/*
* Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import static java.lang.System.out;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.Enumeration;
/*
* @test
* @bug 8048619
* @author Bill Situ
* @summary Test converting keystore from jceks to P12 and from P12 to other
* (jceks,jks). including following test cases:
* Read jceks key store and convert to the p12 key store, then compare entries
* in the two key stores.
* Read p12 key store and convert to the jceks key store, then compare entries
* in the two key stores.
* Read p12 key store (contains only private key and a self-signed certificate)
* and convert to the jceks key store, then compare entries of two key stores.
* Read p12 key store (contains 2 entries) and convert to the jceks key store,
* then compare entries in the two key stores.
* Read p12 key store (entry password and key store password are different) and
* convert to the jceks key store, then compare entries in the two key stores.
* Read p12 key store and convert to the jks key store, then compare entries
* in the two key stores.
* Read p12 key store (contains only private key and a self-signed certificate)
* and convert to the jks key store, then compare entries in the two key stores.
* Read p12 key store (contains 2 entries) and convert to the jks key store,
* then compare entries in the two key stores.
* Read p12 key store (entry password and key store password are different) and
* convert to the jks key store, then compare entries in the two key stores.
*/
public class ConvertP12Test {
private static final String SUN_JSSE = "SunJSSE";
private static final String SUN_JCE = "SunJCE";
private static final String SUN = "SUN";
private static final String PKCS12 = "pkcs12";
private static final String JCE_KS = "JceKS";
private static final String JKS = "JKS";
public static void main(String args[]) throws Exception {
ConvertP12Test jstest = new ConvertP12Test();
jstest.driver("JceksToP12", "keystoreCA.jceks.data", JCE_KS, SUN_JCE,
"storepass", "keypass", PKCS12, SUN_JSSE);
jstest.driver("P12ToJceks_Chain", "ie_jceks_chain.pfx.data", PKCS12,
SUN_JSSE, "pass", "pass", JCE_KS, SUN_JCE);
jstest.driver("P12ToJceks_SelfSigned", "jdk_jceks_selfsigned.p12.data",
PKCS12, SUN_JSSE, "pass", "pass", JCE_KS, SUN_JCE);
jstest.driver("P12ToJceks_TwoEntry", "jdk_jceks_twoentry.p12.data",
PKCS12, SUN_JSSE, "pass", "pass", JCE_KS, SUN_JCE);
jstest.driver("P12ToJceks_TwoPass", "jdk_jceks_twopass.p12.data",
PKCS12, SUN_JSSE, "storepass", "keypass", JCE_KS, SUN_JCE);
jstest.driver("P12ToJks_Chain", "ie_jks_chain.pfx.data", PKCS12,
SUN_JSSE, "pass", "pass", JKS, SUN);
jstest.driver("P12ToJks_SelfSigned", "jdk_jks_selfsigned.p12.data",
PKCS12, SUN_JSSE, "pass", "pass", JKS, SUN);
jstest.driver("P12ToJks_TwoEntry", "jdk_jks_twoentry.p12.data", PKCS12,
SUN_JSSE, "pass", "pass", JKS, SUN);
jstest.driver("P12ToJks_TwoPass", "jdk_jks_twopass.p12.data", PKCS12,
SUN_JSSE, "storepass", "keypass", JKS, SUN);
}
private void driver(String testCase, String inKeyStore,
String inKeyStoreType, String inKeyStoreTypePrv,
String inStorePass, String inKeyPass, String outKeyStoreType,
String outKeyStorePrv) throws Exception {
String outStorePass = "pass";
String outKeyPass = "pass";
KeyStore inputKeyStore, outputKeyStore;
out.println("Testing " + testCase);
String keystorePath = System.getProperty("test.src", ".")
