1 /*
   2  * Copyright (c) 2003, 2006, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import java.io.*;
  25 import java.util.*;
  26 import java.lang.reflect.*;
  27 
  28 import java.security.KeyStore;
  29 import java.security.KeyStoreException;
  30 import java.security.KeyFactory;
  31 import java.security.KeyPairGenerator;
  32 import java.security.KeyPair;
  33 import java.security.SecureRandom;
  34 import java.security.AuthProvider;
  35 import java.security.PrivateKey;
  36 import java.security.Provider;
  37 import java.security.ProviderException;
  38 import java.security.Signature;
  39 import java.security.Security;
  40 
  41 import java.security.cert.*;
  42 import java.security.spec.*;
  43 import java.security.interfaces.*;
  44 
  45 import javax.crypto.SecretKey;
  46 
  47 import javax.security.auth.Subject;
  48 import javax.security.auth.login.LoginException;
  49 
  50 import com.sun.security.auth.module.*;
  51 import com.sun.security.auth.callback.*;
  52 
  53 
  54 public class Basic extends PKCS11Test {
  55 
  56     private static final char SEP = File.separatorChar;
  57 
  58     private static String DIR = System.getProperty("DIR");
  59     private static char[] tokenPwd;
  60     private static final char[] ibuttonPwd =
  61                         new char[0];
  62     private static final char[] activcardPwd =
  63                         new char[] { '1', '1', '2', '2', '3', '3' };
  64     private static final char[] nssPwd =
  65                         new char[] { 't', 'e', 's', 't', '1', '2' };
  66     private static final char[] solarisPwd =
  67                         new char[] { 'p', 'i', 'n' };
  68     private static final char[] sca1000Pwd =
  69                         new char[] { 'p', 'a', 's', 's', 'w', 'o', 'r', 'd' };
  70     private static final char[] sPwd = { 'f', 'o', 'o' };
  71 
  72     private static SecretKey sk1;
  73     private static SecretKey sk2;
  74     private static SecretKey sk3;
  75     private static SecretKey sk4;
  76 
  77     private static RSAPrivateCrtKey pk1;
  78     private static PrivateKey pk2;
  79     private static PrivateKey pk3;
  80 
  81     private static Certificate[] chain1;
  82     private static Certificate[] chain2;
  83     private static Certificate[] chain3;
  84     private static Certificate[] chain4;
  85 
  86     private static X509Certificate randomCert;
  87 
  88     private static KeyStore ks;
  89     private static final String KS_TYPE = "PKCS11";
  90     private static Provider provider;
  91 
  92     private static class FooEntry implements KeyStore.Entry { }
  93 
  94     private static class P11SecretKey implements SecretKey {
  95         String alg;
  96         int length;
  97         public P11SecretKey(String alg, int length) {
  98             this.alg = alg;
  99             this.length = length;
 100         }
 101         public String getAlgorithm() { return alg; }
 102         public String getFormat() { return "raw"; }
 103         public byte[] getEncoded() { return new byte[length/8]; }
 104     }
 105 
 106     public static void main(String[] args) throws Exception {
 107         main(new Basic());
 108     }
 109 
 110     public void main(Provider p) throws Exception {
 111 
 112         this.provider = p;
 113 
 114         // get private keys
 115         KeyFactory kf = KeyFactory.getInstance("RSA", "SunJSSE");
 116         KeyFactory dsaKf = KeyFactory.getInstance("DSA", "SUN");
 117 
 118         ObjectInputStream ois1 = new ObjectInputStream
 119                         (new FileInputStream(new File(DIR, "pk1.key")));
 120         byte[] keyBytes = (byte[])ois1.readObject();
 121         ois1.close();
 122         PrivateKey tmpKey =
 123                 kf.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
 124         pk1 = (RSAPrivateCrtKey)tmpKey;
 125 
 126         ObjectInputStream ois2 = new ObjectInputStream
 127                         (new FileInputStream(new File(DIR, "pk2.key")));
 128         keyBytes = (byte[])ois2.readObject();
 129         ois2.close();
 130         pk2 = kf.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
 131 
 132         ObjectInputStream ois3 = new ObjectInputStream
 133                         (new FileInputStream(new File(DIR, "pk3.key")));
 134         keyBytes = (byte[])ois3.readObject();
 135         pk3 = kf.generatePrivate(new PKCS8EncodedKeySpec(keyBytes));
 136         ois3.close();
 137 
 138         // get cert chains for private keys
 139         CertificateFactory cf = CertificateFactory.getInstance("X.509", "SUN");
 140         Certificate caCert = (X509Certificate)cf.generateCertificate
 141                         (new FileInputStream(new File(DIR, "ca.cert")));
 142         Certificate ca2Cert = (X509Certificate)cf.generateCertificate
 143                         (new FileInputStream(new File(DIR, "ca2.cert")));
 144         Certificate pk1cert = (X509Certificate)cf.generateCertificate
 145                         (new FileInputStream(new File(DIR, "pk1.cert")));
 146         Certificate pk1cert2 = (X509Certificate)cf.generateCertificate
 147                         (new FileInputStream(new File(DIR, "pk1.cert2")));
 148         Certificate pk2cert = (X509Certificate)cf.generateCertificate
 149                         (new FileInputStream(new File(DIR, "pk2.cert")));
 150         Certificate pk3cert = (X509Certificate)cf.generateCertificate
 151                         (new FileInputStream(new File(DIR, "pk3.cert")));
 152         chain1 = new Certificate[] { pk1cert, caCert };
 153         chain2 = new Certificate[] { pk2cert, caCert };
 154         chain3 = new Certificate[] { pk3cert, caCert };
 155         chain4 = new Certificate[] { pk1cert2, ca2Cert };
 156 
 157         // create secret keys
 158         sk1 = new P11SecretKey("DES", 64);
 159         sk2 = new P11SecretKey("DESede", 192);
 160         sk3 = new P11SecretKey("AES", 128);
 161         sk4 = new P11SecretKey("RC4", 128);
 162 
 163         // read randomCert
 164         randomCert = (X509Certificate)cf.generateCertificate
 165                         (new FileInputStream(new File(DIR, "random.cert")));
 166 
 167         doTest();
 168     }
 169 
 170     private static void doTest() throws Exception {
 171 
 172         String token = System.getProperty("TOKEN");
 173         String test = System.getProperty("TEST");
 174 
 175         if (token == null || token.length() == 0) {
 176             throw new Exception("token arg required");
 177         }
 178         if (test == null || test.length() == 0) {
 179             throw new Exception("test arg required");
 180         }
 181 
 182         if ("ibutton".equals(token)) {
 183             tokenPwd = ibuttonPwd;
 184         } else if ("activcard".equals(token)) {
 185             tokenPwd = activcardPwd;
 186         } else if ("nss".equals(token)) {
 187             tokenPwd = nssPwd;
 188         } else if ("sca1000".equals(token)) {
 189             tokenPwd = sca1000Pwd;
 190         } else if ("solaris".equals(token)) {
 191             tokenPwd = solarisPwd;
 192         }
 193 
 194         if ("list".equals(test)) {
 195             Basic.list();
 196         } else if ("basic".equals(test)) {
 197 
