Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/openjdk-multiarch-jdk8u
 Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/pkcs12/PKCS12SameKeyId.java
38840 views
1
/*

2
 * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23


24
/*

25
 * @test

26
 * @bug 6958026

27
 * @summary Problem with PKCS12 keystore

28
 * @compile -XDignore.symbol.file PKCS12SameKeyId.java

29
 * @run main PKCS12SameKeyId

30
 */

31


32
import java.io.File;

33
import java.io.FileInputStream;

34
import java.io.FileOutputStream;

35
import java.security.AlgorithmParameters;

36
import java.security.KeyStore;

37
import java.security.cert.Certificate;

38
import java.security.cert.X509Certificate;

39
import javax.crypto.Cipher;

40
import javax.crypto.SecretKey;

41
import javax.crypto.SecretKeyFactory;

42
import javax.crypto.spec.PBEKeySpec;

43
import javax.crypto.spec.PBEParameterSpec;

44
import sun.security.pkcs.EncryptedPrivateKeyInfo;

45
import sun.security.util.ObjectIdentifier;

46
import sun.security.x509.AlgorithmId;

47
import sun.security.x509.X500Name;

48


49
public class PKCS12SameKeyId {

50


51
    private static final String JKSFILE = "PKCS12SameKeyId.jks";

52
    private static final String P12FILE = "PKCS12SameKeyId.p12";

53
    private static final char[] PASSWORD = "changeit".toCharArray();

54
    private static final int SIZE = 10;

55


56
    public static void main(String[] args) throws Exception {

57


58
        // Prepare a JKS keystore with many entries

59
        new File(JKSFILE).delete();

60
        for (int i=0; i<SIZE; i++) {

61
            System.err.print(".");

62
            String cmd = "-keystore " + JKSFILE

63
                    + " -storepass changeit -keypass changeit -keyalg rsa "

64
                    + "-genkeypair -alias p" + i + " -dname CN=" + i;

65
            sun.security.tools.keytool.Main.main(cmd.split(" "));

66
        }

67


68
        // Prepare EncryptedPrivateKeyInfo parameters, copied from various

69
        // places in PKCS12KeyStore.java

70
        AlgorithmParameters algParams =

71
                AlgorithmParameters.getInstance("PBEWithSHA1AndDESede");

72
        algParams.init(new PBEParameterSpec("12345678".getBytes(), 1024));

73
        AlgorithmId algid = new AlgorithmId(

74
                new ObjectIdentifier("1.2.840.113549.1.12.1.3"), algParams);

75


76
        PBEKeySpec keySpec = new PBEKeySpec(PASSWORD);

77
        SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");

78
        SecretKey skey = skFac.generateSecret(keySpec);

79


80
        Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");

81
        cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);

82


83
        // Pre-calculated keys and certs and aliases

84
        byte[][] keys = new byte[SIZE][];

85
        Certificate[][] certChains = new Certificate[SIZE][];

86
        String[] aliases = new String[SIZE];

87


88
        // Reads from JKS keystore and pre-calculate

89
        KeyStore ks = KeyStore.getInstance("jks");

90
        try (FileInputStream fis = new FileInputStream(JKSFILE)) {

91
            ks.load(fis, PASSWORD);

92
        }

93
        for (int i=0; i<SIZE; i++) {

94
            aliases[i] = "p" + i;

95
            byte[] enckey = cipher.doFinal(

96
                    ks.getKey(aliases[i], PASSWORD).getEncoded());

97
            keys[i] = new EncryptedPrivateKeyInfo(algid, enckey).getEncoded();

98
            certChains[i] = ks.getCertificateChain(aliases[i]);

99
        }

100


101
        // Write into PKCS12 keystore. Use this overloaded version of

102
        // setKeyEntry() to be as fast as possible, so that they would

103
        // have same localKeyId.

104
        KeyStore p12 = KeyStore.getInstance("pkcs12");

105
        p12.load(null, PASSWORD);

106
        for (int i=0; i<SIZE; i++) {

107
            p12.setKeyEntry(aliases[i], keys[i], certChains[i]);

108
        }

109
        try (FileOutputStream fos = new FileOutputStream(P12FILE)) {

110
            p12.store(fos, PASSWORD);

111
        }

112


113
        // Check private keys still match certs

114
        p12 = KeyStore.getInstance("pkcs12");

115
        try (FileInputStream fis = new FileInputStream(P12FILE)) {

116
            p12.load(fis, PASSWORD);

117
        }

118
        for (int i=0; i<SIZE; i++) {

119
            String a = "p" + i;

120
            X509Certificate x = (X509Certificate)p12.getCertificate(a);

121
            X500Name name = (X500Name)x.getSubjectDN();

122
            if (!name.getCommonName().equals(""+i)) {

123
                throw new Exception(a + "'s cert is " + name);

124
            }

125
        }

126
    }

127
}

128


129