Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
58d33699
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
58d33699
编写于
2月 13, 2013
作者:
V
vinnie
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8007755: Support the logical grouping of keystores
Reviewed-by: mullan
上级
0f990bd9
变更
11
展开全部
隐藏空白更改
内联
并排
Showing
11 changed file
with
1614 addition
and
17 deletion
+1614
-17
src/share/classes/java/security/KeyStore.java
src/share/classes/java/security/KeyStore.java
+144
-0
src/share/classes/sun/security/provider/DomainKeyStore.java
src/share/classes/sun/security/provider/DomainKeyStore.java
+900
-0
src/share/classes/sun/security/provider/PolicyParser.java
src/share/classes/sun/security/provider/PolicyParser.java
+205
-8
src/share/classes/sun/security/provider/Sun.java
src/share/classes/sun/security/provider/Sun.java
+4
-3
src/share/classes/sun/security/provider/SunEntries.java
src/share/classes/sun/security/provider/SunEntries.java
+1
-0
src/share/classes/sun/security/util/Resources.java
src/share/classes/sun/security/util/Resources.java
+2
-0
test/sun/security/provider/KeyStore/DKSTest.java
test/sun/security/provider/KeyStore/DKSTest.java
+203
-0
test/sun/security/provider/KeyStore/DKSTest.sh
test/sun/security/provider/KeyStore/DKSTest.sh
+84
-0
test/sun/security/provider/KeyStore/domains.cfg
test/sun/security/provider/KeyStore/domains.cfg
+65
-0
test/sun/security/tools/keytool/AltProviderPath.sh
test/sun/security/tools/keytool/AltProviderPath.sh
+5
-5
test/sun/security/tools/keytool/DummyProvider.java
test/sun/security/tools/keytool/DummyProvider.java
+1
-1
未找到文件。
src/share/classes/java/security/KeyStore.java
浏览文件 @
58d33699
...
...
@@ -218,6 +218,150 @@ public class KeyStore {
public
ProtectionParameter
getProtectionParameter
();
}
/**
* Configuration data that specifies the keystores in a keystore domain.
* A keystore domain is a collection of keystores that are presented as a
* single logical keystore. The configuration data is used during
* {@code KeyStore}
* {@link #load(KeyStore.LoadStoreParameter) load} and
* {@link #store(KeyStore.LoadStoreParameter) store} operations.
* <p>
* The following syntax is supported for configuration data:
* <pre>
*
* domain <domainName> [<property> ...] {
* keystore <keystoreName> [<property> ...] ;
* ...
* };
* ...
*
* </pre>
* where {@code domainName} and {@code keystoreName} are identifiers
* and {@code property} is a key/value pairing. The key and value are
* separated by an 'equals' symbol and the value is enclosed in double
* quotes. A property value may be either a printable string or a binary
* string of colon-separated pairs of hexadecimal digits. Multi-valued
* properties are represented as a comma-separated list of values,
* enclosed in square brackets.
* See {@link Arrays#toString(java.lang.Object[])}.
* <p>
* To ensure that keystore entries are uniquely identified, each
* entry's alias is prefixed by its {@code keystoreName} followed
* by the entry name separator and each {@code keystoreName} must be
* unique within its domain. Entry name prefixes are omitted when
* storing a keystore.
* <p>
* Properties are context-sensitive: properties that apply to
* all the keystores in a domain are located in the domain clause,
* and properties that apply only to a specific keystore are located
* in that keystore's clause.
* Unless otherwise specified, a property in a keystore clause overrides
* a property of the same name in the domain clause. All property names
* are case-insensitive. The following properties are supported:
* <dl>
* <dt> {@code keystoreType="<type>"} </dt>
* <dd> The keystore type. </dd>
* <dt> {@code keystoreURI="<url>"} </dt>
* <dd> The keystore location. </dd>
* <dt> {@code keystoreProviderName="<name>"} </dt>
* <dd> The name of the keystore's JCE provider. </dd>
* <dt> {@code keystorePasswordEnv="<environment-variable>"} </dt>
* <dd> The environment variable that stores a keystore password.
* Alternatively, passwords may be supplied to the constructor
* method in a {@code Map<String, ProtectionParameter>}. </dd>
* <dt> {@code entryNameSeparator="<separator>"} </dt>
* <dd> The separator between a keystore name prefix and an entry name.
