New test/jdk/sun/security/tools/jarsigner/warnings/NoTimestampTest.java

   1 /*
   2  * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import java.io.FileInputStream;
  25 import java.io.InputStream;
  26 import java.security.KeyStore;
  27 import java.security.cert.X509Certificate;
  28 import java.util.Date;
  29 import java.util.Locale;
  30 import java.util.TimeZone;
  31 
  32 import jdk.test.lib.process.OutputAnalyzer;
  33 import jdk.test.lib.util.JarUtils;
  34 
  35 /**
  36  * @test
  37  * @bug 8024302 8026037 8196213
  38  * @summary Checks warnings if -tsa and -tsacert options are not specified
  39  * @library /test/lib ../
  40  * @build jdk.test.lib.util.JarUtils
  41  * @run main NoTimestampTest
  42  */
  43 public class NoTimestampTest extends Test {
  44 
  45     /**
  46      * The test signs and verifies a jar file without -tsa and -tsacert options,
  47      * and checks that proper warnings are shown.
  48      */
  49     public static void main(String[] args) throws Throwable {
  50         Locale reservedLocale = Locale.getDefault();
  51         Locale.setDefault(Locale.US);
  52 
  53         try {
  54             NoTimestampTest test = new NoTimestampTest();
  55             test.start();
  56         } finally {
  57             // Restore the reserved locale
  58             Locale.setDefault(reservedLocale);
  59         }
  60     }
  61 
  62     private void start() throws Throwable {
  63         String timezone = System.getProperty("user.timezone", "UTC");
  64         System.out.println(String.format("Timezone = %s", timezone));
  65         TimeZone.setDefault(TimeZone.getTimeZone(timezone));
  66 
  67         // create a jar file that contains one class file
  68         Utils.createFiles(FIRST_FILE);
  69         JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
  70 
  71         // create key pair
  72         createAlias(CA_KEY_ALIAS);
  73         createAlias(KEY_ALIAS);
  74         issueCert(KEY_ALIAS,
  75                 "-validity", Integer.toString(VALIDITY));
  76 
  77         Date expirationDate = getCertExpirationDate();
  78 
  79         // sign jar file
  80         OutputAnalyzer analyzer = jarsigner(
  81                 "-J-Duser.timezone=" + timezone,
  82                 "-keystore", KEYSTORE,
  83                 "-storepass", PASSWORD,
  84                 "-keypass", PASSWORD,
  85                 "-signedjar", SIGNED_JARFILE,
  86                 UNSIGNED_JARFILE,
  87                 KEY_ALIAS);
  88 
  89         String warning = String.format(NO_TIMESTAMP_SIGNING_WARN_TEMPLATE,
  90                 expirationDate);
  91         checkSigning(analyzer, warning);
  92 
  93         // verify signed jar
  94         analyzer = jarsigner(
  95                 "-J-Duser.timezone=" + timezone,
  96                 "-verify",
  97                 "-keystore", KEYSTORE,
  98                 "-storepass", PASSWORD,
  99                 "-keypass", PASSWORD,
 100                 SIGNED_JARFILE,
 101                 KEY_ALIAS);
 102 
 103         warning = String.format(NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE, expirationDate);
 104         checkVerifying(analyzer, 0, warning);
 105 
 106         // verify signed jar in strict mode
 107         analyzer = jarsigner(
 108                 "-J-Duser.timezone=" + timezone,
 109                 "-verify",
 110                 "-strict",
 111                 "-keystore", KEYSTORE,
 112                 "-storepass", PASSWORD,
 113                 "-keypass", PASSWORD,
 114                 SIGNED_JARFILE,
 115                 KEY_ALIAS);
 116 
 117         checkVerifying(analyzer, 0, warning);
 118 
 119         System.out.println("Test passed");
 120     }
 121 
 122     private static Date getCertExpirationDate() throws Exception {
 123         KeyStore ks = KeyStore.getInstance("JKS");
 124         try (InputStream in = new FileInputStream(KEYSTORE)) {
 125             ks.load(in, PASSWORD.toCharArray());
 126         }
 127         X509Certificate cert = (X509Certificate) ks.getCertificate(KEY_ALIAS);
 128         return cert.getNotAfter();
 129     }
 130 }