1 /*
   2  * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 8132734
  27  * @summary Test potential security related issues
  28  * @library /lib/testlibrary/java/util/jar
  29  * @build Compiler JarBuilder CreateMultiReleaseTestJars
  30  * @run testng MultiReleaseJarSecurity
  31  */
  32 
  33 import java.io.File;
  34 import java.io.IOException;
  35 import java.io.InputStream;
  36 import java.nio.file.Files;
  37 import java.security.CodeSigner;
  38 import java.security.cert.Certificate;
  39 import java.util.Arrays;
  40 import java.util.jar.JarEntry;
  41 import java.util.jar.JarFile;
  42 import java.util.zip.ZipFile;
  43 
  44 import org.testng.Assert;
  45 import org.testng.annotations.AfterClass;
  46 import org.testng.annotations.BeforeClass;
  47 import org.testng.annotations.Test;
  48 
  49 public class MultiReleaseJarSecurity {
  50     String userdir = System.getProperty("user.dir",".");
  51     File multirelease = new File(userdir, "multi-release.jar");
  52     File signedmultirelease = new File(userdir, "signed-multi-release.jar");
  53 
  54     @BeforeClass
  55     public void initialize() throws Exception {
  56         CreateMultiReleaseTestJars creator =  new CreateMultiReleaseTestJars();
  57         creator.compileEntries();
  58         creator.buildMultiReleaseJar();
  59         creator.buildSignedMultiReleaseJar();
  60     }
  61 
  62     @AfterClass
  63     public void close() throws IOException {
  64         Files.delete(multirelease.toPath());
  65         Files.delete(signedmultirelease.toPath());
  66     }
  67 
  68     @Test
  69     public void testCertsAndSigners() throws IOException {
  70         try (JarFile jf = new JarFile(signedmultirelease, true, ZipFile.OPEN_READ, JarFile.Release.RUNTIME)) {
  71             int version = sun.misc.Version.jdkMajorVersion();  // fixme JEP 223 Version
  72             CertsAndSigners vcas = new CertsAndSigners(jf, jf.getJarEntry("version/Version.class"));
  73             CertsAndSigners rcas = new CertsAndSigners(jf, jf.getJarEntry("META-INF/versions/" + version + "/version/Version.class"));
  74             Assert.assertTrue(Arrays.equals(rcas.getCertificates(), vcas.getCertificates()));
  75             Assert.assertTrue(Arrays.equals(rcas.getCodeSigners(), vcas.getCodeSigners()));
  76         }
  77     }
  78 
  79     private static class CertsAndSigners {
  80         final private JarFile jf;
  81         final private JarEntry je;
  82         private boolean readComplete;
  83 
  84         CertsAndSigners(JarFile jf, JarEntry je) {
  85             this.jf = jf;
  86             this.je = je;
  87         }
  88 
  89         Certificate[] getCertificates() throws IOException {
  90             readEntry();
  91             return je.getCertificates();
  92         }
  93 
  94         CodeSigner[] getCodeSigners() throws IOException {
  95             readEntry();
  96             return je.getCodeSigners();
  97         }
  98 
  99         private void readEntry() throws IOException {
 100             if (!readComplete) {
 101                 try (InputStream is = jf.getInputStream(je)) {
 102                     is.readAllBytes();
 103                 }
 104                 readComplete = true;
 105             }
 106         }
 107     }
 108 }