Path: blob/master/test/jdk/sun/security/tools/jarsigner/EmptyIndividualSectionName.java
41152 views
/*1* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import java.io.ByteArrayInputStream;24import java.lang.reflect.Method;25import java.nio.file.Path;26import java.util.jar.JarFile;27import java.util.jar.Manifest;28import java.util.jar.Attributes;29import java.util.jar.Attributes.Name;3031import jdk.test.lib.util.JarUtils;32import jdk.test.lib.SecurityTools;33import org.testng.annotations.Test;34import org.testng.annotations.BeforeClass;3536import static org.testng.Assert.*;3738/**39* @test40* @bug 821737541* @library /test/lib42* @modules java.base/java.util.jar:+open43* @run testng/othervm EmptyIndividualSectionName44* @summary Check that an individual section with an empty name is digested45* and signed.46* <p>47* See also48* jdk/test/jdk/sun/security/util/ManifestDigester/FindSections.java49* for much more detailed api level tests50*/51public class EmptyIndividualSectionName {5253static final String KEYSTORE_FILENAME = "test.jks";5455@BeforeClass56public void prepareCertificate() throws Exception {57SecurityTools.keytool("-genkeypair -keyalg EC -keystore "58+ KEYSTORE_FILENAME + " -storepass changeit -keypass changeit "59+ "-alias a -dname CN=X").shouldHaveExitValue(0);60}6162/**63* Adds an additional section with name {@code sectionName} to the manifest64* of a JAR before signing it with {@code signOpts}.65* @return signature file {@code META-INF/A.SF} for further assertions66*/67Manifest test(String sectionName, String signOpts) throws Exception {68Manifest mf = new Manifest();69mf.getMainAttributes().put(Name.MANIFEST_VERSION, "1.0");70mf.getEntries().put(sectionName, new Attributes());71String jarFilename = "test" + sectionName +72(signOpts != null ? signOpts : "") + ".jar";73JarUtils.createJarFile(Path.of(jarFilename), mf, Path.of("."));74SecurityTools.jarsigner("-keystore " + KEYSTORE_FILENAME +75" -storepass changeit -verbose -debug " +76(signOpts != null ? signOpts + " " : "") + jarFilename + " a")77.shouldHaveExitValue(0);78SecurityTools.jarsigner("-verify -keystore " + KEYSTORE_FILENAME +79" -storepass changeit -debug -verbose " + jarFilename + " a")80.shouldHaveExitValue(0);8182byte[] mfBytes = Utils.readJarManifestBytes(jarFilename);83Utils.echoManifest(mfBytes, "manifest");84mf = new Manifest(new ByteArrayInputStream(mfBytes));85assertNotNull(mf.getAttributes(sectionName));86byte[] sfBytes = Utils.readJarEntryBytes(jarFilename, "META-INF/A.SF");87Utils.echoManifest(sfBytes, "signature file META-INF/A.SF");88return new Manifest(new ByteArrayInputStream(sfBytes));89}9091/**92* Verifies that it makes a difference if the name is empty or not93* by running the same test as {@link #testNameEmpty} with only a different94* section name.95*/96@Test97public void testNameNotEmpty() throws Exception {98String sectionName = "X";99assertNotNull(test(sectionName, null).getAttributes(sectionName));100}101102/**103* Verifies that individual sections are digested and signed also if the104* name of such a section is empty.105* An empty name of an individual section cannot be tested by adding a file106* with an empty name to a JAR because such a file name is invalid and107* cannot be used to add a file because it cannot be created or added to108* the JAR file in the first place. However, an individual section with an109* empty name can be added to the manifest.110* Expected is a corresponding digest in the signature file which was not111* present or produced before resolution of bug 8217375.112*/113@Test114public void testNameEmpty() throws Exception {115String sectionName = "";116assertNotNull(test(sectionName, null).getAttributes(sectionName));117}118119/**120* Similar to {@link #testNameEmpty} but tries to show a real difference121* rather than just some internals in a {@code .SF} file, but TODO122*/123@Test(enabled = false, description = "TODO")124public void testNameEmptyTrusted() throws Exception {125String sectionName = "";126test(sectionName, "-sectionsonly");127String jarFilename = "test" + sectionName + "-sectionsonly.jar";128try (JarFile jar = new JarFile(jarFilename, true)) {129Manifest m = jar.getManifest();130Method getTrustedAttributes = m.getClass()131.getDeclaredMethod("getTrustedAttributes", String.class);132getTrustedAttributes.setAccessible(true);133assertThrows(SecurityException.class, () ->134getTrustedAttributes.invoke(m, sectionName));135}136}137138}139140141