* When specified, it applies to all the entries in a domain.
* Its default value is a space. </dd>
* </dl>
* <p>
* For example, configuration data for a simple keystore domain
* comprising three keystores is shown below:
* <pre>
*
* domain app1 {
* keystore app1-truststore
* keystoreURI="file:///app1/etc/truststore.jks"
*
* keystore system-truststore
* keystoreURI="${java.home}/lib/security/cacerts"
*
* keystore app1-keystore
* keystoreType="PKCS12"
* keystoreURI="file:///app1/etc/keystore.p12"
* };
*
* </pre>
* @since 1.8
*/
public
static
final
class
DomainLoadStoreParameter
implements
LoadStoreParameter
{
private
final
URI
configuration
;
private
final
Map
<
String
,
ProtectionParameter
>
protectionParams
;
/**
* Constructs a DomainLoadStoreParameter for a keystore domain with
* the parameters used to protect keystore data.
*
* @param configuration identifier for the domain configuration data.
* The name of the target domain should be specified in the
* {@code java.net.URI} fragment component when it is necessary
* to distinguish between several domain configurations at the
* same location.
*
* @param protectionParams the map from keystore name to the parameter
* used to protect keystore data.
* A {@code java.util.Collections.EMPTY_MAP} should be used
* when protection parameters are not required or when they have
* been specified by properties in the domain configuration data.
* It is cloned to prevent subsequent modification.
*
* @exception NullPointerExcetion if {@code configuration} or
* {@code protectionParams} is {@code null}
*/
public
DomainLoadStoreParameter
(
URI
configuration
,
Map
<
String
,
ProtectionParameter
>
protectionParams
)
{
if
(
configuration
==
null
||
protectionParams
==
null
)
{
throw
new
NullPointerException
(
"invalid null input"
);
}
this
.
configuration
=
configuration
;
this
.
protectionParams
=
Collections
.
unmodifiableMap
(
new
HashMap
<>(
protectionParams
));
}
/**
* Gets the identifier for the domain configuration data.
*
* @return the identifier for the configuration data
*/
public
URI
getConfiguration
()
{
return
configuration
;
}
/**
* Gets the keystore protection parameters for keystores in this
* domain.
*
* @return an unmodifiable map of keystore names to protection
* parameters
*/
public
Map
<
String
,
ProtectionParameter
>
getProtectionParams
()
{
return
protectionParams
;
}
/**
* Gets the keystore protection parameters for this domain.
* Keystore domains do not support a protection parameter.
*
* @return always returns {@code null}
*/
@Override
public
KeyStore
.
ProtectionParameter
getProtectionParameter
()
{
return
null
;
}
}
/**
* A marker interface for keystore protection parameters.
*
...
...
src/share/classes/sun/security/provider/DomainKeyStore.java
0 → 100644
浏览文件 @
58d33699
此差异已折叠。
点击以展开。
src/share/classes/sun/security/provider/PolicyParser.java
浏览文件 @
58d33699
/*
* Copyright (c) 1997, 201
2
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -32,12 +32,7 @@ import java.net.URL;
import
java.security.GeneralSecurityException
;
import
java.security.Principal
;
import
java.text.MessageFormat
;
import
java.util.Enumeration
;
import
java.util.Hashtable
;
import
java.util.Iterator
;
import
java.util.LinkedList
;
import
java.util.Vector
;
import
java.util.StringTokenizer
;
import
java.util.*
;
import
javax.security.auth.x500.X500Principal
;
import
sun.security.util.Debug
;
...
...
@@ -97,6 +92,7 @@ public class PolicyParser {
private
Vector
<
GrantEntry
>
grantEntries
;
private
Map
<
String
,
DomainEntry
>
domainEntries
;
// Convenience variables for parsing
private
static
final
Debug
debug
=
Debug
.
getInstance
(
"parser"
,
...
...
@@ -195,9 +191,10 @@ public class PolicyParser {
*/
lookahead
=
st
.
nextToken
();
GrantEntry
ge
=
null
;
while
(
lookahead
!=
StreamTokenizer
.
TT_EOF
)
{
if
(
peek
(
"grant"
))
{
GrantEntry
ge
=
parseGrantEntry
();
ge
=
parseGrantEntry
();
// could be null if we couldn't expand a property
if
(
ge
!=
null
)
add
(
ge
);
...
...