 198             int testnum = 1;
 199 
 200             if ("ibutton".equals(token)) {
 201                 // pkey and setAttribute
 202                 testnum = Basic.pkey(testnum);
 203                 testnum = Basic.setAttribute(testnum);
 204             } else if ("activcard".equals(token)) {
 205                 // sign
 206                 testnum = Basic.signAlias(testnum, null);
 207             } else if ("nss".equals(token)) {
 208                 // setAttribute, pkey, sign
 209                 testnum = Basic.setAttribute(testnum);
 210                 testnum = Basic.pkey(testnum);
 211                 testnum = Basic.sign(testnum);
 212                 testnum = Basic.copy(testnum);
 213             } else if ("solaris".equals(token)) {
 214                 testnum = Basic.setAttribute(testnum);
 215                 testnum = Basic.pkey(testnum);
 216                 testnum = Basic.sign(testnum);
 217                 testnum = Basic.skey(testnum);
 218                 testnum = Basic.copy(testnum);
 219             } else if ("sca1000".equals(token)) {
 220                 // setAttribute, pkey, sign, skey, copy
 221                 testnum = Basic.setAttribute(testnum);
 222                 testnum = Basic.pkey(testnum);
 223                 testnum = Basic.sign(testnum);
 224                 testnum = Basic.skey(testnum);
 225                 testnum = Basic.copy(testnum);
 226             }
 227 
 228         } else if ("pkey".equals(test)) {
 229             Basic.pkey(1);
 230         } else if ("skey".equals(test)) {
 231             Basic.skey(1);
 232         } else if ("setAttribute".equals(test)) {
 233             Basic.setAttribute(1);
 234         } else if ("copy".equals(test)) {
 235             Basic.copy(1);
 236         } else if ("sign".equals(test)) {
 237             Basic.sign(1);
 238         } else if ("module".equals(test)) {
 239             Basic.module();
 240         } else if ("nss-extended".equals(test)) {
 241 
 242             // this only works if NSS_TEST is set to true in P11KeyStore.java
 243 
 244             int testnum = 1;
 245             testnum = Basic.setAttribute(testnum);
 246             testnum = Basic.pkey(testnum);
 247             testnum = Basic.sign(testnum);
 248             testnum = Basic.extended(testnum);
 249         } else {
 250             System.out.println("unrecognized command");
 251         }
 252     }
 253 
 254     private static int sign(int testnum) throws Exception {
 255         if (ks == null) {
 256             ks = KeyStore.getInstance(KS_TYPE, provider);
 257             ks.load(null, tokenPwd);
 258         }
 259         if (!ks.containsAlias("pk1")) {
 260             ks.setKeyEntry("pk1", pk1, null, chain1);
 261         }
 262         System.out.println("test " + testnum++ + " passed");
 263 
 264         return signAlias(testnum, "pk1");
 265     }
 266 
 267     private static int signAlias(int testnum, String alias) throws Exception {
 268 
 269         if (ks == null) {
 270             ks = KeyStore.getInstance(KS_TYPE, provider);
 271             ks.load(null, tokenPwd);
 272         }
 273 
 274         if (alias == null) {
 275             Enumeration enu = ks.aliases();
 276             if (enu.hasMoreElements()) {
 277                 alias = (String)enu.nextElement();
 278             }
 279         }
 280 
 281         PrivateKey pkey = (PrivateKey)ks.getKey(alias, null);
 282         if ("RSA".equals(pkey.getAlgorithm())) {
 283             System.out.println("got [" + alias + "] signing key: " + pkey);
 284         } else {
 285             throw new SecurityException
 286                 ("expected RSA, got " + pkey.getAlgorithm());
 287         }
 288 
 289         Signature s = Signature.getInstance("MD5WithRSA", ks.getProvider());
 290         s.initSign(pkey);
 291         System.out.println("initialized signature object with key");
 292         s.update("hello".getBytes());
 293         System.out.println("signature object updated with [hello] bytes");
 294 
 295         byte[] signed = s.sign();
 296         System.out.println("received signature " + signed.length +
 297                         " bytes in length");
 298 
 299         Signature v = Signature.getInstance("MD5WithRSA", ks.getProvider());
 300         v.initVerify(ks.getCertificate(alias));
 301         v.update("hello".getBytes());
 302         v.verify(signed);
 303         System.out.println("signature verified");
 304         System.out.println("test " + testnum++ + " passed");
 305 
 306         return testnum;
 307     }
 308 
 309     private static int copy(int testnum) throws Exception {
 310 
 311         if (ks == null) {
 312             ks = KeyStore.getInstance(KS_TYPE, provider);
 313             ks.load(null, tokenPwd);
 314         }
 315 
 316         KeyFactory kf = KeyFactory.getInstance("RSA", provider);
 317         PrivateKey pkSession = (PrivateKey)kf.translateKey(pk3);
 318         System.out.println("pkSession = " + pkSession);
 319         ks.setKeyEntry("pkSession", pkSession, null, chain3);
 320 
 321         KeyStore.PrivateKeyEntry pke =
 322                 (KeyStore.PrivateKeyEntry)ks.getEntry("pkSession", null);
 323         System.out.println("pkSession = " + pke.getPrivateKey());
 324         Certificate[] chain = pke.getCertificateChain();
 325         if (chain.length != chain3.length) {
 326             throw new SecurityException("received chain not correct length");
 327         }
 328         for (int i = 0; i < chain.length; i++) {
 329             if (!chain[i].equals(chain3[i])) {
 330                 throw new SecurityException("received chain not equal");
 331             }
 332         }
 333 
 334         System.out.println("test " + testnum++ + " passed");
 335 
 336         return testnum;
 337     }
 338 
 339     private static void list() throws Exception {
 340         int testnum = 1;
 341 
 342         ks = KeyStore.getInstance(KS_TYPE, provider);
 343 
 344         // check instance
 345         if (ks.getProvider() instanceof java.security.AuthProvider) {
 346             System.out.println("keystore provider instance of AuthProvider");
 347             System.out.println("test " + testnum++ + " passed");
 348         } else {
 349             throw new SecurityException("did not get AuthProvider KeyStore");
 350         }
 351 
 352         // load
 353         ks.load(null, tokenPwd);
 354         System.out.println("test " + testnum++ + " passed");
 355 
 356         // aliases
 357         Enumeration enu = ks.aliases();
 358         int count = 0;
 359         while (enu.hasMoreElements()) {
 360             count++;
 361             System.out.println("alias " +
 362                                 count +
 363                                 " = " +
 364                                 (String)enu.nextElement());
 365         }
 366     }
 367 
 368     private static void module() throws Exception {
 369 
 370         // perform Security.addProvider of P11 provider
 371         Provider p = getSunPKCS11(System.getProperty("CUSTOM_P11_CONFIG"));
 372         if (p != null) {
 373             Security.addProvider(p);
 374         } else {
 375             throw new Exception("Error: PKCS11 provider configuration failed");
