annotate test/jdk/javax/net/ssl/etc/README @ 49578:7c82bb507446

8190333: sun/security/ssl/X509KeyManager/PreferredKey.java failed with "Failed to get the preferable key aliases" Reviewed-by: mullan
author amjiang
date Tue, 10 Apr 2018 18:16:12 -0700
parents 3739268c203f
children 68fa3d4026ea
rev   line source
xuelei@38380 1 Keystores used for the JSSE regression test suite.
xuelei@38380 2
xuelei@38380 3 keystore
xuelei@38380 4 truststore
xuelei@38380 5 ==========
xuelei@38380 6
xuelei@38380 7 These are the primary two keystores and contain entries for testing most
xuelei@38380 8 of the JSSE regression test files. There are three entries, one RSA-based,
xuelei@38380 9 one DSA-based and one EC-based. If they expire, simply recreate them
xuelei@38380 10 using keytool and most of the test cases should work.
xuelei@38380 11
xuelei@38380 12 The password on both files is:
xuelei@38380 13
xuelei@38380 14 passphrase
xuelei@38380 15
xuelei@38380 16 There are no individual key entry passwords at this time.
xuelei@38380 17
xuelei@38380 18
xuelei@38380 19 keystore entries
xuelei@38380 20 ================
xuelei@38380 21
xuelei@38380 22 Alias name: dummy
xuelei@38380 23 -----------------
xuelei@38380 24 Creation date: May 16, 2016
xuelei@38380 25 Entry type: PrivateKeyEntry
xuelei@38380 26 Certificate chain length: 1
xuelei@38380 27 Certificate[1]:
xuelei@38380 28 Owner: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US
xuelei@38380 29 Issuer: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US
xuelei@38380 30 Serial number: 57399b87
xuelei@38380 31 Valid from: Mon May 16 10:06:38 UTC 2016 until: Sat May 16 10:06:38 UTC 2026
xuelei@38380 32 Signature algorithm name: SHA256withRSA
xuelei@38380 33 Version: 1
xuelei@38380 34
xuelei@38380 35 This can be generated using hacked (update the keytool source code so that
xuelei@38380 36 it can be used for version 1 X.509 certificate) keytool command:
xuelei@38380 37 % keytool -genkeypair -alias dummy -keyalg RSA -keysize 2048 \
xuelei@38380 38 -sigalg SHA256withRSA \
xuelei@38380 39 -dname "CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US" \
xuelei@38380 40 -validity 3652 -keypass passphrase -keystore keystore -storepass passphrase
xuelei@38380 41
xuelei@38380 42
xuelei@38380 43 Alias name: dummyecdsa
xuelei@38380 44 ----------------------
xuelei@38380 45 Creation date: May 16, 2016
xuelei@38380 46 Entry type: PrivateKeyEntry
xuelei@38380 47 Certificate chain length: 1
xuelei@38380 48 Certificate[1]:
xuelei@38380 49 Owner: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US
xuelei@38380 50 Issuer: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US
xuelei@38380 51 Serial number: 57399c1d
xuelei@38380 52 Valid from: Mon May 16 10:09:01 UTC 2016 until: Sat May 16 10:09:01 UTC 2026
xuelei@38380 53 Signature algorithm name: SHA256withECDSA
xuelei@38380 54 Version: 1
xuelei@38380 55
xuelei@38380 56 This can be generated using hacked (update the keytool source code so that
xuelei@38380 57 it can be used for version 1 X.509 certificate) keytool command:
xuelei@38380 58 % keytool -genkeypair -alias dummy -keyalg EC -keysize 256 \
xuelei@38380 59 -sigalg SHA256withECDSA \
xuelei@38380 60 -dname "CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US" \
xuelei@38380 61 -validity 3652 -keypass passphrase -keystore keystore -storepass passphrase
xuelei@38380 62
xuelei@38380 63 Alias name: dummydsa
xuelei@38380 64 --------------------
amjiang@49578 65 Creation date: Mar 29, 2018
xuelei@38380 66 Entry type: PrivateKeyEntry
xuelei@38380 67 Certificate chain length: 1
xuelei@38380 68 Certificate[1]:
xuelei@38380 69 Owner: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US
xuelei@38380 70 Issuer: CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US
amjiang@49578 71 Serial number: 324d85f0
amjiang@49578 72 Valid from: Thu Mar 29 16:06:34 PDT 2018 until: Tue Mar 28 16:06:34 PDT 2028
amjiang@49578 73 Signature algorithm name: SHA256withDSA
amjiang@49578 74 Version: 3
xuelei@38380 75
xuelei@38380 76 This can be generated using hacked (update the keytool source code so that
xuelei@38380 77 it can be used for version 1 X.509 certificate) keytool command:
amjiang@49578 78 % keytool -genkeypair -alias dummydsa -keyalg DSA -keysize 1024 \
amjiang@49578 79 -sigalg SHA256withDSA \
xuelei@38380 80 -dname "CN=dummy.example.com, OU=Dummy, O=Dummy, L=Cupertino, ST=CA, C=US" \
xuelei@38380 81 -validity 3652 -keypass passphrase -keystore keystore -storepass passphrase
xuelei@38380 82
xuelei@38380 83
xuelei@38380 84 truststore entries
xuelei@38380 85 ==================
xuelei@38380 86 This key store contains only trusted certificate entries. The same
xuelei@38380 87 certificates are used in both keystore and truststore.
xuelei@38380 88
xuelei@38380 89
xuelei@38380 90 unknown_keystore
xuelei@38380 91 ================
xuelei@38380 92 A keystore you can use when you don't want things to be verified.
xuelei@38380 93 Use this with keystore/truststore, and you'll never get a match.