1 /* 2 * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import jdk.testlibrary.OutputAnalyzer; 25 import jdk.testlibrary.JarUtils; 26 27 /** 28 * @test 29 * @bug 8024302 8026037 8176320 30 * @summary The test signs and verifies a jar file with -tsacert option 31 * @library /lib/testlibrary warnings 32 * @library /test/lib 33 * @modules java.base/sun.security.pkcs 34 * java.base/sun.security.timestamp 35 * java.base/sun.security.tools.keytool 36 * java.base/sun.security.util 37 * java.base/sun.security.x509 38 * java.management 39 * @run main TsacertOptionTest 40 */ 41 public class TsacertOptionTest extends Test { 42 43 private static final String FILENAME = TsacertOptionTest.class.getName() 44 + ".txt"; 45 private static final String SIGNING_KEY_ALIAS = "sign_alias"; 46 private static final String TSA_KEY_ALIAS = "ts"; 47 48 private static final String PASSWORD = "changeit"; 49 50 /** 51 * The test signs and verifies a jar file with -tsacert option, 52 * and checks that no warning was shown. 53 * A certificate that is addressed in -tsacert option contains URL to TSA 54 * in Subject Information Access extension. 55 */ 56 public static void main(String[] args) throws Throwable { 57 TsacertOptionTest test = new TsacertOptionTest(); 58 test.start(); 59 } 60 61 void start() throws Throwable { 62 // create a jar file that contains one file 63 Utils.createFiles(FILENAME); 64 JarUtils.createJar(UNSIGNED_JARFILE, FILENAME); 65 66 // create key pair for jar signing 67 keytool( 68 "-genkey", 69 "-alias", CA_KEY_ALIAS, 70 "-keyalg", KEY_ALG, 71 "-keysize", Integer.toString(KEY_SIZE), 72 "-keystore", KEYSTORE, 73 "-storepass", PASSWORD, 74 "-keypass", PASSWORD, 75 "-dname", "CN=CA", 76 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); 77 keytool( 78 "-genkey", 79 "-alias", SIGNING_KEY_ALIAS, 80 "-keyalg", KEY_ALG, 81 "-keysize", Integer.toString(KEY_SIZE), 82 "-keystore", KEYSTORE, 83 "-storepass", PASSWORD, 84 "-keypass", PASSWORD, 85 "-dname", "CN=Test").shouldHaveExitValue(0); 86 keytool( 87 "-certreq", 88 "-alias", SIGNING_KEY_ALIAS, 89 "-keystore", KEYSTORE, 90 "-storepass", PASSWORD, 91 "-keypass", PASSWORD, 92 "-file", "certreq").shouldHaveExitValue(0); 93 keytool( 94 "-gencert", 95 "-alias", CA_KEY_ALIAS, 96 "-keystore", KEYSTORE, 97 "-storepass", PASSWORD, 98 "-keypass", PASSWORD, 99 "-validity", Integer.toString(VALIDITY), 100 "-infile", "certreq", 101 "-outfile", "cert").shouldHaveExitValue(0); 102 keytool( 103 "-importcert", 104 "-alias", SIGNING_KEY_ALIAS, 105 "-keystore", KEYSTORE, 106 "-storepass", PASSWORD, 107 "-keypass", PASSWORD, 108 "-file", "cert").shouldHaveExitValue(0); 109 110 111 try (TimestampCheck.Handler tsa = TimestampCheck.Handler.init(0, 112 KEYSTORE)) { 113 114 // look for free network port for TSA service 115 int port = tsa.getPort(); 116 String host = "127.0.0.1"; 117 String tsaUrl = "http://" + host + ":" + port; 118 119 // create key pair for TSA service 120 // SubjectInfoAccess extension contains URL to TSA service 121 keytool( 122 "-genkey", 123 "-v", 124 "-alias", TSA_KEY_ALIAS, 125 "-keyalg", KEY_ALG, 126 "-keysize", Integer.toString(KEY_SIZE), 127 "-keystore", KEYSTORE, 128 "-storepass", PASSWORD, 129 "-keypass", PASSWORD, 130 "-dname", "CN=TSA", 131 "-ext", "ExtendedkeyUsage:critical=timeStamping", 132 "-ext", "SubjectInfoAccess=timeStamping:URI:" + tsaUrl, 133 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); 134 135 // start TSA 136 tsa.start(); 137 138 // sign jar file 139 // specify -tsadigestalg option because 140 // TSA server uses SHA-1 digest algorithm 141 OutputAnalyzer analyzer = jarsigner( 142 "-J-Dhttp.proxyHost=", 143 "-J-Dhttp.proxyPort=", 144 "-J-Djava.net.useSystemProxies=", 145 "-verbose", 146 "-keystore", KEYSTORE, 147 "-storepass", PASSWORD, 148 "-keypass", PASSWORD, 149 "-signedjar", SIGNED_JARFILE, 150 "-tsacert", TSA_KEY_ALIAS, 151 "-tsadigestalg", "SHA-1", 152 UNSIGNED_JARFILE, 153 SIGNING_KEY_ALIAS); 154 155 analyzer.shouldHaveExitValue(0); 156 analyzer.stdoutShouldNotContain(WARNING); 157 analyzer.shouldContain(JAR_SIGNED); 158 159 // verify signed jar 160 analyzer = jarsigner( 161 "-verbose", 162 "-verify", 163 "-keystore", KEYSTORE, 164 "-storepass", PASSWORD, 165 SIGNED_JARFILE); 166 167 analyzer.shouldHaveExitValue(0); 168 analyzer.stdoutShouldNotContain(WARNING); 169 analyzer.shouldContain(JAR_VERIFIED); 170 } 171 172 System.out.println("Test passed"); 173 } 174 175 }