 376         }
 377 
 378         String KS_PROVIDER = "SunPKCS11-" + System.getProperty("TOKEN");
 379 
 380         KeyStoreLoginModule m = new KeyStoreLoginModule();
 381         Subject s = new Subject();
 382         Map options = new HashMap();
 383         options.put("keyStoreURL", "NONE");
 384         options.put("keyStoreType", KS_TYPE);
 385         options.put("keyStoreProvider", KS_PROVIDER);
 386         options.put("debug", "true");
 387         m.initialize(s, new TextCallbackHandler(), new HashMap(), options);
 388         m.login();
 389         m.commit();
 390         System.out.println("authenticated subject = " + s);
 391         m.logout();
 392         System.out.println("authenticated subject = " + s);
 393     }
 394 
 395     /**
 396      * SCA1000 does not handle extended secret key tests
 397      * . Blowfish (CKR_TEMPLATE_INCOMPLETE)
 398      * . AES (CKR_TEMPLATE_INCOMPLETE)
 399      * . RC4 (CKR_ATTRIBUTE_TYPE_INVALID)
 400      * so do this instead
 401      */
 402     private static int skey(int testnum) throws Exception {
 403         if (ks == null) {
 404             ks = KeyStore.getInstance(KS_TYPE, provider);
 405             ks.load(null, tokenPwd);
 406         }
 407 
 408         // delete all old aliases
 409         Enumeration enu = ks.aliases();
 410         int count = 0;
 411         while (enu.hasMoreElements()) {
 412             String next = (String)enu.nextElement();
 413             ks.deleteEntry(next);
 414             System.out.println("deleted entry for: " + next);
 415         }
 416 
 417         // set good ske 1
 418         ks.setKeyEntry("sk1", sk1, null, null);
 419         System.out.println("test " + testnum++ + " passed");
 420 
 421         // set good ske 2
 422         ks.setKeyEntry("sk2", sk2, null, null);
 423         System.out.println("test " + testnum++ + " passed");
 424 
 425         // getEntry good ske 1
 426         KeyStore.SecretKeyEntry ske =
 427                 (KeyStore.SecretKeyEntry)ks.getEntry("sk1", null);
 428         if ("DES".equals(ske.getSecretKey().getAlgorithm())) {
 429             System.out.println("test " + testnum++ + " passed");
 430         } else {
 431             throw new SecurityException
 432                 ("expected DES, got " + ske.getSecretKey().getAlgorithm());
 433         }
 434 
 435         // getEntry good ske 2
 436         ske = (KeyStore.SecretKeyEntry)ks.getEntry("sk2", null);
 437         if ("DESede".equals(ske.getSecretKey().getAlgorithm())) {
 438             System.out.println("test " + testnum++ + " passed");
 439         } else {
 440             throw new SecurityException
 441                 ("expected DESede, got " + ske.getSecretKey().getAlgorithm());
 442         }
 443 
 444         // getKey good ske 1
 445         SecretKey skey = (SecretKey)ks.getKey("sk1", null);
 446         if ("DES".equals(skey.getAlgorithm())) {
 447             System.out.println("test " + testnum++ + " passed");
 448         } else {
 449             throw new SecurityException
 450                 ("expected DES, got " + skey.getAlgorithm());
 451         }
 452 
 453         // getKey good ske 2
 454         skey = (SecretKey)ks.getKey("sk2", null);
 455         if ("DESede".equals(skey.getAlgorithm())) {
 456             System.out.println("test " + testnum++ + " passed");
 457         } else {
 458             throw new SecurityException
 459                 ("expected DESede, got " + skey.getAlgorithm());
 460         }
 461 
 462         // aliases
 463         enu = ks.aliases();
 464         count = 0;
 465         while (enu.hasMoreElements()) {
 466             count++;
 467             System.out.println("alias " +
 468                                 count +
 469                                 " = " +
 470                                 (String)enu.nextElement());
 471         }
 472         if (count == 2) {
 473             System.out.println("test " + testnum++ + " passed");
 474         } else {
 475             throw new SecurityException("expected 2 aliases");
 476         }
 477 
 478         // size
 479         if (ks.size() == 2) {
 480             System.out.println("test " + testnum++ + " passed");
 481         } else {
 482             throw new SecurityException("expected size 2");
 483         }
 484 
 485         // isCertificateEntry sk1
 486         if (!ks.isCertificateEntry("sk1")) {
 487             System.out.println("test " + testnum++ + " passed");
 488         } else {
 489             throw new SecurityException("expected ske");
 490         }
 491 
 492         // isKeyEntry sk1
 493         if (ks.isKeyEntry("sk1")) {
 494             System.out.println("test " + testnum++ + " passed");
 495         } else {
 496             throw new SecurityException("expected ske");
 497         }
 498 
 499         // entryInstanceOf sk2
 500         if (ks.entryInstanceOf("sk2", KeyStore.SecretKeyEntry.class)) {
 501             System.out.println("test " + testnum++ + " passed");
 502         } else {
 503             throw new SecurityException("expected ske");
 504         }
 505 
 506         return testnum;
 507     }
 508 
 509     private static int setAttribute(int testnum) throws Exception {
 510 
 511         if (ks == null) {
 512             ks = KeyStore.getInstance(KS_TYPE, provider);
 513             ks.load(null, tokenPwd);
 514         }
 515 
 516         if (!ks.containsAlias("pk1")) {
 517             // set good pke 1
 518             ks.setKeyEntry("pk1", pk1, null, chain1);
 519             System.out.println("test " + testnum++ + " passed");
 520         }
 521 
 522         // delete all old aliases except pk1
 523         Enumeration enu = ks.aliases();
 524         int count = 0;
 525         while (enu.hasMoreElements()) {
 526             String next = (String)enu.nextElement();
 527             if (!"pk1".equals(next)) {
 528                 ks.deleteEntry(next);
 529                 System.out.println("deleted entry for: " + next);
 530             }
 531         }
 532 
 533         KeyStore.PrivateKeyEntry pke =
 534                 (KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
 535         System.out.println("pk1 = " + pke.getPrivateKey());
 536         Certificate[] chain = pke.getCertificateChain();
 537         if (chain.length != chain1.length) {
 538             throw new SecurityException("received chain not correct length");
 539         }
 540         for (int i = 0; i < chain.length; i++) {
 541             if (!chain[i].equals(chain1[i])) {
 542                 throw new SecurityException("received chain not equal");
 543             }
 544         }
 545         System.out.println("test " + testnum++ + " passed");
 546 
 547         /**
 548          * test change alias only
 549          */
 550 
 551         // test C_SetAttribute
 552         PrivateKey pkey = pke.getPrivateKey();
 553         ks.setEntry("pk1SA",
 554                 new KeyStore.PrivateKeyEntry(pkey, chain1),
 555                 null);
 556         System.out.println("test " + testnum++ + " passed");
 557 
 558         // aliases
 559         enu = ks.aliases();
 560         count = 0;
 561         String newAlias = null;
 562         while (enu.hasMoreElements()) {
 563             count++;
