6599979: KeyStore.setEntry/setKeyEntry() do not override existing entry for secret key objects
Override existing secret key entry when setEntry/setKeyEntry() is called Reviewed-by: andreas
This commit is contained in:
parent
4b9b2408f3
commit
adaa79491e
jdk
src/share/classes/sun/security/pkcs11
test/sun/security/pkcs11/KeyStore
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2003-2006 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -156,10 +156,10 @@ final class P11KeyStore extends KeyStoreSpi {
|
||||
// CKA_CLASS - entry type
|
||||
private CK_ATTRIBUTE type = null;
|
||||
|
||||
// CKA_LABEL of cert
|
||||
// CKA_LABEL of cert and secret key
|
||||
private String label = null;
|
||||
|
||||
// CKA_ID - of private key/cert
|
||||
// CKA_ID of the private key/cert pair
|
||||
private byte[] id = null;
|
||||
|
||||
// CKA_TRUSTED - true if cert is trusted
|
||||
@ -871,10 +871,8 @@ final class P11KeyStore extends KeyStoreSpi {
|
||||
if ((token.tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) == 0) {
|
||||
token.provider.login(null, handler);
|
||||
} else {
|
||||
|
||||
// token supports protected authentication path
|
||||
// (external pin-pad, for example)
|
||||
|
||||
if (handler != null &&
|
||||
!token.config.getKeyStoreCompatibilityMode()) {
|
||||
throw new LoginException("can not specify password if token " +
|
||||
@ -1130,19 +1128,14 @@ final class P11KeyStore extends KeyStoreSpi {
|
||||
SecretKey skey = ske.getSecretKey();
|
||||
|
||||
try {
|
||||
// first see if the key already exists.
|
||||
// if so, update the CKA_LABEL
|
||||
if (!updateSkey(alias)) {
|
||||
|
||||
// key entry does not exist.
|
||||
// delete existing entry for alias and
|
||||
// create new secret key entry
|
||||
// (new entry might be a secret key
|
||||
// session object converted into a token object)
|
||||
// first check if the key already exists
|
||||
AliasInfo aliasInfo = aliasMap.get(alias);
|
||||
|
||||
if (aliasInfo != null) {
|
||||
engineDeleteEntry(alias);
|
||||
storeSkey(alias, ske);
|
||||
}
|
||||
storeSkey(alias, ske);
|
||||
|
||||
} catch (PKCS11Exception pe) {
|
||||
throw new KeyStoreException(pe);
|
||||
}
|
||||
@ -1396,41 +1389,6 @@ final class P11KeyStore extends KeyStoreSpi {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* return true if update occurred
|
||||
*/
|
||||
private boolean updateSkey(String alias)
|
||||
throws KeyStoreException, PKCS11Exception {
|
||||
|
||||
Session session = null;
|
||||
try {
|
||||
session = token.getOpSession();
|
||||
|
||||
// first update existing secret key CKA_LABEL
|
||||
|
||||
THandle h = getTokenObject(session, ATTR_CLASS_SKEY, null, alias);
|
||||
if (h.type != ATTR_CLASS_SKEY) {
|
||||
if (debug != null) {
|
||||
debug.println("did not find secret key " +
|
||||
"with CKA_LABEL [" + alias + "]");
|
||||
}
|
||||
return false;
|
||||
}
|
||||
CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] {
|
||||
new CK_ATTRIBUTE(CKA_LABEL, alias) };
|
||||
token.p11.C_SetAttributeValue(session.id(), h.handle, attrs);
|
||||
|
||||
if (debug != null) {
|
||||
debug.println("updateSkey set new alias [" +
|
||||
alias +
|
||||
"] for secret key entry");
