1
1
/*
2
- * Copyright (c) 2018, 2022 , Oracle and/or its affiliates. All rights reserved.
2
+ * Copyright (c) 2018, 2025 , Oracle and/or its affiliates. All rights reserved.
3
3
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
4
*
5
5
* This code is free software; you can redistribute it and/or modify it
22
22
*/
23
23
24
24
/*
25
- * @test
25
+ * @test id=GenerateOpensslPKCS12
26
26
* @bug 8076190 8242151 8153005 8266182
27
27
* @summary This is java keytool <-> openssl interop test. This test generates
28
28
* some openssl keystores on the fly, java operates on it and
31
31
* Note: This test executes some openssl command, so need to set
32
32
* openssl path using system property "test.openssl.path" or it should
33
33
* be available in /usr/bin or /usr/local/bin
34
- * Required OpenSSL version : OpenSSL 1.1.*
34
+ * Required OpenSSL version : OpensslArtifactFetcher.OPENSSL_BUNDLE_VERSION
35
35
*
36
36
* @modules java.base/sun.security.pkcs
37
37
* java.base/sun.security.util
38
- * @library /test/lib
39
- * @library /sun/security/pkcs11/
40
- * @run main/othervm/timeout=600 KeytoolOpensslInteropTest
38
+ * @library /test/lib /sun/security/pkcs11/
39
+ * @run main/othervm KeytoolOpensslInteropTest true
40
+ */
41
+
42
+ /*
43
+ * @test id=UseExistingPKCS12
44
+ * @bug 8076190 8242151 8153005 8266182
45
+ * @summary This is java keytool <-> openssl interop test. This test uses
46
+ * the existing PKCS12 files located in ./params dir and java operates on it
47
+ *
48
+ * @modules java.base/sun.security.pkcs
49
+ * java.base/sun.security.util
50
+ * @library /test/lib /sun/security/pkcs11/
51
+ * @run main/othervm KeytoolOpensslInteropTest false
41
52
*/
42
53
43
54
import jdk .test .lib .Asserts ;
44
55
import jdk .test .lib .SecurityTools ;
45
56
import jdk .test .lib .process .ProcessTools ;
46
57
import jdk .test .lib .process .OutputAnalyzer ;
47
58
import jdk .test .lib .security .OpensslArtifactFetcher ;
59
+ import jtreg .SkippedException ;
48
60
49
61
import java .io .File ;
50
62
import java .io .FileInputStream ;
67
79
public class KeytoolOpensslInteropTest {
68
80
69
81
public static void main (String [] args ) throws Throwable {
70
- String opensslPath = OpensslArtifactFetcher .getOpenssl1dot1dotStar ();
71
- if (opensslPath != null ) {
72
- // if preferred version of openssl is available perform all
73
- // keytool <-> openssl interop tests
74
- generateInitialKeystores (opensslPath );
75
- testWithJavaCommands ();
76
- testWithOpensslCommands (opensslPath );
82
+ boolean generatePKCS12 = Boolean .parseBoolean (args [0 ]);
83
+ if (generatePKCS12 ) {
84
+ String opensslPath = OpensslArtifactFetcher .getOpensslPath ();
85
+ if (opensslPath != null ) {
86
+ // if the current version of openssl is available, perform all
87
+ // keytool <-> openssl interop tests
88
+ generateInitialKeystores (opensslPath );
89
+ testWithJavaCommands ();
90
+ testWithOpensslCommands (opensslPath );
91
+ } else {
92
+ String exMsg = "Can't find the version: "
93
+ + OpensslArtifactFetcher .getTestOpensslBundleVersion ()
94
+ + " of openssl binary on this machine, please install"
95
+ + " and set openssl path with property 'test.openssl.path'" ;
96
+ throw new SkippedException (exMsg );
97
+ }
77
98
} else {
78
- // since preferred version of openssl is not available skip all
79
- // openssl command dependent tests with a warning
80
- System .out .println ("\n \u001B [31mWarning: Can't find openssl "
81
- + "(version 1.1.*) binary on this machine, please install"
82
- + " and set openssl path with property "
83
- + "'test.openssl.path'. Now running only half portion of "
84
- + "the test, skipping all tests which depends on openssl "
85
- + "commands.\u001B [0m\n " );
99
+ // since this scenario is using preexisting PKCS12, skip all
100
+ // openssl command dependent tests
86
101
// De-BASE64 textual files in ./params to `pwd`
87
102
try (DirectoryStream <Path > stream = Files .newDirectoryStream (
88
103
Path .of (System .getProperty ("test.src" ), "params" ),
@@ -103,6 +118,8 @@ public static void main(String[] args) throws Throwable {
103
118
104
119
private static void generateInitialKeystores (String opensslPath )
105
120
throws Throwable {
121
+ Path providerPath = OpensslArtifactFetcher .getProviderPath (opensslPath );
122
+
106
123
keytool ("-keystore ks -keyalg ec -genkeypair -storepass"
107
124
+ " changeit -alias a -dname CN=A" ).shouldHaveExitValue (0 );
108
125
@@ -123,7 +140,8 @@ private static void generateInitialKeystores(String opensslPath)
123
140
ProcessTools .executeCommand (opensslPath , "pkcs12" , "-export" , "-in" ,
124
141
"kandc" , "-out" , "os4" , "-name" , "a" , "-passout" ,
125
142
"pass:changeit" , "-certpbe" , "PBE-SHA1-RC4-128" , "-keypbe" ,
126
- "PBE-SHA1-RC4-128" , "-macalg" , "SHA224" )
143
+ "PBE-SHA1-RC4-128" , "-macalg" , "SHA224" ,
144
+ "-legacy" , "-provider-path" , providerPath .toString ())
127
145
.shouldHaveExitValue (0 );
128
146
129
147
ProcessTools .executeCommand (opensslPath , "pkcs12" , "-export" , "-in" ,
@@ -480,12 +498,14 @@ private static void testWithOpensslCommands(String opensslPath)
480
498
output1 = ProcessTools .executeCommand (opensslPath , "pkcs12" , "-in" ,
481
499
"ksnopass" , "-passin" , "pass:changeit" , "-info" , "-nokeys" ,
482
500
"-nocerts" );
483
- output1 .shouldNotHaveExitValue (0 );
501
+ output1 .shouldHaveExitValue (0 )
502
+ .shouldContain ("Warning: MAC is absent!" );
484
503
485
504
output1 = ProcessTools .executeCommand (opensslPath , "pkcs12" , "-in" ,
486
505
"ksnopass" , "-passin" , "pass:changeit" , "-info" , "-nokeys" ,
487
506
"-nocerts" , "-nomacver" );
488
507
output1 .shouldHaveExitValue (0 )
508
+ .shouldNotContain ("Warning: MAC is absent!" )
489
509
.shouldNotContain ("PKCS7 Encrypted data:" )
490
510
.shouldContain ("Shrouded Keybag: PBES2, PBKDF2, AES-256-CBC,"
491
511
+ " Iteration 10000, PRF hmacWithSHA256" )
0 commit comments