security/tools/keytool/importreadall.sh
test/jdk/sun/security/tools/keytool/keyalg.sh
test/jdk/sun/security/tools/keytool/newhelp.sh
test/jdk/sun/security/tools/keytool/resource.sh
test/jdk/sun/security/tools/keytool/selfissued.sh
test/jdk/sun/security/tools/keytool/trystore.sh
test/lib/jdk/test/lib/SecurityTools.java
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/AlgOptions.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 5094028 6219522
+ * @summary test new jarsigner -sigalg and -digestalg options
+ * @author Sean Mullan
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.List;
+
+public class AlgOptions {
+    public static void main(String[] args) throws Exception {
+
+        // copy jar file into writeable location
+        Files.copy(Path.of(System.getProperty("test.src"), "AlgOptions.jar"),
+                Path.of("AlgOptionsTmp.jar"));
+
+        // test missing signature algorithm arg
+        sign("-sigalg").shouldNotHaveExitValue(0);
+
+        // test missing digest algorithm arg
+        sign("-digestalg").shouldNotHaveExitValue(0);
+
+        // test BOGUS signature algorithm
+        sign("-sigalg", "BOGUS").shouldNotHaveExitValue(0);
+
+        // test BOGUS digest algorithm
+        sign("-digestalg", "BOGUS").shouldNotHaveExitValue(0);
+
+        // test incompatible signature algorithm
+        sign("-sigalg", "SHA1withDSA").shouldNotHaveExitValue(0);
+
+        // test compatible signature algorithm
+        sign("-sigalg", "SHA512withRSA").shouldHaveExitValue(0);
+        verify();
+
+        // test non-default digest algorithm
+        sign("-digestalg", "SHA-1").shouldHaveExitValue(0);
+        verify();
+
+        // test SHA-512 digest algorithm (creates long lines)
+        sign("-digestalg", "SHA-512", "-sigalg", "SHA512withRSA")
+                .shouldHaveExitValue(0);
+        verify();
+    }
+
+    static OutputAnalyzer sign(String... options) throws Exception {
+        List<String> args = new ArrayList<>();
+        args.add("-keystore");
+        args.add(Path.of(System.getProperty("test.src"), "JarSigning.keystore")
+                .toString());
+        args.add("-storepass");
+        args.add("bbbbbb");
+        for (String option : options) {
+            args.add(option);
+        }
+        args.add("AlgOptionsTmp.jar");
+        args.add("c");
+        return SecurityTools.jarsigner(args);
+    }
+
+    static void verify() throws Exception {
+        SecurityTools.jarsigner(
+                "-verify", "AlgOptionsTmp.jar")
+                .shouldHaveExitValue(0);
+    }
+}
--- a/test/jdk/sun/security/tools/jarsigner/AlgOptions.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,224 +0,0 @@
-#
-# Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 5094028 6219522
-# @summary test new jarsigner -sigalg and -digestalg options
-# @author Sean Mullan
-#
-# @run shell AlgOptions.sh
-#
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
-  TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
-  TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
-  echo "TESTJAVA not set.  Test cannot execute."
-  echo "FAILED!!!"
-  exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  SunOS | Linux | Darwin | AIX )
-    NULL=/dev/null
-    PS=":"
-    FS="/"
-    CP="${FS}bin${FS}cp -f"
-    ;;
-  CYGWIN* )
-    NULL=/dev/null
-    PS=";"
-    FS="/"
-    CP="cp -f"
-    ;;
-  Windows_* )
-    NULL=NUL
-    PS=";"
-    FS="\\"
-    CP="cp -f"
-    ;;
-  * )
-    echo "Unrecognized operating system!"
-    exit 1;
-    ;;
-esac
-
-# copy jar file into writeable location
-${CP} ${TESTSRC}${FS}AlgOptions.jar ${TESTCLASSES}${FS}AlgOptionsTmp.jar
-
-failed=0
-# test missing signature algorithm arg
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
-    -keystore ${TESTSRC}${FS}JarSigning.keystore \
-    -storepass bbbbbb \
-    -sigalg \
-    ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    echo "test 1 failed"
-    failed=1
-else
-    echo "test 1 passed"
-fi
-
-# test missing digest algorithm arg
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
-    -keystore ${TESTSRC}${FS}JarSigning.keystore \
-    -storepass bbbbbb \
-    -digestalg \
-    ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    echo "test 2 failed"
-    failed=1
-else
-    echo "test 2 passed"
-fi
-
-# test BOGUS signature algorithm
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
-    -keystore ${TESTSRC}${FS}JarSigning.keystore \
-    -storepass bbbbbb \
-    -sigalg BOGUS \
-    ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    echo "test 3 failed"
-    failed=1
-else
-    echo "test 3 passed"
-fi
-
-# test BOGUS digest algorithm
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
-    -keystore ${TESTSRC}${FS}JarSigning.keystore \
-    -storepass bbbbbb \
-    -digestalg BOGUS \
-    ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    echo "test 4 failed"
-    failed=1
-else
-    echo "test 4 passed"
-fi
-
-# test incompatible signature algorithm
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
-    -keystore ${TESTSRC}${FS}JarSigning.keystore \
-    -storepass bbbbbb \
-    -sigalg SHA1withDSA \
-    ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    echo "test 5 failed"
-    failed=1
-else
-    echo "test 5 passed"
-fi
-
-# test compatible signature algorithm
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
-    -keystore ${TESTSRC}${FS}JarSigning.keystore \
-    -storepass bbbbbb \
-    -sigalg SHA512withRSA \
-    ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    echo "test 6 passed"
-else
-    echo "test 6 failed"
-    failed=1
-fi
-
-# verify it
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -verify ${TESTCLASSES}${FS}AlgOptionsTmp.jar
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    echo "test 7 passed"
-else
-    echo "test 7 failed"
-    failed=1
-fi
-
-# test non-default digest algorithm
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
-    -keystore ${TESTSRC}${FS}JarSigning.keystore \
-    -storepass bbbbbb \
-    -digestalg SHA-256 \
-    ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    echo "test 8 passed"
-else
-    echo "test 8 failed"
-    failed=1
-fi
-
-# verify it
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -verify ${TESTCLASSES}${FS}AlgOptionsTmp.jar
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    echo "test 9 passed"
-else
-    echo "test 9 failed"
-    failed=1
-fi
-
-# test SHA-512 digest algorithm (creates long lines)
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
-    -keystore ${TESTSRC}${FS}JarSigning.keystore \
-    -storepass bbbbbb \
-    -digestalg SHA-512 \
-    -sigalg SHA512withRSA \
-    ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    echo "test 10 passed"
-else
-    echo "test 10 failed"
-    failed=1
-fi
-
-# verify it
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -verify ${TESTCLASSES}${FS}AlgOptionsTmp.jar
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    echo "test 11 passed"
-else
-    echo "test 11 failed"
-    failed=1
-fi
-
-if [ $failed -eq 1 ]; then
-    exit 1
-else
-    exit 0
-fi
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/CertPolicy.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8036709
+ * @summary Java 7 jarsigner displays warning about cert policy tree
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.util.JarUtils;
+
+import java.io.FileOutputStream;
+import java.io.PrintStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class CertPolicy {
+    static OutputAnalyzer keytool(String cmd) throws Exception {
+        return SecurityTools.keytool("-keypass changeit -storepass changeit "
+                + "-keystore ks -keyalg rsa " + cmd);
+    }
+
+    static OutputAnalyzer jarsigner(String cmd) throws Exception {
+        return SecurityTools.jarsigner("-storepass changeit -keystore ks " + cmd);
+    }
+
+    public static void main(String[] args) throws Exception {
+
+        keytool("-genkeypair -alias ca -dname CN=CA -ext bc");
+        keytool("-genkeypair -alias int -dname CN=Int");
+        keytool("-genkeypair -alias ee -dname CN=EE");
+
+        // CertificatePolicies [[PolicyId: [1.2.3]], [PolicyId: [1.2.4]]]
+        // PolicyConstraints: [Require: 0; Inhibit: unspecified]
+        keytool("-certreq -alias int -file int.req");
+        keytool("-gencert -rfc -alias ca "
+                + "-ext 2.5.29.32=300C300406022A03300406022A04 "
+                + "-ext 2.5.29.36=3003800100 "
+                + "-ext bc -infile int.req -outfile int.cert");
+        keytool("-import -alias int -file int.cert");
+
+        // CertificatePolicies [[PolicyId: [1.2.3]]]
+        keytool("-certreq -alias ee -file ee.req");
+        keytool("-gencert -rfc -alias int -ext 2.5.29.32=3006300406022A03 "
+                + "-infile ee.req -outfile ee.cert");
+        keytool("-import -alias ee -file ee.cert");
+
+        Files.write(Path.of("cc"), List.of(
+                keytool("-export -alias ee -rfc").getOutput(),
+                keytool("-export -alias int -rfc").getOutput(),
+                keytool("-export -alias ca -rfc").getOutput()));
+
+        keytool("-delete -alias int");
+
+        JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("cc"));
+
+        // Make sure the certchain in the signed jar contains all 3 certs
+        jarsigner("-strict -certchain cc a.jar ee -debug")
+                .shouldHaveExitValue(0);
+
+        jarsigner("-strict -verify a.jar -debug")
+                .shouldHaveExitValue(0);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/CheckUsage.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7004168
+ * @summary jarsigner -verify checks for KeyUsage codesigning ext on all certs
+ *  instead of just signing cert
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class CheckUsage {
+
+    static OutputAnalyzer keytool(String cmd) throws Exception {
+        return SecurityTools.keytool("-keypass changeit -storepass changeit "
+                + "-keyalg rsa " + cmd);
+    }
+
+    public static void main(String[] args) throws Exception {
+        Files.write(Path.of("x"), List.of("x"));
+        JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("x"));
+
+        // ################### 3 Keystores #######################
+
+        // Keystore js.jks: including CA and Publisher
+        // CA contains a non-empty KeyUsage
+        keytool("-keystore js.jks -genkeypair -alias ca -dname CN=CA "
+                + "-ext KU=kCS -ext bc -validity 365");
+        keytool("-keystore js.jks -genkeypair -alias pub -dname CN=Publisher");
+
+        // Publisher contains the correct KeyUsage
+        keytool("-keystore js.jks -certreq -alias pub -file pub.req");
+        keytool("-keystore js.jks -gencert -alias ca -ext KU=dig -validity 365 "
+                + "-infile pub.req -outfile pub.cert");
+        keytool("-keystore js.jks -importcert -alias pub -file pub.cert");
+
+        // Keystore trust.jks: including CA only
+        keytool("-keystore js.jks -exportcert -alias ca -file ca.cert");
+        keytool("-keystore trust.jks -importcert -alias ca -noprompt -file ca.cert");
+
+        // Keystore unrelated.jks: unrelated
+        keytool("-keystore unrelated.jks -genkeypair -alias nothing "
+                + "-dname CN=Nothing -validity 365");
+
+        // ################### 4 Tests #######################
+
+        // Test 1: Sign should be OK
+
+        SecurityTools.jarsigner("-keystore js.jks -storepass changeit a.jar pub")
+                .shouldHaveExitValue(0);
+
+        // Test 2: Verify should be OK
+
+        SecurityTools.jarsigner("-keystore trust.jks -storepass changeit "
+                + "-strict -verify a.jar")
+                .shouldHaveExitValue(0);
+
+        // Test 3: When no keystore is specified, the error is only
+        // "chain invalid"
+
+        SecurityTools.jarsigner("-strict -verify a.jar")
+                .shouldHaveExitValue(4);
+
+        // Test 4: When unrelated keystore is specified, the error is
+        // "chain invalid" and "not alias in keystore"
+
+        SecurityTools.jarsigner("-keystore unrelated.jks -storepass changeit "
+                + "-strict -verify a.jar")
+                .shouldHaveExitValue(36);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/Collator.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8021789
+ * @summary jarsigner parses alias as command line option (depending on locale)
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class Collator {
+    public static void main(String[] args) throws Exception {
+
+        Files.write(Path.of("collator"), List.of("12345"));
+        JarUtils.createJarFile(
+                Path.of("collator.jar"), Path.of("."), Path.of("collator"));
+
+        SecurityTools.keytool("-storepass changeit -keypass changeit "
+                + "-keyalg rsa -keystore collator.jks -alias debug "
+                + "-dname CN=debug -genkey -validity 300")
+                .shouldHaveExitValue(0);
+
+        // use "debug" as alias name
+        SecurityTools.jarsigner("-keystore collator.jks "
+                + "-storepass changeit collator.jar debug")
+                .shouldHaveExitValue(0);
+
+        // use "" as alias name (although there will be a warning)
+        SecurityTools.jarsigner("-keystore", "collator.jks",
+                "-storepass", "changeit", "-verify", "collator.jar", "")
+                .shouldHaveExitValue(0);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,273 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6802846 8172529
+ * @summary jarsigner needs enhanced cert validation(options)
+ * @library /test/lib
+ * @run main/timeout=240 ConciseJarsigner
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Calendar;
+import java.util.List;
+
+public class ConciseJarsigner {
+
+    static OutputAnalyzer kt(String cmd) throws Exception {
+        // Choose 1024-bit RSA to make sure it runs fine and fast. In
+        // fact, every keyalg/keysize combination is OK for this test.
+        return SecurityTools.keytool("-storepass changeit -keypass changeit "
+                + "-keystore ks -keyalg rsa -keysize 1024 " + cmd);
+    }
+
+    static void gencert(String owner, String cmd) throws Exception {
+        kt("-certreq -alias " + owner + " -file tmp.req");
+        kt("-gencert -infile tmp.req -outfile tmp.cert " + cmd);
+        kt("-import -alias " + owner + " -file tmp.cert");
+    }
+
+    static OutputAnalyzer js(String cmd) throws Exception {
+        return SecurityTools.jarsigner("-debug " + cmd);
+    }
+
+    public static void main(String[] args) throws Exception {
+
+        Files.write(Path.of("A1"), List.of("a1"));
+        Files.write(Path.of("A2"), List.of("a2"));
+        Files.write(Path.of("A3"), List.of("a3"));
+        Files.write(Path.of("A4"), List.of("a4"));
+        Files.write(Path.of("A5"), List.of("a5"));
+        Files.write(Path.of("A6"), List.of("a6"));
+
+        String year = "" + Calendar.getInstance().get(Calendar.YEAR);
+
+        // ==========================================================
+        // First part: output format
+        // ==========================================================
+
+        kt("-genkeypair -alias a1 -dname CN=a1 -validity 366");
+        kt("-genkeypair -alias a2 -dname CN=a2 -validity 366");
+
+        // a.jar includes 8 unsigned, 2 signed by a1 and a2, 2 signed by a3
+        SecurityTools.jar("cvf a.jar A1 A2");
+        js("-keystore ks -storepass changeit a.jar a1");
+        SecurityTools.jar("uvf a.jar A3 A4");
+        js("-keystore ks -storepass changeit a.jar a2");
+        SecurityTools.jar("uvf a.jar A5 A6");
+
+        // Verify OK
+        js("-verify a.jar").shouldHaveExitValue(0);
+
+        // 4(chainNotValidated)+16(hasUnsignedEntry)
+        js("-verify a.jar -strict").shouldHaveExitValue(20);
+
+        // 16(hasUnsignedEntry)
+        js("-verify a.jar -strict -keystore ks -storepass changeit")
+                .shouldHaveExitValue(16);
+
+        // 16(hasUnsignedEntry)+32(notSignedByAlias)
+        js("-verify a.jar a1 -strict -keystore ks -storepass changeit")
+                .shouldHaveExitValue(48);
+
+        // 16(hasUnsignedEntry)
+        js("-verify a.jar a1 a2 -strict -keystore ks -storepass changeit")
+                .shouldHaveExitValue(16);
+
+        // 12 entries all together
+        Asserts.assertTrue(js("-verify a.jar -verbose")
+                .asLines().stream()
+                .filter(s -> s.contains(year))
+                .count() == 12);
+
+        // 12 entries all listed
+        Asserts.assertTrue(js("-verify a.jar -verbose:grouped")
+                .asLines().stream()
+                .filter(s -> s.contains(year))
+                .count() == 12);
+
+        // 4 groups: MANIFST, unrelated, signed, unsigned
+        Asserts.assertTrue(js("-verify a.jar -verbose:summary")
+                .asLines().stream()
+                .filter(s -> s.contains(year))
+                .count() == 4);
+
