1 #! /bin/sh
2
3 # Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
4 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5 #
6 # This code is free software; you can redistribute it and/or modify it
7 # under the terms of the GNU General Public License version 2 only, as
8 # published by the Free Software Foundation. Oracle designates this
9 # particular file as subject to the "Classpath" exception as provided
10 # by Oracle in the LICENSE file that accompanied this code.
11 #
12 # This code is distributed in the hope that it will be useful, but WITHOUT
13 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 # version 2 for more details (a copy is included in the LICENSE file that
16 # accompanied this code).
17 #
18 # You should have received a copy of the GNU General Public License version
19 # 2 along with this work; if not, write to the Free Software Foundation,
20 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
21 #
22 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
23 # or visit www.oracle.com if you need additional information or have any
24 # questions.
25
26 # @test
27 # @summary install and run a signed modular jar with a SecurityManager and
28 # check that permission is granted by the policy file
29
30 set -e
31
32 SRC=${TESTSRC:-.}
33 BIN=${TESTJAVA:-../../../../../build}/bin
34
35 mk() {
36 d=`dirname $1`
37 if [ ! -d $d ]; then mkdir -p $d; fi
38 cat - >$1
39 }
40
41 rm -rf z.* keystore.jks
42
43 # Create the keystore file and import the root CA cert
44 $BIN/keytool -import -keystore keystore.jks -file ${TESTSRC}/ca-cert.pem \
45 -noprompt -storepass test123 -alias ca
46
47 # Import the signer's private key and cert
48 $BIN/javac -source 8 -d . ${TESTSRC}/ImportPrivateKey.java
49 $BIN/java -Dtest.src=${TESTSRC} ImportPrivateKey signer signer-prikey.pem \
50 RSA signer-cert.pem
51
52 mk z.src/test.security/module-info.java <<EOF
53 module test.security @ 0.1 {
54 class test.security.GetProperty;
55 }
56 EOF
57
58 mk z.src/test.security/test/security/GetProperty.java <<EOF
59 package test.security;
60 import java.io.File;
61 import java.security.Policy;
62 import java.security.URIParameter;
63 public class GetProperty {
64 public static void main(String[] args) throws Exception {
65 URIParameter up = new URIParameter(new File(args[0]).toURI());
66 Policy p = Policy.getInstance("JavaPolicy", up);
67 Policy.setPolicy(p);
68 System.setSecurityManager(new SecurityManager());
69 System.out.println(System.getProperty("user.home"));
70 }
71 }
72 EOF
73
74 mk signed-module.policy <<EOF
75 keystore "keystore.jks";
76 keystorePasswordURL "${SRC}/keystore.pw";
77 grant signedBy "signer" {
78 permission java.util.PropertyPermission "user.home", "read";
79 };
80 grant signedBy "expired-signer" {
81 permission java.util.PropertyPermission "user.home", "read";
82 };
83 EOF
84
85 mkdir z.modules z.jarfiles
86 $BIN/javac -d z.modules -modulepath z.modules `find z.src -name '*.java'`
87
88 $BIN/jar cf z.jarfiles/GetProperty.jar -C z.modules/test.security .
89 $BIN/jarsigner -keystore keystore.jks z.jarfiles/GetProperty.jar signer < ${SRC}/keystore.pw
90
91 # Install and run the signed jar
92 $BIN/jmod -L z.lib create
93 $BIN/jmod -J-Dorg.openjdk.system.security.cacerts=keystore.jks \
94 -L z.lib install z.jarfiles/GetProperty.jar
95 $BIN/java -L z.lib -m test.security signed-module.policy