1 /*
   2  * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import java.io.*;
  25 import java.util.*;
  26 import java.lang.reflect.*;
  27 
  28 import java.security.KeyStore;
  29 import java.security.KeyStoreException;
  30 import java.security.KeyFactory;
  31 import java.security.KeyPairGenerator;
  32 import java.security.KeyPair;
  33 import java.security.SecureRandom;
  34 import java.security.AuthProvider;
  35 import java.security.PrivateKey;
  36 import java.security.Provider;
  37 import java.security.ProviderException;
  38 import java.security.Signature;
  39 import java.security.Security;
  40 
  41 import java.security.cert.*;
  42 import java.security.spec.*;
  43 import java.security.interfaces.*;
  44 
  45 import javax.crypto.SecretKey;
  46 
  47 import javax.security.auth.Subject;
  48 import javax.security.auth.login.LoginException;
  49 
  50 import com.sun.security.auth.module.*;
  51 import com.sun.security.auth.callback.*;
  52 
  53 
  54 public class Basic extends PKCS11Test {
  55 
  56     private static final char SEP = File.separatorChar;
  57 
  58     private static String DIR = System.getProperty("DIR");
  59     private static char[] tokenPwd;
  60     private static final char[] ibuttonPwd =
  61                         new char[0];
  62     private static final char[] activcardPwd =
  63                         new char[] { '1', '1', '2', '2', '3', '3' };
  64     private static final char[] nssPwd =
  65                         new char[] { 't', 'e', 's', 't', '1', '2' };
  66     private static final char[] solarisPwd =
  67                         new char[] { 'p', 'i', 'n' };
  68     private static final char[] sca1000Pwd =
  69                         new char[] { 'p', 'a', 's', 's', 'w', 'o', 'r', 'd' };
  70     private static final char[] sPwd = { 'f', 'o', 'o' };
  71 
  72     private static SecretKey sk1;
  73     private static SecretKey sk2;
  74     private static SecretKey sk3;
  75     private static SecretKey sk4;
  76 
  77     private static RSAPrivateCrtKey pk1;
  78     private static PrivateKey pk2;
  79     private static PrivateKey pk3;
  80 
  81     private static Certificate[] chain1;
  82     private static Certificate[] chain2;
  83     private static Certificate[] chain3;
  84     private static Certificate[] chain4;
  85 
  86     private static X509Certificate randomCert;
  87 
  88     private static KeyStore ks;
  89     private static final String KS_TYPE = "PKCS11";
  90     private static Provider provider;
  91 
  92     private static class FooEntry implements KeyStore.Entry { }
  93 
  94     private static class P11SecretKey implements SecretKey {
  95         String alg;
  96         int length;
  97         public P11SecretKey(String alg, int length) {
  98             this.alg = alg;
  99             this.length = length;
 100         }
 101         public String getAlgorithm() { return alg; }
 102         public String getFormat() { return "raw"; }
 103         public byte[] getEncoded() { return new byte[length/8]; }
 104     }
 105 
 106     public static void main(String[] args) throws Exception {
 107         main(new Basic());
 108     }
 109 
 110     public void main(Provider p) throws Exception {
 111 
 112         this.provider = p;
 113 
 114         // get private keys
 115         KeyFactory kf = KeyFactory.getInstance("RSA", "SunJSSE");
 116         KeyFactory dsaKf = KeyFactory.getInstance("DSA", "SUN");
 117 
 118         ObjectInputStream ois1 = new ObjectInputStream
 119                         (new FileInputStream(new File(DIR, "pk1.key")));
 120         byte[] keyBytes = (byte[])ois1.readObject();
 121         ois1.close();
 122         PrivateKey tmpKey =
 123                 kf.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
 124         pk1 = (RSAPrivateCrtKey)tmpKey;
 125 
 126         ObjectInputStream ois2 = new ObjectInputStream
 127                         (new FileInputStream(new File(DIR, "pk2.key")));
 128         keyBytes = (byte[])ois2.readObject();
 129         ois2.close();
 130         pk2 = kf.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
 131 
 132         ObjectInputStream ois3 = new ObjectInputStream
 133                         (new FileInputStream(new File(DIR, "pk3.key")));
 134         keyBytes = (byte[])ois3.readObject();
 135         pk3 = kf.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
 136         ois3.close();
 137 
 138         // get cert chains for private keys
 139         CertificateFactory cf = CertificateFactory.getInstance("X.509", "SUN");
 140         Certificate caCert = (X509Certificate)cf.generateCertificate
 141                         (new FileInputStream(new File(DIR, "ca.cert")));
 142         Certificate ca2Cert = (X509Certificate)cf.generateCertificate
 143                         (new FileInputStream(new File(DIR, "ca2.cert")));
 144         Certificate pk1cert = (X509Certificate)cf.generateCertificate
 145                         (new FileInputStream(new File(DIR, "pk1.cert")));
 146         Certificate pk1cert2 = (X509Certificate)cf.generateCertificate
 147                         (new FileInputStream(new File(DIR, "pk1.cert2")));
 148         Certificate pk2cert = (X509Certificate)cf.generateCertificate
 149                         (new FileInputStream(new File(DIR, "pk2.cert")));
 150         Certificate pk3cert = (X509Certificate)cf.generateCertificate
 151                         (new FileInputStream(new File(DIR, "pk3.cert")));
 152         chain1 = new Certificate[] { pk1cert, caCert };
 153         chain2 = new Certificate[] { pk2cert, caCert };
 154         chain3 = new Certificate[] { pk3cert, caCert };
 155         chain4 = new Certificate[] { pk1cert2, ca2Cert };
 156 
 157         // create secret keys
 158         sk1 = new P11SecretKey("DES", 64);
 159         sk2 = new P11SecretKey("DESede", 192);
 160         sk3 = new P11SecretKey("AES", 128);
 161         sk4 = new P11SecretKey("RC4", 128);
 162 
 163         // read randomCert
 164         randomCert = (X509Certificate)cf.generateCertificate
 165                         (new FileInputStream(new File(DIR, "random.cert")));
 166 
 167         doTest();
 168     }
 169 
 170     private static void doTest() throws Exception {
 171 
 172         String token = System.getProperty("TOKEN");
 173         String test = System.getProperty("TEST");
 174 
 175         if (token == null || token.length() == 0) {
 176             throw new Exception("token arg required");
 177         }
 178         if (test == null || test.length() == 0) {
 179             throw new Exception("test arg required");
 180         }
 181 
 182         if ("ibutton".equals(token)) {
 183             tokenPwd = ibuttonPwd;
 184         } else if ("activcard".equals(token)) {
 185             tokenPwd = activcardPwd;
 186         } else if ("nss".equals(token)) {
 187             tokenPwd = nssPwd;
 188         } else if ("sca1000".equals(token)) {
 189             tokenPwd = sca1000Pwd;
 190         } else if ("solaris".equals(token)) {
 191             tokenPwd = solarisPwd;
 192         }
 193 
 194         if ("list".equals(test)) {
 195             Basic.list();
 196         } else if ("basic".equals(test)) {
 197 
