From cb608b210b6b46e0c345bac1c9f2388ebaa83a35 Mon Sep 17 00:00:00 2001 From: valeriep Date: Thu, 20 Mar 2008 18:41:05 -0700 Subject: [PATCH] 6599979: KeyStore.setEntry/setKeyEntry() do not override existing entry for secret key objects Summary: Override existing secret key entry when setEntry/setKeyEntry() is called Reviewed-by: andreas --- .../sun/security/pkcs11/P11KeyStore.java | 158 ++++---------- .../security/pkcs11/P11SecretKeyFactory.java | 52 ++++- .../pkcs11/KeyStore/SecretKeysBasic.java | 194 ++++++++++++++++++ .../pkcs11/KeyStore/SecretKeysBasic.sh | 164 +++++++++++++++ 4 files changed, 436 insertions(+), 132 deletions(-) create mode 100644 test/sun/security/pkcs11/KeyStore/SecretKeysBasic.java create mode 100644 test/sun/security/pkcs11/KeyStore/SecretKeysBasic.sh diff --git a/src/share/classes/sun/security/pkcs11/P11KeyStore.java b/src/share/classes/sun/security/pkcs11/P11KeyStore.java index 26382d71b..839a2f3ba 100644 --- a/src/share/classes/sun/security/pkcs11/P11KeyStore.java +++ b/src/share/classes/sun/security/pkcs11/P11KeyStore.java @@ -1,5 +1,5 @@ /* - * Copyright 2003-2006 Sun Microsystems, Inc. All Rights Reserved. + * Copyright 2003-2008 Sun Microsystems, Inc. All Rights Reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -156,10 +156,10 @@ final class P11KeyStore extends KeyStoreSpi { // CKA_CLASS - entry type private CK_ATTRIBUTE type = null; - // CKA_LABEL of cert + // CKA_LABEL of cert and secret key private String label = null; - // CKA_ID - of private key/cert + // CKA_ID of the private key/cert pair private byte[] id = null; // CKA_TRUSTED - true if cert is trusted @@ -871,10 +871,8 @@ final class P11KeyStore extends KeyStoreSpi { if ((token.tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) == 0) { token.provider.login(null, handler); } else { - // token supports protected authentication path // (external pin-pad, for example) - if (handler != null && !token.config.getKeyStoreCompatibilityMode()) { throw new LoginException("can not specify password if token " + @@ -1130,19 +1128,14 @@ final class P11KeyStore extends KeyStoreSpi { SecretKey skey = ske.getSecretKey(); try { - // first see if the key already exists. - // if so, update the CKA_LABEL - if (!updateSkey(alias)) { - - // key entry does not exist. - // delete existing entry for alias and - // create new secret key entry - // (new entry might be a secret key - // session object converted into a token object) + // first check if the key already exists + AliasInfo aliasInfo = aliasMap.get(alias); + if (aliasInfo != null) { engineDeleteEntry(alias); - storeSkey(alias, ske); } + storeSkey(alias, ske); + } catch (PKCS11Exception pe) { throw new KeyStoreException(pe); } @@ -1396,41 +1389,6 @@ final class P11KeyStore extends KeyStoreSpi { } } - /** - * return true if update occurred - */ - private boolean updateSkey(String alias) - throws KeyStoreException, PKCS11Exception { - - Session session = null; - try { - session = token.getOpSession(); - - // first update existing secret key CKA_LABEL - - THandle h = getTokenObject(session, ATTR_CLASS_SKEY, null, alias); - if (h.type != ATTR_CLASS_SKEY) { - if (debug != null) { - debug.println("did not find secret key " + - "with CKA_LABEL [" + alias + "]"); - } - return false; - } - CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] { - new CK_ATTRIBUTE(CKA_LABEL, alias) }; - token.p11.C_SetAttributeValue(session.id(), h.handle, attrs); - - if (debug != null) { - debug.println("updateSkey set new alias [" + - alias + - "] for secret key entry"); - } - - return