+        // still 4 groups, but MANIFEST group has no other file
+        Asserts.assertTrue(js("-verify a.jar -verbose:summary")
+                .asLines().stream()
+                .filter(s -> s.contains("more)"))
+                .count() == 3);
+
+        // 5 groups: MANIFEST, unrelated, signed by a1/a2, signed by a2, unsigned
+        Asserts.assertTrue(js("-verify a.jar -verbose:summary -certs")
+                .asLines().stream()
+                .filter(s -> s.contains(year))
+                .count() == 5);
+
+        // 2 for MANIFEST, 2*2 for A1/A2, 2 for A3/A4
+        Asserts.assertTrue(js("-verify a.jar -verbose -certs")
+                .asLines().stream()
+                .filter(s -> s.contains("[certificate"))
+                .count() == 8);
+
+        // a1,a2 for MANIFEST, a1,a2 for A1/A2, a2 for A3/A4
+        Asserts.assertTrue(js("-verify a.jar -verbose:grouped -certs")
+                .asLines().stream()
+                .filter(s -> s.contains("[certificate"))
+                .count() == 5);
+
+        // a1,a2 for MANIFEST, a1,a2 for A1/A2, a2 for A3/A4
+        Asserts.assertTrue(js("-verify a.jar -verbose:summary -certs")
+                .asLines().stream()
+                .filter(s -> s.contains("[certificate"))
+                .count() == 5);
+
+        // still 5 groups, but MANIFEST group has no other file
+        Asserts.assertTrue(js("-verify a.jar -verbose:summary -certs")
+                .asLines().stream()
+                .filter(s -> s.contains("more)"))
+                .count() == 4);
+
+        // ==========================================================
+        // Second part: exit code 2, 4, 8.
+        // 16 and 32 already covered in the first part
+        // ==========================================================
+
+        kt("-genkeypair -alias ca -dname CN=ca -ext bc -validity 365");
+        kt("-genkeypair -alias expired -dname CN=expired");
+        gencert("expired", "-alias ca -startdate -10m");
+        kt("-genkeypair -alias notyetvalid -dname CN=notyetvalid");
+        gencert("notyetvalid", "-alias ca -startdate +1m");
+        kt("-genkeypair -alias badku -dname CN=badku");
+        gencert("badku", "-alias ca -ext KU=cRLSign -validity 365");
+        kt("-genkeypair -alias badeku -dname CN=badeku");
+        gencert("badeku", "-alias ca -ext EKU=sa -validity 365");
+        kt("-genkeypair -alias goodku -dname CN=goodku");
+        gencert("goodku", "-alias ca -ext KU=dig -validity 365");
+        kt("-genkeypair -alias goodeku -dname CN=goodeku");
+        gencert("goodeku", "-alias ca -ext EKU=codesign -validity 365");
+
+        js("-strict -keystore ks -storepass changeit a.jar expired")
+                .shouldHaveExitValue(4);
+
+        js("-strict -keystore ks -storepass changeit a.jar notyetvalid")
+                .shouldHaveExitValue(4);
+
+        js("-strict -keystore ks -storepass changeit a.jar badku")
+                .shouldHaveExitValue(8);
+
+        js("-strict -keystore ks -storepass changeit a.jar badeku")
+                .shouldHaveExitValue(8);
+
+        js("-strict -keystore ks -storepass changeit a.jar goodku")
+                .shouldHaveExitValue(0);
+
+        js("-strict -keystore ks -storepass changeit a.jar goodeku")
+                .shouldHaveExitValue(0);
+
+        // badchain signed by ca1, but ca1 is removed later
+        kt("-genkeypair -alias badchain -dname CN=badchain -validity 365");
+        kt("-genkeypair -alias ca1 -dname CN=ca1 -ext bc -validity 365");
+        gencert("badchain", "-alias ca1 -validity 365");
+
+        // save ca1.cert for easy replay
+        kt("-exportcert -file ca1.cert -alias ca1");
+        kt("-delete -alias ca1");
+
+        js("-strict -keystore ks -storepass changeit a.jar badchain")
+                .shouldHaveExitValue(4);
+
+        js("-verify a.jar").shouldHaveExitValue(0);
+
+        // ==========================================================
+        // Third part: -certchain test
+        // ==========================================================
+
+        // altchain signed by ca2
+        kt("-genkeypair -alias altchain -dname CN=altchain -validity 365");
+        kt("-genkeypair -alias ca2 -dname CN=ca2 -ext bc -validity 365");
+        kt("-certreq -alias altchain -file altchain.req");
+        Files.write(Path.of("certchain"), List.of(
+                kt("-gencert -alias ca2 -validity 365 -rfc -infile altchain.req")
+                        .getOutput(),
+                kt("-exportcert -alias ca2 -rfc").getOutput()));
+
+        // Self-signed cert does not work
+        js("-strict -keystore ks -storepass changeit a.jar altchain")
+                .shouldHaveExitValue(4);
+
+        // -certchain works
+        js("-strict -keystore ks -storepass changeit -certchain certchain "
+                + "a.jar altchain")
+                .shouldHaveExitValue(0);
+
+        // if ca2 is removed, -certchain still work because altchain is a
+        // self-signed entry and it is trusted by jarsigner
+        // save ca2.cert for easy replay
+        kt("-exportcert -file ca2.cert -alias ca2");
+        kt("-delete -alias ca2");
+        js("-strict -keystore ks -storepass changeit "
+                + "-certchain certchain a.jar altchain")
+                .shouldHaveExitValue(0);
+
+        // if cert is imported, -certchain won't work because this
+        // certificate entry is not trusted
+        kt("-importcert -file certchain -alias altchain -noprompt");
+        js("-strict -keystore ks -storepass changeit "
+                + "-certchain certchain a.jar altchain")
+                .shouldHaveExitValue(4);
+
+        js("-verify a.jar").shouldHaveExitValue(0);
+
+        // ==========================================================
+        // 8172529
+        // ==========================================================
+
+        kt("-genkeypair -alias ee -dname CN=ee");
+        kt("-genkeypair -alias caone -dname CN=caone");
+        kt("-genkeypair -alias catwo -dname CN=catwo");
+
+        kt("-certreq -alias ee -file ee.req");
+        kt("-certreq -alias catwo -file catwo.req");
+
+        // This certchain contains a cross-signed weak catwo.cert
+        Files.write(Path.of("ee2"), List.of(
+                kt("-gencert -alias catwo -rfc -infile ee.req").getOutput(),
+                kt("-gencert -alias caone -sigalg MD5withRSA -rfc "
+                        + "-infile catwo.req").getOutput()));
+
+        kt("-importcert -alias ee -file ee2");
+
+        SecurityTools.jar("cvf a.jar A1");
+        js("-strict -keystore ks -storepass changeit a.jar ee")
+                .shouldHaveExitValue(0);
+        js("-strict -keystore ks -storepass changeit -verify a.jar")
+                .shouldHaveExitValue(0);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/Crl.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6890876 6950931
+ * @summary jarsigner can add CRL info into signed jar (updated)
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+public class Crl {
+    static OutputAnalyzer kt(String cmd) throws Exception {
+        return SecurityTools.keytool("-storepass changeit -keypass changeit "
+                + "-keystore ks -keyalg rsa " + cmd);
+    }
+
+    public static void main(String[] args) throws Exception {
+        kt("-alias a -dname CN=a -keyalg rsa -genkey -validity 300");
+        kt("-alias a -gencrl -id 1:1 -id 2:2 -file crl1")
+                .shouldHaveExitValue(0);
+        kt("-alias a -gencrl -id 3:3 -id 4:4 -file crl2")
+                .shouldHaveExitValue(0);
+        kt("-alias a -gencrl -id 5:1 -id 6:2 -file crl3")
+                .shouldHaveExitValue(0);
+
+        // Test keytool -printcrl
+
+        kt("-printcrl -file crl1").shouldHaveExitValue(0);
+        kt("-printcrl -file crl2").shouldHaveExitValue(0);
+        kt("-printcrl -file crl3").shouldHaveExitValue(0);
+
+        // Test keytool -ext crl
+
+        kt("-alias b -dname CN=c -keyalg rsa -genkey -validity 300 "
+                + "-ext crl=uri:http://www.example.com/crl")
+                .shouldHaveExitValue(0);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/DefaultOptions.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8049834
+ * @summary Two security tools tests do not run with only JRE
+ * @library /test/lib
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.process.ProcessTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+import java.util.jar.JarFile;
+
+public class DefaultOptions {
+
+    static OutputAnalyzer jarsigner(String cmd) throws Throwable {
+        ProcessBuilder pb = SecurityTools.getProcessBuilder(
+                "jarsigner", List.of(cmd.trim().split("\\s+")));
+        pb.environment().put("PASS", "changeit");
+        return ProcessTools.executeCommand(pb);
+    }
+
+    static OutputAnalyzer keytool(String cmd) throws Throwable {
+        cmd = "-storepass:env PASS -keypass:env PASS -keystore ks " + cmd;
+        ProcessBuilder pb = SecurityTools.getProcessBuilder(
+                "keytool", List.of(cmd.trim().split("\\s+")));
+        pb.environment().put("PASS", "changeit");
+        return ProcessTools.executeCommand(pb);
+    }
+
+    public static void main(String[] args) throws Throwable {
+        keytool("-genkeypair -dname CN=A -alias a -keyalg rsa")
+                .shouldHaveExitValue(0);
+        keytool("-genkeypair -dname CN=CA -alias ca -keyalg rsa")
+                .shouldHaveExitValue(0);
+        keytool("-alias a -certreq -file a.req");
+        keytool("-alias ca -gencert -infile a.req -outfile a.cert");
+        keytool("-alias a -import -file a.cert").shouldHaveExitValue(0);
+
+        Files.write(Path.of("js.conf"), List.of(
+                "jarsigner.all = -keystore ${user.dir}/ks -storepass:env PASS "
+                        + "-debug -strict",
+                "jarsigner.sign = -digestalg SHA1",
+                "jarsigner.verify = -verbose:summary"));
+
+        JarUtils.createJarFile(Path.of("a.jar"), Path.of("."),
+                Path.of("ks"), Path.of("js.conf"));
+
+        jarsigner("-conf js.conf a.jar a").shouldHaveExitValue(0);
+        jarsigner("-conf js.conf -verify a.jar").shouldHaveExitValue(0)
+                .shouldContain("and 1 more");
+
+        try (JarFile jf = new JarFile("a.jar")) {
+            Asserts.assertTrue(jf.getManifest().getAttributes("ks").keySet()
+                    .stream()
+                    .anyMatch(s -> s.toString().contains("SHA1-Digest")));
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/DiffEnd.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6948909
+ * @summary Jarsigner removes MANIFEST.MF info for badly packages jar's
+ * @library /test/lib
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import java.io.FileOutputStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.jar.Attributes;
+import java.util.jar.JarFile;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipOutputStream;
+
+public class DiffEnd {
+
+    static void check() throws Exception {
+        SecurityTools.jarsigner("-keystore "
+                + Path.of(System.getProperty("test.src"), "JarSigning.keystore")
+                .toString()
+                + " -storepass bbbbbb -digestalg SHA1"
+                + " -signedjar diffend.new.jar diffend.jar c");
+
+        try (JarFile jf = new JarFile("diffend.new.jar")) {
+            Asserts.assertTrue(jf.getManifest().getMainAttributes()
+                    .containsKey(new Attributes.Name("Today")));
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+
+        // A MANIFEST.MF using \n as newlines and no double newlines at the end
+        byte[] manifest =
+                ("Manifest-Version: 1.0\n"
+                        + "Created-By: 1.7.0-internal (Sun Microsystems Inc.)\n"
+                        + "Today: Monday\n").getBytes(StandardCharsets.UTF_8);
+
+        // With the fake .RSA file, to trigger the if (wasSigned) block
+        try (FileOutputStream fos = new FileOutputStream("diffend.jar");
+             ZipOutputStream zos = new ZipOutputStream(fos)) {
+            zos.putNextEntry(new ZipEntry("META-INF/MANIFEST.MF"));
+            zos.write(manifest);
+            zos.putNextEntry(new ZipEntry("META-INF/x.RSA"));
+            zos.putNextEntry(new ZipEntry("1"));
+            zos.write(new byte[10]);
+        }
+
+        check();
+
+        // Without the fake .RSA file, to trigger the else block
+        try (FileOutputStream fos = new FileOutputStream("diffend.jar");
+             ZipOutputStream zos = new ZipOutputStream(fos)) {
+            zos.putNextEntry(new ZipEntry("META-INF/MANIFEST.MF"));
+            zos.write(manifest);
+            zos.putNextEntry(new ZipEntry("1"));
+            zos.write(new byte[10]);
+        }
+
+        check();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/EC.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6870812
+ * @summary enhance security tools to use ECC algorithm
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class EC {
+    static OutputAnalyzer kt(String cmd) throws Exception {
+        return SecurityTools.keytool("-storepass changeit "
+                + "-keypass changeit -keystore ks " + cmd);
+    }
+
+    static void gencert(String owner, String cmd) throws Exception {
+        kt("-certreq -alias " + owner + " -file tmp.req")
+                .shouldHaveExitValue(0);
+        kt("-gencert -infile tmp.req -outfile tmp.cert " + cmd)
+                .shouldHaveExitValue(0);
+        kt("-import -alias " + owner + " -file tmp.cert")
+                .shouldHaveExitValue(0);
+    }
+
+    static OutputAnalyzer js(String cmd) throws Exception {
+        return SecurityTools.jarsigner("-keystore ks -storepass changeit " + cmd);
+    }
+
+    public static void main(String[] args) throws Exception {
+        Files.write(Path.of("A"), List.of("A"));
+        JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("A"));
+
+        kt("-alias ca -dname CN=ca -keyalg ec -genkey -validity 300")
+                .shouldHaveExitValue(0);
+        kt("-alias a -dname CN=a -keyalg ec -genkey")
+                .shouldHaveExitValue(0);
+        gencert("a", "-alias ca -validity 300");
+
+        kt("-alias b -dname CN=b -keyalg ec -genkey")
+                .shouldHaveExitValue(0);
+        gencert("b", "-alias ca -validity 300");
+
+        // Ensure key length sufficient for intended hash (SHA512withECDSA)
+        kt("-alias c -dname CN=c -keyalg ec -genkey -keysize 521")
+                .shouldHaveExitValue(0);
+        gencert("c", "-alias ca -validity 300");
+
+        kt("-alias x -dname CN=x -keyalg ec -genkey -validity 300")
+                .shouldHaveExitValue(0);
+        gencert("x", "-alias ca -validity 300");
+
+        js("a.jar a -debug -strict").shouldHaveExitValue(0);
+        js("a.jar b -debug -strict -sigalg SHA1withECDSA").shouldHaveExitValue(0);
+        js("a.jar c -debug -strict -sigalg SHA512withECDSA").shouldHaveExitValue(0);
+
+        js("-verify a.jar a -debug -strict").shouldHaveExitValue(0);
+        js("-verify a.jar b -debug -strict").shouldHaveExitValue(0);
+        js("-verify a.jar c -debug -strict").shouldHaveExitValue(0);
+
+        // Not signed by x, should exit with non-zero
+        js("-verify a.jar x -debug -strict").shouldNotHaveExitValue(0);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/EmptyManifest.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6712755
+ * @summary jarsigner fails to sign itextasian.jar since 1.5.0_b14,
+ *          it works with 1.5.0_13
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+import java.io.FileOutputStream;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipOutputStream;
+
+public class EmptyManifest {
+
+    public static void main(String[] args) throws Exception {
+
+        try (FileOutputStream fos = new FileOutputStream("em.jar");
+             ZipOutputStream zos = new ZipOutputStream(fos)) {
+            zos.putNextEntry(new ZipEntry("META-INF/MANIFEST.MF"));
+            zos.write(new byte[]{'\r', '\n'});
+            zos.putNextEntry(new ZipEntry("A"));
+            zos.write(new byte[10]);
+            zos.putNextEntry(new ZipEntry("B"));
+            zos.write(new byte[0]);
+        }
+
+        SecurityTools.keytool("-keystore ks -storepass changeit "
+                + "-keypass changeit -alias a -dname CN=a -keyalg rsa "
+                + "-genkey -validity 300");
+
+        SecurityTools.jarsigner("-keystore ks -storepass changeit em.jar a")
+                .shouldHaveExitValue(0);
+        SecurityTools.jarsigner("-keystore ks -storepass changeit -verify "
+                + "-debug -strict em.jar")
+                .shouldHaveExitValue(0);
+    }
+}
--- a/test/jdk/sun/security/tools/jarsigner/EntriesOrder.java	Thu Apr 11 22:56:11 2019 -0400
+++ b/test/jdk/sun/security/tools/jarsigner/EntriesOrder.java	Fri Apr 12 13:35:23 2019 +0800
@@ -64,9 +64,9 @@
         // directory ignored), we can get 2 signed ones (inf, a).
 
