提交 58d33699 编写于 作者: V vinnie

8007755: Support the logical grouping of keystores

Reviewed-by: mullan
上级 0f990bd9
......@@ -218,6 +218,150 @@ public class KeyStore {
public ProtectionParameter getProtectionParameter();
}
/**
* Configuration data that specifies the keystores in a keystore domain.
* A keystore domain is a collection of keystores that are presented as a
* single logical keystore. The configuration data is used during
* {@code KeyStore}
* {@link #load(KeyStore.LoadStoreParameter) load} and
* {@link #store(KeyStore.LoadStoreParameter) store} operations.
* <p>
* The following syntax is supported for configuration data:
* <pre>
*
* domain <domainName> [<property> ...] {
* keystore <keystoreName> [<property> ...] ;
* ...
* };
* ...
*
* </pre>
* where {@code domainName} and {@code keystoreName} are identifiers
* and {@code property} is a key/value pairing. The key and value are
* separated by an 'equals' symbol and the value is enclosed in double
* quotes. A property value may be either a printable string or a binary
* string of colon-separated pairs of hexadecimal digits. Multi-valued
* properties are represented as a comma-separated list of values,
* enclosed in square brackets.
* See {@link Arrays#toString(java.lang.Object[])}.
* <p>
* To ensure that keystore entries are uniquely identified, each
* entry's alias is prefixed by its {@code keystoreName} followed
* by the entry name separator and each {@code keystoreName} must be
* unique within its domain. Entry name prefixes are omitted when
* storing a keystore.
* <p>
* Properties are context-sensitive: properties that apply to
* all the keystores in a domain are located in the domain clause,
* and properties that apply only to a specific keystore are located
* in that keystore's clause.
* Unless otherwise specified, a property in a keystore clause overrides
* a property of the same name in the domain clause. All property names
* are case-insensitive. The following properties are supported:
* <dl>
* <dt> {@code keystoreType="<type>"} </dt>
* <dd> The keystore type. </dd>
* <dt> {@code keystoreURI="<url>"} </dt>
* <dd> The keystore location. </dd>
* <dt> {@code keystoreProviderName="<name>"} </dt>
* <dd> The name of the keystore's JCE provider. </dd>
* <dt> {@code keystorePasswordEnv="<environment-variable>"} </dt>
* <dd> The environment variable that stores a keystore password.
* Alternatively, passwords may be supplied to the constructor
* method in a {@code Map<String, ProtectionParameter>}. </dd>
* <dt> {@code entryNameSeparator="<separator>"} </dt>
* <dd> The separator between a keystore name prefix and an entry name.
* When specified, it applies to all the entries in a domain.
* Its default value is a space. </dd>
* </dl>
* <p>
* For example, configuration data for a simple keystore domain
* comprising three keystores is shown below:
* <pre>
*
* domain app1 {
* keystore app1-truststore
* keystoreURI="file:///app1/etc/truststore.jks"
*
* keystore system-truststore
* keystoreURI="${java.home}/lib/security/cacerts"
*
* keystore app1-keystore
* keystoreType="PKCS12"
* keystoreURI="file:///app1/etc/keystore.p12"
* };
*
* </pre>
* @since 1.8
*/
public static final class DomainLoadStoreParameter
implements LoadStoreParameter {
private final URI configuration;
private final Map<String,ProtectionParameter> protectionParams;
/**
* Constructs a DomainLoadStoreParameter for a keystore domain with
* the parameters used to protect keystore data.
*
* @param configuration identifier for the domain configuration data.
* The name of the target domain should be specified in the
* {@code java.net.URI} fragment component when it is necessary
* to distinguish between several domain configurations at the
* same location.
*
* @param protectionParams the map from keystore name to the parameter
* used to protect keystore data.
* A {@code java.util.Collections.EMPTY_MAP} should be used
* when protection parameters are not required or when they have
* been specified by properties in the domain configuration data.
* It is cloned to prevent subsequent modification.
*
* @exception NullPointerExcetion if {@code configuration} or
* {@code protectionParams} is {@code null}
*/
public DomainLoadStoreParameter(URI configuration,
Map<String,ProtectionParameter> protectionParams) {
if (configuration == null || protectionParams == null) {
throw new NullPointerException("invalid null input");
}
this.configuration = configuration;
this.protectionParams =
Collections.unmodifiableMap(new HashMap<>(protectionParams));
}
/**
* Gets the identifier for the domain configuration data.
