db85090553
Co-authored-by: Sean Mullan <mullan@openjdk.org> Co-authored-by: Alan Bateman <alanb@openjdk.org> Co-authored-by: Weijun Wang <weijun@openjdk.org> Co-authored-by: Aleksei Efimov <aefimov@openjdk.org> Co-authored-by: Brian Burkhalter <bpb@openjdk.org> Co-authored-by: Daniel Fuchs <dfuchs@openjdk.org> Co-authored-by: Harshitha Onkar <honkar@openjdk.org> Co-authored-by: Joe Wang <joehw@openjdk.org> Co-authored-by: Jorn Vernee <jvernee@openjdk.org> Co-authored-by: Justin Lu <jlu@openjdk.org> Co-authored-by: Kevin Walls <kevinw@openjdk.org> Co-authored-by: Lance Andersen <lancea@openjdk.org> Co-authored-by: Naoto Sato <naoto@openjdk.org> Co-authored-by: Roger Riggs <rriggs@openjdk.org> Co-authored-by: Brent Christian <bchristi@openjdk.org> Co-authored-by: Stuart Marks <smarks@openjdk.org> Co-authored-by: Ian Graves <igraves@openjdk.org> Co-authored-by: Phil Race <prr@openjdk.org> Co-authored-by: Erik Gahlin <egahlin@openjdk.org> Co-authored-by: Jaikiran Pai <jpai@openjdk.org> Reviewed-by: kevinw, aivanov, rriggs, lancea, coffeys, dfuchs, ihse, erikj, cjplummer, coleenp, naoto, mchung, prr, weijun, joehw, azvegint, psadhukhan, bchristi, sundar, attila
1480 lines
52 KiB
Java
1480 lines
52 KiB
Java
/*
|
|
* Copyright (c) 2003, 2024, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/* @test
|
|
* @bug 4938185
|
|
* @summary KeyStore support for NSS cert/key databases
|
|
* To run manually:
|
|
* set environment variable:
|
|
* <token> [activcard|ibutton|nss|sca1000]
|
|
* <command> [list|basic]
|
|
*
|
|
* Note:
|
|
* . 'list' lists the token aliases
|
|
* . 'basic' does not run with activcard,
|
|
* @library /test/lib ..
|
|
* @run testng/othervm Basic
|
|
*/
|
|
|
|
import java.io.*;
|
|
import java.nio.file.Path;
|
|
import java.util.*;
|
|
|
|
import java.security.KeyStore;
|
|
import java.security.KeyStoreException;
|
|
import java.security.KeyFactory;
|
|
import java.security.PrivateKey;
|
|
import java.security.Provider;
|
|
import java.security.Signature;
|
|
import java.security.Security;
|
|
|
|
import java.security.cert.*;
|
|
import java.security.spec.*;
|
|
import java.security.interfaces.*;
|
|
|
|
import javax.crypto.SecretKey;
|
|
|
|
import javax.security.auth.Subject;
|
|
|
|
import com.sun.security.auth.module.*;
|
|
import com.sun.security.auth.callback.*;
|
|
import jtreg.SkippedException;
|
|
import org.testng.SkipException;
|
|
import org.testng.annotations.BeforeClass;
|
|
import org.testng.annotations.Test;
|
|
|
|
|
|
public class Basic extends PKCS11Test {
|
|
|
|
private static final Path TEST_DATA_PATH = Path.of(BASE)
|
|
.resolve("BasicData");
|
|
private static final String DIR = TEST_DATA_PATH.toString();
|
|
private static char[] tokenPwd;
|
|
private static final char[] ibuttonPwd =
|
|
new char[0];
|
|
private static final char[] activcardPwd =
|
|
new char[] { '1', '1', '2', '2', '3', '3' };
|
|
private static final char[] nssPwd =
|
|
new char[] { 't', 'e', 's', 't', '1', '2' };
|
|
private static final char[] solarisPwd =
|
|
new char[] { 'p', 'i', 'n' };
|
|
private static final char[] sca1000Pwd =
|
|
new char[] { 'p', 'a', 's', 's', 'w', 'o', 'r', 'd' };
|
|
private static final char[] sPwd = { 'f', 'o', 'o' };
|
|
|
|
private static SecretKey sk1;
|
|
private static SecretKey sk2;
|
|
private static SecretKey sk3;
|
|
private static SecretKey sk4;
|
|
|
|
private static RSAPrivateCrtKey pk1;
|
|
private static PrivateKey pk2;
|
|
private static PrivateKey pk3;
|
|
|
|
private static Certificate[] chain1;
|
|
private static Certificate[] chain2;
|
|
private static Certificate[] chain3;
|
|
private static Certificate[] chain4;
|
|
|
|
private static X509Certificate randomCert;
|
|
|
|
private static KeyStore ks;
|
|
private static final String KS_TYPE = "PKCS11";
|
|
private static Provider provider;
|
|
|
|
@BeforeClass
|
|
public void setUp() throws Exception {
|
|
copyNssCertKeyToClassesDir();
|
|
setCommonSystemProps();
|
|
System.setProperty("CUSTOM_P11_CONFIG",
|
|
TEST_DATA_PATH.resolve("p11-nss.txt").toString());
|
|
System.setProperty("TOKEN", "nss");
|
|
System.setProperty("TEST", "basic");
|
|
}
|
|
|
|
@Test
|
|
public void testBasic() throws Exception {
|
|
try {
|
|
main(new Basic(), new String[0]);
|
|
} catch (SkippedException se) {
|
|
throw new SkipException("One or more tests are skipped");
|
|
}
|
|
}
|
|
|
|
private static class FooEntry implements KeyStore.Entry { }
|
|
|
|
private static class P11SecretKey implements SecretKey {
|
|
String alg;
|
|
int length;
|
|
public P11SecretKey(String alg, int length) {
|
|
this.alg = alg;
|
|
this.length = length;
|
|
}
|
|
public String getAlgorithm() { return alg; }
|
|
public String getFormat() { return "raw"; }
|
|
public byte[] getEncoded() { return new byte[length/8]; }
|
|
}
|
|
|
|
public void main(Provider p) throws Exception {
