JNI/JCE: update example certs, JKS, and WKS files. Add method names to

ant test. Update example KeyStore password to longer one for FIPS
compatibility.

examples/certs/keytool-print-wks.sh

@@ -19,18 +19,18 @@ print_wks() {
     fi
 }
 
-print_wks "client.wks" "wolfSSL test"
-print_wks "client-rsa-1024.wks" "wolfSSL test"
-print_wks "client-rsa.wks" "wolfSSL test"
-print_wks "client-ecc.wks" "wolfSSL test"
-print_wks "server.wks" "wolfSSL test"
-print_wks "server-rsa-1024.wks" "wolfSSL test"
-print_wks "server-rsa.wks" "wolfSSL test"
-print_wks "server-ecc.wks" "wolfSSL test"
-print_wks "cacerts.wks" "wolfSSL test"
-print_wks "ca-client.wks" "wolfSSL test"
-print_wks "ca-server.wks" "wolfSSL test"
-print_wks "ca-server-rsa-2048.wks" "wolfSSL test"
-print_wks "ca-server-ecc-256.wks" "wolfSSL test"
+print_wks "client.wks" "wolfsslpassword"
+print_wks "client-rsa-1024.wks" "wolfsslpassword"
+print_wks "client-rsa.wks" "wolfsslpassword"
+print_wks "client-ecc.wks" "wolfsslpassword"
+print_wks "server.wks" "wolfsslpassword"
+print_wks "server-rsa-1024.wks" "wolfsslpassword"
+print_wks "server-rsa.wks" "wolfsslpassword"
+print_wks "server-ecc.wks" "wolfsslpassword"
+print_wks "cacerts.wks" "wolfsslpassword"
+print_wks "ca-client.wks" "wolfsslpassword"
+print_wks "ca-server.wks" "wolfsslpassword"
+print_wks "ca-server-rsa-2048.wks" "wolfsslpassword"
+print_wks "ca-server-ecc-256.wks" "wolfsslpassword"
 
 printf "\nSUCCESS printing all KeyStore files\n"

examples/certs/systemcerts/system-cacerts-to-wks.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 #
 # Script to convert system CA certs KeyStore file from JKS to WKS format
 #
@@ -17,16 +17,21 @@
 #   1. $JAVA_HOME/lib/security/jssecacerts     (JDK 9+)
 #   2. $JAVA_HOME/jre/lib/security/jssecacerts (JDK <= 8)
 #
+# The default cacerts.jks password is 'changeit'. Since wolfCrypt FIPS
+# requires a minimum HMAC key size of 14 bytes, we expand the password
+# to 'changeitchangeit' here to get past the 14 byte limitation when using
+# WKS type.
+#
 
 # Export library paths for Linux and Mac to find shared JNI library
 export LD_LIBRARY_PATH=../../../lib:$LD_LIBRARY_PATH
 export DYLD_LIBRARY_PATH=../../../lib:$DYLD_LIBRARY_PATH
 
 OUTDIR=`pwd`
 
-# ARGS: <input-keystore-name> <output-keystore-name> <password>
+# ARGS: <input-keystore-name> <output-keystore-name> <in-password> <out-password>
 jks_to_wks() {
-    keytool -importkeystore -srckeystore ${1} -destkeystore ${2}.wks -srcstoretype JKS -deststoretype WKS -srcstorepass "$3" -deststorepass "$3" -provider com.wolfssl.provider.jce.WolfCryptProvider --providerpath ../../../lib/wolfcrypt-jni.jar &> /dev/null
+    keytool -importkeystore -srckeystore ${1} -destkeystore ${2}.wks -srcstoretype JKS -deststoretype WKS -srcstorepass "$3" -deststorepass "$3" -deststorepass "$4" -provider com.wolfssl.provider.jce.WolfCryptProvider --providerpath ../../../lib/wolfcrypt-jni.jar &> /dev/null
     if [ $? -ne 0 ]; then
         printf "Failed to convert JKS to WKS!"
         exit 1
@@ -88,44 +93,48 @@ if [ -f "$javaHome/$CACERTS_JDK9" ]; then
     echo "System cacerts found, converting from JKS to WKS:"
     echo "    FROM: $javaHome/$CACERTS_JDK9"
     echo "    TO:   $OUTDIR/cacerts.wks"
-    echo "    PASS (default): changeit"
+    echo "    IN PASS (default): changeit"
+    echo "    OUT PASS: changeitchangeit"
     if [ -f $OUTDIR/cacerts.wks ]; then
         rm $OUTDIR/cacerts.wks
     fi
-    jks_to_wks "$javaHome/$CACERTS_JDK9" "$OUTDIR/cacerts" "changeit"
+    jks_to_wks "$javaHome/$CACERTS_JDK9" "$OUTDIR/cacerts" "changeit" "changeitchangeit"
 fi
 
