Path: blob/master/test/jdk/java/security/KeyStore/TestKeyStoreBasic.java
41149 views
/*1* Copyright (c) 2001, 2021, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import java.io.BufferedInputStream;24import java.io.ByteArrayInputStream;25import java.io.ByteArrayOutputStream;26import java.io.IOException;27import java.io.InputStream;28import java.security.KeyFactory;29import java.security.KeyStore;30import java.security.KeyStoreException;31import java.security.NoSuchProviderException;32import java.security.PrivateKey;33import java.security.UnrecoverableKeyException;34import java.security.cert.Certificate;35import java.security.cert.CertificateFactory;36import java.security.spec.KeySpec;37import java.security.spec.PKCS8EncodedKeySpec;38import java.util.Base64;3940/*41* @test42* @bug 8048621 8133090 8167371 823667143* @summary Test basic operations with keystores (jks, jceks, pkcs12)44* @author Yu-Ching Valerie PENG45*/46public class TestKeyStoreBasic {4748private static final String PRIVATE_KEY_PKCS8_BASE64 = ""49+ "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCpyz97liuWPDYcLH9TX8BiT78o"50+ "lCmAfmevvch6ncXUVuCzbdaKuKXwn4EVbDszsVJLoK5zdtP+X3iDhutj+IgKmLhuczF3M9VIcWr+"51+ "JJUyTH4+3h/RT8cjCDZOmk9iXkb5ifruVsLqzb9g+Vp140Oz7leikne7KmclHvTfvFd0WDI7Gb9v"52+ "o4f5rT717BXJ/n+M6pNk8DLpLiEu6eziYvXRv5x+t5Go3x0eCXdaxEQUf2j876Wfr2qHRJK7lDfF"53+ "e1DDsMg/KpKGiILYZ+g2qtVMZSxtp5BZEtfB5qV/IE5kWO+mCIAGpXSZIdbERR6pZUq8GLEe1T9e"54+ "+sO6H24w2F19AgMBAAECggEBAId/12187dO6wUPCjumuJA1QrrBnbKdKONyai36uoc1Od4s5QFj7"55+ "+hEIeS7rbGNYQuBvnkgusAbzkW0FIpxpHce3EJez/emux6pEOKoP77BwMt9gy+txyu0+BHi91FQg"56+ "AGvrnQDO5EYVY4Cz/WjOsJzKu8zVLg+DS0Toa2qRFwmUe9mVAXPNOCZ3Oae/Q6tCDsaINNw0fmjj"57+ "jn6uohPbS+n6xENG3FkQXB36getXy310xTGED2J27cmAQH6gLR6Kl2iROzNPbbpBqbuemI9kbcld"58+ "EwBS1jRfZWeaPstYA1niVrE9UgUBzemnoh4TDkG076sYthHMr5QFGjPswnwtJ4ECgYEA0sURQ5+v"59+ "baH4tdaemI3qpnknXTlzSpuZZmAoyvY0Id0mlduwKwmZ3Y5989wHfnnhFfyNO4IkTKjI2Wp97qP5"60+ "4eqUNpA7FtNU7KUzMcFDTtwtNZuRYMrKlqo2lLbA+gVrAYpYZFL4b7tcwtX4DnYorDsmude6W8sG"61+ "4Mx2VdFJC9UCgYEAzjsdXCYH5doWUHb0dvn9ID7IikffEMRM720MRjrnnnVbpzx6ACntkPDNZg7p"62+ "TRE/mx7iBz81ZaUWE+V0wd0JvCHEdpAz3mksyvDFhU4Bgs6xzf2pSul5muhsx3hHcvvPezz5Bnxs"63+ "faJlzkxfwotyGmvWN15GA/pyfsZjsbbTpwkCgYAO6NnbysQCIV8SnegCKqfatt9N/O5m7LLhRxQb"64+ "p2bwrlA4cZ34rWkw/w9x3LK7A6wkfgUPnJkswxPSLXJTG05l6M4rPfCwIKr1Qopojp9QSMr569NQ"65+ "4YeLOOc7heIIzbFQHpU6I5Rncv2Q2sn9W+ZsqJKIuvX34FjQNiZ406EzMQKBgHSxOGS61D84DuZK"66+ "2Ps1awhC3kB4eHzJRms3vflDPWoJJ+pSKwpKrzUTPHXiPBqyhtYkPGszVeiE6CAr9sv3YZnFVaBs"67+ "6hyQUJsob+uE/w/gGvXe8VsFDx0bJOodYfhrCbTHBHWqE81nBcocpxayxsayfAzqWB3KKd0YLrMR"68+ "K2PZAoGAcZa8915R2m0KZ6HVJUt/JDR85jCbN71kcVDFY2XSFkOJvOdFoHNfRckfLzjq9Y2MSSTV"69+ "+QDWbDo2doUQCejJUTaN8nP79tfyir24X5uVPvQaeVoGTKYb+LfUqK0F60lStmjuddIGSZH55y3v"70+ "+9XjmxbVERtd1lqgQg3VlmKlEXY=";7172/*73* Certificate:74* Data:75* Version: 3 (0x2)76* Serial Number: 7 (0x7)77* Signature Algorithm: sha512WithRSAEncryption78* Issuer: CN=Root79* Validity80* Not Before: Sep 1 18:03:59 2015 GMT81* Not After : Jan 17 18:03:59 2043 GMT82* Subject: CN=EE83*/84private static final String CERTIFICATE = ""85+ "-----BEGIN CERTIFICATE-----\n"86+ "MIIDHTCCAgWgAwIBAgIBBzANBgkqhkiG9w0BAQ0FADAPMQ0wCwYDVQQDDARSb290\n"87+ "MB4XDTE1MDkwMTE4MDM1OVoXDTQzMDExNzE4MDM1OVowDTELMAkGA1UEAwwCRUUw\n"88+ "ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpyz97liuWPDYcLH9TX8Bi\n"89+ "T78olCmAfmevvch6ncXUVuCzbdaKuKXwn4EVbDszsVJLoK5zdtP+X3iDhutj+IgK\n"90+ "mLhuczF3M9VIcWr+JJUyTH4+3h/RT8cjCDZOmk9iXkb5ifruVsLqzb9g+Vp140Oz\n"91+ "7leikne7KmclHvTfvFd0WDI7Gb9vo4f5rT717BXJ/n+M6pNk8DLpLiEu6eziYvXR\n"92+ "v5x+t5Go3x0eCXdaxEQUf2j876Wfr2qHRJK7lDfFe1DDsMg/KpKGiILYZ+g2qtVM\n"93+ "ZSxtp5BZEtfB5qV/IE5kWO+mCIAGpXSZIdbERR6pZUq8GLEe1T9e+sO6H24w2F19\n"94+ "AgMBAAGjgYUwgYIwNAYDVR0fBC0wKzApoCegJYYjbGRhcDovL2xkYXAuaG9zdC5m\n"95+ "b3IuY3JsZHAvbWFpbi5jcmwwSgYIKwYBBQUHAQEEPjA8MDoGCCsGAQUFBzAChi5s\n"96+ "ZGFwOi8vbGRhcC5ob3N0LmZvci5haWEvZGM9Um9vdD9jQUNlcnRpZmljYXRlMA0G\n"97+ "CSqGSIb3DQEBDQUAA4IBAQBWDfZHpuUx0yn5d3+BuztFqoks1MkGdk+USlH0TB1/\n"98+ "gWWBd+4S4PCKlpSur0gj2rMW4fP5HQfNlHci8JV8/bG4KuKRAXW56dg1818Hl3pc\n"99+ "iIrUSRn8uUjH3p9qb+Rb/u3mmVQRyJjN2t/zceNsO8/+Dd808OB9aEwGs8lMT0nn\n"100+ "ZYaaAqYz1GIY/Ecyx1vfEZEQ1ljo6i/r70C3igbypBUShxSiGsleiVTLOGNA+MN1\n"101+ "/a/Qh0bkaQyTGqK3bwvzzMeQVqWu2EWTBD/PmND5ExkpRICdv8LBVXfLnpoBr4lL\n"102+ "hnxn9+e0Ah+t8dS5EKfn44w5bI5PCu2bqxs6RCTxNjcY\n"103+ "-----END CERTIFICATE-----\n";104105private static final char[] PASSWD2 = new char[] {106'b', 'o', 'r', 'e', 'd'107};108private static final char[] PASSWDK = "cannot be null"109.toCharArray();110private static final String[] KS_Type = {111"jks", "jceks", "pkcs12", "PKCS11KeyStore"112};113private static final String[] PROVIDERS = {114"SUN", "SunJCE", "SunJSSE"115};116private static final String ALIAS_HEAD = "test";117118private static final String CRYPTO_ALG = "PBEWithHmacSHA256AndAES_128";119120public static void main(String args[]) throws Exception {121TestKeyStoreBasic jstest = new TestKeyStoreBasic();122jstest.run();123}124125public void run() throws Exception {126for (String provider : PROVIDERS) {127runTest(provider);128System.out.println("Test with provider " + provider + " passed");129}130}131132public void runTest(String provider) throws Exception {133134// load private key135// all keystore types should support private keys136KeySpec spec = new PKCS8EncodedKeySpec(137Base64.getMimeDecoder().decode(PRIVATE_KEY_PKCS8_BASE64));138PrivateKey privateKey = KeyFactory.getInstance("RSA")139.generatePrivate(spec);140141// load x509 certificate142Certificate cert;143try (InputStream is = new BufferedInputStream(144new ByteArrayInputStream(CERTIFICATE.getBytes()))) {145cert = CertificateFactory.getInstance("X.509")146.generateCertificate(is);147}148149int numEntries = 5;150String type = null;151for (int i = 0; i < PROVIDERS.length; i++) {152if (provider.compareTo(PROVIDERS[i]) == 0) {153type = KS_Type[i];154break;155}156}157158System.out.printf("Test %s provider and %s keystore%n", provider, type);159KeyStore ks = KeyStore.getInstance(type, provider);160KeyStore ks2 = KeyStore.getInstance(type, ks.getProvider().getName());161162// create an empty key store163ks.load(null, null);164165// unit test - test with null password166try {167ks.setKeyEntry(ALIAS_HEAD, privateKey, null,168new Certificate[] { cert });169} catch (KeyStoreException e) {170if (!e.getMessage().contains("password can\'t be null")) {171throw new RuntimeException("Unexpected message:" + e.getMessage());172}173// expected174}175176// store the secret keys177for (int j = 0; j < numEntries; j++) {178ks.setKeyEntry(ALIAS_HEAD + j, privateKey, PASSWDK,179new Certificate[] { cert });180}181182// initialize the 2nd key store object with the 1st one183ByteArrayOutputStream baos = new ByteArrayOutputStream();184ks.store(baos, PASSWDK);185byte[] bArr = baos.toByteArray();186ByteArrayInputStream bais = new ByteArrayInputStream(bArr);187ks2.load(bais, null);188189// check 2nd key store type190checkType(ks2, type);191// check the existing aliases for the 2nd key store192checkAlias(ks2, numEntries);193194// compare the creation date of the 2 key stores for all aliases195compareCreationDate(ks, ks2, numEntries);196// remove the last entry