|
|
|
|
this.provider = p;
|
|
|
|
// get private keys
|
|
KeyFactory kf = KeyFactory.getInstance("RSA");
|
|
KeyFactory dsaKf = KeyFactory.getInstance("DSA",
|
|
System.getProperty("test.provider.name", "SUN"));
|
|
|
|
ObjectInputStream ois1 = new ObjectInputStream
|
|
(new FileInputStream(new File(DIR, "pk1.key")));
|
|
byte[] keyBytes = (byte[])ois1.readObject();
|
|
ois1.close();
|
|
PrivateKey tmpKey =
|
|
kf.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
|
|
pk1 = (RSAPrivateCrtKey)tmpKey;
|
|
|
|
ObjectInputStream ois2 = new ObjectInputStream
|
|
(new FileInputStream(new File(DIR, "pk2.key")));
|
|
keyBytes = (byte[])ois2.readObject();
|
|
ois2.close();
|
|
pk2 = kf.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
|
|
|
|
ObjectInputStream ois3 = new ObjectInputStream
|
|
(new FileInputStream(new File(DIR, "pk3.key")));
|
|
keyBytes = (byte[])ois3.readObject();
|
|
pk3 = kf.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
|
|
ois3.close();
|
|
|
|
// get cert chains for private keys
|
|
CertificateFactory cf = CertificateFactory.getInstance("X.509", "SUN");
|
|
Certificate caCert = cf.generateCertificate
|
|
(new FileInputStream(new File(DIR, "ca.cert")));
|
|
Certificate ca2Cert = cf.generateCertificate
|
|
(new FileInputStream(new File(DIR, "ca2.cert")));
|
|
Certificate pk1cert = cf.generateCertificate
|
|
(new FileInputStream(new File(DIR, "pk1.cert")));
|
|
Certificate pk1cert2 = cf.generateCertificate
|
|
(new FileInputStream(new File(DIR, "pk1.cert2")));
|
|
Certificate pk2cert = cf.generateCertificate
|
|
(new FileInputStream(new File(DIR, "pk2.cert")));
|
|
Certificate pk3cert = cf.generateCertificate
|
|
(new FileInputStream(new File(DIR, "pk3.cert")));
|
|
chain1 = new Certificate[] { pk1cert, caCert };
|
|
chain2 = new Certificate[] { pk2cert, caCert };
|
|
chain3 = new Certificate[] { pk3cert, caCert };
|
|
chain4 = new Certificate[] { pk1cert2, ca2Cert };
|
|
|
|
// create secret keys
|
|
sk1 = new P11SecretKey("DES", 64);
|
|
sk2 = new P11SecretKey("DESede", 192);
|
|
sk3 = new P11SecretKey("AES", 128);
|
|
sk4 = new P11SecretKey("RC4", 128);
|
|
|
|
// read randomCert
|
|
randomCert = (X509Certificate)cf.generateCertificate
|
|
(new FileInputStream(new File(DIR, "random.cert")));
|
|
|
|
doTest();
|
|
}
|
|
|
|
private static void doTest() throws Exception {
|
|
|
|
String token = System.getProperty("TOKEN");
|
|
String test = System.getProperty("TEST");
|
|
|
|
if (token == null || token.length() == 0) {
|
|
throw new Exception("token arg required");
|
|
}
|
|
if (test == null || test.length() == 0) {
|
|
throw new Exception("test arg required");
|
|
}
|
|
|
|
if ("ibutton".equals(token)) {
|
|
tokenPwd = ibuttonPwd;
|
|
} else if ("activcard".equals(token)) {
|
|
tokenPwd = activcardPwd;
|
|
} else if ("nss".equals(token)) {
|
|
tokenPwd = nssPwd;
|
|
} else if ("sca1000".equals(token)) {
|
|
tokenPwd = sca1000Pwd;
|
|
} else if ("solaris".equals(token)) {
|
|
tokenPwd = solarisPwd;
|
|
}
|
|
|
|
if ("list".equals(test)) {
|
|
Basic.list();
|
|
} else if ("basic".equals(test)) {
|
|
|
|
int testnum = 1;
|
|
|
|
if ("ibutton".equals(token)) {
|
|
// pkey and setAttribute
|
|
testnum = Basic.pkey(testnum);
|
|
testnum = Basic.setAttribute(testnum);
|
|
} else if ("activcard".equals(token)) {
|
|
// sign
|
|
testnum = Basic.signAlias(testnum, null);
|
|
} else if ("nss".equals(token)) {
|
|
// setAttribute, pkey, sign
|
|
testnum = Basic.setAttribute(testnum);
|
|
testnum = Basic.pkey(testnum);
|
|
testnum = Basic.sign(testnum);
|
|
testnum = Basic.copy(testnum);
|
|
} else if ("solaris".equals(token)) {
|
|
testnum = Basic.setAttribute(testnum);
|
|
testnum = Basic.pkey(testnum);
|
|
testnum = Basic.sign(testnum);
|
|
testnum = Basic.skey(testnum);
|
|
testnum = Basic.copy(testnum);
|
|
} else if ("sca1000".equals(token)) {
|
|
// setAttribute, pkey, sign, skey, copy
|
|
testnum = Basic.setAttribute(testnum);
|
|
testnum = Basic.pkey(testnum);
|
|
testnum = Basic.sign(testnum);
|
|
testnum = Basic.skey(testnum);
|
|
testnum = Basic.copy(testnum);
|
|
}
|
|
|
|
} else if ("pkey".equals(test)) {
|
|
Basic.pkey(1);
|
|
} else if ("skey".equals(test)) {
|
|
Basic.skey(1);
|
|
} else if ("setAttribute".equals(test)) {
|
|
Basic.setAttribute(1);
|
|
} else if ("copy".equals(test)) {
|
|
Basic.copy(1);
|
|
} else if ("sign".equals(test)) {
|
|
Basic.sign(1);
|
|
} else if ("module".equals(test)) {
|
|
Basic.module();
|
|
} else if ("nss-extended".equals(test)) {
|
|
|
|
// this only works if NSS_TEST is set to true in P11KeyStore.java
|
|
|
|
int testnum = 1;
|
|
testnum = Basic.setAttribute(testnum);
|
|
testnum = Basic.pkey(testnum);
|
|
testnum = Basic.sign(testnum);
|
|
testnum = Basic.extended(testnum);
|
|
} else {
|
|
System.out.println("unrecognized command");
|
|
}
|
|
}