 198             int testnum = 1;
 199 
 200             if ("ibutton".equals(token)) {
 201                 // pkey and setAttribute
 202                 testnum = Basic.pkey(testnum);
 203                 testnum = Basic.setAttribute(testnum);
 204             } else if ("activcard".equals(token)) {
 205                 // sign
 206                 testnum = Basic.signAlias(testnum, null);
 207             } else if ("nss".equals(token)) {
 208                 // setAttribute, pkey, sign
 209                 testnum = Basic.setAttribute(testnum);
 210                 testnum = Basic.pkey(testnum);
 211                 testnum = Basic.sign(testnum);
 212                 testnum = Basic.copy(testnum);
 213             } else if ("solaris".equals(token)) {
 214                 testnum = Basic.setAttribute(testnum);
 215                 testnum = Basic.pkey(testnum);
 216                 testnum = Basic.sign(testnum);
 217                 testnum = Basic.skey(testnum);
 218                 testnum = Basic.copy(testnum);
 219             } else if ("sca1000".equals(token)) {
 220                 // setAttribute, pkey, sign, skey, copy
 221                 testnum = Basic.setAttribute(testnum);
 222                 testnum = Basic.pkey(testnum);
 223                 testnum = Basic.sign(testnum);
 224                 testnum = Basic.skey(testnum);
 225                 testnum = Basic.copy(testnum);
 226             }
 227 
 228         } else if ("pkey".equals(test)) {
 229             Basic.pkey(1);
 230         } else if ("skey".equals(test)) {
 231             Basic.skey(1);
 232         } else if ("setAttribute".equals(test)) {
 233             Basic.setAttribute(1);
 234         } else if ("copy".equals(test)) {
 235             Basic.copy(1);
 236         } else if ("sign".equals(test)) {
 237             Basic.sign(1);
 238         } else if ("module".equals(test)) {
 239             Basic.module();
 240         } else if ("nss-extended".equals(test)) {
 241 
 242             // this only works if NSS_TEST is set to true in P11KeyStore.java
 243 
 244             int testnum = 1;
 245             testnum = Basic.setAttribute(testnum);
 246             testnum = Basic.pkey(testnum);
 247             testnum = Basic.sign(testnum);
 248             testnum = Basic.extended(testnum);
 249         } else {
 250             System.out.println("unrecognized command");
 251         }
 252     }
 253 
 254     private static int sign(int testnum) throws Exception {
 255         if (ks == null) {
 256             ks = KeyStore.getInstance(KS_TYPE, provider);
 257             ks.load(null, tokenPwd);
 258         }
 259         if (!ks.containsAlias("pk1")) {
 260             ks.setKeyEntry("pk1", pk1, null, chain1);
 261         }
 262         System.out.println("test " + testnum++ + " passed");
 263 
 264         return signAlias(testnum, "pk1");
 265     }
 266 
 267     private static int signAlias(int testnum, String alias) throws Exception {
 268 
 269         if (ks == null) {
 270             ks = KeyStore.getInstance(KS_TYPE, provider);
 271             ks.load(null, tokenPwd);
 272         }
 273 
 274         if (alias == null) {
 275             Enumeration enu = ks.aliases();
 276             if (enu.hasMoreElements()) {
 277                 alias = (String)enu.nextElement();
 278             }
 279         }
 280 
 281         PrivateKey pkey = (PrivateKey)ks.getKey(alias, null);
 282         if ("RSA".equals(pkey.getAlgorithm())) {
 283             System.out.println("got [" + alias + "] signing key: " + pkey);
 284         } else {
 285             throw new SecurityException
 286                 ("expected RSA, got " + pkey.getAlgorithm());
 287         }
 288 
 289         Signature s = Signature.getInstance("MD5WithRSA", ks.getProvider());
 290         s.initSign(pkey);
 291         System.out.println("initialized signature object with key");
 292         s.update("hello".getBytes());
 293         System.out.println("signature object updated with [hello] bytes");
 294 
 295         byte[] signed = s.sign();
 296         System.out.println("received signature " + signed.length +
 297                         " bytes in length");
 298 
 299         Signature v = Signature.getInstance("MD5WithRSA", ks.getProvider());
 300         v.initVerify(ks.getCertificate(alias));
 301         v.update("hello".getBytes());
 302         v.verify(signed);
 303         System.out.println("signature verified");
 304         System.out.println("test " + testnum++ + " passed");
 305 
 306         return testnum;
 307     }
 308 
 309     private static int copy(int testnum) throws Exception {
 310 
 311         if (ks == null) {
 312             ks = KeyStore.getInstance(KS_TYPE, provider);
 313             ks.load(null, tokenPwd);
 314         }
 315 
 316         KeyFactory kf = KeyFactory.getInstance("RSA", provider);
 317         PrivateKey pkSession = (PrivateKey)kf.translateKey(pk3);
 318         System.out.println("pkSession = " + pkSession);
 319         ks.setKeyEntry("pkSession", pkSession, null, chain3);
 320 
 321         KeyStore.PrivateKeyEntry pke =
 322                 (KeyStore.PrivateKeyEntry)ks.getEntry("pkSession", null);
 323         System.out.println("pkSession = " + pke.getPrivateKey());
 324         Certificate[] chain = pke.getCertificateChain();
 325         if (chain.length != chain3.length) {
 326             throw new SecurityException("received chain not correct length");
 327         }
 328         for (int i = 0; i < chain.length; i++) {
 329             if (!chain[i].equals(chain3[i])) {
 330                 throw new SecurityException("received chain not equal");
 331             }
 332         }
 333 
 334         System.out.println("test " + testnum++ + " passed");
 335 
 336         return testnum;
 337     }
 338 
 339     private static void list() throws Exception {
 340         int testnum = 1;
 341 
 342         ks = KeyStore.getInstance(KS_TYPE, provider);
 343 
 344         // check instance
 345         if (ks.getProvider() instanceof java.security.AuthProvider) {
 346             System.out.println("keystore provider instance of AuthProvider");
 347             System.out.println("test " + testnum++ + " passed");
 348         } else {
 349             throw new SecurityException("did not get AuthProvider KeyStore");
 350         }
 351 
 352         // load
 353         ks.load(null, tokenPwd);
 354         System.out.println("test " + testnum++ + " passed");
 355 
 356         // aliases
 357         Enumeration enu = ks.aliases();
 358         int count = 0;
 359         while (enu.hasMoreElements()) {
 360             count++;
 361             System.out.println("alias " +
 362                                 count +
 363                                 " = " +
 364                                 (String)enu.nextElement());
 365         }
 366     }
 367 
 368     private static void module() throws Exception {
 369 
 370         // perform Security.addProvider of P11 provider
 371         ProviderLoader.go(System.getProperty("CUSTOM_P11_CONFIG"));
 372 
 373         String KS_PROVIDER = "SunPKCS11-" + System.getProperty("TOKEN");
 374 
 375         KeyStoreLoginModule m = new KeyStoreLoginModule();
