1 /*
2 * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 import jdk.testlibrary.OutputAnalyzer;
25 import jdk.testlibrary.ProcessTools;
26 import jdk.testlibrary.JarUtils;
27
28 /**
29 * @test
30 * @bug 8024302 8026037
31 * @summary Test for badKeyUsage warning
32 * @library /lib/testlibrary ../
33 * @ignore until 8026393 is fixed
34 * @run main BadKeyUsageTest
35 */
36 public class BadKeyUsageTest extends Test {
37
38 /**
39 * The test signs and verifies a jar that contains entries
40 * whose signer certificate's KeyUsage extension
41 * doesn't allow code signing (badKeyUsage).
42 * Warning message is expected.
43 */
44 public static void main(String[] args) throws Throwable {
45 BadKeyUsageTest test = new BadKeyUsageTest();
46 test.start();
47 }
48
49 private void start() throws Throwable {
50 // create a jar file that contains one class file
51 Utils.createFiles(FIRST_FILE);
52 JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
53
54 // create a certificate whose signer certificate's KeyUsage extension
55 // doesn't allow code signing
56 ProcessTools.executeCommand(KEYTOOL,
57 "-genkey",
58 "-alias", KEY_ALIAS,
59 "-keyalg", KEY_ALG,
60 "-keysize", Integer.toString(KEY_SIZE),
61 "-keystore", KEYSTORE,
62 "-storepass", PASSWORD,
63 "-keypass", PASSWORD,
64 "-dname", "CN=Test",
65 "-ext", "KeyUsage=keyAgreement",
66 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
67
68 // sign jar
69 OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
70 "-verbose",
71 "-keystore", KEYSTORE,
72 "-storepass", PASSWORD,
73 "-keypass", PASSWORD,
74 "-signedjar", SIGNED_JARFILE,
75 UNSIGNED_JARFILE,
76 KEY_ALIAS);
77
78 checkSigning(analyzer, BAD_KEY_USAGE_SIGNING_WARNING);
79
80 // verify signed jar
81 analyzer = ProcessTools.executeCommand(JARSIGNER,
82 "-verify",
83 "-verbose",
84 "-keystore", KEYSTORE,
85 "-storepass", PASSWORD,
86 "-keypass", PASSWORD,
87 SIGNED_JARFILE);
88
89 checkVerifying(analyzer, 0, BAD_KEY_USAGE_VERIFYING_WARNING);
90
91 // verify signed jar in strict mode
92 analyzer = ProcessTools.executeCommand(JARSIGNER,
93 "-verify",
94 "-verbose",
95 "-strict",
96 "-keystore", KEYSTORE,
97 "-storepass", PASSWORD,
98 "-keypass", PASSWORD,
99 SIGNED_JARFILE);
100
101 checkVerifying(analyzer, BAD_KEY_USAGE_EXIT_CODE,
102 BAD_KEY_USAGE_VERIFYING_WARNING);
103
104 System.out.println("Test passed");
105 }
106
107 }