|
|
|
|
private static int sign(int testnum) throws Exception {
|
|
if (ks == null) {
|
|
ks = KeyStore.getInstance(KS_TYPE, provider);
|
|
ks.load(null, tokenPwd);
|
|
}
|
|
if (!ks.containsAlias("pk1")) {
|
|
ks.setKeyEntry("pk1", pk1, null, chain1);
|
|
}
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
return signAlias(testnum, "pk1");
|
|
}
|
|
|
|
private static int signAlias(int testnum, String alias) throws Exception {
|
|
|
|
if (ks == null) {
|
|
ks = KeyStore.getInstance(KS_TYPE, provider);
|
|
ks.load(null, tokenPwd);
|
|
}
|
|
|
|
if (alias == null) {
|
|
Enumeration enu = ks.aliases();
|
|
if (enu.hasMoreElements()) {
|
|
alias = (String)enu.nextElement();
|
|
}
|
|
}
|
|
|
|
PrivateKey pkey = (PrivateKey)ks.getKey(alias, null);
|
|
if ("RSA".equals(pkey.getAlgorithm())) {
|
|
System.out.println("got [" + alias + "] signing key: " + pkey);
|
|
} else {
|
|
throw new SecurityException
|
|
("expected RSA, got " + pkey.getAlgorithm());
|
|
}
|
|
|
|
Signature s = Signature.getInstance("MD5WithRSA", ks.getProvider());
|
|
s.initSign(pkey);
|
|
System.out.println("initialized signature object with key");
|
|
s.update("hello".getBytes());
|
|
System.out.println("signature object updated with [hello] bytes");
|
|
|
|
byte[] signed = s.sign();
|
|
System.out.println("received signature " + signed.length +
|
|
" bytes in length");
|
|
|
|
Signature v = Signature.getInstance("MD5WithRSA", ks.getProvider());
|
|
v.initVerify(ks.getCertificate(alias));
|
|
v.update("hello".getBytes());
|
|
v.verify(signed);
|
|
System.out.println("signature verified");
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
return testnum;
|
|
}
|
|
|
|
private static int copy(int testnum) throws Exception {
|
|
|
|
if (ks == null) {
|
|
ks = KeyStore.getInstance(KS_TYPE, provider);
|
|
ks.load(null, tokenPwd);
|
|
}
|
|
|
|
KeyFactory kf = KeyFactory.getInstance("RSA", provider);
|
|
PrivateKey pkSession = (PrivateKey)kf.translateKey(pk3);
|
|
System.out.println("pkSession = " + pkSession);
|
|
ks.setKeyEntry("pkSession", pkSession, null, chain3);
|
|
|
|
KeyStore.PrivateKeyEntry pke =
|
|
(KeyStore.PrivateKeyEntry)ks.getEntry("pkSession", null);
|
|
System.out.println("pkSession = " + pke.getPrivateKey());
|
|
Certificate[] chain = pke.getCertificateChain();
|
|
if (chain.length != chain3.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain3[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
return testnum;
|
|
}
|
|
|
|
private static void list() throws Exception {
|
|
int testnum = 1;
|
|
|
|
ks = KeyStore.getInstance(KS_TYPE, provider);
|
|
|
|
// check instance
|
|
if (ks.getProvider() instanceof java.security.AuthProvider) {
|
|
System.out.println("keystore provider instance of AuthProvider");
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("did not get AuthProvider KeyStore");
|
|
}
|
|
|
|
// load
|
|
ks.load(null, tokenPwd);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// aliases
|
|
Enumeration enu = ks.aliases();
|
|
int count = 0;
|
|
while (enu.hasMoreElements()) {
|
|
count++;
|
|
System.out.println("alias " +
|
|
count +
|
|
" = " +
|
|
(String)enu.nextElement());
|
|
}
|
|
}
|
|
|
|
private static void module() throws Exception {
|
|
|
|
// perform Security.addProvider of P11 provider
|
|
Security.addProvider(getSunPKCS11(System.getProperty("CUSTOM_P11_CONFIG")));
|
|
|
|
String KS_PROVIDER = "SunPKCS11-" + System.getProperty("TOKEN");
|
|
|
|
KeyStoreLoginModule m = new KeyStoreLoginModule();
|
|
Subject s = new Subject();
|
|
Map<String, String> options = new HashMap<>();
|
|
options.put("keyStoreURL", "NONE");
|
|
options.put("keyStoreType", KS_TYPE);
|
|
options.put("keyStoreProvider", KS_PROVIDER);
|
|
options.put("debug", "true");
|
|
m.initialize(s, new TextCallbackHandler(), new HashMap<>(), options);
|
|
m.login();
|
|
m.commit();
|
|
System.out.println("authenticated subject = " + s);
|
|
m.logout();
|
|
System.out.println("authenticated subject = " + s);
|
|
}
|
|
|
|
/**
|
|
* SCA1000 does not handle extended secret key tests
|
|
* . Blowfish (CKR_TEMPLATE_INCOMPLETE)
|
|
* . AES (CKR_TEMPLATE_INCOMPLETE)
|
|
* . RC4 (CKR_ATTRIBUTE_TYPE_INVALID)
|
|
* so do this instead
|
|
*/
|
|
private static int skey(int testnum) throws Exception {
|
|
if (ks == null) {
|
|
ks = KeyStore.getInstance(KS_TYPE, provider);
|
|
ks.load(null, tokenPwd);
|
|
}
|
|
|
|
// delete all old aliases
|
|
Enumeration enu = ks.aliases();
|
|
int count = 0;
|
|
while (enu.hasMoreElements()) {
|
|
String next = (String)enu.nextElement();
|
|
ks.deleteEntry(next);
|
|
System.out.println("deleted entry for: " + next);
|
|
}
|
|
|
|
// set good ske 1
|
|
ks.setKeyEntry("sk1", sk1, null, null);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// set good ske 2
|
|
ks.setKeyEntry("sk2", sk2, null, null);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// getEntry good ske 1