+ File.separator + "certs" + File.separator + "convertP12";
out.println("Output KeyStore : " + inKeyStore + ".out");
String outKeyStoreName = inKeyStore + ".out";
try (FileOutputStream fout = new FileOutputStream(outKeyStoreName);) {
inputKeyStore = KeyStore.getInstance(inKeyStoreType,
inKeyStoreTypePrv);
// KeyStore have encoded by Base64.getMimeEncoder().encode(),need
// decode first.
byte[] input = Files.readAllBytes(Paths.get(keystorePath,
inKeyStore));
ByteArrayInputStream arrayIn = new ByteArrayInputStream(Base64
.getMimeDecoder().decode(input));
out.println("Input KeyStore : " + inKeyStore);
inputKeyStore.load(arrayIn, inStorePass.toCharArray());
outputKeyStore = KeyStore.getInstance(outKeyStoreType,
outKeyStorePrv);
outputKeyStore.load(null, null);
run(inputKeyStore, outputKeyStore, inKeyPass, outKeyPass);
outputKeyStore.store(fout, outStorePass.toCharArray());
// for P12ToJks_TwoEntry test case will test includes each other,
// others just test compareKeystore
if (testCase.contains("TwoEntry")) {
compareKeyStore(inputKeyStore, outputKeyStore, inKeyPass,
outKeyPass, 2);
compareKeyStore(outputKeyStore, inputKeyStore, outKeyPass,
inKeyPass, 2);
} else {
compareKeyStore(inputKeyStore, outputKeyStore, inKeyPass,
outKeyPass, 1);
}
out.println("Test " + testCase + " STATUS: Pass!!");
} catch (Exception ex) {
out.println("Test " + testCase + " STATUS: failed with exception: "
+ ex.getMessage());
throw ex;
}
}
private void run(KeyStore inputKeyStore, KeyStore outputKeyStore,
String inKeyPass, String outKeyPass) throws Exception {
Enumeration<String> e = inputKeyStore.aliases();
String alias;
while (e.hasMoreElements()) {
alias = e.nextElement();
Certificate[] certs = inputKeyStore.getCertificateChain(alias);
boolean isCertEntry = inputKeyStore.isCertificateEntry(alias);
// Test KeyStore only contain key pair entries.
if (isCertEntry == true) {
throw new RuntimeException(
"inputKeystore should not be certEntry because test"
+ " keystore only contain key pair entries"
+ " for alias:" + alias);
}
boolean isKeyEntry = inputKeyStore.isKeyEntry(alias);
Key key = null;
if (isKeyEntry) {
key = inputKeyStore.getKey(alias, inKeyPass.toCharArray());
} else {
throw new RuntimeException("Entry type unknown for alias:"
+ alias);
}
outputKeyStore.setKeyEntry(alias, key, outKeyPass.toCharArray(),
certs);
}
}
private void compareKeyStore(KeyStore a, KeyStore b, String inKeyPass,
String outKeyPass, int keyStoreSize) throws Exception {
if (a.size() != keyStoreSize || b.size() != keyStoreSize) {
throw new RuntimeException("size not match or size not equal to "
+ keyStoreSize);
}
Enumeration<String> eA = a.aliases();
while (eA.hasMoreElements()) {
String aliasA = eA.nextElement();
if (!b.containsAlias(aliasA)) {
throw new RuntimeException("alias not match for alias:"
+ aliasA);
}
compareKeyEntry(a, b, inKeyPass, outKeyPass, aliasA);
}
}
private void compareKeyEntry(KeyStore a, KeyStore b, String aPass,
String bPass, String alias) throws KeyStoreException,
UnrecoverableKeyException, NoSuchAlgorithmException {
Certificate[] certsA = a.getCertificateChain(alias);
Certificate[] certsB = b.getCertificateChain(alias);
if (!Arrays.equals(certsA, certsB)) {
throw new RuntimeException("Certs don't match for alias:" + alias);
}
Key keyA = a.getKey(alias, aPass.toCharArray());
Key keyB = b.getKey(alias, bPass.toCharArray());
if (!keyA.equals(keyB)) {
throw new RuntimeException(
"Key don't match for alias:" + alias);
}
}
}