1 /*
2 * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 import jdk.test.lib.process.OutputAnalyzer;
25 import jdk.test.lib.process.ProcessTools;
26
27 import java.util.ArrayList;
28 import java.util.Arrays;
29 import java.util.List;
30
31 /**
32 * Base class.
33 */
34 public abstract class Test {
35
36 static final String TEST_SOURCES = System.getProperty("test.src", ".");
37 static final String TEST_CLASSES = System.getProperty("test.classes");
38 static final String FS = System.getProperty("file.separator");
39 static final String JAVA_HOME = System.getProperty("java.home");
40 static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS + "keytool";
41 static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS + "jarsigner";
42 static final String UNSIGNED_JARFILE = "unsigned.jar";
43 static final String SIGNED_JARFILE = "signed.jar";
44 static final String UPDATED_SIGNED_JARFILE = "updated_signed.jar";
45 static final String FIRST_FILE = "first.txt";
46 static final String SECOND_FILE = "second.txt";
47 static final String PASSWORD = "password";
48 static final String FIRST_KEY_KEYSTORE = "first_key.jks";
49 static final String KEYSTORE = "keystore.jks";
50 static final String FIRST_KEY_ALIAS = "first";
51 static final String SECOND_KEY_ALIAS = "second";
52 static final String KEY_ALG = "RSA";
53 static final String KEY_ALIAS = "alias";
54 static final String CERT_REQUEST_FILENAME = "test.req";
55 static final String CERT_FILENAME = "test.crt";
56 static final String CA_KEY_ALIAS = "ca";
57 static final String CA2_KEY_ALIAS = "ca2";
58 static final int KEY_SIZE = 2048;
59 static final int TIMEOUT = 6 * 60 * 1000; // in millis
60 static final int VALIDITY = 365;
61
62 static final String WARNING = "Warning:";
63 static final String WARNING_OR_ERROR = "(Warning|Error):";
64
65 static final String CHAIN_NOT_VALIDATED_VERIFYING_WARNING
66 = "This jar contains entries "
67 + "whose certificate chain is invalid.";
68
69 static final String ALIAS_NOT_IN_STORE_VERIFYING_WARNING
70 = "This jar contains signed entries "
71 + "that are not signed by alias in this keystore.";
72
73 static final String BAD_EXTENDED_KEY_USAGE_SIGNING_WARNING
74 = "The signer certificate's ExtendedKeyUsage extension "
75 + "doesn't allow code signing.";
76
77 static final String BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING
78 = "This jar contains entries whose signer certificate's "
79 + "ExtendedKeyUsage extension doesn't allow code signing.";
80
81 static final String BAD_KEY_USAGE_SIGNING_WARNING
82 = "The signer certificate's KeyUsage extension "
83 + "doesn't allow code signing.";
84
85 static final String BAD_KEY_USAGE_VERIFYING_WARNING
86 = "This jar contains entries whose signer certificate's KeyUsage "
87 + "extension doesn't allow code signing.";
88
89 static final String BAD_NETSCAPE_CERT_TYPE_SIGNING_WARNING
90 = "The signer certificate's NetscapeCertType extension "
91 + "doesn't allow code signing.";
92
93 static final String BAD_NETSCAPE_CERT_TYPE_VERIFYING_WARNING
94 = "This jar contains entries "
95 + "whose signer certificate's NetscapeCertType extension "
96 + "doesn't allow code signing.";
97
98 static final String CHAIN_NOT_VALIDATED_SIGNING_WARNING
99 = "The signer's certificate chain is invalid.";
100
101 static final String HAS_EXPIRING_CERT_SIGNING_WARNING
102 = "The signer certificate will expire within six months.";
103
104 static final String HAS_EXPIRING_CERT_VERIFYING_WARNING
105 = "This jar contains entries "
106 + "whose signer certificate will expire within six months.";
107
108 static final String HAS_EXPIRED_CERT_SIGNING_WARNING
109 = "The signer certificate has expired.";
110
111 static final String HAS_EXPIRED_CERT_VERIFYING_WARNING
112 = "This jar contains entries whose signer certificate has expired.";
113
114 static final String HAS_UNSIGNED_ENTRY_VERIFYING_WARNING
115 = "This jar contains unsigned entries "
116 + "which have not been integrity-checked.";
117
118 static final String NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING
119 = "This jar contains signed entries "
120 + "which are not signed by the specified alias(es).";
121
122 static final String NO_TIMESTAMP_SIGNING_WARN_TEMPLATE
123 = "No -tsa or -tsacert is provided "
124 + "and this jar is not timestamped. "
125 + "Without a timestamp, users may not be able to validate this jar "