|
|
KeyStore.SecretKeyEntry ske =
|
|
(KeyStore.SecretKeyEntry)ks.getEntry("sk1", null);
|
|
if ("DES".equals(ske.getSecretKey().getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected DES, got " + ske.getSecretKey().getAlgorithm());
|
|
}
|
|
|
|
// getEntry good ske 2
|
|
ske = (KeyStore.SecretKeyEntry)ks.getEntry("sk2", null);
|
|
if ("DESede".equals(ske.getSecretKey().getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected DESede, got " + ske.getSecretKey().getAlgorithm());
|
|
}
|
|
|
|
// getKey good ske 1
|
|
SecretKey skey = (SecretKey)ks.getKey("sk1", null);
|
|
if ("DES".equals(skey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected DES, got " + skey.getAlgorithm());
|
|
}
|
|
|
|
// getKey good ske 2
|
|
skey = (SecretKey)ks.getKey("sk2", null);
|
|
if ("DESede".equals(skey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected DESede, got " + skey.getAlgorithm());
|
|
}
|
|
|
|
// aliases
|
|
enu = ks.aliases();
|
|
count = 0;
|
|
while (enu.hasMoreElements()) {
|
|
count++;
|
|
System.out.println("alias " +
|
|
count +
|
|
" = " +
|
|
(String)enu.nextElement());
|
|
}
|
|
if (count == 2) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected 2 aliases");
|
|
}
|
|
|
|
// size
|
|
if (ks.size() == 2) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected size 2");
|
|
}
|
|
|
|
// isCertificateEntry sk1
|
|
if (!ks.isCertificateEntry("sk1")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected ske");
|
|
}
|
|
|
|
// isKeyEntry sk1
|
|
if (ks.isKeyEntry("sk1")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected ske");
|
|
}
|
|
|
|
// entryInstanceOf sk2
|
|
if (ks.entryInstanceOf("sk2", KeyStore.SecretKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected ske");
|
|
}
|
|
|
|
return testnum;
|
|
}
|
|
|
|
private static int setAttribute(int testnum) throws Exception {
|
|
|
|
if (ks == null) {
|
|
ks = KeyStore.getInstance(KS_TYPE, provider);
|
|
ks.load(null, tokenPwd);
|
|
}
|
|
|
|
if (!ks.containsAlias("pk1")) {
|
|
// set good pke 1
|
|
ks.setKeyEntry("pk1", pk1, null, chain1);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
}
|
|
|
|
// delete all old aliases except pk1
|
|
Enumeration enu = ks.aliases();
|
|
int count = 0;
|
|
while (enu.hasMoreElements()) {
|
|
String next = (String)enu.nextElement();
|
|
if (!"pk1".equals(next)) {
|
|
ks.deleteEntry(next);
|
|
System.out.println("deleted entry for: " + next);
|
|
}
|
|
}
|
|
|
|
KeyStore.PrivateKeyEntry pke =
|
|
(KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
|
|
System.out.println("pk1 = " + pke.getPrivateKey());
|
|
Certificate[] chain = pke.getCertificateChain();
|
|
if (chain.length != chain1.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain1[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
/**
|
|
* test change alias only
|
|
*/
|
|
|
|
// test C_SetAttribute
|
|
PrivateKey pkey = pke.getPrivateKey();
|
|
ks.setEntry("pk1SA",
|
|
new KeyStore.PrivateKeyEntry(pkey, chain1),
|
|
null);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// aliases
|
|
enu = ks.aliases();
|
|
count = 0;
|
|
String newAlias = null;
|
|
while (enu.hasMoreElements()) {
|
|
count++;
|
|
newAlias = (String)enu.nextElement();
|
|
System.out.println("alias " +
|
|
count +
|
|
" = " +
|
|
newAlias);
|
|
}
|
|
if (count == 1 && "pk1SA".equals(newAlias)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected 1 alias");
|
|
}
|
|
|
|
// size
|
|
if (ks.size() == 1) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected size 1");
|
|
}
|
|
|
|
pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
|
|
if (pke != null) {
|
|
throw new SecurityException("expected not to find pk1");
|
|
}
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1SA", null);
|
|
System.out.println("pk1SA = " + pke.getPrivateKey());
|
|
chain = pke.getCertificateChain();
|
|
if (chain.length != chain1.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain1[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
/**
|
|
* test change cert chain
|
|
*/
|
|
|
|
pkey = pke.getPrivateKey();
|
|
ks.setEntry("pk1SA-2",
|
|
new KeyStore.PrivateKeyEntry(pkey, chain4),
|
|
null);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// aliases
|
|
enu = ks.aliases();
|
|
count = 0;
|
|
newAlias = null;
|
|
while (enu.hasMoreElements()) {
|
|
count++;
|
|
newAlias = (String)enu.nextElement();
|
|
System.out.println("alias " +
|
|
count +
|
|
" = " +
|
|
newAlias);
|
|
}
|
|
if (count == 1 && "pk1SA-2".equals(newAlias)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected 1 alias");
|
|
}
|
|
|
|
// size
|
|
if (ks.size() == 1) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected size 1");
|
|
}
|
|
|
|
pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1SA", null);
|
|
if (pke != null) {
