Path: blob/master/test/jdk/sun/security/tools/keytool/JKStoPKCS12.java
41152 views
/*1* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 8010125 819298826* @summary keytool should support -storepasswd for pkcs12 keystores27* @library /test/lib28* @build jdk.test.lib.SecurityTools29* jdk.test.lib.Utils30* jdk.test.lib.Asserts31* jdk.test.lib.JDKToolFinder32* jdk.test.lib.JDKToolLauncher33* jdk.test.lib.Platform34* jdk.test.lib.process.*35* @run main JKStoPKCS1236*/3738import jdk.test.lib.Asserts;39import jdk.test.lib.SecurityTools;40import jdk.test.lib.process.OutputAnalyzer;4142import java.io.File;43import java.nio.file.Files;44import java.nio.file.Paths;45import java.security.KeyStore;46import java.util.Collections;4748public class JKStoPKCS12 {4950static String srcStorePass, srcKeyPass;5152public static void main(String[] args) throws Exception {5354// Part 1: JKS keystore with same storepass and keypass55genJKS("pass1111", "pass1111");5657// Change storepass, keypass also changes58convert("pass2222", null);59// You can keep storepass unchanged60convert("pass1111", null);61// Or change storepass and keypass both, explicitly62convert("pass2222", "pass2222");6364// Part 2: JKS keystore with different storepass and keypass65Files.delete(Paths.get("jks"));66genJKS("pass1111", "pass2222");6768// Can use old keypass as new storepass so new storepass and keypass are same69convert("pass2222", null);70// Or specify both storepass and keypass to brand new ones71convert("pass3333", "pass3333");72// Or change storepass, keypass also changes. Remember to provide srckeypass73convert("pass1111", null);74}7576// Generate JKS keystore with srcStorePass and srcKeyPass77static void genJKS(String storePass, String keyPass)78throws Exception {79srcStorePass = storePass;80srcKeyPass = keyPass;81kt("-genkeypair -keystore jks -storetype jks "82+ "-alias me -dname CN=Me -keyalg rsa "83+ "-storepass " + srcStorePass + " -keypass " + srcKeyPass)84.shouldHaveExitValue(0);85}8687// Convert JKS to PKCS12 with destStorePass and destKeyPass (optional)88static void convert(String destStorePass, String destKeyPass)89throws Exception {9091String cmd = "-importkeystore -noprompt"92+ " -srcstoretype jks -srckeystore jks"93+ " -destkeystore p12 -deststoretype pkcs12"94+ " -srcstorepass " + srcStorePass95+ " -deststorepass " + destStorePass;9697// Must import by alias (-srckeypass not available when importing all)98if (!srcStorePass.equals(srcKeyPass)) {99cmd += " -srcalias me";100cmd += " -srckeypass " + srcKeyPass;101}102if (destKeyPass != null) {103cmd += " -destkeypass " + destKeyPass;104}105106kt(cmd).shouldHaveExitValue(0);107108// Confirms the storepass and keypass are all correct109KeyStore.getInstance(new File("p12"), destStorePass.toCharArray())110.getKey("me", destStorePass.toCharArray());111112Files.delete(Paths.get("p12"));113}114115static OutputAnalyzer kt(String arg) throws Exception {116return SecurityTools.keytool(arg);117}118}119120121