1 /* 2 * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import jdk.testlibrary.OutputAnalyzer; 25 import jdk.testlibrary.ProcessTools; 26 import jdk.testlibrary.JarUtils; 27 28 /** 29 * @test 30 * @bug 8024302 8026037 31 * @summary The test signs and verifies a jar file with -tsacert option 32 * @library /lib/testlibrary 33 * @modules java.base/sun.misc 34 * java.base/sun.security.pkcs 35 * java.base/sun.security.timestamp 36 * java.base/sun.security.util 37 * java.base/sun.security.x509 38 * java.management 39 * @run main TsacertOptionTest 40 */ 41 public class TsacertOptionTest { 42 43 private static final String FS = System.getProperty("file.separator"); 44 private static final String JAVA_HOME = System.getProperty("java.home"); 45 private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS 46 + "keytool"; 47 private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS 48 + "jarsigner"; 49 private static final String UNSIGNED_JARFILE = "unsigned.jar"; 50 private static final String SIGNED_JARFILE = "signed.jar"; 51 private static final String FILENAME = TsacertOptionTest.class.getName() 52 + ".txt"; 53 private static final String PASSWORD = "changeit"; 54 private static final String KEYSTORE = "ks.jks"; 55 private static final String SIGNING_KEY_ALIAS = "sign_alias"; 56 private static final String TSA_KEY_ALIAS = "ts"; 57 private static final String KEY_ALG = "RSA"; 58 private static final int KEY_SIZE = 2048; 59 private static final int VALIDITY = 365; 60 private static final String WARNING = "Warning:"; 61 private static final String JAR_SIGNED = "jar signed."; 62 private static final String JAR_VERIFIED = "jar verified."; 63 64 /** 65 * The test signs and verifies a jar file with -tsacert option, 66 * and checks that no warning was shown. 67 * A certificate that is addressed in -tsacert option contains URL to TSA 68 * in Subject Information Access extension. 69 */ 70 public static void main(String[] args) throws Throwable { 71 TsacertOptionTest test = new TsacertOptionTest(); 72 test.start(); 73 } 74 75 void start() throws Throwable { 76 // create a jar file that contains one file 77 Utils.createFiles(FILENAME); 78 JarUtils.createJar(UNSIGNED_JARFILE, FILENAME); 79 80 // look for free network port for TSA service 81 int port = jdk.testlibrary.Utils.getFreePort(); 82 String host = jdk.testlibrary.Utils.getHostname(); 83 String tsaUrl = "http://" + host + ":" + port; 84 85 // create key pair for jar signing 86 ProcessTools.executeCommand(KEYTOOL, 87 "-genkey", 88 "-alias", SIGNING_KEY_ALIAS, 89 "-keyalg", KEY_ALG, 90 "-keysize", Integer.toString(KEY_SIZE), 91 "-keystore", KEYSTORE, 92 "-storepass", PASSWORD, 93 "-keypass", PASSWORD, 94 "-dname", "CN=Test", 95 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); 96 97 // create key pair for TSA service 98 // SubjectInfoAccess extension contains URL to TSA service 99 ProcessTools.executeCommand(KEYTOOL, 100 "-genkey", 101 "-v", 102 "-alias", TSA_KEY_ALIAS, 103 "-keyalg", KEY_ALG, 104 "-keysize", Integer.toString(KEY_SIZE), 105 "-keystore", KEYSTORE, 106 "-storepass", PASSWORD, 107 "-keypass", PASSWORD, 108 "-dname", "CN=TSA", 109 "-ext", "ExtendedkeyUsage:critical=timeStamping", 110 "-ext", "SubjectInfoAccess=timeStamping:URI:" + tsaUrl, 111 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); 112 113 try (TimestampCheck.Handler tsa = TimestampCheck.Handler.init(port, 114 KEYSTORE);) { 115 116 // start TSA 117 tsa.start(); 118 119 // sign jar file 120 // specify -tsadigestalg option because 121 // TSA server uses SHA-1 digest algorithm 122 OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, 123 "-verbose", 124 "-keystore", KEYSTORE, 125 "-storepass", PASSWORD, 126 "-keypass", PASSWORD, 127 "-signedjar", SIGNED_JARFILE, 128 "-tsacert", TSA_KEY_ALIAS, 129 "-tsadigestalg", "SHA-1", 130 UNSIGNED_JARFILE, 131 SIGNING_KEY_ALIAS); 132 133 analyzer.shouldHaveExitValue(0); 134 analyzer.stdoutShouldNotContain(WARNING); 135 analyzer.shouldContain(JAR_SIGNED); 136 137 // verify signed jar 138 analyzer = ProcessTools.executeCommand(JARSIGNER, 139 "-verbose", 140 "-verify", 141 "-keystore", KEYSTORE, 142 "-storepass", PASSWORD, 143 SIGNED_JARFILE); 144 145 analyzer.shouldHaveExitValue(0); 146 analyzer.stdoutShouldNotContain(WARNING); 147 analyzer.shouldContain(JAR_VERIFIED); 148 } 149 150 System.out.println("Test passed"); 151 } 152 153 }