 376         Subject s = new Subject();
 377         Map options = new HashMap();
 378         options.put("keyStoreURL", "NONE");
 379         options.put("keyStoreType", KS_TYPE);
 380         options.put("keyStoreProvider", KS_PROVIDER);
 381         options.put("debug", "true");
 382         m.initialize(s, new TextCallbackHandler(), new HashMap(), options);
 383         m.login();
 384         m.commit();
 385         System.out.println("authenticated subject = " + s);
 386         m.logout();
 387         System.out.println("authenticated subject = " + s);
 388     }
 389 
 390     /**
 391      * SCA1000 does not handle extended secret key tests
 392      * . Blowfish (CKR_TEMPLATE_INCOMPLETE)
 393      * . AES (CKR_TEMPLATE_INCOMPLETE)
 394      * . RC4 (CKR_ATTRIBUTE_TYPE_INVALID)
 395      * so do this instead
 396      */
 397     private static int skey(int testnum) throws Exception {
 398         if (ks == null) {
 399             ks = KeyStore.getInstance(KS_TYPE, provider);
 400             ks.load(null, tokenPwd);
 401         }
 402 
 403         // delete all old aliases
 404         Enumeration enu = ks.aliases();
 405         int count = 0;
 406         while (enu.hasMoreElements()) {
 407             String next = (String)enu.nextElement();
 408             ks.deleteEntry(next);
 409             System.out.println("deleted entry for: " + next);
 410         }
 411 
 412         // set good ske 1
 413         ks.setKeyEntry("sk1", sk1, null, null);
 414         System.out.println("test " + testnum++ + " passed");
 415 
 416         // set good ske 2
 417         ks.setKeyEntry("sk2", sk2, null, null);
 418         System.out.println("test " + testnum++ + " passed");
 419 
 420         // getEntry good ske 1
 421         KeyStore.SecretKeyEntry ske =
 422                 (KeyStore.SecretKeyEntry)ks.getEntry("sk1", null);
 423         if ("DES".equals(ske.getSecretKey().getAlgorithm())) {
 424             System.out.println("test " + testnum++ + " passed");
 425         } else {
 426             throw new SecurityException
 427                 ("expected DES, got " + ske.getSecretKey().getAlgorithm());
 428         }
 429 
 430         // getEntry good ske 2
 431         ske = (KeyStore.SecretKeyEntry)ks.getEntry("sk2", null);
 432         if ("DESede".equals(ske.getSecretKey().getAlgorithm())) {
 433             System.out.println("test " + testnum++ + " passed");
 434         } else {
 435             throw new SecurityException
 436                 ("expected DESede, got " + ske.getSecretKey().getAlgorithm());
 437         }
 438 
 439         // getKey good ske 1
 440         SecretKey skey = (SecretKey)ks.getKey("sk1", null);
 441         if ("DES".equals(skey.getAlgorithm())) {
 442             System.out.println("test " + testnum++ + " passed");
 443         } else {
 444             throw new SecurityException
 445                 ("expected DES, got " + skey.getAlgorithm());
 446         }
 447 
 448         // getKey good ske 2
 449         skey = (SecretKey)ks.getKey("sk2", null);
 450         if ("DESede".equals(skey.getAlgorithm())) {
 451             System.out.println("test " + testnum++ + " passed");
 452         } else {
 453             throw new SecurityException
 454                 ("expected DESede, got " + skey.getAlgorithm());
 455         }
 456 
 457         // aliases
 458         enu = ks.aliases();
 459         count = 0;
 460         while (enu.hasMoreElements()) {
 461             count++;
 462             System.out.println("alias " +
 463                                 count +
 464                                 " = " +
 465                                 (String)enu.nextElement());
 466         }
 467         if (count == 2) {
 468             System.out.println("test " + testnum++ + " passed");
 469         } else {
 470             throw new SecurityException("expected 2 aliases");
 471         }
 472 
 473         // size
 474         if (ks.size() == 2) {
 475             System.out.println("test " + testnum++ + " passed");
 476         } else {
 477             throw new SecurityException("expected size 2");
 478         }
 479 
 480         // isCertificateEntry sk1
 481         if (!ks.isCertificateEntry("sk1")) {
 482             System.out.println("test " + testnum++ + " passed");
 483         } else {
 484             throw new SecurityException("expected ske");
 485         }
 486 
 487         // isKeyEntry sk1
 488         if (ks.isKeyEntry("sk1")) {
 489             System.out.println("test " + testnum++ + " passed");
 490         } else {
 491             throw new SecurityException("expected ske");
 492         }
 493 
 494         // entryInstanceOf sk2
 495         if (ks.entryInstanceOf("sk2", KeyStore.SecretKeyEntry.class)) {
 496             System.out.println("test " + testnum++ + " passed");
 497         } else {
 498             throw new SecurityException("expected ske");
 499         }
 500 
 501         return testnum;
 502     }
 503 
 504     private static int setAttribute(int testnum) throws Exception {
 505 
 506         if (ks == null) {
 507             ks = KeyStore.getInstance(KS_TYPE, provider);
 508             ks.load(null, tokenPwd);
 509         }
 510 
 511         if (!ks.containsAlias("pk1")) {
 512             // set good pke 1
 513             ks.setKeyEntry("pk1", pk1, null, chain1);
 514             System.out.println("test " + testnum++ + " passed");
 515         }
 516 
 517         // delete all old aliases except pk1
 518         Enumeration enu = ks.aliases();
 519         int count = 0;
 520         while (enu.hasMoreElements()) {
 521             String next = (String)enu.nextElement();
 522             if (!"pk1".equals(next)) {
 523                 ks.deleteEntry(next);
 524                 System.out.println("deleted entry for: " + next);
 525             }
 526         }
 527 
 528         KeyStore.PrivateKeyEntry pke =
 529                 (KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
 530         System.out.println("pk1 = " + pke.getPrivateKey());
 531         Certificate[] chain = pke.getCertificateChain();
 532         if (chain.length != chain1.length) {
 533             throw new SecurityException("received chain not correct length");
 534         }
 535         for (int i = 0; i < chain.length; i++) {
 536             if (!chain[i].equals(chain1[i])) {
 537                 throw new SecurityException("received chain not equal");
 538             }
 539         }
 540         System.out.println("test " + testnum++ + " passed");
 541 
 542         /**
 543          * test change alias only
 544          */
 545 
 546         // test C_SetAttribute
 547         PrivateKey pkey = pke.getPrivateKey();
 548         ks.setEntry("pk1SA",
 549                 new KeyStore.PrivateKeyEntry(pkey, chain1),
 550                 null);
 551         System.out.println("test " + testnum++ + " passed");
 552 
 553         // aliases
 554         enu = ks.aliases();
 555         count = 0;
 556         String newAlias = null;
 557         while (enu.hasMoreElements()) {
 558             count++;
 559             newAlias = (String)enu.nextElement();
 560             System.out.println("alias " +
 561                                 count +
