test/jdk/java/security/KeyStore/PKCS12/ConvertP12Test.java

/*
 * Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

import static java.lang.System.out;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.Enumeration;

/*
 * @test
 * @bug 8048619
 * @author  Bill Situ
 * @summary Test converting keystore from jceks to P12 and from P12 to other
 *  (jceks,jks). including following test cases:
 * Read jceks key store and convert to the p12 key store, then compare entries
 *  in the two key stores.
 * Read p12 key store and convert to the jceks key store, then compare entries
 *  in the two key stores.
 * Read p12 key store (contains only private key and a self-signed certificate)
 *  and convert to the jceks key store, then compare entries of two key stores.
 * Read p12 key store (contains 2 entries) and convert to the jceks key store,
 *  then compare entries in the two key stores.
 * Read p12 key store (entry password and key store password are different) and
 *  convert to the jceks key store, then compare entries in the two key stores.
 * Read p12 key store and convert to the jks key store, then compare entries
 *  in the two key stores.
 * Read p12 key store (contains only private key and a self-signed certificate)
 *  and convert to the jks key store, then compare entries in the two key stores.
 * Read p12 key store (contains 2 entries) and convert to the jks key store,
 *  then compare entries in the two key stores.
 * Read p12 key store (entry password and key store password are different) and
 * convert to the jks key store, then compare entries in the two key stores.
 */

public class ConvertP12Test {

    private static final String SUN_JSSE = "SunJSSE";
    private static final String SUN_JCE = "SunJCE";
    private static final String SUN = "SUN";
    private static final String PKCS12 = "pkcs12";
    private static final String JCE_KS = "JceKS";
    private static final String JKS = "JKS";

    public static void main(String args[]) throws Exception {

        ConvertP12Test jstest = new ConvertP12Test();

        jstest.driver("JceksToP12", "keystoreCA.jceks.data", JCE_KS, SUN_JCE,
                "storepass", "keypass", PKCS12, SUN_JSSE);

        jstest.driver("P12ToJceks_Chain", "ie_jceks_chain.pfx.data", PKCS12,
                SUN_JSSE, "pass", "pass", JCE_KS, SUN_JCE);

        jstest.driver("P12ToJceks_SelfSigned", "jdk_jceks_selfsigned.p12.data",
                PKCS12, SUN_JSSE, "pass", "pass", JCE_KS, SUN_JCE);

        jstest.driver("P12ToJceks_TwoEntry", "jdk_jceks_twoentry.p12.data",
                PKCS12, SUN_JSSE, "pass", "pass", JCE_KS, SUN_JCE);

        jstest.driver("P12ToJceks_TwoPass", "jdk_jceks_twopass.p12.data",
                PKCS12, SUN_JSSE, "storepass", "keypass", JCE_KS, SUN_JCE);

        jstest.driver("P12ToJks_Chain", "ie_jks_chain.pfx.data", PKCS12,
                SUN_JSSE, "pass", "pass", JKS, SUN);

        jstest.driver("P12ToJks_SelfSigned", "jdk_jks_selfsigned.p12.data",
                PKCS12, SUN_JSSE, "pass", "pass", JKS, SUN);

        jstest.driver("P12ToJks_TwoEntry", "jdk_jks_twoentry.p12.data", PKCS12,
                SUN_JSSE, "pass", "pass", JKS, SUN);

        jstest.driver("P12ToJks_TwoPass", "jdk_jks_twopass.p12.data", PKCS12,
                SUN_JSSE, "storepass", "keypass", JKS, SUN);

    }

    private void driver(String testCase, String inKeyStore,
            String inKeyStoreType, String inKeyStoreTypePrv,
            String inStorePass, String inKeyPass, String outKeyStoreType,
            String outKeyStorePrv) throws Exception {

        String outStorePass = "pass";
        String outKeyPass = "pass";
        KeyStore inputKeyStore, outputKeyStore;

        out.println("Testing " + testCase);
        String keystorePath = System.getProperty("test.src", ".")
                + File.separator + "certs" + File.separator + "convertP12";
        out.println("Output KeyStore : " + inKeyStore + ".out");
        String outKeyStoreName = inKeyStore + ".out";
        try (FileOutputStream fout = new FileOutputStream(outKeyStoreName);) {
            inputKeyStore = KeyStore.getInstance(inKeyStoreType,
                    inKeyStoreTypePrv);