true; - } finally { - token.releaseSession(session); - } - } /** * XXX On ibutton, when you C_SetAttribute(CKA_ID) for a private key @@ -1532,30 +1490,6 @@ final class P11KeyStore extends KeyStoreSpi { } } - private void updateP11Skey(String alias, P11Key key) - throws PKCS11Exception { - - Session session = null; - try { - session = token.getOpSession(); - - // session key - convert to token key and set CKA_LABEL - - CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] { - ATTR_TOKEN_TRUE, - new CK_ATTRIBUTE(CKA_LABEL, alias) }; - token.p11.C_CopyObject(session.id(), key.keyID, attrs); - if (debug != null) { - debug.println("updateP11Skey copied secret session key " + - "for [" + - alias + - "] to token entry"); - } - } finally { - token.releaseSession(session); - } - } - private void updateP11Pkey(String alias, CK_ATTRIBUTE attribute, P11Key key) throws PKCS11Exception { @@ -1689,48 +1623,26 @@ final class P11KeyStore extends KeyStoreSpi { throws PKCS11Exception, KeyStoreException { SecretKey skey = ske.getSecretKey(); - long keyType = CKK_GENERIC_SECRET; - - if (skey instanceof P11Key && this.token == ((P11Key)skey).token) { - updateP11Skey(alias, (P11Key)skey); - return; - } - - if ("AES".equalsIgnoreCase(skey.getAlgorithm())) { - keyType = CKK_AES; - } else if ("Blowfish".equalsIgnoreCase(skey.getAlgorithm())) { - keyType = CKK_BLOWFISH; - } else if ("DES".equalsIgnoreCase(skey.getAlgorithm())) { - keyType = CKK_DES; - } else if ("DESede".equalsIgnoreCase(skey.getAlgorithm())) { - keyType = CKK_DES3; - } else if ("RC4".equalsIgnoreCase(skey.getAlgorithm()) || - "ARCFOUR".equalsIgnoreCase(skey.getAlgorithm())) { - keyType = CKK_RC4; + // No need to specify CKA_CLASS, CKA_KEY_TYPE, CKA_VALUE since + // they are handled in P11SecretKeyFactory.createKey() method. + CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] { + ATTR_SKEY_TOKEN_TRUE, + ATTR_PRIVATE_TRUE, + new CK_ATTRIBUTE(CKA_LABEL, alias), + }; + try { + P11SecretKeyFactory.convertKey(token, skey, null, attrs); + } catch (InvalidKeyException ike) { + // re-throw KeyStoreException to match javadoc + throw new KeyStoreException("Cannot convert to PKCS11 keys", ike); } - CK_ATTRIBUTE[] attrs = new CK_ATTRIBUTE[] { - ATTR_SKEY_TOKEN_TRUE, - ATTR_CLASS_SKEY, - ATTR_PRIVATE_TRUE, - new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType), - new CK_ATTRIBUTE(CKA_LABEL, alias), - new CK_ATTRIBUTE(CKA_VALUE, skey.getEncoded()) }; - attrs = token.getAttributes - (TemplateManager.O_IMPORT, CKO_SECRET_KEY, keyType, attrs); + // update global alias map + aliasMap.put(alias, new AliasInfo(alias)); - // create the new entry - Session session = null; - try { - session = token.getOpSession(); - token.p11.C_CreateObject(session.id(), attrs); - if (debug != null) { - debug.println("storeSkey created token secret key for [" + - alias + - "]"); - } - } finally { - token.releaseSession(session); + if (debug != null) { + debug.println("storeSkey created token secret key for [" + + alias + "]"); } } @@ -2492,7 +2404,8 @@ final class P11KeyStore extends KeyStoreSpi { // if there are duplicates (either between secret keys, // or between a secret key and another object), // throw an exception - HashSet sKeySet = new HashSet(); + HashMap sKeyMap = + new HashMap(); attrs = new CK_ATTRIBUTE[] { ATTR_SKEY_TOKEN_TRUE, @@ -2507,8 +2420,8 @@ final class P11KeyStore extends KeyStoreSpi { // there is a CKA_LABEL String cka_label = new String(attrs[0].getCharArray()); - if (!sKeySet.contains(cka_label)) { - sKeySet.add(cka_label); + if (sKeyMap.get(cka_label) == null) { + sKeyMap.put(cka_label, new AliasInfo(cka_label)); } else { throw new KeyStoreException("invalid KeyStore state: " + "found multiple secret keys sharing same " + @@ -2523,7 +2436,7 @@ final class P11KeyStore extends KeyStoreSpi { ArrayList matchedCerts = mapPrivateKeys(pkeyIDs, certMap); boolean sharedLabel = mapCerts(matchedCerts, certMap); - mapSecretKeys(sKeySet); + mapSecretKeys(sKeyMap); return sharedLabel; @@ -2547,7 +2460,7 @@ final class P11KeyStore extends KeyStoreSpi { HashMap> certMap) throws PKCS11Exception, CertificateException { - // global alias map + // reset global alias map aliasMap = new HashMap(); // list of matched certs that we will return @@ -2722,18 +2635,17 @@ final class P11KeyStore extends KeyStoreSpi { * If the secret key shares a CKA_LABEL with another entry, * throw an exception */ - private void mapSecretKeys(HashSet sKeySet) + private void mapSecretKeys(HashMap sKeyMap) throws KeyStoreException { - for (String label : sKeySet) { - if (!aliasMap.containsKey(label)) { - aliasMap.put(label, new AliasInfo(label)); - } else { + for (String label : sKeyMap.keySet()) { + if (aliasMap.containsKey(label)) { throw new KeyStoreException("invalid KeyStore state: " + "found secret key sharing CKA_LABEL [" + label + "] with another token object"); } } + aliasMap.putAll(sKeyMap); } private void dumpTokenMap() { diff --git a/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java b/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java index 2f2053818..59b59237a 100644 --- a/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java +++ b/src/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java @@ -108,6 +108,17 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { */ static P11Key convertKey(Token token, Key key, String algo) throws InvalidKeyException { + return convertKey(token, key, algo, null); + } + + /** + * Convert an arbitrary key of algorithm w/ custom attributes into a + * P11Key of provider. + * Used in P11KeyStore.storeSkey. + */ + static P11Key convertKey(Token token, Key key, String algo, + CK_ATTRIBUTE[] extraAttrs) + throws InvalidKeyException { token.ensureValid(); if (key == null) { throw new InvalidKeyException("Key must not be null"); @@ -134,6 +145,22 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { if (key instanceof P11Key) { P11Key p11Key = (P11Key)key; if (p11Key.token == token) { + if (extraAttrs != null) { + Session session = null; + try { + session = token.getObjSession(); + long newKeyID = token.p11.C_CopyObject(session.id(), + p11Key.keyID, extraAttrs); + p11Key = (P11Key) (P11Key.secretKey(p11Key.session, + newKeyID, p11Key.algorithm, p11Key.keyLength, + extraAttrs)); + } catch (PKCS11Exception p11e) { + throw new InvalidKeyException + ("Cannot duplicate the PKCS11 key", p11e); + } finally { + token.releaseSession(session); + } + } return p11Key; } } @@ -141,11 +168,11 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { if (p11Key != null) { return p11Key; } - if ("RAW".equals(key.getFormat()) == false) { + if ("RAW".equalsIgnoreCase(key.getFormat()) == false) { throw new InvalidKeyException("Encoded format must be RAW"); } byte[] encoded = key.getEncoded(); - p11Key = createKey(token, encoded, algo, algoType); + p11Key = createKey(token, encoded, algo, algoType, extraAttrs); token.secretCache.put(key, p11Key); return p11Key; } @@ -159,7 +186,8 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { } private static P11Key createKey(Token token, byte[] encoded, - String algorithm, long