1 /* 2 * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 8047305 8075618 27 * @summary Tests jarsigner tool and JarSigner API work with multi-release JAR files. 28 * @library /test/lib 29 * @build jdk.test.lib.compiler.CompilerUtils 30 * jdk.test.lib.Utils 31 * jdk.test.lib.Asserts 32 * jdk.test.lib.JDKToolFinder 33 * jdk.test.lib.JDKToolLauncher 34 * jdk.test.lib.Platform 35 * jdk.test.lib.process.* 36 * @run main MVJarSigningTest 37 */ 38 39 import jdk.security.jarsigner.JarSigner; 40 41 import java.io.BufferedReader; 42 import java.io.File; 43 import java.io.FileInputStream; 44 import java.io.FileOutputStream; 45 import java.io.IOException; 46 import java.io.InputStreamReader; 47 import java.nio.file.Files; 48 import java.nio.file.Path; 49 import java.nio.file.Paths; 50 import java.security.KeyStore; 51 import java.security.PrivateKey; 52 import java.security.cert.Certificate; 53 import java.security.cert.CertificateFactory; 54 import java.util.ArrayList; 55 import java.util.Arrays; 56 import java.util.Collections; 57 import java.util.List; 58 import java.util.concurrent.TimeUnit; 59 import java.util.jar.JarFile; 60 import java.util.stream.Stream; 61 import java.util.zip.ZipEntry; 62 import java.util.zip.ZipFile; 63 import java.util.zip.ZipOutputStream; 64 65 import jdk.test.lib.JDKToolFinder; 66 import jdk.test.lib.JDKToolLauncher; 67 import jdk.test.lib.Utils; 68 import jdk.test.lib.compiler.CompilerUtils; 69 import jdk.test.lib.process.OutputAnalyzer; 70 import jdk.test.lib.process.ProcessTools; 71 72 73 public class MVJarSigningTest { 74 75 private static final String TEST_SRC = System.getProperty("test.src", "."); 76 private static final String USR_DIR = System.getProperty("user.dir", "."); 77 private static final String JAR_NAME = "MV.jar"; 78 private static final String KEYSTORE = "keystore.jks"; 79 private static final String ALIAS = "JavaTest"; 80 private static final String STOREPASS = "changeit"; 81 private static final String KEYPASS = "changeit"; 82 private static final String SIGNED_JAR = "Signed.jar"; 83 private static final String POLICY_FILE = "SignedJar.policy"; 84 private static final String VERSION = "" + Runtime.version().major(); 85 private static final String VERSION_MESSAGE = "I am running on version " + VERSION; 86 87 public static void main(String[] args) throws Throwable { 88 // compile java files in jarContent directory 89 compile("jarContent"); 90 91 // create multi-release jar 92 Path classes = Paths.get("classes"); 93 jar("cf", JAR_NAME, "-C", classes.resolve("base").toString(), ".", 94 "--release", "9", "-C", classes.resolve("v9").toString(), ".", 95 "--release", "10", "-C", classes.resolve("v10").toString(), ".") 96 .shouldHaveExitValue(0); 97 98 genKey(); 99 signJar(JAR_NAME) 100 .shouldHaveExitValue(0) 101 .shouldMatch("signing.*META-INF/versions/9/version/Version.class") 102 .shouldMatch("signing.*META-INF/versions/10/version/Version.class") 103 .shouldMatch("signing.*version/Main.class") 104 .shouldMatch("signing.*version/Version.class"); 105 verify(SIGNED_JAR); 106 107 // test with JarSigner API 108 Files.deleteIfExists(Paths.get(SIGNED_JAR)); 109 signWithJarSignerAPI(JAR_NAME); 110 verify(SIGNED_JAR); 111 112 // test Permission granted 113 File keypass = new File("keypass"); 114 try (FileOutputStream fos = new FileOutputStream(keypass)) { 115 fos.write(KEYPASS.getBytes()); 116 } 117 String[] cmd = { 118 "-classpath", SIGNED_JAR, 119 "-Djava.security.manager", 120 "-Djava.security.policy=" + 121 TEST_SRC + File.separator + POLICY_FILE, 122 "version.Main"}; 123 ProcessTools.executeTestJvm(cmd) 124 .shouldHaveExitValue(0) 