1 /*
2 * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 import jdk.testlibrary.OutputAnalyzer;
25 import jdk.testlibrary.ProcessTools;
26 import jdk.testlibrary.JarUtils;
27
28 /**
29 * @test
30 * @bug 8024302 8026037
31 * @summary Test for aliasNotInStore warning
32 * @library /lib/testlibrary ../
33 * @run main AliasNotInStoreTest
34 */
35 public class AliasNotInStoreTest extends Test {
36
37 /**
38 * The test signs and verifies a jar that contains signed entries
39 * that are not signed by any alias in keystore (aliasNotInStore).
40 * Warning message is expected.
41 */
42 public static void main(String[] args) throws Throwable {
43 AliasNotInStoreTest test = new AliasNotInStoreTest();
44 test.start();
45 }
46
47 @Override
48 protected void cleanup() {
49 Utils.cleanup(SIGNED_JARFILE, UNSIGNED_JARFILE, BOTH_KEYS_KEYSTORE,
50 FIRST_KEY_KEYSTORE, FIRST_FILE, SECOND_FILE);
51 }
52
53 @Override
54 protected void doTest() throws Throwable {
55 Utils.createFiles(FIRST_FILE, SECOND_FILE);
56 System.out.println(String.format("Create a %s that contains %s",
57 new Object[]{UNSIGNED_JARFILE, FIRST_FILE}));
58 JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
59
60 // create first key pair for signing
61 ProcessTools.executeCommand(KEYTOOL,
62 "-genkey",
63 "-alias", FIRST_KEY_ALIAS,
64 "-keyalg", KEY_ALG,
65 "-keysize", Integer.toString(KEY_SIZE),
66 "-keystore", BOTH_KEYS_KEYSTORE,
67 "-storepass", PASSWORD,
68 "-keypass", PASSWORD,
69 "-dname", "CN=First",
70 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
71
72 // create second key pair for signing
73 ProcessTools.executeCommand(KEYTOOL,
74 "-genkey",
75 "-alias", SECOND_KEY_ALIAS,
76 "-keyalg", KEY_ALG,
77 "-keysize", Integer.toString(KEY_SIZE),
78 "-keystore", BOTH_KEYS_KEYSTORE,
79 "-storepass", PASSWORD,
80 "-keypass", PASSWORD,
81 "-dname", "CN=Second",
82 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
83
84 // sign jar with first key
85 OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
86 "-keystore", BOTH_KEYS_KEYSTORE,
87 "-storepass", PASSWORD,
88 "-keypass", PASSWORD,
89 "-signedjar", SIGNED_JARFILE,
90 UNSIGNED_JARFILE,
91 FIRST_KEY_ALIAS);
92
93 checkSigning(analyzer);
94
95 System.out.println(String.format("Copy %s to %s, and add %s",
96 new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE,
97 SECOND_FILE}));
98
99 JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE);
100
101 // sign jar with second key
102 analyzer = ProcessTools.executeCommand(JARSIGNER,
103 "-keystore", BOTH_KEYS_KEYSTORE,
104 "-storepass", PASSWORD,
105 "-keypass", PASSWORD,
106 UPDATED_SIGNED_JARFILE,
107 SECOND_KEY_ALIAS);
108
109 checkSigning(analyzer);
110
111 // create keystore that contains only first key
112 ProcessTools.executeCommand(KEYTOOL,
113 "-importkeystore",
114 "-srckeystore", BOTH_KEYS_KEYSTORE,
115 "-srcalias", FIRST_KEY_ALIAS,
116 "-srcstorepass", PASSWORD,
117 "-srckeypass", PASSWORD,
118 "-destkeystore", FIRST_KEY_KEYSTORE,
119 "-destalias", FIRST_KEY_ALIAS,
120 "-deststorepass", PASSWORD,
121 "-destkeypass", PASSWORD).shouldHaveExitValue(0);
122
123 // verify jar with keystore that contains only first key in strict mode,
124 // so there is signed entry (FirstClass.class) that is not signed
125 // by any alias in the keystore
126 analyzer = ProcessTools.executeCommand(JARSIGNER,
127 "-verify",
128 "-verbose",
129 "-keystore", FIRST_KEY_KEYSTORE,
130 "-storepass", PASSWORD,
131 "-keypass", PASSWORD,
132 UPDATED_SIGNED_JARFILE);
133
134 checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
135 ALIAS_NOT_IN_STORE_VERIFYING_WARNING);
136
137 // verify jar with keystore that contains only first key in strict mode
138 analyzer = ProcessTools.executeCommand(JARSIGNER,
139 "-verify",
140 "-verbose",
141 "-strict",
142 "-keystore", FIRST_KEY_KEYSTORE,
143 "-storepass", PASSWORD,
144 "-keypass", PASSWORD,
145 UPDATED_SIGNED_JARFILE);
146
147 int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE
148 + CHAIN_NOT_VALIDATED_EXIT_CODE;
149 checkVerifying(analyzer, expectedExitCode,
150 CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
151 ALIAS_NOT_IN_STORE_VERIFYING_WARNING);
152
153 System.out.println("Test passed");
154 }
155
156 }