1 #! /bin/sh 2 3 # Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved. 4 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 5 # 6 # This code is free software; you can redistribute it and/or modify it 7 # under the terms of the GNU General Public License version 2 only, as 8 # published by the Free Software Foundation. Oracle designates this 9 # particular file as subject to the "Classpath" exception as provided 10 # by Oracle in the LICENSE file that accompanied this code. 11 # 12 # This code is distributed in the hope that it will be useful, but WITHOUT 13 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 15 # version 2 for more details (a copy is included in the LICENSE file that 16 # accompanied this code). 17 # 18 # You should have received a copy of the GNU General Public License version 19 # 2 along with this work; if not, write to the Free Software Foundation, 20 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 21 # 22 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 23 # or visit www.oracle.com if you need additional information or have any 24 # questions. 25 26 # @test 27 # @summary install and run a signed modular jar with a SecurityManager and 28 # check that permission is granted by the policy file 29 30 set -e 31 32 SRC=${TESTSRC:-.} 33 BIN=${TESTJAVA:-../../../../../build}/bin 34 35 mk() { 36 d=`dirname $1` 37 if [ ! -d $d ]; then mkdir -p $d; fi 38 cat - >$1 39 } 40 41 rm -rf z.* keystore.jks 42 43 # Create the keystore file and import the root CA cert 44 $BIN/keytool -import -keystore keystore.jks -file ${TESTSRC}/ca-cert.pem \ 45 -noprompt -storepass test123 -alias ca 46 47 # Import the signer's private key and cert 48 $BIN/javac -source 8 -d . ${TESTSRC}/ImportPrivateKey.java 49 $BIN/java -Dtest.src=${TESTSRC} ImportPrivateKey signer signer-prikey.pem \ 50 RSA signer-cert.pem 51 52 mk z.src/test.security/module-info.java <<EOF 53 module test.security @ 0.1 { 54 class test.security.GetProperty; 55 } 56 EOF 57 58 mk z.src/test.security/test/security/GetProperty.java <<EOF 59 package test.security; 60 import java.io.File; 61 import java.security.Policy; 62 import java.security.URIParameter; 63 public class GetProperty { 64 public static void main(String[] args) throws Exception { 65 URIParameter up = new URIParameter(new File(args[0]).toURI()); 66 Policy p = Policy.getInstance("JavaPolicy", up); 67 Policy.setPolicy(p); 68 System.setSecurityManager(new SecurityManager()); 69 System.out.println(System.getProperty("user.home")); 70 } 71 } 72 EOF 73 74 mk signed-module.policy <<EOF 75 keystore "keystore.jks"; 76 keystorePasswordURL "${SRC}/keystore.pw"; 77 grant signedBy "signer" { 78 permission java.util.PropertyPermission "user.home", "read"; 79 }; 80 grant signedBy "expired-signer" { 81 permission java.util.PropertyPermission "user.home", "read"; 82 }; 83 EOF 84 85 mkdir z.modules z.jarfiles 86 $BIN/javac -d z.modules -modulepath z.modules `find z.src -name '*.java'` 87 88 $BIN/jar cf z.jarfiles/GetProperty.jar -C z.modules/test.security . 89 $BIN/jarsigner -keystore keystore.jks z.jarfiles/GetProperty.jar signer < ${SRC}/keystore.pw 90 91 # Install and run the signed jar 92 $BIN/jmod -L z.lib create 93 $BIN/jmod -J-Dorg.openjdk.system.security.cacerts=keystore.jks \ 94 -L z.lib install z.jarfiles/GetProperty.jar 95 $BIN/java -L z.lib -m test.security signed-module.policy