|
|
throw new SecurityException("expected not to find pk1SA");
|
|
}
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1SA-2", null);
|
|
System.out.println("pk1SA-2 = " + pke.getPrivateKey());
|
|
chain = pke.getCertificateChain();
|
|
if (chain.length != chain4.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain4[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
return testnum;
|
|
}
|
|
|
|
private static int pkey(int testnum) throws Exception {
|
|
|
|
if (ks == null) {
|
|
ks = KeyStore.getInstance(KS_TYPE, provider);
|
|
ks.load(null, tokenPwd);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
}
|
|
|
|
// check instance
|
|
if (ks.getProvider() instanceof java.security.AuthProvider) {
|
|
System.out.println("keystore provider instance of AuthProvider");
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("did not get AuthProvider KeyStore");
|
|
}
|
|
|
|
// delete all old aliases
|
|
Enumeration enu = ks.aliases();
|
|
int count = 0;
|
|
while (enu.hasMoreElements()) {
|
|
String next = (String)enu.nextElement();
|
|
ks.deleteEntry(next);
|
|
System.out.println("deleted entry for: " + next);
|
|
}
|
|
|
|
// set good pke 1
|
|
ks.setKeyEntry("pk1", pk1, null, chain1);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// set good pke 2
|
|
ks.setEntry("pk2",
|
|
new KeyStore.PrivateKeyEntry(pk2, chain2),
|
|
null);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// getEntry good pke 1
|
|
KeyStore.PrivateKeyEntry pke =
|
|
(KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
|
|
System.out.println("pk1 = " + pke.getPrivateKey());
|
|
Certificate[] chain = pke.getCertificateChain();
|
|
if (chain.length != chain1.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain1[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
|
|
// getKey good pke 1
|
|
PrivateKey pkey = (PrivateKey)ks.getKey("pk1", null);
|
|
System.out.println("pk1 = " + pkey);
|
|
if ("RSA".equals(pkey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected RSA, got " + pkey.getAlgorithm());
|
|
}
|
|
|
|
// getCertificate chain chain 1
|
|
chain = ks.getCertificateChain("pk1");
|
|
if (chain.length != chain1.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain1[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// getEntry good pke 2
|
|
pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk2", null);
|
|
if ("RSA".equals(pke.getPrivateKey().getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected RSA, got " + pke.getPrivateKey().getAlgorithm());
|
|
}
|
|
System.out.println("pk2 = " + pke.getPrivateKey());
|
|
chain = pke.getCertificateChain();
|
|
if (chain.length != chain2.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain2[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
|
|
// getKey good pke 2
|
|
pkey = (PrivateKey)ks.getKey("pk2", null);
|
|
if ("RSA".equals(pkey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected RSA, got " + pkey.getAlgorithm());
|
|
}
|
|
|
|
// getCertificate chain chain 2
|
|
chain = ks.getCertificateChain("pk2");
|
|
if (chain.length != chain2.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain2[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// aliases
|
|
enu = ks.aliases();
|
|
count = 0;
|
|
while (enu.hasMoreElements()) {
|
|
count++;
|
|
System.out.println("alias " +
|
|
count +
|
|
" = " +
|
|
(String)enu.nextElement());
|
|
}
|
|
if (count == 2) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected 2 aliases");
|
|
}
|
|
|
|
// size
|
|
if (ks.size() == 2) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected size 2");
|
|
}
|
|
|
|
// getCertificate
|
|
if (ks.getCertificate("pk1").equals(chain1[0])) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected certificate pk1 end entity");
|
|
}
|
|
|
|
// containsAlias
|
|
if (ks.containsAlias("pk1") && ks.containsAlias("pk2") &&
|
|
!ks.containsAlias("foobar") &&
|
|
!ks.containsAlias("pk1.2") && !ks.containsAlias("pk2.2")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("unexpected aliases encountered");
|
|
}
|
|
|
|
// isKeyEntry
|
|
if (ks.isKeyEntry("pk1") && ks.isKeyEntry("pk2") &&
|
|
!ks.isKeyEntry("foobar")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("isKeyEntry failed");
|
|
}
|
|
|
|
// isCertificateEntry
|
|
if (!ks.isCertificateEntry("foobar") &&
|
|
!ks.isCertificateEntry("pk1") && !ks.isCertificateEntry("pk2")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("isCertificateEntry failed");
|
|
}
|
|
|
|
// getCertificateAlias
|
|
if (ks.getCertificateAlias(chain1[0]).equals("pk1") &&
|
|
ks.getCertificateAlias(chain2[0]).equals("pk2") &&
|
|
ks.getCertificateAlias(randomCert) == null) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("getCertificateAlias failed");
|
|
}
|
|
|
|
if (ks.entryInstanceOf("pk1", KeyStore.PrivateKeyEntry.class) &&
|
|