@@ -209,6 +206,24 @@ public class PolicyParser {
// only one keystore passwordURL per policy file, others will be
// ignored
parseStorePassURL
();
}
else
if
(
ge
==
null
&&
keyStoreUrlString
==
null
&&
storePassURL
==
null
&&
peek
(
"domain"
))
{
if
(
domainEntries
==
null
)
{
domainEntries
=
new
TreeMap
<>();
}
DomainEntry
de
=
parseDomainEntry
();
if
(
de
!=
null
)
{
String
domainName
=
de
.
getName
();
if
(!
domainEntries
.
containsKey
(
domainName
))
{
domainEntries
.
put
(
domainName
,
de
);
}
else
{
MessageFormat
form
=
new
MessageFormat
(
ResourcesMgr
.
getString
(
"duplicate.keystore.domain.name"
));
Object
[]
source
=
{
domainName
};
throw
new
ParsingException
(
form
.
format
(
source
));
}
}
}
else
{
// error?
}
...
...
@@ -304,6 +319,10 @@ public class PolicyParser {
return
grantEntries
.
elements
();
}
public
Collection
<
DomainEntry
>
getDomainEntries
()
{
return
domainEntries
.
values
();
}
/**
* write out the policy
*/
...
...
@@ -633,6 +652,67 @@ public class PolicyParser {
return
e
;
}
/**
* parse a domain entry
*/
private
DomainEntry
parseDomainEntry
()
throws
ParsingException
,
IOException
{
boolean
ignoreEntry
=
false
;
DomainEntry
domainEntry
;
String
name
=
null
;
Map
<
String
,
String
>
properties
=
new
HashMap
<>();
match
(
"domain"
);
name
=
match
(
"domain name"
);
while
(!
peek
(
"{"
))
{
// get the domain properties
properties
=
parseProperties
(
"{"
);
}
match
(
"{"
);
domainEntry
=
new
DomainEntry
(
name
,
properties
);
while
(!
peek
(
"}"
))
{
match
(
"keystore"
);
name
=
match
(
"keystore name"
);
// get the keystore properties
if
(!
peek
(
"}"
))
{
properties
=
parseProperties
(
";"
);
}
match
(
";"
);
domainEntry
.
add
(
new
KeyStoreEntry
(
name
,
properties
));
}
match
(
"}"
);
return
(
ignoreEntry
==
true
)
?
null
:
domainEntry
;
}
/*
* Return a collection of domain properties or keystore properties.
*/
private
Map
<
String
,
String
>
parseProperties
(
String
terminator
)
throws
ParsingException
,
IOException
{
Map
<
String
,
String
>
properties
=
new
HashMap
<>();
String
key
;
String
value
;
while
(!
peek
(
terminator
))
{
key
=
match
(
"property name"
);
match
(
"="
);
try
{
value
=
expand
(
match
(
"quoted string"
));
}
catch
(
PropertyExpander
.
ExpandException
peee
)
{
throw
new
IOException
(
peee
.
getLocalizedMessage
());
}
properties
.
put
(
key
.
toLowerCase
(),
value
);
}
return
properties
;
}
// package-private: used by PolicyFile for static policy
static
String
[]
parseExtDirs
(
String
codebase
,
int
start
)
{
...
...
@@ -708,6 +788,10 @@ public class PolicyParser {
if
(
expect
.
equalsIgnoreCase
(
"*"
))
found
=
true
;
break
;
case
';'
:
if
(
expect
.
equalsIgnoreCase
(
";"
))
found
=
true
;
break
;
default
:
}
...
...
@@ -739,6 +823,11 @@ public class PolicyParser {
}
else
if
(
expect
.
equalsIgnoreCase
(
"principal type"
))
{
value
=
st
.
sval
;
lookahead
=
st
.
nextToken
();
}
else
if
(
expect
.
equalsIgnoreCase
(
"domain name"
)
||
expect
.
equalsIgnoreCase
(
"keystore name"
)
||
expect
.
equalsIgnoreCase
(
"property name"
))
{
value
=
st
.
sval
;
lookahead
=
st
.
nextToken
();
}
else
{
throw
new
ParsingException
(
st
.
lineno
(),
expect
,
st
.
sval
);
...
...
