1 /*
   2  * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 8048357
  27  * @summary Read signed data in one or more PKCS7 objects from individual files,
  28  * verify SignerInfos and certificate chain.
  29  * @run main PKCS7VerifyTest PKCS7TEST.DSA.base64
  30  * @run main PKCS7VerifyTest PKCS7TEST.DSA.base64 PKCS7TEST.SF
  31  */
  32 import java.io.ByteArrayInputStream;
  33 import java.io.File;
  34 import java.io.FileInputStream;
  35 import java.nio.file.Files;
  36 import java.nio.file.Path;
  37 import java.nio.file.Paths;
  38 import java.security.cert.X509Certificate;
  39 import java.util.Base64;
  40 import java.util.HashMap;
  41 import java.util.Map;
  42 import sun.security.pkcs.PKCS7;
  43 import sun.security.pkcs.SignerInfo;
  44 
  45 public class PKCS7VerifyTest {
  46 
  47     static final String TESTSRC = System.getProperty("test.src", ".");
  48     static final String FS = File.separator;
  49     static final String FILEPATH = TESTSRC + FS + "jarsigner" + FS + "META-INF"
  50             + FS;
  51 
  52     public static void main(String[] args) throws Exception {
  53         if (args.length == 0) {
  54             throw new RuntimeException("usage: java JarVerify <file1> <file2>");
  55         }
  56 
  57         // The command " java PKCS7VerifyTest file1 [file2] "
  58         // treats file1 as containing the DER encoding of a PKCS7 signed data
  59         // object. If file2 is absent, the program verifies that some signature
  60         // (SignerInfo) file1 correctly signs the data contained in the
  61         // ContentInfo component of the PKCS7 object encoded by file1. If file2
  62         // is present, the program verifies file1 contains a correct signature
  63         // for the contents of file2.
  64 
  65         PKCS7 pkcs7;
  66         byte[] data;
  67 
  68         // to avoid attaching binary DSA file, the DSA file was encoded
  69         // in Base64, decode encoded Base64 DSA file below
  70         byte[] base64Bytes = Files.readAllBytes(Paths.get(FILEPATH + args[0]));
  71         pkcs7 = new PKCS7(new ByteArrayInputStream(
  72                 Base64.getMimeDecoder().decode(base64Bytes)));
  73         if (args.length < 2) {
  74             data = null;
  75         } else {
  76             data = Files.readAllBytes(Paths.get(FILEPATH + args[1]));
  77 
  78         }
  79 
  80         SignerInfo[] signerInfos = pkcs7.verify(data);
  81 
  82         if (signerInfos == null) {
  83             throw new RuntimeException("no signers verify");
  84         }
  85         System.out.println("Verifying SignerInfos:");
  86         for (SignerInfo signerInfo : signerInfos) {
  87             System.out.println(signerInfo.toString());
  88         }
  89 
  90         X509Certificate certs[] = pkcs7.getCertificates();
  91 
  92         HashMap<String, X509Certificate> certTable = new HashMap(certs.length);
  93         for (X509Certificate cert : certs) {
  94             certTable.put(cert.getSubjectDN().toString(), cert);
  95         }
  96 
  97         // try to verify all the certs
  98         for (Map.Entry<String, X509Certificate> entry : certTable.entrySet()) {
  99 
 100             X509Certificate cert = entry.getValue();
 101             X509Certificate issuerCert = certTable
 102                     .get(cert.getIssuerDN().toString());
 103 
 104             System.out.println("Subject: " + cert.getSubjectDN());
 105             if (issuerCert == null) {
 106                 System.out.println("Issuer certificate not found");
 107             } else {
 108                 System.out.println("Issuer:  " + cert.getIssuerDN());
 109                 cert.verify(issuerCert.getPublicKey());
 110                 System.out.println("Cert verifies.");
 111             }
 112             System.out.println();
 113         }
 114     }
 115 
 116 }