 562                                 " = " +
 563                                 newAlias);
 564         }
 565         if (count == 1 && "pk1SA".equals(newAlias)) {
 566             System.out.println("test " + testnum++ + " passed");
 567         } else {
 568             throw new SecurityException("expected 1 alias");
 569         }
 570 
 571         // size
 572         if (ks.size() == 1) {
 573             System.out.println("test " + testnum++ + " passed");
 574         } else {
 575             throw new SecurityException("expected size 1");
 576         }
 577 
 578         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
 579         if (pke != null) {
 580             throw new SecurityException("expected not to find pk1");
 581         }
 582         System.out.println("test " + testnum++ + " passed");
 583 
 584         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1SA", null);
 585         System.out.println("pk1SA = " + pke.getPrivateKey());
 586         chain = pke.getCertificateChain();
 587         if (chain.length != chain1.length) {
 588             throw new SecurityException("received chain not correct length");
 589         }
 590         for (int i = 0; i < chain.length; i++) {
 591             if (!chain[i].equals(chain1[i])) {
 592                 throw new SecurityException("received chain not equal");
 593             }
 594         }
 595         System.out.println("test " + testnum++ + " passed");
 596 
 597         /**
 598          * test change cert chain
 599          */
 600 
 601         pkey = pke.getPrivateKey();
 602         ks.setEntry("pk1SA-2",
 603                 new KeyStore.PrivateKeyEntry(pkey, chain4),
 604                 null);
 605         System.out.println("test " + testnum++ + " passed");
 606 
 607         // aliases
 608         enu = ks.aliases();
 609         count = 0;
 610         newAlias = null;
 611         while (enu.hasMoreElements()) {
 612             count++;
 613             newAlias = (String)enu.nextElement();
 614             System.out.println("alias " +
 615                                 count +
 616                                 " = " +
 617                                 newAlias);
 618         }
 619         if (count == 1 && "pk1SA-2".equals(newAlias)) {
 620             System.out.println("test " + testnum++ + " passed");
 621         } else {
 622             throw new SecurityException("expected 1 alias");
 623         }
 624 
 625         // size
 626         if (ks.size() == 1) {
 627             System.out.println("test " + testnum++ + " passed");
 628         } else {
 629             throw new SecurityException("expected size 1");
 630         }
 631 
 632         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1SA", null);
 633         if (pke != null) {
 634             throw new SecurityException("expected not to find pk1SA");
 635         }
 636         System.out.println("test " + testnum++ + " passed");
 637 
 638         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1SA-2", null);
 639         System.out.println("pk1SA-2 = " + pke.getPrivateKey());
 640         chain = pke.getCertificateChain();
 641         if (chain.length != chain4.length) {
 642             throw new SecurityException("received chain not correct length");
 643         }
 644         for (int i = 0; i < chain.length; i++) {
 645             if (!chain[i].equals(chain4[i])) {
 646                 throw new SecurityException("received chain not equal");
 647             }
 648         }
 649         System.out.println("test " + testnum++ + " passed");
 650 
 651         return testnum;
 652     }
 653 
 654     private static int pkey(int testnum) throws Exception {
 655 
 656         if (ks == null) {
 657             ks = KeyStore.getInstance(KS_TYPE, provider);
 658             ks.load(null, tokenPwd);
 659             System.out.println("test " + testnum++ + " passed");
 660         }
 661 
 662         // check instance
 663         if (ks.getProvider() instanceof java.security.AuthProvider) {
 664             System.out.println("keystore provider instance of AuthProvider");
 665             System.out.println("test " + testnum++ + " passed");
 666         } else {
 667             throw new SecurityException("did not get AuthProvider KeyStore");
 668         }
 669 
 670         // delete all old aliases
 671         Enumeration enu = ks.aliases();
 672         int count = 0;
 673         while (enu.hasMoreElements()) {
 674             String next = (String)enu.nextElement();
 675             ks.deleteEntry(next);
 676             System.out.println("deleted entry for: " + next);
 677         }
 678 
 679         // set good pke 1
 680         ks.setKeyEntry("pk1", pk1, null, chain1);
 681         System.out.println("test " + testnum++ + " passed");
 682 
 683         // set good pke 2
 684         ks.setEntry("pk2",
 685                 new KeyStore.PrivateKeyEntry(pk2, chain2),
 686                 null);
 687         System.out.println("test " + testnum++ + " passed");
 688 
 689         // getEntry good pke 1
 690         KeyStore.PrivateKeyEntry pke =
 691                 (KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
 692         System.out.println("pk1 = " + pke.getPrivateKey());
 693         Certificate[] chain = pke.getCertificateChain();
 694         if (chain.length != chain1.length) {
 695             throw new SecurityException("received chain not correct length");
 696         }
 697         for (int i = 0; i < chain.length; i++) {
 698             if (!chain[i].equals(chain1[i])) {
 699                 throw new SecurityException("received chain not equal");
 700             }
 701         }
 702 
 703         // getKey good pke 1
 704         PrivateKey pkey = (PrivateKey)ks.getKey("pk1", null);
 705         System.out.println("pk1 = " + pkey);
 706         if ("RSA".equals(pkey.getAlgorithm())) {
 707             System.out.println("test " + testnum++ + " passed");
 708         } else {
 709             throw new SecurityException
 710                 ("expected RSA, got " + pkey.getAlgorithm());
 711         }
 712 
 713         // getCertificate chain chain 1
 714         chain = ks.getCertificateChain("pk1");
 715         if (chain.length != chain1.length) {
 716             throw new SecurityException("received chain not correct length");
 717         }
 718         for (int i = 0; i < chain.length; i++) {
 719             if (!chain[i].equals(chain1[i])) {
 720                 throw new SecurityException("received chain not equal");
 721             }
 722         }
 723         System.out.println("test " + testnum++ + " passed");
 724 
 725         // getEntry good pke 2
 726         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk2", null);
 727         if ("RSA".equals(pke.getPrivateKey().getAlgorithm())) {
 728             System.out.println("test " + testnum++ + " passed");
 729         } else {
 730             throw new SecurityException
 731                 ("expected RSA, got " + pke.getPrivateKey().getAlgorithm());
 732         }
 733         System.out.println("pk2 = " + pke.getPrivateKey());
 734         chain = pke.getCertificateChain();
 735         if (chain.length != chain2.length) {
