rev 17251 : 8180888: move jdk.testlibrary.JarUtils to the top level testlibrary
Reviewed-by: duke

   1 /*
   2  * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import java.io.File;
  25 import jdk.testlibrary.OutputAnalyzer;
  26 import jdk.testlibrary.ProcessTools;
  27 import jdk.test.lib.util.JarUtils;
  28 
  29 /**
  30  * @test
  31  * @bug 8024302 8026037
  32  * @summary Test for chainNotValidated warning
  33  * @library /lib/testlibrary /test/lib ../
  34  * @run main ChainNotValidatedTest
  35  */
  36 public class ChainNotValidatedTest extends Test {
  37 
  38     private static final String CHAIN = "chain";
  39 
  40     /**
  41      * The test signs and verifies a jar that contains entries
  42      * whose cert chain can't be correctly validated (chainNotValidated).
  43      * Warning message is expected.
  44      */
  45     public static void main(String[] args) throws Throwable {
  46         ChainNotValidatedTest test = new ChainNotValidatedTest();
  47         test.start();
  48     }
  49 
  50     private void start() throws Throwable {
  51         // create a jar file that contains one class file
  52         Utils.createFiles(FIRST_FILE);
  53         JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
  54 
  55         // create self-signed certificate whose BasicConstraints extension
  56         // is set to false, so the certificate may not be used
  57         // as a parent certificate (certpath validation should fail)
  58         keytool(
  59                 "-genkeypair",
  60                 "-alias", CA_KEY_ALIAS,
  61                 "-keyalg", KEY_ALG,
  62                 "-keysize", Integer.toString(KEY_SIZE),
  63                 "-keystore", KEYSTORE,
  64                 "-storepass", PASSWORD,
  65                 "-keypass", PASSWORD,
  66                 "-dname", "CN=CA",
  67                 "-ext", "BasicConstraints:critical=ca:false",
  68                 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
  69 
  70         // create a certificate that is signed by self-signed certificate
  71         // despite of it may not be used as a parent certificate
  72         // (certpath validation should fail)
  73         keytool(
  74                 "-genkeypair",
  75                 "-alias", KEY_ALIAS,
  76                 "-keyalg", KEY_ALG,
  77                 "-keysize", Integer.toString(KEY_SIZE),
  78                 "-keystore", KEYSTORE,
  79                 "-storepass", PASSWORD,
  80                 "-keypass", PASSWORD,
  81                 "-dname", "CN=Test",
  82                 "-ext", "BasicConstraints:critical=ca:false",
  83                 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
  84 
  85         keytool(
  86                 "-certreq",
  87                 "-alias", KEY_ALIAS,
  88                 "-keystore", KEYSTORE,
  89                 "-storepass", PASSWORD,
  90                 "-keypass", PASSWORD,
  91                 "-file", CERT_REQUEST_FILENAME).shouldHaveExitValue(0);
  92 
  93         keytool(
  94                 "-gencert",
  95                 "-alias", CA_KEY_ALIAS,
  96                 "-keystore", KEYSTORE,
  97                 "-storepass", PASSWORD,
  98                 "-keypass", PASSWORD,
  99                 "-infile", CERT_REQUEST_FILENAME,
 100                 "-validity", Integer.toString(VALIDITY),
 101                 "-outfile", CERT_FILENAME).shouldHaveExitValue(0);
 102 
 103         keytool(
 104                 "-importcert",
 105                 "-alias", KEY_ALIAS,
 106                 "-keystore", KEYSTORE,
 107                 "-storepass", PASSWORD,
 108                 "-keypass", PASSWORD,
 109                 "-file", CERT_FILENAME).shouldHaveExitValue(0);
 110 
 111         ProcessBuilder pb = new ProcessBuilder(KEYTOOL,
 112                 "-export",
 113                 "-rfc",
 114                 "-alias", KEY_ALIAS,
 115                 "-keystore", KEYSTORE,
 116                 "-storepass", PASSWORD,
 117                 "-keypass", PASSWORD);
 118         pb.redirectOutput(ProcessBuilder.Redirect.appendTo(new File(CHAIN)));
 119         ProcessTools.executeCommand(pb).shouldHaveExitValue(0);
 120 
 121         pb = new ProcessBuilder(KEYTOOL,
 122                 "-export",
 123                 "-rfc",
 124                 "-alias", CA_KEY_ALIAS,
 125                 "-keystore", KEYSTORE,
 126                 "-storepass", PASSWORD,
 127                 "-keypass", PASSWORD);
 128         pb.redirectOutput(ProcessBuilder.Redirect.appendTo(new File(CHAIN)));
 129         ProcessTools.executeCommand(pb).shouldHaveExitValue(0);
 130 
 131         // remove CA certificate
 132         keytool(
 133                 "-delete",
 134                 "-alias", CA_KEY_ALIAS,
 135                 "-keystore", KEYSTORE,
 136                 "-storepass", PASSWORD,
 137                 "-keypass", PASSWORD).shouldHaveExitValue(0);
 138 
 139         // sign jar
 140         OutputAnalyzer analyzer = jarsigner(
 141                 "-keystore", KEYSTORE,
 142                 "-storepass", PASSWORD,
 143                 "-keypass", PASSWORD,
 144                 "-certchain", CHAIN,
 145                 "-signedjar", SIGNED_JARFILE,
 146                 UNSIGNED_JARFILE,
 147                 KEY_ALIAS);
 148 
 149         checkSigning(analyzer, CHAIN_NOT_VALIDATED_SIGNING_WARNING);
 150 
 151         // verify signed jar
 152         analyzer = jarsigner(
 153                 "-verify",
 154                 "-verbose",
 155                 "-keystore", KEYSTORE,
 156                 "-storepass", PASSWORD,
 157                 "-keypass", PASSWORD,
 158                 "-certchain", CHAIN,
 159                 SIGNED_JARFILE);
 160 
 161         checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
 162 
 163         // verify signed jar in strict mode
 164         analyzer = jarsigner(
 165                 "-verify",
 166                 "-verbose",
 167                 "-strict",
 168                 "-keystore", KEYSTORE,
 169                 "-storepass", PASSWORD,
 170                 "-keypass", PASSWORD,
 171                 "-certchain", CHAIN,
 172                 SIGNED_JARFILE);
 173 
 174         checkVerifying(analyzer, CHAIN_NOT_VALIDATED_EXIT_CODE,
 175                 CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
 176 
 177         System.out.println("Test passed");
 178     }
 179 
 180 }
--- EOF ---