         // Prepares raw files
-        Files.write(Paths.get("a"), "a".getBytes());
+        Files.write(Paths.get("a"), List.of("a"));
         Files.createDirectory(Paths.get("META-INF/"));
-        Files.write(Paths.get("META-INF/inf"), "inf".getBytes());
+        Files.write(Paths.get("META-INF/inf"), List.of("inf"));
 
         // Pack, sign, and extract to get all files
         sun.tools.jar.Main m =
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/JvIndex.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8022761
+ * @summary regression: SecurityException is NOT thrown while trying
+ *          to pack a wrongly signed Indexed Jar file
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class JvIndex {
+    public static void main(String[] args) throws Exception {
+
+        Files.write(Path.of("abcde"), List.of("12345"));
+        JarUtils.createJarFile(Path.of("jvindex.jar"), Path.of("."),
+                Path.of("abcde"));
+        SecurityTools.keytool("-storepass changeit -keypass changeit "
+                + "-keystore ks -keyalg rsa -alias a -dname CN=a "
+                + "-genkey -validity 300")
+                .shouldHaveExitValue(0);
+        SecurityTools.jarsigner("-keystore ks -storepass changeit jvindex.jar a")
+                .shouldHaveExitValue(0);
+
+        SecurityTools.jar("i jvindex.jar");
+
+        // Make sure the $F line has "sm" (signed and in manifest)
+        SecurityTools.jarsigner("-keystore ks -storepass changeit -verify "
+                + "-verbose jvindex.jar")
+                .shouldHaveExitValue(0)
+                .shouldMatch("sm.*abcde");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/NameClash.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6876328
+ * @summary different names for the same digest algorithms breaks jarsigner
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class NameClash {
+    public static void main(String[] args) throws Exception {
+        String common = "-storepass changeit -keypass changeit -keystore ks ";
+
+        SecurityTools.keytool(common + "-alias a -dname CN=a -keyalg rsa "
+                + "-genkey -validity 300");
+        SecurityTools.keytool(common + "-alias b -dname CN=b -keyalg rsa "
+                + "-genkey -validity 300");
+
+        Files.write(Path.of("A"), List.of("A"));
+        JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("A"));
+
+        SecurityTools.jarsigner(common + "a.jar a -digestalg SHA1")
+                .shouldHaveExitValue(0);
+        SecurityTools.jarsigner(common + "a.jar b -digestalg SHA-1")
+                .shouldHaveExitValue(0);
+
+        SecurityTools.jarsigner(common + "-verify -debug -strict a.jar")
+                .shouldHaveExitValue(0);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/NewSize7.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6561126
+ * @summary keytool should use larger default keysize for keypairs
+ * @library /test/lib
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.jar.JarFile;
+import java.util.jar.Manifest;
+
+public class NewSize7 {
+    public static void main(String[] args) throws Exception {
+        String common = "-storepass changeit -keypass changeit -keystore ks ";
+        SecurityTools.keytool(common
+                + "-keyalg rsa -genkeypair -alias me -dname CN=Me");
+        Files.write(Path.of("ns7.txt"), new byte[0]);
+        JarUtils.createJarFile(Path.of("ns7.jar"), Path.of("."),
+                Path.of("ns7.txt"));
+        SecurityTools.jarsigner(common + "ns7.jar me");
+
+        try (JarFile jf = new JarFile("ns7.jar")) {
+            try (InputStream is = jf.getInputStream(
+                    jf.getEntry("META-INF/MANIFEST.MF"))) {
+                Asserts.assertTrue(new Manifest(is).getAttributes("ns7.txt")
+                        .keySet().stream()
+                        .anyMatch(s -> s.toString().contains("SHA-256")));
+            }
+            try (InputStream is = jf.getInputStream(
+                    jf.getEntry("META-INF/ME.SF"))) {
+                Asserts.assertTrue(new Manifest(is).getAttributes("ns7.txt")
+                        .keySet().stream()
+                        .anyMatch(s -> s.toString().contains("SHA-256")));
+            }
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/OldSig.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6543940 6868865
+ * @summary Exception thrown when signing a jarfile in java 1.5
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+public class OldSig {
+    public static void main(String[] args) throws Exception {
+        Path src = Path.of(System.getProperty("test.src"));
+        // copy jar file into writeable location
+        Files.copy(src.resolve("oldsig/A.jar"), Path.of("B.jar"));
+        Files.copy(src.resolve("oldsig/A.class"), Path.of("B.class"));
+
+        JarUtils.updateJarFile(Path.of("B.jar"), Path.of("."),
+                Path.of("B.class"));
+
+        SecurityTools.jarsigner("-keystore " + src.resolve("JarSigning.keystore")
+                + " -storepass bbbbbb -digestalg SHA1 B.jar c");
+        SecurityTools.jarsigner("-verify B.jar");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/OnlyManifest.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7004035
+ * @summary signed jar with only META-INF/* inside is not verifiable
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class OnlyManifest {
+    static OutputAnalyzer kt(String cmd) throws Exception {
+        return SecurityTools.keytool("-storepass changeit -keypass changeit "
+                + "-keystore ks -keyalg rsa " + cmd);
+    }
+
+    static void gencert(String owner, String cmd) throws Exception {
+        kt("-certreq -alias " + owner + " -file tmp.req");
+        kt("-gencert -infile tmp.req -outfile tmp.cert " + cmd);
+        kt("-import -alias " + owner + " -file tmp.cert");
+    }
+
+    public static void main(String[] args) throws Exception {
+        // Create an empty jar file with only MANIFEST.MF
+        Files.write(Path.of("manifest"), List.of("Key: Value"));
+        SecurityTools.jar("cvfm a.jar manifest");
+
+        kt("-alias ca -dname CN=ca -genkey -validity 300")
+                .shouldHaveExitValue(0);
+        kt("-alias a -dname CN=a -genkey -validity 300")
+                .shouldHaveExitValue(0);
+        gencert("a", "-alias ca -validity 300");
+
+        SecurityTools.jarsigner("-keystore ks -storepass changeit"
+                + " a.jar a -debug -strict")
+                .shouldHaveExitValue(0);
+        SecurityTools.jarsigner("-keystore ks -storepass changeit"
+                + " -verify a.jar a -debug -strict")
+                .shouldHaveExitValue(0)
+                .shouldNotContain("unsigned");
+    }
+}
--- a/test/jdk/sun/security/tools/jarsigner/Options.java	Thu Apr 11 22:56:11 2019 -0400
+++ b/test/jdk/sun/security/tools/jarsigner/Options.java	Fri Apr 12 13:35:23 2019 +0800
@@ -58,7 +58,7 @@
     public static void main(String[] args) throws Exception {
 
         // Prepares raw file
-        Files.write(Paths.get("a"), "a".getBytes());
+        Files.write(Paths.get("a"), List.of("a"));
 