            // KeyStore have encoded by Base64.getMimeEncoder().encode(),need
            // decode first.
            byte[] input = Files.readAllBytes(Paths.get(keystorePath,
                    inKeyStore));
            ByteArrayInputStream arrayIn = new ByteArrayInputStream(Base64
                    .getMimeDecoder().decode(input));

            out.println("Input KeyStore : " + inKeyStore);

            inputKeyStore.load(arrayIn, inStorePass.toCharArray());

            outputKeyStore = KeyStore.getInstance(outKeyStoreType,
                    outKeyStorePrv);
            outputKeyStore.load(null, null);

            run(inputKeyStore, outputKeyStore, inKeyPass, outKeyPass);

            outputKeyStore.store(fout, outStorePass.toCharArray());

            // for P12ToJks_TwoEntry test case will test includes each other,
            // others just test compareKeystore
            if (testCase.contains("TwoEntry")) {

                compareKeyStore(inputKeyStore, outputKeyStore, inKeyPass,
                        outKeyPass, 2);
                compareKeyStore(outputKeyStore, inputKeyStore, outKeyPass,
                        inKeyPass, 2);
            } else {
                compareKeyStore(inputKeyStore, outputKeyStore, inKeyPass,
                        outKeyPass, 1);
            }
            out.println("Test " + testCase + " STATUS: Pass!!");
        } catch (Exception ex) {
            out.println("Test " + testCase + " STATUS: failed with exception: "
                    + ex.getMessage());
            throw ex;
        }
    }

    private void run(KeyStore inputKeyStore, KeyStore outputKeyStore,
            String inKeyPass, String outKeyPass) throws Exception {
        Enumeration<String> e = inputKeyStore.aliases();
        String alias;
        while (e.hasMoreElements()) {
            alias = e.nextElement();
            Certificate[] certs = inputKeyStore.getCertificateChain(alias);

            boolean isCertEntry = inputKeyStore.isCertificateEntry(alias);
            // Test KeyStore only contain key pair entries.
            if (isCertEntry == true) {
                throw new RuntimeException(
                        "inputKeystore should not be certEntry because test"
                                + " keystore only contain key pair entries"
                                + " for alias:" + alias);
            }

            boolean isKeyEntry = inputKeyStore.isKeyEntry(alias);
            Key key = null;
            if (isKeyEntry) {
                key = inputKeyStore.getKey(alias, inKeyPass.toCharArray());
            } else {
                throw new RuntimeException("Entry type unknown for alias:"
                        + alias);
            }
            outputKeyStore.setKeyEntry(alias, key, outKeyPass.toCharArray(),
                    certs);
        }
    }

    private void compareKeyStore(KeyStore a, KeyStore b, String inKeyPass,
            String outKeyPass, int keyStoreSize) throws Exception {
        if (a.size() != keyStoreSize || b.size() != keyStoreSize) {
            throw new RuntimeException("size not match or size not equal to "
                    + keyStoreSize);
        }

        Enumeration<String> eA = a.aliases();
        while (eA.hasMoreElements()) {
            String aliasA = eA.nextElement();

            if (!b.containsAlias(aliasA)) {
                throw new RuntimeException("alias not match for alias:"
                        + aliasA);
            }

            compareKeyEntry(a, b, inKeyPass, outKeyPass, aliasA);
        }
    }

    private void compareKeyEntry(KeyStore a, KeyStore b, String aPass,
            String bPass, String alias) throws KeyStoreException,
            UnrecoverableKeyException, NoSuchAlgorithmException {
        Certificate[] certsA = a.getCertificateChain(alias);
        Certificate[] certsB = b.getCertificateChain(alias);

        if (!Arrays.equals(certsA, certsB)) {
            throw new RuntimeException("Certs don't match for alias:" + alias);
        }

        Key keyA = a.getKey(alias, aPass.toCharArray());
        Key keyB = b.getKey(alias, bPass.toCharArray());

        if (!keyA.equals(keyB)) {
            throw new RuntimeException(
                    "Key don't match for alias:" + alias);
        }
    }
}