 if [ -f "$javaHome/$CACERTS_JDK8" ]; then
     echo "System cacerts found, converting from JKS to WKS:"
     echo "    FROM: $javaHome/$CACERTS_JDK8"
     echo "    TO:   $OUTDIR/cacerts.wks"
-    echo "    PASS (default): changeit"
+    echo "    IN PASS (default): changeit"
+    echo "    OUT PASS: changeitchangeit"
     if [ -f $OUTDIR/cacerts.wks ]; then
         rm $OUTDIR/cacerts.wks
     fi
-    jks_to_wks "$javaHome/$CACERTS_JDK8" "$OUTDIR/cacerts" "changeit"
+    jks_to_wks "$javaHome/$CACERTS_JDK8" "$OUTDIR/cacerts" "changeit" "changeitchangeit"
 fi
 
 if [ -f "$javaHome/$JSSECERTS_JDK9" ]; then
     echo "System jssecacerts found, converting from JKS to WKS:"
     echo "    FROM: $javaHome/$JSSECACERTS_JDK9"
     echo "    TO:   $OUTDIR/jssecacerts.wks"
-    echo "    PASS (default): changeit"
+    echo "    IN PASS (default): changeit"
+    echo "    OUT PASS: changeitchangeit"
     if [ -f $OUTDIR/jssecacerts.wks ]; then
         rm $OUTDIR/jssecacerts.wks
     fi
-    jks_to_wks "$javaHome/$JSSECACERTS_JDK9" "$OUTDIR/jssecacerts" "changeit"
+    jks_to_wks "$javaHome/$JSSECACERTS_JDK9" "$OUTDIR/jssecacerts" "changeit" "changeitchangeit"
 fi
 
 if [ -f "$javaHome/$JSSECERTS_JDK8" ]; then
     echo "System jssecacerts found, converting from JKS to WKS:"
     echo "    FROM: $javaHome/$JSSECACERTS_JDK8"
     echo "    TO:   $OUTDIR/jssecacerts.wks"
-    echo "    PASS (default): changeit"
+    echo "    IN PASS (default): changeit"
+    echo "    OUT PASS: changeitchangeit"
     if [ -f $OUTDIR/jssecacerts.wks ]; then
         rm $OUTDIR/jssecacerts.wks
     fi
-    jks_to_wks "$javaHome/$JSSECACERTS_JDK8" "$OUTDIR/jssecacerts" "changeit"
+    jks_to_wks "$javaHome/$JSSECACERTS_JDK8" "$OUTDIR/jssecacerts" "changeit" "changeitchangeit"
 fi
 
 echo ""

examples/certs/update-jks-wks.sh

@@ -1,10 +1,11 @@
 
 # Example KeyStore Update Script
 #
-# This script is Used to update all example JKS stores, using example
+# This script is Used to update all example JKS and WKS stores, using example
 # certificates found in wolfSSL proper.
 #
-# Java KeyStores which this script creates includes:
+# Java KeyStores which this script creates includes the following. WKS
+# versions will also be generated of each of these:
 #
 # client.jks              RSA 2048-bit and ECC client certs:
 #                         client-cert.pem, client-ecc-cert.pem
@@ -37,10 +38,10 @@
 #       be preferred, but older versions of keytool do not support PKCS#12
 #       format. This would cause test failures in those older environments.
 
