1 /*
   2  * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import jdk.testlibrary.OutputAnalyzer;
  25 import jdk.testlibrary.ProcessTools;
  26 import jdk.testlibrary.JarUtils;
  27 
  28 /**
  29  * @test
  30  * @bug 8024302 8026037
  31  * @summary The test signs and verifies a jar file with -tsacert option
  32  * @library /lib/testlibrary
  33  * @run main TsacertOptionTest
  34  */
  35 public class TsacertOptionTest {
  36 
  37     private static final String FS = System.getProperty("file.separator");
  38     private static final String JAVA_HOME = System.getProperty("test.jdk");
  39     private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS
  40             + "keytool";
  41     private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS
  42             + "jarsigner";
  43     private static final String UNSIGNED_JARFILE = "unsigned.jar";
  44     private static final String SIGNED_JARFILE = "signed.jar";
  45     private static final String FILENAME = TsacertOptionTest.class.getName()
  46             + ".txt";
  47     private static final String PASSWORD = "changeit";
  48     private static final String KEYSTORE = "ks.jks";
  49     private static final String SIGNING_KEY_ALIAS = "sign_alias";
  50     private static final String TSA_KEY_ALIAS = "ts";
  51     private static final String KEY_ALG = "RSA";
  52     private static final int KEY_SIZE = 2048;
  53     private static final int VALIDITY = 365;
  54     private static final String WARNING = "Warning:";
  55     private static final String JAR_SIGNED = "jar signed.";
  56     private static final String JAR_VERIFIED = "jar verified.";
  57 
  58     /**
  59      * The test signs and verifies a jar file with -tsacert option,
  60      * and checks that no warning was shown.
  61      * A certificate that is addressed in -tsacert option contains URL to TSA
  62      * in Subject Information Access extension.
  63      */
  64     public static void main(String[] args) throws Throwable {
  65         TsacertOptionTest test = new TsacertOptionTest();
  66         test.start();
  67     }
  68 
  69     void start() throws Throwable {
  70         // create a jar file that contains one file
  71         Utils.createFiles(FILENAME);
  72         JarUtils.createJar(UNSIGNED_JARFILE, FILENAME);
  73 
  74         // look for free network port for TSA service
  75         int port = jdk.testlibrary.Utils.getFreePort();
  76         String host = jdk.testlibrary.Utils.getHostname();
  77         String tsaUrl = "http://" + host + ":" + port;
  78 
  79         // create key pair for jar signing
  80         ProcessTools.executeCommand(KEYTOOL,
  81                 "-genkey",
  82                 "-alias", SIGNING_KEY_ALIAS,
  83                 "-keyalg", KEY_ALG,
  84                 "-keysize", Integer.toString(KEY_SIZE),
  85                 "-keystore", KEYSTORE,
  86                 "-storepass", PASSWORD,
  87                 "-keypass", PASSWORD,
  88                 "-dname", "CN=Test",
  89                 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
  90 
  91         // create key pair for TSA service
  92         // SubjectInfoAccess extension contains URL to TSA service
  93         ProcessTools.executeCommand(KEYTOOL,
  94                 "-genkey",
  95                 "-v",
  96                 "-alias", TSA_KEY_ALIAS,
  97                 "-keyalg", KEY_ALG,
  98                 "-keysize", Integer.toString(KEY_SIZE),
  99                 "-keystore", KEYSTORE,
 100                 "-storepass", PASSWORD,
 101                 "-keypass", PASSWORD,
 102                 "-dname", "CN=TSA",
 103                 "-ext", "ExtendedkeyUsage:critical=timeStamping",
 104                 "-ext", "SubjectInfoAccess=timeStamping:URI:" + tsaUrl,
 105                 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
 106 
 107         try (TimestampCheck.Handler tsa = TimestampCheck.Handler.init(port,
 108                 KEYSTORE);) {
 109 
 110             // start TSA
 111             tsa.start();
 112 
 113             // sign jar file
 114             // specify -tsadigestalg option because
 115             // TSA server uses SHA-1 digest algorithm
 116              OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
 117                     "-verbose",
 118                     "-keystore", KEYSTORE,
 119                     "-storepass", PASSWORD,
 120                     "-keypass", PASSWORD,
 121                     "-signedjar", SIGNED_JARFILE,
 122                     "-tsacert", TSA_KEY_ALIAS,
 123                     "-tsadigestalg", "SHA-1",
 124                     UNSIGNED_JARFILE,
 125                     SIGNING_KEY_ALIAS);
 126 
 127             analyzer.shouldHaveExitValue(0);
 128             analyzer.stdoutShouldNotContain(WARNING);
 129             analyzer.shouldContain(JAR_SIGNED);
 130 
 131             // verify signed jar
 132             analyzer = ProcessTools.executeCommand(JARSIGNER,
 133                     "-verbose",
 134                     "-verify",
 135                     "-keystore", KEYSTORE,
 136                     "-storepass", PASSWORD,
 137                     SIGNED_JARFILE);
 138 
 139             analyzer.shouldHaveExitValue(0);
 140             analyzer.stdoutShouldNotContain(WARNING);
 141             analyzer.shouldContain(JAR_VERIFIED);
 142         }
 143 
 144         System.out.println("Test passed");
 145     }
 146 
 147 }