@@ -788,6 +877,12 @@ public class PolicyParser {
else
throw
new
ParsingException
(
st
.
lineno
(),
expect
,
"*"
);
break
;
case
'='
:
if
(
expect
.
equalsIgnoreCase
(
"="
))
lookahead
=
st
.
nextToken
();
else
throw
new
ParsingException
(
st
.
lineno
(),
expect
,
"="
);
break
;
default
:
throw
new
ParsingException
(
st
.
lineno
(),
expect
,
new
String
(
new
char
[]
{(
char
)
lookahead
}));
...
...
@@ -1185,6 +1280,108 @@ public class PolicyParser {
}
}
/**
* Each domain entry in the keystore domain configuration file is
* represented by a DomainEntry object.
*/
static
class
DomainEntry
{
private
final
String
name
;
private
final
Map
<
String
,
String
>
properties
;
private
final
Map
<
String
,
KeyStoreEntry
>
entries
;
DomainEntry
(
String
name
,
Map
<
String
,
String
>
properties
)
{
this
.
name
=
name
;
this
.
properties
=
properties
;
entries
=
new
HashMap
<>();
}
String
getName
()
{
return
name
;
}
Map
<
String
,
String
>
getProperties
()
{
return
properties
;
}
Collection
<
KeyStoreEntry
>
getEntries
()
{
return
entries
.
values
();
}
void
add
(
KeyStoreEntry
entry
)
throws
ParsingException
{
String
keystoreName
=
entry
.
getName
();
if
(!
entries
.
containsKey
(
keystoreName
))
{
entries
.
put
(
keystoreName
,
entry
);
}
else
{
MessageFormat
form
=
new
MessageFormat
(
ResourcesMgr
.
getString
(
"duplicate.keystore.name"
));
Object
[]
source
=
{
keystoreName
};
throw
new
ParsingException
(
form
.
format
(
source
));
}
}
@Override
public
String
toString
()
{
StringBuilder
s
=
new
StringBuilder
(
"\ndomain "
).
append
(
name
);
if
(
properties
!=
null
)
{
for
(
Map
.
Entry
<
String
,
String
>
property
:
properties
.
entrySet
())
{
s
.
append
(
"\n "
).
append
(
property
.
getKey
()).
append
(
'='
)
.
append
(
property
.
getValue
());
}
}
s
.
append
(
" {\n"
);
if
(
entries
!=
null
)
{
for
(
KeyStoreEntry
entry
:
entries
.
values
())
{
s
.
append
(
entry
).
append
(
"\n"
);
}
}
s
.
append
(
"}"
);
return
s
.
toString
();
}
}
/**
* Each keystore entry in the keystore domain configuration file is
* represented by a KeyStoreEntry object.
*/
static
class
KeyStoreEntry
{
private
final
String
name
;
private
final
Map
<
String
,
String
>
properties
;
KeyStoreEntry
(
String
name
,
Map
<
String
,
String
>
properties
)
{
this
.
name
=
name
;
this
.
properties
=
properties
;
}
String
getName
()
{
return
name
;
}
Map
<
String
,
String
>
getProperties
()
{
return
properties
;
}
@Override
public
String
toString
()
{
StringBuilder
s
=
new
StringBuilder
(
"\n keystore "
).
append
(
name
);
if
(
properties
!=
null
)
{
for
(
Map
.
Entry
<
String
,
String
>
property
:
properties
.
entrySet
())
{
s
.
append
(
"\n "
).
append
(
property
.
getKey
()).
append
(
'='
)
.
append
(
property
.
getValue
());
}
}
s
.
append
(
";"
);
return
s
.
toString
();
}
}
public
static
class
ParsingException
extends
GeneralSecurityException
{
private
static
final
long
serialVersionUID
=
-
4330692689482574072L
;
...
...
src/share/classes/sun/security/provider/Sun.java
浏览文件 @
58d33699
/*
* Copyright (c) 1996, 201
1
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 201
3
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -40,13 +40,14 @@ public final class Sun extends Provider {
private
static
final
String
INFO
=
"SUN "
+
"(DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; "
+
"SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; "
+
"SecureRandom; X.509 certificates; JKS & DKS keystores; "
+
"PKIX CertPathValidator; "
+
"PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; "
+
"JavaLoginConfig Configuration)"
;
public
Sun
()
{
/* We are the SUN provider */
super
(
"SUN"
,
1.
7
,
INFO
);
super
(
"SUN"
,
1.