 736             throw new SecurityException("received chain not correct length");
 737         }
 738         for (int i = 0; i < chain.length; i++) {
 739             if (!chain[i].equals(chain2[i])) {
 740                 throw new SecurityException("received chain not equal");
 741             }
 742         }
 743 
 744         // getKey good pke 2
 745         pkey = (PrivateKey)ks.getKey("pk2", null);
 746         if ("RSA".equals(pkey.getAlgorithm())) {
 747             System.out.println("test " + testnum++ + " passed");
 748         } else {
 749             throw new SecurityException
 750                 ("expected RSA, got " + pkey.getAlgorithm());
 751         }
 752 
 753         // getCertificate chain chain 2
 754         chain = ks.getCertificateChain("pk2");
 755         if (chain.length != chain2.length) {
 756             throw new SecurityException("received chain not correct length");
 757         }
 758         for (int i = 0; i < chain.length; i++) {
 759             if (!chain[i].equals(chain2[i])) {
 760                 throw new SecurityException("received chain not equal");
 761             }
 762         }
 763         System.out.println("test " + testnum++ + " passed");
 764 
 765         // aliases
 766         enu = ks.aliases();
 767         count = 0;
 768         while (enu.hasMoreElements()) {
 769             count++;
 770             System.out.println("alias " +
 771                                 count +
 772                                 " = " +
 773                                 (String)enu.nextElement());
 774         }
 775         if (count == 2) {
 776             System.out.println("test " + testnum++ + " passed");
 777         } else {
 778             throw new SecurityException("expected 2 aliases");
 779         }
 780 
 781         // size
 782         if (ks.size() == 2) {
 783             System.out.println("test " + testnum++ + " passed");
 784         } else {
 785             throw new SecurityException("expected size 2");
 786         }
 787 
 788         // getCertificate
 789         if (ks.getCertificate("pk1").equals(chain1[0])) {
 790             System.out.println("test " + testnum++ + " passed");
 791         } else {
 792             throw new SecurityException("expected certificate pk1 end entity");
 793         }
 794 
 795         // containsAlias
 796         if (ks.containsAlias("pk1") && ks.containsAlias("pk2") &&
 797             !ks.containsAlias("foobar") &&
 798             !ks.containsAlias("pk1.2") && !ks.containsAlias("pk2.2")) {
 799             System.out.println("test " + testnum++ + " passed");
 800         } else {
 801             throw new SecurityException("unexpected aliases encountered");
 802         }
 803 
 804         // isKeyEntry
 805         if (ks.isKeyEntry("pk1") && ks.isKeyEntry("pk2") &&
 806             !ks.isKeyEntry("foobar")) {
 807             System.out.println("test " + testnum++ + " passed");
 808         } else {
 809             throw new SecurityException("isKeyEntry failed");
 810         }
 811 
 812         // isCertificateEntry
 813         if (!ks.isCertificateEntry("foobar") &&
 814             !ks.isCertificateEntry("pk1") && !ks.isCertificateEntry("pk2")) {
 815             System.out.println("test " + testnum++ + " passed");
 816         } else {
 817             throw new SecurityException("isCertificateEntry failed");
 818         }
 819 
 820         // getCertificateAlias
 821         if (ks.getCertificateAlias(chain1[0]).equals("pk1") &&
 822             ks.getCertificateAlias(chain2[0]).equals("pk2") &&
 823             ks.getCertificateAlias(randomCert) == null) {
 824             System.out.println("test " + testnum++ + " passed");
 825         } else {
 826             throw new SecurityException("getCertificateAlias failed");
 827         }
 828 
 829         if (ks.entryInstanceOf("pk1", KeyStore.PrivateKeyEntry.class) &&
 830             ks.entryInstanceOf("pk2", KeyStore.PrivateKeyEntry.class) &&
 831         !ks.entryInstanceOf("pk1", KeyStore.TrustedCertificateEntry.class) &&
 832         !ks.entryInstanceOf("pk2", KeyStore.TrustedCertificateEntry.class) &&
 833         !ks.entryInstanceOf("foobar", KeyStore.TrustedCertificateEntry.class) &&
 834           !ks.entryInstanceOf("foobar", KeyStore.PrivateKeyEntry.class)) {
 835             System.out.println("test " + testnum++ + " passed");
 836         } else {
 837             throw new SecurityException("entryInstanceOf failed");
 838         }
 839 
 840         ks.deleteEntry("pk2");
 841         if (ks.containsAlias("pk1") && !ks.containsAlias("pk2")) {
 842             System.out.println("test " + testnum++ + " passed");
 843         } else {
 844             throw new SecurityException("deleteEntry failed");
 845         }
 846 
 847         // getEntry good pke 1
 848         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
 849         System.out.println("pk1 = " + pke.getPrivateKey());
 850         chain = pke.getCertificateChain();
 851         if (chain.length != chain1.length) {
 852             throw new SecurityException("received chain not correct length");
 853         }
 854         for (int i = 0; i < chain.length; i++) {
 855             if (!chain[i].equals(chain1[i])) {
 856                 throw new SecurityException("received chain not equal");
 857             }
 858         }
 859         System.out.println("test " + testnum++ + " passed");
 860 
 861         // aliases
 862         enu = ks.aliases();
 863         count = 0;
 864         while (enu.hasMoreElements()) {
 865             count++;
 866             System.out.println("alias " +
 867                                 count +
 868                                 " = " +
 869                                 (String)enu.nextElement());
 870         }
 871         if (count == 1) {
 872             System.out.println("test " + testnum++ + " passed");
 873         } else {
 874             throw new SecurityException("expected 1 alias");
 875         }
 876 
 877         // size
 878         if (ks.size() == 1) {
 879             System.out.println("test " + testnum++ + " passed");
 880         } else {
 881             throw new SecurityException("expected size 1");
 882         }
 883 
 884         return testnum;
 885     }
 886 
 887     private static int extended(int testnum) throws Exception {
 888 
 889         // setEntry unknown entry type
 890         try {
 891             ks.setEntry("foo", new FooEntry(), null);
 892             throw new SecurityException("setEntry should have failed");
 893         } catch (KeyStoreException kse) {
 894             System.out.println("test " + testnum++ + " passed");
 895         }
 896 
 897         // getEntry random foo
 898         if (ks.getEntry("foo", null) != null) {
 899             throw new SecurityException("expected null entry");
 900         } else {
 901             System.out.println("test " + testnum++ + " passed");
 902         }
 903 
 904         // set good ske 1
 905         ks.setKeyEntry("sk1", sk1, null, null);
 906         System.out.println("test " + testnum++ + " passed");
 907 
 908         // set good ske 2
 909         ks.setKeyEntry("sk2", sk2, null, null);