 564             newAlias = (String)enu.nextElement();
 565             System.out.println("alias " +
 566                                 count +
 567                                 " = " +
 568                                 newAlias);
 569         }
 570         if (count == 1 && "pk1SA".equals(newAlias)) {
 571             System.out.println("test " + testnum++ + " passed");
 572         } else {
 573             throw new SecurityException("expected 1 alias");
 574         }
 575 
 576         // size
 577         if (ks.size() == 1) {
 578             System.out.println("test " + testnum++ + " passed");
 579         } else {
 580             throw new SecurityException("expected size 1");
 581         }
 582 
 583         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
 584         if (pke != null) {
 585             throw new SecurityException("expected not to find pk1");
 586         }
 587         System.out.println("test " + testnum++ + " passed");
 588 
 589         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1SA", null);
 590         System.out.println("pk1SA = " + pke.getPrivateKey());
 591         chain = pke.getCertificateChain();
 592         if (chain.length != chain1.length) {
 593             throw new SecurityException("received chain not correct length");
 594         }
 595         for (int i = 0; i < chain.length; i++) {
 596             if (!chain[i].equals(chain1[i])) {
 597                 throw new SecurityException("received chain not equal");
 598             }
 599         }
 600         System.out.println("test " + testnum++ + " passed");
 601 
 602         /**
 603          * test change cert chain
 604          */
 605 
 606         pkey = pke.getPrivateKey();
 607         ks.setEntry("pk1SA-2",
 608                 new KeyStore.PrivateKeyEntry(pkey, chain4),
 609                 null);
 610         System.out.println("test " + testnum++ + " passed");
 611 
 612         // aliases
 613         enu = ks.aliases();
 614         count = 0;
 615         newAlias = null;
 616         while (enu.hasMoreElements()) {
 617             count++;
 618             newAlias = (String)enu.nextElement();
 619             System.out.println("alias " +
 620                                 count +
 621                                 " = " +
 622                                 newAlias);
 623         }
 624         if (count == 1 && "pk1SA-2".equals(newAlias)) {
 625             System.out.println("test " + testnum++ + " passed");
 626         } else {
 627             throw new SecurityException("expected 1 alias");
 628         }
 629 
 630         // size
 631         if (ks.size() == 1) {
 632             System.out.println("test " + testnum++ + " passed");
 633         } else {
 634             throw new SecurityException("expected size 1");
 635         }
 636 
 637         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1SA", null);
 638         if (pke != null) {
 639             throw new SecurityException("expected not to find pk1SA");
 640         }
 641         System.out.println("test " + testnum++ + " passed");
 642 
 643         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1SA-2", null);
 644         System.out.println("pk1SA-2 = " + pke.getPrivateKey());
 645         chain = pke.getCertificateChain();
 646         if (chain.length != chain4.length) {
 647             throw new SecurityException("received chain not correct length");
 648         }
 649         for (int i = 0; i < chain.length; i++) {
 650             if (!chain[i].equals(chain4[i])) {
 651                 throw new SecurityException("received chain not equal");
 652             }
 653         }
 654         System.out.println("test " + testnum++ + " passed");
 655 
 656         return testnum;
 657     }
 658 
 659     private static int pkey(int testnum) throws Exception {
 660 
 661         if (ks == null) {
 662             ks = KeyStore.getInstance(KS_TYPE, provider);
 663             ks.load(null, tokenPwd);
 664             System.out.println("test " + testnum++ + " passed");
 665         }
 666 
 667         // check instance
 668         if (ks.getProvider() instanceof java.security.AuthProvider) {
 669             System.out.println("keystore provider instance of AuthProvider");
 670             System.out.println("test " + testnum++ + " passed");
 671         } else {
 672             throw new SecurityException("did not get AuthProvider KeyStore");
 673         }
 674 
 675         // delete all old aliases
 676         Enumeration enu = ks.aliases();
 677         int count = 0;
 678         while (enu.hasMoreElements()) {
 679             String next = (String)enu.nextElement();
 680             ks.deleteEntry(next);
 681             System.out.println("deleted entry for: " + next);
 682         }
 683 
 684         // set good pke 1
 685         ks.setKeyEntry("pk1", pk1, null, chain1);
 686         System.out.println("test " + testnum++ + " passed");
 687 
 688         // set good pke 2
 689         ks.setEntry("pk2",
 690                 new KeyStore.PrivateKeyEntry(pk2, chain2),
 691                 null);
 692         System.out.println("test " + testnum++ + " passed");
 693 
 694         // getEntry good pke 1
 695         KeyStore.PrivateKeyEntry pke =
 696                 (KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
 697         System.out.println("pk1 = " + pke.getPrivateKey());
 698         Certificate[] chain = pke.getCertificateChain();
 699         if (chain.length != chain1.length) {
 700             throw new SecurityException("received chain not correct length");
 701         }
 702         for (int i = 0; i < chain.length; i++) {
 703             if (!chain[i].equals(chain1[i])) {
 704                 throw new SecurityException("received chain not equal");
 705             }
 706         }
 707 
 708         // getKey good pke 1
 709         PrivateKey pkey = (PrivateKey)ks.getKey("pk1", null);
 710         System.out.println("pk1 = " + pkey);
 711         if ("RSA".equals(pkey.getAlgorithm())) {
 712             System.out.println("test " + testnum++ + " passed");
 713         } else {
 714             throw new SecurityException
 715                 ("expected RSA, got " + pkey.getAlgorithm());
 716         }
 717 
 718         // getCertificate chain chain 1
 719         chain = ks.getCertificateChain("pk1");
 720         if (chain.length != chain1.length) {
 721             throw new SecurityException("received chain not correct length");
 722         }
 723         for (int i = 0; i < chain.length; i++) {
 724             if (!chain[i].equals(chain1[i])) {
 725                 throw new SecurityException("received chain not equal");
 726             }
 727         }
 728         System.out.println("test " + testnum++ + " passed");
 729 
 730         // getEntry good pke 2
 731         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk2", null);
 732         if ("RSA".equals(pke.getPrivateKey().getAlgorithm())) {
 733             System.out.println("test " + testnum++ + " passed");
 734         } else {
 735             throw new SecurityException
 736                 ("expected RSA, got " + pke.getPrivateKey().getAlgorithm());
 737         }
 738         System.out.println("pk2 = " + pke.getPrivateKey());
