< prev index next >

test/sun/security/validator/certreplace.sh

Print this page 
rev 16540 : 8171319: keytool should print out warnings when reading or generating cert/cert req using weak algorithms


  47     FS="/"
  48     ;;
  49 esac
  50 
  51 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit \
  52     -keypass changeit -keystore certreplace.jks -keyalg rsa"
  53 JAVAC=$COMPILEJAVA${FS}bin${FS}javac
  54 JAVA=$TESTJAVA${FS}bin${FS}java
  55 
  56 rm -rf certreplace.jks 2> /dev/null
  57 
  58 # 1. Generate 3 aliases in a keystore: ca, int, user
  59 
  60 $KT -genkeypair -alias ca -dname CN=CA -keyalg rsa -sigalg md2withrsa -ext bc
  61 $KT -genkeypair -alias int -dname CN=Int -keyalg rsa
  62 $KT -genkeypair -alias user -dname CN=User -keyalg rsa
  63 
  64 # 2. Signing: ca -> int -> user
  65 
  66 $KT -certreq -alias int | $KT -gencert -rfc -alias ca -ext bc \
  67     | $KT -import -alias int
  68 $KT -certreq -alias user | $KT -gencert -rfc -alias int \
  69     | $KT -import -alias user
  70 
  71 # 3. Create the certchain file
  72 
  73 $KT -export -alias user -rfc > certreplace.certs
  74 $KT -export -rfc -alias int >> certreplace.certs
  75 $KT -export -rfc -alias ca >> certreplace.certs
  76 
  77 # 4. Upgrade ca from MD2withRSA to SHA256withRSA, remove other aliases and
  78 # make this keystore the cacerts file
  79 
  80 $KT -selfcert -alias ca
  81 $KT -delete -alias int
  82 $KT -delete -alias user
  83 
  84 # 5. Build and run test
  85 
  86 EXTRAOPTS="--add-exports java.base/sun.security.validator=ALL-UNNAMED"
  87 $JAVAC ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} ${EXTRAOPTS} -d . ${TESTSRC}${FS}CertReplace.java
  88 $JAVA ${TESTVMOPTS} ${EXTRAOPTS} CertReplace certreplace.jks certreplace.certs



  47     FS="/"
  48     ;;
  49 esac
  50 
  51 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit \
  52     -keypass changeit -keystore certreplace.jks -keyalg rsa"
  53 JAVAC=$COMPILEJAVA${FS}bin${FS}javac
  54 JAVA=$TESTJAVA${FS}bin${FS}java
  55 
  56 rm -rf certreplace.jks 2> /dev/null
  57 
  58 # 1. Generate 3 aliases in a keystore: ca, int, user
  59 
  60 $KT -genkeypair -alias ca -dname CN=CA -keyalg rsa -sigalg md2withrsa -ext bc
  61 $KT -genkeypair -alias int -dname CN=Int -keyalg rsa
  62 $KT -genkeypair -alias user -dname CN=User -keyalg rsa
  63 
  64 # 2. Signing: ca -> int -> user
  65 
  66 $KT -certreq -alias int | $KT -gencert -rfc -alias ca -ext bc \
  67     | $KT -import -alias int -noprompt
  68 $KT -certreq -alias user | $KT -gencert -rfc -alias int \
  69     | $KT -import -alias user -noprompt
  70 
  71 # 3. Create the certchain file
  72 
  73 $KT -export -alias user -rfc > certreplace.certs
  74 $KT -export -rfc -alias int >> certreplace.certs
  75 $KT -export -rfc -alias ca >> certreplace.certs
  76 
  77 # 4. Upgrade ca from MD2withRSA to SHA256withRSA, remove other aliases and
  78 # make this keystore the cacerts file
  79 
  80 $KT -selfcert -alias ca
  81 $KT -delete -alias int
  82 $KT -delete -alias user
  83 
  84 # 5. Build and run test
  85 
  86 EXTRAOPTS="--add-exports java.base/sun.security.validator=ALL-UNNAMED"
  87 $JAVAC ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} ${EXTRAOPTS} -d . ${TESTSRC}${FS}CertReplace.java
  88 $JAVA ${TESTVMOPTS} ${EXTRAOPTS} CertReplace certreplace.jks certreplace.certs
< prev index next >