 910         System.out.println("test " + testnum++ + " passed");
 911 
 912         // set good ske 3
 913         ks.setEntry("sk3",
 914                 new KeyStore.SecretKeyEntry(sk3),
 915                 null);
 916         System.out.println("test " + testnum++ + " passed");
 917 
 918         // set good ske 4
 919         ks.setEntry("sk4",
 920                 new KeyStore.SecretKeyEntry(sk4),
 921                 null);
 922         System.out.println("test " + testnum++ + " passed");
 923 
 924         // getEntry good ske 1
 925         KeyStore.SecretKeyEntry ske =
 926                 (KeyStore.SecretKeyEntry)ks.getEntry("sk1", null);
 927         if ("DES".equals(ske.getSecretKey().getAlgorithm())) {
 928             System.out.println("test " + testnum++ + " passed");
 929         } else {
 930             throw new SecurityException
 931                 ("expected DES, got " + ske.getSecretKey().getAlgorithm());
 932         }
 933 
 934         // getEntry good ske 2
 935         ske = (KeyStore.SecretKeyEntry)ks.getEntry("sk2", null);
 936         if ("DESede".equals(ske.getSecretKey().getAlgorithm())) {
 937             System.out.println("test " + testnum++ + " passed");
 938         } else {
 939             throw new SecurityException
 940                 ("expected DESede, got " + ske.getSecretKey().getAlgorithm());
 941         }
 942 
 943         // getEntry good ske 3
 944         ske = (KeyStore.SecretKeyEntry)ks.getEntry("sk3", null);
 945         if ("AES".equals(ske.getSecretKey().getAlgorithm())) {
 946             System.out.println("test " + testnum++ + " passed");
 947         } else {
 948             throw new SecurityException
 949                 ("expected AES, got " + ske.getSecretKey().getAlgorithm());
 950         }
 951 
 952         // getEntry good ske 4
 953         ske = (KeyStore.SecretKeyEntry)ks.getEntry("sk4", null);
 954         if ("ARCFOUR".equals(ske.getSecretKey().getAlgorithm())) {
 955             System.out.println("test " + testnum++ + " passed");
 956         } else {
 957             throw new SecurityException
 958                 ("expected ARCFOUR, got " + ske.getSecretKey().getAlgorithm());
 959         }
 960 
 961         // getKey good ske 1
 962         SecretKey skey = (SecretKey)ks.getKey("sk1", null);
 963         if ("DES".equals(skey.getAlgorithm())) {
 964             System.out.println("test " + testnum++ + " passed");
 965         } else {
 966             throw new SecurityException
 967                 ("expected DES, got " + skey.getAlgorithm());
 968         }
 969 
 970         // getKey good ske 2
 971         skey = (SecretKey)ks.getKey("sk2", null);
 972         if ("DESede".equals(skey.getAlgorithm())) {
 973             System.out.println("test " + testnum++ + " passed");
 974         } else {
 975             throw new SecurityException
 976                 ("expected DESede, got " + skey.getAlgorithm());
 977         }
 978 
 979         // getKey good ske 3
 980         skey = (SecretKey)ks.getKey("sk3", null);
 981         if ("AES".equals(skey.getAlgorithm())) {
 982             System.out.println("test " + testnum++ + " passed");
 983         } else {
 984             throw new SecurityException
 985                 ("expected AES, got " + skey.getAlgorithm());
 986         }
 987 
 988         // getKey good ske 4
 989         skey = (SecretKey)ks.getKey("sk4", null);
 990         if ("ARCFOUR".equals(skey.getAlgorithm())) {
 991             System.out.println("test " + testnum++ + " passed");
 992         } else {
 993             throw new SecurityException
 994                 ("expected ARCFOUR, got " + skey.getAlgorithm());
 995         }
 996 
 997         // aliases
 998         Enumeration enu = ks.aliases();
 999         int count = 0;
1000         while (enu.hasMoreElements()) {
1001             count++;
1002             System.out.println("alias " +
1003                                 count +
1004                                 " = " +
1005                                 (String)enu.nextElement());
1006         }
1007         if (count == 5) {
1008             System.out.println("test " + testnum++ + " passed");
1009         } else {
1010             throw new SecurityException("expected 5 aliases");
1011         }
1012 
1013         // size
1014         if (ks.size() == 5) {
1015             System.out.println("test " + testnum++ + " passed");
1016         } else {
1017             throw new SecurityException("expected size 5");
1018         }
1019 
1020         // set good pke 2
1021         ks.setEntry("pk2",
1022                 new KeyStore.PrivateKeyEntry(pk2, chain2),
1023                 null);
1024         System.out.println("test " + testnum++ + " passed");
1025 
1026         // set good pke 3
1027         ks.setEntry("pk3",
1028                 new KeyStore.PrivateKeyEntry(pk3, chain3),
1029                 null);
1030         System.out.println("test " + testnum++ + " passed");
1031 
1032         // getEntry good pke 1
1033         KeyStore.PrivateKeyEntry pke =
1034                 (KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
1035         System.out.println("pk1 = " + pke.getPrivateKey());
1036         Certificate[] chain = pke.getCertificateChain();
1037         if (chain.length != chain1.length) {
1038             throw new SecurityException("received chain not correct length");
1039         }
1040         for (int i = 0; i < chain.length; i++) {
1041             if (!chain[i].equals(chain1[i])) {
1042                 throw new SecurityException("received chain not equal");
1043             }
1044         }
1045 
1046         // getEntry good pke 2
1047         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk2", null);
1048         System.out.println("pk2 = " + pke.getPrivateKey());
1049         chain = pke.getCertificateChain();
1050         if (chain.length != chain2.length) {
1051             throw new SecurityException("received chain not correct length");
1052         }
1053         for (int i = 0; i < chain.length; i++) {
1054             if (!chain[i].equals(chain2[i])) {
1055                 throw new SecurityException("received chain not equal");
1056             }
1057         }
1058 
1059         // getEntry good pke 3
1060         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk3", null);
1061         System.out.println("pk3 = " + pke.getPrivateKey());
1062         chain = pke.getCertificateChain();
1063         if (chain.length != chain3.length) {
1064             throw new SecurityException("received chain not correct length");
1065         }
1066         for (int i = 0; i < chain.length; i++) {
1067             if (!chain[i].equals(chain3[i])) {
1068                 throw new SecurityException("received chain not equal");
1069             }
1070         }
1071 
1072         // getKey good pke 1
1073         PrivateKey pkey = (PrivateKey)ks.getKey("pk1", null);
1074         if ("RSA".equals(pkey.getAlgorithm())) {
1075             System.out.println("test " + testnum++ + " passed");
1076         } else {
1077             throw new SecurityException
1078                 ("expected RSA, got " + pkey.getAlgorithm());
1079         }
1080 
1081         // getCertificate chain chain 1