*
* @return the identifier for the configuration data
*/
public URI getConfiguration() {
return configuration;
}
/**
* Gets the keystore protection parameters for keystores in this
* domain.
*
* @return an unmodifiable map of keystore names to protection
* parameters
*/
public Map<String,ProtectionParameter> getProtectionParams() {
return protectionParams;
}
/**
* Gets the keystore protection parameters for this domain.
* Keystore domains do not support a protection parameter.
*
* @return always returns {@code null}
*/
@Override
public KeyStore.ProtectionParameter getProtectionParameter() {
return null;
}
}
/**
* A marker interface for keystore protection parameters.
*
......
/*
* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -32,12 +32,7 @@ import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.text.MessageFormat;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Vector;
import java.util.StringTokenizer;
import java.util.*;
import javax.security.auth.x500.X500Principal;
import sun.security.util.Debug;
......@@ -97,6 +92,7 @@ public class PolicyParser {
private Vector<GrantEntry> grantEntries;
private Map<String, DomainEntry> domainEntries;
// Convenience variables for parsing
private static final Debug debug = Debug.getInstance("parser",
......@@ -195,9 +191,10 @@ public class PolicyParser {
*/
lookahead = st.nextToken();
GrantEntry ge = null;
while (lookahead != StreamTokenizer.TT_EOF) {
if (peek("grant")) {
GrantEntry ge = parseGrantEntry();
ge = parseGrantEntry();
// could be null if we couldn't expand a property
if (ge != null)
add(ge);
......@@ -209,6 +206,24 @@ public class PolicyParser {
// only one keystore passwordURL per policy file, others will be
// ignored
parseStorePassURL();
} else if (ge == null && keyStoreUrlString == null &&
storePassURL == null && peek("domain")) {
if (domainEntries == null) {
domainEntries = new TreeMap<>();
}
DomainEntry de = parseDomainEntry();
if (de != null) {
String domainName = de.getName();
if (!domainEntries.containsKey(domainName)) {
domainEntries.put(domainName, de);
} else {
MessageFormat form =
new MessageFormat(ResourcesMgr.getString(
"duplicate.keystore.domain.name"));
Object[] source = {domainName};
throw new ParsingException(form.format(source));
}
}
} else {
// error?
}
......@@ -304,6 +319,10 @@ public class PolicyParser {
return grantEntries.elements();
}
public Collection<DomainEntry> getDomainEntries() {
return domainEntries.values();
}
/**
* write out the policy
*/
......@@ -633,6 +652,67 @@ public class PolicyParser {
return e;
}
/**
* parse a domain entry
*/
private DomainEntry parseDomainEntry()
throws ParsingException, IOException
{
boolean ignoreEntry = false;
DomainEntry domainEntry;
String name = null;
Map<String, String> properties = new HashMap<>();
match("domain");
name = match("domain name");
while(!peek("{")) {
// get the domain properties
properties = parseProperties("{");
}
match("{");
domainEntry = new DomainEntry(name, properties);
while(!peek("}")) {
match("keystore");
name = match("keystore name");
// get the keystore properties
if (!peek("}")) {
properties = parseProperties(";");
}
match(";");
domainEntry.add(new KeyStoreEntry(name, properties));
}
match("}");
return (ignoreEntry == true) ? null : domainEntry;
}
/*
* Return a collection of domain properties or keystore properties.
