Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/sun/security/tools/keytool/PKCS12Passwd.java
41152 views
1
/*

2
 * Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
/*

25
 * @test

26
 * @bug 8192988 8266220

27
 * @summary keytool should support -storepasswd for pkcs12 keystores

28
 * @library /test/lib

29
 * @build jdk.test.lib.SecurityTools

30
 *        jdk.test.lib.Utils

31
 *        jdk.test.lib.Asserts

32
 *        jdk.test.lib.JDKToolFinder

33
 *        jdk.test.lib.JDKToolLauncher

34
 *        jdk.test.lib.Platform

35
 *        jdk.test.lib.process.*

36
 * @run main PKCS12Passwd

37
 */

38


39
import jdk.test.lib.Asserts;

40
import jdk.test.lib.SecurityTools;

41
import jdk.test.lib.process.OutputAnalyzer;

42


43
import java.io.File;

44
import java.security.KeyStore;

45
import java.util.Collections;

46


47
public class PKCS12Passwd {

48


49
    public static void main(String[] args) throws Exception {

50


51
        // A PrivateKeyEntry

52
        kt("-genkeypair -alias a -dname CN=A -keyalg DSA")

53
                .shouldHaveExitValue(0);

54


55
        // A TrustedCertificateEntry (genkeypair, export, delete, import)

56
        kt("-genkeypair -alias b -dname CN=B -keyalg DSA")

57
                .shouldHaveExitValue(0);

58
        kt("-exportcert -alias b -file b.cert")

59
                .shouldHaveExitValue(0);

60
        kt("-delete -alias b")

61
                .shouldHaveExitValue(0);

62
        kt("-list -alias b")

63
                .shouldHaveExitValue(1);

64
        kt("-importcert -alias b -file b.cert -noprompt")

65
                .shouldHaveExitValue(0);

66


67
        // A SecretKeyEntry

68
        kt("-genseckey -keyalg AES -keysize 256 -alias c")

69
                .shouldHaveExitValue(0);

70


71
        // Change password

72


73
        // 1. Using -importkeystore

74
        ktFull("-importkeystore -srckeystore ks -destkeystore ks2 "

75
                + "-srcstoretype pkcs12 -deststoretype pkcs12 "

76
                + "-srcstorepass changeit -deststorepass newpass")

77
                .shouldHaveExitValue(0);

78


79
        check("ks2", "newpass", "newpass");

80


81
        // 2. Using -storepasswd

82
        kt("-storepasswd -new newpass")

83
                .shouldHaveExitValue(0)

84
                .shouldNotContain("Ignoring user-specified");

85


86
        check("ks", "newpass", "newpass");

87


88
        // Other facts. Not necessarily the correct thing.

89


90
        // A PKCS12 keystore can be loaded as a JKS, and it follows JKS rules

91
        // which means the storepass and keypass can be changed separately!

92


93
        ktFull("-genkeypair -alias a -dname CN=A -storetype pkcs12 -keyalg DSA "

94
                    + "-storepass changeit -keypass changeit -keystore p12")

95
                .shouldHaveExitValue(0);

96


97
        // Only storepass is changed

98
        ktFull("-storepasswd -storepass changeit -new newpass "

99
                    + "-keystore p12 -storetype jks")

100
                .shouldHaveExitValue(0);

101


102
        check("p12", "newpass", "changeit");

103


104
        // Only keypass is changed

105
        ktFull("-keypasswd -storepass newpass -keypass changeit -new newpass "

106
                + "-keystore p12 -storetype jks -alias a")

107
                .shouldHaveExitValue(0);

108


109
        check("p12", "newpass", "newpass");

110


111
        // Conversely, a JKS keystore can be laoded as a PKCS12, and it follows

112
        // PKCS12 rules that both passwords are changed at the same time and

113
        // some commands are rejected.

114


115
        ktFull("-genkeypair -alias a -dname CN=A -storetype jks -keyalg DSA "

116
                    + "-storepass changeit -keypass changeit -keystore jks")

117
                .shouldHaveExitValue(0);

118


119
        // Both storepass and keypass changed.

120
        ktFull("-storepasswd -storepass changeit -new newpass "

121
                        + "-keystore jks -storetype pkcs12")

122
                .shouldHaveExitValue(0);

123


124
        check("jks", "newpass", "newpass");

125


126
        // -keypasswd is not available for pkcs12

127
        ktFull("-keypasswd -storepass newpass -keypass newpass -new newerpass "

128
                + "-keystore jks -storetype pkcs12 -alias a")

129
                .shouldHaveExitValue(1);

130


131
        // but available for JKS

132
        ktFull("-keypasswd -storepass newpass -keypass newpass -new newerpass "

133
                + "-keystore jks -alias a")

134
                .shouldHaveExitValue(0);

135


136
        check("jks", "newpass", "newerpass");

137


138
        // A password-less keystore

139
        ktFull("-keystore nopass -genkeypair -keyalg EC "

140
                + "-storepass changeit -alias no -dname CN=no "

141
                + "-J-Dkeystore.pkcs12.certProtectionAlgorithm=NONE "

142
                + "-J-Dkeystore.pkcs12.macAlgorithm=NONE")

143
                .shouldHaveExitValue(0);

144


145
        ktFull("-keystore nopass -list")

146
                .shouldHaveExitValue(0)

147
                .shouldNotContain("Enter keystore password:");

148


149
        ktFull("-keystore nopass -list -storetype pkcs12")

150
                .shouldHaveExitValue(0)

151
                .shouldNotContain("Enter keystore password:");

152
    }

153


154
    // Makes sure we can load entries in a keystore

155
    static void check(String file, String storePass, String keyPass)

156
            throws Exception {

157


158
        KeyStore ks = KeyStore.getInstance(

159
                new File(file), storePass.toCharArray());

160


161
        for (String a : Collections.list(ks.aliases())) {

162
            if (ks.isCertificateEntry(a)) {

163
                ks.getCertificate(a);

164
            } else {

165
                ks.getEntry(a,

166
                        new KeyStore.PasswordProtection(keyPass.toCharArray()));

167
            }

168
        }

169
    }

170


171
    static OutputAnalyzer kt(String arg) throws Exception {

172
        return ktFull("-keystore ks -storepass changeit " + arg);

173
    }

174


175
    static OutputAnalyzer ktFull(String arg) throws Exception {

176
        return SecurityTools.keytool("-debug " + arg);

177
    }

178
}

179


180