keyType) throws InvalidKeyException { + String algorithm, long keyType, CK_ATTRIBUTE[] extraAttrs) + throws InvalidKeyException { int n = encoded.length << 3; int keyLength = n; try { @@ -220,11 +248,17 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { } Session session = null; try { - CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] { - new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), - new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType), - new CK_ATTRIBUTE(CKA_VALUE, encoded) - }; + CK_ATTRIBUTE[] attributes; + if (extraAttrs != null) { + attributes = new CK_ATTRIBUTE[3 + extraAttrs.length]; + System.arraycopy(extraAttrs, 0, attributes, 3, + extraAttrs.length); + } else { + attributes = new CK_ATTRIBUTE[3]; + } + attributes[0] = new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY); + attributes[1] = new CK_ATTRIBUTE(CKA_KEY_TYPE, keyType); + attributes[2] = new CK_ATTRIBUTE(CKA_VALUE, encoded); attributes = token.getAttributes (O_IMPORT, CKO_SECRET_KEY, keyType, attributes); session = token.getObjSession(); @@ -273,7 +307,7 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { private byte[] getKeyBytes(SecretKey key) throws InvalidKeySpecException { try { key = engineTranslateKey(key); - if ("RAW".equals(key.getFormat()) == false) { + if ("RAW".equalsIgnoreCase(key.getFormat()) == false) { throw new InvalidKeySpecException ("Could not obtain key bytes"); } diff --git a/test/sun/security/pkcs11/KeyStore/SecretKeysBasic.java b/test/sun/security/pkcs11/KeyStore/SecretKeysBasic.java new file mode 100644 index 000000000..82fa2d4c4 --- /dev/null +++ b/test/sun/security/pkcs11/KeyStore/SecretKeysBasic.java @@ -0,0 +1,194 @@ +/* + * Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, + * CA 95054 USA or visit www.sun.com if you need additional information or + * have any questions. + */ + +import java.io.*; +import java.util.*; +import java.lang.reflect.*; + +import java.security.*; +import java.security.cert.*; +import java.security.spec.*; +import java.security.interfaces.*; +import java.math.BigInteger; + +import javax.crypto.*; +import javax.crypto.spec.*; + +public class SecretKeysBasic extends PKCS11Test { + + private static final char SEP = File.separatorChar; + private static char[] tokenPwd; + private static final char[] nssPwd = + new char[]{'t', 'e', 's', 't', '1', '2'}; + private static final char[] solarisPwd = + new char[]{'p', 'i', 'n'}; + private static SecretKey sk1; + private static SecretKey sk2; + private static SecretKey softkey; + private static KeyStore ks; + private static final String KS_TYPE = "PKCS11"; + private static Provider provider; + + public static void main(String[] args) throws Exception { + main(new SecretKeysBasic()); + } + + public void main(Provider p) throws Exception { + this.provider = p; + + // create secret key + byte[] keyVal = new byte[16]; + (new SecureRandom()).nextBytes(keyVal); + // NSS will throw CKR_HOST_MEMORY if calling C_DecryptInit w/ + // (keyVal[0] == 0) + if (keyVal[0] == 0) { + keyVal[0] = 1; + } + softkey = new SecretKeySpec(keyVal, "AES"); + dumpKey("softkey", softkey); + + KeyGenerator kg = KeyGenerator.getInstance("DESede", provider); + sk1 = kg.generateKey(); + dumpKey("skey1", sk1); + sk2 = kg.generateKey(); + dumpKey("skey2", sk2); + + String token = System.getProperty("TOKEN"); + + if (token == null || token.length() == 0) { + System.out.println("Error: missing TOKEN system property"); + throw new Exception("token arg required"); + } + + if ("nss".equals(token)) { + tokenPwd = nssPwd; + } else