1 /* 2 * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 8048622 8134232 27 * @summary Checks that PKCS#11 keystore can't be loaded with wrong password 28 * @library ../ 29 * @modules jdk.crypto.token 30 * @run main/othervm LoadKeystore 31 * @run main/othervm LoadKeystore sm policy 32 */ 33 34 import java.io.File; 35 import java.io.IOException; 36 import java.security.KeyStore; 37 import java.security.KeyStoreException; 38 import java.security.Provider; 39 import java.security.Security; 40 import java.security.UnrecoverableKeyException; 41 import java.util.Collections; 42 43 public class LoadKeystore extends SecmodTest { 44 45 public static void main(String[] args) throws Exception { 46 if (!initSecmod()) { 47 return; 48 } 49 50 String configName = BASE + SEP + "nss.cfg"; 51 Provider p = getSunPKCS11(configName); 52 53 System.out.println("Add provider " + p); 54 System.out.println(); 55 Security.addProvider(p); 56 57 if (args.length > 1 && "sm".equals(args[0])) { 58 System.setProperty("java.security.policy", 59 BASE + File.separator + args[1]); 60 System.setSecurityManager(new SecurityManager()); 61 } 62 63 try { 64 System.out.println("Load keystore with wrong type"); 65 KeyStore.getInstance("unknown", p); 66 throw new RuntimeException("Expected exception not thrown"); 67 } catch(KeyStoreException e) { 68 System.out.println("Expected exception: " + e); 69 } 70 71 KeyStore ks = KeyStore.getInstance("PKCS11", p); 72 if (!"PKCS11".equals(ks.getType())) { 73 throw new RuntimeException("Unexpected keystore type: " 74 + ks.getType()); 75 } 76 if (!p.equals(ks.getProvider())) { 77 throw new RuntimeException("Unexpected keystore provider: " 78 + ks.getProvider()); 79 } 80 81 try { 82 System.out.println("Load keystore with wrong password"); 83 ks.load(null, "wrong".toCharArray()); 84 throw new RuntimeException("Expected exception not thrown"); 85 } catch(IOException e) { 86 System.out.println("Expected exception: " + e); 87 Throwable cause = e.getCause(); 88 if (!(cause instanceof UnrecoverableKeyException)) { 89 e.printStackTrace(System.out); 90 throw new RuntimeException("Unexpected cause: " + cause); 91 } 92 System.out.println("Expected cause: " + cause); 93 } 94 95 System.out.println("Load keystore with correct password"); 96 ks.load(null, password); 97 for (String alias : Collections.list(ks.aliases())) { 98 System.out.println("Alias: " + alias); 99 } 100 101 System.out.println("Test passed"); 102 } 103 104 }