*/
private Map<String, String> parseProperties(String terminator)
throws ParsingException, IOException {
Map<String, String> properties = new HashMap<>();
String key;
String value;
while (!peek(terminator)) {
key = match("property name");
match("=");
try {
value = expand(match("quoted string"));
} catch (PropertyExpander.ExpandException peee) {
throw new IOException(peee.getLocalizedMessage());
}
properties.put(key.toLowerCase(), value);
}
return properties;
}
// package-private: used by PolicyFile for static policy
static String[] parseExtDirs(String codebase, int start) {
......@@ -708,6 +788,10 @@ public class PolicyParser {
if (expect.equalsIgnoreCase("*"))
found = true;
break;
case ';':
if (expect.equalsIgnoreCase(";"))
found = true;
break;
default:
}
......@@ -739,6 +823,11 @@ public class PolicyParser {
} else if (expect.equalsIgnoreCase("principal type")) {
value = st.sval;
lookahead = st.nextToken();
} else if (expect.equalsIgnoreCase("domain name") ||
expect.equalsIgnoreCase("keystore name") ||
expect.equalsIgnoreCase("property name")) {
value = st.sval;
lookahead = st.nextToken();
} else {
throw new ParsingException(st.lineno(), expect,
st.sval);
......@@ -788,6 +877,12 @@ public class PolicyParser {
else
throw new ParsingException(st.lineno(), expect, "*");
break;
case '=':
if (expect.equalsIgnoreCase("="))
lookahead = st.nextToken();
else
throw new ParsingException(st.lineno(), expect, "=");
break;
default:
throw new ParsingException(st.lineno(), expect,
new String(new char[] {(char)lookahead}));
......@@ -1185,6 +1280,108 @@ public class PolicyParser {
}
}
/**
* Each domain entry in the keystore domain configuration file is
* represented by a DomainEntry object.
*/
static class DomainEntry {
private final String name;
private final Map<String, String> properties;
private final Map<String, KeyStoreEntry> entries;
DomainEntry(String name, Map<String, String> properties) {
this.name = name;
this.properties = properties;
entries = new HashMap<>();
}
String getName() {
return name;
}
Map<String, String> getProperties() {
return properties;
}
Collection<KeyStoreEntry> getEntries() {
return entries.values();
}
void add(KeyStoreEntry entry) throws ParsingException {
String keystoreName = entry.getName();
if (!entries.containsKey(keystoreName)) {
entries.put(keystoreName, entry);
} else {
MessageFormat form = new MessageFormat(ResourcesMgr.getString(
"duplicate.keystore.name"));
Object[] source = {keystoreName};
throw new ParsingException(form.format(source));
}
}
@Override
public String toString() {
StringBuilder s =
new StringBuilder("\ndomain ").append(name);
if (properties != null) {
for (Map.Entry<String, String> property :
properties.entrySet()) {
s.append("\n ").append(property.getKey()).append('=')
.append(property.getValue());
}
}
s.append(" {\n");
if (entries != null) {
for (KeyStoreEntry entry : entries.values()) {
s.append(entry).append("\n");
}
}
s.append("}");
return s.toString();
}
}
/**
* Each keystore entry in the keystore domain configuration file is
* represented by a KeyStoreEntry object.
*/
static class KeyStoreEntry {
private final String name;
private final Map<String, String> properties;
KeyStoreEntry(String name, Map<String, String> properties) {
this.name = name;
this.properties = properties;
}
String getName() {
return name;
}
Map<String, String> getProperties() {
return properties;
}
@Override
public String toString() {
StringBuilder s = new StringBuilder("\n keystore ").append(name);
if (properties != null) {
for (Map.Entry<String, String> property :
properties.entrySet()) {
s.append("\n ").append(property.getKey()).append('=')
.append(property.getValue());
}
}
s.append(";");
return s.toString();
}
}
public static class ParsingException extends GeneralSecurityException {
private static final long serialVersionUID = -4330692689482574072L;
......
/*
* Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -40,13 +40,14 @@ public final class Sun extends Provider {
private static final String INFO = "SUN " +
"(DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; " +
"SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; " +
"SecureRandom; X.509 certificates; JKS & DKS keystores; " +
"PKIX CertPathValidator; " +
"PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; " +
"JavaLoginConfig Configuration)";
public Sun() {
/* We are the SUN provider */
super("SUN", 1.7, INFO);
super("SUN", 1.8, INFO);
// if there is no security manager installed, put directly into
// the provider. Otherwise, create a temporary map and use a
......
......@@ -208,6 +208,7 @@ final class SunEntries {
map.put("KeyStore.JKS", "sun.security.provider.JavaKeyStore$JKS");
map.put("KeyStore.CaseExactJKS",
"sun.security.provider.JavaKeyStore$CaseExactJKS");
map.put("KeyStore.DKS", "sun.security.provider.DomainKeyStore$DKS");
/*
* Policy
......
