1 /* 2 * Copyright (c) 2013, 2015 Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 8005408 8079129 8048830 27 * @summary KeyStore API enhancements 28 * @run main StoreSecretKeyTest 29 */ 30 31 import java.io.*; 32 import java.security.*; 33 import java.security.cert.*; 34 import java.security.cert.Certificate; 35 import java.util.*; 36 import javax.crypto.*; 37 import javax.crypto.spec.*; 38 39 // Store a secret key in a keystore and retrieve it again. 40 41 public class StoreSecretKeyTest { 42 private final static String DIR = System.getProperty("test.src", "."); 43 private static final char[] PASSWORD = "passphrase".toCharArray(); 44 private static final String KEYSTORE = "keystore.p12"; 45 private static final String CERT = DIR + "/trusted.pem"; 46 private static final String ALIAS = "my trusted cert"; 47 private static final String ALIAS2 = "my secret key"; 48 private enum ALGORITHM { 49 DES(56), 50 DESede(168), 51 AES(128); 52 final int len; 53 ALGORITHM(int l) { 54 len = l; 55 } 56 final int getLength() { 57 return len; 58 } 59 } 60 public static void main(String[] args) throws Exception { 61 boolean isSecretkeyAlgSupported = false; 62 // Skip test if AES is unavailable 63 try { 64 SecretKeyFactory.getInstance("AES"); 65 } catch (NoSuchAlgorithmException nsae) { 66 System.out.println("AES is unavailable. Skipping test..."); 67 return; 68 } 69 70 for (ALGORITHM alg : ALGORITHM.values()) { 71 isSecretkeyAlgSupported |= testSecretKeyAlgorithm(alg); 72 } 73 if (!isSecretkeyAlgSupported) { 74 throw new Exception("None of the SecretKey algorithms is " 75 + "supported"); 76 } 77 } 78 79 private static boolean testSecretKeyAlgorithm(ALGORITHM algorithm) throws 80 Exception { 81 82 System.out.println("Testing algorithm : " + algorithm.name()); 83 new File(KEYSTORE).delete(); 84 try { 85 KeyStore keystore = KeyStore.getInstance("PKCS12"); 86 keystore.load(null, null); 87 88 // Set trusted certificate entry 89 Certificate cert = loadCertificate(CERT); 90 keystore.setEntry(ALIAS, 91 new KeyStore.TrustedCertificateEntry(cert), null); 92 // Set secret key entry 93 SecretKey secretKey = generateSecretKey(algorithm.name(), 94 algorithm.len); 95 if(secretKey == null) { 96 return false; 97 } 98 keystore.setEntry(ALIAS2, 99 new KeyStore.SecretKeyEntry(secretKey), 100 new KeyStore.PasswordProtection(PASSWORD)); 101 102 try (FileOutputStream outStream = new FileOutputStream(KEYSTORE)) { 103 System.out.println("Storing keystore to: " + KEYSTORE); 104 keystore.store(outStream, PASSWORD); 105 } 106 107 try (FileInputStream inStream = new FileInputStream(KEYSTORE)) { 108 System.out.println("Loading keystore from: " + KEYSTORE); 109 keystore.load(inStream, PASSWORD); 110 System.out.println("Loaded keystore with " + keystore.size() + 111 " entries"); 112 } 113 114 KeyStore.Entry entry = keystore.getEntry(ALIAS2, 115 new KeyStore.PasswordProtection(PASSWORD)); 116 System.out.println("Retrieved entry: " + entry); 117 118 if (entry instanceof KeyStore.SecretKeyEntry) { 119 System.out.println("Retrieved secret key entry: " + entry); 120 } else { 121 throw new Exception("Not a secret key entry"); 122 } 123 } catch (KeyStoreException | UnrecoverableKeyException ex) { 124 System.out.println("Unable to check SecretKey algorithm due to " 125 + "exception: " + ex.getMessage()); 126 return false; 127 } 128 return true; 129 } 130 131 private static SecretKey generateSecretKey(String algorithm, int size) 132 throws NoSuchAlgorithmException { 133 KeyGenerator generator = KeyGenerator.getInstance(algorithm); 134 generator.init(size); 135 return generator.generateKey(); 136 } 137 138 private static Certificate loadCertificate(String certFile) 139 throws Exception { 140 X509Certificate cert = null; 141 try (FileInputStream certStream = new FileInputStream(certFile)) { 142 CertificateFactory factory = 143 CertificateFactory.getInstance("X.509"); 144 return factory.generateCertificate(certStream); 145 } 146 } 147 }