1 #! /bin/sh 2 3 # Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved. 4 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 5 # 6 # This code is free software; you can redistribute it and/or modify it 7 # under the terms of the GNU General Public License version 2 only, as 8 # published by the Free Software Foundation. 9 # 10 # This code is distributed in the hope that it will be useful, but WITHOUT 11 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13 # version 2 for more details (a copy is included in the LICENSE file that 14 # accompanied this code). 15 # 16 # You should have received a copy of the GNU General Public License version 17 # 2 along with this work; if not, write to the Free Software Foundation, 18 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 # 20 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 21 # or visit www.oracle.com if you need additional information or have any 22 # questions. 23 24 # @test 25 # @summary run a signed module with a SecurityManager and check that permission 26 # is granted by the policy file 27 28 set -e 29 30 SRC=${TESTSRC:-.} 31 BIN=${TESTJAVA:-../../../../../build}/bin 32 VMOPTS="${TESTVMOPTS} -esa -ea" 33 34 mk() { 35 d=`dirname $1` 36 if [ ! -d $d ]; then mkdir -p $d; fi 37 cat - >$1 38 } 39 40 rm -rf z.src keystore.jks 41 42 # Create the keystore file and import the root CA cert 43 $BIN/keytool -import -keystore keystore.jks -file ${TESTSRC}/ca-cert.pem \ 44 -noprompt -storepass test123 -alias ca 45 46 # Import the signer's private key and cert 47 $BIN/javac -source 8 -d . ${TESTSRC}/ImportPrivateKey.java 48 $BIN/java ${VMOPTS} -Dtest.src=${TESTSRC} ImportPrivateKey signer signer-prikey.pem \ 49 RSA signer-cert.pem 50 51 mk z.src/test.security/module-info.java <<EOF 52 module test.security @ 0.1 { 53 class test.security.GetProperty; 54 } 55 EOF 56 57 mk z.src/test.security/test/security/GetProperty.java <<EOF 58 package test.security; 59 import java.io.File; 60 import java.security.Policy; 61 import java.security.URIParameter; 62 public class GetProperty { 63 public static void main(String[] args) throws Exception { 64 URIParameter up = new URIParameter(new File(args[0]).toURI()); 65 Policy p = Policy.getInstance("JavaPolicy", up); 66 Policy.setPolicy(p); 67 System.setSecurityManager(new SecurityManager()); 68 System.getProperty("user.home"); 69 } 70 } 71 EOF 72 73 mk ToURL.java <<EOF 74 public class ToURL { 75 public static void main(String[] args) throws Exception { 76 System.out.print((new java.io.File(args[0])).toURI()); 77 } 78 } 79 EOF 80 81 $BIN/javac -source 8 -d . ToURL.java 82 KEYSTOREPASSWORDURL=`$BIN/java ToURL "${SRC}/keystore.pw"` 83 84 mk signed-module.policy <<EOF 85 keystore "keystore.jks"; 86 keystorePasswordURL "${KEYSTOREPASSWORDURL}"; 87 grant signedBy "signer" { 88 permission java.util.PropertyPermission "user.home", "read"; 89 }; 90 grant signedBy "expired-signer" { 91 permission java.util.PropertyPermission "user.home", "read"; 92 }; 93 EOF 94 95 rm -rf z.modules && mkdir z.modules 96 $BIN/javac -source 8 -d z.modules -modulepath z.modules `find z.src -name '*.java'` 97 98 rm -f test.security@0.1.jmod 99 # Create and sign module file 100 $BIN/jpkg ${TESTTOOLVMOPTS} -v -L z.lib -m z.modules/test.security jmod test.security 101 $BIN/jsign ${TESTTOOLVMOPTS} -v --keystore keystore.jks \ 102 -signedmodulefile signedmodulefile \ 103 test.security@0.1.jmod signer < ${SRC}/keystore.pw 104 # Install and run the signed module 105 rm -rf z.lib 106 $BIN/jmod ${TESTTOOLVMOPTS} -L z.lib create 107 $BIN/jmod ${TESTTOOLVMOPTS} \ 108 -J-Dorg.openjdk.system.security.cacerts=keystore.jks \ 109 -L z.lib install signedmodulefile 110 $BIN/java ${VMOPTS} -L z.lib -m test.security signed-module.policy