55 "-------w-", 56 "--------x", 57 "------rwx", 58 "r--r-----", 59 "r--r--r--", 60 "rw-rw----", 61 "rwxrwx---", 62 "rw-rw-r--", 63 "r-xr-x---", 64 "r-xr-xr-x", 65 "rwxrwxrwx"); 66 67 private final static String ZIPFILENAME = "8218021-test.zip"; 68 private final static String JARFILENAME = "8218021-test.jar"; 69 private final static URI JARURI = URI.create("jar:" + Path.of(JARFILENAME).toUri()); 70 private final static URI ZIPURI = URI.create("jar:" + Path.of(ZIPFILENAME).toUri()); 71 private static Path file; 72 private static int count; 73 private static Set<PosixFilePermission> permsSet; 74 private static String expectedJarPerms; 75 private static final String POSIXWARNING = "POSIX file permission attributes detected. " + 76 "These attributes are ignored when signing and are not protected by the signature."; 77 78 public static void main(String[] args) throws Exception { 79 if (!FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) { 80 System.out.println("No posix support. Skipping"); 81 return; 82 } 83 84 createFiles(); 85 // check permissions before signing 86 verifyFilePermissions(ZIPURI, true); 87 verifyFilePermissions(JARURI, false); 88 89 SecurityTools.keytool( 90 "-genkey", 91 "-keyalg", "RSA", 92 "-dname", "CN=Coffey, OU=JPG, O=Oracle, L=Santa Clara, ST=California, C=US", 93 "-alias", "examplekey", 94 "-storepass", "password", 95 "-keypass", "password", 96 "-keystore", "examplekeystore", 97 "-validity", "365") 98 .shouldHaveExitValue(0); 99 100 SecurityTools.jarsigner( 101 "-keystore", "examplekeystore", 102 "-verbose", ZIPFILENAME, 103 "-storepass", "password", 104 "-keypass", "password", 105 "examplekey") 106 .shouldHaveExitValue(0) 107 .shouldContain(POSIXWARNING); 108 109 // zip file now signed. Recheck file permissions 110 verifyFilePermissions(ZIPURI, true); 111 112 // sign jar file - no posix warning message expected 113 SecurityTools.jarsigner("-keystore", "examplekeystore", 114 "-verbose", JARFILENAME, 115 "-storepass", "password", 116 "-keypass", "password", 117 "examplekey") 118 .shouldHaveExitValue(0) 119 .shouldNotContain(POSIXWARNING); 120 121 // default attributes expected 122 verifyFilePermissions(JARURI, false); 123 124 SecurityTools.jarsigner("-keystore", "examplekeystore", 125 "-storepass", "password", 126 "-keypass", "password", 127 "-verbose", 128 "-verify", ZIPFILENAME) 129 .shouldHaveExitValue(0) 130 .shouldContain(POSIXWARNING); 131 132 // no warning expected for regular jar file 133 SecurityTools.jarsigner("-keystore", "examplekeystore", 134 "-storepass", "password", 135 "-keypass", "password", 136 "-verbose", 137 "-verify", JARFILENAME) 138 .shouldHaveExitValue(0) 139 .shouldNotContain(POSIXWARNING); 140 } 141 142 private static void createFiles() throws Exception { 143 144 String fileList = " "; 145 Map<String, String> env = new HashMap<>(); 146 env.put("create", "true"); 147 env.put("enablePosixFileAttributes", "true"); 148 149 try (FileSystem zipfs = FileSystems.newFileSystem(ZIPURI, env)) { 150 for (String s : perms) { 151 file = Path.of("test_" + count++); 152 fileList += file + " "; 153 permsSet = PosixFilePermissions.fromString(s); 154 Files.createFile(file); 155 156 Files.copy(file, 157 zipfs.getPath(file.toString()), 158 StandardCopyOption.COPY_ATTRIBUTES); 159 Files.setPosixFilePermissions(zipfs.getPath(file.toString()), permsSet); | 55 "-------w-", 56 "--------x", 57 "------rwx", 58 "r--r-----", 59 "r--r--r--", 60 "rw-rw----", 61 "rwxrwx---", 62 "rw-rw-r--", 63 "r-xr-x---", 64 "r-xr-xr-x", 65 "rwxrwxrwx"); 66 67 private final static String ZIPFILENAME = "8218021-test.zip"; 68 private final static String JARFILENAME = "8218021-test.jar"; 69 private final static URI JARURI = URI.create("jar:" + Path.of(JARFILENAME).toUri()); 70 private final static URI ZIPURI = URI.create("jar:" + Path.of(ZIPFILENAME).toUri()); 71 private static Path file; 72 private static int count; 73 private static Set<PosixFilePermission> permsSet; 74 private static String expectedJarPerms; 75 private static final String WARNING_MSG = "POSIX file permission and/or symlink " + 76 "attributes detected. These attributes are ignored when signing and are not " + 77 "protected by the signature."; 78 79 public static void main(String[] args) throws Exception { 80 if (!FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) { 81 System.out.println("No posix support. Skipping"); 82 return; 83 } 84 85 createFiles(); 86 // check permissions before signing 87 verifyFilePermissions(ZIPURI, true); 88 verifyFilePermissions(JARURI, false); 89 90 SecurityTools.keytool( 91 "-genkey", 92 "-keyalg", "RSA", 93 "-dname", "CN=Coffey, OU=JPG, O=Oracle, L=Santa Clara, ST=California, C=US", 94 "-alias", "examplekey", 95 "-storepass", "password", 96 "-keypass", "password", 97 "-keystore", "examplekeystore", 98 "-validity", "365") 99 .shouldHaveExitValue(0); 100 101 SecurityTools.jarsigner( 102 "-keystore", "examplekeystore", 103 "-verbose", ZIPFILENAME, 104 "-storepass", "password", 105 "-keypass", "password", 106 "examplekey") 107 .shouldHaveExitValue(0) 108 .shouldContain(WARNING_MSG); 109 110 // zip file now signed. Recheck file permissions 111 verifyFilePermissions(ZIPURI, true); 112 113 // sign jar file - no posix warning message expected 114 SecurityTools.jarsigner("-keystore", "examplekeystore", 115 "-verbose", JARFILENAME, 116 "-storepass", "password", 117 "-keypass", "password", 118 "examplekey") 119 .shouldHaveExitValue(0) 120 .shouldNotContain(WARNING_MSG); 121 122 // default attributes expected 123 verifyFilePermissions(JARURI, false); 124 125 SecurityTools.jarsigner("-keystore", "examplekeystore", 126 "-storepass", "password", 127 "-keypass", "password", 128 "-verbose", 129 "-verify", ZIPFILENAME) 130 .shouldHaveExitValue(0) 131 .shouldContain(WARNING_MSG); 132 133 // no warning expected for regular jar file 134 SecurityTools.jarsigner("-keystore", "examplekeystore", 135 "-storepass", "password", 136 "-keypass", "password", 137 "-verbose", 138 "-verify", JARFILENAME) 139 .shouldHaveExitValue(0) 140 .shouldNotContain(WARNING_MSG); 141 } 142 143 private static void createFiles() throws Exception { 144 145 String fileList = " "; 146 Map<String, String> env = new HashMap<>(); 147 env.put("create", "true"); 148 env.put("enablePosixFileAttributes", "true"); 149 150 try (FileSystem zipfs = FileSystems.newFileSystem(ZIPURI, env)) { 151 for (String s : perms) { 152 file = Path.of("test_" + count++); 153 fileList += file + " "; 154 permsSet = PosixFilePermissions.fromString(s); 155 Files.createFile(file); 156 157 Files.copy(file, 158 zipfs.getPath(file.toString()), 159 StandardCopyOption.COPY_ATTRIBUTES); 160 Files.setPosixFilePermissions(zipfs.getPath(file.toString()), permsSet); |