 739         chain = pke.getCertificateChain();
 740         if (chain.length != chain2.length) {
 741             throw new SecurityException("received chain not correct length");
 742         }
 743         for (int i = 0; i < chain.length; i++) {
 744             if (!chain[i].equals(chain2[i])) {
 745                 throw new SecurityException("received chain not equal");
 746             }
 747         }
 748 
 749         // getKey good pke 2
 750         pkey = (PrivateKey)ks.getKey("pk2", null);
 751         if ("RSA".equals(pkey.getAlgorithm())) {
 752             System.out.println("test " + testnum++ + " passed");
 753         } else {
 754             throw new SecurityException
 755                 ("expected RSA, got " + pkey.getAlgorithm());
 756         }
 757 
 758         // getCertificate chain chain 2
 759         chain = ks.getCertificateChain("pk2");
 760         if (chain.length != chain2.length) {
 761             throw new SecurityException("received chain not correct length");
 762         }
 763         for (int i = 0; i < chain.length; i++) {
 764             if (!chain[i].equals(chain2[i])) {
 765                 throw new SecurityException("received chain not equal");
 766             }
 767         }
 768         System.out.println("test " + testnum++ + " passed");
 769 
 770         // aliases
 771         enu = ks.aliases();
 772         count = 0;
 773         while (enu.hasMoreElements()) {
 774             count++;
 775             System.out.println("alias " +
 776                                 count +
 777                                 " = " +
 778                                 (String)enu.nextElement());
 779         }
 780         if (count == 2) {
 781             System.out.println("test " + testnum++ + " passed");
 782         } else {
 783             throw new SecurityException("expected 2 aliases");
 784         }
 785 
 786         // size
 787         if (ks.size() == 2) {
 788             System.out.println("test " + testnum++ + " passed");
 789         } else {
 790             throw new SecurityException("expected size 2");
 791         }
 792 
 793         // getCertificate
 794         if (ks.getCertificate("pk1").equals(chain1[0])) {
 795             System.out.println("test " + testnum++ + " passed");
 796         } else {
 797             throw new SecurityException("expected certificate pk1 end entity");
 798         }
 799 
 800         // containsAlias
 801         if (ks.containsAlias("pk1") && ks.containsAlias("pk2") &&
 802             !ks.containsAlias("foobar") &&
 803             !ks.containsAlias("pk1.2") && !ks.containsAlias("pk2.2")) {
 804             System.out.println("test " + testnum++ + " passed");
 805         } else {
 806             throw new SecurityException("unexpected aliases encountered");
 807         }
 808 
 809         // isKeyEntry
 810         if (ks.isKeyEntry("pk1") && ks.isKeyEntry("pk2") &&
 811             !ks.isKeyEntry("foobar")) {
 812             System.out.println("test " + testnum++ + " passed");
 813         } else {
 814             throw new SecurityException("isKeyEntry failed");
 815         }
 816 
 817         // isCertificateEntry
 818         if (!ks.isCertificateEntry("foobar") &&
 819             !ks.isCertificateEntry("pk1") && !ks.isCertificateEntry("pk2")) {
 820             System.out.println("test " + testnum++ + " passed");
 821         } else {
 822             throw new SecurityException("isCertificateEntry failed");
 823         }
 824 
 825         // getCertificateAlias
 826         if (ks.getCertificateAlias(chain1[0]).equals("pk1") &&
 827             ks.getCertificateAlias(chain2[0]).equals("pk2") &&
 828             ks.getCertificateAlias(randomCert) == null) {
 829             System.out.println("test " + testnum++ + " passed");
 830         } else {
 831             throw new SecurityException("getCertificateAlias failed");
 832         }
 833 
 834         if (ks.entryInstanceOf("pk1", KeyStore.PrivateKeyEntry.class) &&
 835             ks.entryInstanceOf("pk2", KeyStore.PrivateKeyEntry.class) &&
 836         !ks.entryInstanceOf("pk1", KeyStore.TrustedCertificateEntry.class) &&
 837         !ks.entryInstanceOf("pk2", KeyStore.TrustedCertificateEntry.class) &&
 838         !ks.entryInstanceOf("foobar", KeyStore.TrustedCertificateEntry.class) &&
 839           !ks.entryInstanceOf("foobar", KeyStore.PrivateKeyEntry.class)) {
 840             System.out.println("test " + testnum++ + " passed");
 841         } else {
 842             throw new SecurityException("entryInstanceOf failed");
 843         }
 844 
 845         ks.deleteEntry("pk2");
 846         if (ks.containsAlias("pk1") && !ks.containsAlias("pk2")) {
 847             System.out.println("test " + testnum++ + " passed");
 848         } else {
 849             throw new SecurityException("deleteEntry failed");
 850         }
 851 
 852         // getEntry good pke 1
 853         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
 854         System.out.println("pk1 = " + pke.getPrivateKey());
 855         chain = pke.getCertificateChain();
 856         if (chain.length != chain1.length) {
 857             throw new SecurityException("received chain not correct length");
 858         }
 859         for (int i = 0; i < chain.length; i++) {
 860             if (!chain[i].equals(chain1[i])) {
 861                 throw new SecurityException("received chain not equal");
 862             }
 863         }
 864         System.out.println("test " + testnum++ + " passed");
 865 
 866         // aliases
 867         enu = ks.aliases();
 868         count = 0;
 869         while (enu.hasMoreElements()) {
 870             count++;
 871             System.out.println("alias " +
 872                                 count +
 873                                 " = " +
 874                                 (String)enu.nextElement());
 875         }
 876         if (count == 1) {
 877             System.out.println("test " + testnum++ + " passed");
 878         } else {
 879             throw new SecurityException("expected 1 alias");
 880         }
 881 
 882         // size
 883         if (ks.size() == 1) {
 884             System.out.println("test " + testnum++ + " passed");
 885         } else {
 886             throw new SecurityException("expected size 1");
 887         }
 888 
 889         return testnum;
 890     }
 891 
 892     private static int extended(int testnum) throws Exception {
 893 
 894         // setEntry unknown entry type
 895         try {
 896             ks.setEntry("foo", new FooEntry(), null);
 897             throw new SecurityException("setEntry should have failed");
 898         } catch (KeyStoreException kse) {
 899             System.out.println("test " + testnum++ + " passed");
 900         }
 901 
 902         // getEntry random foo
 903         if (ks.getEntry("foo", null) != null) {
 904             throw new SecurityException("expected null entry");
 905         } else {
 906             System.out.println("test " + testnum++ + " passed");
 907         }
 908 
 909         // set good ske 1
 910         ks.setKeyEntry("sk1", sk1, null, null);
 911         System.out.println("test " + testnum++ + " passed");
 912 
 913         // set good ske 2