         // Pack
         JarUtils.createJar("a.jar", "a");
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/PassType.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6868579
+ * @summary RFE: jarsigner to support reading password from environment variable
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.process.ProcessTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class PassType {
+
+    static OutputAnalyzer jarsignerWithEnv(String cmd) throws Throwable {
+        ProcessBuilder pb = SecurityTools.getProcessBuilder(
+                "jarsigner", List.of(cmd.trim().split("\\s+")));
+        pb.environment().put("PASSENV", "test12");
+        return ProcessTools.executeCommand(pb);
+    }
+
+    static OutputAnalyzer keytoolWithEnv(String cmd) throws Throwable {
+        ProcessBuilder pb = SecurityTools.getProcessBuilder(
+                "keytool", List.of(cmd.trim().split("\\s+")));
+        pb.environment().put("PASSENV", "test12");
+        return ProcessTools.executeCommand(pb);
+    }
+
+    public static void main(String[] args) throws Throwable {
+
+        SecurityTools.keytool("-keystore ks -validity 300 -keyalg rsa "
+                + "-alias a -dname CN=a -keyalg rsa -genkey "
+                + "-storepass test12 -keypass test12")
+                .shouldHaveExitValue(0);
+        keytoolWithEnv("-keystore ks -validity 300 -keyalg rsa "
+                + "-alias b -dname CN=b -keyalg rsa -genkey "
+                + "-storepass:env PASSENV -keypass:env PASSENV")
+                .shouldHaveExitValue(0);
+        Files.write(Path.of("passfile"), List.of("test12"));
+        SecurityTools.keytool("-keystore ks -validity 300 -keyalg rsa "
+                + "-alias c -dname CN=c -keyalg rsa -genkey "
+                + "-storepass:file passfile -keypass:file passfile")
+                .shouldHaveExitValue(0);
+
+        Files.write(Path.of("A"), List.of("A"));
+        JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("A"));
+
+        // Sign
+        SecurityTools.jarsigner("-keystore ks -storepass test12 a.jar a")
+                .shouldHaveExitValue(0);
+        jarsignerWithEnv("-keystore ks -storepass:env PASSENV a.jar b")
+                .shouldHaveExitValue(0);
+        SecurityTools.jarsigner("-keystore ks -storepass:file passfile a.jar c")
+                .shouldHaveExitValue(0);
+
+        // Verify
+        SecurityTools.jarsigner("-keystore ks -storepass test12 "
+                + "-verify -debug -strict a.jar")
+                .shouldHaveExitValue(0);
+        jarsignerWithEnv("-keystore ks -storepass:env PASSENV "
+                + "-verify -debug -strict a.jar")
+                .shouldHaveExitValue(0);
+        SecurityTools.jarsigner("-keystore ks -storepass:file passfile "
+                + "-verify -debug -strict a.jar")
+                .shouldHaveExitValue(0);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/PercentSign.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6522933
+ * @summary jarsigner fails in a directory with a path containing a % sign
+ * @author Wang Weijun
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+public class PercentSign {
+    public static void main(String[] args) throws Exception {
+
+        //  copy jar file into writeable location
+        Files.copy(Path.of(System.getProperty("test.src"), "AlgOptions.jar"),
+                Path.of("AlgOptionsTmp.jar"));
+
+        SecurityTools.jarsigner("-keystore "
+                + Path.of(System.getProperty("test.src"), "a%b", "percent.keystore")
+                + " -storepass changeit AlgOptionsTmp.jar ok")
+                .shouldHaveExitValue(0);
+    }
+}
--- a/test/jdk/sun/security/tools/jarsigner/PercentSign.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,79 +0,0 @@
-#
-# Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6522933
-# @summary jarsigner fails in a directory with a path contianing a % sign
-# @author Wang Weijun
-#
-# @run shell PercentSign.sh
-#
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
-  TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
-  TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
-  echo "TESTJAVA not set.  Test cannot execute."
-  echo "FAILED!!!"
-  exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  SunOS | Linux | Darwin | AIX )
-    NULL=/dev/null
-    PS=":"
-    FS="/"
-    CP="${FS}bin${FS}cp -f"
-    ;;
-  CYGWIN* )
-    NULL=/dev/null
-    PS=";"
-    FS="/"
-    CP="cp -f"
-    ;;
-  Windows_* )
-    NULL=NUL
-    PS=";"
-    FS="\\"
-    CP="cp -f"
-    ;;
-  * )
-    echo "Unrecognized operating system!"
-    exit 1;
-    ;;
-esac
-
-# copy jar file into writeable location
-${CP} ${TESTSRC}${FS}AlgOptions.jar ${TESTCLASSES}${FS}AlgOptionsTmp.jar
-
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
-    -keystore ${TESTSRC}${FS}a%b${FS}percent.keystore \
-    -storepass changeit \
-    ${TESTCLASSES}${FS}AlgOptionsTmp.jar ok
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/SameName.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6866479
+ * @summary libzip.so caused JVM to crash when running jarsigner
+ * @library /test/lib
+ */
+
+import jdk.test.lib.Platform;
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class SameName {
+    public static void main(String[] args) throws Exception {
+
+        String signedJar = Platform.isWindows() ? "EM.jar" : "em.jar";
+
+        Files.write(Path.of("A"), List.of("A"));
+        JarUtils.createJarFile(Path.of("em.jar"), Path.of("."), Path.of("A"));
+
+        SecurityTools.keytool("-storepass changeit -keypass changeit "
+                + "-keystore ks -keyalg rsa  -alias a -dname CN=a "
+                + "-keyalg rsa -genkey -validity 300")
+                .shouldHaveExitValue(0);
+
+        SecurityTools.jarsigner("-keystore ks -storepass changeit "
+                + "-signedjar " + signedJar + " em.jar a")
+                .shouldHaveExitValue(0);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/WeakSize.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8044755
+ * @summary Add a test for algorithm constraints check in jarsigner
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Path;
+
+public class WeakSize {
+
+    static OutputAnalyzer kt(String cmd) throws Exception {
+        // The sigalg used is MD2withRSA, which is obsolete.
+        return SecurityTools.keytool("-storepass changeit -keypass changeit "
+                + "-keystore ks -keyalg rsa -sigalg MD2withRSA " + cmd);
+    }
+
+    static void gencert(String owner, String cmd) throws Exception {
+        kt("-certreq -alias " + owner + " -file tmp.req");
+        kt("-gencert -infile tmp.req -outfile tmp.cert " + cmd);
+        kt("-import -alias " + owner + " -file tmp.cert");
+    }
+
+    public static void main(String[] args) throws Exception {
+
+        kt("-genkeypair -alias ca -dname CN=CA -ext bc");
+        kt("-genkeypair -alias signer -dname CN=Signer");
+        gencert("signer", "-alias ca -ext ku=dS -rfc");
+
+        JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("ks"));
+
+        // We always trust a TrustedCertificateEntry
+        SecurityTools.jarsigner("-keystore ks -storepass changeit "
+                + "-strict -debug a.jar ca")
+                .shouldNotContain("chain is invalid");
+
+        // An end-entity cert must follow algorithm constraints
+        SecurityTools.jarsigner("-keystore ks -storepass changeit "
+                + "-strict -debug a.jar signer")
+                .shouldContain("chain is invalid");
+    }
+}
--- a/test/jdk/sun/security/tools/jarsigner/certpolicy.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,80 +0,0 @@
-#
-# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8036709
-# @summary Java 7 jarsigner displays warning about cert policy tree
-#
-# @run shell certpolicy.sh
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-KT="$TESTJAVA/bin/keytool $TESTTOOLVMOPTS \
-        -keypass changeit -storepass changeit -keystore ks -keyalg rsa"
-JS="$TESTJAVA/bin/jarsigner $TESTTOOLVMOPTS -storepass changeit -keystore ks"
-JAR="$TESTJAVA/bin/jar $TESTTOOLVMOPTS"
-
-rm ks 2> /dev/null
-$KT -genkeypair -alias ca -dname CN=CA -ext bc
-$KT -genkeypair -alias int -dname CN=Int
-$KT -genkeypair -alias ee -dname CN=EE
-
-# CertificatePolicies [[PolicyId: [1.2.3]], [PolicyId: [1.2.4]]]
-# PolicyConstraints: [Require: 0; Inhibit: unspecified]
-$KT -certreq -alias int | \
-        $KT -gencert -rfc -alias ca \
-                -ext 2.5.29.32="30 0C 30 04 06 02 2A 03 30 04 06 02 2A 04" \
-                -ext "2.5.29.36=30 03 80 01 00" -ext bc | \
-        $KT -import -alias int
-
-# CertificatePolicies [[PolicyId: [1.2.3]]]
-$KT -certreq -alias ee | \
-        $KT -gencert -rfc -alias int \
-                -ext 2.5.29.32="30 06 30 04 06 02 2A 03" | \
-        $KT -import -alias ee
-
-$KT -export -alias ee -rfc > cc
-$KT -export -alias int -rfc >> cc
-$KT -export -alias ca -rfc >> cc
-
-$KT -delete -alias int
-
-ERR=''
-$JAR cvf a.jar cc
-
-# Make sure the certchain in the signed jar contains all 3 certs
-$JS -strict -certchain cc a.jar ee -debug || ERR="sign"
-$JS -strict -verify a.jar -debug || ERR="$ERR verify"
-
-if [ "$ERR" = "" ]; then
-    echo "Success"
-    exit 0
-else
-    echo "Failed: $ERR"
-    exit 1
-fi
-
--- a/test/jdk/sun/security/tools/jarsigner/checkusage.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,109 +0,0 @@
-#
-# Copyright (c) 2010, 2017, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 7004168
-# @summary jarsigner -verify checks for KeyUsage codesigning ext on all certs
-#  instead of just signing cert
-#
-# @run shell checkusage.sh
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keyalg rsa"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
-
-rm js.jks trust.jks unrelated.jks 2> /dev/null
-
-echo x > x
-$JAR cvf a.jar x
-
-################### 3 Keystores #######################
-
-# Keystore js.jks: including CA and Publisher
-# CA contains a non-empty KeyUsage
-$KT -keystore js.jks -genkeypair -alias ca -dname CN=CA -ext KU=kCS -ext bc -validity 365
-$KT -keystore js.jks -genkeypair -alias pub -dname CN=Publisher
-
-# Publisher contains the correct KeyUsage
-$KT -keystore js.jks -certreq -alias pub | \
-        $KT -keystore js.jks -gencert -alias ca -ext KU=dig -validity 365 | \
-        $KT -keystore js.jks -importcert -alias pub
-
-# Keystore trust.jks: including CA only
-$KT -keystore js.jks -exportcert -alias ca | \
-        $KT -keystore trust.jks -importcert -alias ca -noprompt
-
-# Keystore unrelated.jks: unrelated
-$KT -keystore unrelated.jks -genkeypair -alias nothing -dname CN=Nothing -validity 365
-
-
-################### 4 Tests #######################
-
-# Test 1: Sign should be OK
-
-$JARSIGNER -keystore js.jks -storepass changeit a.jar pub
-RESULT=$?
-echo $RESULT
-#[ $RESULT = 0 ] || exit 1
-
-# Test 2: Verify should be OK
-
-$JARSIGNER -keystore trust.jks -strict -verify a.jar
-RESULT=$?
-echo $RESULT
-#[ $RESULT = 0 ] || exit 2
-
-# Test 3: When no keystore is specified, the error is only
-# "chain invalid"
-
-$JARSIGNER -strict -verify a.jar
-RESULT=$?
-echo $RESULT
-#[ $RESULT = 4 ] || exit 3
-
-# Test 4: When unrelated keystore is specified, the error is
-# "chain invalid" and "not alias in keystore"
-
-$JARSIGNER -keystore unrelated.jks -strict -verify a.jar
-RESULT=$?
-echo $RESULT
-#[ $RESULT = 36 ] || exit 4
-
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/collator.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-#
-# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8021789
-# @summary jarsigner parses alias as command line option (depending on locale)
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-F=collator
-KS=collator.jks
-JFILE=collator.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit \
-        -keyalg rsa -keystore $KS"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -keystore $KS -storepass changeit"
-
-rm $F $KS $JFILE 2> /dev/null
-
-echo 12345 > $F
-$JAR cvf $JFILE $F
-
-ERR=""
-
-$KT -alias debug -dname CN=debug -genkey -validity 300 || ERR="$ERR 1"
-
-# use "debug" as alias name
-$JARSIGNER $JFILE debug || ERR="$ERR 2"
-
-# use "" as alias name (although there will be a warning)
-$JARSIGNER -verify $JFILE "" || ERR="$ERR 3"
-
-if [ "$ERR" = "" ]; then
-    exit 0
-else
-    echo "ERR is $ERR"
-    exit 1
-fi
--- a/test/jdk/sun/security/tools/jarsigner/concise_jarsigner.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,247 +0,0 @@
-#
-# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6802846 8172529
-# @summary jarsigner needs enhanced cert validation(options)
-#
-# @run shell/timeout=240 concise_jarsigner.sh
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-# Choose 1024-bit RSA to make sure it runs fine and fast on all platforms. In
-# fact, every keyalg/keysize combination is OK for this test.
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-KS=js.ks
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa -keysize 1024"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -debug"
-JAVAC="$TESTJAVA${FS}bin${FS}javac ${TESTTOOLVMOPTS} ${TESTJAVACOPTS}"
-
-rm $KS
-
-echo class A1 {} > A1.java
-echo class A2 {} > A2.java
-echo class A3 {} > A3.java
-echo class A4 {} > A4.java
-echo class A5 {} > A5.java
-echo class A6 {} > A6.java
-
-$JAVAC A1.java A2.java A3.java A4.java A5.java A6.java
-YEAR=`date +%Y`
-
-# ==========================================================
-# First part: output format
-# ==========================================================
-
-$KT -genkeypair -alias a1 -dname CN=a1 -validity 366
-$KT -genkeypair -alias a2 -dname CN=a2 -validity 366
-
-# a.jar includes 8 unsigned, 2 signed by a1 and a2, 2 signed by a3
-$JAR cvf a.jar A1.class A2.class
-$JARSIGNER -keystore $KS -storepass changeit a.jar a1
-$JAR uvf a.jar A3.class A4.class
-$JARSIGNER -keystore $KS -storepass changeit a.jar a2
-$JAR uvf a.jar A5.class A6.class
-
-# Verify OK
-$JARSIGNER -verify a.jar
-[ $? = 0 ] || exit $LINENO
-
-# 4(chainNotValidated)+16(hasUnsignedEntry)
-$JARSIGNER -verify a.jar -strict
-[ $? = 20 ] || exit $LINENO
-
-# 16(hasUnsignedEntry)
-$JARSIGNER -verify a.jar -strict -keystore $KS -storepass changeit
-[ $? = 16 ] || exit $LINENO
-
-# 16(hasUnsignedEntry)+32(notSignedByAlias)
-$JARSIGNER -verify a.jar a1 -strict -keystore $KS -storepass changeit
-[ $? = 48 ] || exit $LINENO
-
-# 16(hasUnsignedEntry)
-$JARSIGNER -verify a.jar a1 a2 -strict -keystore $KS -storepass changeit
-[ $? = 16 ] || exit $LINENO
-
-# 12 entries all together
-LINES=`$JARSIGNER -verify a.jar -verbose | grep $YEAR | wc -l`
-[ $LINES = 12 ] || exit $LINENO
-
-# 12 entries all listed
-LINES=`$JARSIGNER -verify a.jar -verbose:grouped | grep $YEAR | wc -l`
-[ $LINES = 12 ] || exit $LINENO
-
-# 4 groups: MANIFST, unrelated, signed, unsigned
-LINES=`$JARSIGNER -verify a.jar -verbose:summary | grep $YEAR | wc -l`
-[ $LINES = 4 ] || exit $LINENO
-
-# still 4 groups, but MANIFEST group has no other file
-LINES=`$JARSIGNER -verify a.jar -verbose:summary | grep "more)" | wc -l`
-[ $LINES = 3 ] || exit $LINENO
-
-# 5 groups: MANIFEST, unrelated, signed by a1/a2, signed by a2, unsigned
-LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep $YEAR | wc -l`
-[ $LINES = 5 ] || exit $LINENO
-
-# 2 for MANIFEST, 2*2 for A1/A2, 2 for A3/A4
-LINES=`$JARSIGNER -verify a.jar -verbose -certs | grep "\[certificate" | wc -l`
-[ $LINES = 8 ] || exit $LINENO
-
-# a1,a2 for MANIFEST, a1,a2 for A1/A2, a2 for A3/A4
-LINES=`$JARSIGNER -verify a.jar -verbose:grouped -certs | grep "\[certificate" | wc -l`
-[ $LINES = 5 ] || exit $LINENO
-
-# a1,a2 for MANIFEST, a1,a2 for A1/A2, a2 for A3/A4
-LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep "\[certificate" | wc -l`
-[ $LINES = 5 ] || exit $LINENO
-
-# still 5 groups, but MANIFEST group has no other file
-LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep "more)" | wc -l`
-[ $LINES = 4 ] || exit $LINENO
-
-# ==========================================================
-# Second part: exit code 2, 4, 8.
-# 16 and 32 already covered in the first part
-# ==========================================================
-
-$KT -genkeypair -alias ca -dname CN=ca -ext bc -validity 365
-$KT -genkeypair -alias expired -dname CN=expired
-$KT -certreq -alias expired | $KT -gencert -alias ca -startdate -10m | $KT -import -alias expired
-$KT -genkeypair -alias notyetvalid -dname CN=notyetvalid
-$KT -certreq -alias notyetvalid | $KT -gencert -alias ca -startdate +1m | $KT -import -alias notyetvalid
-$KT -genkeypair -alias badku -dname CN=badku
-$KT -certreq -alias badku | $KT -gencert -alias ca -ext KU=cRLSign -validity 365 | $KT -import -alias badku
-$KT -genkeypair -alias badeku -dname CN=badeku
-$KT -certreq -alias badeku | $KT -gencert -alias ca -ext EKU=sa -validity 365 | $KT -import -alias badeku
-$KT -genkeypair -alias goodku -dname CN=goodku
-$KT -certreq -alias goodku | $KT -gencert -alias ca -ext KU=dig -validity 365 | $KT -import -alias goodku
-$KT -genkeypair -alias goodeku -dname CN=goodeku
-$KT -certreq -alias goodeku | $KT -gencert -alias ca -ext EKU=codesign -validity 365 | $KT -import -alias goodeku
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar expired
-[ $? = 4 ] || exit $LINENO
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar notyetvalid
-[ $? = 4 ] || exit $LINENO
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar badku
-[ $? = 8 ] || exit $LINENO
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar badeku
-[ $? = 8 ] || exit $LINENO
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar goodku
-[ $? = 0 ] || exit $LINENO
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar goodeku
-[ $? = 0 ] || exit $LINENO
-
-# badchain signed by ca1, but ca1 is removed later
-$KT -genkeypair -alias badchain -dname CN=badchain -validity 365
-$KT -genkeypair -alias ca1 -dname CN=ca1 -ext bc -validity 365
-$KT -certreq -alias badchain | $KT -gencert -alias ca1 -validity 365 | \
-        $KT -importcert -alias badchain
-# save ca1.cert for easy replay
-$KT -exportcert -file ca1.cert -alias ca1
-$KT -delete -alias ca1
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar badchain
-[ $? = 4 ] || exit $LINENO
-
-$JARSIGNER -verify a.jar
-[ $? = 0 ] || exit $LINENO
-
-# ==========================================================
-# Third part: -certchain test
-# ==========================================================
-
-# altchain signed by ca2
-$KT -genkeypair -alias altchain -dname CN=altchain -validity 365
-$KT -genkeypair -alias ca2 -dname CN=ca2 -ext bc -validity 365
-$KT -certreq -alias altchain | $KT -gencert -alias ca2 -validity 365 -rfc > certchain
-$KT -exportcert -alias ca2 -rfc >> certchain
-
-# Self-signed cert does not work
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar altchain
-[ $? = 4 ] || exit $LINENO
-
-# -certchain works
-$JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain
-[ $? = 0 ] || exit $LINENO
-
-# if ca2 is removed, -certchain still work because altchain is a self-signed entry and
-# it is trusted by jarsigner
-# save ca2.cert for easy replay
-$KT -exportcert -file ca2.cert -alias ca2
-$KT -delete -alias ca2
-$JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain
-[ $? = 0 ] || exit $LINENO
-
-# if cert is imported, -certchain won't work because this certificate entry is not trusted
-$KT -importcert -file certchain -alias altchain -noprompt
-$JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain
-[ $? = 4 ] || exit $LINENO
-
-$JARSIGNER -verify a.jar
-[ $? = 0 ] || exit $LINENO
-
-# ==========================================================
-# 8172529
-# ==========================================================
-
-$KT -genkeypair -alias ee -dname CN=ee
-$KT -genkeypair -alias caone -dname CN=caone
-$KT -genkeypair -alias catwo -dname CN=catwo
-
-$KT -certreq -alias ee | $KT -gencert -alias catwo -rfc > ee.cert
-$KT -certreq -alias catwo | $KT -gencert -alias caone -sigalg MD5withRSA -rfc > catwo.cert
-
-# This certchain contains a cross-signed weak catwo.cert
-cat ee.cert catwo.cert | $KT -importcert -alias ee
-
-$JAR cvf a.jar A1.class
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar ee
-[ $? = 0 ] || exit $LINENO
-$JARSIGNER -strict -keystore $KS -storepass changeit -verify a.jar
-[ $? = 0 ] || exit $LINENO
-
-echo OK
