1 /* 2 * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.io.File; 25 import java.nio.file.Files; 26 import java.nio.file.Paths; 27 import java.security.AccessControlException; 28 import java.security.AccessController; 29 import java.security.Permission; 30 import java.security.PrivilegedAction; 31 import jdk.test.lib.process.ProcessTools; 32 33 /** 34 * @test 35 * @bug 8048360 36 * @summary test policy entry with signedBy alias 37 * @library /test/lib 38 * @run main/othervm SignedJarTest 39 */ 40 public class SignedJarTest { 41 42 private static final String FS = File.separator; 43 private static final String JAVA_HOME = System.getProperty("test.jdk"); 44 private static final String TESTCLASSES = System.getProperty("test.classes", ""); 45 private static final String TESTSRC = System.getProperty("test.src", ""); 46 private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS + "keytool"; 47 private static final String JAR = JAVA_HOME + FS + "bin" + FS + "jar"; 48 private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS + "jarsigner"; 49 private static final String PASSWORD = "password"; 50 private static final String PWDFILE = "keypass"; 51 private static final String POLICY1 = "SignedJarTest_1.policy"; 52 private static final String POLICY2 = "SignedJarTest_2.policy"; 53 private static final String KEYSTORE1 = "both.jks"; 54 private static final String KEYSTORE2 = "first.jks"; 55 56 public static void main(String args[]) throws Throwable { 57 //copy PrivilegeTest.class, policy files and keystore password file into current direcotry 58 Files.copy(Paths.get(TESTCLASSES, "PrivilegeTest.class"), Paths.get("PrivilegeTest.class")); 59 Files.copy(Paths.get(TESTSRC, POLICY1), Paths.get(POLICY1)); 60 Files.copy(Paths.get(TESTSRC, POLICY2), Paths.get(POLICY2)); 61 Files.copy(Paths.get(TESTSRC, PWDFILE), Paths.get(PWDFILE)); 62 63 //create Jar file 64 ProcessTools.executeCommand(JAR, "-cvf", "test.jar", "PrivilegeTest.class"); 65 66 //Creating first key , keystore both.jks 67 ProcessTools.executeCommand(KEYTOOL, 68 "-genkey", 69 "-alias", "first", 70 "-keystore", KEYSTORE1, 71 "-keypass", PASSWORD, 72 "-dname", "cn=First", 73 "-storepass", PASSWORD 74 ).shouldHaveExitValue(0); 75 76 //Creating Second key, keystore both.jks 77 ProcessTools.executeCommand(KEYTOOL, 78 "-genkey", 79 // "-storetype","JKS", 80 "-alias", "second", 81 "-keystore", KEYSTORE1, 82 "-keypass", PASSWORD, 83 "-dname", "cn=Second", 84 "-storepass", PASSWORD 85 ).shouldHaveExitValue(0); 86 87 //copy both.jks to first.jks, remove second Keypair from first.jks 88 Files.copy(Paths.get(KEYSTORE1), Paths.get(KEYSTORE2)); 89 ProcessTools.executeCommand(KEYTOOL, 90 "-delete", 91 "-keystore", KEYSTORE2, 92 "-alias", "second", 93 "-storepass", PASSWORD 94 ).shouldHaveExitValue(0); 95 96 //sign jar with first key, first.jar is only signed by first signer 97 ProcessTools.executeCommand(JARSIGNER, 98 "-keystore", KEYSTORE1, 99 "-storepass", PASSWORD, 100 "-keypass", PASSWORD, 101 "-signedjar", "first.jar", "test.jar", 102 "first").shouldHaveExitValue(0); 103 104 //sign jar with second key, both.jar is signed by first and second signer 105 ProcessTools.executeCommand(JARSIGNER, 106 "-keystore", KEYSTORE1, 107 "-storepass", PASSWORD, 108 "-keypass", PASSWORD, 109 "-signedjar", "both.jar", "first.jar", 110 "second").shouldHaveExitValue(0); 111 112 //test case 1 113 //setIO permission granted to code that was signed by first signer 114 //setFactory permission granted to code that was signed by second signer 115 //Keystore that contains both first and second keypairs 116 //code was singed by first signer 117 //Expect AccessControlException for setFactory permission 118 System.out.println("Test Case 1"); 119 //copy policy file into current directory 120 String[] cmd = constructCMD("first.jar", POLICY1, "false", "true"); 121 ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0); 122 123 //test case 2, test with both.jar 124 //setIO permission granted to code that was signed by first signer 125 //setFactory permission granted to code that was signed by second signer 126 //Keystore that contains both first and second keypairs 127 //code was singed by first signer and second signer 128 //Expect no AccessControlException 129 System.out.println("Test Case 2"); 130 cmd = constructCMD("both.jar", POLICY1, "false", "false"); 131 ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0); 132 133 //test case 3 134 //setIO permission granted to code that was signed by first signer 135 //setFactory permission granted to code that was signed by second signer 136 //Keystore that contains only first keypairs 137 //code was singed by first signer and second signer 138 //Expect AccessControlException for setFactory permission 139 System.out.println("Test Case 3"); 140 cmd = constructCMD("both.jar", POLICY2, "false", "true"); 141 ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0); 142 143 } 144 145 private static String[] constructCMD(String classpath, String policy, String arg1, String arg2) { 146 String[] cmd = { 147 "-classpath", classpath, 148 "-Djava.security.manager", 149 "-Djava.security.policy=" + policy, 150 "PrivilegeTest", 151 arg1, arg2}; 152 return cmd; 153 } 154 } 155 156 class PrivilegeTest { 157 158 private static final Permission PERM1 = new RuntimePermission("setIO"); 159 private static final Permission PERM2 = new RuntimePermission("setFactory"); 160 161 public static void main(String args[]) { 162 boolean expectException1 = Boolean.parseBoolean(args[0]); 163 boolean expectException2 = Boolean.parseBoolean(args[1]); 164 test(PERM1, expectException1); 165 test(PERM2, expectException2); 166 } 167 168 public static void test(Permission perm, boolean expectException) { 169 boolean getException = (Boolean) AccessController.doPrivileged((PrivilegedAction) () -> { 170 try { 171 AccessController.checkPermission(perm); 172 return (Boolean) false; 173 } catch (AccessControlException ex) { 174 return (Boolean) true; 175 } 176 }); 177 178 if (expectException ^ getException) { 179 String message = "Check Permission :" + perm + "\n ExpectException = " 180 + expectException + "\n getException = " + getException; 181 throw new RuntimeException(message); 182 } 183 184 } 185 186 }