1 #! /bin/sh
   2 
   3 # Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
   4 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   5 #
   6 # This code is free software; you can redistribute it and/or modify it
   7 # under the terms of the GNU General Public License version 2 only, as
   8 # published by the Free Software Foundation.
   9 #
  10 # This code is distributed in the hope that it will be useful, but WITHOUT
  11 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  12 # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13 # version 2 for more details (a copy is included in the LICENSE file that
  14 # accompanied this code).
  15 #
  16 # You should have received a copy of the GNU General Public License version
  17 # 2 along with this work; if not, write to the Free Software Foundation,
  18 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  19 #
  20 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  21 # or visit www.oracle.com if you need additional information or have any
  22 # questions.
  23 
  24 # @test
  25 # @summary run a signed module with a SecurityManager and check that permission
  26 #    is granted by the policy file
  27 
  28 set -e
  29 
  30 SRC=${TESTSRC:-.}
  31 BIN=${TESTJAVA:-../../../../../build}/bin
  32 VMOPTS="${TESTVMOPTS} -esa -ea"
  33 
  34 mk() {
  35   d=`dirname $1`
  36   if [ ! -d $d ]; then mkdir -p $d; fi
  37   cat - >$1
  38 }
  39 
  40 rm -rf z.src keystore.jks
  41 
  42 # Create the keystore file and import the root CA cert
  43 $BIN/keytool -import -keystore keystore.jks -file ${TESTSRC}/ca-cert.pem \
  44              -noprompt -storepass test123 -alias ca
  45 
  46 # Import the signer's private key and cert
  47 $BIN/javac -source 8 -d . ${TESTSRC}/ImportPrivateKey.java
  48 $BIN/java ${VMOPTS} -Dtest.src=${TESTSRC} ImportPrivateKey signer signer-prikey.pem \
  49           RSA signer-cert.pem
  50 
  51 mk z.src/test.security/module-info.java <<EOF
  52 module test.security @ 0.1 {
  53     class test.security.GetProperty;
  54 }
  55 EOF
  56 
  57 mk z.src/test.security/test/security/GetProperty.java <<EOF
  58 package test.security;
  59 import java.io.File;
  60 import java.security.Policy;
  61 import java.security.URIParameter;
  62 public class GetProperty {
  63     public static void main(String[] args) throws Exception {
  64         URIParameter up = new URIParameter(new File(args[0]).toURI());
  65         Policy p = Policy.getInstance("JavaPolicy", up);
  66         Policy.setPolicy(p);
  67         System.setSecurityManager(new SecurityManager());
  68         System.getProperty("user.home");
  69     }
  70 }
  71 EOF
  72 
  73 mk ToURL.java <<EOF
  74 public class ToURL {
  75     public static void main(String[] args) throws Exception {
  76         System.out.print((new java.io.File(args[0])).toURI());
  77     }
  78 }
  79 EOF
  80 
  81 $BIN/javac -source 8 -d . ToURL.java
  82 KEYSTOREPASSWORDURL=`$BIN/java ToURL "${SRC}/keystore.pw"`
  83 
  84 mk signed-module.policy <<EOF
  85 keystore "keystore.jks";
  86 keystorePasswordURL "${KEYSTOREPASSWORDURL}";
  87 grant signedBy "signer" {
  88     permission java.util.PropertyPermission "user.home", "read";
  89 };
  90 grant signedBy "expired-signer" {
  91     permission java.util.PropertyPermission "user.home", "read";
  92 };
  93 EOF
  94 
  95 rm -rf z.modules && mkdir z.modules
  96 $BIN/javac -source 8 -d z.modules -modulepath z.modules `find z.src -name '*.java'`
  97 
  98 rm -f test.security@0.1.jmod
  99 # Create and sign module file
 100 $BIN/jpkg ${TESTTOOLVMOPTS} -v -L z.lib -m z.modules/test.security jmod test.security
 101 $BIN/jsign ${TESTTOOLVMOPTS} -v --keystore keystore.jks \
 102     -signedmodulefile signedmodulefile \
 103     test.security@0.1.jmod signer < ${SRC}/keystore.pw
 104 # Install and run the signed module
 105 rm -rf z.lib
 106 $BIN/jmod ${TESTTOOLVMOPTS} -L z.lib create
 107 $BIN/jmod ${TESTTOOLVMOPTS} \
 108     -J-Dorg.openjdk.system.security.cacerts=keystore.jks \
 109     -L z.lib install signedmodulefile
 110 $BIN/java ${VMOPTS} -L z.lib -m test.security signed-module.policy
 111 
 112 ## create OS/ARCH specific library and jmods
 113 rm -f test.security@0.1.jmod
 114 # Create and sign module file
 115 $BIN/jpkg ${TESTTOOLVMOPTS} -v -L z.lib -m z.modules/test.security \
 116           -os MYos -arch MYarch jmod test.security
 117 $BIN/jsign ${TESTTOOLVMOPTS} -v --keystore keystore.jks \
 118            -signedmodulefile signedmodulefile \
 119            test.security@0.1.jmod signer < ${SRC}/keystore.pw
 120 # Install and run the signed module
 121 rm -rf z.lib
 122 $BIN/jmod ${TESTTOOLVMOPTS} -L z.lib create -os MYos -arch MYarch
 123 $BIN/jmod ${TESTTOOLVMOPTS} -L z.lib install \
 124           -J-Dorg.openjdk.system.security.cacerts=keystore.jks \
 125            signedmodulefile
 126 $BIN/java ${VMOPTS} -L z.lib -m test.security signed-module.policy
--- EOF ---