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/crl.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-#
-# Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6890876 6950931
-# @summary jarsigner can add CRL info into signed jar (updated)
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-
-OS=`uname -s`
-case "$OS" in
-  Windows* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-KS=crl.jks
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa"
-
-rm $KS 2> /dev/null
-
-# Test keytool -gencrl
-
-$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
-$KT -alias a -gencrl -id 1:1 -id 2:2 -file crl1 || exit 1
-$KT -alias a -gencrl -id 3:3 -id 4:4 -file crl2 || exit 2
-$KT -alias a -gencrl -id 5:1 -id 6:2 -file crl3 || exit 4
-
-# Test keytool -printcrl
-
-$KT -printcrl -file crl1 || exit 5
-$KT -printcrl -file crl2 || exit 6
-$KT -printcrl -file crl3 || exit 7
-
-
-# Test keytool -ext crl
-
-$KT -alias b -dname CN=c -keyalg rsa -genkey -validity 300 \
-    -ext crl=uri:http://www.example.com/crl || exit 10
-
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/default_options.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,68 +0,0 @@
-#
-# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8049834
-# @summary Two security tools tests do not run with only JRE
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-PASS=changeit
-export PASS
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-KS=ks
-KEYTOOL="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -storepass:env PASS -keypass:env PASS -keystore $KS"
-JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS}"
-
-rm $KS 2> /dev/null
-
-$KEYTOOL -genkeypair -dname CN=A -alias a -keyalg rsa || exit 1
-$KEYTOOL -genkeypair -dname CN=CA -alias ca -keyalg rsa || exit 2
-$KEYTOOL -alias a -certreq |
-    $KEYTOOL -alias ca -gencert |
-    $KEYTOOL -alias a -import || exit 3
-
-cat <<EOF > js.conf
-jarsigner.all = -keystore \${user.dir}/$KS -storepass:env PASS -debug -strict
-jarsigner.sign = -digestalg SHA1
-jarsigner.verify = -verbose:summary
-
-EOF
-
-$JAR cvf a.jar ks js.conf
-
-$JARSIGNER -conf js.conf a.jar a || exit 21
-$JARSIGNER -conf js.conf -verify a.jar > jarsigner.out || exit 22
-grep "and 1 more" jarsigner.out || exit 23
-$JAR xvf a.jar META-INF/MANIFEST.MF
-grep "SHA1-Digest" META-INF/MANIFEST.MF || exit 24
-
-echo Done
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/diffend.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,110 +0,0 @@
-#
-# Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6948909
-# @summary Jarsigner removes MANIFEST.MF info for badly packages jar's
-#
-
-if [ "${TESTSRC}" = "" ] ; then
-  TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
-  TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
-  echo "TESTJAVA not set.  Test cannot execute."
-  echo "FAILED!!!"
-  exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  SunOS | Linux | Darwin | AIX )
-    NULL=/dev/null
-    PS=":"
-    FS="/"
-    CP="${FS}bin${FS}cp -f"
-    ;;
-  CYGWIN* )
-    NULL=/dev/null
-    PS=";"
-    FS="/"
-    CP="cp -f"
-    ;;
-  Windows_* )
-    NULL=NUL
-    PS=";"
-    FS="\\"
-    CP="cp -f"
-    ;;
-  * )
-    echo "Unrecognized operating system!"
-    exit 1;
-    ;;
-esac
-
-echo 1 > 1
-mkdir META-INF
-
-# Create a fake .RSA file so that jarsigner believes it's signed
-
-touch META-INF/x.RSA
-
-# A MANIFEST.MF using \n as newlines and no double newlines at the end
-
-cat > META-INF/MANIFEST.MF <<EOF
-Manifest-Version: 1.0
-Created-By: 1.7.0-internal (Sun Microsystems Inc.)
-Today: Monday
-EOF
-
-# With the fake .RSA file, to trigger the if (wasSigned) block
-
-rm diffend.jar
-zip diffend.jar META-INF/MANIFEST.MF META-INF/x.RSA 1
-
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
-    -keystore ${TESTSRC}${FS}JarSigning.keystore \
-    -storepass bbbbbb \
-    -digestalg SHA1 \
-    -signedjar diffend.new.jar \
-    diffend.jar c
-
-unzip -p diffend.new.jar META-INF/MANIFEST.MF | grep Today || exit 1
-
-# Without the fake .RSA file, to trigger the else block
-
-rm diffend.jar
-zip diffend.jar META-INF/MANIFEST.MF 1
-
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
-    -keystore ${TESTSRC}${FS}JarSigning.keystore \
-    -storepass bbbbbb \
-    -digestalg SHA1 \
-    -signedjar diffend.new.jar \
-    diffend.jar c
-
-unzip -p diffend.new.jar META-INF/MANIFEST.MF | grep Today || exit 2
-
--- a/test/jdk/sun/security/tools/jarsigner/ec.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,83 +0,0 @@
-#
-# Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6870812
-# @summary enhance security tools to use ECC algorithm
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-KS=ec.jks
-JFILE=ec.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
-
-rm $KS $JFILE
-echo A > A
-$JAR cvf $JFILE A
-
-$KT -alias ca -dname CN=ca -keyalg ec -genkey -validity 300 || exit 11
-
-$KT -alias a -dname CN=a -keyalg ec -genkey || exit 11
-$KT -alias a -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias a || exit 111
-
-$KT -alias b -dname CN=b -keyalg ec -genkey || exit 12
-$KT -alias b -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias b || exit 121
-
-# Ensure that key length is sufficient for the intended hash (SHA512withECDSA)
-$KT -alias c -dname CN=c -keyalg ec -genkey -keysize 521 || exit 13
-$KT -alias c -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias c || exit 131
-
-$KT -alias x -dname CN=x -keyalg ec -genkey -validity 300 || exit 14
-$KT -alias x -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias x || exit 141
-
-$JARSIGNER -keystore $KS -storepass changeit $JFILE a -debug -strict || exit 21
-$JARSIGNER -keystore $KS -storepass changeit $JFILE b -debug -strict -sigalg SHA1withECDSA || exit 22
-$JARSIGNER -keystore $KS -storepass changeit $JFILE c -debug -strict -sigalg SHA512withECDSA || exit 23
-
-$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE a -debug -strict || exit 31
-$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE b -debug -strict || exit 32
-$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE c -debug -strict || exit 33
-
-# Not signed by x, should exit with non-zero
-$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE x -debug -strict && exit 34
-
-exit 0
-
--- a/test/jdk/sun/security/tools/jarsigner/emptymanifest.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,76 +0,0 @@
-#
-# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6712755
-# @summary jarsigner fails to sign itextasian.jar since 1.5.0_b14, it works with 1.5.0_13
-#
-# @run shell emptymanifest.sh
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-KS=emptymanifest.ks
-JFILE=em.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JAVA="$TESTJAVA${FS}bin${FS}java ${TESTVMOPTS}"
-JAVAC="$TESTJAVA${FS}bin${FS}javac ${TESTTOOLVMOPTS} ${TESTJAVACOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -keystore $KS -storepass changeit"
-
-rm $KS $JFILE
-echo A > A
-echo B > B
-mkdir META-INF
-cat <<EOF > CrLf.java
-class CrLf {
-  public static void main(String[] args) throws Exception {
-    System.out.write(new byte[] {'\r', '\n'});
-  }
-}
-EOF
-$JAVAC CrLf.java
-$JAVA CrLf > META-INF${FS}MANIFEST.MF
-zip $JFILE META-INF${FS}MANIFEST.MF A B
-
-$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
-
-$JARSIGNER $JFILE a || exit 1
-$JARSIGNER -verify -debug -strict $JFILE || exit 2
-
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/jvindex.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-#
-# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8022761
-# @summary regression: SecurityException is NOT thrown while trying to pack a wrongly signed Indexed Jar file
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-F=abcde
-KS=jvindex.jks
-JFILE=jvindex.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit \
-        -keystore $KS -keyalg rsa"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -keystore $KS -storepass changeit"
-
-rm $F $KS $JFILE 2> /dev/null
-
-echo 12345 > $F
-$JAR cvf $JFILE $F
-
-ERR=""
-
-$KT -alias a -dname CN=a -genkey -validity 300 || ERR="$ERR 1"
-
-$JARSIGNER $JFILE a || ERR="$ERR 2"
-$JAR i $JFILE
-
-# Make sure the $F line has "sm" (signed and in manifest)
-$JARSIGNER -verify -verbose $JFILE | grep $F | grep sm || ERR="$ERR 3"
-
-if [ "$ERR" = "" ]; then
-    exit 0
-else
-    echo "ERR is $ERR"
-    exit 1
-fi
--- a/test/jdk/sun/security/tools/jarsigner/nameclash.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-#
-# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6876328
-# @summary different names for the same digest algorithms breaks jarsigner
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-KS=nc.ks
-JFILE=nc.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -keystore $KS -storepass changeit"
-
-rm $KS $JFILE
-
-$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
-$KT -alias b -dname CN=b -keyalg rsa -genkey -validity 300
-
-echo A > A
-$JAR cvf $JFILE A
-
-$JARSIGNER $JFILE a -digestalg SHA1 || exit 1
-$JARSIGNER $JFILE b -digestalg SHA-1 || exit 2
-
-$JARSIGNER -verify -debug -strict $JFILE || exit 3
-
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/newsize7.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-#
-# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6561126
-# @summary keytool should use larger default keysize for keypairs
-#
-# @run shell newsize7.sh
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
-   TESTSRC="."
-fi
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVA_CMD=`which java`
-  TESTJAVA=`dirname $JAVA_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-KSFILE=ns7.jks
-
-KT="${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -keystore ns7.jks -storepass changeit -keypass changeit -keyalg rsa"
-JAR="${TESTJAVA}${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JS="${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -keystore ns7.jks -storepass changeit"
-
-rm ns7.*
-
-$KT -genkeypair -alias me -dname CN=Me
-
-touch ns7.txt
-$JAR cvf ns7.jar ns7.txt
-
-$JS ns7.jar me
-$JAR xvf ns7.jar
-
-grep SHA-256 META-INF/MANIFEST.MF || exit 1
-grep SHA-256 META-INF/ME.SF || exit 2
-
-#rm -rf META-INF
-
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/oldsig.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,79 +0,0 @@
-#
-# Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6543940 6868865
-# @summary Exception thrown when signing a jarfile in java 1.5
-#
-# @run shell oldsig.sh
-
-if [ "${TESTSRC}" = "" ] ; then
-  TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
-  TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
-  echo "TESTJAVA not set.  Test cannot execute."
-  echo "FAILED!!!"
-  exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  SunOS | Linux | Darwin | AIX )
-    NULL=/dev/null
-    PS=":"
-    FS="/"
-    CP="${FS}bin${FS}cp -f"
-    ;;
-  CYGWIN* )
-    NULL=/dev/null
-    PS=";"
-    FS="/"
-    CP="cp -f"
-    ;;
-  Windows_* )
-    NULL=NUL
-    PS=";"
-    FS="\\"
-    CP="cp -f"
-    ;;
-  * )
-    echo "Unrecognized operating system!"
-    exit 1;
-    ;;
-esac
-
-# copy jar file into writeable location
-${CP} ${TESTSRC}${FS}oldsig${FS}A.jar B.jar
-${CP} ${TESTSRC}${FS}oldsig${FS}A.class B.class
-
-${TESTJAVA}${FS}bin${FS}jar ${TESTTOOLVMOPTS} uvf B.jar B.class
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
-    -keystore ${TESTSRC}${FS}JarSigning.keystore \
-    -storepass bbbbbb \
-    -digestalg SHA1 \
-    B.jar c
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -verify B.jar
--- a/test/jdk/sun/security/tools/jarsigner/onlymanifest.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,70 +0,0 @@
-#
-# Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 7004035
-# @summary signed jar with only META-INF/* inside is not verifiable
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-KS=onlymanifest.jks
-JFILE=onlymanifest.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit \
-        -keystore $KS -keyalg rsa"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
-
-rm $KS $JFILE 2> /dev/null
-
-# Create an empty jar file with only MANIFEST.MF
-
-echo "Key: Value" > manifest
-$JAR cvfm $JFILE manifest
-
-$KT -alias ca -dname CN=ca -genkey -validity 300 || exit 1
-$KT -alias a -dname CN=a -genkey -validity 300 || exit 2
-$KT -alias a -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias a || exit 3
-$JARSIGNER -keystore $KS -storepass changeit $JFILE a -debug -strict || exit 4
-$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE a -debug -strict \
-        > onlymanifest.out || exit 5
-
-grep unsigned onlymanifest.out && exit 6
-
-exit 0
-
--- a/test/jdk/sun/security/tools/jarsigner/passtype.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,76 +0,0 @@
-#
-# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6868579
-# @summary RFE: jarsigner to support reading password from environment variable
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-KS=pt.ks
-JFILE=pt.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -keystore $KS -validity 300 -keyalg rsa"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
-
-rm $KS $JFILE
-
-$KT -alias a -dname CN=a -keyalg rsa -genkey \
-        -storepass test12 -keypass test12 || exit 1
-PASSENV=test12 $KT -alias b -dname CN=b -keyalg rsa -genkey \
-        -storepass:env PASSENV -keypass:env PASSENV || exit 2
-echo test12 > passfile
-$KT -alias c -dname CN=c -keyalg rsa -genkey \
-        -storepass:file passfile -keypass:file passfile || exit 3
-
-echo A > A
-$JAR cvf $JFILE A
-
-# Sign
-$JARSIGNER -keystore $KS -storepass test12 $JFILE a || exit 4
-PASSENV=test12 $JARSIGNER -keystore $KS -storepass:env PASSENV $JFILE b || exit 5
-$JARSIGNER -keystore $KS -storepass:file passfile $JFILE b || exit 6
-
-# Verify
-$JARSIGNER -keystore $KS -storepass test12 -verify -debug -strict $JFILE || exit 7
-PASSENV=test12 $JARSIGNER -keystore $KS -storepass:env PASSENV -verify -debug -strict $JFILE || exit 8
-$JARSIGNER -keystore $KS -storepass:file passfile -verify -debug -strict $JFILE || exit 9
-
-exit 0
-
--- a/test/jdk/sun/security/tools/jarsigner/samename.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,61 +0,0 @@
-#
-# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6866479
-# @summary libzip.so caused JVM to crash when running jarsigner
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* | CYGWIN* )
-    SIGNEDJAR=EM.jar
-    FS="\\"
-    ;;
-  * )
-    SIGNEDJAR=em.jar
-    FS="/"
-    ;;
-esac
-
-KS=samename.jks
-JFILE=em.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
-
-rm $KS $JFILE $SIGNEDJAR
-echo A > A
-$JAR cvf $JFILE A
-
-$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
-
-$JARSIGNER -keystore $KS -storepass changeit -signedjar $SIGNEDJAR $JFILE a
-
--- a/test/jdk/sun/security/tools/jarsigner/weaksize.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,62 +0,0 @@
-#
-# Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8044755
-# @summary Add a test for algorithm constraints check in jarsigner
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-# The sigalg used is MD2withRSA, which is obsolete.
-
-KT="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -keystore ks
-    -storepass changeit -keypass changeit
-    -keyalg rsa -sigalg MD2withRSA -debug"
-JS="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS} -keystore ks
-    -storepass changeit -strict -debug"
-JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}"
-
-rm ks 2> /dev/null
-
-$KT -genkeypair -alias ca -dname CN=CA -ext bc
-$KT -genkeypair -alias signer -dname CN=Signer
-
-$KT -certreq -alias signer | \
-        $KT -gencert -alias ca -ext ku=dS -rfc | \
-        $KT -importcert -alias signer
-
-$JAR cvf a.jar ks
-
-# We always trust a TrustedCertificateEntry
-$JS a.jar ca | grep "chain is invalid" && exit 1
-
-# An end-entity cert must follow algorithm constraints
-$JS a.jar signer | grep "chain is invalid" || exit 2
-
-exit 0
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/CloneKeyAskPassword.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6178366
+ * @library /test/lib
+ * @summary confirm that keytool correctly finds (and clones) a private key
+ *          when the user is prompted for the key's password.
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+
+import java.io.File;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.KeyStore;
+
+public class CloneKeyAskPassword {
+    public static void main(String[] args) throws Exception {
+
+        // Different storepass and keypass
+        Files.copy(Path.of(
+                    System.getProperty("test.src"), "CloneKeyAskPassword.jks"),
+                Path.of("CloneKeyAskPassword.jks"));
+
+        // Clone with original keypass
+        SecurityTools.setResponse("test456", "");
+        SecurityTools.keytool(
+                "-keyclone",
+                "-alias", "mykey",
+                "-dest", "myclone1",
+                "-keystore", "CloneKeyAskPassword.jks",
+                "-storepass", "test123").shouldHaveExitValue(0);
+
+        // Clone with new keypass
+        SecurityTools.setResponse("test456", "test789", "test789");
+        SecurityTools.keytool(
+                "-keyclone",
+                "-alias", "mykey",
+                "-dest", "myclone2",
+                "-keystore", "CloneKeyAskPassword.jks",
+                "-storepass", "test123").shouldHaveExitValue(0);
+
+        KeyStore ks = KeyStore.getInstance(
+                new File("CloneKeyAskPassword.jks"), "test123".toCharArray());
+        Asserts.assertNotNull(ks.getKey("myclone1", "test456".toCharArray()));
+        Asserts.assertNotNull(ks.getKey("myclone2", "test789".toCharArray()));
+    }
+}
--- a/test/jdk/sun/security/tools/keytool/CloneKeyAskPassword.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,94 +0,0 @@
-#
-# Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6178366
-# @summary confirm that keytool correctly finds (and clones) a private key
-#          when the user is prompted for the key's password.
-#
-# @run shell CloneKeyAskPassword.sh
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
-   TESTSRC="."
-fi
-
-if [ "${TESTCLASSES}" = "" ] ; then
-   TESTCLASSES="."
-fi
-
-if [ "${TESTJAVA}" = "" ] ; then
-   echo "TESTJAVA not set.  Test cannot execute."
-   echo "FAILED!!!"
-   exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  SunOS )
-    PATHSEP=":"
-    FILESEP="/"
-    ;;
-  Linux )
-    PATHSEP=":"
-    FILESEP="/"
-    ;;
-  Darwin )
-    PATHSEP=":"
-    FILESEP="/"
-    ;;
-  AIX )
-    PATHSEP=":"
-    FILESEP="/"
-    ;;
-  CYGWIN* )
-    PATHSEP=";"
-    FILESEP="/"
-    ;;
-  Windows* )
-    PATHSEP=";"
-    FILESEP="\\"
-    ;;
-  * )
-    echo "Unrecognized system!"
-    exit 1;
-    ;;
-esac
-
-# get a writeable keystore
-cp ${TESTSRC}${FILESEP}CloneKeyAskPassword.jks .
-chmod 644 CloneKeyAskPassword.jks
-
-# run the test: attempt to clone the private key
-${TESTJAVA}${FILESEP}bin${FILESEP}keytool ${TESTTOOLVMOPTS} \
-        -keyclone \
-        -alias mykey \
-        -dest myclone \
-        -keystore CloneKeyAskPassword.jks \
-        -storepass test123 <<EOF
-test456
-EOF
-
-exit $?
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/DefaultOptions.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8023197
+ * @summary Pre-configured command line options for keytool and jarsigner
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.process.ProcessTools;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class DefaultOptions {
+
+    public static void main(String[] args) throws Throwable {
+
+        Files.write(Path.of("kt.conf"), List.of(
+                "# A Pre-configured options file",
+                "keytool.all = -storepass:env PASS -keypass:env PASS "
+                        + "-keystore ${user.dir}/ks -debug",
+                "keytool.genkey = -keyalg ec -ext bc",
+                "keytool.delete = -keystore nothing"));
+
+        // kt.conf is read
+        keytool("-conf kt.conf -genkeypair -dname CN=A -alias a")
+                .shouldHaveExitValue(0);
+        keytool("-conf kt.conf -list -alias a -v")
+                .shouldHaveExitValue(0)
+                .shouldMatch("Signature algorithm name.*ECDSA")
+                .shouldContain("BasicConstraints");
+
+        // kt.conf is read, and dup multi-valued options processed as expected
+        keytool("-conf kt.conf -genkeypair -dname CN=B -alias b -ext ku=ds")
