1 /* 2 * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import jdk.testlibrary.OutputAnalyzer; 25 import jdk.testlibrary.JarUtils; 26 27 /** 28 * @test 29 * @bug 8024302 8026037 30 * @summary Test for aliasNotInStore warning 31 * @library /lib/testlibrary ../ 32 * @run main AliasNotInStoreTest 33 */ 34 public class AliasNotInStoreTest extends Test { 35 36 /** 37 * The test signs and verifies a jar that contains signed entries 38 * that are not signed by any alias in keystore (aliasNotInStore). 39 * Warning message is expected. 40 */ 41 public static void main(String[] args) throws Throwable { 42 AliasNotInStoreTest test = new AliasNotInStoreTest(); 43 test.start(); 44 } 45 46 private void start() throws Throwable { 47 Utils.createFiles(FIRST_FILE, SECOND_FILE); 48 System.out.println(String.format("Create a %s that contains %s", 49 new Object[]{UNSIGNED_JARFILE, FIRST_FILE})); 50 JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); 51 52 // create first key pair for signing 53 keytool( 54 "-genkey", 55 "-alias", FIRST_KEY_ALIAS, 56 "-keyalg", KEY_ALG, 57 "-keysize", Integer.toString(KEY_SIZE), 58 "-keystore", BOTH_KEYS_KEYSTORE, 59 "-storepass", PASSWORD, 60 "-keypass", PASSWORD, 61 "-dname", "CN=First", 62 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); 63 64 // create second key pair for signing 65 keytool( 66 "-genkey", 67 "-alias", SECOND_KEY_ALIAS, 68 "-keyalg", KEY_ALG, 69 "-keysize", Integer.toString(KEY_SIZE), 70 "-keystore", BOTH_KEYS_KEYSTORE, 71 "-storepass", PASSWORD, 72 "-keypass", PASSWORD, 73 "-dname", "CN=Second", 74 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); 75 76 // sign jar with first key 77 OutputAnalyzer analyzer = jarsigner( 78 "-keystore", BOTH_KEYS_KEYSTORE, 79 "-storepass", PASSWORD, 80 "-keypass", PASSWORD, 81 "-signedjar", SIGNED_JARFILE, 82 UNSIGNED_JARFILE, 83 FIRST_KEY_ALIAS); 84 85 checkSigning(analyzer); 86 87 System.out.println(String.format("Copy %s to %s, and add %s", 88 new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, 89 SECOND_FILE})); 90 91 JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); 92 93 // sign jar with second key 94 analyzer = jarsigner( 95 "-keystore", BOTH_KEYS_KEYSTORE, 96 "-storepass", PASSWORD, 97 "-keypass", PASSWORD, 98 UPDATED_SIGNED_JARFILE, 99 SECOND_KEY_ALIAS); 100 101 checkSigning(analyzer); 102 103 // create keystore that contains only first key 104 keytool( 105 "-importkeystore", 106 "-srckeystore", BOTH_KEYS_KEYSTORE, 107 "-srcalias", FIRST_KEY_ALIAS, 108 "-srcstorepass", PASSWORD, 109 "-srckeypass", PASSWORD, 110 "-destkeystore", FIRST_KEY_KEYSTORE, 111 "-destalias", FIRST_KEY_ALIAS, 112 "-deststorepass", PASSWORD, 113 "-destkeypass", PASSWORD).shouldHaveExitValue(0); 114 115 // verify jar with keystore that contains only first key in strict mode, 116 // so there is signed entry (FirstClass.class) that is not signed 117 // by any alias in the keystore 118 analyzer = jarsigner( 119 "-verify", 120 "-verbose", 121 "-keystore", FIRST_KEY_KEYSTORE, 122 "-storepass", PASSWORD, 123 "-keypass", PASSWORD, 124 UPDATED_SIGNED_JARFILE); 125 126 checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING, 127 ALIAS_NOT_IN_STORE_VERIFYING_WARNING); 128 129 // verify jar with keystore that contains only first key in strict mode 130 analyzer = jarsigner( 131 "-verify", 132 "-verbose", 133 "-strict", 134 "-keystore", FIRST_KEY_KEYSTORE, 135 "-storepass", PASSWORD, 136 "-keypass", PASSWORD, 137 UPDATED_SIGNED_JARFILE); 138 139 int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE 140 + CHAIN_NOT_VALIDATED_EXIT_CODE; 141 checkVerifying(analyzer, expectedExitCode, 142 CHAIN_NOT_VALIDATED_VERIFYING_WARNING, 143 ALIAS_NOT_IN_STORE_VERIFYING_WARNING); 144 145 System.out.println("Test passed"); 146 } 147 148 }