if ("solaris".equals(token)) { + tokenPwd = solarisPwd; + } + + int testnum = 1; + doTest(); + } + + private static boolean checkSecretKeyEntry(String alias, + SecretKey expected, + boolean saveBeforeCheck) + throws Exception { + if (saveBeforeCheck) { + ks.setKeyEntry(alias, expected, null, null); + } + SecretKey result = (SecretKey) (ks.getKey(alias, null)); + String keyEncFormat = result.getFormat(); + if (keyEncFormat == null) { + // sensitive or un-extractable keys - verify by encrypt/decrypt + byte[] data = new byte[64]; + Cipher c = + Cipher.getInstance(result.getAlgorithm() + "/CBC/NoPadding", + provider); + c.init(Cipher.ENCRYPT_MODE, expected); + byte[] encOut = c.doFinal(data); + c.init(Cipher.DECRYPT_MODE, result, c.getParameters()); + byte[] decOut = c.doFinal(encOut); + if (!Arrays.equals(data, decOut)) { + return false; + } + } else if (keyEncFormat.toUpperCase().equals("RAW")) { + if (!Arrays.equals(result.getEncoded(), expected.getEncoded())) { + dumpKey("\texpected:", expected); + dumpKey("\treturns:", result); + return false; + } + } + return true; + } + + private static void dumpKey(String info, SecretKey key) { + System.out.println(info + "> " + key); + System.out.println("\tALGO=" + key.getAlgorithm()); + if (key.getFormat() != null) { + System.out.println("\t[" + key.getFormat() + "] VALUE=" + + new BigInteger(key.getEncoded())); + } else { + System.out.println("\tVALUE=n/a"); + } + } + + private static void doTest() throws Exception { + if (ks == null) { + ks = KeyStore.getInstance(KS_TYPE, provider); + ks.load(null, tokenPwd); + } + + System.out.println("Number of entries: " + ks.size()); + if (ks.size() != 0) { + System.out.println("Deleting entries under aliases: "); + for (Enumeration aliases = ks.aliases(); + aliases.hasMoreElements();) { + String alias = aliases.nextElement(); + System.out.println("\t" + alias); + ks.deleteEntry(alias); + } + } + + String alias = "testSKey"; + + boolean testResult = checkSecretKeyEntry(alias, softkey, true); + if (!testResult) { + System.out.println("FAILURE: setKey() w/ softSecretKey failed"); + } + + if (!checkSecretKeyEntry(alias, sk1, true)) { + testResult = false; + System.out.println("FAILURE: setKey() w/ skey1 failed"); + } + if (!checkSecretKeyEntry(alias, sk2, true)) { + testResult = false; + System.out.println("FAILURE: setKey() w/ skey2 failed"); + } + + ks.store(null); + System.out.println("Reloading keystore..."); + + ks.load(null, "whatever".toCharArray()); + if (ks.size() != 1) { + System.out.println("FAILURE: reload#1 ks.size() != 1"); + } + if (!checkSecretKeyEntry(alias, sk2, false)) { + testResult = false; + System.out.println("FAILURE: reload#1 ks entry check failed"); + } + + ks.deleteEntry(alias); + ks.store(null); + + System.out.println("Reloading keystore..."); + ks.load(null, "whatever".toCharArray()); + if (ks.size() != 0) { + testResult = false; + System.out.println("FAILURE: reload#2 ks.size() != 0"); + } + if (!testResult) { + throw new Exception("One or more test failed!"); + } + } +} diff --git a/test/sun/security/pkcs11/KeyStore/SecretKeysBasic.sh b/test/sun/security/pkcs11/KeyStore/SecretKeysBasic.sh new file mode 100644 index 000000000..7928a77ce --- /dev/null +++ b/test/sun/security/pkcs11/KeyStore/SecretKeysBasic.sh @@ -0,0 +1,164 @@ +# +# Copyright 2008 Sun Microsystems, Inc. All Rights Reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, +# CA 95054 USA or visit www.sun.com if you need additional information or +# have any questions. +# + +# @test +# @bug 6599979 +# @summary