|
||||
}
|
||||
|
||||
return true;
|
||||
} finally {
|
||||
token.releaseSession(session);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* XXX On ibutton, when you C_SetAttribute(CKA_ID) for a private key
|
||||
@ -1532,30 +1490,6 @@ final class P11KeyStore extends KeyStoreSpi {
|
||||
}
|
||||
}
|
||||
|
||||
private void updateP11Skey(String alias, P11Key key)
|
||||
throws PKCS11Exception {
|
||||
|
||||
Session session = null;
|
||||
try {
|
||||
session = token.getOpSession();
|
||||
|
||||
// session key - convert to token key and set CKA_LABEL
|
||||
|
||||
CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] {
|
||||
ATTR_TOKEN_TRUE,
|
||||
new CK_ATTRIBUTE(CKA_LABEL, alias) };
|
||||
token.p11.C_CopyObject(session.id(), key.keyID, attrs);
|
||||
if (debug != null) {
|
||||
debug.println("updateP11Skey copied secret session key " +
|
||||
"for [" +
|
||||
alias +
|
||||
"] to token entry");
|
||||
}
|
||||
} finally {
|
||||
token.releaseSession(session);
|
||||
}
|
||||
}
|
||||
|
||||
private void updateP11Pkey(String alias, CK_ATTRIBUTE attribute, P11Key key)
|
||||
throws PKCS11Exception {
|
||||
|
||||
@ -1689,48 +1623,26 @@ final class P11KeyStore extends KeyStoreSpi {
|
||||
throws PKCS11Exception, KeyStoreException {
|
||||
|
||||
SecretKey skey = ske.getSecretKey();
|
||||
long keyType = CKK_GENERIC_SECRET;
|
||||
|
||||
if (skey instanceof P11Key && this.token == ((P11Key)skey).token) {
|
||||
updateP11Skey(alias, (P11Key)skey);
|
||||
return;
|
||||
}
|
||||
|
||||
if ("AES".equalsIgnoreCase(skey.getAlgorithm())) {
|
||||
keyType = CKK_AES;
|
||||
} else if ("Blowfish".equalsIgnoreCase(skey.getAlgorithm())) {
|
||||
keyType = CKK_BLOWFISH;
|
||||
} else if ("DES".equalsIgnoreCase(skey.getAlgorithm())) {
|
||||
keyType = CKK_DES;
|
||||
} else if ("DESede".equalsIgnoreCase(skey.getAlgorithm())) {
|
||||
keyType = CKK_DES3;
|
||||
} else if ("RC4".equalsIgnoreCase(skey.getAlgorithm()) ||
|
||||
"ARCFOUR".equalsIgnoreCase(skey.getAlgorithm())) {
|
||||
keyType = CKK_RC4;
|
||||
}
|
||||
|
||||
// No need to specify CKA_CLASS, CKA_KEY_TYPE, CKA_VALUE since
|
||||
// they are handled in P11SecretKeyFactory.createKey() method.
|
||||
CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] {
|
||||
ATTR_SKEY_TOKEN_TRUE,
|
||||
ATTR_CLASS_SKEY,
|
||||
ATTR_PRIVATE_TRUE,
|
||||
new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
|
||||
new CK_ATTRIBUTE(CKA_LABEL, alias),
|
||||
new CK_ATTRIBUTE(CKA_VALUE, skey.getEncoded()) };
|
||||
attrs = token.getAttributes
|
||||
(TemplateManager.O_IMPORT, CKO_SECRET_KEY, keyType, attrs);
|
||||
|
||||
// create the new entry
|
||||
Session session = null;
|
||||
ATTR_SKEY_TOKEN_TRUE,
|
||||
ATTR_PRIVATE_TRUE,
|
||||
new CK_ATTRIBUTE(CKA_LABEL, alias),
|
||||
};
|
||||
try {
|
||||
session = token.getOpSession();
|
||||
token.p11.C_CreateObject(session.id(), attrs);
|
||||
if (debug != null) {
|
||||
debug.println("storeSkey created token secret key for [" +
|
||||
alias +
|
||||
"]");
|
||||
}
|
||||
} finally {
|
||||
token.releaseSession(session);
|
||||
P11SecretKeyFactory.convertKey(token, skey, null, attrs);
|
||||
} catch (InvalidKeyException ike) {
|
||||
