github.com/Venafi/vcert/v5@v5.10.2/aruba/features/format/jks.feature (about) 1 Feature: JKS format output 2 3 As user, I need VCert to output my certificate, private key, and chain certificates in the JKS format 4 required by my application so that I don't have to use OpenSSL to combine the individual PEM files generated 5 by VCert into a PKCS#12 keystore and then use the Java KeyTool to convert the PKCS#12 keystore to a Java keystore. 6 7 - User requests JKS by specifying "jks" after the -format switch 8 9 - User must use the -file switch to specify the name of the keystore file when they specify -format jks 10 (i.e. neither the -cert-file, -key-file, nor -chain-file switches may appear on the command line, 11 and console output as a base64 encoded blob will not be supported). 12 13 - User always will be request for a password of at least 6 characters when he request a JKS file so it isn't possible to use the -no-prompt switch 14 15 - User specifies the password for the JKS file and the key entry, conformed by the private key, the certificate and the chain certificates, using, preferable, 16 the -jks-password or alternatively the -key-password switch 17 18 - User must use the -jks-alias switch to provide the alias for the jks entry that will be conformed by the private key, the certificate and the chain certificates 19 20 - JKS format is not allowed for the enroll or renew actions when -csr is "file" 21 22 - JKS format is not allowed for the enroll or renew action when -csr is "local" (or not specified) 23 and the -no-pickup switch is used 24 25 - JKS format is only allowed for the pickup action when the private key is stored in the Venafi Platform 26 27 28 Background: 29 And the default aruba exit timeout is 180 seconds 30 31 @FAKE 32 Scenario: where it outputs error if JKS format is specified, but STDOUT output is used (default output) 33 When I enroll random certificate in test-mode with -no-prompt -format jks 34 Then it should fail with "JKS format requires certificate, private key, and chain to be written to a single file; specify using --file" 35 When I retrieve the certificate in test-mode with -pickup-id xxx -key-password xxx -format jks 36 Then it should fail with "JKS format requires certificate, private key, and chain to be written to a single file; specify using --file" 37 When I renew the certificate in TPP with flags -id xxx -no-prompt -format jks 38 Then it should fail with "JKS format requires certificate, private key, and chain to be written to a single file; specify using --file" 39 40 @FAKE 41 Scenario: where JKS format is specified, but a short password is used 42 When I enroll random certificate in test-mode with -no-prompt -format jks -key-password 1234 -jks-password 123456 -file all.jks 43 Then it should fail with "JKS format requires passwords that are at least 6 characters long" 44 When I enroll random certificate in test-mode with -no-prompt -format jks -key-password 123456 -jks-password 1234 -file all.jks 45 Then it should fail with "JKS format requires passwords that are at least 6 characters long" 46 When I enroll random certificate in test-mode with -no-prompt -format jks -key-password 1234 -jks-password 1234 -file all.jks 47 Then it should fail with "JKS format requires passwords that are at least 6 characters long" 48 49 @FAKE 50 Scenario: where JKS format is specified and a password is used but the jks alias is not provided 51 When I enroll random certificate in test-mode with -no-prompt -format jks -key-password 123456 -file all.jks 52 Then it should fail with "The --jks-alias parameter is required with --format jks" 53 54 @FAKE 55 Scenario: where JKS format is specified but a password is not provided 56 When I enroll random certificate in test-mode with -no-prompt -format jks -file all.jks -jks-alias alias 57 Then it should fail with "JKS format requires passwords that are at least 6 characters long" 58 59 @FAKE 60 Scenario: where JKS format is specified but a key-password is not provided 61 When I enroll random certificate in test-mode with -no-prompt -format jks -file all.jks -jks-password 123456 -jks-alias alias 62 Then it should fail with "JKS format requires passwords that are at least 6 characters long" 63 64 @FAKE 65 Scenario: where JKS format is not specified but the jks password is provided 66 When I enroll random certificate in test-mode with -no-prompt -format pkcs12 -jks-password 123456 -file all.jks 67 Then it should fail with "The --jks-password parameter may only be used with --format jks" 68 69 @FAKE 70 Scenario: where JKS format is not specified but the jks alias is provided 71 When I enroll random certificate in test-mode with -no-prompt -format pkcs12 -jks-alias alias -file all.jks 72 Then it should fail with "The --jks-alias parameter may only be used with --format jks" 73 74 @FAKE 75 Scenario: where all objects are written to one JKS archive 