Path: blob/master/test/jdk/sun/security/tools/jarsigner/RemoveDifferentKeyAlgBlockFile.java
41152 views
/*1* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import java.nio.file.Path;24import java.util.jar.JarFile;25import java.util.jar.Manifest;26import java.util.jar.Attributes.Name;27import jdk.test.lib.util.JarUtils;28import jdk.test.lib.SecurityTools;29import org.testng.annotations.Test;30import org.testng.annotations.BeforeClass;3132/**33* @test34* @bug 821737535* @library /test/lib36* @run testng RemoveDifferentKeyAlgBlockFile37* @summary Checks that if a signed jar file is signed again with the same38* signer name and a different algorithm that the signature block file for39* the previous signature is removed. Example: the jar had META-INF/A.SF and40* META-INF/A.RSA files and is now signed with DSA. So it should contain41* an updated META-INF/A.SF and META-INF/A.DSA and the META-INF/A.RSA should42* be removed because not valid any longer.43*/44public class RemoveDifferentKeyAlgBlockFile {4546static final String KEYSTORE_FILENAME = "test.jks";4748@BeforeClass49public void prepareCertificates() throws Exception {50SecurityTools.keytool("-genkeypair -keyalg RSA -keystore "51+ KEYSTORE_FILENAME + " -storepass changeit -keypass changeit"52+ " -alias RSA -dname CN=RSA").shouldHaveExitValue(0);53SecurityTools.keytool("-genkeypair -keyalg DSA -keystore "54+ KEYSTORE_FILENAME + " -storepass changeit -keypass changeit"55+ " -alias DSA -dname CN=DSA").shouldHaveExitValue(0);56}5758@Test59public void testOtherAlgSigBlockFileRemoved() throws Exception {60String jarFilename = "test.jar";61JarUtils.createJarFile(Path.of(jarFilename), (Manifest) null,62Path.of("."));63SecurityTools.jarsigner("-keystore " + KEYSTORE_FILENAME +64" -storepass changeit -verbose -debug -sigfile A " +65jarFilename + " RSA").shouldHaveExitValue(0);6667// change the jar file to invalidate the first signature with RSA68String jarFilenameModified = "modified.jar";69try (JarFile jar = new JarFile(jarFilename)) {70Manifest manifest = jar.getManifest();71manifest.getMainAttributes().put(72new Name("Some-Key"), "Some-Value");73JarUtils.updateManifest(jarFilename, jarFilenameModified, manifest);74}7576SecurityTools.jarsigner("-keystore " + KEYSTORE_FILENAME +77" -storepass changeit -verbose -debug -sigfile A " +78jarFilenameModified + " DSA").shouldHaveExitValue(0);79SecurityTools.jarsigner("-verify -keystore " + KEYSTORE_FILENAME +80" -storepass changeit -debug -verbose " + jarFilenameModified)81.shouldHaveExitValue(0);82}8384}858687