// re-throw KeyStoreException to match javadoc
|
||||
throw new KeyStoreException("Cannot convert to PKCS11 keys", ike);
|
||||
}
|
||||
|
||||
// update global alias map
|
||||
aliasMap.put(alias, new AliasInfo(alias));
|
||||
|
||||
if (debug != null) {
|
||||
debug.println("storeSkey created token secret key for [" +
|
||||
alias + "]");
|
||||
}
|
||||
}
|
||||
|
||||
@ -2492,7 +2404,8 @@ final class P11KeyStore extends KeyStoreSpi {
|
||||
// if there are duplicates (either between secret keys,
|
||||
// or between a secret key and another object),
|
||||
// throw an exception
|
||||
HashSet<String> sKeySet = new HashSet<String>();
|
||||
HashMap<String, AliasInfo> sKeyMap =
|
||||
new HashMap<String, AliasInfo>();
|
||||
|
||||
attrs = new CK_ATTRIBUTE[] {
|
||||
ATTR_SKEY_TOKEN_TRUE,
|
||||
@ -2507,8 +2420,8 @@ final class P11KeyStore extends KeyStoreSpi {
|
||||
|
||||
// there is a CKA_LABEL
|
||||
String cka_label = new String(attrs[0].getCharArray());
|
||||
if (!sKeySet.contains(cka_label)) {
|
||||
sKeySet.add(cka_label);
|
||||
if (sKeyMap.get(cka_label) == null) {
|
||||
sKeyMap.put(cka_label, new AliasInfo(cka_label));
|
||||
} else {
|
||||
throw new KeyStoreException("invalid KeyStore state: " +
|
||||
"found multiple secret keys sharing same " +
|
||||
@ -2523,7 +2436,7 @@ final class P11KeyStore extends KeyStoreSpi {
|
||||
ArrayList<AliasInfo> matchedCerts =
|
||||
mapPrivateKeys(pkeyIDs, certMap);
|
||||
boolean sharedLabel = mapCerts(matchedCerts, certMap);
|
||||
mapSecretKeys(sKeySet);
|
||||
mapSecretKeys(sKeyMap);
|
||||
|
||||
return sharedLabel;
|
||||
|
||||
@ -2547,7 +2460,7 @@ final class P11KeyStore extends KeyStoreSpi {
|
||||
HashMap<String, HashSet<AliasInfo>> certMap)
|
||||
throws PKCS11Exception, CertificateException {
|
||||
|
||||
// global alias map
|
||||
// reset global alias map
|
||||
aliasMap = new HashMap<String, AliasInfo>();
|
||||
|
||||
// list of matched certs that we will return
|
||||
@ -2722,18 +2635,17 @@ final class P11KeyStore extends KeyStoreSpi {
|
||||
* If the secret key shares a CKA_LABEL with another entry,
|
||||
* throw an exception
|
||||
*/
|
||||
private void mapSecretKeys(HashSet<String> sKeySet)
|
||||
private void mapSecretKeys(HashMap<String, AliasInfo> sKeyMap)
|
||||
throws KeyStoreException {
|
||||
for (String label : sKeySet) {
|
||||
if (!aliasMap.containsKey(label)) {
|
||||
aliasMap.put(label, new AliasInfo(label));
|
||||
} else {
|
||||
for (String label : sKeyMap.keySet()) {
|
||||
if (aliasMap.containsKey(label)) {
|
||||
throw new KeyStoreException("invalid KeyStore state: " +
|
||||
"found secret key sharing CKA_LABEL [" +
|
||||
label +
|
||||
"] with another token object");
|
||||
}
|
||||
}
|
||||
aliasMap.putAll(sKeyMap);
|
||||
}
|
||||
|
||||
private void dumpTokenMap() {
|
||||
|
@ -108,6 +108,17 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
|
||||
*/
|
||||
static P11Key convertKey(Token token, Key key, String algo)
|
||||
throws InvalidKeyException {
|
||||
return convertKey(token, key, algo, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Convert an arbitrary key of algorithm w/ custom attributes into a
|
||||
* P11Key of provider.
