1 /*
2 * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 import jdk.testlibrary.OutputAnalyzer;
25 import jdk.testlibrary.ProcessTools;
26 import jdk.testlibrary.JarUtils;
27
28 /**
29 * @test
30 * @bug 8024302 8026037
31 * @summary The test signs and verifies a jar file with -tsacert option
32 * @library /lib/testlibrary
33 * @modules java.base/sun.misc
34 * java.base/sun.security.pkcs
35 * java.base/sun.security.timestamp
36 * java.base/sun.security.util
37 * java.base/sun.security.x509
38 * java.management
39 * @run main TsacertOptionTest
40 */
41 public class TsacertOptionTest {
42
43 private static final String FS = System.getProperty("file.separator");
44 private static final String JAVA_HOME = System.getProperty("java.home");
45 private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS
46 + "keytool";
47 private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS
48 + "jarsigner";
49 private static final String UNSIGNED_JARFILE = "unsigned.jar";
50 private static final String SIGNED_JARFILE = "signed.jar";
51 private static final String FILENAME = TsacertOptionTest.class.getName()
52 + ".txt";
53 private static final String PASSWORD = "changeit";
54 private static final String KEYSTORE = "ks.jks";
55 private static final String SIGNING_KEY_ALIAS = "sign_alias";
56 private static final String TSA_KEY_ALIAS = "ts";
57 private static final String KEY_ALG = "RSA";
58 private static final int KEY_SIZE = 2048;
59 private static final int VALIDITY = 365;
60 private static final String WARNING = "Warning:";
61 private static final String JAR_SIGNED = "jar signed.";
62 private static final String JAR_VERIFIED = "jar verified.";
63
64 /**
65 * The test signs and verifies a jar file with -tsacert option,
66 * and checks that no warning was shown.
67 * A certificate that is addressed in -tsacert option contains URL to TSA
68 * in Subject Information Access extension.
69 */
70 public static void main(String[] args) throws Throwable {
71 TsacertOptionTest test = new TsacertOptionTest();
72 test.start();
73 }
74
75 void start() throws Throwable {
76 // create a jar file that contains one file
77 Utils.createFiles(FILENAME);
78 JarUtils.createJar(UNSIGNED_JARFILE, FILENAME);
79
80 // look for free network port for TSA service
81 int port = jdk.testlibrary.Utils.getFreePort();
82 String host = jdk.testlibrary.Utils.getHostname();
83 String tsaUrl = "http://" + host + ":" + port;
84
85 // create key pair for jar signing
86 ProcessTools.executeCommand(KEYTOOL,
87 "-genkey",
88 "-alias", SIGNING_KEY_ALIAS,
89 "-keyalg", KEY_ALG,
90 "-keysize", Integer.toString(KEY_SIZE),
91 "-keystore", KEYSTORE,
92 "-storepass", PASSWORD,
93 "-keypass", PASSWORD,
94 "-dname", "CN=Test",
95 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
96
97 // create key pair for TSA service
98 // SubjectInfoAccess extension contains URL to TSA service
99 ProcessTools.executeCommand(KEYTOOL,
100 "-genkey",
101 "-v",
102 "-alias", TSA_KEY_ALIAS,
103 "-keyalg", KEY_ALG,
104 "-keysize", Integer.toString(KEY_SIZE),
105 "-keystore", KEYSTORE,
106 "-storepass", PASSWORD,
107 "-keypass", PASSWORD,
108 "-dname", "CN=TSA",
109 "-ext", "ExtendedkeyUsage:critical=timeStamping",
110 "-ext", "SubjectInfoAccess=timeStamping:URI:" + tsaUrl,
111 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
112
113 try (TimestampCheck.Handler tsa = TimestampCheck.Handler.init(port,
114 KEYSTORE);) {
115
116 // start TSA
117 tsa.start();
118
119 // sign jar file
120 // specify -tsadigestalg option because
121 // TSA server uses SHA-1 digest algorithm
122 OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
123 "-verbose",
124 "-keystore", KEYSTORE,
125 "-storepass", PASSWORD,
126 "-keypass", PASSWORD,
127 "-signedjar", SIGNED_JARFILE,
128 "-tsacert", TSA_KEY_ALIAS,
129 "-tsadigestalg", "SHA-1",
130 UNSIGNED_JARFILE,
131 SIGNING_KEY_ALIAS);
132
133 analyzer.shouldHaveExitValue(0);
134 analyzer.stdoutShouldNotContain(WARNING);
135 analyzer.shouldContain(JAR_SIGNED);
136
137 // verify signed jar
138 analyzer = ProcessTools.executeCommand(JARSIGNER,
139 "-verbose",
140 "-verify",
141 "-keystore", KEYSTORE,
142 "-storepass", PASSWORD,
143 SIGNED_JARFILE);
144
145 analyzer.shouldHaveExitValue(0);
146 analyzer.stdoutShouldNotContain(WARNING);
147 analyzer.shouldContain(JAR_VERIFIED);
148 }
149
150 System.out.println("Test passed");
151 }
152
153 }