1 /* 2 * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.io.FileInputStream; 25 import java.io.InputStream; 26 import java.security.KeyStore; 27 import java.security.cert.X509Certificate; 28 import java.util.Date; 29 import java.util.Locale; 30 import java.util.TimeZone; 31 32 import jdk.test.lib.process.OutputAnalyzer; 33 import jdk.test.lib.util.JarUtils; 34 35 /** 36 * @test 37 * @bug 8024302 8026037 8196213 38 * @summary Checks warnings if -tsa and -tsacert options are not specified 39 * @library /test/lib ../ 40 * @build jdk.test.lib.util.JarUtils 41 * @run main NoTimestampTest 42 */ 43 public class NoTimestampTest extends Test { 44 45 /** 46 * The test signs and verifies a jar file without -tsa and -tsacert options, 47 * and checks that proper warnings are shown. 48 */ 49 public static void main(String[] args) throws Throwable { 50 Locale reservedLocale = Locale.getDefault(); 51 Locale.setDefault(Locale.US); 52 53 try { 54 NoTimestampTest test = new NoTimestampTest(); 55 test.start(); 56 } finally { 57 // Restore the reserved locale 58 Locale.setDefault(reservedLocale); 59 } 60 } 61 62 private void start() throws Throwable { 63 String timezone = System.getProperty("user.timezone", "UTC"); 64 System.out.println(String.format("Timezone = %s", timezone)); 65 TimeZone.setDefault(TimeZone.getTimeZone(timezone)); 66 67 // create a jar file that contains one class file 68 Utils.createFiles(FIRST_FILE); 69 JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); 70 71 // create key pair 72 createAlias(CA_KEY_ALIAS); 73 createAlias(KEY_ALIAS); 74 issueCert(KEY_ALIAS, 75 "-validity", Integer.toString(VALIDITY)); 76 77 Date expirationDate = getCertExpirationDate(); 78 79 // sign jar file 80 OutputAnalyzer analyzer = jarsigner( 81 "-J-Duser.timezone=" + timezone, 82 "-keystore", KEYSTORE, 83 "-storepass", PASSWORD, 84 "-keypass", PASSWORD, 85 "-signedjar", SIGNED_JARFILE, 86 UNSIGNED_JARFILE, 87 KEY_ALIAS); 88 89 String warning = String.format(NO_TIMESTAMP_SIGNING_WARN_TEMPLATE, 90 expirationDate); 91 checkSigning(analyzer, warning); 92 93 // verify signed jar 94 analyzer = jarsigner( 95 "-J-Duser.timezone=" + timezone, 96 "-verify", 97 "-keystore", KEYSTORE, 98 "-storepass", PASSWORD, 99 "-keypass", PASSWORD, 100 SIGNED_JARFILE, 101 KEY_ALIAS); 102 103 warning = String.format(NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE, expirationDate); 104 checkVerifying(analyzer, 0, warning); 105 106 // verify signed jar in strict mode 107 analyzer = jarsigner( 108 "-J-Duser.timezone=" + timezone, 109 "-verify", 110 "-strict", 111 "-keystore", KEYSTORE, 112 "-storepass", PASSWORD, 113 "-keypass", PASSWORD, 114 SIGNED_JARFILE, 115 KEY_ALIAS); 116 117 checkVerifying(analyzer, 0, warning); 118 119 System.out.println("Test passed"); 120 } 121 122 private static Date getCertExpirationDate() throws Exception { 123 KeyStore ks = KeyStore.getInstance("JKS"); 124 try (InputStream in = new FileInputStream(KEYSTORE)) { 125 ks.load(in, PASSWORD.toCharArray()); 126 } 127 X509Certificate cert = (X509Certificate) ks.getCertificate(KEY_ALIAS); 128 return cert.getNotAfter(); 129 } 130 }