|
||||
* Used in P11KeyStore.storeSkey.
|
||||
*/
|
||||
static P11Key convertKey(Token token, Key key, String algo,
|
||||
CK_ATTRIBUTE[] extraAttrs)
|
||||
throws InvalidKeyException {
|
||||
token.ensureValid();
|
||||
if (key == null) {
|
||||
throw new InvalidKeyException("Key must not be null");
|
||||
@ -134,6 +145,22 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
|
||||
if (key instanceof P11Key) {
|
||||
P11Key p11Key = (P11Key)key;
|
||||
if (p11Key.token == token) {
|
||||
if (extraAttrs != null) {
|
||||
Session session = null;
|
||||
try {
|
||||
session = token.getObjSession();
|
||||
long newKeyID = token.p11.C_CopyObject(session.id(),
|
||||
p11Key.keyID, extraAttrs);
|
||||
p11Key = (P11Key) (P11Key.secretKey(p11Key.session,
|
||||
newKeyID, p11Key.algorithm, p11Key.keyLength,
|
||||
extraAttrs));
|
||||
} catch (PKCS11Exception p11e) {
|
||||
throw new InvalidKeyException
|
||||
("Cannot duplicate the PKCS11 key", p11e);
|
||||
} finally {
|
||||
token.releaseSession(session);
|
||||
}
|
||||
}
|
||||
return p11Key;
|
||||
}
|
||||
}
|
||||
@ -141,11 +168,11 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
|
||||
if (p11Key != null) {
|
||||
return p11Key;
|
||||
}
|
||||
if ("RAW".equals(key.getFormat()) == false) {
|
||||
if ("RAW".equalsIgnoreCase(key.getFormat()) == false) {
|
||||
throw new InvalidKeyException("Encoded format must be RAW");
|
||||
}
|
||||
byte[] encoded = key.getEncoded();
|
||||
p11Key = createKey(token, encoded, algo, algoType);
|
||||
p11Key = createKey(token, encoded, algo, algoType, extraAttrs);
|
||||
token.secretCache.put(key, p11Key);
|
||||
return p11Key;
|
||||
}
|
||||
@ -159,7 +186,8 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
|
||||
}
|
||||
|
||||
private static P11Key createKey(Token token, byte[] encoded,
|
||||
String algorithm, long keyType) throws InvalidKeyException {
|
||||
String algorithm, long keyType, CK_ATTRIBUTE[] extraAttrs)
|
||||
throws InvalidKeyException {
|
||||
int n = encoded.length << 3;
|
||||
int keyLength = n;
|
||||
try {
|
||||
@ -220,11 +248,17 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
|
||||
}
|
||||
Session session = null;
|
||||
try {
|
||||
CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
|
||||
new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
|
||||
new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType),
|
||||
new CK_ATTRIBUTE(CKA_VALUE, encoded)
|
||||
};
|
||||
CK_ATTRIBUTE[] attributes;
|
||||
if (extraAttrs != null) {
|
||||
attributes = new CK_ATTRIBUTE[3 + extraAttrs.length];
|
||||
System.arraycopy(extraAttrs, 0, attributes, 3,
|
||||
extraAttrs.length);
|
||||
} else {
|
||||
attributes = new CK_ATTRIBUTE[3];
|
||||
}
|
||||
attributes[0] = new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY);
|
||||
attributes[1] = new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType);
|
||||
attributes[2] = new CK_ATTRIBUTE(CKA_VALUE, encoded);
|
||||
attributes = token.getAttributes
|
||||
(O_IMPORT, CKO_SECRET_KEY, keyType, attributes);
|
||||
session = token.getObjSession();
|
||||
@ -273,7 +307,7 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi {
|
||||
private byte[] getKeyBytes(SecretKey key) throws InvalidKeySpecException {
|
||||
try {
|
||||
key = engineTranslateKey(key);
|
||||
if ("RAW".equals(key.getFormat()) == false) {
|
||||
if ("RAW".equalsIgnoreCase(key.getFormat()) == false) {
|
||||
throw new InvalidKeySpecException
|
||||
("Could not obtain key bytes");
|
||||
}
|
||||
|
194
jdk/test/sun/security/pkcs11/KeyStore/SecretKeysBasic.java
Normal file
194
jdk/test/sun/security/pkcs11/KeyStore/SecretKeysBasic.java
Normal file
@ -0,0 +1,194 @@
|
||||
/*
|
||||
* Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
||||
* CA 95054 USA or visit www.sun.com if you need additional information or
|
||||
* have any questions.