76 When I enroll random certificate in test-mode with -no-prompt -format jks -file all.jks -key-password 123456 -jks-password 123456 -jks-alias abc 77 Then the exit status should be 0 78 And "all.jks" should be jks archive with password "123456" 79 80 @FAKE 81 Scenario: where all objects are written to one JKS archive 82 When I enroll random certificate in test-mode with -no-prompt -format jks -file all.jks -key-password 123456 -jks-password 123456 -jks-alias abc -key-type ecdsa 83 Then the exit status should be 0 84 And "all.jks" should be jks archive with password "123456" 85 86 Scenario Outline: where all objects are written to one JKS archive with key-password and providing the jks-password 87 When I enroll random certificate in <endpoint> with -format jks -file all.jks -key-password 123abc -jks-password 123456 -jks-alias abc 88 Then the exit status should be 0 89 And "all.jks" should be jks archive with password "123456" 90 91 @FAKE 92 Examples: 93 | endpoint | 94 | test-mode | 95 96 @TPP 97 Examples: 98 | endpoint | 99 | TPP | 100 101 @VAAS 102 Examples: 103 | endpoint | 104 | Cloud | 105 106 Scenario Outline: where all objects are written to one JKS archive with key-password and providing the jks-password and the key-type is ecdsa 107 When I enroll random certificate in <endpoint> with -format jks -file all.jks -key-password 123abc -jks-password 123456 -jks-alias abc key-type ecdsa 108 Then the exit status should be 0 109 And "all.jks" should be jks archive with password "123456" 110 111 @FAKE 112 Examples: 113 | endpoint | 114 | test-mode | 115 116 @TPP 117 Examples: 118 | endpoint | 119 | TPP | 120 121 @VAAS 122 Examples: 123 | endpoint | 124 | Cloud | 125 126 127 Scenario Outline: where it outputs error when trying to pickup local-generated certificate and output it in JKS format 128 When I enroll random certificate using <endpoint> with -no-prompt -no-pickup 129 And I retrieve the certificate using <endpoint> using the same Pickup ID with -timeout 180 -no-prompt -file all.jks -format jks 130 And it should fail with "key password must be provided" 131 132 @FAKE 133 Examples: 134 | endpoint | 135 | test-mode | 136 137 @TPP 138 Examples: 139 | endpoint | 140 | TPP | 141 142 @VAAS 143 Examples: 144 | endpoint | 145 | Cloud | 146 147 Scenario Outline: where it outputs error when trying to enroll certificate in -csr file: mode and output it in JKS format 148 Given I generate random CSR with -no-prompt -csr-file csr.pem -key-file k.pem 149 When I enroll certificate using <endpoint> with -no-prompt -csr file:csr.pem -file all.jks -format jks 150 And it should fail with "The --csr \"file\" option may not be used with the enroll or renew actions when --format is \"jks\"" 151 152 @FAKE 153 Examples: 154 | endpoint | 155 | test-mode | 156 157 @TPP 158 Examples: 159 | endpoint | 160 | TPP | 161 162 @VAAS 163 Examples: 164 | endpoint | 165 | Cloud | 166 167 Scenario Outline: where it outputs error when trying to enroll certificate in -csr local (by default), -no-pickup and output it in JKS format 168 When I enroll random certificate using <endpoint> with -no-prompt -file all.jks -format jks -no-pickup 169 And it should fail with "The --csr \"local\" option may not be used with the enroll or renew actions when --format is \"jks\" and --no-pickup is specified" 170 171 @FAKE 172 Examples: 173 | endpoint | 174 | test-mode | 175 176 @TPP 177 Examples: 178 | endpoint | 179 | TPP | 180 181 @VAAS 182 Examples: 183 | endpoint | 184 | Cloud | 185 186 Scenario Outline: where it outputs error when trying to enroll certificate in -csr local (specified), -no-pickup and output it in JKS format 187 When I enroll random certificate using <endpoint> with -no-prompt -file all.jks -format jks -no-pickup -csr local 188 And it should fail with "The --csr \"local\" option may not be used with the enroll or renew actions when --format is \"jks\" and --no-pickup is specified" 189 190 @FAKE 191 Examples: 192 | endpoint | 193 | test-mode | 194 195 @TPP 196 Examples: 197 | endpoint | 198 | TPP | 199 200 @VAAS 201 Examples: 202 | endpoint | 203 | Cloud | 204 205 Scenario Outline: where it pickups up service-generated certificate and outputs it in JKS format 206 When I enroll random certificate using <endpoint> with -no-prompt -no-pickup -csr service 207 And I retrieve the certificate using <endpoint> using the same Pickup ID and using a dummy password with -timeout 180 -file all.jks -format jks -jks-alias abc 208 # And "all.jks" should be JKS archive with password "dummy password" # currently, we don't have JKS steps 209 210 @FAKE 211 Examples: 212 | endpoint | 213 | test-mode | 214 215 @TPP 216 Examples: 217 | endpoint | 218 | TPP | 219 220 # TODO: Now VaaS supports CSR, but we need to verify this behavior for this test 221 # @VAAS 222 # Examples: 223 # | endpoint | 224 # | Cloud | # -csr service is not supported by Cloud 225