 914         ks.setKeyEntry("sk2", sk2, null, null);
 915         System.out.println("test " + testnum++ + " passed");
 916 
 917         // set good ske 3
 918         ks.setEntry("sk3",
 919                 new KeyStore.SecretKeyEntry(sk3),
 920                 null);
 921         System.out.println("test " + testnum++ + " passed");
 922 
 923         // set good ske 4
 924         ks.setEntry("sk4",
 925                 new KeyStore.SecretKeyEntry(sk4),
 926                 null);
 927         System.out.println("test " + testnum++ + " passed");
 928 
 929         // getEntry good ske 1
 930         KeyStore.SecretKeyEntry ske =
 931                 (KeyStore.SecretKeyEntry)ks.getEntry("sk1", null);
 932         if ("DES".equals(ske.getSecretKey().getAlgorithm())) {
 933             System.out.println("test " + testnum++ + " passed");
 934         } else {
 935             throw new SecurityException
 936                 ("expected DES, got " + ske.getSecretKey().getAlgorithm());
 937         }
 938 
 939         // getEntry good ske 2
 940         ske = (KeyStore.SecretKeyEntry)ks.getEntry("sk2", null);
 941         if ("DESede".equals(ske.getSecretKey().getAlgorithm())) {
 942             System.out.println("test " + testnum++ + " passed");
 943         } else {
 944             throw new SecurityException
 945                 ("expected DESede, got " + ske.getSecretKey().getAlgorithm());
 946         }
 947 
 948         // getEntry good ske 3
 949         ske = (KeyStore.SecretKeyEntry)ks.getEntry("sk3", null);
 950         if ("AES".equals(ske.getSecretKey().getAlgorithm())) {
 951             System.out.println("test " + testnum++ + " passed");
 952         } else {
 953             throw new SecurityException
 954                 ("expected AES, got " + ske.getSecretKey().getAlgorithm());
 955         }
 956 
 957         // getEntry good ske 4
 958         ske = (KeyStore.SecretKeyEntry)ks.getEntry("sk4", null);
 959         if ("ARCFOUR".equals(ske.getSecretKey().getAlgorithm())) {
 960             System.out.println("test " + testnum++ + " passed");
 961         } else {
 962             throw new SecurityException
 963                 ("expected ARCFOUR, got " + ske.getSecretKey().getAlgorithm());
 964         }
 965 
 966         // getKey good ske 1
 967         SecretKey skey = (SecretKey)ks.getKey("sk1", null);
 968         if ("DES".equals(skey.getAlgorithm())) {
 969             System.out.println("test " + testnum++ + " passed");
 970         } else {
 971             throw new SecurityException
 972                 ("expected DES, got " + skey.getAlgorithm());
 973         }
 974 
 975         // getKey good ske 2
 976         skey = (SecretKey)ks.getKey("sk2", null);
 977         if ("DESede".equals(skey.getAlgorithm())) {
 978             System.out.println("test " + testnum++ + " passed");
 979         } else {
 980             throw new SecurityException
 981                 ("expected DESede, got " + skey.getAlgorithm());
 982         }
 983 
 984         // getKey good ske 3
 985         skey = (SecretKey)ks.getKey("sk3", null);
 986         if ("AES".equals(skey.getAlgorithm())) {
 987             System.out.println("test " + testnum++ + " passed");
 988         } else {
 989             throw new SecurityException
 990                 ("expected AES, got " + skey.getAlgorithm());
 991         }
 992 
 993         // getKey good ske 4
 994         skey = (SecretKey)ks.getKey("sk4", null);
 995         if ("ARCFOUR".equals(skey.getAlgorithm())) {
 996             System.out.println("test " + testnum++ + " passed");
 997         } else {
 998             throw new SecurityException
 999                 ("expected ARCFOUR, got " + skey.getAlgorithm());
1000         }
1001 
1002         // aliases
1003         Enumeration enu = ks.aliases();
1004         int count = 0;
1005         while (enu.hasMoreElements()) {
1006             count++;
1007             System.out.println("alias " +
1008                                 count +
1009                                 " = " +
1010                                 (String)enu.nextElement());
1011         }
1012         if (count == 5) {
1013             System.out.println("test " + testnum++ + " passed");
1014         } else {
1015             throw new SecurityException("expected 5 aliases");
1016         }
1017 
1018         // size
1019         if (ks.size() == 5) {
1020             System.out.println("test " + testnum++ + " passed");
1021         } else {
1022             throw new SecurityException("expected size 5");
1023         }
1024 
1025         // set good pke 2
1026         ks.setEntry("pk2",
1027                 new KeyStore.PrivateKeyEntry(pk2, chain2),
1028                 null);
1029         System.out.println("test " + testnum++ + " passed");
1030 
1031         // set good pke 3
1032         ks.setEntry("pk3",
1033                 new KeyStore.PrivateKeyEntry(pk3, chain3),
1034                 null);
1035         System.out.println("test " + testnum++ + " passed");
1036 
1037         // getEntry good pke 1
1038         KeyStore.PrivateKeyEntry pke =
1039                 (KeyStore.PrivateKeyEntry)ks.getEntry("pk1", null);
1040         System.out.println("pk1 = " + pke.getPrivateKey());
1041         Certificate[] chain = pke.getCertificateChain();
1042         if (chain.length != chain1.length) {
1043             throw new SecurityException("received chain not correct length");
1044         }
1045         for (int i = 0; i < chain.length; i++) {
1046             if (!chain[i].equals(chain1[i])) {
1047                 throw new SecurityException("received chain not equal");
1048             }
1049         }
1050 
1051         // getEntry good pke 2
1052         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk2", null);
1053         System.out.println("pk2 = " + pke.getPrivateKey());
1054         chain = pke.getCertificateChain();
1055         if (chain.length != chain2.length) {
1056             throw new SecurityException("received chain not correct length");
1057         }
1058         for (int i = 0; i < chain.length; i++) {
1059             if (!chain[i].equals(chain2[i])) {
1060                 throw new SecurityException("received chain not equal");
1061             }
1062         }
1063 
1064         // getEntry good pke 3
1065         pke = (KeyStore.PrivateKeyEntry)ks.getEntry("pk3", null);
1066         System.out.println("pk3 = " + pke.getPrivateKey());
1067         chain = pke.getCertificateChain();
1068         if (chain.length != chain3.length) {
1069             throw new SecurityException("received chain not correct length");
1070         }
1071         for (int i = 0; i < chain.length; i++) {
1072             if (!chain[i].equals(chain3[i])) {
1073                 throw new SecurityException("received chain not equal");
1074             }
1075         }
1076 
1077         // getKey good pke 1
1078         PrivateKey pkey = (PrivateKey)ks.getKey("pk1", null);
1079         if ("RSA".equals(pkey.getAlgorithm())) {
1080             System.out.println("test " + testnum++ + " passed");
1081         } else {
1082             throw new SecurityException
1083                 ("expected RSA, got " + pkey.getAlgorithm());
1084         }
1085 