+                .shouldHaveExitValue(0);
+        keytool("-conf kt.conf -list -alias b -v")
+                .shouldHaveExitValue(0)
+                .shouldContain("BasicConstraints")
+                .shouldContain("DigitalSignature");
+
+        // Single-valued option in command section override all
+        keytool("-conf kt.conf -delete -alias a")
+                .shouldNotHaveExitValue(0);
+
+        // Single-valued option on command line overrides again
+        keytool("-conf kt.conf -delete -alias b -keystore ks")
+                .shouldHaveExitValue(0);
+
+        // Error cases
+
+        // File does not exist
+        keytool("-conf no-such-file -help -list")
+                .shouldNotHaveExitValue(0);
+
+        // Cannot have both standard name (-genkeypair) and legacy name (-genkey)
+        Files.write(Path.of("bad.conf"), List.of(
+                "keytool.all = -storepass:env PASS -keypass:env PASS -keystore ks",
+                "keytool.genkeypair = -keyalg rsa",
+                "keytool.genkey = -keyalg ec"));
+
+        keytool("-conf bad.conf -genkeypair -alias me -dname cn=me")
+                .shouldNotHaveExitValue(0);
+
+        // Unknown options are rejected by tool
+        Files.write(Path.of("bad.conf"), List.of(
+                "keytool.all=-unknown"));
+
+        keytool("-conf bad.conf -help -list").shouldNotHaveExitValue(0);
+
+        // System property must be present
+        Files.write(Path.of("bad.conf"), List.of(
+                "keytool.all = -keystore ${no.such.prop}"));
+
+        keytool("-conf bad.conf -help -list").shouldNotHaveExitValue(0);
+    }
+
+    // Run keytool with one environment variable PASS=changeit
+    static OutputAnalyzer keytool(String cmd) throws Throwable {
+        ProcessBuilder pb = SecurityTools.getProcessBuilder(
+                "keytool", List.of(cmd.trim().split("\\s+")));
+        pb.environment().put("PASS", "changeit");
+        return ProcessTools.executeCommand(pb);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/EmptySubject.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6847026
+ * @summary keytool should be able to generate certreq and cert without subject name
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+public class EmptySubject{
+    static final String KS = "emptysubject.jks";
+    public static void main(String[] args) throws Exception {
+        kt("-alias", "ca", "-dname", "CN=CA", "-genkeypair");
+        kt("-alias", "me", "-dname", "CN=Me", "-genkeypair");
+
+        // When -dname is recognized, SAN must be specified, otherwise,
+        // -printcert fails.
+        kt("-alias", "me", "-certreq", "-dname", "", "-file", "me1.req")
+                .shouldHaveExitValue(0);
+        kt("-alias", "ca", "-gencert",
+                "-infile", "me1.req", "-outfile", "me1.crt")
+                .shouldHaveExitValue(0);
+        kt("-printcert", "-file", "me1.crt").shouldNotHaveExitValue(0);
+
+        kt("-alias", "me", "-certreq", "-file", "me2.req")
+                .shouldHaveExitValue(0);
+        kt("-alias", "ca", "-gencert", "-dname", "",
+                "-infile", "me2.req", "-outfile", "me2.crt")
+                .shouldHaveExitValue(0);
+        kt("-printcert", "-file", "me2.crt").shouldNotHaveExitValue(0);
+
+        kt("-alias", "me", "-certreq", "-dname", "", "-file", "me3.req")
+                .shouldHaveExitValue(0);
+        kt("-alias", "ca", "-gencert", "-ext", "san:c=email:me@me.com",
+                "-infile", "me3.req", "-outfile", "me3.crt")
+                .shouldHaveExitValue(0);
+        kt("-printcert", "-file", "me3.crt").shouldHaveExitValue(0);
+
+        kt("-alias", "me", "-certreq", "-file", "me4.req")
+                .shouldHaveExitValue(0);
+        kt("-alias", "ca", "-gencert", "-dname", "",
+                "-ext", "san:c=email:me@me.com",
+                "-infile", "me4.req", "-outfile", "me4.crt")
+                .shouldHaveExitValue(0);
+        kt("-printcert", "-file", "me4.crt").shouldHaveExitValue(0);
+    }
+
+    static OutputAnalyzer kt(String... s) throws Exception {
+        List<String> cmd = new ArrayList<>();
+        cmd.addAll(Arrays.asList(
+                "-storepass", "changeit",
+                "-keypass", "changeit",
+                "-keystore", KS,
+                "-keyalg", "rsa"));
+        cmd.addAll(Arrays.asList(s));
+        return SecurityTools.keytool(cmd);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/FileInHelp.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6922482
+ * @summary keytool's help on -file always shows 'output file'
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+public class FileInHelp {
+    public static void main(String[] args) throws Exception {
+        SecurityTools.keytool("-printcertreq -help")
+                .shouldHaveExitValue(0)
+                .shouldContain("input file");
+        SecurityTools.keytool("-exportcert -help")
+                .shouldHaveExitValue(0)
+                .shouldContain("output file");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/ImportReadAll.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6819272
+ * @summary keytool -importcert should read the whole input
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+public class ImportReadAll {
+    public static void main(String[] args) throws Exception {
+        keytool("-genkeypair -alias a -dname CN=a").shouldHaveExitValue(0);
+        keytool("-genkeypair -alias ca -dname CN=ca").shouldHaveExitValue(0);
+
+        keytool("-certreq -alias a -file a.req").shouldHaveExitValue(0);
+        keytool("-gencert -alias ca -infile a.req -outfile a.crt")
+                .shouldHaveExitValue(0);
+        keytool("-importcert -alias a -file a.crt").shouldHaveExitValue(0);
+    }
+
+    static OutputAnalyzer keytool(String s) throws Exception {
+        return SecurityTools.keytool(
+                "-keystore importreadall.jks "
+                + "-storepass changeit -keypass changeit -keyalg rsa " + s);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/KeyAlg.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8029659
+ * @summary Keytool, print key algorithm of certificate or key entry
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+public class KeyAlg {
+    public static void main(String[] args) throws Exception {
+        keytool("-genkeypair -alias ca -dname CN=CA -keyalg EC")
+                .shouldHaveExitValue(0);
+        keytool("-genkeypair -alias user -dname CN=User -keyalg RSA -keysize 1024")
+                .shouldHaveExitValue(0);
+        keytool("-certreq -alias user -file user.req").shouldHaveExitValue(0);
+        keytool("-gencert -alias ca -rfc -sigalg SHA1withECDSA"
+                + " -infile user.req -outfile user.crt")
+                .shouldHaveExitValue(0);
+        keytool("-printcert -file user.crt")
+                .shouldHaveExitValue(0)
+                .shouldMatch("Signature algorithm name:.*SHA1withECDSA")
+                .shouldMatch("Subject Public Key Algorithm:.*1024.*RSA");
+    }
+
+    static OutputAnalyzer keytool(String s) throws Exception {
+        return SecurityTools.keytool(
+                "-keystore ks -storepass changeit -keypass changeit " + s);
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/NewHelp.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6324292
+ * @summary keytool -help is unhelpful
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+public class NewHelp {
+    public static void main(String[] args) throws Exception {
+        SecurityTools.keytool("-help")
+                .shouldHaveExitValue(0)
+                .shouldContain("Commands:");
+        SecurityTools.keytool("-help -list")
+                .shouldHaveExitValue(0)
+                .shouldContain("Options:");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/NoExtNPE.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6813402
+ * @summary keytool cannot -printcert entries without extensions
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+import java.nio.file.Path;
+
+public class NoExtNPE {
+    public static void main(String[] args) throws Exception {
+        SecurityTools.keytool("-list -v -keystore " +
+                Path.of(System.getProperty("test.src"), "CloneKeyAskPassword.jks")
+                + " -storepass test123").shouldHaveExitValue(0);
+    }
+}
--- a/test/jdk/sun/security/tools/keytool/NoExtNPE.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,75 +0,0 @@
-#
-# Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6813402
-# @summary keytool cannot -printcert entries without extensions
-#
-# @run shell NoExtNPE.sh
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
-   TESTSRC="."
-fi
-
-if [ "${TESTJAVA}" = "" ] ; then
-   echo "TESTJAVA not set.  Test cannot execute."
-   echo "FAILED!!!"
-   exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  SunOS )
-    FILESEP="/"
-    ;;
-  Linux )
-    FILESEP="/"
-    ;;
-  Darwin )
-    FILESEP="/"
-    ;;
-  AIX )
-    PATHSEP=":"
-    FILESEP="/"
-    ;;
-  CYGWIN* )
-    FILESEP="/"
-    ;;
-  Windows* )
-    FILESEP="\\"
-    ;;
-  * )
-    echo "Unrecognized system!"
-    exit 1;
-    ;;
-esac
-
-${TESTJAVA}${FILESEP}bin${FILESEP}keytool ${TESTTOOLVMOPTS} \
-        -list -v \
-        -keystore ${TESTSRC}${FILESEP}CloneKeyAskPassword.jks \
-        -storepass test123
-
-exit $?
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/Resource.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6239297
+ * @summary keytool usage is broken after changing Resources.java
+ * @author Max Wang
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+public class Resource {
+    public static void main(String[] args) throws Exception {
+        SecurityTools.keytool()
+                .shouldNotContain("MissingResourceException");
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/SecretKeyKS.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 4694076
+ * @summary KeyTool throws ArrayIndexOutOfBoundsException for listing
+ *          SecretKey entries in non-verbose mode.
+ * @author Valerie Peng
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+import java.nio.file.Path;
+
+public class SecretKeyKS {
+    public static void main(String[] args) throws Exception {
+        SecurityTools.keytool("-list -keystore " +
+                Path.of(System.getProperty("test.src"), "SecretKeyKS.jks") +
+                " -storepass password").shouldHaveExitValue(0);
+    }
+}
--- a/test/jdk/sun/security/tools/keytool/SecretKeyKS.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-#
-# Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 4694076
-# @summary KeyTool throws ArrayIndexOutOfBoundsException for listing
-#          SecretKey entries in non-verbose mode.
-# @author Valerie Peng
-#
-# @run shell SecretKeyKS.sh
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
-  TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
-  TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
-  echo "TESTJAVA not set.  Test cannot execute."
-  echo "FAILED!!!"
-  exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  SunOS | Linux | Darwin | AIX )
-    NULL=/dev/null
-    PS=":"
-    FS="/"
-    ;;
-  CYGWIN* )
-    NULL=/dev/null
-    PS=";"
-    FS="/"
-    ;;
-  Windows_* )
-    NULL=NUL
-    PS=";"
-    FS="\\"
-    ;;
-  * )
-    echo "Unrecognized operating system!"
-    exit 1;
-    ;;
-esac
-
-# the test code
-
-${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -list -keystore ${TESTSRC}${FS}SecretKeyKS.jks -storepass password
-
-exit $?
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/SecurityToolsTest.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8180573
+ * @summary Enhance SecurityTools input line parsing
+ * @library /test/lib
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+
+import java.util.List;
+
+public class SecurityToolsTest {
+    public static void main(String[] args) {
+        Asserts.assertEQ(SecurityTools.makeList("a b c"),
+                List.of("a", "b", "c"));
+        Asserts.assertEQ(SecurityTools.makeList("  a b c  "),
+                List.of("a", "b", "c"));
+        Asserts.assertEQ(SecurityTools.makeList("a\tb\nc"),
+                List.of("a", "b", "c"));
+        Asserts.assertEQ(SecurityTools.makeList("a `b` c"),
+                List.of("a", "b", "c"));
+        Asserts.assertEQ(SecurityTools.makeList("`a` b c"),
+                List.of("a", "b", "c"));
+        Asserts.assertEQ(SecurityTools.makeList("a b `c`"),
+                List.of("a", "b", "c"));
+        Asserts.assertEQ(SecurityTools.makeList("`a b` b c"),
+                List.of("a b", "b", "c"));
+        Asserts.assertEQ(SecurityTools.makeList("`a b c`"),
+                List.of("a b c"));
+        Asserts.assertEQ(SecurityTools.makeList("a ` b ` c"),
+                List.of("a", " b ", "c"));
+        Asserts.assertEQ(SecurityTools.makeList("a`b c"),
+                List.of("a`b", "c"));
+        Asserts.assertEQ(SecurityTools.makeList("a `\"b\"` c"),
+                List.of("a", "\"b\"", "c"));
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/SelfIssued.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6825352 6937978
+ * @summary support self-issued certificate in keytool and let -gencert generate the chain
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+public class SelfIssued {
+    public static void main(String[] args) throws Exception {
+        keytool("-alias ca -dname CN=CA -genkeypair");
+        keytool("-alias ca1 -dname CN=CA1 -genkeypair");
+        keytool("-alias ca2 -dname CN=CA2 -genkeypair");
+        keytool("-alias e1 -dname CN=E1 -genkeypair");
+
+        // ca signs ca1, ca1 signs ca2, all self-issued
+        keytool("-alias ca1 -certreq -file ca1.req");
+        keytool("-alias ca -gencert -ext san=dns:ca1 "
+                + "-infile ca1.req -outfile ca1.crt");
+        keytool("-alias ca1 -importcert -file ca1.crt");
+
+        keytool("-alias ca2 -certreq -file ca2.req");
+        keytool("-alias ca1 -gencert -ext san=dns:ca2 "
+                + "-infile ca2.req -outfile ca2.crt");
+        keytool("-alias ca2 -importcert -file ca2.crt");
+
+        // Import e1 signed by ca2, should add ca2 and ca1, at least 3 certs in the chain
+        keytool("-alias e1 -certreq -file e1.req");
+        keytool("-alias ca2 -gencert -infile e1.req -outfile e1.crt");
+
+        keytool("-alias ca1 -delete");
+        keytool("-alias ca2 -delete");
+        keytool("-alias e1 -importcert -file e1.crt");
+        keytool("-alias e1 -list -v")
+                .shouldContain("[3]");
+    }
+
+    static OutputAnalyzer keytool(String s) throws Exception {
+        return SecurityTools.keytool("-storepass changeit -keypass changeit "
+                + "-keystore ks -keyalg rsa " + s);
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/StandardAlgName.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 4909889
+ * @summary KeyTool accepts any input that user make as long as we can make some
+ *          sense out of it, but when comes to present the info the user, it
+ *          promotes a standard look.
+ * @author Andrew Fan
+ * @library /test/lib
+ * @run main/timeout=240 StandardAlgName
+ */
+
+import jdk.test.lib.SecurityTools;
+
+public class StandardAlgName {
+    public static void main(String[] args) throws Exception {
+        // CA
+        SecurityTools.keytool("-genkey", "-v", "-alias", "pkcs12testCA",
+                "-keyalg", "RsA", "-keysize", "2048",
+                "-sigalg", "ShA1wItHRSA",
+                "-dname", "cn=PKCS12 Test CA, ou = Security SQE, o = JavaSoft, c = US",
+                "-validity", "3650",
+                "-keypass", "storepass", "-keystore", "keystoreCA.jceks.data",
+                "-storepass", "storepass", "-storetype", "jceKS")
+                .shouldHaveExitValue(0)
+                .shouldNotContain("RsA")
+                .shouldNotContain("ShA1wItHRSA")
+                .shouldContain("RSA")
+                .shouldContain("SHA1withRSA");
+
+        // Lead
+        SecurityTools.keytool("-genkey", "-v", "-alias", "pkcs12testLead",
+                "-keyalg", "rSA", "-keysize", "1024",
+                "-sigalg", "mD5withRSA",
+                "-dname", "cn=PKCS12 Test Lead, ou=Security SQE, o=JavaSoft, c=US",
+                "-validity", "3650",
+                "-keypass", "storepass", "-keystore", "keystoreLead.jceks.data",
+                "-storepass", "storepass", "-storetype", "jCeks")
+                .shouldHaveExitValue(0)
+                .shouldNotContain("rSA")
+                .shouldNotContain("mD5withRSA")
+                .shouldContain("RSA")
+                .shouldContain("MD5withRSA");
+
+        // End User 1
+        SecurityTools.keytool("-genkey", "-v", "-alias", "pkcs12testEndUser1",
+                "-keyalg", "RSa", "-keysize", "1024",
+                "-sigalg", "sHa1wIThRSA",
+                "-dname", "cn=PKCS12 Test End User 1, ou=Security SQE, o=JavaSoft, c=US",
+                "-validity", "3650",
+                "-keypass", "storepass", "-keystore", "keystoreEndUser1.jceks.data",
+                "-storepass", "storepass", "-storetype", "Jceks")
+                .shouldHaveExitValue(0)
+                .shouldNotContain("RSa")
+                .shouldNotContain("sHa1wIThRSA")
+                .shouldContain("RSA")
+                .shouldContain("SHA1withRSA");
+    }
+}
--- a/test/jdk/sun/security/tools/keytool/StandardAlgName.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,94 +0,0 @@
-#
-# Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test 1.1 04/11/12
-# @bug 4909889
-# @summary KeyTool accepts any input that user make as long as we can make some
-#          sense out of it, but when comes to present the info the user, it
-#          promotes a standard look.
-# @author Andrew Fan
-#
-# @run shell/timeout=240 StandardAlgName.sh
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
-  TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
-  TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
-  echo "TESTJAVA not set.  Test cannot execute."
-  echo "FAILED!!!"
-  exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  SunOS | Linux | Darwin | AIX )
-    NULL=/dev/null
-    PS=":"
-    FS="/"
-    ;;
-  CYGWIN* )
-    NULL=/dev/null
-    PS=";"
-    FS="/"
-    ;;
-  Windows_* )
-    NULL=NUL
-    PS=";"
-    FS="\\"
-    ;;
-  * )
-    echo "Unrecognized operating system!"
-    exit 1;
-    ;;
-esac
-
-# the test code
-#CA
-${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -genkey -v -alias pkcs12testCA -keyalg "RsA" -keysize 2048 -sigalg "ShA1wItHRSA" -dname "cn=PKCS12 Test CA, ou=Security SQE, o=JavaSoft, c=US" -validity 3650 -keypass storepass -keystore keystoreCA.jceks.data -storepass storepass -storetype jceKS 2>&1 | egrep 'RsA|ShA1wItHRSA'
-
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
-    exit 1
-else
-    #Lead
-    ${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -genkey -v -alias pkcs12testLead -keyalg "rSA" -keysize 1024 -sigalg "mD5withRSA" -dname "cn=PKCS12 Test Lead, ou=Security SQE, o=JavaSoft, c=US" -validity 3650 -keypass storepass -keystore keystoreLead.jceks.data -storepass storepass -storetype jCeks 2>&1 | egrep 'rSA|mD5withRSA'
-    RESULT=$?
-    if [ $RESULT -eq 0 ]; then
-        exit 1
-    else
-        #End User 1
-        ${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -genkey -v -alias pkcs12testEndUser1 -keyalg "RSa" -keysize 1024 -sigalg "sHa1wIThRSA" -dname "cn=PKCS12 Test End User 1, ou=Security SQE, o=JavaSoft, c=US" -validity 3650 -keypass storepass -keystore keystoreEndUser1.jceks.data -storepass storepass -storetype Jceks 2>&1 | egrep 'RSa|sHa1wIThRSA'
-        RESULT=$?
-        if [ $RESULT -eq 0 ]; then
-            exit 1
-        else
-            exit 0
-        fi
-    fi
-fi
-
--- a/test/jdk/sun/security/tools/keytool/StorePasswords.java	Thu Apr 11 22:56:11 2019 -0400
+++ b/test/jdk/sun/security/tools/keytool/StorePasswords.java	Fri Apr 12 13:35:23 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,8 +25,12 @@
  * @test
  * @bug 8008296
  * @summary Store and retrieve user passwords using PKCS#12 keystore
+ * @library /test/lib
  */
 