......@@ -127,6 +127,8 @@ public class Resources extends java.util.ListResourceBundle {
{"multiple.Codebase.expressions",
"multiple Codebase expressions"},
{"multiple.SignedBy.expressions","multiple SignedBy expressions"},
{"duplicate.keystore.domain.name","duplicate keystore domain name: {0}"},
{"duplicate.keystore.name","duplicate keystore name: {0}"},
{"SignedBy.has.empty.alias","SignedBy has empty alias"},
{"can.not.specify.Principal.with.a.wildcard.class.without.a.wildcard.name",
"can not specify Principal with a wildcard class without a wildcard name"},
......
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* see ./DKSTest.sh
*/
import java.io.*;
import java.net.*;
import java.security.*;
import java.security.KeyStore;
import java.security.cert.*;
import java.security.cert.Certificate;
import java.util.*;
// Load and store entries in domain keystores
public class DKSTest {
private static final String TEST_SRC = System.getProperty("test.src");
private static final String CERT = TEST_SRC + "/../../pkcs12/trusted.pem";
private static final String CONFIG = "file://" + TEST_SRC + "/domains.cfg";
private static final Map<String, KeyStore.ProtectionParameter> PASSWORDS =
new HashMap<String, KeyStore.ProtectionParameter>() {{
put("keystore",
new KeyStore.PasswordProtection("test123".toCharArray()));
put("policy_keystore",
new KeyStore.PasswordProtection(
"Alias.password".toCharArray()));
put("pw_keystore",
new KeyStore.PasswordProtection("test12".toCharArray()));
put("eckeystore1",
new KeyStore.PasswordProtection("password".toCharArray()));
put("eckeystore2",
new KeyStore.PasswordProtection("password".toCharArray()));
put("truststore",
new KeyStore.PasswordProtection("changeit".toCharArray()));
put("empty",
new KeyStore.PasswordProtection("passphrase".toCharArray()));
}};
public static void main(String[] args) throws Exception {
try {
main0();
} finally {
// cleanup
new File(TEST_SRC + "/empty.jks").delete();
new File(TEST_SRC + "/Alias.keystore_tmp").delete();
new File(TEST_SRC + "/pw.jks_tmp").delete();
new File(TEST_SRC + "/secp256r1server-secp384r1ca.p12_tmp").delete();
new File(TEST_SRC + "/sect193r1server-rsa1024ca.p12_tmp").delete();
}
}
private static void main0() throws Exception {
/*
* domain keystore: system
*/
URI config = new URI(CONFIG + "#system");
int cacertsCount;
int expected;
KeyStore keystore = KeyStore.getInstance("DKS");
// load entries
keystore.load(
new KeyStore.DomainLoadStoreParameter(config, PASSWORDS));
cacertsCount = expected = keystore.size();
System.out.println("\nLoading domain keystore: " + config + "\t[" +
expected + " entries]");
checkEntries(keystore, expected);
/*
* domain keystore: system_plus
*/
config = new URI(CONFIG + "#system_plus");
expected = cacertsCount + 1;
keystore = KeyStore.getInstance("DKS");
// load entries
keystore.load(
new KeyStore.DomainLoadStoreParameter(config, PASSWORDS));
System.out.println("\nLoading domain keystore: " + config + "\t[" +
expected + " entries]");
checkEntries(keystore, expected);
/*
* domain keystore: system_env
*/
config = new URI(CONFIG + "#system_env");
expected = 1 + cacertsCount;
keystore = KeyStore.getInstance("DKS");
// load entries
keystore.load(
new KeyStore.DomainLoadStoreParameter(config,
Collections.<String, KeyStore.ProtectionParameter>emptyMap()));
System.out.println("\nLoading domain keystore: " + config + "\t[" +
expected + " entries]");
