CoCalc -- RestrictedAlgo.java

GitHub Repository: PojavLauncherTeam/mobile
Path: blob/master/test/jdk/sun/security/tools/jarsigner/RestrictedAlgo.java
⁴¹¹⁵² views
1
/*
2
 * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
import java.util.ArrayList;
25
import java.util.Arrays;
26
import java.util.List;
27
import java.io.File;
28
import java.nio.file.Files;
29
import java.nio.file.Path;
30
import java.nio.file.Paths;
31
import jdk.test.lib.SecurityTools;
32
import jdk.test.lib.util.JarUtils;
33
import jdk.test.lib.process.OutputAnalyzer;
34

35
/**
36
 * @test
37
 * @bug 8248745
38
 * @summary Test key generation and jar signing with disabled algorithms and
39
 *          key sizes, with and without entries in jdk.jar.disabledAlgorithms,
40
 *          jdk.certpath.disabledAlgorithms
41
 * @library /test/lib
42
 * @run main/othervm RestrictedAlgo RESTRICT
43
 * @run main/othervm RestrictedAlgo NO_RESTRICT
44
 */
45

46
public class RestrictedAlgo {
47

48
    private static final String KEYSTORE = "keystore.jks";
49
    private static final String PASSWORD = "password";
50
    private static final String SIGNED_JARFILE = "signed.jar";
51
    private static final String UNSIGNED_JARFILE = "unsigned.jar";
52
    private static final String SECURITY_FILE = "java.security";
53
    private static final String NO_RESTRICT = "-J-Djava.security.properties="
54
            + SECURITY_FILE;
55
    private static final String FIRST_FILE = "first.txt";
56
    private static final String WARNING = "Warning:";
57
    private static final String SECURITY_WARNING =
58
            ".* is considered a security risk and is disabled.";
59

60
    private static String algoStatus;
61

62
    public static void main(String[] args) throws Exception {
63

64
        algoStatus = args[0];
65
        // create a jar file that contains one file
66
        JarUtils.createJarFile(Path.of(UNSIGNED_JARFILE), Path.of("."),
67
                new File(FIRST_FILE).exists() ? Paths.get(FIRST_FILE)
68
                        : Files.createFile(Paths.get(FIRST_FILE)));
69
        if (!isAlgoRestricted()) {
70
            // An alternative security properties
71
            Files.writeString(Files.createFile(Paths.get(SECURITY_FILE)),
72
                        "jdk.certpath.disabledAlgorithms=\n"
73
                        + "jdk.jar.disabledAlgorithms=\n"
74
                        + "jdk.security.legacyAlgorithms=");
75
        }
76

77
        System.out.println("\nTesting sigalg MD2\n");
78
        test("RSA", "MD2withRSA", "SigAlgMD2", "SHA256", true);
79

80
        System.out.println("\nTesting sigalg MD5\n");
81
        test("RSA", "MD5withRSA", "SigAlgMD5", "SHA256", true);
82

83
        System.out.println("\nTesting digestalg MD2\n");
84
        test("RSA", "SHA256withRSA", "DigestAlgMD2", "MD2", false);
85

86
        System.out.println("\nTesting digestalg MD5\n");
87
        test("RSA", "SHA256withRSA", "DigestAlgMD5", "MD5", false);
88

89
        System.out.println("\nTesting RSA Keysize: RSA keySize < 1024\n");
90
        test("RSA", "SHA256withRSA", "KeySizeRSA", "SHA256", true,
91
                "-keysize", "512");
92

93
        System.out.println("\nTesting DSA Keysize: DSA keySize < 1024\n");
94
        test("DSA", "SHA256withDSA", "KeySizeDSA", "SHA256", true,
95
                "-keysize", "512");
96
    }
97

98
    private static void test(String keyAlg, String sigAlg, String aliasPrefix,
99
            String digestAlg, boolean isKeyToolVerify,
100
            String... addKeyToolArgs) throws Exception  {
101

102
        String alias = aliasPrefix + "_" + algoStatus;
103
        testKeytool(keyAlg, sigAlg, alias, isKeyToolVerify, addKeyToolArgs);
104
        testJarSignerSigning(sigAlg, alias, digestAlg);
105
        testJarSignerVerification();
106
    }
107

108
    private static void testKeytool(String keyAlg, String sigAlg, String alias,
109
            boolean isKeyToolVerify, String... additionalCmdArgs)
110
                    throws Exception {
111

112
        System.out.println("Testing Keytool\n");
113
        List<String> cmd = prepareCommand(
114
                "-genkeypair",
115
                "-keystore", KEYSTORE,
116
                "-storepass", PASSWORD,
117
                "-dname", "CN=Test",
118
                "-ext", "bc:c",
119
                "-keyalg", keyAlg,
120
                "-sigalg", sigAlg,
121
                "-alias", alias);
122
        for (String additionalCMDArg : additionalCmdArgs) {
123
            cmd.add(additionalCMDArg);
124
        }
125

126
        OutputAnalyzer analyzer = SecurityTools.keytool(cmd)
127
                .shouldHaveExitValue(0);
128
        if (isKeyToolVerify) {
129
            verifyAnalyzer(analyzer);
130
        }
131
    }
132

133
    private static void testJarSignerSigning(String sigAlg, String alias,
134
            String digestAlg) throws Exception  {
135

136
        System.out.println("\nTesting JarSigner Signing\n");
137
        List<String> cmd = prepareCommand(
138
                "-keystore", KEYSTORE,
139
                "-storepass", PASSWORD,
140
                "-sigalg", sigAlg,
141
                "-digestalg", digestAlg,
142
                "-signedjar", SIGNED_JARFILE,
143
                UNSIGNED_JARFILE,
144
                alias);
145

146
        OutputAnalyzer analyzer = SecurityTools.jarsigner(cmd)
147
                .shouldHaveExitValue(0);
148

149
        verifyAnalyzer(analyzer);
150
    }
151

152
    private static void testJarSignerVerification()
153
            throws Exception  {
154

155
        System.out.println("\nTesting JarSigner Verification\n");
156
        List<String> cmd = prepareCommand(
157
                "-verify",
158
                SIGNED_JARFILE);
159

160
        OutputAnalyzer analyzer = SecurityTools.jarsigner(cmd)
161
                .shouldHaveExitValue(0);
162

163
        if (isAlgoRestricted()) {
164
            analyzer.shouldContain("The jar will be treated as unsigned,"
165
                    + " because it is signed with a weak algorithm that "
166
                    + "is now disabled.");
167
        } else {
168
            analyzer.shouldContain("jar verified.");
169
        }
170
    }
171

172
    private static List<String> prepareCommand(String... options) {
173
        List<String> cmd = new ArrayList<>();
174
        cmd.addAll(Arrays.asList(options));
175
        if (!isAlgoRestricted()) {
176
            cmd.add(NO_RESTRICT);
177
        }
178
        return cmd;
179
    }
180

181
    private static void verifyAnalyzer(OutputAnalyzer analyzer) {
182
        if (isAlgoRestricted()) {
183
            analyzer.shouldContain(WARNING)
184
                    .shouldMatch(SECURITY_WARNING);
185
        } else {
186
            analyzer.shouldNotMatch(SECURITY_WARNING);
187
        }
188
    }
189

190
    private static boolean isAlgoRestricted() {
191
        return ("RESTRICT".equals(algoStatus)) ? true : false;
192
    }
193
}
194

195
Product

Resources

Company
