1 /*
2 * Copyright (c) 2013, 2015 Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 8005408 8079129 8048830
27 * @summary KeyStore API enhancements
28 * @run main StoreSecretKeyTest
29 */
30
31 import java.io.*;
32 import java.security.*;
33 import java.security.cert.*;
34 import java.security.cert.Certificate;
35 import java.util.*;
36 import javax.crypto.*;
37 import javax.crypto.spec.*;
38
39 // Store a secret key in a keystore and retrieve it again.
40
41 public class StoreSecretKeyTest {
42 private final static String DIR = System.getProperty("test.src", ".");
43 private static final char[] PASSWORD = "passphrase".toCharArray();
44 private static final String KEYSTORE = "keystore.p12";
45 private static final String CERT = DIR + "/trusted.pem";
46 private static final String ALIAS = "my trusted cert";
47 private static final String ALIAS2 = "my secret key";
48 private enum ALGORITHM {
49 DES(56),
50 DESede(168),
51 AES(128);
52 final int len;
53 ALGORITHM(int l) {
54 len = l;
55 }
56 final int getLength() {
57 return len;
58 }
59 }
60 public static void main(String[] args) throws Exception {
61 boolean isSecretkeyAlgSupported = false;
62 // Skip test if AES is unavailable
63 try {
64 SecretKeyFactory.getInstance("AES");
65 } catch (NoSuchAlgorithmException nsae) {
66 System.out.println("AES is unavailable. Skipping test...");
67 return;
68 }
69
70 for (ALGORITHM alg : ALGORITHM.values()) {
71 isSecretkeyAlgSupported |= testSecretKeyAlgorithm(alg);
72 }
73 if (!isSecretkeyAlgSupported) {
74 throw new Exception("None of the SecretKey algorithms is "
75 + "supported");
76 }
77 }
78
79 private static boolean testSecretKeyAlgorithm(ALGORITHM algorithm) throws
80 Exception {
81
82 System.out.println("Testing algorithm : " + algorithm.name());
83 new File(KEYSTORE).delete();
84 try {
85 KeyStore keystore = KeyStore.getInstance("PKCS12");
86 keystore.load(null, null);
87
88 // Set trusted certificate entry
89 Certificate cert = loadCertificate(CERT);
90 keystore.setEntry(ALIAS,
91 new KeyStore.TrustedCertificateEntry(cert), null);
92 // Set secret key entry
93 SecretKey secretKey = generateSecretKey(algorithm.name(),
94 algorithm.len);
95 if(secretKey == null) {
96 return false;
97 }
98 keystore.setEntry(ALIAS2,
99 new KeyStore.SecretKeyEntry(secretKey),
100 new KeyStore.PasswordProtection(PASSWORD));
101
102 try (FileOutputStream outStream = new FileOutputStream(KEYSTORE)) {
103 System.out.println("Storing keystore to: " + KEYSTORE);
104 keystore.store(outStream, PASSWORD);
105 }
106
107 try (FileInputStream inStream = new FileInputStream(KEYSTORE)) {
108 System.out.println("Loading keystore from: " + KEYSTORE);
109 keystore.load(inStream, PASSWORD);
110 System.out.println("Loaded keystore with " + keystore.size() +
111 " entries");
112 }
113
114 KeyStore.Entry entry = keystore.getEntry(ALIAS2,
115 new KeyStore.PasswordProtection(PASSWORD));
116 System.out.println("Retrieved entry: " + entry);
117
118 if (entry instanceof KeyStore.SecretKeyEntry) {
119 System.out.println("Retrieved secret key entry: " + entry);
120 } else {
121 throw new Exception("Not a secret key entry");
122 }
123 } catch (KeyStoreException | UnrecoverableKeyException ex) {
124 System.out.println("Unable to check SecretKey algorithm due to "
125 + "exception: " + ex.getMessage());
126 return false;
127 }
128 return true;
129 }
130
131 private static SecretKey generateSecretKey(String algorithm, int size)
132 throws NoSuchAlgorithmException {
133 KeyGenerator generator = KeyGenerator.getInstance(algorithm);
134 generator.init(size);
135 return generator.generateKey();
136 }
137
138 private static Certificate loadCertificate(String certFile)
139 throws Exception {
140 X509Certificate cert = null;
141 try (FileInputStream certStream = new FileInputStream(certFile)) {
142 CertificateFactory factory =
143 CertificateFactory.getInstance("X.509");
144 return factory.generateCertificate(certStream);
145 }
146 }
147 }