8
,
INFO
);
// if there is no security manager installed, put directly into
// the provider. Otherwise, create a temporary map and use a
...
...
src/share/classes/sun/security/provider/SunEntries.java
浏览文件 @
58d33699
...
...
@@ -208,6 +208,7 @@ final class SunEntries {
map
.
put
(
"KeyStore.JKS"
,
"sun.security.provider.JavaKeyStore$JKS"
);
map
.
put
(
"KeyStore.CaseExactJKS"
,
"sun.security.provider.JavaKeyStore$CaseExactJKS"
);
map
.
put
(
"KeyStore.DKS"
,
"sun.security.provider.DomainKeyStore$DKS"
);
/*
* Policy
...
...
src/share/classes/sun/security/util/Resources.java
浏览文件 @
58d33699
...
...
@@ -127,6 +127,8 @@ public class Resources extends java.util.ListResourceBundle {
{
"multiple.Codebase.expressions"
,
"multiple Codebase expressions"
},
{
"multiple.SignedBy.expressions"
,
"multiple SignedBy expressions"
},
{
"duplicate.keystore.domain.name"
,
"duplicate keystore domain name: {0}"
},
{
"duplicate.keystore.name"
,
"duplicate keystore name: {0}"
},
{
"SignedBy.has.empty.alias"
,
"SignedBy has empty alias"
},
{
"can.not.specify.Principal.with.a.wildcard.class.without.a.wildcard.name"
,
"can not specify Principal with a wildcard class without a wildcard name"
},
...
...
test/sun/security/provider/KeyStore/DKSTest.java
0 → 100644
浏览文件 @
58d33699
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* see ./DKSTest.sh
*/
import
java.io.*
;
import
java.net.*
;
import
java.security.*
;
import
java.security.KeyStore
;
import
java.security.cert.*
;
import
java.security.cert.Certificate
;
import
java.util.*
;
// Load and store entries in domain keystores
public
class
DKSTest
{
private
static
final
String
TEST_SRC
=
System
.
getProperty
(
"test.src"
);
private
static
final
String
CERT
=
TEST_SRC
+
"/../../pkcs12/trusted.pem"
;
private
static
final
String
CONFIG
=
"file://"
+
TEST_SRC
+
"/domains.cfg"
;
private
static
final
Map
<
String
,
KeyStore
.
ProtectionParameter
>
PASSWORDS
=
new
HashMap
<
String
,
KeyStore
.
ProtectionParameter
>()
{{
put
(
"keystore"
,
new
KeyStore
.
PasswordProtection
(
"test123"
.
toCharArray
()));
put
(
"policy_keystore"
,
new
KeyStore
.
PasswordProtection
(
"Alias.password"
.
toCharArray
()));
put
(
"pw_keystore"
,
new
KeyStore
.
PasswordProtection
(
"test12"
.
toCharArray
()));
put
(
"eckeystore1"
,
new
KeyStore
.
PasswordProtection
(
"password"
.
toCharArray
()));
put
(
"eckeystore2"
,
new
KeyStore
.
PasswordProtection
(
"password"
.
toCharArray
()));
put
(
"truststore"
,
new
KeyStore
.
PasswordProtection
(
"changeit"
.
toCharArray
()));
put
(
"empty"
,
new
KeyStore
.
PasswordProtection
(
"passphrase"
.
toCharArray
()));
}};
public
static
void
main
(
String
[]
args
)
throws
Exception
{
try
{
main0
();
}
finally
{
// cleanup
new
File
(
TEST_SRC
+
"/empty.jks"
).
delete
();
new
File
(
TEST_SRC
+
"/Alias.keystore_tmp"
).
delete
();
new
File
(
TEST_SRC
+
"/pw.jks_tmp"
).
delete
();
new
File
(
TEST_SRC
+
"/secp256r1server-secp384r1ca.p12_tmp"
).
delete
();
new
File
(
TEST_SRC
+
"/sect193r1server-rsa1024ca.p12_tmp"
).
delete
();
}
}
private
static
void
main0
()
throws
Exception
{
/*
* domain keystore: system
*/
URI
config
=
new
URI
(
CONFIG
+
"#system"
);
int
cacertsCount
;
int
expected
;
KeyStore
keystore
=
KeyStore
.
getInstance
(
"DKS"
);
// load entries
keystore
.
load
(
new
KeyStore
.