125 .shouldContain(VERSION_MESSAGE); 126 } 127 128 private static void compile (String jarContent_path) throws Throwable { 129 Path classes = Paths.get(USR_DIR, "classes", "base"); 130 Path source = Paths.get(TEST_SRC, jarContent_path, "base", "version"); 131 CompilerUtils.compile(source, classes); 132 133 classes = Paths.get(USR_DIR, "classes", "v9"); 134 source = Paths.get(TEST_SRC, jarContent_path , "v9", "version"); 135 CompilerUtils.compile(source, classes); 136 137 classes = Paths.get(USR_DIR, "classes", "v10"); 138 source = Paths.get(TEST_SRC, jarContent_path, "v10", "version"); 139 CompilerUtils.compile(source, classes); 140 } 141 142 private static OutputAnalyzer jar(String...args) throws Throwable { 143 JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("jar"); 144 Stream.of(args).forEach(launcher::addToolArg); 145 return ProcessTools.executeCommand(launcher.getCommand()); 146 } 147 148 private static void genKey() throws Throwable { 149 String keytool = JDKToolFinder.getJDKTool("keytool"); 150 Files.deleteIfExists(Paths.get(KEYSTORE)); 151 ProcessTools.executeCommand(keytool, 152 "-J-Duser.language=en", 153 "-J-Duser.country=US", 154 "-genkey", 155 "-alias", ALIAS, 156 "-keystore", KEYSTORE, 157 "-keypass", KEYPASS, 158 "-dname", "cn=sample", 159 "-storepass", STOREPASS 160 ).shouldHaveExitValue(0); 161 } 162 163 private static OutputAnalyzer signJar(String jarName) throws Throwable { 164 List<String> args = new ArrayList<>(); 165 args.add("-verbose"); 166 args.add("-signedjar"); 167 args.add(SIGNED_JAR); 168 args.add(jarName); 169 args.add(ALIAS); 170 171 return jarsigner(args); 172 } 173 174 private static void verify(String signedJarName) throws Throwable { 175 verifyJar(signedJarName) 176 .shouldHaveExitValue(0) 177 .shouldContain("jar verified") 178 .shouldMatch("smk.*META-INF/versions/9/version/Version.class") 179 .shouldMatch("smk.*META-INF/versions/10/version/Version.class") 180 .shouldMatch("smk.*version/Main.class") 181 .shouldMatch("smk.*version/Version.class"); 182 } 183 184 private static OutputAnalyzer verifyJar(String signedJarName) throws Throwable { 185 List<String> args = new ArrayList<>(); 186 args.add("-verbose"); 187 args.add("-verify"); 188 args.add(signedJarName); 189 190 return jarsigner(args); 191 } 192 193 private static OutputAnalyzer jarsigner(List<String> extra) 194 throws Throwable { 195 JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("jarsigner") 196 .addVMArg("-Duser.language=en") 197 .addVMArg("-Duser.country=US") 198 .addToolArg("-keystore") 199 .addToolArg(KEYSTORE) 200 .addToolArg("-storepass") 201 .addToolArg(STOREPASS) 202 .addToolArg("-keypass") 203 .addToolArg(KEYPASS); 204 for (String s : extra) { 205 if (s.startsWith("-J")) { 206 launcher.addVMArg(s.substring(2)); 207 } else { 208 launcher.addToolArg(s); 209 } 210 } 211 return ProcessTools.executeCommand(launcher.getCommand()); 212 } 213 214 private static void signWithJarSignerAPI(String jarName) 215 throws Throwable { 216 // Get JarSigner 217 try (FileInputStream fis = new FileInputStream(KEYSTORE)) { 218 KeyStore ks = KeyStore.getInstance("JKS"); 219 ks.load(fis, STOREPASS.toCharArray()); 220 PrivateKey pk = (PrivateKey)ks.getKey(ALIAS, KEYPASS.toCharArray()); 221 Certificate cert = ks.getCertificate(ALIAS); 222 JarSigner signer = new JarSigner.Builder(pk, 223 CertificateFactory.getInstance("X.509").generateCertPath( 224 Collections.singletonList(cert))) 225 .build(); 226 // Sign jar 227 try (ZipFile src = new JarFile(jarName); 228 FileOutputStream out = new FileOutputStream(SIGNED_JAR)) { 229 signer.sign(src,out); 230 } 231 } 232 } 233 234 } 235 236