Path: blob/master/test/jdk/sun/security/tools/jarsigner/Options.java
41152 views
/*1* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/**24* @test25* @bug 8056174 824226026* @summary Make sure the jarsigner tool still works after it's modified to27* be based on JarSigner API28* @library /test/lib29* @modules java.base/sun.security.pkcs30* java.base/sun.security.x50931*/3233import com.sun.jarsigner.ContentSigner;34import com.sun.jarsigner.ContentSignerParameters;35import jdk.test.lib.Asserts;36import jdk.test.lib.SecurityTools;37import jdk.test.lib.util.JarUtils;38import sun.security.pkcs.PKCS7;3940import java.io.ByteArrayInputStream;41import java.io.InputStream;42import java.nio.file.Files;43import java.nio.file.Path;44import java.util.*;45import java.util.jar.Attributes;46import java.util.jar.JarEntry;47import java.util.jar.JarFile;48import java.util.jar.Manifest;4950public class Options {5152public static void main(String[] args) throws Exception {5354// Help55boolean lastLineHasAltSigner = false;56for (String line : SecurityTools.jarsigner("--help").asLines()) {57if (line.contains("-altsigner")) {58lastLineHasAltSigner = true;59} else {60if (lastLineHasAltSigner) {61Asserts.assertTrue(line.contains("deprecated and will be removed"));62}63lastLineHasAltSigner = false;64}65}6667// Prepares raw file68Files.write(Path.of("a"), List.of("a"));6970// Pack71JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("a"));7273// Prepare a keystore74SecurityTools.keytool(75"-keystore jks -storepass changeit -keypass changeit -dname" +76" CN=A -alias a -genkeypair -keyalg rsa")77.shouldHaveExitValue(0);7879// -altsign80SecurityTools.jarsigner(81"-debug -signedjar altsign.jar -keystore jks -storepass changeit" +82" -altsigner Options$X" +83" -altsignerpath " + System.getProperty("test.classes") +84" a.jar a")85.shouldContain("removed in a future release: -altsigner")86.shouldContain("removed in a future release: -altsignerpath")87.shouldContain("PKCS7.parse"); // signature not parseable88// but signing succeeds8990try (JarFile jf = new JarFile("altsign.jar")) {91JarEntry je = jf.getJarEntry("META-INF/A.RSA");92try (InputStream is = jf.getInputStream(je)) {93if (!Arrays.equals(is.readAllBytes(), "1234".getBytes())) {94throw new Exception("altsign go wrong");95}96}97}9899// -altsign with no -altsignerpath100Files.copy(Path.of(System.getProperty("test.classes"), "Options$X.class"),101Path.of("Options$X.class"));102SecurityTools.jarsigner(103"-debug -signedjar altsign.jar -keystore jks -storepass changeit" +104" -altsigner Options$X" +105" a.jar a")106.shouldContain("removed in a future release: -altsigner")107.shouldNotContain("removed in a future release: -altsignerpath")108.shouldContain("PKCS7.parse"); // signature not parseable109// but signing succeeds110111// -sigfile, -digestalg, -sigalg, -internalsf, -sectionsonly112SecurityTools.jarsigner(113"-debug -signedjar new.jar -keystore jks -storepass changeit" +114" -sigfile olala -digestalg SHA1 -sigalg SHA224withRSA" +115" -internalsf -sectionsonly a.jar a")116.shouldHaveExitValue(0)117.shouldNotContain("Exception"); // a real success118119try (JarFile jf = new JarFile("new.jar")) {120JarEntry je = jf.getJarEntry("META-INF/OLALA.SF");121Objects.requireNonNull(je); // check -sigfile122byte[] sf = null; // content of .SF123try (InputStream is = jf.getInputStream(je)) {124sf = is.readAllBytes(); // save for later comparison125Attributes attrs = new Manifest(new ByteArrayInputStream(sf))126.getMainAttributes();127// check -digestalg128if (!attrs.containsKey(new Attributes.Name(129"SHA1-Digest-Manifest-Main-Attributes"))) {130throw new Exception("digestalg incorrect");131}132// check -sectionsonly133if (attrs.containsKey(new Attributes.Name(134"SHA1-Digest-Manifest"))) {135throw new Exception("SF should not have file digest");136}137}138139je = jf.getJarEntry("META-INF/OLALA.RSA");140try (InputStream is = jf.getInputStream(je)) {141PKCS7 p7 = new PKCS7(is.readAllBytes());142String alg = p7.getSignerInfos()[0]143.getDigestAlgorithmId().getName();144if (!alg.equals("SHA-224")) { // check -sigalg145throw new Exception("PKCS7 signing is using " + alg);146}147// check -internalsf148if (!Arrays.equals(sf, p7.getContentInfo().getData())) {149throw new Exception("SF not in RSA");150}151}152153}154155// TSA-related ones are checked in ts.sh156}157158public static class X extends ContentSigner {159@Override160public byte[] generateSignedData(ContentSignerParameters parameters,161boolean omitContent, boolean applyTimestamp) {162return "1234".getBytes();163}164}165}166167168