checkEntries(keystore, expected);
/*
* domain keystore: empty
*/
KeyStore empty = KeyStore.getInstance("JKS");
empty.load(null, null);
try (OutputStream outStream =
new FileOutputStream(TEST_SRC + "/empty.jks")) {
empty.store(outStream, "passphrase".toCharArray());
}
config = new URI(CONFIG + "#empty");
expected = 0;
keystore = KeyStore.getInstance("DKS");
// load entries
keystore.load(
new KeyStore.DomainLoadStoreParameter(config, PASSWORDS));
System.out.println("\nLoading domain keystore: " + config + "\t[" +
expected + " entries]");
checkEntries(keystore, expected);
/*
* domain keystore: keystores
*/
config = new URI(CONFIG + "#keystores");
expected = 2 + 1 + 1 + 1;
keystore = KeyStore.getInstance("DKS");
// load entries
keystore.load(
new KeyStore.DomainLoadStoreParameter(config, PASSWORDS));
System.out.println("\nLoading domain keystore: " + config + "\t[" +
expected + " entries]");
checkEntries(keystore, expected);
// set a new trusted certificate entry
Certificate cert = loadCertificate(CERT);
String alias = "pw_keystore tmp-cert";
System.out.println("Setting new trusted certificate entry: " + alias);
keystore.setEntry(alias,
new KeyStore.TrustedCertificateEntry(cert), null);
expected++;
// store entries
config = new URI(CONFIG + "#keystores_tmp");
System.out.println("Storing domain keystore: " + config + "\t[" +
expected + " entries]");
keystore.store(
new KeyStore.DomainLoadStoreParameter(config, PASSWORDS));
keystore = KeyStore.getInstance("DKS");
// reload entries
keystore.load(
new KeyStore.DomainLoadStoreParameter(config, PASSWORDS));
System.out.println("Reloading domain keystore: " + config + "\t[" +
expected + " entries]");
checkEntries(keystore, expected);
// get the new trusted certificate entry
System.out.println("Getting new trusted certificate entry: " + alias);
if (!keystore.isCertificateEntry(alias)) {
throw new Exception("Error: cannot retrieve certificate entry: " +
alias);
}
keystore.setEntry(alias,
new KeyStore.TrustedCertificateEntry(cert), null);
}
private static void checkEntries(KeyStore keystore, int expected)
throws Exception {
int i = 0;
for (String alias : Collections.list(keystore.aliases())) {
System.out.print(".");
i++;
}
System.out.println();
if (expected != i) {
throw new Exception("Error: unexpected entry count in keystore: " +
"loaded=" + i + ", expected=" + expected);
}
}
private static Certificate loadCertificate(String certFile)
throws Exception {
X509Certificate cert = null;
try (FileInputStream certStream = new FileInputStream(certFile)) {
CertificateFactory factory =
CertificateFactory.getInstance("X.509");
return factory.generateCertificate(certStream);
}
}
}
#! /bin/sh
#
# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
# @test
# @bug 8007755
# @summary Support the logical grouping of keystores
# set a few environment variables so that the shell-script can run stand-alone
# in the source directory
if [ "${TESTSRC}" = "" ] ; then
TESTSRC="."
fi
if [ "${TESTCLASSES}" = "" ] ; then
TESTCLASSES="."
fi
if [ "${TESTJAVA}" = "" ] ; then
echo "TESTJAVA not set. Test cannot execute."
echo "FAILED!!!"
exit 1
fi
if [ "${COMPILEJAVA}" = "" ]; then
COMPILEJAVA="${TESTJAVA}"
fi
# set platform-dependent variables
OS=`uname -s`
case "$OS" in
SunOS )
PS=":"
FS="/"
;;
Linux )
PS=":"
FS="/"
;;
Darwin )
PS=":"
FS="/"
;;
CYGWIN* )
PS=";"
FS="/"
;;
Windows* )
PS=";"
FS="\\"
;;
* )
echo "Unrecognized system!"