|
||||
*/
|
||||
|
||||
import java.io.*;
|
||||
import java.util.*;
|
||||
import java.lang.reflect.*;
|
||||
|
||||
import java.security.*;
|
||||
import java.security.cert.*;
|
||||
import java.security.spec.*;
|
||||
import java.security.interfaces.*;
|
||||
import java.math.BigInteger;
|
||||
|
||||
import javax.crypto.*;
|
||||
import javax.crypto.spec.*;
|
||||
|
||||
public class SecretKeysBasic extends PKCS11Test {
|
||||
|
||||
private static final char SEP = File.separatorChar;
|
||||
private static char[] tokenPwd;
|
||||
private static final char[] nssPwd =
|
||||
new char[]{'t', 'e', 's', 't', '1', '2'};
|
||||
private static final char[] solarisPwd =
|
||||
new char[]{'p', 'i', 'n'};
|
||||
private static SecretKey sk1;
|
||||
private static SecretKey sk2;
|
||||
private static SecretKey softkey;
|
||||
private static KeyStore ks;
|
||||
private static final String KS_TYPE = "PKCS11";
|
||||
private static Provider provider;
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
main(new SecretKeysBasic());
|
||||
}
|
||||
|
||||
public void main(Provider p) throws Exception {
|
||||
this.provider = p;
|
||||
|
||||
// create secret key
|
||||
byte[] keyVal = new byte[16];
|
||||
(new SecureRandom()).nextBytes(keyVal);
|
||||
// NSS will throw CKR_HOST_MEMORY if calling C_DecryptInit w/
|
||||
// (keyVal[0] == 0)
|
||||
if (keyVal[0] == 0) {
|
||||
keyVal[0] = 1;
|
||||
}
|
||||
softkey = new SecretKeySpec(keyVal, "AES");
|
||||
dumpKey("softkey", softkey);
|
||||
|
||||
KeyGenerator kg = KeyGenerator.getInstance("DESede", provider);
|
||||
sk1 = kg.generateKey();
|
||||
dumpKey("skey1", sk1);
|
||||
sk2 = kg.generateKey();
|
||||
dumpKey("skey2", sk2);
|
||||
|
||||
String token = System.getProperty("TOKEN");
|
||||
|
||||
if (token == null || token.length() == 0) {
|
||||
System.out.println("Error: missing TOKEN system property");
|
||||
throw new Exception("token arg required");
|
||||
}
|
||||
|
||||
if ("nss".equals(token)) {
|
||||
tokenPwd = nssPwd;
|
||||
} else if ("solaris".equals(token)) {
|
||||
tokenPwd = solarisPwd;
|
||||
}
|
||||
|
||||
int testnum = 1;
|
||||
doTest();
|
||||
}
|
||||
|
||||
private static boolean checkSecretKeyEntry(String alias,
|
||||
SecretKey expected,
|
||||
boolean saveBeforeCheck)
|
||||
throws Exception {
|
||||
if (saveBeforeCheck) {
|
||||
ks.setKeyEntry(alias, expected, null, null);
|
||||
}
|
||||
SecretKey result = (SecretKey) (ks.getKey(alias, null));
|
||||
String keyEncFormat = result.getFormat();
|
||||
if (keyEncFormat == null) {
|
||||
// sensitive or un-extractable keys - verify by encrypt/decrypt
|
||||
byte[] data = new byte[64];
|
||||
Cipher c =
|
||||
Cipher.getInstance(result.getAlgorithm() + "/CBC/NoPadding",
|
||||
provider);
|
||||