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
 import java.io.*;
 import java.security.*;
 import java.util.*;
@@ -79,6 +83,18 @@
             "recovered " + recoverCount + " user passwords");
 
         new File(KEYSTORE).delete();
+
+        storeCount = storeByShell();
+        recoverCount = recoverByShell();
+
+        if (recoverCount != storeCount || storeCount < 11) {
+            throw new Exception("Stored " + storeCount + " user passwords, " +
+                    "recovered " + recoverCount + " user passwords");
+        }
+        System.out.println("\nStored " + storeCount + " user passwords, " +
+                "recovered " + recoverCount + " user passwords");
+
+        new File(KEYSTORE).delete();
     }
 
     private static int store() throws Exception {
@@ -189,4 +205,35 @@
 
         return count;
     }
+
+    private static int storeByShell() throws Exception {
+        int count = 0;
+        for (String algorithm : PBE_ALGORITHMS) {
+            System.out.println("Storing user password (protected by " + algorithm + " )");
+            String importCmd = count < 5 ? "-importpassword" : "-importpass";
+            String keyAlg = algorithm.equals("default PBE algorithm")
+                    ? "" : (" -keyalg " + algorithm);
+            SecurityTools.setResponse("hello1");
+            OutputAnalyzer oa = SecurityTools.keytool(importCmd
+                    + " -storetype pkcs12 -keystore mykeystore.p12"
+                    + " -storepass changeit -alias `this entry is protected by "
+                    + algorithm + "`" + keyAlg);
+            if (oa.getExitValue() == 0) {
+                System.out.println("OK");
+                count++;
+            } else {
+                System.out.println("ERROR");
+            }
+        }
+        return count;
+    }
+
+    private static int recoverByShell() throws Exception {
+        return (int)SecurityTools.keytool("-list -storetype pkcs12"
+                + " -keystore mykeystore.p12 -storepass changeit")
+                .shouldHaveExitValue(0)
+                .asLines().stream()
+                .filter(s -> s.contains("this entry is protected by"))
+                .count();
+    }
 }
--- a/test/jdk/sun/security/tools/keytool/StorePasswordsByShell.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,132 +0,0 @@
-#
-# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8008296
-# @summary confirm that keytool correctly imports user passwords
-#
-# @run shell StorePasswordsByShell.sh
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
-   TESTSRC="."
-fi 
-  
-if [ "${TESTCLASSES}" = "" ] ; then
-   TESTCLASSES="." 
-fi
-  
-if [ "${TESTJAVA}" = "" ] ; then
-   echo "TESTJAVA not set.  Test cannot execute."
-   echo "FAILED!!!"
-   exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  SunOS | Linux | Darwin | AIX)
-    PATHSEP=":"
-    FILESEP="/"
-    ;;
-  CYGWIN* )
-    PATHSEP=";"
-    FILESEP="/"
-    ;;
-  Windows* )
-    PATHSEP=";"
-    FILESEP="\\"
-    ;;
-  * )
-    echo "Unrecognized system!"
-    exit 1;
-    ;;
-esac
-
-PBE_ALGORITHMS="\
- default-PBE-algorithm \
- PBEWithMD5AndDES \
- PBEWithSHA1AndDESede \
- PBEWithSHA1AndRC2_40 \
- PBEWithSHA1AndRC2_128 
- PBEWithSHA1AndRC4_40 \
- PBEWithSHA1AndRC4_128 \
- PBEWithHmacSHA1AndAES_128 \
- PBEWithHmacSHA224AndAES_128 \
- PBEWithHmacSHA256AndAES_128 \
- PBEWithHmacSHA384AndAES_128 \
- PBEWithHmacSHA512AndAES_128 \
- PBEWithHmacSHA1AndAES_256 \
- PBEWithHmacSHA224AndAES_256 \
- PBEWithHmacSHA256AndAES_256 \
- PBEWithHmacSHA384AndAES_256 \
- PBEWithHmacSHA512AndAES_256"
-
-USER_PWD="hello1\n"
-ALIAS_PREFIX="this entry is protected by "
-COUNTER=0
-
-# cleanup
-rm mykeystore.p12 > /dev/null 2>&1
-
-echo
-for i in $PBE_ALGORITHMS; do
-
-    if [ $i = "default-PBE-algorithm" ]; then
-        KEYALG=""
-    else
-        KEYALG="-keyalg ${i}"
-    fi
-
-    if [ $COUNTER -lt 5 ]; then
-        IMPORTPASSWORD="-importpassword"
-    else
-        IMPORTPASSWORD="-importpass"
-    fi
-
-    echo "Storing user password (protected by ${i})"
-    echo "${USER_PWD}" | \
-        ${TESTJAVA}${FILESEP}bin${FILESEP}keytool ${TESTTOOLVMOPTS} ${IMPORTPASSWORD} \
-            -storetype pkcs12 -keystore mykeystore.p12 -storepass changeit \
-            -alias "${ALIAS_PREFIX}${i}" ${KEYALG} > /dev/null 2>&1
-    if [ $? -ne 0 ]; then
-        echo Error
-    else
-        echo OK
-        COUNTER=`expr ${COUNTER} + 1`
-    fi
-done
-echo
-
-COUNTER2=`${TESTJAVA}${FILESEP}bin${FILESEP}keytool ${TESTTOOLVMOPTS} -list -storetype pkcs12 \
-  -keystore mykeystore.p12 -storepass changeit | grep -c "${ALIAS_PREFIX}"`
-
-RESULT="stored ${COUNTER} user passwords, detected ${COUNTER2} user passwords"
-if [ $COUNTER -ne $COUNTER2 -o $COUNTER -lt 11 ]; then
-    echo "ERROR: $RESULT"
-    exit 1
-else
-    echo "OK: $RESULT"
-    exit 0
-fi
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/TryStore.java	Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7047200
+ * @summary keytool can try save to a byte array before overwrite the file
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+public class TryStore {
+    public static void main(String[] args) throws Exception {
+        keytool("-genkeypair -alias a -dname CN=A -storepass changeit -keypass changeit");
+        keytool("-genkeypair -alias b -dname CN=B -storepass changeit -keypass changeit");
+
+        // We use -protected for JKS keystore. This is illegal so the command should
+        // fail. Then we can check if the keystore is damaged.
+
+        keytool("-genkeypair -protected -alias b -delete -debug")
+                .shouldNotHaveExitValue(0);
+
+        keytool("-list -storepass changeit")
+                .shouldHaveExitValue(0);
+    }
+
+    static OutputAnalyzer keytool(String s) throws Exception {
+        return SecurityTools.keytool(
+                "-storetype jks -keystore trystore.jks -keyalg rsa " + s);
+    }
+}
--- a/test/jdk/sun/security/tools/keytool/default_options.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,99 +0,0 @@
-#
-# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8023197
-# @summary Pre-configured command line options for keytool and jarsigner
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-KS=ks
-KEYTOOL="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS}"
-
-rm $KS 2> /dev/null
-
-PASS=changeit
-export PASS
-
-cat <<EOF > kt.conf
-# A Pre-configured options file
-keytool.all = -storepass:env PASS -keypass:env PASS -keystore \${user.dir}/$KS -debug
-keytool.genkey = -keyalg ec -ext bc
-keytool.delete = -keystore nothing
-EOF
-
-# kt.conf is read
-$KEYTOOL -conf kt.conf -genkeypair -dname CN=A -alias a || exit 1
-$KEYTOOL -conf kt.conf -list -alias a -v > a_certinfo || exit 2
-grep "Signature algorithm name" a_certinfo | grep ECDSA || exit 3
-grep "BasicConstraints" a_certinfo || exit 4
-
-# kt.conf is read, and dup multi-valued options processed as expected
-$KEYTOOL -conf kt.conf -genkeypair -dname CN=B -alias b -ext ku=ds \
-        || exit 11
-$KEYTOOL -conf kt.conf -list -alias b -v > b_certinfo || exit 12
-grep "BasicConstraints" b_certinfo || exit 14
-grep "DigitalSignature" b_certinfo || exit 15
-
-# Single-valued option in command section override all
-$KEYTOOL -conf kt.conf -delete -alias a && exit 16
-
-# Single-valued option on command line overrides again
-$KEYTOOL -conf kt.conf -delete -alias b -keystore $KS || exit 17
-
-# Error cases
-
-# File does not exist
-$KEYTOOL -conf no-such-file -help -list && exit 31
-
-# Cannot have both standard name (-genkeypair) and legacy name (-genkey)
-cat <<EOF > bad.conf
-keytool.all = -storepass:env PASS -keypass:env PASS -keystore ks
-keytool.genkeypair = -keyalg rsa
-keytool.genkey = -keyalg ec
-EOF
-
-$KEYTOOL -conf bad.conf -genkeypair -alias me -dname "cn=me" && exit 32
-
-# Unknown options are rejected by tool
-cat <<EOF > bad.conf
-keytool.all=-unknown
-EOF
-
-$KEYTOOL -conf bad.conf -help -list && exit 33
-
-# System property must be present
-cat <<EOF > bad.conf
-keytool.all = -keystore \${no.such.prop}
-EOF
-
-$KEYTOOL -conf bad.conf -help -list && exit 34
-
-echo Done
-exit 0
--- a/test/jdk/sun/security/tools/keytool/emptysubject.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,68 +0,0 @@
-#
-# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6847026
-# @summary keytool should be able to generate certreq and cert without subject name
-#
-# @run shell emptysubject.sh
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-KS=emptysubject.jks
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa"
-
-rm $KS
-
-$KT -alias ca -dname CN=CA -genkeypair
-$KT -alias me -dname CN=Me -genkeypair
-
-# When -dname is recognized, SAN must be specfied, otherwise, -printcert fails.
-$KT -alias me -certreq -dname "" | \
-        $KT -alias ca -gencert | $KT -printcert && exit 1
-$KT -alias me -certreq | \
-        $KT -alias ca -gencert -dname "" | $KT -printcert && exit 2
-$KT -alias me -certreq -dname "" | \
-        $KT -alias ca -gencert -ext san:c=email:me@me.com | \
-        $KT -printcert || exit 3
-$KT -alias me -certreq | \
-        $KT -alias ca -gencert -dname "" -ext san:c=email:me@me.com | \
-        $KT -printcert || exit 4
-
-exit 0
-
--- a/test/jdk/sun/security/tools/keytool/file-in-help.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
-#
-# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6922482
-# @summary keytool's help on -file always shows 'output file'
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -printcertreq -help 2> h1 || exit 1
-$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -exportcert -help 2> h2 || exit 2
-
-grep "input file" h1 || exit 3
-grep "output file" h2 || exit 4
-
-exit 0
-
--- a/test/jdk/sun/security/tools/keytool/i18n.html	Thu Apr 11 22:56:11 2019 -0400
+++ b/test/jdk/sun/security/tools/keytool/i18n.html	Fri Apr 12 13:35:23 2019 +0800
@@ -1,11 +1,7 @@
 <html>
 <body>
 