ks.entryInstanceOf("pk2", KeyStore.PrivateKeyEntry.class) &&
|
|
!ks.entryInstanceOf("pk1", KeyStore.TrustedCertificateEntry.class) &&
|
|
!ks.entryInstanceOf("pk2", KeyStore.TrustedCertificateEntry.class) &&
|
|
!ks.entryInstanceOf("foobar", KeyStore.TrustedCertificateEntry.class) &&
|
|
!ks.entryInstanceOf("foobar", KeyStore.PrivateKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("entryInstanceOf failed");
|
|
}
|
|
|
|
ks.deleteEntry("pk2");
|
|
if (ks.containsAlias("pk1") && !ks.containsAlias("pk2")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("deleteEntry failed");
|
|
}
|
|
|
|
// getEntry good pke 1
|
|
pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
|
|
System.out.println("pk1 = " + pke.getPrivateKey());
|
|
chain = pke.getCertificateChain();
|
|
if (chain.length != chain1.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain1[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// aliases
|
|
enu = ks.aliases();
|
|
count = 0;
|
|
while (enu.hasMoreElements()) {
|
|
count++;
|
|
System.out.println("alias " +
|
|
count +
|
|
" = " +
|
|
(String)enu.nextElement());
|
|
}
|
|
if (count == 1) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected 1 alias");
|
|
}
|
|
|
|
// size
|
|
if (ks.size() == 1) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected size 1");
|
|
}
|
|
|
|
return testnum;
|
|
}
|
|
|
|
private static int extended(int testnum) throws Exception {
|
|
|
|
// setEntry unknown entry type
|
|
try {
|
|
ks.setEntry("foo", new FooEntry(), null);
|
|
throw new SecurityException("setEntry should have failed");
|
|
} catch (KeyStoreException kse) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
}
|
|
|
|
// getEntry random foo
|
|
if (ks.getEntry("foo", null) != null) {
|
|
throw new SecurityException("expected null entry");
|
|
} else {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
}
|
|
|
|
// set good ske 1
|
|
ks.setKeyEntry("sk1", sk1, null, null);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// set good ske 2
|
|
ks.setKeyEntry("sk2", sk2, null, null);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// set good ske 3
|
|
ks.setEntry("sk3",
|
|
new KeyStore.SecretKeyEntry(sk3),
|
|
null);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// set good ske 4
|
|
ks.setEntry("sk4",
|
|
new KeyStore.SecretKeyEntry(sk4),
|
|
null);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// getEntry good ske 1
|
|
KeyStore.SecretKeyEntry ske =
|
|
(KeyStore.SecretKeyEntry)ks.getEntry("sk1", null);
|
|
if ("DES".equals(ske.getSecretKey().getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected DES, got " + ske.getSecretKey().getAlgorithm());
|
|
}
|
|
|
|
// getEntry good ske 2
|
|
ske = (KeyStore.SecretKeyEntry)ks.getEntry("sk2", null);
|
|
if ("DESede".equals(ske.getSecretKey().getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected DESede, got " + ske.getSecretKey().getAlgorithm());
|
|
}
|
|
|
|
// getEntry good ske 3
|
|
ske = (KeyStore.SecretKeyEntry)ks.getEntry("sk3", null);
|
|
if ("AES".equals(ske.getSecretKey().getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected AES, got " + ske.getSecretKey().getAlgorithm());
|
|
}
|
|
|
|
// getEntry good ske 4
|
|
ske = (KeyStore.SecretKeyEntry)ks.getEntry("sk4", null);
|
|
if ("ARCFOUR".equals(ske.getSecretKey().getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected ARCFOUR, got " + ske.getSecretKey().getAlgorithm());
|
|
}
|
|
|
|
// getKey good ske 1
|
|
SecretKey skey = (SecretKey)ks.getKey("sk1", null);
|
|
if ("DES".equals(skey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected DES, got " + skey.getAlgorithm());
|
|
}
|
|
|
|
// getKey good ske 2
|
|
skey = (SecretKey)ks.getKey("sk2", null);
|
|
if ("DESede".equals(skey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected DESede, got " + skey.getAlgorithm());
|
|
}
|
|
|
|
// getKey good ske 3
|
|
skey = (SecretKey)ks.getKey("sk3", null);
|
|
if ("AES".equals(skey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected AES, got " + skey.getAlgorithm());
|
|
}
|
|
|
|
// getKey good ske 4
|
|
skey = (SecretKey)ks.getKey("sk4", null);
|
|
if ("ARCFOUR".equals(skey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected ARCFOUR, got " + skey.getAlgorithm());
|
|
}
|
|
|
|
// aliases
|
|
Enumeration enu = ks.aliases();
|
|
int count = 0;
|
|
while (enu.hasMoreElements()) {
|
|
count++;
|
|
System.out.println("alias " +
|
|
count +
|
|
" = " +
|
|
(String)enu.nextElement());
|
|
}
|
|
if (count == 5) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected 5 aliases");
|
|
}
|
|
|
|
// size
|
|
if (ks.size() == 5) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected size 5");
|
|
}
|
|
|
|
// set good pke 2
|
|
ks.setEntry("pk2",
|
|
new KeyStore.PrivateKeyEntry(pk2, chain2),
|
|
null);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// set good pke 3
