1# 2# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. 3# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4# 5# This code is free software; you can redistribute it and/or modify it 6# under the terms of the GNU General Public License version 2 only, as 7# published by the Free Software Foundation. 8# 9# This code is distributed in the hope that it will be useful, but WITHOUT 10# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12# version 2 for more details (a copy is included in the LICENSE file that 13# accompanied this code). 14# 15# You should have received a copy of the GNU General Public License version 16# 2 along with this work; if not, write to the Free Software Foundation, 17# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18# 19# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20# or visit www.oracle.com if you need additional information or have any 21# questions. 22# 23 24# @test 25# @bug 6825352 6937978 26# @summary support self-issued certificate in keytool and let -gencert generate the chain 27# 28# @run shell selfissued.sh 29# 30 31if [ "${TESTJAVA}" = "" ] ; then 32 JAVAC_CMD=`which javac` 33 TESTJAVA=`dirname $JAVAC_CMD`/.. 34fi 35 36# set platform-dependent variables 37OS=`uname -s` 38case "$OS" in 39 Windows_* ) 40 FS="\\" 41 ;; 42 * ) 43 FS="/" 44 ;; 45esac 46 47KS=selfsigned.jks 48KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS -keyalg rsa" 49 50rm $KS 51 52$KT -alias ca -dname CN=CA -genkeypair 53$KT -alias ca1 -dname CN=CA -genkeypair 54$KT -alias ca2 -dname CN=CA -genkeypair 55$KT -alias e1 -dname CN=E1 -genkeypair 56 57# ca signs ca1, ca1 signs ca2, all self-issued 58$KT -alias ca1 -certreq | $KT -alias ca -gencert -ext san=dns:ca1 \ 59 | $KT -alias ca1 -importcert 60$KT -alias ca2 -certreq | $KT -alias ca1 -gencert -ext san=dns:ca2 \ 61 | $KT -alias ca2 -importcert 62 63# Import e1 signed by ca2, should add ca2 and ca1, at least 3 certs in the chain 64$KT -alias e1 -certreq | $KT -alias ca2 -gencert > e1.cert 65$KT -alias ca1 -delete 66$KT -alias ca2 -delete 67cat e1.cert | $KT -alias e1 -importcert 68$KT -alias e1 -list -v | grep '\[3\]' || { echo Bad E1; exit 1; } 69 70echo Good 71 72