J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | <html> |
| 2 | <body> |
| 3 | |
| 4 | <applet width=100 height=100 code=i18n.class> |
| 5 | </applet> |
| 6 | |
| 7 | This is a multi-stage test. Click on "done" when you have completed |
| 8 | reading these instructions. For each instruction, make sure the output |
| 9 | from keytool is correct (you can read everything in english fine). |
| 10 | |
| 11 | <ol> |
| 12 | <li> rm ~/.keystore |
| 13 | If you are on a Windows platform, delete the .keystore file in |
| 14 | your home directory. |
| 15 | <li> keytool -help |
| 16 | <li> keytool -genkey -v -keysize 512 |
| 17 | Enter "a" for the keystore password. Check error (password too short). |
| 18 | Enter "password" for the keystore password. |
| 19 | Re-enter "password" to confirm. |
| 20 | Hit 'return' for "first and last name", "organizational unit", |
| 21 | "organization", "City", "State", and "Country Code". |
| 22 | Type "yes" when they ask you if everything is correct. |
| 23 | Type 'return' for new key password. |
| 24 | <li> keytool -list -v -storepass password |
| 25 | <li> keytool -list -v |
| 26 | Type "a" for the keystore password. |
| 27 | Check error (wrong keystore password). |
| 28 | <li> keytool -genkey -v -keysize 512 |
| 29 | Enter "password" as the password. |
| 30 | Check error (alias 'mykey' already exists). |
| 31 | <li> keytool -genkey -v -keysize 512 -alias mykey2 -storepass password |
| 32 | Hit 'return' for "first and last name", "organizational unit", |
| 33 | "organization", "City", "State", and "Country Code". |
| 34 | Type "yes" when they ask you if everything is correct. |
| 35 | Type 'return' for new key password. |
| 36 | <li> keytool -list -v |
| 37 | Type 'password' for the store password. |
| 38 | <li> keytool -keypasswd -v -alias mykey2 -storepass password |
| 39 | Type "a" for the new key password. |
| 40 | Type "aaaaaa" for the new key password. |
| 41 | Type "bbbbbb" when re-entering the new key password. |
| 42 | Type "a" for the new key password. |
| 43 | Check Error (too many failures). |
| 44 | <li> keytool -keypasswd -v -alias mykey2 -storepass password |
| 45 | Type "aaaaaa" for the new key password. |
| 46 | Type "aaaaaa" when re-entering the new key password. |
| 47 | <li> keytool -selfcert -v -alias mykey -storepass password |
| 48 | <li> keytool -list -v -storepass password |
| 49 | <li> keytool -export -v -alias mykey -file /tmp/cert -storepass password |
| 50 | <li> keytool -import -v -file /tmp/cert -storepass password |
| 51 | Check error (Certificate reply and cert are the same) |
| 52 | <li> keytool -printcert -file /tmp/cert |
| 53 | <li> keytool -list -storepass password -provider sun.security.provider.Sun |
| 54 | </ol> |
| 55 | |
| 56 | Error tests |
| 57 | |
| 58 | <ol> |
| 59 | <li> keytool -storepasswd -storepass password -new abc |
| 60 | Check error (password too short) |
| 61 | <!--li> keytool -list -storetype PKCS11 |
| 62 | Check error (-keystore must be NONE)--> |
| 63 | <li> keytool -storepasswd -storetype PKCS11 -keystore NONE |
| 64 | Check error (unsupported operation) |
| 65 | <li> keytool -keypasswd -storetype PKCS11 -keystore NONE |
| 66 | Check error (unsupported operation) |
| 67 | <li> keytool -list -protected -storepass password |
| 68 | Check error (password can not be specified with -protected) |
| 69 | <li> keytool -keypasswd -protected -keypass password |
| 70 | Check error (password can not be specified with -protected) |
| 71 | <li> keytool -keypasswd -protected -new password |
| 72 | Check error (password can not be specified with -protected) |
| 73 | </ol> |
| 74 | |
| 75 | MSCAPI tests (Only run on Windows) |
| 76 | |
| 77 | <ol> |
| 78 | <li>keytool -storetype Windows-MY -list |
| 79 | should list entries (may be 0) without asking for password |
| 80 | should not show ****** WARNING WARNING WARNING ****** lines |
| 81 | <li>keytool -storetype Windows-MY -list -keystore NONE |
| 82 | should list entries without asking for password |
| 83 | <li>keytool -storetype Windows-MY -list -keystore other |
| 84 | Error: storetype must be NONE |
| 85 | <li>keytool -storetype Windows-MY -list -storepass changeit |
| 86 | Error: storepass cannot be specfied |
| 87 | <li>keytool -storetype Windows-MY -list -storepasswd |
| 88 | Error: storepasswd not supported |
| 89 | </ol> |
| 90 | |
| 91 | PKCS#11 tests |
| 92 | |
| 93 | <ol> |
| 94 | <li> sccs edit cert8.db key3.db |
| 95 | |
| 96 | <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -genkey -alias genkey -dname cn=genkey -keysize 512 -keyalg rsa |
| 97 | <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list |
| 98 | <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list -alias genkey |
| 99 | <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -certreq -alias genkey -file genkey.certreq |
| 100 | <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -export -alias genkey -file genkey.cert |
| 101 | <li> keytool -printcert -file genkey.cert |
| 102 | <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -selfcert -alias genkey -dname cn=selfCert |
| 103 | |
| 104 | <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list -alias genkey -v |
| 105 | (check that cert subject DN is [cn=selfCert]) |
| 106 | |
| 107 | <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -delete -alias genkey |
| 108 | <li> keytool -keystore NONE -storepass test12 -storetype PKCS11 -providerName SunPKCS11-nss -providerClass sun.security.pkcs11.SunPKCS11 -providerArg p11-nss.txt -list |
| 109 | (check for empty database listing) |
| 110 | |
| 111 | <li> sccs unedit cert8.db key3.db |
| 112 | |
| 113 | </ol> |
| 114 | |
| 115 | If all the output (english) is correct, then the test passed. |
| 116 | Otherwise, the test failed. |
| 117 | |
| 118 | Press "Pass" if ... press "Fail" otherwise. |
| 119 | |
| 120 | </body> |
| 121 | </html> |