1#
2# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
3# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4#
5# This code is free software; you can redistribute it and/or modify it
6# under the terms of the GNU General Public License version 2 only, as
7# published by the Free Software Foundation.
8#
9# This code is distributed in the hope that it will be useful, but WITHOUT
10# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12# version 2 for more details (a copy is included in the LICENSE file that
13# accompanied this code).
14#
15# You should have received a copy of the GNU General Public License version
16# 2 along with this work; if not, write to the Free Software Foundation,
17# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18#
19# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20# or visit www.oracle.com if you need additional information or have any
21# questions.
22#
23
24# @test
25# @bug 6825352 6937978
26# @summary support self-issued certificate in keytool and let -gencert generate the chain
27#
28# @run shell selfissued.sh
29#
30
31if [ "${TESTJAVA}" = "" ] ; then
32  JAVAC_CMD=`which javac`
33  TESTJAVA=`dirname $JAVAC_CMD`/..
34fi
35
36# set platform-dependent variables
37OS=`uname -s`
38case "$OS" in
39  Windows_* )
40    FS="\\"
41    ;;
42  * )
43    FS="/"
44    ;;
45esac
46
47KS=selfsigned.jks
48KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS -keyalg rsa"
49
50rm $KS
51
52$KT -alias ca -dname CN=CA -genkeypair
53$KT -alias ca1 -dname CN=CA -genkeypair
54$KT -alias ca2 -dname CN=CA -genkeypair
55$KT -alias e1 -dname CN=E1 -genkeypair
56
57# ca signs ca1, ca1 signs ca2, all self-issued
58$KT -alias ca1 -certreq | $KT -alias ca -gencert -ext san=dns:ca1 \
59        | $KT -alias ca1 -importcert
60$KT -alias ca2 -certreq | $KT -alias ca1 -gencert -ext san=dns:ca2 \
61        | $KT -alias ca2 -importcert
62
63# Import e1 signed by ca2, should add ca2 and ca1, at least 3 certs in the chain
64$KT -alias e1 -certreq | $KT -alias ca2 -gencert > e1.cert
65$KT -alias ca1 -delete
66$KT -alias ca2 -delete
67cat e1.cert | $KT -alias e1 -importcert
68$KT -alias e1 -list -v | grep '\[3\]' || { echo Bad E1; exit 1; }
69
70echo Good
71
72