1082         chain = ks.getCertificateChain("pk1");
1083         if (chain.length != chain1.length) {
1084             throw new SecurityException("received chain not correct length");
1085         }
1086         for (int i = 0; i < chain.length; i++) {
1087             if (!chain[i].equals(chain1[i])) {
1088                 throw new SecurityException("received chain not equal");
1089             }
1090         }
1091 
1092         // getKey good pke 2
1093         pkey = (PrivateKey)ks.getKey("pk2", null);
1094         if ("RSA".equals(pkey.getAlgorithm())) {
1095             System.out.println("test " + testnum++ + " passed");
1096         } else {
1097             throw new SecurityException
1098                 ("expected RSA, got " + pkey.getAlgorithm());
1099         }
1100 
1101         // getCertificate chain chain 2
1102         chain = ks.getCertificateChain("pk2");
1103         if (chain.length != chain2.length) {
1104             throw new SecurityException("received chain not correct length");
1105         }
1106         for (int i = 0; i < chain.length; i++) {
1107             if (!chain[i].equals(chain2[i])) {
1108                 throw new SecurityException("received chain not equal");
1109             }
1110         }
1111 
1112         // getKey good pke 3
1113         pkey = (PrivateKey)ks.getKey("pk3", null);
1114         if ("RSA".equals(pkey.getAlgorithm())) {
1115             System.out.println("test " + testnum++ + " passed");
1116         } else {
1117             throw new SecurityException
1118                 ("expected RSA, got " + pkey.getAlgorithm());
1119         }
1120 
1121         // getCertificate chain chain 3
1122         chain = ks.getCertificateChain("pk3");
1123         if (chain.length != chain3.length) {
1124             throw new SecurityException("received chain not correct length");
1125         }
1126         for (int i = 0; i < chain.length; i++) {
1127             if (!chain[i].equals(chain3[i])) {
1128                 throw new SecurityException("received chain not equal");
1129             }
1130         }
1131 
1132         // aliases
1133         enu = ks.aliases();
1134         count = 0;
1135         while (enu.hasMoreElements()) {
1136             count++;
1137             System.out.println("alias " +
1138                                 count +
1139                                 " = " +
1140                                 (String)enu.nextElement());
1141         }
1142         if (count == 7) {
1143             System.out.println("test " + testnum++ + " passed");
1144         } else {
1145             throw new SecurityException("expected 7 aliases");
1146         }
1147 
1148         // size
1149         if (ks.size() == 7) {
1150             System.out.println("test " + testnum++ + " passed");
1151         } else {
1152             throw new SecurityException("expected size 7");
1153         }
1154 
1155         // getCertificate good chain 1
1156         if (ks.getCertificate("pk1").equals(chain1[0])) {
1157             System.out.println("test " + testnum++ + " passed");
1158         } else {
1159             throw new SecurityException("retrieved cert not equal");
1160         }
1161 
1162         // getCertificate good chain 3
1163         if (ks.getCertificate("pk3").equals(chain3[0])) {
1164             System.out.println("test " + testnum++ + " passed");
1165         } else {
1166             throw new SecurityException("retrieved cert not equal");
1167         }
1168 
1169         // getKey good ske 1
1170         skey = (SecretKey)ks.getKey("sk1", null);
1171         if ("DES".equals(skey.getAlgorithm())) {
1172             System.out.println("test " + testnum++ + " passed");
1173         } else {
1174             throw new SecurityException
1175                 ("expected DES, got " + skey.getAlgorithm());
1176         }
1177 
1178         // getKey good ske 4
1179         skey = (SecretKey)ks.getKey("sk4", null);
1180         if ("ARCFOUR".equals(skey.getAlgorithm())) {
1181             System.out.println("test " + testnum++ + " passed");
1182         } else {
1183             throw new SecurityException
1184                 ("expected ARCFOUR, got " + skey.getAlgorithm());
1185         }
1186 
1187         // getKey good pke 1
1188         pkey = (PrivateKey)ks.getKey("pk1", null);
1189         if ("RSA".equals(pkey.getAlgorithm())) {
1190             System.out.println("test " + testnum++ + " passed");
1191         } else {
1192             throw new SecurityException
1193                 ("expected RSA, got " + pkey.getAlgorithm());
1194         }
1195 
1196         // getKey good pke 3
1197         pkey = (PrivateKey)ks.getKey("pk3", null);
1198         if ("RSA".equals(pkey.getAlgorithm())) {
1199             System.out.println("test " + testnum++ + " passed");
1200         } else {
1201             throw new SecurityException
1202                 ("expected RSA, got " + pkey.getAlgorithm());
1203         }
1204 
1205         // contains alias
1206         if (!ks.containsAlias("pk1") ||
1207                 !ks.containsAlias("pk2") ||
1208                 !ks.containsAlias("pk3") ||
1209                 !ks.containsAlias("sk1") ||
1210                 !ks.containsAlias("sk2") ||
1211                 !ks.containsAlias("sk3") ||
1212                 !ks.containsAlias("sk4")) {
1213             throw new SecurityException("did not contain all aliases");
1214         }
1215         System.out.println("test " + testnum++ + " passed");
1216 
1217         // getCertificateAlias pk1
1218         if (ks.getCertificateAlias(chain1[0]).equals("pk1")) {
1219             System.out.println("test " + testnum++ + " passed");
1220         } else {
1221             throw new SecurityException("expected cert pk1");
1222         }
1223 
1224         // getCertificateAlias pk3
1225         if (ks.getCertificateAlias(chain3[0]).equals("pk3")) {
1226             System.out.println("test " + testnum++ + " passed");
1227         } else {
1228             throw new SecurityException("expected cert pk3");
1229         }
1230 
1231         // isCertificateEntry pk1
1232         if (!ks.isCertificateEntry("pk1")) {
1233             System.out.println("test " + testnum++ + " passed");
1234         } else {
1235             throw new SecurityException("expected pke");
1236         }
1237 
1238         // isCertificateEntry pk3
1239         if (!ks.isCertificateEntry("pk3")) {
1240             System.out.println("test " + testnum++ + " passed");
1241         } else {
1242             throw new SecurityException("expected pke");
1243         }
1244 
1245         // isCertificateEntry sk1
1246         if (!ks.isCertificateEntry("sk1")) {
1247             System.out.println("test " + testnum++ + " passed");
1248         } else {
1249             throw new SecurityException("expected ske");
1250         }
1251 
1252         // isCertificateEntry sk4
1253         if (!ks.isCertificateEntry("sk4")) {
1254             System.out.println("test " + testnum++ + " passed");
1255         } else {
1256             throw new SecurityException("expected ske");
1257         }
1258 
1259         // isKeyEntry pk1
1260         if (ks.isKeyEntry("pk1")) {
1261             System.out.println("test " + testnum++ + " passed");