from the 2nd key store197numEntries--;198ks2.deleteEntry(ALIAS_HEAD + numEntries);199200// re-initialize the 1st key store with the 2nd key store201baos.reset();202ks2.store(baos, PASSWD2);203bais = new ByteArrayInputStream(baos.toByteArray());204try {205// expect an exception since the password is incorrect206ks.load(bais, PASSWDK);207throw new RuntimeException(208"ERROR: passed the loading with incorrect password");209} catch (IOException ex) {210System.out.println("Expected exception: " + ex);211if (!causedBy(ex, UnrecoverableKeyException.class)) {212ex.printStackTrace(System.out);213throw new RuntimeException("Unexpected cause");214}215System.out.println("Expected cause: "216+ UnrecoverableKeyException.class.getName());217218bais.reset();219ks.load(bais, PASSWD2);220bais.reset();221ks.load(bais, null);222}223224// check key store type225checkType(ks, type);226227// check the existing aliases228checkAlias(ks, numEntries);229230// compare the creation date of the 2 key stores for all aliases231compareCreationDate(ks, ks2, numEntries);232233// check setEntry/getEntry with a password protection algorithm234if ("PKCS12".equalsIgnoreCase(ks.getType())) {235System.out.println(236"Skipping the setEntry/getEntry check for PKCS12 keystore...");237return;238}239String alias = ALIAS_HEAD + ALIAS_HEAD;240KeyStore.PasswordProtection pw =241new KeyStore.PasswordProtection(PASSWD2, CRYPTO_ALG, null);242KeyStore.PrivateKeyEntry entry =243new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{ cert });244checkSetEntry(ks, alias, pw, entry);245ks.setEntry(alias, entry, new KeyStore.PasswordProtection(PASSWD2));246checkGetEntry(ks, alias, pw);247}248249// check setEntry with a password protection algorithm250private void checkSetEntry(KeyStore ks, String alias,251KeyStore.PasswordProtection pw, KeyStore.Entry entry) throws Exception {252try {253ks.setEntry(alias, entry, pw);254throw new Exception(255"ERROR: expected KeyStore.setEntry to throw an exception");256} catch (KeyStoreException e) {257// ignore the expected exception258}259}260261// check getEntry with a password protection algorithm262private void checkGetEntry(KeyStore ks, String alias,263KeyStore.PasswordProtection pw) throws Exception {264try {265ks.getEntry(alias, pw);266throw new Exception(267"ERROR: expected KeyStore.getEntry to throw an exception");268} catch (KeyStoreException e) {269// ignore the expected exception270}271}272273// check key store type274private void checkType(KeyStore obj, String type) {275if (!obj.getType().equals(type)) {276throw new RuntimeException("ERROR: wrong key store type");277}278}279280// check the existing aliases281private void checkAlias(KeyStore obj, int range) throws KeyStoreException {282for (int k = 0; k < range; k++) {283if (!obj.containsAlias(ALIAS_HEAD + k)) {284throw new RuntimeException("ERROR: alias (" + k285+ ") should exist");286}287}288}289290// compare the creation dates - true if all the same291private void compareCreationDate(KeyStore o1, KeyStore o2, int range)292throws KeyStoreException {293String alias;294for (int k = 0; k < range; k++) {295alias = ALIAS_HEAD + k;296if (!o1.getCreationDate(alias).equals(o2.getCreationDate(alias))) {297throw new RuntimeException("ERROR: entry creation time (" + k298+ ") differs");299}300}301}302303// checks if an exception was caused by specified exception class304private static boolean causedBy(Exception e, Class klass) {305Throwable cause = e;306while ((cause = cause.getCause()) != null) {307if (cause.getClass().equals(klass)) {308return true;309}310}311return false;312}313314}315316317