1#
2# Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
3# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4#
5# This code is free software; you can redistribute it and/or modify it
6# under the terms of the GNU General Public License version 2 only, as
7# published by the Free Software Foundation.
8#
9# This code is distributed in the hope that it will be useful, but WITHOUT
10# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12# version 2 for more details (a copy is included in the LICENSE file that
13# accompanied this code).
14#
15# You should have received a copy of the GNU General Public License version
16# 2 along with this work; if not, write to the Free Software Foundation,
17# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18#
19# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20# or visit www.oracle.com if you need additional information or have any
21# questions.
22#
23
24# @test
25# @bug 7133495 8041740 8062264 8046777
26# @summary [macosx] KeyChain KeyStore implementation retrieves only one private key entry
27
28if [ "${TESTJAVA}" = "" ] ; then
29    JAVAC_CMD=`which javac`
30    TESTJAVA=`dirname $JAVAC_CMD`/..
31fi
32
33if [ "${TESTSRC}" = "" ] ; then
34    TESTSRC="."
35fi
36if [ "${TESTCLASSES}" = "" ] ; then
37    TESTCLASSES=`pwd`
38fi
39
40# Only run on MacOS
41OS=`uname -s`
42case "$OS" in
43    Darwin )
44        ;;
45    * )
46        echo "Will not run test on: ${OS}"
47        exit 0;
48        ;;
49esac
50
51PWD="xxxxxx"
52KEYTOOL="${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -storetype KeychainStore -keystore NONE -storepass $PWD"
53TEMPORARY_P12="$TESTCLASSES/7133495.p12"
54TEMPORARY_KC="$TESTCLASSES/7133495.keychain"
55TEMPORARY_LIST="$TESTCLASSES/7133495.tmp"
56CLEANUP_P12="rm -f $TEMPORARY_P12"
57CLEANUP_KC="security delete-keychain $TEMPORARY_KC"
58CLEANUP_LIST="rm -f $TEMPORARY_LIST"
59
60# Count the number of private key entries in the Keychain keystores
61
62COUNT=`$KEYTOOL -list | grep PrivateKeyEntry | wc -l`
63echo "Found $COUNT private key entries in the Keychain keystores"
64
65# Create a temporary PKCS12 keystore containing 3 public/private keypairs
66
67RESULT=`$CLEANUP_P12`
68
69for i in X Y Z
70do
71    ${TESTJAVA}/bin/keytool ${TESTTOOLVMOPTS} -genkeypair \
72        -storetype PKCS12 \
73        -keystore $TEMPORARY_P12 \
74        -storepass $PWD \
75        -keyalg rsa \
76        -dname "CN=$i,OU=$i,O=$i,ST=$i,C=US" \
77        -alias 7133495-$i
78
79    if [ $? -ne 0 ]; then
80        echo "Error: cannot create keypair $i in the temporary PKCS12 keystore"
81        RESULT=`$CLEANUP_P12`
82        exit 1
83    fi
84done
85echo "Created a temporary PKCS12 keystore: $TEMPORARY_P12"
86
87# Create a temporary keychain
88
89security create-keychain -p $PWD $TEMPORARY_KC
90if [ $? -ne 0 ]; then
91    echo "Error: cannot create the temporary keychain"
92    RESULT=`$CLEANUP_P12`
93    exit 2
94fi
95echo "Created a temporary keychain: $TEMPORARY_KC"
96
97# Unlock the temporary keychain
98
99security unlock-keychain -p $PWD $TEMPORARY_KC
100if [ $? -ne 0 ]; then
101    echo "Error: cannot unlock the temporary keychain"
102    RESULT=`$CLEANUP_P12`
103    RESULT=`$CLEANUP_KC`
104    exit 3
105fi
106echo "Unlocked the temporary keychain"
107
108# Import the keypairs from the PKCS12 keystore into the keychain
109# (The '-A' option is used to lower the temporary keychain's access controls)
110
111security import $TEMPORARY_P12 -k $TEMPORARY_KC -f pkcs12 -P $PWD -A
112if [ $? -ne 0 ]; then
113    echo "Error: cannot import keypairs from PKCS12 keystore into the keychain"
114    RESULT=`$CLEANUP_P12`
115    RESULT=`$CLEANUP_KC`
116    exit 4
117fi
118echo "Imported keypairs from PKCS12 keystore into the keychain"
119
120# Generate a 2048-bit RSA keypair and import into the temporary keychain
121# (its private key is configured with non-default key usage settings)
122
123certtool c k=$TEMPORARY_KC <<EOF
124test
125r
1262048
127y
128b
129s
130y
131A
132US
133A
134A
135
136
137y
138EOF
139
140# Adjust the keychain search order
141
142echo "\"$TEMPORARY_KC\"" > $TEMPORARY_LIST
143security list-keychains >> $TEMPORARY_LIST
144security list-keychains -s `xargs < ${TEMPORARY_LIST}`
145`$CLEANUP_LIST`
146echo "Temporary keychain search order:"
147security list-keychains
148
149# Recount the number of private key entries in the Keychain keystores
150# (3 private keys imported from PKCS12, 1 private key generated by 'certtool')
151
152RECOUNT=`$KEYTOOL -list | grep PrivateKeyEntry | wc -l`
153echo "Found $RECOUNT private key entries in the Keychain keystore"
154if [ $RECOUNT -lt `expr $COUNT + 4` ]; then
155    echo "Error: expected >$COUNT private key entries in the Keychain keystores"
156    RESULT=`$CLEANUP_P12`
157    RESULT=`$CLEANUP_KC`
158    exit 5
159fi
160
161# Export a private key from the keychain (without supplying a password)
162# Access controls have already been lowered (see 'security import ... -A' above)
163
164${TESTJAVA}/bin/javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} -d . ${TESTSRC}/ExportPrivateKeyNoPwd.java || exit 6
165${TESTJAVA}/bin/java ${TESTVMOPTS} ExportPrivateKeyNoPwd x
166if [ $? -ne 0 ]; then
167    echo "Error exporting private key from the temporary keychain"
168    RESULT=`$CLEANUP_P12`
169    RESULT=`$CLEANUP_KC`
170    exit 6
171fi
172echo "Exported a private key from the temporary keychain"
173
174RESULT=`$CLEANUP_P12`
175if [ $? -ne 0 ]; then
176    echo "Error: cannot remove the temporary PKCS12 keystore"
177    exit 7
178fi
179echo "Removed the temporary PKCS12 keystore"
180
181RESULT=`$CLEANUP_KC`
182if [ $? -ne 0 ]; then
183    echo "Error: cannot remove the temporary keychain"
184    exit 8
185fi
186echo "Removed the temporary keychain"
187
188exit 0
189