-printf "Removing and updating JKS stores\n"
+printf "Removing and updating example JKS and WKS KeyStore files\n"
 if [ -z "$1" ]; then
     printf "\tNo directory to certs provided\n"
-    printf "\tExample use ./update-jks.sh ~/wolfssl/certs\n"
+    printf "\tExample use ./update-jks-wks.sh ~/wolfssl/certs\n"
     exit 1;
 fi
 CERT_LOCATION=$1
@@ -84,100 +85,100 @@ jks_to_wks() {
 # Client cert: both RSA 2048-bit and ECC
 printf "\tCreating client.jks ..."
 rm client.jks &> /dev/null
-add_cert_key "client.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfSSL test"
-add_cert_key "client.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
+add_cert_key "client.jks" "/client-cert.pem" "/client-key.pem" "client" "wolfsslpassword"
+add_cert_key "client.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfsslpassword"
 printf "done\n"
 
 # Client cert: RSA, 1024-bit only
 printf "\tCreating client-rsa-1024.jks ..."
 rm client-rsa-1024.jks &> /dev/null
-add_cert_key "client-rsa-1024.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-rsa-1024" "wolfSSL test"
+add_cert_key "client-rsa-1024.jks" "/1024/client-cert.pem" "/1024/client-key.pem" "client-rsa-1024" "wolfsslpassword"
 printf "done\n"
 
 # Client cert: RSA 2048-bit only
 printf "\tCreating client-rsa.jks ..."
 rm client-rsa.jks &> /dev/null
-add_cert_key "client-rsa.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfSSL test"
+add_cert_key "client-rsa.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfsslpassword"
 printf "done\n"
 
 # Client cert: ECC only
 printf "\tCreating client-ecc.jks ..."
 rm client-ecc.jks &> /dev/null
-add_cert_key "client-ecc.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
+add_cert_key "client-ecc.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfsslpassword"
 printf "done\n"
 
 #################### SERVER KEYSTORES ####################
 
 # Server cert: both RSA 2048-bit and ECC
 printf "\tCreating server.jks ..."
 rm server.jks &> /dev/null
-add_cert_key "server.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfSSL test"
-add_cert_key "server.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
+add_cert_key "server.jks" "/server-cert.pem" "/server-key.pem" "server" "wolfsslpassword"
+add_cert_key "server.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfsslpassword"
 printf "done\n"
 
 # Server cert: RSA, 1024-bit only
 printf "\tCreating server-rsa-1024.jks ..."
 rm server-rsa-1024.jks &> /dev/null
-add_cert_key "server-rsa-1024.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfSSL test"
+add_cert_key "server-rsa-1024.jks" "/1024/server-cert.pem" "/1024/server-key.pem" "server-1024" "wolfsslpassword"
 printf "done\n"
 
 # Server cert: RSA, 2048-bit only
 printf "\tCreating server-rsa.jks ..."
 rm server-rsa.jks &> /dev/null
-add_cert_key "server-rsa.jks" "/server-cert.pem" "/server-key.pem" "server-rsa" "wolfSSL test"
+add_cert_key "server-rsa.jks" "/server-cert.pem" "/server-key.pem" "server-rsa" "wolfsslpassword"
 printf "done\n"
 
 # Server cert: ECC only
 printf "\tCreating server-ecc.jks ..."
 rm server-ecc.jks &> /dev/null
-add_cert_key "server-ecc.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfSSL test"
+add_cert_key "server-ecc.jks" "/server-ecc.pem" "/ecc-key.pem" "server-ecc" "wolfsslpassword"
 printf "done\n"
 
 #################### CA CERT KEYSTORES ###################
 
 # Contains all CA certs (RSA and ECC), verifies both client and server certs
 printf "\tCreating cacerts.jks ..."
 rm cacerts.jks &> /dev/null
-add_cert_key "cacerts.jks" "/ca-cert.pem" "/ca-key.pem" "cacert" "wolfSSL test"
-add_cert_key "cacerts.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfSSL test"
-add_cert_key "cacerts.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
-add_cert_key "cacerts.jks" "/ca-cert.pem" "/ca-key.pem" "ca-rsa" "wolfSSL test"
-add_cert_key "cacerts.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test"
-add_cert_key "cacerts.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfSSL test"
+add_cert_key "cacerts.jks" "/ca-cert.pem" "/ca-key.pem" "cacert" "wolfsslpassword"
+add_cert_key "cacerts.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfsslpassword"
+add_cert_key "cacerts.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfsslpassword"
+add_cert_key "cacerts.jks" "/ca-cert.pem" "/ca-key.pem" "ca-rsa" "wolfsslpassword"
+add_cert_key "cacerts.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfsslpassword"
+add_cert_key "cacerts.jks" "/1024/ca-cert.pem" "/1024/ca-key.pem" "ca-1024" "wolfsslpassword"
 printf "done\n"
 
