1# 2# Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved. 3# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4# 5# This code is free software; you can redistribute it and/or modify it 6# under the terms of the GNU General Public License version 2 only, as 7# published by the Free Software Foundation. 8# 9# This code is distributed in the hope that it will be useful, but WITHOUT 10# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12# version 2 for more details (a copy is included in the LICENSE file that 13# accompanied this code). 14# 15# You should have received a copy of the GNU General Public License version 16# 2 along with this work; if not, write to the Free Software Foundation, 17# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18# 19# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20# or visit www.oracle.com if you need additional information or have any 21# questions. 22# 23 24# @test 25# @bug 7133495 8041740 8062264 8046777 26# @summary [macosx] KeyChain KeyStore implementation retrieves only one private key entry 27 28if [ "${TESTJAVA}" = "" ] ; then 29 JAVAC_CMD=`which javac` 30 TESTJAVA=`dirname $JAVAC_CMD`/.. 31fi 32 33if [ "${TESTSRC}" = "" ] ; then 34 TESTSRC="." 35fi 36if [ "${TESTCLASSES}" = "" ] ; then 37 TESTCLASSES=`pwd` 38fi 39 40# Only run on MacOS 41OS=`uname -s` 42case "$OS" in 43 Darwin ) 44 ;; 45 * ) 46 echo "Will not run test on: ${OS}" 47 exit 0; 48 ;; 49esac 50 51PWD="xxxxxx" 52KEYTOOL="${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -storetype KeychainStore -keystore NONE -storepass $PWD" 53TEMPORARY_P12="$TESTCLASSES/7133495.p12" 54TEMPORARY_KC="$TESTCLASSES/7133495.keychain" 55TEMPORARY_LIST="$TESTCLASSES/7133495.tmp" 56CLEANUP_P12="rm -f $TEMPORARY_P12" 57CLEANUP_KC="security delete-keychain $TEMPORARY_KC" 58CLEANUP_LIST="rm -f $TEMPORARY_LIST" 59 60# Count the number of private key entries in the Keychain keystores 61 62COUNT=`$KEYTOOL -list | grep PrivateKeyEntry | wc -l` 63echo "Found $COUNT private key entries in the Keychain keystores" 64 65# Create a temporary PKCS12 keystore containing 3 public/private keypairs 66 67RESULT=`$CLEANUP_P12` 68 69for i in X Y Z 70do 71 ${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -genkeypair \ 72 -storetype PKCS12 \ 73 -keystore $TEMPORARY_P12 \ 74 -storepass $PWD \ 75 -keyalg rsa \ 76 -dname "CN=$i,OU=$i,O=$i,ST=$i,C=US" \ 77 -alias 7133495-$i 78 79 if [ $? -ne 0 ]; then 80 echo "Error: cannot create keypair $i in the temporary PKCS12 keystore" 81 RESULT=`$CLEANUP_P12` 82 exit 1 83 fi 84done 85echo "Created a temporary PKCS12 keystore: $TEMPORARY_P12" 86 87# Create a temporary keychain 88 89security create-keychain -p $PWD $TEMPORARY_KC 90if [ $? -ne 0 ]; then 91 echo "Error: cannot create the temporary keychain" 92 RESULT=`$CLEANUP_P12` 93 exit 2 94fi 95echo "Created a temporary keychain: $TEMPORARY_KC" 96 97# Unlock the temporary keychain 98 99security unlock-keychain -p $PWD $TEMPORARY_KC 100if [ $? -ne 0 ]; then 101 echo "Error: cannot unlock the temporary keychain" 102 RESULT=`$CLEANUP_P12` 103 RESULT=`$CLEANUP_KC` 104 exit 3 105fi 106echo "Unlocked the temporary keychain" 107 108# Import the keypairs from the PKCS12 keystore into the keychain 109# (The '-A' option is used to lower the temporary keychain's access controls) 110 111security import $TEMPORARY_P12 -k $TEMPORARY_KC -f pkcs12 -P $PWD -A 112if [ $? -ne 0 ]; then 113 echo "Error: cannot import keypairs from PKCS12 keystore into the keychain" 114 RESULT=`$CLEANUP_P12` 115 RESULT=`$CLEANUP_KC` 116 exit 4 117fi 118echo "Imported keypairs from PKCS12 keystore into the keychain" 119 120# Generate a 2048-bit RSA keypair and import into the temporary keychain 121# (its private key is configured with non-default key usage settings) 122 123certtool c k=$TEMPORARY_KC <<EOF 124test 125r 1262048 127y 128b 129s 130y 131A 132US 133A 134A 135 136 137y 138EOF 139 140# Adjust the keychain search order 141 142echo "\"$TEMPORARY_KC\"" > $TEMPORARY_LIST 143security list-keychains >> $TEMPORARY_LIST 144security list-keychains -s `xargs < ${TEMPORARY_LIST}` 145`$CLEANUP_LIST` 146echo "Temporary keychain search order:" 147security list-keychains 148 149# Recount the number of private key entries in the Keychain keystores 150# (3 private keys imported from PKCS12, 1 private key generated by 'certtool') 151 152RECOUNT=`$KEYTOOL -list | grep PrivateKeyEntry | wc -l` 153echo "Found $RECOUNT private key entries in the Keychain keystore" 154if [ $RECOUNT -lt `expr $COUNT + 4` ]; then 155 echo "Error: expected >$COUNT private key entries in the Keychain keystores" 156 RESULT=`$CLEANUP_P12` 157 RESULT=`$CLEANUP_KC` 158 exit 5 159fi 160 161# Export a private key from the keychain (without supplying a password) 162# Access controls have already been lowered (see 'security import ... -A' above) 163 164${TESTJAVA}/bin/javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} -d . ${TESTSRC}/ExportPrivateKeyNoPwd.java || exit 6 165${TESTJAVA}/bin/java ${TESTVMOPTS} ExportPrivateKeyNoPwd x 166if [ $? -ne 0 ]; then 167 echo "Error exporting private key from the temporary keychain" 168 RESULT=`$CLEANUP_P12` 169 RESULT=`$CLEANUP_KC` 170 exit 6 171fi 172echo "Exported a private key from the temporary keychain" 173 174RESULT=`$CLEANUP_P12` 175if [ $? -ne 0 ]; then 176 echo "Error: cannot remove the temporary PKCS12 keystore" 177 exit 7 178fi 179echo "Removed the temporary PKCS12 keystore" 180 181RESULT=`$CLEANUP_KC` 182if [ $? -ne 0 ]; then 183 echo "Error: cannot remove the temporary keychain" 184 exit 8 185fi 186echo "Removed the temporary keychain" 187 188exit 0 189