DomainLoadStoreParameter
(
config
,
PASSWORDS
));
cacertsCount
=
expected
=
keystore
.
size
();
System
.
out
.
println
(
"\nLoading domain keystore: "
+
config
+
"\t["
+
expected
+
" entries]"
);
checkEntries
(
keystore
,
expected
);
/*
* domain keystore: system_plus
*/
config
=
new
URI
(
CONFIG
+
"#system_plus"
);
expected
=
cacertsCount
+
1
;
keystore
=
KeyStore
.
getInstance
(
"DKS"
);
// load entries
keystore
.
load
(
new
KeyStore
.
DomainLoadStoreParameter
(
config
,
PASSWORDS
));
System
.
out
.
println
(
"\nLoading domain keystore: "
+
config
+
"\t["
+
expected
+
" entries]"
);
checkEntries
(
keystore
,
expected
);
/*
* domain keystore: system_env
*/
config
=
new
URI
(
CONFIG
+
"#system_env"
);
expected
=
1
+
cacertsCount
;
keystore
=
KeyStore
.
getInstance
(
"DKS"
);
// load entries
keystore
.
load
(
new
KeyStore
.
DomainLoadStoreParameter
(
config
,
Collections
.<
String
,
KeyStore
.
ProtectionParameter
>
emptyMap
()));
System
.
out
.
println
(
"\nLoading domain keystore: "
+
config
+
"\t["
+
expected
+
" entries]"
);
checkEntries
(
keystore
,
expected
);
/*
* domain keystore: empty
*/
KeyStore
empty
=
KeyStore
.
getInstance
(
"JKS"
);
empty
.
load
(
null
,
null
);
try
(
OutputStream
outStream
=
new
FileOutputStream
(
TEST_SRC
+
"/empty.jks"
))
{
empty
.
store
(
outStream
,
"passphrase"
.
toCharArray
());
}
config
=
new
URI
(
CONFIG
+
"#empty"
);
expected
=
0
;
keystore
=
KeyStore
.
getInstance
(
"DKS"
);
// load entries
keystore
.
load
(
new
KeyStore
.
DomainLoadStoreParameter
(
config
,
PASSWORDS
));
System
.
out
.
println
(
"\nLoading domain keystore: "
+
config
+
"\t["
+
expected
+
" entries]"
);
checkEntries
(
keystore
,
expected
);
/*
* domain keystore: keystores
*/
config
=
new
URI
(
CONFIG
+
"#keystores"
);
expected
=
2
+
1
+
1
+
1
;
keystore
=
KeyStore
.
getInstance
(
"DKS"
);
// load entries
keystore
.
load
(
new
KeyStore
.
DomainLoadStoreParameter
(
config
,
PASSWORDS
));
System
.
out
.
println
(
"\nLoading domain keystore: "
+
config
+
"\t["
+
expected
+
" entries]"
);
checkEntries
(
keystore
,
expected
);
// set a new trusted certificate entry
Certificate
cert
=
loadCertificate
(
CERT
);
String
alias
=
"pw_keystore tmp-cert"
;
System
.
out
.
println
(
"Setting new trusted certificate entry: "
+
alias
);
keystore
.
setEntry
(
alias
,
new
KeyStore
.
TrustedCertificateEntry
(
cert
),
null
);
expected
++;
// store entries
config
=
new
URI
(
CONFIG
+
"#keystores_tmp"
);
System
.
out
.
println
(
"Storing domain keystore: "
+
config
+
"\t["
+
expected
+
" entries]"
);
keystore
.
store
(
new
KeyStore
.
DomainLoadStoreParameter
(
config
,
PASSWORDS
));
keystore
=
KeyStore
.
getInstance
(
"DKS"
);
// reload entries
keystore
.
load
(
new
KeyStore
.
DomainLoadStoreParameter
(
config
,
PASSWORDS
));
System
.
out
.
println
(
"Reloading domain keystore: "
+
config
+
"\t["
+
expected
+
" entries]"
);
checkEntries
(
keystore
,
expected
);
// get the new trusted certificate entry
System
.
out
.
println
(
"Getting new trusted certificate entry: "
+
alias
);
if
(!
keystore
.
isCertificateEntry
(
alias
))
{
throw
new
Exception
(
"Error: cannot retrieve certificate entry: "
+
alias
);
}
keystore
.
setEntry
(
alias
,
new
KeyStore
.