 # Contains CA certs used to verify client certs:
 # client-cert.pem verifies itself (self signed)
 # client-ecc-cert.pem verifies itself (self signed)
 printf "\tCreating ca-client.jks ..."
 rm ca-client.jks &> /dev/null
-add_cert_key "ca-client.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfSSL test"
-add_cert_key "ca-client.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfSSL test"
+add_cert_key "ca-client.jks" "/client-cert.pem" "/client-key.pem" "client-rsa" "wolfsslpassword"
+add_cert_key "ca-client.jks" "/client-ecc-cert.pem" "/ecc-client-key.pem" "client-ecc" "wolfsslpassword"
 printf "done\n"
 
 # Contains CA certs used to verify server certs:
 # ca-cert.pem verifies server-cert.pem
 # ca-ecc-cert.pem verifies server-ecc.pem
 printf "\tCreating ca-server.jks ..."
 rm ca-server.jks &> /dev/null
-add_cert_key "ca-server.jks" "/ca-cert.pem" "/ca-key.pem" "ca-rsa" "wolfSSL test"
-add_cert_key "ca-server.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test"
+add_cert_key "ca-server.jks" "/ca-cert.pem" "/ca-key.pem" "ca-rsa" "wolfsslpassword"
+add_cert_key "ca-server.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfsslpassword"
 printf "done\n"
 
 # Contains CA cert used to verify RSA 2048-bit server cert:
 # ca-cert.pem verifies server-cert.pem
 printf "\tCreating ca-server-rsa-2048.jks ..."
 rm ca-server-rsa-2048.jks &> /dev/null
-#add_cert_key "ca-server-rsa-2048.jks" "/ca-cert.pem" "/ca-key.pem" "ca-rsa" "wolfSSL test"
-add_cert "ca-server-rsa-2048.jks" "/ca-cert.pem" "ca-rsa" "wolfSSL test"
+#add_cert_key "ca-server-rsa-2048.jks" "/ca-cert.pem" "/ca-key.pem" "ca-rsa" "wolfsslpassword"
+add_cert "ca-server-rsa-2048.jks" "/ca-cert.pem" "ca-rsa" "wolfsslpassword"
 printf "done\n"
 
 # Contains CA cert used to verify ECC P-256 server cert:
 # ca-ecc-cert.pem verifies server-ecc.pem
 printf "\tCreating ca-server-ecc-256.jks ..."
 rm ca-server-ecc-256.jks &> /dev/null
-#add_cert_key "ca-server-ecc-256.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfSSL test"
-add_cert "ca-server-ecc-256.jks" "/ca-ecc-cert.pem" "ca-ecc" "wolfSSL test"
+#add_cert_key "ca-server-ecc-256.jks" "/ca-ecc-cert.pem" "/ca-ecc-key.pem" "ca-ecc" "wolfsslpassword"
+add_cert "ca-server-ecc-256.jks" "/ca-ecc-cert.pem" "ca-ecc" "wolfsslpassword"
 printf "done\n"
 
 ################### CONVERT JKS TO WKS ###################
@@ -186,66 +187,66 @@ printf "\nConverting keystores from JKS to WKS ...\n"
 
 printf "\tCreating client.wks ..."
 rm client.wks &> /dev/null
-jks_to_wks "client" "wolfSSL test"
+jks_to_wks "client" "wolfsslpassword"
 printf "done\n"
 
 printf "\tCreating client-rsa-1024.wks ..."
 rm client-rsa-1024.wks &> /dev/null
-jks_to_wks "client-rsa-1024" "wolfSSL test"
+jks_to_wks "client-rsa-1024" "wolfsslpassword"
 printf "done\n"
 
 printf "\tCreating client-rsa.wks ..."
 rm client-rsa.wks &> /dev/null
-jks_to_wks "client-rsa" "wolfSSL test"
+jks_to_wks "client-rsa" "wolfsslpassword"
 printf "done\n"
 
