120 lines
4.2 KiB
Java
120 lines
4.2 KiB
Java
|
/*
|
||
|
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
|
||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||
|
*
|
||
|
* This code is free software; you can redistribute it and/or modify it
|
||
|
* under the terms of the GNU General Public License version 2 only, as
|
||
|
* published by the Free Software Foundation.
|
||
|
*
|
||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||
|
* accompanied this code).
|
||
|
*
|
||
|
* You should have received a copy of the GNU General Public License version
|
||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||
|
*
|
||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||
|
* or visit www.oracle.com if you need additional information or have any
|
||
|
* questions.
|
||
|
*/
|
||
|
|
||
|
/*
|
||
|
* @test
|
||
|
* @bug 8010125 8192988
|
||
|
* @summary keytool should support -storepasswd for pkcs12 keystores
|
||
|
* @library /test/lib
|
||
|
* @build jdk.test.lib.SecurityTools
|
||
|
* jdk.test.lib.Utils
|
||
|
* jdk.test.lib.Asserts
|
||
|
* jdk.test.lib.JDKToolFinder
|
||
|
* jdk.test.lib.JDKToolLauncher
|
||
|
* jdk.test.lib.Platform
|
||
|
* jdk.test.lib.process.*
|
||
|
* @run main JKStoPKCS12
|
||
|
*/
|
||
|
|
||
|
import jdk.test.lib.Asserts;
|
||
|
import jdk.test.lib.SecurityTools;
|
||
|
import jdk.test.lib.process.OutputAnalyzer;
|
||
|
|
||
|
import java.io.File;
|
||
|
import java.nio.file.Files;
|
||
|
import java.nio.file.Paths;
|
||
|
import java.security.KeyStore;
|
||
|
import java.util.Collections;
|
||
|
|
||
|
public class JKStoPKCS12 {
|
||
|
|
||
|
static String srcStorePass, srcKeyPass;
|
||
|
|
||
|
public static void main(String[] args) throws Exception {
|
||
|
|
||
|
// Part 1: JKS keystore with same storepass and keypass
|
||
|
genJKS("pass1111", "pass1111");
|
||
|
|
||
|
// Change storepass, keypass also changes
|
||
|
convert("pass2222", null);
|
||
|
// You can keep storepass unchanged
|
||
|
convert("pass1111", null);
|
||
|
// Or change storepass and keypass both, explicitly
|
||
|
convert("pass2222", "pass2222");
|
||
|
|
||
|
// Part 2: JKS keystore with different storepass and keypass
|
||
|
Files.delete(Paths.get("jks"));
|
||
|
genJKS("pass1111", "pass2222");
|
||
|
|
||
|
// Can use old keypass as new storepass so new storepass and keypass are same
|
||
|
convert("pass2222", null);
|
||
|
// Or specify both storepass and keypass to brand new ones
|
||
|
convert("pass3333", "pass3333");
|
||
|
// Or change storepass, keypass also changes. Remember to provide srckeypass
|
||
|
convert("pass1111", null);
|
||
|
}
|
||
|
|
||
|
// Generate JKS keystore with srcStorePass and srcKeyPass
|
||
|
static void genJKS(String storePass, String keyPass)
|
||
|
throws Exception {
|
||
|
srcStorePass = storePass;
|
||
|
srcKeyPass = keyPass;
|
||
|
kt("-genkeypair -keystore jks -storetype jks "
|
||
|
+ "-alias me -dname CN=Me -keyalg rsa "
|
||
|
+ "-storepass " + srcStorePass + " -keypass " + srcKeyPass)
|
||
|
.shouldHaveExitValue(0);
|
||
|
}
|
||
|
|
||
|
// Convert JKS to PKCS12 with destStorePass and destKeyPass (optional)
|
||
|
static void convert(String destStorePass, String destKeyPass)
|
||
|
throws Exception {
|
||
|
|
||
|
String cmd = "-importkeystore -noprompt"
|
||
|
+ " -srcstoretype jks -srckeystore jks"
|
||
|
+ " -destkeystore p12 -deststoretype pkcs12"
|
||
|
+ " -srcstorepass " + srcStorePass
|
||
|
+ " -deststorepass " + destStorePass;
|
||
|
|
||
|
// Must import by alias (-srckeypass not available when importing all)
|
||
|
if (!srcStorePass.equals(srcKeyPass)) {
|
||
|
cmd += " -srcalias me";
|
||
|
cmd += " -srckeypass " + srcKeyPass;
|
||
|
}
|
||
|
if (destKeyPass != null) {
|
||
|
cmd += " -destkeypass " + destKeyPass;
|
||
|
}
|
||
|
|
||
|
kt(cmd).shouldHaveExitValue(0);
|
||
|
|
||
|
// Confirms the storepass and keypass are all correct
|
||
|
KeyStore.getInstance(new File("p12"), destStorePass.toCharArray())
|
||
|
.getKey("me", destStorePass.toCharArray());
|
||
|
|
||
|
Files.delete(Paths.get("p12"));
|
||
|
}
|
||
|
|
||
|
static OutputAnalyzer kt(String arg) throws Exception {
|
||
|
return SecurityTools.keytool(arg);
|
||
|
}
|
||
|
}
|