1 /*
   2  * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import jdk.testlibrary.OutputAnalyzer;
  25 import jdk.testlibrary.JarUtils;
  26 
  27 /**
  28  * @test
  29  * @bug 8024302 8026037
  30  * @summary Test for badExtendedKeyUsage warning
  31  * @library /lib/testlibrary ../
  32  * @run main BadExtendedKeyUsageTest
  33  */
  34 public class BadExtendedKeyUsageTest extends Test {
  35 
  36     /**
  37      * The test signs and verifies a jar that contains entries
  38      * whose signer certificate's ExtendedKeyUsage extension
  39      * doesn't allow code signing (badExtendedKeyUsage).
  40      * Warning message is expected.
  41      */
  42     public static void main(String[] args) throws Throwable {
  43         BadExtendedKeyUsageTest test = new BadExtendedKeyUsageTest();
  44         test.start();
  45     }
  46 
  47     private void start() throws Throwable {
  48         // create a jar file that contains one class file
  49         Utils.createFiles(FIRST_FILE);
  50         JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
  51 
  52         // create a certificate whose signer certificate's
  53         // ExtendedKeyUsage extension doesn't allow code signing
  54         keytool(
  55                 "-genkey",
  56                 "-alias", KEY_ALIAS,
  57                 "-keyalg", KEY_ALG,
  58                 "-keysize", Integer.toString(KEY_SIZE),
  59                 "-keystore", KEYSTORE,
  60                 "-storepass", PASSWORD,
  61                 "-keypass", PASSWORD,
  62                 "-dname", "CN=Test",
  63                 "-ext", "ExtendedkeyUsage=serverAuth",
  64                 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
  65 
  66         // sign jar
  67         OutputAnalyzer analyzer = jarsigner(
  68                 "-verbose",
  69                 "-keystore", KEYSTORE,
  70                 "-storepass", PASSWORD,
  71                 "-keypass", PASSWORD,
  72                 "-signedjar", SIGNED_JARFILE,
  73                 UNSIGNED_JARFILE,
  74                 KEY_ALIAS);
  75 
  76         checkSigning(analyzer, BAD_EXTENDED_KEY_USAGE_SIGNING_WARNING);
  77 
  78         // verify signed jar
  79         analyzer = jarsigner(
  80                 "-verify",
  81                 "-verbose",
  82                 "-keystore", KEYSTORE,
  83                 "-storepass", PASSWORD,
  84                 "-keypass", PASSWORD,
  85                 SIGNED_JARFILE);
  86 
  87         checkVerifying(analyzer, 0, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING);
  88 
  89         // verity signed jar in strict mode
  90         analyzer = jarsigner(
  91                 "-verify",
  92                 "-verbose",
  93                 "-strict",
  94                 "-keystore", KEYSTORE,
  95                 "-storepass", PASSWORD,
  96                 "-keypass", PASSWORD,
  97                 SIGNED_JARFILE);
  98 
  99         checkVerifying(analyzer, BAD_EXTENDED_KEY_USAGE_EXIT_CODE,
 100                 BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING);
 101 
 102         System.out.println("Test passed");
 103     }
 104 
 105 }