1 /*
2 * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 8047305 8075618
27 * @summary Tests jarsigner tool and JarSigner API work with multi-release JAR files.
28 * @library /test/lib
29 * @build jdk.test.lib.compiler.CompilerUtils
30 * jdk.test.lib.Utils
31 * jdk.test.lib.Asserts
32 * jdk.test.lib.JDKToolFinder
33 * jdk.test.lib.JDKToolLauncher
34 * jdk.test.lib.Platform
35 * jdk.test.lib.process.*
36 * @run main MVJarSigningTest
37 */
38
39 import jdk.security.jarsigner.JarSigner;
40
41 import java.io.BufferedReader;
42 import java.io.File;
43 import java.io.FileInputStream;
44 import java.io.FileOutputStream;
45 import java.io.IOException;
46 import java.io.InputStreamReader;
47 import java.nio.file.Files;
48 import java.nio.file.Path;
49 import java.nio.file.Paths;
50 import java.security.KeyStore;
51 import java.security.PrivateKey;
52 import java.security.cert.Certificate;
53 import java.security.cert.CertificateFactory;
54 import java.util.ArrayList;
55 import java.util.Arrays;
56 import java.util.Collections;
57 import java.util.List;
58 import java.util.concurrent.TimeUnit;
59 import java.util.jar.JarFile;
60 import java.util.stream.Stream;
61 import java.util.zip.ZipEntry;
62 import java.util.zip.ZipFile;
63 import java.util.zip.ZipOutputStream;
64
65 import jdk.test.lib.JDKToolFinder;
66 import jdk.test.lib.JDKToolLauncher;
67 import jdk.test.lib.Utils;
68 import jdk.test.lib.compiler.CompilerUtils;
69 import jdk.test.lib.process.OutputAnalyzer;
70 import jdk.test.lib.process.ProcessTools;
71
72
73 public class MVJarSigningTest {
74
75 private static final String TEST_SRC = System.getProperty("test.src", ".");
76 private static final String USR_DIR = System.getProperty("user.dir", ".");
77 private static final String JAR_NAME = "MV.jar";
78 private static final String KEYSTORE = "keystore.jks";
79 private static final String ALIAS = "JavaTest";
80 private static final String STOREPASS = "changeit";
81 private static final String KEYPASS = "changeit";
82 private static final String SIGNED_JAR = "Signed.jar";
83 private static final String POLICY_FILE = "SignedJar.policy";
84 private static final String VERSION = "" + Runtime.version().major();
85 private static final String VERSION_MESSAGE = "I am running on version " + VERSION;
86
87 public static void main(String[] args) throws Throwable {
88 // compile java files in jarContent directory
89 compile("jarContent");
90
91 // create multi-release jar
92 Path classes = Paths.get("classes");
93 jar("cf", JAR_NAME, "-C", classes.resolve("base").toString(), ".",
94 "--release", "9", "-C", classes.resolve("v9").toString(), ".",
95 "--release", "10", "-C", classes.resolve("v10").toString(), ".")
