1/*
2 * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/**
25 * @test
26 * @bug 6324295 6931562 8154113
27 * @modules jdk.crypto.mscapi
28 * @run main/othervm/java.security.policy==access.policy AccessKeyStore pass
29 * @run main/othervm/java.security.policy==noaccess.policy AccessKeyStore fail
30 * @summary Confirm that right permissions are granted to access keystores.
31 */
32
33import java.security.Provider;
34import java.security.*;
35import java.security.cert.*;
36import java.security.cert.Certificate;
37import java.security.interfaces.RSAKey;
38import java.util.Enumeration;
39
40public class AccessKeyStore {
41
42    public static void main(String[] args) throws Exception {
43
44        // Check for security manager and required arg(s)
45        if (System.getSecurityManager() == null) {
46            throw new Exception("Missing security manager");
47        }
48        if (args.length <= 0) {
49            throw new Exception("Missing expected test status");
50        }
51        boolean shouldPass = args[0].equalsIgnoreCase("pass");
52
53        Provider p = Security.getProvider("SunMSCAPI");
54        System.out.println("SunMSCAPI provider classname is " +
55            p.getClass().getName());
56
57        KeyStore keyStore = KeyStore.getInstance("Windows-MY", p);
58
59        /*
60         * If a SecurityManager exists then this will trigger a
61         * SecurityException if the following permission has not
62         * been granted:
63         *
64         *     SecurityPermission("authProvider.SunMSCAPI")
65         */
66        try {
67            keyStore.load(null, null);
68            if (!shouldPass) {
69                throw new Exception(
70                    "Expected KeyStore.load to throw a SecurityException");
71            }
72        } catch (SecurityException se) {
73            if (!shouldPass) {
74                System.out.println("Expected exception thrown: " + se);
75                return;
76            } else {
77                throw se;
78            }
79        }
80
81        int i = 0;
82        for (Enumeration<String> e = keyStore.aliases(); e.hasMoreElements(); ) {
83            String alias = e.nextElement();
84            displayEntry(keyStore, alias, i++);
85        }
86    }
87
88    private static void displayEntry(KeyStore keyStore, String alias,
89        int index) throws KeyStoreException, NoSuchAlgorithmException  {
90
91        if (keyStore.isKeyEntry(alias)) {
92            System.out.println("[" + index + "]\n    " + alias +
93                " [key-entry]\n");
94
95            try {
96
97                Key key = keyStore.getKey(alias, null);
98
99                if (key instanceof RSAKey) {
100                    System.out.println("    Key type: " + key.getAlgorithm() +
101                        " (" + ((RSAKey)key).getModulus().bitLength() +
102                        " bit)\n");
103                } else {
104                    System.out.println("    Key type: " + key.getAlgorithm() +
105                        "\n");
106                }
107
108            } catch (UnrecoverableKeyException e) {
109                System.out.println("    Key type: Unknown\n");
110            }
111
112            Certificate[] chain = keyStore.getCertificateChain(alias);
113            if (chain != null) {
114                System.out.println("    Certificate chain: ");
115                for (int i = 0; i < chain.length; i ++) {
116                    System.out.println("        ["+ (i + 1) + "]");
117                    displayCert(chain[i], "            ");
118                }
119            }
120
121        } else {
122            System.out.println("[" + index + "]\n    " + alias +
123                " [trusted-cert-entry]\n");
124            Certificate[] chain = keyStore.getCertificateChain(alias);
125            if (chain != null) {
126                System.out.println("    Certificate chain: ");
127                for (int i = 0; i < chain.length; i ++) {
128                    System.out.println("        ["+ (i + 1) + "]");
129                    displayCert(chain[i], "            ");
130                }
131            }
132        }
133        System.out.println("-------------------------------------------------");
134    }
135
136    private static void displayCert(Certificate cert, String tab) {
137        if (cert instanceof X509Certificate) {
138            X509Certificate x = (X509Certificate) cert;
139            System.out.println(
140                tab + "Owner: " + x.getSubjectDN().toString() + "\n" +
141                tab + "Issuer: " + x.getIssuerDN().toString() + "\n" +
142                tab + "Serial number: " + x.getSerialNumber().toString(16) +
143                "\n"+
144                tab + "Valid from: " + x.getNotBefore().toString() + "\n" +
145                tab + "     until: " + x.getNotAfter().toString());
146        } else {
147            System.out.println(tab + "[unknown certificate format]");
148        }
149        System.out.println();
150    }
151}
152