c.init(Cipher.ENCRYPT_MODE, expected);
|
||||
byte[] encOut = c.doFinal(data);
|
||||
c.init(Cipher.DECRYPT_MODE, result, c.getParameters());
|
||||
byte[] decOut = c.doFinal(encOut);
|
||||
if (!Arrays.equals(data, decOut)) {
|
||||
return false;
|
||||
}
|
||||
} else if (keyEncFormat.toUpperCase().equals("RAW")) {
|
||||
if (!Arrays.equals(result.getEncoded(), expected.getEncoded())) {
|
||||
dumpKey("\texpected:", expected);
|
||||
dumpKey("\treturns:", result);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
private static void dumpKey(String info, SecretKey key) {
|
||||
System.out.println(info + "> " + key);
|
||||
System.out.println("\tALGO=" + key.getAlgorithm());
|
||||
if (key.getFormat() != null) {
|
||||
System.out.println("\t[" + key.getFormat() + "] VALUE=" +
|
||||
new BigInteger(key.getEncoded()));
|
||||
} else {
|
||||
System.out.println("\tVALUE=n/a");
|
||||
}
|
||||
}
|
||||
|
||||
private static void doTest() throws Exception {
|
||||
if (ks == null) {
|
||||
ks = KeyStore.getInstance(KS_TYPE, provider);
|
||||
ks.load(null, tokenPwd);
|
||||
}
|
||||
|
||||
System.out.println("Number of entries: " + ks.size());
|
||||
if (ks.size() != 0) {
|
||||
System.out.println("Deleting entries under aliases: ");
|
||||
for (Enumeration<String> aliases = ks.aliases();
|
||||
aliases.hasMoreElements();) {
|
||||
String alias = aliases.nextElement();
|
||||
System.out.println("\t" + alias);
|
||||
ks.deleteEntry(alias);
|
||||
}
|
||||
}
|
||||
|
||||
String alias = "testSKey";
|
||||
|
||||
boolean testResult = checkSecretKeyEntry(alias, softkey, true);
|
||||
if (!testResult) {
|
||||
System.out.println("FAILURE: setKey() w/ softSecretKey failed");
|
||||
}
|
||||
|
||||
if (!checkSecretKeyEntry(alias, sk1, true)) {
|
||||
testResult = false;
|
||||
System.out.println("FAILURE: setKey() w/ skey1 failed");
|
||||
}
|
||||
if (!checkSecretKeyEntry(alias, sk2, true)) {
|
||||
testResult = false;
|
||||
System.out.println("FAILURE: setKey() w/ skey2 failed");
|
||||
}
|
||||
|
||||
ks.store(null);
|
||||
System.out.println("Reloading keystore...");
|
||||
|
||||
ks.load(null, "whatever".toCharArray());
|
||||
if (ks.size() != 1) {
|
||||
System.out.println("FAILURE: reload#1 ks.size() != 1");
|
||||
}
|
||||
if (!checkSecretKeyEntry(alias, sk2, false)) {
|
||||
testResult = false;
|
||||
System.out.println("FAILURE: reload#1 ks entry check failed");
|
||||
}
|
||||
|
||||
ks.deleteEntry(alias);
|
||||
ks.store(null);
|
||||
|
||||
System.out.println("Reloading keystore...");
|
||||
ks.load(null, "whatever".toCharArray());
|
||||
if (ks.size() != 0) {
|
||||
testResult = false;
|
||||
System.out.println("FAILURE: reload#2 ks.size() != 0");
|
||||
}
|
||||
if (!testResult) {
|
||||
throw new Exception("One or more test failed!");