|
|
ks.setEntry("pk3",
|
|
new KeyStore.PrivateKeyEntry(pk3, chain3),
|
|
null);
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// getEntry good pke 1
|
|
KeyStore.PrivateKeyEntry pke =
|
|
(KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
|
|
System.out.println("pk1 = " + pke.getPrivateKey());
|
|
Certificate[] chain = pke.getCertificateChain();
|
|
if (chain.length != chain1.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain1[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
|
|
// getEntry good pke 2
|
|
pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk2", null);
|
|
System.out.println("pk2 = " + pke.getPrivateKey());
|
|
chain = pke.getCertificateChain();
|
|
if (chain.length != chain2.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain2[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
|
|
// getEntry good pke 3
|
|
pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk3", null);
|
|
System.out.println("pk3 = " + pke.getPrivateKey());
|
|
chain = pke.getCertificateChain();
|
|
if (chain.length != chain3.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain3[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
|
|
// getKey good pke 1
|
|
PrivateKey pkey = (PrivateKey)ks.getKey("pk1", null);
|
|
if ("RSA".equals(pkey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected RSA, got " + pkey.getAlgorithm());
|
|
}
|
|
|
|
// getCertificate chain chain 1
|
|
chain = ks.getCertificateChain("pk1");
|
|
if (chain.length != chain1.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain1[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
|
|
// getKey good pke 2
|
|
pkey = (PrivateKey)ks.getKey("pk2", null);
|
|
if ("RSA".equals(pkey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected RSA, got " + pkey.getAlgorithm());
|
|
}
|
|
|
|
// getCertificate chain chain 2
|
|
chain = ks.getCertificateChain("pk2");
|
|
if (chain.length != chain2.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain2[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
|
|
// getKey good pke 3
|
|
pkey = (PrivateKey)ks.getKey("pk3", null);
|
|
if ("RSA".equals(pkey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected RSA, got " + pkey.getAlgorithm());
|
|
}
|
|
|
|
// getCertificate chain chain 3
|
|
chain = ks.getCertificateChain("pk3");
|
|
if (chain.length != chain3.length) {
|
|
throw new SecurityException("received chain not correct length");
|
|
}
|
|
for (int i = 0; i < chain.length; i++) {
|
|
if (!chain[i].equals(chain3[i])) {
|
|
throw new SecurityException("received chain not equal");
|
|
}
|
|
}
|
|
|
|
// aliases
|
|
enu = ks.aliases();
|
|
count = 0;
|
|
while (enu.hasMoreElements()) {
|
|
count++;
|
|
System.out.println("alias " +
|
|
count +
|
|
" = " +
|
|
(String)enu.nextElement());
|
|
}
|
|
if (count == 7) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected 7 aliases");
|
|
}
|
|
|
|
// size
|
|
if (ks.size() == 7) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected size 7");
|
|
}
|
|
|
|
// getCertificate good chain 1
|
|
if (ks.getCertificate("pk1").equals(chain1[0])) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("retrieved cert not equal");
|
|
}
|
|
|
|
// getCertificate good chain 3
|
|
if (ks.getCertificate("pk3").equals(chain3[0])) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("retrieved cert not equal");
|
|
}
|
|
|
|
// getKey good ske 1
|
|
skey = (SecretKey)ks.getKey("sk1", null);
|
|
if ("DES".equals(skey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected DES, got " + skey.getAlgorithm());
|
|
}
|
|
|
|
// getKey good ske 4
|
|
skey = (SecretKey)ks.getKey("sk4", null);
|
|
if ("ARCFOUR".equals(skey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected ARCFOUR, got " + skey.getAlgorithm());
|
|
}
|
|
|
|
// getKey good pke 1
|
|
pkey = (PrivateKey)ks.getKey("pk1", null);
|
|
if ("RSA".equals(pkey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected RSA, got " + pkey.getAlgorithm());
|
|
}
|
|
|
|
// getKey good pke 3
|
|
pkey = (PrivateKey)ks.getKey("pk3", null);
|
|
if ("RSA".equals(pkey.getAlgorithm())) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException
|
|
("expected RSA, got " + pkey.getAlgorithm());
|
|
}
|
|
|
|
// contains alias
|
|
if (!ks.containsAlias("pk1") ||
|
|
!ks.containsAlias("pk2") ||
|
|
!ks.containsAlias("pk3") ||
|
|
!ks.containsAlias("sk1") ||
|
|
!ks.containsAlias("sk2") ||
|
|
!ks.containsAlias("sk3") ||
|
|
!ks.containsAlias("sk4")) {
|
|
throw new SecurityException("did not contain all aliases");
|
|
}
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// getCertificateAlias pk1
|
|
if (ks.getCertificateAlias(chain1[0]).equals("pk1")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected cert pk1");
|
|
}
|
|
|
|
// getCertificateAlias pk3
|
|