1262         } else {
1263             throw new SecurityException("expected pke");
1264         }
1265 
1266         // isKeyEntry pk3
1267         if (ks.isKeyEntry("pk3")) {
1268             System.out.println("test " + testnum++ + " passed");
1269         } else {
1270             throw new SecurityException("expected pke");
1271         }
1272 
1273         // isKeyEntry sk1
1274         if (ks.isKeyEntry("sk1")) {
1275             System.out.println("test " + testnum++ + " passed");
1276         } else {
1277             throw new SecurityException("expected ske");
1278         }
1279 
1280         // isKeyEntry sk4
1281         if (ks.isKeyEntry("sk4")) {
1282             System.out.println("test " + testnum++ + " passed");
1283         } else {
1284             throw new SecurityException("expected ske");
1285         }
1286 
1287         // isCertificateEntry random foo
1288         if (!ks.isCertificateEntry("foo")) {
1289             System.out.println("test " + testnum++ + " passed");
1290         } else {
1291             throw new SecurityException("expected foo");
1292         }
1293 
1294         // isKeyEntry random foo
1295         if (!ks.isKeyEntry("foo")) {
1296             System.out.println("test " + testnum++ + " passed");
1297         } else {
1298             throw new SecurityException("expected foo");
1299         }
1300 
1301         // entryInstanceOf pk1
1302         if (!ks.entryInstanceOf
1303                 ("pk1", KeyStore.TrustedCertificateEntry.class)) {
1304             System.out.println("test " + testnum++ + " passed");
1305         } else {
1306             throw new SecurityException("expected tce");
1307         }
1308 
1309         // entryInstanceOf pk3
1310         if (!ks.entryInstanceOf
1311                 ("pk3", KeyStore.TrustedCertificateEntry.class)) {
1312             System.out.println("test " + testnum++ + " passed");
1313         } else {
1314             throw new SecurityException("expected tce");
1315         }
1316 
1317         // entryInstanceOf sk1
1318         if (!ks.entryInstanceOf
1319                 ("sk1", KeyStore.TrustedCertificateEntry.class)) {
1320             System.out.println("test " + testnum++ + " passed");
1321         } else {
1322             throw new SecurityException("expected tce");
1323         }
1324 
1325         // entryInstanceOf sk4
1326         if (!ks.entryInstanceOf
1327                 ("sk4", KeyStore.TrustedCertificateEntry.class)) {
1328             System.out.println("test " + testnum++ + " passed");
1329         } else {
1330             throw new SecurityException("expected tce");
1331         }
1332 
1333         // entryInstanceOf pk1
1334         if (ks.entryInstanceOf("pk1", KeyStore.PrivateKeyEntry.class)) {
1335             System.out.println("test " + testnum++ + " passed");
1336         } else {
1337             throw new SecurityException("expected pke");
1338         }
1339 
1340         // entryInstanceOf pk3
1341         if (ks.entryInstanceOf("pk3", KeyStore.PrivateKeyEntry.class)) {
1342             System.out.println("test " + testnum++ + " passed");
1343         } else {
1344             throw new SecurityException("expected pke");
1345         }
1346 
1347         // entryInstanceOf sk1
1348         if (!ks.entryInstanceOf("sk1", KeyStore.PrivateKeyEntry.class)) {
1349             System.out.println("test " + testnum++ + " passed");
1350         } else {
1351             throw new SecurityException("expected pke");
1352         }
1353 
1354         // entryInstanceOf sk4
1355         if (!ks.entryInstanceOf("sk4", KeyStore.PrivateKeyEntry.class)) {
1356             System.out.println("test " + testnum++ + " passed");
1357         } else {
1358             throw new SecurityException("expected pke");
1359         }
1360 
1361         // entryInstanceOf sk1
1362         if (ks.entryInstanceOf("sk1", KeyStore.SecretKeyEntry.class)) {
1363             System.out.println("test " + testnum++ + " passed");
1364         } else {
1365             throw new SecurityException("expected ske");
1366         }
1367 
1368         // entryInstanceOf sk4
1369         if (ks.entryInstanceOf("sk4", KeyStore.SecretKeyEntry.class)) {
1370             System.out.println("test " + testnum++ + " passed");
1371         } else {
1372             throw new SecurityException("expected ske");
1373         }
1374 
1375         // entryInstanceOf pk1
1376         if (!ks.entryInstanceOf("pk1", KeyStore.SecretKeyEntry.class)) {
1377             System.out.println("test " + testnum++ + " passed");
1378         } else {
1379             throw new SecurityException("expected ske");
1380         }
1381 
1382         // entryInstanceOf pk3
1383         if (!ks.entryInstanceOf("pk3", KeyStore.SecretKeyEntry.class)) {
1384             System.out.println("test " + testnum++ + " passed");
1385         } else {
1386             throw new SecurityException("expected ske");
1387         }
1388 
1389         // getEntry random foobar
1390         if (ks.getEntry("foobar", null) != null) {
1391             throw new SecurityException("expected null entry");
1392         } else {
1393             System.out.println("test " + testnum++ + " passed");
1394         }
1395 
1396         // deleteEntry
1397         ks.deleteEntry("pk1");
1398         ks.deleteEntry("pk3");
1399         ks.deleteEntry("sk2");
1400         ks.deleteEntry("sk3");
1401         System.out.println("test " + testnum++ + " passed");
1402 
1403         // aliases
1404         enu = ks.aliases();
1405         count = 0;
1406         while (enu.hasMoreElements()) {
1407             count++;
1408             System.out.println("alias " +
1409                                 count +
1410                                 " = " +
1411                                 (String)enu.nextElement());
1412         }
1413         if (count == 3) {
1414             System.out.println("test " + testnum++ + " passed");
1415         } else {
1416             throw new SecurityException("expected 3 aliases");
1417         }
1418 
1419         // size
1420         if (ks.size() == 3) {
1421             System.out.println("test " + testnum++ + " passed");
1422         } else {
1423             throw new SecurityException("expected size 6");
1424         }
1425 
1426         // entryInstanceOf sk1
1427         if (!ks.entryInstanceOf("sk1", KeyStore.PrivateKeyEntry.class)) {
1428             System.out.println("test " + testnum++ + " passed");
1429         } else {
1430             throw new SecurityException("expected pke");
1431         }
1432 
1433         // entryInstanceOf sk4
1434         if (!ks.entryInstanceOf("sk4", KeyStore.PrivateKeyEntry.class)) {
1435             System.out.println("test " + testnum++ + " passed");
1436         } else {
1437             throw new SecurityException("expected pke");
1438         }
1439 
1440         // entryInstanceOf pk2
1441         if (ks.entryInstanceOf("pk2", KeyStore.PrivateKeyEntry.class)) {
1442             System.out.println("test " + testnum++ + " passed");
1443         } else {
1444             throw new SecurityException("expected pke");
1445         }
1446         System.out.println("test " + testnum++ + " passed");
1447 
1448         return testnum;
1449     }
1450 }