1/*
2 * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/*
25 * @test
26 * @bug 8048622 8134232
27 * @summary Checks that PKCS#11 keystore can't be loaded with wrong password
28 * @library ../
29 * @modules jdk.crypto.cryptoki
30 * @run main/othervm LoadKeystore
31 * @run main/othervm LoadKeystore sm policy
32 */
33
34import java.io.File;
35import java.io.IOException;
36import java.security.KeyStore;
37import java.security.KeyStoreException;
38import java.security.Provider;
39import java.security.Security;
40import java.security.UnrecoverableKeyException;
41import java.util.Collections;
42
43public class LoadKeystore extends SecmodTest {
44
45    public static void main(String[] args) throws Exception {
46        if (!initSecmod()) {
47            return;
48        }
49
50        String configName = BASE + SEP + "nss.cfg";
51        Provider p = getSunPKCS11(configName);
52
53        System.out.println("Add provider " + p);
54        System.out.println();
55        Security.addProvider(p);
56
57        if (args.length > 1 && "sm".equals(args[0])) {
58            System.setProperty("java.security.policy",
59                    BASE + File.separator + args[1]);
60            System.setSecurityManager(new SecurityManager());
61        }
62
63        try {
64            System.out.println("Load keystore with wrong type");
65            KeyStore.getInstance("unknown", p);
66            throw new RuntimeException("Expected exception not thrown");
67        } catch(KeyStoreException e) {
68            System.out.println("Expected exception: " + e);
69        }
70
71        KeyStore ks = KeyStore.getInstance("PKCS11", p);
72        if (!"PKCS11".equals(ks.getType())) {
73            throw new RuntimeException("Unexpected keystore type: "
74                    + ks.getType());
75        }
76        if (!p.equals(ks.getProvider())) {
77            throw new RuntimeException("Unexpected keystore provider: "
78                    + ks.getProvider());
79        }
80
81        try {
82            System.out.println("Load keystore with wrong password");
83            ks.load(null, "wrong".toCharArray());
84            throw new RuntimeException("Expected exception not thrown");
85        } catch(IOException e) {
86            System.out.println("Expected exception: " + e);
87            Throwable cause = e.getCause();
88            if (!(cause instanceof UnrecoverableKeyException)) {
89                e.printStackTrace(System.out);
90                throw new RuntimeException("Unexpected cause: " + cause);
91            }
92            System.out.println("Expected cause: " + cause);
93        }
94
95        System.out.println("Load keystore with correct password");
96        ks.load(null, password);
97        for (String alias : Collections.list(ks.aliases())) {
98            System.out.println("Alias: " + alias);
99        }
100
101        System.out.println("Test passed");
102    }
103
104}
105