-<applet width=100 height=100 code=i18n.class>
-</applet>
-
-This is a multi-stage test.  Click on "done" when you have completed
-reading these instructions.  For each instruction, make sure the output
+This is a multi-stage test.  For each instruction, make sure the output
 from keytool is correct (you can read everything in english fine).
 
 <ol>
@@ -115,7 +111,5 @@
 If all the output (english) is correct, then the test passed.
 Otherwise, the test failed.
 
-Press "Pass" if ... press "Fail" otherwise.
-
 </body>
 </html>
--- a/test/jdk/sun/security/tools/keytool/i18n.java	Thu Apr 11 22:56:11 2019 -0400
+++ b/test/jdk/sun/security/tools/keytool/i18n.java	Fri Apr 12 13:35:23 2019 +0800
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -21,8 +21,19 @@
  * questions.
  */
 
-// This trivial file is only necessary to display instructions and "pass/fail"
-// buttons for a manual test.
-public class i18n extends java.applet.Applet
-{
+/*
+ * @test
+ * @bug 4348369 8076069
+ * @summary keytool not i18n compliant
+ * @author charlie lai
+ * @run main/manual i18n
+ */
+
+import java.nio.file.Path;
+
+public class i18n{
+    public static void main(String[] args) throws Exception {
+        System.out.println("see i18n.html");
+        System.out.println(Path.of(System.getProperty("test.jdk"), "bin", "keytool"));
+    }
 }
--- a/test/jdk/sun/security/tools/keytool/i18n.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-#
-# Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 4348369 8076069
-# @summary keytool not i18n compliant
-# @author charlie lai
-# @run shell/manual i18n.sh
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
-  TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
-  TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
-  echo "TESTJAVA not set.  Test cannot execute."
-  echo "FAILED!!!"
-  exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  AIX | Darwin | Linux | SunOS )
-    NULL=/dev/null
-    PS=":"
-    FS="/"
-    ;;
-  CYGWIN* )
-    NULL=/dev/null
-    PS=";"
-    FS="/"
-    ;;
-  Windows* )
-    NULL=NUL
-    PS=";"
-    FS="\\"
-    ;;
-  * )
-    echo "Unrecognized system!"
-    exit 1;
-    ;;
-esac
-KEYTOOL=${TESTJAVA}${FS}bin${FS}keytool
-
-# the test code
-
-# see i18n.html
-
-exit $?
--- a/test/jdk/sun/security/tools/keytool/importreadall.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,62 +0,0 @@
-#
-# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6819272
-# @summary keytool -importcert should read the whole input
-#
-# @run shell importreadall.sh
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
-   TESTSRC="."
-fi
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVA_CMD=`which java`
-  TESTJAVA=`dirname $JAVA_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-KEYTOOL="${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -keystore importreadall.jks -storepass changeit -keypass changeit -keyalg rsa"
-
-# In case the test is run twice in the same directory
-
-$KEYTOOL -delete -alias a
-$KEYTOOL -delete -alias ca
-$KEYTOOL -genkeypair -alias a -dname CN=a || exit 1
-$KEYTOOL -genkeypair -alias ca -dname CN=ca || exit 2
-$KEYTOOL -certreq -alias a | $KEYTOOL -gencert -alias ca | $KEYTOOL -importcert -alias a
-
-exit $?
--- a/test/jdk/sun/security/tools/keytool/keyalg.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,49 +0,0 @@
-#
-# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8029659
-# @summary Keytool, print key algorithm of certificate or key entry
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-KS=ks
-KEYTOOL="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -keystore ks -storepass changeit -keypass changeit"
-
-rm $KS 2> /dev/null
-
-$KEYTOOL -genkeypair -alias ca -dname CN=CA -keyalg EC || exit 1
-$KEYTOOL -genkeypair -alias user -dname CN=User -keyalg RSA -keysize 1024 || exit 2
-$KEYTOOL -certreq -alias user |
-        $KEYTOOL -gencert -alias ca -rfc -sigalg SHA1withECDSA |
-        $KEYTOOL -printcert > user.dump || exit 3
-
-cat user.dump | grep "Signature algorithm name:" | grep SHA1withECDSA || exit 4
-cat user.dump | grep "Subject Public Key Algorithm:" | grep RSA | grep 1024 || exit 5
-
--- a/test/jdk/sun/security/tools/keytool/newhelp.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
-#
-# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6324292
-# @summary keytool -help is unhelpful
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -help 2> h1 || exit 1
-$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -help -list 2> h2 || exit 2
-
-grep Commands: h1 || exit 3
-grep Options: h2 || exit 4
-
-exit 0
-
--- a/test/jdk/sun/security/tools/keytool/resource.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-#
-# Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6239297
-# @summary keytool usage is broken after changing Resources.java
-# @author Max Wang
-#
-# @run shell resource.sh
-
-if [ "${TESTSRC}" = "" ] ; then
-  TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
-  TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
-  echo "TESTJAVA not set.  Test cannot execute."
-  echo "FAILED!!!"
-  exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  SunOS | Linux | Darwin | AIX )
-    NULL=/dev/null
-    FS="/"
-    ;;
-  CYGWIN* )
-    NULL=/dev/null
-    FS="/"
-    ;;
-  Windows_* )
-    NULL=NUL
-    FS="\\"
-    ;;
-  * )
-    echo "Unrecognized operating system!"
-    exit 1;
-    ;;
-esac
-
-# the test code
-${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} > temp_file_40875602475 2> ${NULL}
-grep MissingResourceException temp_file_40875602475
-
-if [ $? -eq 0 ]; then
-    exit 1
-fi
-
-exit 0
--- a/test/jdk/sun/security/tools/keytool/selfissued.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-#
-# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6825352 6937978
-# @summary support self-issued certificate in keytool and let -gencert generate the chain
-#
-# @run shell selfissued.sh
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-KS=selfsigned.ks
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa"
-
-rm $KS
-
-$KT -alias ca -dname CN=CA -genkeypair
-$KT -alias ca1 -dname CN=CA1 -genkeypair
-$KT -alias ca2 -dname CN=CA2 -genkeypair
-$KT -alias e1 -dname CN=E1 -genkeypair
-
-# ca signs ca1, ca1 signs ca2, all self-issued
-$KT -alias ca1 -certreq | $KT -alias ca -gencert -ext san=dns:ca1 \
-        | $KT -alias ca1 -importcert
-$KT -alias ca2 -certreq | $KT -alias ca1 -gencert -ext san=dns:ca2 \
-        | $KT -alias ca2 -importcert
-
-# Import e1 signed by ca2, should add ca2 and ca1, at least 3 certs in the chain
-$KT -alias e1 -certreq | $KT -alias ca2 -gencert > e1.cert
-$KT -alias ca1 -delete
-$KT -alias ca2 -delete
-cat e1.cert | $KT -alias e1 -importcert
-$KT -alias e1 -list -v | grep '\[3\]' || { echo Bad E1; exit 1; }
-
-echo Good
-
--- a/test/jdk/sun/security/tools/keytool/trystore.sh	Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-#
-# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 7047200
-# @summary keytool can try save to a byte array before overwrite the file
-
-if [ "${TESTJAVA}" = "" ] ; then
-  JAVAC_CMD=`which javac`
-  TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
-  Windows_* )
-    FS="\\"
-    ;;
-  * )
-    FS="/"
-    ;;
-esac
-
-rm trystore.jks 2> /dev/null
-
-KEYTOOL="${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storetype jks -keystore trystore.jks -keyalg rsa"
-$KEYTOOL -genkeypair -alias a -dname CN=A -storepass changeit -keypass changeit
-$KEYTOOL -genkeypair -alias b -dname CN=B -storepass changeit -keypass changeit
-
-# We use -protected for JKS keystore. This is illegal so the command should
-# fail. Then we can check if the keystore is damaged.
-
-$KEYTOOL -genkeypair -protected -alias b -delete -debug
-
-if [ $? = 0 ]; then
-    echo "What? -protected works for JKS?"
-    exit 1
-fi
-
-$KEYTOOL -list -storepass changeit
-
-if [ $? != 0 ]; then
-    echo "Keystore file damaged"
-    exit 2
-fi
--- a/test/lib/jdk/test/lib/SecurityTools.java	Thu Apr 11 22:56:11 2019 -0400
+++ b/test/lib/jdk/test/lib/SecurityTools.java	Fri Apr 12 13:35:23 2019 +0800
@@ -28,6 +28,7 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
@@ -52,7 +53,7 @@
 
     private SecurityTools() {}
 
-    private static ProcessBuilder getProcessBuilder(String tool, List<String> args) {
+    public static ProcessBuilder getProcessBuilder(String tool, List<String> args) {
         JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK(tool)
                 .addVMArg("-Duser.language=en")
                 .addVMArg("-Duser.country=US");
@@ -62,6 +63,9 @@
         for (String arg : args) {
             if (arg.startsWith("-J")) {
                 launcher.addVMArg(arg.substring(2));
+            } else if (Platform.isWindows() && arg.isEmpty()) {
+                // JDK-6518827: special handling for empty argument on Windows
+                launcher.addToolArg("\"\"");
             } else {
                 launcher.addToolArg(arg);
             }
@@ -97,14 +101,13 @@
     /**
      * Runs keytool.
      *
-     * @param args arguments to keytool in a single string. Only call this if
-     *             there is no white space inside an argument. This string will
-     *             be split with {@code \s+}.
+     * @param args arguments to keytool in a single string. The string is
+     *             converted to be List with makeList.
      * @return an {@link OutputAnalyzer} object
      * @throws Exception if there is an error
      */
     public static OutputAnalyzer keytool(String args) throws Exception {
-        return keytool(args.split("\\s+"));
+        return keytool(makeList(args));
     }
 
     /**
@@ -174,15 +177,14 @@
     /**
      * Runs jarsigner.
      *
-     * @param args arguments to jarsigner in a single string. Only call this if
-     *             there is no white space inside an argument. This string will
-     *             be split with {@code \s+}.
+     * @param args arguments to jarsigner in a single string. The string is
+     *             converted to be List with makeList.
      * @return an {@link OutputAnalyzer} object
      * @throws Exception if there is an error
      */
     public static OutputAnalyzer jarsigner(String args) throws Exception {
 
-        return jarsigner(args.split("\\s+"));
+        return jarsigner(makeList(args));
     }
 
     /**
@@ -199,29 +201,79 @@
     /**
      * Runs ktab.
      *
-     * @param args arguments to ktab in a single string. Only call this if
-     *             there is no white space inside an argument. This string will
-     *             be split with {@code \s+}.
+     * @param args arguments to ktab in a single string. The string is
+     *             converted to be List with makeList.
      * @return an {@link OutputAnalyzer} object
      * @throws Exception if there is an error
      */
     public static OutputAnalyzer ktab(String args) throws Exception {
-        return execute(getProcessBuilder(
-                "ktab", List.of(args.trim().split("\\s+"))));
+        return execute(getProcessBuilder("ktab", makeList(args)));
     }
 
     /**
      * Runs klist.
      *
-     * @param args arguments to klist in a single string. Only call this if
-     *             there is no white space inside an argument. This string will
-     *             be split with {@code \s+}.
+     * @param args arguments to klist in a single string. The string is
+     *             converted to be List with makeList.
      * @return an {@link OutputAnalyzer} object
      * @throws Exception if there is an error
      */
     public static OutputAnalyzer klist(String args) throws Exception {
-        return execute(getProcessBuilder(
-                "klist", List.of(args.trim().split("\\s+"))));
+        return execute(getProcessBuilder("klist", makeList(args)));
+    }
+
+    /**
+     * Runs jar.
+     *
+     * @param args arguments to jar in a single string. The string is
+     *             converted to be List with makeList.
+     * @return an {@link OutputAnalyzer} object
+     * @throws Exception if there is an error
+     */
+    public static OutputAnalyzer jar(String args) throws Exception {
+        return execute(getProcessBuilder("jar", makeList(args)));
+    }
+
+    /**
+     * Split a line to a list of string. All whitespaces are treated as
+     * delimiters unless quoted between ` and `.
+     *
+     * @param line the input
+     * @return the list
+     */
+    public static List<String> makeList(String line) {
+        List<String> result = new ArrayList<>();
+        StringBuilder sb = new StringBuilder();
+        boolean inBackTick = false;
+        for (char c : line.toCharArray()) {
+            if (inBackTick) {
+                if (c == '`') {
+                    result.add(sb.toString());
+                    sb.setLength(0);
+                    inBackTick = false;
+                } else {
+                    sb.append(c);
+                }
+            } else {
+                if (sb.length() == 0 && c == '`') {
+                    // Allow ` inside a string
+                    inBackTick = true;
+                } else {
+                    if (Character.isWhitespace(c)) {
+                        if (sb.length() != 0) {
+                            result.add(sb.toString());
+                            sb.setLength(0);
+                        }
+                    } else {
+                        sb.append(c);
+                    }
+                }
+            }
+        }
+        if (sb.length() != 0) {
+            result.add(sb.toString());
+        }
+        return result;
     }
 }