1086         // getCertificate chain chain 1
1087         chain = ks.getCertificateChain("pk1");
1088         if (chain.length != chain1.length) {
1089             throw new SecurityException("received chain not correct length");
1090         }
1091         for (int i = 0; i < chain.length; i++) {
1092             if (!chain[i].equals(chain1[i])) {
1093                 throw new SecurityException("received chain not equal");
1094             }
1095         }
1096 
1097         // getKey good pke 2
1098         pkey = (PrivateKey)ks.getKey("pk2", null);
1099         if ("RSA".equals(pkey.getAlgorithm())) {
1100             System.out.println("test " + testnum++ + " passed");
1101         } else {
1102             throw new SecurityException
1103                 ("expected RSA, got " + pkey.getAlgorithm());
1104         }
1105 
1106         // getCertificate chain chain 2
1107         chain = ks.getCertificateChain("pk2");
1108         if (chain.length != chain2.length) {
1109             throw new SecurityException("received chain not correct length");
1110         }
1111         for (int i = 0; i < chain.length; i++) {
1112             if (!chain[i].equals(chain2[i])) {
1113                 throw new SecurityException("received chain not equal");
1114             }
1115         }
1116 
1117         // getKey good pke 3
1118         pkey = (PrivateKey)ks.getKey("pk3", null);
1119         if ("RSA".equals(pkey.getAlgorithm())) {
1120             System.out.println("test " + testnum++ + " passed");
1121         } else {
1122             throw new SecurityException
1123                 ("expected RSA, got " + pkey.getAlgorithm());
1124         }
1125 
1126         // getCertificate chain chain 3
1127         chain = ks.getCertificateChain("pk3");
1128         if (chain.length != chain3.length) {
1129             throw new SecurityException("received chain not correct length");
1130         }
1131         for (int i = 0; i < chain.length; i++) {
1132             if (!chain[i].equals(chain3[i])) {
1133                 throw new SecurityException("received chain not equal");
1134             }
1135         }
1136 
1137         // aliases
1138         enu = ks.aliases();
1139         count = 0;
1140         while (enu.hasMoreElements()) {
1141             count++;
1142             System.out.println("alias " +
1143                                 count +
1144                                 " = " +
1145                                 (String)enu.nextElement());
1146         }
1147         if (count == 7) {
1148             System.out.println("test " + testnum++ + " passed");
1149         } else {
1150             throw new SecurityException("expected 7 aliases");
1151         }
1152 
1153         // size
1154         if (ks.size() == 7) {
1155             System.out.println("test " + testnum++ + " passed");
1156         } else {
1157             throw new SecurityException("expected size 7");
1158         }
1159 
1160         // getCertificate good chain 1
1161         if (ks.getCertificate("pk1").equals(chain1[0])) {
1162             System.out.println("test " + testnum++ + " passed");
1163         } else {
1164             throw new SecurityException("retrieved cert not equal");
1165         }
1166 
1167         // getCertificate good chain 3
1168         if (ks.getCertificate("pk3").equals(chain3[0])) {
1169             System.out.println("test " + testnum++ + " passed");
1170         } else {
1171             throw new SecurityException("retrieved cert not equal");
1172         }
1173 
1174         // getKey good ske 1
1175         skey = (SecretKey)ks.getKey("sk1", null);
1176         if ("DES".equals(skey.getAlgorithm())) {
1177             System.out.println("test " + testnum++ + " passed");
1178         } else {
1179             throw new SecurityException
1180                 ("expected DES, got " + skey.getAlgorithm());
1181         }
1182 
1183         // getKey good ske 4
1184         skey = (SecretKey)ks.getKey("sk4", null);
1185         if ("ARCFOUR".equals(skey.getAlgorithm())) {
1186             System.out.println("test " + testnum++ + " passed");
1187         } else {
1188             throw new SecurityException
1189                 ("expected ARCFOUR, got " + skey.getAlgorithm());
1190         }
1191 
1192         // getKey good pke 1
1193         pkey = (PrivateKey)ks.getKey("pk1", null);
1194         if ("RSA".equals(pkey.getAlgorithm())) {
1195             System.out.println("test " + testnum++ + " passed");
1196         } else {
1197             throw new SecurityException
1198                 ("expected RSA, got " + pkey.getAlgorithm());
1199         }
1200 
1201         // getKey good pke 3
1202         pkey = (PrivateKey)ks.getKey("pk3", null);
1203         if ("RSA".equals(pkey.getAlgorithm())) {
1204             System.out.println("test " + testnum++ + " passed");
1205         } else {
1206             throw new SecurityException
1207                 ("expected RSA, got " + pkey.getAlgorithm());
1208         }
1209 
1210         // contains alias
1211         if (!ks.containsAlias("pk1") ||
1212                 !ks.containsAlias("pk2") ||
1213                 !ks.containsAlias("pk3") ||
1214                 !ks.containsAlias("sk1") ||
1215                 !ks.containsAlias("sk2") ||
1216                 !ks.containsAlias("sk3") ||
1217                 !ks.containsAlias("sk4")) {
1218             throw new SecurityException("did not contain all aliases");
1219         }
1220         System.out.println("test " + testnum++ + " passed");
1221 
1222         // getCertificateAlias pk1
1223         if (ks.getCertificateAlias(chain1[0]).equals("pk1")) {
1224             System.out.println("test " + testnum++ + " passed");
1225         } else {
1226             throw new SecurityException("expected cert pk1");
1227         }
1228 
1229         // getCertificateAlias pk3
1230         if (ks.getCertificateAlias(chain3[0]).equals("pk3")) {
1231             System.out.println("test " + testnum++ + " passed");
1232         } else {
1233             throw new SecurityException("expected cert pk3");
1234         }
1235 
1236         // isCertificateEntry pk1
1237         if (!ks.isCertificateEntry("pk1")) {
1238             System.out.println("test " + testnum++ + " passed");
1239         } else {
1240             throw new SecurityException("expected pke");
1241         }
1242 
1243         // isCertificateEntry pk3
1244         if (!ks.isCertificateEntry("pk3")) {
1245             System.out.println("test " + testnum++ + " passed");
1246         } else {
1247             throw new SecurityException("expected pke");
1248         }
1249 
1250         // isCertificateEntry sk1
1251         if (!ks.isCertificateEntry("sk1")) {
1252             System.out.println("test " + testnum++ + " passed");
1253         } else {
1254             throw new SecurityException("expected ske");
1255         }
1256 
1257         // isCertificateEntry sk4
1258         if (!ks.isCertificateEntry("sk4")) {
1259             System.out.println("test " + testnum++ + " passed");
1260         } else {
1261             throw new SecurityException("expected ske");
1262         }
1263 
1264         // isKeyEntry pk1
1265         if (ks.isKeyEntry("pk1")) {
1266             System.out.println("test " + testnum++ + " passed");
