rev 17251 : 8180888: move jdk.testlibrary.JarUtils to the top level testlibrary
Reviewed-by: duke

   1 /*
   2  * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import jdk.testlibrary.OutputAnalyzer;
  25 import jdk.test.lib.util.JarUtils;
  26 
  27 /**
  28  * @test
  29  * @bug 8024302 8026037 8176320
  30  * @summary The test signs and verifies a jar file with -tsacert option
  31  * @library /lib/testlibrary warnings
  32  * @library /test/lib
  33  * @modules java.base/sun.security.pkcs
  34  *          java.base/sun.security.timestamp
  35  *          java.base/sun.security.tools.keytool
  36  *          java.base/sun.security.util
  37  *          java.base/sun.security.x509
  38  *          java.management
  39  * @run main TsacertOptionTest
  40  */
  41 public class TsacertOptionTest extends Test {
  42 
  43     private static final String FILENAME = TsacertOptionTest.class.getName()
  44             + ".txt";
  45     private static final String SIGNING_KEY_ALIAS = "sign_alias";
  46     private static final String TSA_KEY_ALIAS = "ts";
  47 
  48     private static final String PASSWORD = "changeit";
  49 
  50     /**
  51      * The test signs and verifies a jar file with -tsacert option,
  52      * and checks that no warning was shown.
  53      * A certificate that is addressed in -tsacert option contains URL to TSA
  54      * in Subject Information Access extension.
  55      */
  56     public static void main(String[] args) throws Throwable {
  57         TsacertOptionTest test = new TsacertOptionTest();
  58         test.start();
  59     }
  60 
  61     void start() throws Throwable {
  62         // create a jar file that contains one file
  63         Utils.createFiles(FILENAME);
  64         JarUtils.createJar(UNSIGNED_JARFILE, FILENAME);
  65 
  66         // create key pair for jar signing
  67         keytool(
  68                 "-genkey",
  69                 "-alias", CA_KEY_ALIAS,
  70                 "-keyalg", KEY_ALG,
  71                 "-keysize", Integer.toString(KEY_SIZE),
  72                 "-keystore", KEYSTORE,
  73                 "-storepass", PASSWORD,
  74                 "-keypass", PASSWORD,
  75                 "-dname", "CN=CA",
  76                 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
  77         keytool(
  78                 "-genkey",
  79                 "-alias", SIGNING_KEY_ALIAS,
  80                 "-keyalg", KEY_ALG,
  81                 "-keysize", Integer.toString(KEY_SIZE),
  82                 "-keystore", KEYSTORE,
  83                 "-storepass", PASSWORD,
  84                 "-keypass", PASSWORD,
  85                 "-dname", "CN=Test").shouldHaveExitValue(0);
  86         keytool(
  87                 "-certreq",
  88                 "-alias", SIGNING_KEY_ALIAS,
  89                 "-keystore", KEYSTORE,
  90                 "-storepass", PASSWORD,
  91                 "-keypass", PASSWORD,
  92                 "-file", "certreq").shouldHaveExitValue(0);
  93         keytool(
  94                 "-gencert",
  95                 "-alias", CA_KEY_ALIAS,
  96                 "-keystore", KEYSTORE,
  97                 "-storepass", PASSWORD,
  98                 "-keypass", PASSWORD,
  99                 "-validity", Integer.toString(VALIDITY),
 100                 "-infile", "certreq",
 101                 "-outfile", "cert").shouldHaveExitValue(0);
 102         keytool(
 103                 "-importcert",
 104                 "-alias", SIGNING_KEY_ALIAS,
 105                 "-keystore", KEYSTORE,
 106                 "-storepass", PASSWORD,
 107                 "-keypass", PASSWORD,
 108                 "-file", "cert").shouldHaveExitValue(0);
 109 
 110 
 111         try (TimestampCheck.Handler tsa = TimestampCheck.Handler.init(0,
 112                 KEYSTORE)) {
 113 
 114             // look for free network port for TSA service
 115             int port = tsa.getPort();
 116             String host = "127.0.0.1";
 117             String tsaUrl = "http://" + host + ":" + port;
 118 
 119             // create key pair for TSA service
 120             // SubjectInfoAccess extension contains URL to TSA service
 121             keytool(
 122                     "-genkey",
 123                     "-v",
 124                     "-alias", TSA_KEY_ALIAS,
 125                     "-keyalg", KEY_ALG,
 126                     "-keysize", Integer.toString(KEY_SIZE),
 127                     "-keystore", KEYSTORE,
 128                     "-storepass", PASSWORD,
 129                     "-keypass", PASSWORD,
 130                     "-dname", "CN=TSA",
 131                     "-ext", "ExtendedkeyUsage:critical=timeStamping",
 132                     "-ext", "SubjectInfoAccess=timeStamping:URI:" + tsaUrl,
 133                     "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
 134 
 135             // start TSA
 136             tsa.start();
 137 
 138             // sign jar file
 139             // specify -tsadigestalg option because
 140             // TSA server uses SHA-1 digest algorithm
 141              OutputAnalyzer analyzer = jarsigner(
 142                     "-J-Dhttp.proxyHost=",
 143                     "-J-Dhttp.proxyPort=",
 144                     "-J-Djava.net.useSystemProxies=",
 145                     "-verbose",
 146                     "-keystore", KEYSTORE,
 147                     "-storepass", PASSWORD,
 148                     "-keypass", PASSWORD,
 149                     "-signedjar", SIGNED_JARFILE,
 150                     "-tsacert", TSA_KEY_ALIAS,
 151                     "-tsadigestalg", "SHA-1",
 152                     UNSIGNED_JARFILE,
 153                     SIGNING_KEY_ALIAS);
 154 
 155             analyzer.shouldHaveExitValue(0);
 156             analyzer.stdoutShouldNotContain(WARNING);
 157             analyzer.shouldContain(JAR_SIGNED);
 158 
 159             // verify signed jar
 160             analyzer = jarsigner(
 161                     "-verbose",
 162                     "-verify",
 163                     "-keystore", KEYSTORE,
 164                     "-storepass", PASSWORD,
 165                     SIGNED_JARFILE);
 166 
 167             analyzer.shouldHaveExitValue(0);
 168             analyzer.stdoutShouldNotContain(WARNING);
 169             analyzer.shouldContain(JAR_VERIFIED);
 170         }
 171 
 172         System.out.println("Test passed");
 173     }
 174 
 175 }
--- EOF ---