diff --git a/security/jss/org/mozilla/jss/tests/KeyStoreTest.java b/security/jss/org/mozilla/jss/tests/KeyStoreTest.java new file mode 100644 index 00000000000..bd8908e64c4 --- /dev/null +++ b/security/jss/org/mozilla/jss/tests/KeyStoreTest.java @@ -0,0 +1,237 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is Network Security Services for Java. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 2002 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +package org.mozilla.jss.tests; + +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.CryptoToken; +import org.mozilla.jss.crypto.KeyGenerator; +import org.mozilla.jss.crypto.KeyGenAlgorithm; +import org.mozilla.jss.crypto.SecretKeyFacade; +import org.mozilla.jss.pkcs11.PK11Token; +import org.mozilla.jss.util.ConsolePasswordCallback; +import java.security.*; +import java.security.cert.CertificateFactory; +import java.util.Enumeration; +import java.security.cert.Certificate; +import java.io.*; +import javax.crypto.SecretKey; + +public class KeyStoreTest { + + public static void printUsage() { + System.out.println("Usage: KeyStoreTest " + + " [...]"); + System.out.println("Operations:\n" + + "getAliases\n" + + "deleteEntry . . .\n" + + "getCertByName . . .\n" + + "getCertByDER \n" + + "getKey \n" + + "addKey \n" + + "isTrustedCert \n"); + } + + public static void main(String argv[]) { + try { + + if( argv.length < 2 ) { + printUsage(); + System.exit(1); + } + + String op = argv[1]; + String[] args = new String[ argv.length - 2 ]; + for(int i=2; i < argv.length; ++i) { + args[i-2] = argv[i]; + } + + CryptoManager.initialize(argv[0]); + CryptoManager cm = CryptoManager.getInstance(); + + + // login to the token + CryptoToken token = cm.getInternalKeyStorageToken(); + //CryptoToken token = cm.getTokenByName("Builtin Object Token"); + try { + token.login(new ConsolePasswordCallback()); + } catch(PK11Token.NotInitializedException ex) { } + cm.setThreadToken(token); + + KeyStore ks = KeyStore.getInstance("Mozilla-JSS"); + ks.load(null, null); + + if( op.equalsIgnoreCase("getAliases") ) { + dumpAliases(ks); + } else if( op.equalsIgnoreCase("deleteEntry") ) { + for(int j=0; j < args.length; ++j) { + ks.deleteEntry(args[j]); + } + } else if( op.equalsIgnoreCase("getCertByName") ) { + for(int j=0; j < args.length; ++j) { + dumpCert(ks, args[j]); + } + } else if( op.equalsIgnoreCase("getCertByDER") ) { + if( args.length < 1 ) { + printUsage(); + System.exit(1); + } + getCertByDER(ks, args[0]); + } else if( op.equalsIgnoreCase("getKey") ) { + if( args.length != 1 ) { + printUsage(); + System.exit(1); + } + getKey(ks, args[0]); + } else if( op.equalsIgnoreCase("isTrustedCert") ) { + if( args.length != 1 ) { + printUsage(); + System.exit(1); + } + isTrustedCert(ks, args[0]); + } else if( op.equalsIgnoreCase("addKey") ) { + if( args.length != 1 ) { + printUsage(); + System.exit(1); + } + addKey(ks, args[0]); + } else { + printUsage(); + System.exit(1); + } + + } catch(Throwable t) { + t.printStackTrace(); + System.exit(1); + } + } + + public static void dumpCert(KeyStore ks, String alias) + throws Throwable + { + Certificate cert = ks.getCertificate(alias); + if( cert == null ) { + System.out.println("Certificate with alias \"" + alias + + "\" not found"); + } else { + System.out.println(cert.toString()); + } + } + + public static void dumpAliases(KeyStore ks) throws Throwable { + Enumeration aliases = ks.aliases(); + + System.out.println("Aliases:"); + while( aliases.hasMoreElements() ) { + String alias = (String) aliases.nextElement(); + System.out.println( "\"" + alias + "\""); + } + System.out.println(); + } + + public static void getCertByDER(KeyStore ks, String derCertFilename) + throws Throwable { + + FileInputStream fis = new FileInputStream(derCertFilename); + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + byte[] buf = new byte[1024]; + int numRead; + + while( (numRead = fis.read(buf)) != -1 ) { + bos.write(buf, 0, numRead); + } + ByteArrayInputStream bis = new ByteArrayInputStream(bos.toByteArray()); + + CertificateFactory fact = CertificateFactory.getInstance("X.509"); + Certificate cert = fact.generateCertificate( bis ); + + String nick = ks.getCertificateAlias(cert); + + if( nick == null ) { + System.out.println("No matching certificate was found."); + } else { + System.out.println("Found matching certificate \"" + nick + "\""); + } + } + + public static void getKey(KeyStore ks, String alias) + throws Throwable { + + Key key = ks.getKey(alias, null); + + if( key == null ) { + System.out.println("Could not find key for alias \"" + + alias + "\""); + System.exit(1); + } else { + String clazz = key.getClass().getName(); + System.out.println("Found " + clazz + " for alias \"" + + alias + "\""); + } + } + + public static void isTrustedCert(KeyStore ks, String alias) + throws Throwable { + + if( ks.isCertificateEntry(alias) ) { + System.out.println("\"" + alias + "\" is a trusted certificate" + + " entry"); + } else { + System.out.println("\"" + alias + "\" is NOT a trusted certificate" + + " entry"); + } + } + + public static void addKey(KeyStore ks, String alias) + throws Throwable + { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", + "Mozilla-JSS"); + + kpg.initialize(1024); + KeyPair pair = kpg.genKeyPair(); + Certificate [] certs = new Certificate[1]; + + ks.setKeyEntry(alias, pair.getPrivate(), null, certs); + + CryptoManager cm = CryptoManager.getInstance(); + CryptoToken tok = cm.getInternalKeyStorageToken(); + KeyGenerator kg = tok.getKeyGenerator( KeyGenAlgorithm.DES3 ); + SecretKey key = new SecretKeyFacade(kg.generate()); + + ks.setKeyEntry(alias+"sym", key, null, null); + } +}