TrustedCertificateEntry
(
cert
),
null
);
}
private
static
void
checkEntries
(
KeyStore
keystore
,
int
expected
)
throws
Exception
{
int
i
=
0
;
for
(
String
alias
:
Collections
.
list
(
keystore
.
aliases
()))
{
System
.
out
.
print
(
"."
);
i
++;
}
System
.
out
.
println
();
if
(
expected
!=
i
)
{
throw
new
Exception
(
"Error: unexpected entry count in keystore: "
+
"loaded="
+
i
+
", expected="
+
expected
);
}
}
private
static
Certificate
loadCertificate
(
String
certFile
)
throws
Exception
{
X509Certificate
cert
=
null
;
try
(
FileInputStream
certStream
=
new
FileInputStream
(
certFile
))
{
CertificateFactory
factory
=
CertificateFactory
.
getInstance
(
"X.509"
);
return
factory
.
generateCertificate
(
certStream
);
}
}
}
test/sun/security/provider/KeyStore/DKSTest.sh
0 → 100644
浏览文件 @
58d33699
#! /bin/sh
#
# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
# or visit www.oracle.com if you need additional information or have any
# questions.
#
# @test
# @bug 8007755
# @summary Support the logical grouping of keystores
# set a few environment variables so that the shell-script can run stand-alone
# in the source directory
if
[
"
${
TESTSRC
}
"
=
""
]
;
then
TESTSRC
=
"."
fi
if
[
"
${
TESTCLASSES
}
"
=
""
]
;
then
TESTCLASSES
=
"."
fi
if
[
"
${
TESTJAVA
}
"
=
""
]
;
then
echo
"TESTJAVA not set. Test cannot execute."
echo
"FAILED!!!"
exit
1
fi
if
[
"
${
COMPILEJAVA
}
"
=
""
]
;
then
COMPILEJAVA
=
"
${
TESTJAVA
}
"
fi
# set platform-dependent variables
OS
=
`
uname
-s
`
case
"
$OS
"
in
SunOS
)
PS
=
":"
FS
=
"/"
;;
Linux
)
PS
=
":"
FS
=
"/"
;;
Darwin
)
PS
=
":"
FS
=
"/"
;;
CYGWIN
*
)
PS
=
";"
FS
=
"/"
;;
Windows
*
)
PS
=
";"
FS
=
"
\\
"
;;
*
)
echo
"Unrecognized system!"
exit
1
;
;;
esac
${
COMPILEJAVA
}${
FS
}
bin
${
FS
}
javac
-d
.
${
TESTSRC
}${
FS
}
DKSTest.java
KEYSTORE_PWD
=
test12
TRUSTSTORE_PWD
=
changeit
\
${
TESTJAVA
}${
FS
}
bin
${
FS
}
java
${
TESTVMOPTS
}
-Dtest
.src
=
${
TESTSRC
}
DKSTest
exit
$status
test/sun/security/provider/KeyStore/domains.cfg
0 → 100644
浏览文件 @
58d33699
// domain containing a single keystore
domain system {
keystore truststore
keystoreType="JKS"
keystoreURI="${java.home}/lib/security/cacerts";
};
// domain containing two JKS keystores
domain system_plus {
keystore truststore
keystoreType="JKS"
keystoreURI="${java.home}/lib/security/cacerts";
keystore pw_keystore
keystoreType="JKS"
keystoreURI="${test.src}/pw.jks";
};
// domain containing a mixture of keystores
domain keystores
keystoreType="PKCS12" {
keystore policy_keystore
keystoreType="JKS"
keystoreURI="${test.src}/../PolicyFile/Alias.keystore";
keystore pw_keystore
keystoreType="CaseExactJKS"
keystoreURI="${test.src}/pw.jks";
keystore eckeystore1
keystoreURI="${test.src}/../../pkcs11/ec/pkcs12/sect193r1server-rsa1024ca.p12";
keystore eckeystore2
keystoreURI="${test.src}/../../pkcs11/ec/pkcs12/secp256r1server-secp384r1ca.p12";
};
// domain containing a mixture of keystores
domain keystores_tmp
keystoreType="PKCS12" {
keystore policy_keystore
keystoreType="JKS"
keystoreURI="${test.src}/Alias.keystore_tmp";
keystore pw_keystore
keystoreType="CaseExactJKS"
keystoreURI="${test.src}/pw.jks_tmp";
keystore eckeystore1
keystoreURI="${test.src}/sect193r1server-rsa1024ca.p12_tmp";
keystore eckeystore2
keystoreURI="${test.src}/secp256r1server-secp384r1ca.p12_tmp";
};
// domain where passwords are supplied via environment variables
domain system_env
keystoreType="JKS"
keystorePasswordEnv="KEYSTORE_PWD" {
keystore env_keystore
keystoreURI="${test.src}/pw.jks";
keystore env_truststore
keystoreURI="${java.home}/lib/security/cacerts"
keystorePasswordEnv="TRUSTSTORE_PWD";
};
// empty domain
domain empty
keystoreType="JKS"
keystoreProviderName="SUN" {
keystore empty
keystoreURI="${test.src}/empty.jks";
};
test/sun/security/tools/keytool/AltProviderPath.sh
浏览文件 @
58d33699
...
