/* * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @bug 8023197 * @summary Pre-configured command line options for keytool and jarsigner * @library /test/lib */ import jdk.test.lib.SecurityTools; import jdk.test.lib.process.OutputAnalyzer; import jdk.test.lib.process.ProcessTools; import java.nio.file.Files; import java.nio.file.Path; import java.util.List; public class DefaultOptions { public static void main(String[] args) throws Throwable { Files.write(Path.of("kt.conf"), List.of( "# A Pre-configured options file", "keytool.all = -storepass:env PASS -keypass:env PASS " + "-keystore ${user.dir}/ks -debug", "keytool.genkey = -keyalg ec -ext bc", "keytool.delete = -keystore nothing")); // kt.conf is read keytool("-conf kt.conf -genkeypair -dname CN=A -alias a") .shouldHaveExitValue(0); keytool("-conf kt.conf -list -alias a -v") .shouldHaveExitValue(0) .shouldMatch("Signature algorithm name.*ECDSA") .shouldContain("BasicConstraints"); // kt.conf is read, and dup multi-valued options processed as expected keytool("-conf kt.conf -genkeypair -dname CN=B -alias b -ext ku=ds") .shouldHaveExitValue(0); keytool("-conf kt.conf -list -alias b -v") .shouldHaveExitValue(0) .shouldContain("BasicConstraints") .shouldContain("DigitalSignature"); // Single-valued option in command section override all keytool("-conf kt.conf -delete -alias a") .shouldNotHaveExitValue(0); // Single-valued option on command line overrides again keytool("-conf kt.conf -delete -alias b -keystore ks") .shouldHaveExitValue(0); // Error cases // File does not exist keytool("-conf no-such-file -help -list") .shouldNotHaveExitValue(0); // Cannot have both standard name (-genkeypair) and legacy name (-genkey) Files.write(Path.of("bad.conf"), List.of( "keytool.all = -storepass:env PASS -keypass:env PASS -keystore ks", "keytool.genkeypair = -keyalg rsa", "keytool.genkey = -keyalg ec")); keytool("-conf bad.conf -genkeypair -alias me -dname cn=me") .shouldNotHaveExitValue(0); // Unknown options are rejected by tool Files.write(Path.of("bad.conf"), List.of( "keytool.all=-unknown")); keytool("-conf bad.conf -help -list").shouldNotHaveExitValue(0); // System property must be present Files.write(Path.of("bad.conf"), List.of( "keytool.all = -keystore ${no.such.prop}")); keytool("-conf bad.conf -help -list").shouldNotHaveExitValue(0); } // Run keytool with one environment variable PASS=changeit static OutputAnalyzer keytool(String cmd) throws Throwable { ProcessBuilder pb = SecurityTools.getProcessBuilder( "keytool", List.of(cmd.trim().split("\\s+"))); pb.environment().put("PASS", "changeit"); return ProcessTools.executeCommand(pb); } }