exit 1;
;;
esac
${COMPILEJAVA}${FS}bin${FS}javac -d . ${TESTSRC}${FS}DKSTest.java
KEYSTORE_PWD=test12 TRUSTSTORE_PWD=changeit \
${TESTJAVA}${FS}bin${FS}java ${TESTVMOPTS} -Dtest.src=${TESTSRC} DKSTest
exit $status
// domain containing a single keystore
domain system {
keystore truststore
keystoreType="JKS"
keystoreURI="${java.home}/lib/security/cacerts";
};
// domain containing two JKS keystores
domain system_plus {
keystore truststore
keystoreType="JKS"
keystoreURI="${java.home}/lib/security/cacerts";
keystore pw_keystore
keystoreType="JKS"
keystoreURI="${test.src}/pw.jks";
};
// domain containing a mixture of keystores
domain keystores
keystoreType="PKCS12" {
keystore policy_keystore
keystoreType="JKS"
keystoreURI="${test.src}/../PolicyFile/Alias.keystore";
keystore pw_keystore
keystoreType="CaseExactJKS"
keystoreURI="${test.src}/pw.jks";
keystore eckeystore1
keystoreURI="${test.src}/../../pkcs11/ec/pkcs12/sect193r1server-rsa1024ca.p12";
keystore eckeystore2
keystoreURI="${test.src}/../../pkcs11/ec/pkcs12/secp256r1server-secp384r1ca.p12";
};
// domain containing a mixture of keystores
domain keystores_tmp
keystoreType="PKCS12" {
keystore policy_keystore
keystoreType="JKS"
keystoreURI="${test.src}/Alias.keystore_tmp";
keystore pw_keystore
keystoreType="CaseExactJKS"
keystoreURI="${test.src}/pw.jks_tmp";
keystore eckeystore1
keystoreURI="${test.src}/sect193r1server-rsa1024ca.p12_tmp";
keystore eckeystore2
keystoreURI="${test.src}/secp256r1server-secp384r1ca.p12_tmp";
};
// domain where passwords are supplied via environment variables
domain system_env
keystoreType="JKS"
keystorePasswordEnv="KEYSTORE_PWD" {
keystore env_keystore
keystoreURI="${test.src}/pw.jks";
keystore env_truststore
keystoreURI="${java.home}/lib/security/cacerts"
keystorePasswordEnv="TRUSTSTORE_PWD";
};
// empty domain
domain empty
keystoreType="JKS"
keystoreProviderName="SUN" {
keystore empty
keystoreURI="${test.src}/empty.jks";
};
......@@ -73,7 +73,7 @@ ${TESTJAVA}${FS}bin${FS}keytool -genkey -v -alias dummyTestCA \
-keyalg "RSA" -keysize 1024 -sigalg "ShA1WithRSA" \
-dname "cn=Dummy Test CA, ou=JSN, o=JavaSoft, c=US" -validity 3650 \
-keypass storepass -keystore keystoreCA.dks -storepass storepass \
-storetype "dks" -provider "org.test.dummy.DummyProvider" \
-storetype "dummyks" -provider "org.test.dummy.DummyProvider" \
-providerPath ${TESTCLASSES}
if [ $? -ne 0 ]; then
......@@ -82,7 +82,7 @@ fi
#Change keystore password
${TESTJAVA}${FS}bin${FS}keytool -storepasswd -new storepass2 \
-keystore keystoreCA.dks -storetype "dks" -storepass storepass \
-keystore keystoreCA.dks -storetype "dummyks" -storepass storepass \
-provider "org.test.dummy.DummyProvider" -providerPath ${TESTCLASSES}
if [ $? -ne 0 ]; then
......@@ -93,7 +93,7 @@ fi
#Change keystore key password
${TESTJAVA}${FS}bin${FS}keytool -keypasswd -alias "dummyTestCA" \
-keypass storepass -new keypass -keystore keystoreCA.dks \
-storetype "dks" -storepass storepass2 \
-storetype "dummyks" -storepass storepass2 \
-provider "org.test.dummy.DummyProvider" -providerPath ${TESTCLASSES}
if [ $? -ne 0 ]; then
......@@ -102,7 +102,7 @@ fi
#Export certificate
${TESTJAVA}${FS}bin${FS}keytool -v -export -rfc -alias "dummyTestCA" \
-file "dummyTestCA.der" -keystore keystoreCA.dks -storetype "dks" \
-file "dummyTestCA.der" -keystore keystoreCA.dks -storetype "dummyks" \
-storepass storepass2 -provider "org.test.dummy.DummyProvider" \
-providerPath ${TESTCLASSES}
......@@ -112,7 +112,7 @@ fi
#list keystore
${TESTJAVA}${FS}bin${FS}keytool -v -list -keystore keystoreCA.dks \
-storetype "dks" -storepass storepass2 \
-storetype "dummyks" -storepass storepass2 \
-provider "org.test.dummy.DummyProvider" -providerPath ${TESTCLASSES}
if [ $? -ne 0 ]; then
......
......@@ -40,7 +40,7 @@ public class DummyProvider extends Provider {
//
// KeyStore
//
put("KeyStore.DKS", "sun.security.provider.JavaKeyStore$JKS");
put("KeyStore.DummyKS", "sun.security.provider.JavaKeyStore$JKS");
//
// Signature engines
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册