New test/jdk/sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java

   1 /*
   2  * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import jdk.test.lib.process.OutputAnalyzer;
  25 import jdk.test.lib.util.JarUtils;
  26 
  27 /**
  28  * @test
  29  * @bug 8024302 8026037
  30  * @summary Test for badKeyUsage warning
  31  * @library /test/lib ../
  32  * @ignore until 8026393 is fixed
  33  * @build jdk.test.lib.util.JarUtils
  34  * @run main BadKeyUsageTest
  35  */
  36 public class BadKeyUsageTest extends Test {
  37 
  38     /**
  39      * The test signs and verifies a jar that contains entries
  40      * whose signer certificate's KeyUsage extension
  41      * doesn't allow code signing (badKeyUsage).
  42      * Warning message is expected.
  43      */
  44     public static void main(String[] args) throws Throwable {
  45         BadKeyUsageTest test = new BadKeyUsageTest();
  46         test.start();
  47     }
  48 
  49     private void start() throws Throwable {
  50         // create a jar file that contains one class file
  51         Utils.createFiles(FIRST_FILE);
  52         JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
  53 
  54         // create a certificate whose signer certificate's KeyUsage extension
  55         // doesn't allow code signing
  56         createAlias(CA_KEY_ALIAS);
  57         createAlias(KEY_ALIAS);
  58 
  59         issueCert(
  60                 KEY_ALIAS,
  61                 "-ext", "KeyUsage=keyAgreement",
  62                 "-validity", Integer.toString(VALIDITY));
  63 
  64         // sign jar
  65         OutputAnalyzer analyzer = jarsigner(
  66                 "-verbose",
  67                 "-keystore", KEYSTORE,
  68                 "-storepass", PASSWORD,
  69                 "-keypass", PASSWORD,
  70                 "-signedjar", SIGNED_JARFILE,
  71                 UNSIGNED_JARFILE,
  72                 KEY_ALIAS);
  73 
  74         checkSigning(analyzer, BAD_KEY_USAGE_SIGNING_WARNING);
  75 
  76         // verify signed jar
  77         analyzer = jarsigner(
  78                 "-verify",
  79                 "-verbose",
  80                 "-keystore", KEYSTORE,
  81                 "-storepass", PASSWORD,
  82                 "-keypass", PASSWORD,
  83                 SIGNED_JARFILE);
  84 
  85         checkVerifying(analyzer, 0, BAD_KEY_USAGE_VERIFYING_WARNING);
  86 
  87         // verify signed jar in strict mode
  88         analyzer = jarsigner(
  89                 "-verify",
  90                 "-verbose",
  91                 "-strict",
  92                 "-keystore", KEYSTORE,
  93                 "-storepass", PASSWORD,
  94                 "-keypass", PASSWORD,
  95                 SIGNED_JARFILE);
  96 
  97         checkVerifying(analyzer, BAD_KEY_USAGE_EXIT_CODE,
  98                 BAD_KEY_USAGE_VERIFYING_WARNING);
  99 
 100         System.out.println("Test passed");
 101     }
 102 
 103 }