 printf "\tCreating client-ecc.wks ..."
 rm client-ecc.wks &> /dev/null
-jks_to_wks "client-ecc" "wolfSSL test"
+jks_to_wks "client-ecc" "wolfsslpassword"
 printf "done\n"
 
 printf "\tCreating server.wks ..."
 rm server.wks &> /dev/null
-jks_to_wks "server" "wolfSSL test"
+jks_to_wks "server" "wolfsslpassword"
 printf "done\n"
 
 printf "\tCreating server-rsa-1024.wks ..."
 rm server-rsa-1024.wks &> /dev/null
-jks_to_wks "server-rsa-1024" "wolfSSL test"
+jks_to_wks "server-rsa-1024" "wolfsslpassword"
 printf "done\n"
 
 printf "\tCreating server-rsa.wks ..."
 rm server-rsa.wks &> /dev/null
-jks_to_wks "server-rsa" "wolfSSL test"
+jks_to_wks "server-rsa" "wolfsslpassword"
 printf "done\n"
 
 printf "\tCreating server-ecc.wks ..."
 rm server-ecc.wks &> /dev/null
-jks_to_wks "server-ecc" "wolfSSL test"
+jks_to_wks "server-ecc" "wolfsslpassword"
 printf "done\n"
 
 printf "\tCreating cacerts.wks ..."
 rm cacerts.wks &> /dev/null
-jks_to_wks "cacerts" "wolfSSL test"
+jks_to_wks "cacerts" "wolfsslpassword"
 printf "done\n"
 
 printf "\tCreating ca-client.wks ..."
 rm ca-client.wks &> /dev/null
-jks_to_wks "ca-client" "wolfSSL test"
+jks_to_wks "ca-client" "wolfsslpassword"
 printf "done\n"
 
 printf "\tCreating ca-server.wks ..."
 rm ca-server.wks &> /dev/null
-jks_to_wks "ca-server" "wolfSSL test"
+jks_to_wks "ca-server" "wolfsslpassword"
 printf "done\n"
 
 printf "\tCreating ca-server-rsa-2048.wks ..."
 rm ca-server-rsa-2048.wks &> /dev/null
-jks_to_wks "ca-server-rsa-2048" "wolfSSL test"
+jks_to_wks "ca-server-rsa-2048" "wolfsslpassword"
 printf "done\n"
 
 printf "\tCreating ca-server-ecc-256.wks ..."
 rm ca-server-ecc-256.wks &> /dev/null
-jks_to_wks "ca-server-ecc-256" "wolfSSL test"
+jks_to_wks "ca-server-ecc-256" "wolfsslpassword"
 printf "done\n"
 

examples/provider/WolfSSLKeyStoreExample.java

@@ -46,7 +46,7 @@
 public class WolfSSLKeyStoreExample {
 
     /* KeyStore password */
-    static String storePass = "wolfSSL test";
+    static String storePass = "wolfsslpassword";
 
     /* KeyStore output file */
     static String wksFile = "wolfssl.wks";

src/test/java/com/wolfssl/provider/jce/test/WolfCryptCipherTest.java

@@ -22,6 +22,10 @@
 package com.wolfssl.provider.jce.test;
 
 import static org.junit.Assert.*;
+import org.junit.Rule;
+import org.junit.rules.TestRule;
+import org.junit.rules.TestWatcher;
+import org.junit.runner.Description;
 import org.junit.Test;
 import org.junit.BeforeClass;
 
@@ -90,10 +94,19 @@ public class WolfCryptCipherTest {
     /* One static SecureRandom to share */
     private static SecureRandom secureRandom = new SecureRandom();
 
+    @Rule(order = Integer.MIN_VALUE)
+    public TestRule testWatcher = new TestWatcher() {
+        protected void starting(Description desc) {
+            System.out.println("\t" + desc.getMethodName());
+        }
+    };
+
     @BeforeClass
     public static void testProviderInstallationAtRuntime()
         throws NoSuchProviderException, NoSuchPaddingException {
 
+        System.out.println("JCE WolfCryptCipher Class");
+
         /* install wolfJCE provider at runtime */
         Security.insertProviderAt(new WolfCryptProvider(), 1);