96 .shouldHaveExitValue(0);
97
98 genKey();
99 signJar(JAR_NAME)
100 .shouldHaveExitValue(0)
101 .shouldMatch("signing.*META-INF/versions/9/version/Version.class")
102 .shouldMatch("signing.*META-INF/versions/10/version/Version.class")
103 .shouldMatch("signing.*version/Main.class")
104 .shouldMatch("signing.*version/Version.class");
105 verify(SIGNED_JAR);
106
107 // test with JarSigner API
108 Files.deleteIfExists(Paths.get(SIGNED_JAR));
109 signWithJarSignerAPI(JAR_NAME);
110 verify(SIGNED_JAR);
111
112 // test Permission granted
113 File keypass = new File("keypass");
114 try (FileOutputStream fos = new FileOutputStream(keypass)) {
115 fos.write(KEYPASS.getBytes());
116 }
117 String[] cmd = {
118 "-classpath", SIGNED_JAR,
119 "-Djava.security.manager",
120 "-Djava.security.policy=" +
121 TEST_SRC + File.separator + POLICY_FILE,
122 "version.Main"};
123 ProcessTools.executeTestJvm(cmd)
124 .shouldHaveExitValue(0)
125 .shouldContain(VERSION_MESSAGE);
126 }
127
128 private static void compile (String jarContent_path) throws Throwable {
129 Path classes = Paths.get(USR_DIR, "classes", "base");
130 Path source = Paths.get(TEST_SRC, jarContent_path, "base", "version");
131 CompilerUtils.compile(source, classes);
132
133 classes = Paths.get(USR_DIR, "classes", "v9");
134 source = Paths.get(TEST_SRC, jarContent_path , "v9", "version");
135 CompilerUtils.compile(source, classes);
136
137 classes = Paths.get(USR_DIR, "classes", "v10");
138 source = Paths.get(TEST_SRC, jarContent_path, "v10", "version");
139 CompilerUtils.compile(source, classes);
140 }
141
142 private static OutputAnalyzer jar(String...args) throws Throwable {
143 JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("jar");
144 Stream.of(args).forEach(launcher::addToolArg);
145 return ProcessTools.executeCommand(launcher.getCommand());
146 }
147
148 private static void genKey() throws Throwable {
149 String keytool = JDKToolFinder.getJDKTool("keytool");
150 Files.deleteIfExists(Paths.get(KEYSTORE));
151 ProcessTools.executeCommand(keytool,
152 "-J-Duser.language=en",
153 "-J-Duser.country=US",
154 "-genkey",
155 "-alias", ALIAS,
156 "-keystore", KEYSTORE,
157 "-keypass", KEYPASS,
158 "-dname", "cn=sample",
159 "-storepass", STOREPASS
160 ).shouldHaveExitValue(0);
161 }
162
163 private static OutputAnalyzer signJar(String jarName) throws Throwable {
164 List<String> args = new ArrayList<>();
165 args.add("-verbose");
166 args.add("-signedjar");
167 args.add(SIGNED_JAR);
168 args.add(jarName);
169 args.add(ALIAS);
170
171 return jarsigner(args);
172 }
173
174 private static void verify(String signedJarName) throws Throwable {
175 verifyJar(signedJarName)
176 .shouldHaveExitValue(0)
177 .shouldContain("jar verified")
178 .shouldMatch("smk.*META-INF/versions/9/version/Version.class")
179 .shouldMatch("smk.*META-INF/versions/10/version/Version.class")
180 .shouldMatch("smk.*version/Main.class")
181 .shouldMatch("smk.*version/Version.class");
182 }
183
184 private static OutputAnalyzer verifyJar(String signedJarName) throws Throwable {
185 List<String> args = new ArrayList<>();
186 args.add("-verbose");
187 args.add("-verify");
188 args.add(signedJarName);
189
190 return jarsigner(args);
191 }
192
193 private static OutputAnalyzer jarsigner(List<String> extra)
194 throws Throwable {
195 JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("jarsigner")
196 .addVMArg("-Duser.language=en")
197 .addVMArg("-Duser.country=US")
198 .addToolArg("-keystore")
199 .addToolArg(KEYSTORE)
200 .addToolArg("-storepass")
201 .addToolArg(STOREPASS)
202 .addToolArg("-keypass")
203 .addToolArg(KEYPASS);
204 for (String s : extra) {
205 if (s.startsWith("-J")) {
206 launcher.addVMArg(s.substring(2));
207 } else {
208 launcher.addToolArg(s);
209 }
210 }
211 return ProcessTools.executeCommand(launcher.getCommand());
212 }
213
214 private static void signWithJarSignerAPI(String jarName)
215 throws Throwable {
216 // Get JarSigner
217 try (FileInputStream fis = new FileInputStream(KEYSTORE)) {
218 KeyStore ks = KeyStore.getInstance("JKS");
219 ks.load(fis, STOREPASS.toCharArray());
220 PrivateKey pk = (PrivateKey)ks.getKey(ALIAS, KEYPASS.toCharArray());
221 Certificate cert = ks.getCertificate(ALIAS);
222 JarSigner signer = new JarSigner.Builder(pk,
223 CertificateFactory.getInstance("X.509").generateCertPath(
224 Collections.singletonList(cert)))
225 .build();
226 // Sign jar
227 try (ZipFile src = new JarFile(jarName);
228 FileOutputStream out = new FileOutputStream(SIGNED_JAR)) {
229 signer.sign(src,out);
230 }
231 }
232 }
233
234 }
235
236