1/* 2 * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24/** 25 * @test 26 * @bug 6324295 6931562 8154113 27 * @modules jdk.crypto.mscapi 28 * @run main/othervm/java.security.policy==access.policy AccessKeyStore pass 29 * @run main/othervm/java.security.policy==noaccess.policy AccessKeyStore fail 30 * @summary Confirm that right permissions are granted to access keystores. 31 */ 32 33import java.security.Provider; 34import java.security.*; 35import java.security.cert.*; 36import java.security.cert.Certificate; 37import java.security.interfaces.RSAKey; 38import java.util.Enumeration; 39 40public class AccessKeyStore { 41 42 public static void main(String[] args) throws Exception { 43 44 // Check for security manager and required arg(s) 45 if (System.getSecurityManager() == null) { 46 throw new Exception("Missing security manager"); 47 } 48 if (args.length <= 0) { 49 throw new Exception("Missing expected test status"); 50 } 51 boolean shouldPass = args[0].equalsIgnoreCase("pass"); 52 53 Provider p = Security.getProvider("SunMSCAPI"); 54 System.out.println("SunMSCAPI provider classname is " + 55 p.getClass().getName()); 56 57 KeyStore keyStore = KeyStore.getInstance("Windows-MY", p); 58 59 /* 60 * If a SecurityManager exists then this will trigger a 61 * SecurityException if the following permission has not 62 * been granted: 63 * 64 * SecurityPermission("authProvider.SunMSCAPI") 65 */ 66 try { 67 keyStore.load(null, null); 68 if (!shouldPass) { 69 throw new Exception( 70 "Expected KeyStore.load to throw a SecurityException"); 71 } 72 } catch (SecurityException se) { 73 if (!shouldPass) { 74 System.out.println("Expected exception thrown: " + se); 75 return; 76 } else { 77 throw se; 78 } 79 } 80 81 int i = 0; 82 for (Enumeration<String> e = keyStore.aliases(); e.hasMoreElements(); ) { 83 String alias = e.nextElement(); 84 displayEntry(keyStore, alias, i++); 85 } 86 } 87 88 private static void displayEntry(KeyStore keyStore, String alias, 89 int index) throws KeyStoreException, NoSuchAlgorithmException { 90 91 if (keyStore.isKeyEntry(alias)) { 92 System.out.println("[" + index + "]\n " + alias + 93 " [key-entry]\n"); 94 95 try { 96 97 Key key = keyStore.getKey(alias, null); 98 99 if (key instanceof RSAKey) { 100 System.out.println(" Key type: " + key.getAlgorithm() + 101 " (" + ((RSAKey)key).getModulus().bitLength() + 102 " bit)\n"); 103 } else { 104 System.out.println(" Key type: " + key.getAlgorithm() + 105 "\n"); 106 } 107 108 } catch (UnrecoverableKeyException e) { 109 System.out.println(" Key type: Unknown\n"); 110 } 111 112 Certificate[] chain = keyStore.getCertificateChain(alias); 113 if (chain != null) { 114 System.out.println(" Certificate chain: "); 115 for (int i = 0; i < chain.length; i ++) { 116 System.out.println(" ["+ (i + 1) + "]"); 117 displayCert(chain[i], " "); 118 } 119 } 120 121 } else { 122 System.out.println("[" + index + "]\n " + alias + 123 " [trusted-cert-entry]\n"); 124 Certificate[] chain = keyStore.getCertificateChain(alias); 125 if (chain != null) { 126 System.out.println(" Certificate chain: "); 127 for (int i = 0; i < chain.length; i ++) { 128 System.out.println(" ["+ (i + 1) + "]"); 129 displayCert(chain[i], " "); 130 } 131 } 132 } 133 System.out.println("-------------------------------------------------"); 134 } 135 136 private static void displayCert(Certificate cert, String tab) { 137 if (cert instanceof X509Certificate) { 138 X509Certificate x = (X509Certificate) cert; 139 System.out.println( 140 tab + "Owner: " + x.getSubjectDN().toString() + "\n" + 141 tab + "Issuer: " + x.getIssuerDN().toString() + "\n" + 142 tab + "Serial number: " + x.getSerialNumber().toString(16) + 143 "\n"+ 144 tab + "Valid from: " + x.getNotBefore().toString() + "\n" + 145 tab + " until: " + x.getNotAfter().toString()); 146 } else { 147 System.out.println(tab + "[unknown certificate format]"); 148 } 149 System.out.println(); 150 } 151} 152