Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/pkcs11/Secmod/JksSetPrivateKey.java
38855 views
/*1* Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/**24* @test25* @bug 626984726* @summary store a NSS PKCS11 PrivateKeyEntry to JKS KeyStore throws confusing NPE27* @author Wang Weijun28* @library ..29* @run main/othervm JksSetPrivateKey30* @run main/othervm JksSetPrivateKey sm policy31*/3233import java.io.File;34import java.security.KeyStore;35import java.security.KeyStoreException;36import java.security.PrivateKey;37import java.security.Provider;38import java.security.Security;39import java.security.cert.X509Certificate;40import java.util.Collection;41import java.util.Collections;42import java.util.TreeSet;4344public class JksSetPrivateKey extends SecmodTest {4546public static void main(String[] args) throws Exception {47if (initSecmod() == false) {48return;49}5051String configName = BASE + SEP + "nss.cfg";52Provider p = getSunPKCS11(configName);5354System.out.println(p);55Security.addProvider(p);5657if (args.length > 1 && "sm".equals(args[0])) {58System.setProperty("java.security.policy",59BASE + File.separator + args[1]);60System.setSecurityManager(new SecurityManager());61}6263KeyStore ks = KeyStore.getInstance("PKCS11", p);64ks.load(null, password);65Collection<String> aliases = new TreeSet<>(Collections.list(ks.aliases()));66System.out.println("entries: " + aliases.size());67System.out.println(aliases);6869PrivateKey privateKey = (PrivateKey)ks.getKey(keyAlias, password);70System.out.println(privateKey);7172X509Certificate[] chain = (X509Certificate[])ks.getCertificateChain(keyAlias);7374KeyStore jks = KeyStore.getInstance("JKS");75jks.load(null, null);7677try {78jks.setKeyEntry("k1", privateKey, "changeit".toCharArray(), chain);79throw new Exception("No, an NSS PrivateKey shouldn't be extractable and put inside a JKS keystore");80} catch (KeyStoreException e) {81System.err.println(e); // This is OK82}8384try {85jks.setKeyEntry("k2", new DummyPrivateKey(), "changeit".toCharArray(), chain);86throw new Exception("No, non-PKCS#8 key shouldn't be put inside a KeyStore");87} catch (KeyStoreException e) {88System.err.println(e); // This is OK89}90System.out.println("OK");9192try {93jks.setKeyEntry("k3", new DummyPrivateKey2(), "changeit".toCharArray(), chain);94throw new Exception("No, not-extractble key shouldn't be put inside a KeyStore");95} catch (KeyStoreException e) {96System.err.println(e); // This is OK97}98System.out.println("OK");99}100}101102class DummyPrivateKey implements PrivateKey {103@Override104public String getAlgorithm() {105return "DUMMY";106}107108@Override109public String getFormat() {110return "DUMMY";111}112113@Override114public byte[] getEncoded() {115return "DUMMY".getBytes();116}117}118119class DummyPrivateKey2 implements PrivateKey {120@Override121public String getAlgorithm() {122return "DUMMY";123}124125@Override126public String getFormat() {127return "PKCS#8";128}129130@Override131public byte[] getEncoded() {132return null;133}134}135136137