|
||||
}
|
||||
}
|
||||
}
|
164
jdk/test/sun/security/pkcs11/KeyStore/SecretKeysBasic.sh
Normal file
164
jdk/test/sun/security/pkcs11/KeyStore/SecretKeysBasic.sh
Normal file
@ -0,0 +1,164 @@
|
||||
#
|
||||
# Copyright 2008 Sun Microsystems, Inc. All Rights Reserved.
|
||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
#
|
||||
# This code is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License version 2 only, as
|
||||
# published by the Free Software Foundation.
|
||||
#
|
||||
# This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
# version 2 for more details (a copy is included in the LICENSE file that
|
||||
# accompanied this code).
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License version
|
||||
# 2 along with this work; if not, write to the Free Software Foundation,
|
||||
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
||||
# CA 95054 USA or visit www.sun.com if you need additional information or
|
||||
# have any questions.
|
||||
#
|
||||
|
||||
# @test
|
||||
# @bug 6599979
|
||||
# @summary Ensure that re-assigning the alias works
|
||||
#
|
||||
# @run shell SecretKeysBasic.sh
|
||||
#
|
||||
# To run by hand:
|
||||
# %sh SecretKeysBasic.sh
|
||||
#
|
||||
# Note:
|
||||
# . test only runs on solaris at the moment
|
||||
|
||||
# set a few environment variables so that the shell-script can run stand-alone
|
||||
# in the source directory
|
||||
|
||||
# if running by hand on windows, change TESTSRC and TESTCLASSES to "."
|
||||
if [ "${TESTSRC}" = "" ] ; then
|
||||
TESTSRC=`pwd`
|
||||
fi
|
||||
if [ "${TESTCLASSES}" = "" ] ; then
|
||||
TESTCLASSES=`pwd`
|
||||
fi
|
||||
|
||||
# if running by hand on windows, change this to appropriate value
|
||||
if [ "${TESTJAVA}" = "" ] ; then
|
||||
TESTJAVA="/net/shimmer/export/valeriep/jdk7/build/solaris-sparc"
|
||||
fi
|
||||
echo TESTSRC=${TESTSRC}
|
||||
echo TESTCLASSES=${TESTCLASSES}
|
||||
echo TESTJAVA=${TESTJAVA}
|
||||
echo ""
|
||||
|
||||
#DEBUG=sunpkcs11,pkcs11keystore
|
||||
|
||||
echo DEBUG=${DEBUG}
|
||||
echo ""
|
||||
|
||||
OS=`uname -s`
|
||||
case "$OS" in
|
||||
SunOS )
|
||||
FS="/"
|
||||
PS=":"
|
||||
SCCS="${FS}usr${FS}ccs${FS}bin${FS}sccs"
|
||||
CP="${FS}bin${FS}cp -f"
|
||||
RM="${FS}bin${FS}rm -rf"
|
||||
MKDIR="${FS}bin${FS}mkdir -p"
|
||||
CHMOD="${FS}bin${FS}chmod"
|
||||
;;
|
||||
* )
|
||||
echo "Unsupported System ${OS} - Test only runs on Solaris"
|
||||
exit 0;
|
||||
;;
|
||||
esac
|
||||
|
||||
TOKENS="nss solaris"
|
||||
STATUS=0
|
||||
for token in ${TOKENS}
|
||||
do
|
||||
|
||||
if [ ${token} = "nss" ]
|
||||
then
|
||||
# make cert/key DBs writable if token is NSS
|
||||
${CP} ${TESTSRC}${FS}..${FS}nss${FS}db${FS}cert8.db ${TESTCLASSES}
