Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / oj-libjdwp / 0d058230cf23943d0662a6eb70c3d42e75656e78 / . / test / sun / security / pkcs12 / PKCS12SameKeyId.java
blob: f65292aeba1dfa6d403432f9f51cd05a17fb1afb [file] [log] [blame]
weijun73ed4182010-06-24 14:26:22 +0800[diff] [blame]1/*
alanb0d058232012-11-02 15:50:11 +0000[diff] [blame^]2 * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
weijun73ed4182010-06-24 14:26:22 +0800[diff] [blame]3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/*
25 * @test
26 * @bug 6958026
27 * @summary Problem with PKCS12 keystore
sflores89a62292012-10-14 22:58:59 +0100[diff] [blame]28 * @compile -XDignore.symbol.file PKCS12SameKeyId.java
29 * @run main PKCS12SameKeyId
weijun73ed4182010-06-24 14:26:22 +0800[diff] [blame]30 */
31
32import java.io.File;
33import java.io.FileInputStream;
34import java.io.FileOutputStream;
35import java.security.AlgorithmParameters;
36import java.security.KeyStore;
37import java.security.cert.Certificate;
38import java.security.cert.X509Certificate;
39import javax.crypto.Cipher;
40import javax.crypto.SecretKey;
41import javax.crypto.SecretKeyFactory;
42import javax.crypto.spec.PBEKeySpec;
43import javax.crypto.spec.PBEParameterSpec;
44import sun.security.pkcs.EncryptedPrivateKeyInfo;
weijun73ed4182010-06-24 14:26:22 +0800[diff] [blame]45import sun.security.util.ObjectIdentifier;
46import sun.security.x509.AlgorithmId;
47import sun.security.x509.X500Name;
48
49public class PKCS12SameKeyId {
50
51 private static final String JKSFILE = "PKCS12SameKeyId.jks";
52 private static final String P12FILE = "PKCS12SameKeyId.p12";
53 private static final char[] PASSWORD = "changeit".toCharArray();
54 private static final int SIZE = 10;
55
56 public static void main(String[] args) throws Exception {
57
58 // Prepare a JKS keystore with many entries
59 new File(JKSFILE).delete();
60 for (int i=0; i<SIZE; i++) {
61 System.err.print(".");
62 String cmd = "-keystore " + JKSFILE
63 + " -storepass changeit -keypass changeit "
64 + "-genkeypair -alias p" + i + " -dname CN=" + i;
sflores89a62292012-10-14 22:58:59 +0100[diff] [blame]65 sun.security.tools.keytool.Main.main(cmd.split(" "));
weijun73ed4182010-06-24 14:26:22 +0800[diff] [blame]66 }
67
68 // Prepare EncryptedPrivateKeyInfo parameters, copied from various
69 // places in PKCS12KeyStore.java
70 AlgorithmParameters algParams =
71 AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");
72 algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));
73 AlgorithmId algid = new AlgorithmId(
74 new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);
75
76 PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);
77 SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
78 SecretKey skey = skFac.generateSecret(keySpec);
79
80 Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
81 cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
82
83 // Pre-calculated keys and certs and aliases
84 byte[][] keys = new byte[SIZE][];
85 Certificate[][] certChains = new Certificate[SIZE][];
86 String[] aliases = new String[SIZE];
87
88 // Reads from JKS keystore and pre-calculate
89 KeyStore ks = KeyStore.getInstance("jks");
weijundff52e62011-08-12 12:26:31 +0800[diff] [blame]90 try (FileInputStream fis = new FileInputStream(JKSFILE)) {
91 ks.load(fis, PASSWORD);
92 }
weijun73ed4182010-06-24 14:26:22 +0800[diff] [blame]93 for (int i=0; i<SIZE; i++) {
94 aliases[i] = "p" + i;
95 byte[] enckey = cipher.doFinal(
96 ks.getKey(aliases[i], PASSWORD).getEncoded());
97 keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();
98 certChains[i] = ks.getCertificateChain(aliases[i]);
99 }
100
101 // Write into PKCS12 keystore. Use this overloaded version of
102 // setKeyEntry() to be as fast as possible, so that they would
103 // have same localKeyId.
104 KeyStore p12 = KeyStore.getInstance("pkcs12");
105 p12.load(null, PASSWORD);
106 for (int i=0; i<SIZE; i++) {
107 p12.setKeyEntry(aliases[i], keys[i], certChains[i]);
108 }
weijundff52e62011-08-12 12:26:31 +0800[diff] [blame]109 try (FileOutputStream fos = new FileOutputStream(P12FILE)) {
110 p12.store(fos, PASSWORD);
111 }
weijun73ed4182010-06-24 14:26:22 +0800[diff] [blame]112
113 // Check private keys still match certs
114 p12 = KeyStore.getInstance("pkcs12");
weijundff52e62011-08-12 12:26:31 +0800[diff] [blame]115 try (FileInputStream fis = new FileInputStream(P12FILE)) {
116 p12.load(fis, PASSWORD);
117 }
weijun73ed4182010-06-24 14:26:22 +0800[diff] [blame]118 for (int i=0; i<SIZE; i++) {
119 String a = "p" + i;
120 X509Certificate x = (X509Certificate)p12.getCertificate(a);
121 X500Name name = (X500Name)x.getSubjectDN();
122 if (!name.getCommonName().equals(""+i)) {
123 throw new Exception(a + "'s cert is " + name);
124 }
125 }
126 }
127}