Ensure that re-assigning the alias works +# +# @run shell SecretKeysBasic.sh +# +# To run by hand: +# %sh SecretKeysBasic.sh +# +# Note: +# . test only runs on solaris at the moment + +# set a few environment variables so that the shell-script can run stand-alone +# in the source directory + +# if running by hand on windows, change TESTSRC and TESTCLASSES to "." +if [ "${TESTSRC}" = "" ] ; then + TESTSRC=`pwd` +fi +if [ "${TESTCLASSES}" = "" ] ; then + TESTCLASSES=`pwd` +fi + +# if running by hand on windows, change this to appropriate value +if [ "${TESTJAVA}" = "" ] ; then + TESTJAVA="/net/shimmer/export/valeriep/jdk7/build/solaris-sparc" +fi +echo TESTSRC=${TESTSRC} +echo TESTCLASSES=${TESTCLASSES} +echo TESTJAVA=${TESTJAVA} +echo "" + +#DEBUG=sunpkcs11,pkcs11keystore + +echo DEBUG=${DEBUG} +echo "" + +OS=`uname -s` +case "$OS" in + SunOS ) + FS="/" + PS=":" + SCCS="${FS}usr${FS}ccs${FS}bin${FS}sccs" + CP="${FS}bin${FS}cp -f" + RM="${FS}bin${FS}rm -rf" + MKDIR="${FS}bin${FS}mkdir -p" + CHMOD="${FS}bin${FS}chmod" + ;; + * ) + echo "Unsupported System ${OS} - Test only runs on Solaris" + exit 0; + ;; +esac + +TOKENS="nss solaris" +STATUS=0 +for token in ${TOKENS} +do + +if [ ${token} = "nss" ] +then + # make cert/key DBs writable if token is NSS + ${CP} ${TESTSRC}${FS}..${FS}nss${FS}db${FS}cert8.db ${TESTCLASSES} + ${CHMOD} +w ${TESTCLASSES}${FS}cert8.db + + ${CP} ${TESTSRC}${FS}..${FS}nss${FS}db${FS}key3.db ${TESTCLASSES} + ${CHMOD} +w ${TESTCLASSES}${FS}key3.db + USED_FILE_LIST="${TESTCLASSES}${FS}cert8.db ${TESTCLASSES}${FS}key3.db" +elif [ ${token} = "solaris" ] +then + OS_VERSION=`uname -r` + case "${OS_VERSION}" in + 5.1* ) + SOFTTOKEN_DIR=${TESTCLASSES} + export SOFTTOKEN_DIR + ;; + * ) + echo "Unsupported Version ${OS_VERSION} - Test only runs on Solaris" + exit 0; + ;; + esac + + # copy keystore into write-able location + if [ -d ${TESTCLASSES}${FS}pkcs11_softtoken ] + then + echo "Removing old pkcs11_keystore, creating new pkcs11_keystore" + + echo ${RM} ${TESTCLASSES}${FS}pkcs11_softtoken + ${RM} ${TESTCLASSES}${FS}pkcs11_softtoken + fi + echo ${MKDIR} ${TESTCLASSES}${FS}pkcs11_softtoken${FS}private + ${MKDIR} ${TESTCLASSES}${FS}pkcs11_softtoken${FS}private + + echo ${MKDIR} ${TESTCLASSES}${FS}pkcs11_softtoken${FS}public + ${MKDIR} ${TESTCLASSES}${FS}pkcs11_softtoken${FS}public + + echo ${CP} ${TESTSRC}${FS}BasicData${FS}pkcs11_softtoken${FS}objstore_info \ + ${TESTCLASSES}${FS}pkcs11_softtoken + ${CP} ${TESTSRC}${FS}BasicData${FS}pkcs11_softtoken${FS}objstore_info \ + ${TESTCLASSES}${FS}pkcs11_softtoken + + echo ${CHMOD} +w ${TESTCLASSES}${FS}pkcs11_softtoken${FS}objstore_info + ${CHMOD} 600 ${TESTCLASSES}${FS}pkcs11_softtoken${FS}objstore_info + USED_FILE_LIST="${TESTCLASSES}${FS}pkcs11_softtoken" +fi + +cd ${TESTCLASSES} +${TESTJAVA}${FS}bin${FS}javac \ + -classpath ${TESTCLASSES} \ + -d ${TESTCLASSES} \ + ${TESTSRC}${FS}SecretKeysBasic.java + +# run test +cd ${TESTSRC} +${TESTJAVA}${FS}bin${FS}java \ + -DDIR=${TESTSRC}${FS}BasicData${FS} \ + -classpath ${TESTCLASSES}${PS}${TESTSRC}${FS}loader.jar \ + -DCUSTOM_DB_DIR=${TESTCLASSES} \ + -DCUSTOM_P11_CONFIG=${TESTSRC}${FS}BasicData${FS}p11-${token}.txt \ + -DNO_DEFAULT=true \ + -DNO_DEIMOS=true \ + -DTOKEN=${token} \ + -Djava.security.debug=${DEBUG} \ + SecretKeysBasic + +# -DCUSTOM_P11_CONFIG=${TESTSRC}${FS}BasicData${FS}p11-${token}.txt \ + +# save error status +if [ $? != 0 ] +then + echo "Test against " ${token} " Failed!" + STATUS=1 +fi + +# clean up +${RM} ${USED_FILE_LIST} + +done + +# return +exit ${STATUS} -- GitLab