|
||||
${CHMOD} +w ${TESTCLASSES}${FS}cert8.db
|
||||
|
||||
${CP} ${TESTSRC}${FS}..${FS}nss${FS}db${FS}key3.db ${TESTCLASSES}
|
||||
${CHMOD} +w ${TESTCLASSES}${FS}key3.db
|
||||
USED_FILE_LIST="${TESTCLASSES}${FS}cert8.db ${TESTCLASSES}${FS}key3.db"
|
||||
elif [ ${token} = "solaris" ]
|
||||
then
|
||||
OS_VERSION=`uname -r`
|
||||
case "${OS_VERSION}" in
|
||||
5.1* )
|
||||
SOFTTOKEN_DIR=${TESTCLASSES}
|
||||
export SOFTTOKEN_DIR
|
||||
;;
|
||||
* )
|
||||
echo "Unsupported Version ${OS_VERSION} - Test only runs on Solaris"
|
||||
exit 0;
|
||||
;;
|
||||
esac
|
||||
|
||||
# copy keystore into write-able location
|
||||
if [ -d ${TESTCLASSES}${FS}pkcs11_softtoken ]
|
||||
then
|
||||
echo "Removing old pkcs11_keystore, creating new pkcs11_keystore"
|
||||
|
||||
echo ${RM} ${TESTCLASSES}${FS}pkcs11_softtoken
|
||||
${RM} ${TESTCLASSES}${FS}pkcs11_softtoken
|
||||
fi
|
||||
echo ${MKDIR} ${TESTCLASSES}${FS}pkcs11_softtoken${FS}private
|
||||
${MKDIR} ${TESTCLASSES}${FS}pkcs11_softtoken${FS}private
|
||||
|
||||
echo ${MKDIR} ${TESTCLASSES}${FS}pkcs11_softtoken${FS}public
|
||||
${MKDIR} ${TESTCLASSES}${FS}pkcs11_softtoken${FS}public
|
||||
|
||||
echo ${CP} ${TESTSRC}${FS}BasicData${FS}pkcs11_softtoken${FS}objstore_info \
|
||||
${TESTCLASSES}${FS}pkcs11_softtoken
|
||||
${CP} ${TESTSRC}${FS}BasicData${FS}pkcs11_softtoken${FS}objstore_info \
|
||||
${TESTCLASSES}${FS}pkcs11_softtoken
|
||||
|
||||
echo ${CHMOD} +w ${TESTCLASSES}${FS}pkcs11_softtoken${FS}objstore_info
|
||||
${CHMOD} 600 ${TESTCLASSES}${FS}pkcs11_softtoken${FS}objstore_info
|
||||
USED_FILE_LIST="${TESTCLASSES}${FS}pkcs11_softtoken"
|
||||
fi
|
||||
|
||||
cd ${TESTCLASSES}
|
||||
${TESTJAVA}${FS}bin${FS}javac \
|
||||
-classpath ${TESTCLASSES} \
|
||||
-d ${TESTCLASSES} \
|
||||
${TESTSRC}${FS}SecretKeysBasic.java
|
||||
|
||||
# run test
|
||||
cd ${TESTSRC}
|
||||
${TESTJAVA}${FS}bin${FS}java \
|
||||
-DDIR=${TESTSRC}${FS}BasicData${FS} \
|
||||
-classpath ${TESTCLASSES}${PS}${TESTSRC}${FS}loader.jar \
|
||||
-DCUSTOM_DB_DIR=${TESTCLASSES} \
|
||||
-DCUSTOM_P11_CONFIG=${TESTSRC}${FS}BasicData${FS}p11-${token}.txt \
|
||||
-DNO_DEFAULT=true \
|
||||
-DNO_DEIMOS=true \
|
||||
-DTOKEN=${token} \
|
||||
-Djava.security.debug=${DEBUG} \
|
||||
SecretKeysBasic
|
||||
|
||||
# -DCUSTOM_P11_CONFIG=${TESTSRC}${FS}BasicData${FS}p11-${token}.txt \
|
||||
|
||||
# save error status
|
||||
if [ $? != 0 ]
|
||||
then
|
||||
echo "Test against " ${token} " Failed!"
|
||||
STATUS=1
|
||||
fi
|
||||
|
||||
# clean up
|
||||
${RM} ${USED_FILE_LIST}
|
||||
|
||||
done
|
||||
|
||||
# return
|
||||
exit ${STATUS}
|
Loading…
x
Reference in New Issue
Block a user