1/*
2 * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/*
25 * @test
26 * @bug 6298106
27 * @summary make sure we can add a trusted cert to the NSS KeyStore module
28 * @author Andreas Sterbenz
29 * @library ..
30 * @modules jdk.crypto.cryptoki
31 * @run main/othervm AddTrustedCert
32 * @run main/othervm AddTrustedCert sm policy
33 */
34
35import java.io.File;
36import java.io.FileInputStream;
37import java.io.InputStream;
38import java.security.KeyStore;
39import java.security.KeyStore.TrustedCertificateEntry;
40import java.security.Provider;
41import java.security.Security;
42import java.security.cert.CertificateFactory;
43import java.security.cert.X509Certificate;
44import java.util.Collection;
45import java.util.Collections;
46import java.util.TreeSet;
47
48public class AddTrustedCert extends SecmodTest {
49
50    public static void main(String[] args) throws Exception {
51        if (initSecmod() == false) {
52            return;
53        }
54
55        X509Certificate cert;
56        try (InputStream in = new FileInputStream(BASE + SEP + "anchor.cer")) {
57            CertificateFactory factory =
58                    CertificateFactory.getInstance("X.509");
59            cert = (X509Certificate)factory.generateCertificate(in);
60        }
61
62        String configName = BASE + SEP + "nss.cfg";
63        Provider p = getSunPKCS11(configName);
64
65        System.out.println(p);
66        Security.addProvider(p);
67
68        if (args.length > 1 && "sm".equals(args[0])) {
69            System.setProperty("java.security.policy",
70                    BASE + File.separator + args[1]);
71            System.setSecurityManager(new SecurityManager());
72        }
73
74        KeyStore ks = KeyStore.getInstance(PKCS11, p);
75        ks.load(null, password);
76        Collection<String> aliases = new TreeSet<>(Collections.list(
77                ks.aliases()));
78        System.out.println("entries: " + aliases.size());
79        System.out.println(aliases);
80        int size1 = aliases.size();
81
82        String alias = "anchor";
83        if (ks.containsAlias(alias)) {
84            throw new Exception("Alias exists: " + alias);
85        }
86
87        ks.setCertificateEntry(alias, cert);
88        KeyStore.Entry first = ks.getEntry(alias, null);
89        System.out.println("first entry = " + first);
90        if (!ks.entryInstanceOf(alias, TrustedCertificateEntry.class)) {
91            throw new Exception("Unexpected first entry type: " + first);
92        }
93
94        ks.setCertificateEntry(alias, cert);
95        KeyStore.Entry second = ks.getEntry(alias, null);
96        System.out.println("second entry = " + second);
97        if (!ks.entryInstanceOf(alias, TrustedCertificateEntry.class)) {
98            throw new Exception("Unexpected second entry type: "
99                    + second);
100        }
101
102        aliases = new TreeSet<>(Collections.list(ks.aliases()));
103        System.out.println("entries: " + aliases.size());
104        System.out.println(aliases);
105        int size2 = aliases.size();
106
107        if ((size2 != size1 + 1) || (aliases.contains(alias) == false)) {
108            throw new Exception("Trusted cert not added");
109        }
110        X509Certificate cert2 = (X509Certificate)ks.getCertificate(alias);
111        if (cert.equals(cert2) == false) {
112            throw new Exception("KeyStore returned incorrect certificate");
113        }
114
115        ks.deleteEntry(alias);
116        if (ks.containsAlias(alias)) {
117            throw new Exception("Alias still exists: " + alias);
118        }
119
120        System.out.println("OK");
121    }
122
123}
124