Path: blob/master/test/jdk/sun/security/tools/jarsigner/JavaKeyStoreAliasCaseInsensitive.java
41152 views
/*1* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 822171926* @library /test/lib27* @run testng JavaKeyStoreAliasCaseInsensitive28* @summary Checks that jarsigner verifies a signed jar with the same alias as29* was specified for signing, particularly regarding upper and lower case and30* its conversion to lower case by JKS31* ({@link sun.security.provider.JavaKeyStore.JKS#convertAlias(String)}).32*/3334import java.nio.file.Files;35import java.nio.file.Paths;36import jdk.test.lib.util.JarUtils;37import jdk.test.lib.SecurityTools;38import org.testng.annotations.Test;3940public class JavaKeyStoreAliasCaseInsensitive {4142/**43* Alias for certificates in the keystore with letters in different44* (upper and lower) cases.45*/46static final String ALIAS = "AlIaS";4748@Test49public void testAliasCase() throws Exception {50final String KEYSTORE_OPTIONS = "-storetype JKS -keystore "51+ "test-alias-case.jks -storepass changeit";52SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair -keyalg DSA"53+ " -keypass changeit -alias " + ALIAS + " -dname CN=" + ALIAS)54.shouldHaveExitValue(0);55String jarFilename = "test-alias-case.jar";56JarUtils.createJarFile(Paths.get(jarFilename), Paths.get("."),57Files.write(Paths.get("aFile"), new byte[1]));5859SecurityTools.jarsigner(KEYSTORE_OPTIONS + " -verbose -debug " +60jarFilename + " " + ALIAS).shouldHaveExitValue(0);6162SecurityTools.jarsigner("-verify -strict " + KEYSTORE_OPTIONS +63" -debug -verbose " + jarFilename + " " + ALIAS)64.shouldHaveExitValue(0)65.shouldNotContain(66"This jar contains signed entries which are not "67+ "signed by the specified alias(es).");68}6970/**71* This test essentially covers compatibility with the previous version of72* {@link sun.security.tools.jarsigner.Main#inKeyStoreForOneSigner} in case73* a certificate and alias entry is already in74* {@link sun.security.tools.jarsigner.Main#storeHash} when75* {@link sun.security.tools.jarsigner.Main#inKeyStoreForOneSigner} is76* invoked from a previous invocation of it.77* It passed with the previous {@code jarsigner} version with a lowercase78* alias {@link #ALIAS} and basically covers the duplicated portions of79* code in {@link sun.security.tools.jarsigner.Main#inKeyStoreForOneSigner}80* near {@code IN_KEYSTORE} and {@code SIGNED_BY_ALIAS} before having81* refactored and re-unified them in order to demonstrate identical82* behavior.83*/84@Test85public void testAliasCaseStoreHash() throws Exception {86// Create a keystore with a certificate associated with ALIAS + "2"87// signed by another certificate associated with ALIAS + "1".88final String KEYSTORE_OPTIONS = "-storetype JKS -keystore"89+ " test-alias-storeHash-case.jks -storepass changeit";90SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair -keyalg DSA"91+ " -keypass changeit -alias " + ALIAS + "1 -dname CN=" +92ALIAS + "1" + " -ext bc:c").shouldHaveExitValue(0);93SecurityTools.keytool(KEYSTORE_OPTIONS + " -genkeypair -keyalg DSA"94+ " -keypass changeit -alias " + ALIAS + "2 -dname CN="95+ ALIAS + "2").shouldHaveExitValue(0);96String certReq = SecurityTools.keytool(KEYSTORE_OPTIONS +97" -certreq -keypass changeit -alias " + ALIAS + "2")98.shouldHaveExitValue(0).getStdout();99SecurityTools.setResponse(certReq);100String cert = SecurityTools.keytool(KEYSTORE_OPTIONS +101" -gencert -rfc -keypass changeit -alias " + ALIAS + "1")102.shouldHaveExitValue(0).getOutput();103SecurityTools.setResponse(cert);104SecurityTools.keytool(KEYSTORE_OPTIONS +105" -importcert -keypass changeit -alias " + ALIAS + "2")106.shouldHaveExitValue(0);107108// Create a jar file signed by ALIAS + "2" and then add another file to109// that same jar and sign it by ALIAS + "1", ALIAS + "1" being an alias110// for a certificate which is part of the certificate chain of ALIAS +111// "2" but not the certificate ALIAS + "2" points to directly.112String jarFilename = "test-alias-storeHash-case.jar";113JarUtils.createJarFile(Paths.get(jarFilename), Paths.get("."));114SecurityTools.jarsigner(KEYSTORE_OPTIONS + " -verbose -debug " +115jarFilename + " " + ALIAS + "2").shouldHaveExitValue(0);116JarUtils.updateJarFile(Paths.get(jarFilename), Paths.get("."),117Files.write(Paths.get("added-file"), new byte[1]));118SecurityTools.jarsigner(KEYSTORE_OPTIONS + " -verbose -debug " +119jarFilename + " " + ALIAS + "1").shouldHaveExitValue(0);120121// The later added file "added-file" is signed by the certificate122// associated with alias ALIAS + "1" directly while the other jarfile123// contents is signed by a certificate associated with alias ALIAS + "2"124// which includes the certificate associated with alias ALIAS + "1" in125// its certification path.126SecurityTools.jarsigner("-verify -strict " + KEYSTORE_OPTIONS +127" -debug -verbose " + jarFilename + " " + ALIAS + "1")128.shouldHaveExitValue(0)129.shouldNotContain(130"This jar contains signed entries which are not "131+ "signed by the specified alias(es).");132}133134}135136137