126 + "after the signer certificate's expiration date "
127 + "(%1$tY-%1$tm-%1$td).";
128
129 static final String NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE
130 = "This jar contains signatures that do not include a timestamp. "
131 + "Without a timestamp, users may not be able to validate this jar "
132 + "after any of the signer certificates expire "
133 + "(as early as %1$tY-%1$tm-%1$td).";
134
135 static final String NOT_YET_VALID_CERT_SIGNING_WARNING
136 = "The signer certificate is not yet valid.";
137
138 static final String NOT_YET_VALID_CERT_VERIFYING_WARNING
139 = "This jar contains entries "
140 + "whose signer certificate is not yet valid.";
141
142 static final String JAR_SIGNED = "jar signed.";
143
144 static final String JAR_VERIFIED = "jar verified.";
145
146 static final String JAR_VERIFIED_WITH_SIGNER_ERRORS
147 = "jar verified, with signer errors.";
148
149 static final int CHAIN_NOT_VALIDATED_EXIT_CODE = 4;
150 static final int HAS_EXPIRED_CERT_EXIT_CODE = 4;
151 static final int BAD_KEY_USAGE_EXIT_CODE = 8;
152 static final int BAD_EXTENDED_KEY_USAGE_EXIT_CODE = 8;
153 static final int BAD_NETSCAPE_CERT_TYPE_EXIT_CODE = 8;
154 static final int HAS_UNSIGNED_ENTRY_EXIT_CODE = 16;
155 static final int ALIAS_NOT_IN_STORE_EXIT_CODE = 32;
156 static final int NOT_SIGNED_BY_ALIAS_EXIT_CODE = 32;
157
158 protected void createAlias(String alias, String ... options)
159 throws Throwable {
160 List<String> cmd = new ArrayList<>();
161 cmd.addAll(List.of(
162 "-genkeypair",
163 "-alias", alias,
164 "-keyalg", KEY_ALG,
165 "-keysize", Integer.toString(KEY_SIZE),
166 "-keystore", KEYSTORE,
167 "-storepass", PASSWORD,
168 "-keypass", PASSWORD,
169 "-dname", "CN=" + alias));
170 cmd.addAll(Arrays.asList(options));
171
172 keytool(cmd.toArray(new String[cmd.size()]))
173 .shouldHaveExitValue(0);
174 }
175
176 protected void issueCert(String alias, String ... options)
177 throws Throwable {
178 keytool("-certreq",
179 "-alias", alias,
180 "-keystore", KEYSTORE,
181 "-storepass", PASSWORD,
182 "-keypass", PASSWORD,
183 "-file", alias + ".req")
184 .shouldHaveExitValue(0);
185
186 List<String> cmd = new ArrayList<>();
187 cmd.addAll(List.of(
188 "-gencert",
189 "-alias", CA_KEY_ALIAS,
190 "-infile", alias + ".req",
191 "-outfile", alias + ".cert",
192 "-keystore", KEYSTORE,
193 "-storepass", PASSWORD,
194 "-keypass", PASSWORD,
195 "-file", alias + ".req"));
196 cmd.addAll(Arrays.asList(options));
197
198 keytool(cmd.toArray(new String[cmd.size()]))
199 .shouldHaveExitValue(0);
200
201 keytool("-importcert",
202 "-alias", alias,
203 "-keystore", KEYSTORE,
204 "-storepass", PASSWORD,
205 "-keypass", PASSWORD,
206 "-file", alias + ".cert")
207 .shouldHaveExitValue(0);
208 }
209
210 protected void checkVerifying(OutputAnalyzer analyzer, int expectedExitCode,
211 String... warnings) {
212 analyzer.shouldHaveExitValue(expectedExitCode);
213 int count = 0;
214 for (String warning : warnings) {
215 if (warning.startsWith("!")) {
216 analyzer.shouldNotContain(warning.substring(1));
217 } else {
218 count++;
219 analyzer.shouldContain(warning);
220 }
221 }
222 if (count > 0) {
223 analyzer.shouldMatch(WARNING_OR_ERROR);
224 }
225 if (expectedExitCode == 0) {
226 analyzer.shouldContain(JAR_VERIFIED);
227 } else {
228 analyzer.shouldContain(JAR_VERIFIED_WITH_SIGNER_ERRORS);
229 }
230 }
231
232 protected void checkSigning(OutputAnalyzer analyzer, String... warnings) {
233 analyzer.shouldHaveExitValue(0);
234 int count = 0;
235 for (String warning : warnings) {
236 if (warning.startsWith("!")) {
237 analyzer.shouldNotContain(warning.substring(1));
238 } else {
239 count++;
240 analyzer.shouldContain(warning);
241 }
242 }
243 if (count > 0) {
244 analyzer.shouldMatch(WARNING_OR_ERROR);
245 }
246 analyzer.shouldContain(JAR_SIGNED);
247 }
248
249 protected OutputAnalyzer keytool(String... cmd) throws Throwable {
250 return tool(KEYTOOL, cmd);
251 }
252
253 protected OutputAnalyzer jarsigner(String... cmd) throws Throwable {
254 return tool(JARSIGNER, cmd);
255 }
256
257 private OutputAnalyzer tool(String tool, String... args) throws Throwable {
258 List<String> cmd = new ArrayList<>();
259 cmd.add(tool);
260 cmd.add("-J-Duser.language=en");
261 cmd.add("-J-Duser.country=US");
262 cmd.addAll(Arrays.asList(args));
263 return ProcessTools.executeCommand(cmd.toArray(new String[cmd.size()]));
264 }
265 }