if (ks.getCertificateAlias(chain3[0]).equals("pk3")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected cert pk3");
|
|
}
|
|
|
|
// isCertificateEntry pk1
|
|
if (!ks.isCertificateEntry("pk1")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected pke");
|
|
}
|
|
|
|
// isCertificateEntry pk3
|
|
if (!ks.isCertificateEntry("pk3")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected pke");
|
|
}
|
|
|
|
// isCertificateEntry sk1
|
|
if (!ks.isCertificateEntry("sk1")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected ske");
|
|
}
|
|
|
|
// isCertificateEntry sk4
|
|
if (!ks.isCertificateEntry("sk4")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected ske");
|
|
}
|
|
|
|
// isKeyEntry pk1
|
|
if (ks.isKeyEntry("pk1")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected pke");
|
|
}
|
|
|
|
// isKeyEntry pk3
|
|
if (ks.isKeyEntry("pk3")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected pke");
|
|
}
|
|
|
|
// isKeyEntry sk1
|
|
if (ks.isKeyEntry("sk1")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected ske");
|
|
}
|
|
|
|
// isKeyEntry sk4
|
|
if (ks.isKeyEntry("sk4")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected ske");
|
|
}
|
|
|
|
// isCertificateEntry random foo
|
|
if (!ks.isCertificateEntry("foo")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected foo");
|
|
}
|
|
|
|
// isKeyEntry random foo
|
|
if (!ks.isKeyEntry("foo")) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected foo");
|
|
}
|
|
|
|
// entryInstanceOf pk1
|
|
if (!ks.entryInstanceOf
|
|
("pk1", KeyStore.TrustedCertificateEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected tce");
|
|
}
|
|
|
|
// entryInstanceOf pk3
|
|
if (!ks.entryInstanceOf
|
|
("pk3", KeyStore.TrustedCertificateEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected tce");
|
|
}
|
|
|
|
// entryInstanceOf sk1
|
|
if (!ks.entryInstanceOf
|
|
("sk1", KeyStore.TrustedCertificateEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected tce");
|
|
}
|
|
|
|
// entryInstanceOf sk4
|
|
if (!ks.entryInstanceOf
|
|
("sk4", KeyStore.TrustedCertificateEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected tce");
|
|
}
|
|
|
|
// entryInstanceOf pk1
|
|
if (ks.entryInstanceOf("pk1", KeyStore.PrivateKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected pke");
|
|
}
|
|
|
|
// entryInstanceOf pk3
|
|
if (ks.entryInstanceOf("pk3", KeyStore.PrivateKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected pke");
|
|
}
|
|
|
|
// entryInstanceOf sk1
|
|
if (!ks.entryInstanceOf("sk1", KeyStore.PrivateKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected pke");
|
|
}
|
|
|
|
// entryInstanceOf sk4
|
|
if (!ks.entryInstanceOf("sk4", KeyStore.PrivateKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected pke");
|
|
}
|
|
|
|
// entryInstanceOf sk1
|
|
if (ks.entryInstanceOf("sk1", KeyStore.SecretKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected ske");
|
|
}
|
|
|
|
// entryInstanceOf sk4
|
|
if (ks.entryInstanceOf("sk4", KeyStore.SecretKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected ske");
|
|
}
|
|
|
|
// entryInstanceOf pk1
|
|
if (!ks.entryInstanceOf("pk1", KeyStore.SecretKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected ske");
|
|
}
|
|
|
|
// entryInstanceOf pk3
|
|
if (!ks.entryInstanceOf("pk3", KeyStore.SecretKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected ske");
|
|
}
|
|
|
|
// getEntry random foobar
|
|
if (ks.getEntry("foobar", null) != null) {
|
|
throw new SecurityException("expected null entry");
|
|
} else {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
}
|
|
|
|
// deleteEntry
|
|
ks.deleteEntry("pk1");
|
|
ks.deleteEntry("pk3");
|
|
ks.deleteEntry("sk2");
|
|
ks.deleteEntry("sk3");
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
// aliases
|
|
enu = ks.aliases();
|
|
count = 0;
|
|
while (enu.hasMoreElements()) {
|
|
count++;
|
|
System.out.println("alias " +
|
|
count +
|
|
" = " +
|
|
(String)enu.nextElement());
|
|
}
|
|
if (count == 3) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected 3 aliases");
|
|
}
|
|
|
|
// size
|
|
if (ks.size() == 3) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected size 6");
|
|
}
|
|
|
|
// entryInstanceOf sk1
|
|
if (!ks.entryInstanceOf("sk1", KeyStore.PrivateKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected pke");
|
|
}
|
|
|
|
// entryInstanceOf sk4
|
|
if (!ks.entryInstanceOf("sk4", KeyStore.PrivateKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected pke");
|
|
}
|
|
|
|
// entryInstanceOf pk2
|
|
if (ks.entryInstanceOf("pk2", KeyStore.PrivateKeyEntry.class)) {
|
|
System.out.println("test " + testnum++ + " passed");
|
|
} else {
|
|
throw new SecurityException("expected pke");
|
|
}
|
|
System.out.println("test " + testnum++ + " passed");
|
|
|
|
return testnum;
|
|
}
|
|
}
|