1267         } else {
1268             throw new SecurityException("expected pke");
1269         }
1270 
1271         // isKeyEntry pk3
1272         if (ks.isKeyEntry("pk3")) {
1273             System.out.println("test " + testnum++ + " passed");
1274         } else {
1275             throw new SecurityException("expected pke");
1276         }
1277 
1278         // isKeyEntry sk1
1279         if (ks.isKeyEntry("sk1")) {
1280             System.out.println("test " + testnum++ + " passed");
1281         } else {
1282             throw new SecurityException("expected ske");
1283         }
1284 
1285         // isKeyEntry sk4
1286         if (ks.isKeyEntry("sk4")) {
1287             System.out.println("test " + testnum++ + " passed");
1288         } else {
1289             throw new SecurityException("expected ske");
1290         }
1291 
1292         // isCertificateEntry random foo
1293         if (!ks.isCertificateEntry("foo")) {
1294             System.out.println("test " + testnum++ + " passed");
1295         } else {
1296             throw new SecurityException("expected foo");
1297         }
1298 
1299         // isKeyEntry random foo
1300         if (!ks.isKeyEntry("foo")) {
1301             System.out.println("test " + testnum++ + " passed");
1302         } else {
1303             throw new SecurityException("expected foo");
1304         }
1305 
1306         // entryInstanceOf pk1
1307         if (!ks.entryInstanceOf
1308                 ("pk1", KeyStore.TrustedCertificateEntry.class)) {
1309             System.out.println("test " + testnum++ + " passed");
1310         } else {
1311             throw new SecurityException("expected tce");
1312         }
1313 
1314         // entryInstanceOf pk3
1315         if (!ks.entryInstanceOf
1316                 ("pk3", KeyStore.TrustedCertificateEntry.class)) {
1317             System.out.println("test " + testnum++ + " passed");
1318         } else {
1319             throw new SecurityException("expected tce");
1320         }
1321 
1322         // entryInstanceOf sk1
1323         if (!ks.entryInstanceOf
1324                 ("sk1", KeyStore.TrustedCertificateEntry.class)) {
1325             System.out.println("test " + testnum++ + " passed");
1326         } else {
1327             throw new SecurityException("expected tce");
1328         }
1329 
1330         // entryInstanceOf sk4
1331         if (!ks.entryInstanceOf
1332                 ("sk4", KeyStore.TrustedCertificateEntry.class)) {
1333             System.out.println("test " + testnum++ + " passed");
1334         } else {
1335             throw new SecurityException("expected tce");
1336         }
1337 
1338         // entryInstanceOf pk1
1339         if (ks.entryInstanceOf("pk1", KeyStore.PrivateKeyEntry.class)) {
1340             System.out.println("test " + testnum++ + " passed");
1341         } else {
1342             throw new SecurityException("expected pke");
1343         }
1344 
1345         // entryInstanceOf pk3
1346         if (ks.entryInstanceOf("pk3", KeyStore.PrivateKeyEntry.class)) {
1347             System.out.println("test " + testnum++ + " passed");
1348         } else {
1349             throw new SecurityException("expected pke");
1350         }
1351 
1352         // entryInstanceOf sk1
1353         if (!ks.entryInstanceOf("sk1", KeyStore.PrivateKeyEntry.class)) {
1354             System.out.println("test " + testnum++ + " passed");
1355         } else {
1356             throw new SecurityException("expected pke");
1357         }
1358 
1359         // entryInstanceOf sk4
1360         if (!ks.entryInstanceOf("sk4", KeyStore.PrivateKeyEntry.class)) {
1361             System.out.println("test " + testnum++ + " passed");
1362         } else {
1363             throw new SecurityException("expected pke");
1364         }
1365 
1366         // entryInstanceOf sk1
1367         if (ks.entryInstanceOf("sk1", KeyStore.SecretKeyEntry.class)) {
1368             System.out.println("test " + testnum++ + " passed");
1369         } else {
1370             throw new SecurityException("expected ske");
1371         }
1372 
1373         // entryInstanceOf sk4
1374         if (ks.entryInstanceOf("sk4", KeyStore.SecretKeyEntry.class)) {
1375             System.out.println("test " + testnum++ + " passed");
1376         } else {
1377             throw new SecurityException("expected ske");
1378         }
1379 
1380         // entryInstanceOf pk1
1381         if (!ks.entryInstanceOf("pk1", KeyStore.SecretKeyEntry.class)) {
1382             System.out.println("test " + testnum++ + " passed");
1383         } else {
1384             throw new SecurityException("expected ske");
1385         }
1386 
1387         // entryInstanceOf pk3
1388         if (!ks.entryInstanceOf("pk3", KeyStore.SecretKeyEntry.class)) {
1389             System.out.println("test " + testnum++ + " passed");
1390         } else {
1391             throw new SecurityException("expected ske");
1392         }
1393 
1394         // getEntry random foobar
1395         if (ks.getEntry("foobar", null) != null) {
1396             throw new SecurityException("expected null entry");
1397         } else {
1398             System.out.println("test " + testnum++ + " passed");
1399         }
1400 
1401         // deleteEntry
1402         ks.deleteEntry("pk1");
1403         ks.deleteEntry("pk3");
1404         ks.deleteEntry("sk2");
1405         ks.deleteEntry("sk3");
1406         System.out.println("test " + testnum++ + " passed");
1407 
1408         // aliases
1409         enu = ks.aliases();
1410         count = 0;
1411         while (enu.hasMoreElements()) {
1412             count++;
1413             System.out.println("alias " +
1414                                 count +
1415                                 " = " +
1416                                 (String)enu.nextElement());
1417         }
1418         if (count == 3) {
1419             System.out.println("test " + testnum++ + " passed");
1420         } else {
1421             throw new SecurityException("expected 3 aliases");
1422         }
1423 
1424         // size
1425         if (ks.size() == 3) {
1426             System.out.println("test " + testnum++ + " passed");
1427         } else {
1428             throw new SecurityException("expected size 6");
1429         }
1430 
1431         // entryInstanceOf sk1
1432         if (!ks.entryInstanceOf("sk1", KeyStore.PrivateKeyEntry.class)) {
1433             System.out.println("test " + testnum++ + " passed");
1434         } else {
1435             throw new SecurityException("expected pke");
1436         }
1437 
1438         // entryInstanceOf sk4
1439         if (!ks.entryInstanceOf("sk4", KeyStore.PrivateKeyEntry.class)) {
1440             System.out.println("test " + testnum++ + " passed");
1441         } else {
1442             throw new SecurityException("expected pke");
1443         }
1444 
1445         // entryInstanceOf pk2
1446         if (ks.entryInstanceOf("pk2", KeyStore.PrivateKeyEntry.class)) {
1447             System.out.println("test " + testnum++ + " passed");
1448         } else {
1449             throw new SecurityException("expected pke");
1450         }
1451         System.out.println("test " + testnum++ + " passed");
1452 
1453         return testnum;
1454     }
1455 }