public void testDefaults() throws Exception {
Properties p = initProps();
KeyStore ks = KeyStoreUtil.createKeyStore(p);
List aliases = ListUtil.fromIterator(new EnumerationIterator(ks.aliases()));
assertIsomorphic(SetUtil.set("mykey", "mycert"), SetUtil.theSet(aliases));
assertNotNull(ks.getCertificate("mycert"));
assertNull(ks.getCertificate("foocert"));
assertEquals("JCEKS", ks.getType());
}
public void testStore() throws Exception {
File dir = getTempDir();
File file = new File(dir, "test.ks");
Properties p = initProps();
p.put(KeyStoreUtil.PROP_KEYSTORE_FILE, file.toString());
assertFalse(file.exists());
KeyStore ks = KeyStoreUtil.createKeyStore(p);
assertTrue(file.exists());
KeyStore ks2 = loadKeyStore(ks.getType(), file, PASSWD);
List aliases = ListUtil.fromIterator(new EnumerationIterator(ks2.aliases()));
assertIsomorphic(SetUtil.set("mykey", "mycert"), SetUtil.theSet(aliases));
assertNotNull(ks2.getCertificate("mycert"));
assertNull(ks2.getCertificate("foocert"));
assertEquals("JCEKS", ks2.getType());
}
public void testCreateSharedPLNKeyStores() throws Exception {
List<String> hosts = ListUtil.list("host1", "host2.foo.bar", "host3");
List<String> hosts2 = ListUtil.list("host3", "host4");
File dir = getTempDir();
File pub = new File(dir, "pub.ks");
KeyStoreUtil.createSharedPLNKeyStores(
dir, hosts, pub, "pubpass", MiscTestUtil.getSecureRandom());
assertPubKs(pub, "pubpass", hosts);
for (String host : hosts) {
assertPrivateKs(
new File(dir, host + ".jceks"), StringUtil.fromFile(new File(dir, host + ".pass")), host);
}
KeyStore pubks1 = loadKeyStore("jceks", new File(dir, "pub.ks"), "pubpass");
Certificate host1cert1 = pubks1.getCertificate("host1.crt");
Certificate host3cert1 = pubks1.getCertificate("host3.crt");
String host1priv1 = StringUtil.fromFile(new File(dir, "host1.jceks"));
String host3priv1 = StringUtil.fromFile(new File(dir, "host3.jceks"));
// Now add host4 and generate a new key for host3
KeyStoreUtil.createSharedPLNKeyStores(
dir, hosts2, pub, "pubpass", MiscTestUtil.getSecureRandom());
List<String> both = ListUtils.sum(hosts, hosts2);
assertPubKs(pub, "pubpass", both);
for (String host : both) {
assertPrivateKs(
new File(dir, host + ".jceks"), StringUtil.fromFile(new File(dir, host + ".pass")), host);
}
KeyStore pubks2 = loadKeyStore("jceks", new File(dir, "pub.ks"), "pubpass");
// host1 should have the same cert, host3 not
Certificate host1cert2 = pubks2.getCertificate("host1.crt");
Certificate host3cert2 = pubks2.getCertificate("host3.crt");
assertEquals(host1cert1, host1cert2);
assertNotEquals(host3cert1, host3cert2);
// host1's private key file should be the same, host3's not
String host1priv2 = StringUtil.fromFile(new File(dir, "host1.jceks"));
String host3priv2 = StringUtil.fromFile(new File(dir, "host3.jceks"));
assertEquals(host1priv1, host1priv2);
assertNotEquals(host3priv1, host3priv2);
}
void assertPubKs(File file, String pass, List<String> hosts) throws Exception {
KeyStore ks = loadKeyStore("jceks", file, pass);
List aliases = ListUtil.fromIterator(new EnumerationIterator(ks.aliases()));
assertEquals(hosts.size(), aliases.size());
for (String host : hosts) {
String alias = host + ".crt";
Certificate cert = ks.getCertificate(alias);
assertNotNull(cert);
assertEquals("X.509", cert.getType());
}
}
void assertPrivateKs(File file, String pass, String alias) throws Exception {
KeyStore ks = loadKeyStore("jceks", file, alias);
List aliases = ListUtil.fromIterator(new EnumerationIterator(ks.aliases()));
assertEquals(2, aliases.size());
Certificate cert = ks.getCertificate(alias + ".crt");
assertNotNull(cert);
assertEquals("X.509", cert.getType());
assertTrue(ks.isKeyEntry(alias + ".key"));
assertTrue(ks.isCertificateEntry(alias + ".crt"));
Key key = ks.getKey(alias + ".key", pass.toCharArray());
assertNotNull(key);
assertEquals("RSA", key.getAlgorithm());
}
/**
* Method returns a X.509 certificate object readed from the active token and representing an user
* public key certificate value.
*
* @return X.509 certificate object.
* @throws DigiDocException if getting X.509 public key certificate fails or the requested
* certificate type X.509 is not available in the default provider package
*/
public X509Certificate getCertificate(int token, String pin) throws DigiDocException {
if (m_keyStore == null)
throw new DigiDocException(DigiDocException.ERR_NOT_INITED, "Keystore not initialized", null);
String alias = getTokenName(token);
if (alias == null)
throw new DigiDocException(
DigiDocException.ERR_TOKEN_LOGIN, "Invalid token nr: " + token, null);
try {
return (X509Certificate) m_keyStore.getCertificate(alias);
} catch (Exception ex) {
m_logger.error("Error reading cert for alias: " + alias + " - " + ex);
}
return null;
}
public void main(Provider p) throws Exception {
/*
* Use Solaris SPARC 11.2 or later to avoid an intermittent failure
* when running SunPKCS11-Solaris (8044554)
*/
if (p.getName().equals("SunPKCS11-Solaris")
&& System.getProperty("os.name").equals("SunOS")
&& System.getProperty("os.arch").equals("sparcv9")
&& System.getProperty("os.version").compareTo("5.11") <= 0
&& getDistro().compareTo("11.2") < 0) {
System.out.println(
"SunPKCS11-Solaris provider requires " + "Solaris SPARC 11.2 or later, skipping");
return;
}
long start = System.currentTimeMillis();
provider = p;
data = new byte[2048];
new Random().nextBytes(data);
KeyStore ks = getKeyStore();
KeyFactory kf = KeyFactory.getInstance("RSA", provider);
for (Enumeration e = ks.aliases(); e.hasMoreElements(); ) {
String alias = (String) e.nextElement();
if (ks.isKeyEntry(alias)) {
System.out.println("* Key " + alias + "...");
PrivateKey privateKey = (PrivateKey) ks.getKey(alias, password);
PublicKey publicKey = ks.getCertificate(alias).getPublicKey();
privateKey = (PrivateKey) kf.translateKey(privateKey);
publicKey = (PublicKey) kf.translateKey(publicKey);
test(privateKey, publicKey);
}
}
long stop = System.currentTimeMillis();
System.out.println("All tests passed (" + (stop - start) + " ms).");
}