...
@@ -73,7 +73,7 @@ ${TESTJAVA}${FS}bin${FS}keytool -genkey -v -alias dummyTestCA \
-keyalg
"RSA"
-keysize
1024
-sigalg
"ShA1WithRSA"
\
-dname
"cn=Dummy Test CA, ou=JSN, o=JavaSoft, c=US"
-validity
3650
\
-keypass
storepass
-keystore
keystoreCA.dks
-storepass
storepass
\
-storetype
"dks"
-provider
"org.test.dummy.DummyProvider"
\
-storetype
"d
ummy
ks"
-provider
"org.test.dummy.DummyProvider"
\
-providerPath
${
TESTCLASSES
}
if
[
$?
-ne
0
]
;
then
...
...
@@ -82,7 +82,7 @@ fi
#Change keystore password
${
TESTJAVA
}${
FS
}
bin
${
FS
}
keytool
-storepasswd
-new
storepass2
\
-keystore
keystoreCA.dks
-storetype
"dks"
-storepass
storepass
\
-keystore
keystoreCA.dks
-storetype
"d
ummy
ks"
-storepass
storepass
\
-provider
"org.test.dummy.DummyProvider"
-providerPath
${
TESTCLASSES
}
if
[
$?
-ne
0
]
;
then
...
...
@@ -93,7 +93,7 @@ fi
#Change keystore key password
${
TESTJAVA
}${
FS
}
bin
${
FS
}
keytool
-keypasswd
-alias
"dummyTestCA"
\
-keypass
storepass
-new
keypass
-keystore
keystoreCA.dks
\
-storetype
"dks"
-storepass
storepass2
\
-storetype
"d
ummy
ks"
-storepass
storepass2
\
-provider
"org.test.dummy.DummyProvider"
-providerPath
${
TESTCLASSES
}
if
[
$?
-ne
0
]
;
then
...
...
@@ -102,7 +102,7 @@ fi
#Export certificate
${
TESTJAVA
}${
FS
}
bin
${
FS
}
keytool
-v
-export
-rfc
-alias
"dummyTestCA"
\
-file
"dummyTestCA.der"
-keystore
keystoreCA.dks
-storetype
"dks"
\
-file
"dummyTestCA.der"
-keystore
keystoreCA.dks
-storetype
"d
ummy
ks"
\
-storepass
storepass2
-provider
"org.test.dummy.DummyProvider"
\
-providerPath
${
TESTCLASSES
}
...
...
@@ -112,7 +112,7 @@ fi
#list keystore
${
TESTJAVA
}${
FS
}
bin
${
FS
}
keytool
-v
-list
-keystore
keystoreCA.dks
\
-storetype
"dks"
-storepass
storepass2
\
-storetype
"d
ummy
ks"
-storepass
storepass2
\
-provider
"org.test.dummy.DummyProvider"
-providerPath
${
TESTCLASSES
}
if
[
$?
-ne
0
]
;
then
...
...
test/sun/security/tools/keytool/DummyProvider.java
浏览文件 @
58d33699
...
...
@@ -40,7 +40,7 @@ public class DummyProvider extends Provider {
//
// KeyStore
//
put
(
"KeyStore.DKS"
,
"sun.security.provider.JavaKeyStore$JKS"
);
put
(
"KeyStore.D
ummy
KS"
,
"sun.security.provider.JavaKeyStore$JKS"
);
//
// Signature engines
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录