1 /*
   2  * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import jdk.test.lib.process.OutputAnalyzer;
  25 import jdk.test.lib.util.JarUtils;
  26 
  27 /**
  28  * @test
  29  * @bug 8024302 8026037
  30  * @summary Test for aliasNotInStore warning
  31  * @library /test/lib ../
  32  * @build jdk.test.lib.util.JarUtils
  33  * @run main AliasNotInStoreTest
  34  */
  35 public class AliasNotInStoreTest extends Test {
  36 
  37     /**
  38      * The test signs and verifies a jar that contains signed entries
  39      * that are not signed by any alias in keystore (aliasNotInStore).
  40      * Warning message is expected.
  41      */
  42     public static void main(String[] args) throws Throwable {
  43         AliasNotInStoreTest test = new AliasNotInStoreTest();
  44         test.start();
  45     }
  46 
  47     private void start() throws Throwable {
  48         Utils.createFiles(FIRST_FILE, SECOND_FILE);
  49         System.out.println(String.format("Create a %s that contains %s",
  50                 new Object[]{UNSIGNED_JARFILE, FIRST_FILE}));
  51         JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
  52 
  53         // create first key pair for signing
  54         createAlias(FIRST_KEY_ALIAS);
  55         createAlias(SECOND_KEY_ALIAS);
  56 
  57         // sign jar with first key
  58         OutputAnalyzer analyzer = jarsigner(
  59                 "-keystore", KEYSTORE,
  60                 "-storepass", PASSWORD,
  61                 "-keypass", PASSWORD,
  62                 "-signedjar", SIGNED_JARFILE,
  63                 UNSIGNED_JARFILE,
  64                 FIRST_KEY_ALIAS);
  65 
  66         checkSigning(analyzer);
  67 
  68         System.out.println(String.format("Copy %s to %s, and add %s",
  69                 new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE,
  70                     SECOND_FILE}));
  71 
  72         JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE);
  73 
  74         // sign jar with second key
  75         analyzer = jarsigner(
  76                 "-keystore", KEYSTORE,
  77                 "-storepass", PASSWORD,
  78                 "-keypass", PASSWORD,
  79                 UPDATED_SIGNED_JARFILE,
  80                 SECOND_KEY_ALIAS);
  81 
  82         checkSigning(analyzer);
  83 
  84         // create keystore that contains only first key
  85         keytool(
  86                 "-importkeystore",
  87                 "-srckeystore", KEYSTORE,
  88                 "-srcalias", FIRST_KEY_ALIAS,
  89                 "-srcstorepass", PASSWORD,
  90                 "-srckeypass", PASSWORD,
  91                 "-destkeystore", FIRST_KEY_KEYSTORE,
  92                 "-destalias", FIRST_KEY_ALIAS,
  93                 "-deststorepass", PASSWORD,
  94                 "-destkeypass", PASSWORD).shouldHaveExitValue(0);
  95 
  96         // verify jar with keystore that contains only first key,
  97         // so there is signed entry (FirstClass.class) that is not signed
  98         // by any alias in the keystore
  99         analyzer = jarsigner(
 100                 "-verify",
 101                 "-verbose",
 102                 "-keystore", FIRST_KEY_KEYSTORE,
 103                 "-storepass", PASSWORD,
 104                 "-keypass", PASSWORD,
 105                 UPDATED_SIGNED_JARFILE);
 106 
 107         checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
 108                 ALIAS_NOT_IN_STORE_VERIFYING_WARNING);
 109 
 110         // verify jar with keystore that contains only first key in strict mode
 111         analyzer = jarsigner(
 112                 "-verify",
 113                 "-verbose",
 114                 "-strict",
 115                 "-keystore", FIRST_KEY_KEYSTORE,
 116                 "-storepass", PASSWORD,
 117                 "-keypass", PASSWORD,
 118                 UPDATED_SIGNED_JARFILE);
 119 
 120         int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE
 121                 + CHAIN_NOT_VALIDATED_EXIT_CODE;
 122         checkVerifying(analyzer, expectedExitCode,
 123                 CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
 124                 ALIAS_NOT_IN_STORE_VERIFYING_WARNING);
 125 
 126         System.out.println("Test passed");
 127     }
 128 
 129 }