1 /*
   2  * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /**
  25  * @test
  26  * @bug 8056174
  27  * @summary Make sure the jarsigner tool still works after it's modified to
  28  *          be based on JarSigner API
  29  * @library /test/lib
  30  * @modules java.base/sun.security.tools.keytool
  31  *          jdk.jartool/sun.security.tools.jarsigner
  32  *          java.base/sun.security.pkcs
  33  *          java.base/sun.security.x509
  34  * @build jdk.test.lib.util.JarUtils
  35  * @run main Options
  36  */
  37 
  38 import com.sun.jarsigner.ContentSigner;
  39 import com.sun.jarsigner.ContentSignerParameters;
  40 import jdk.test.lib.util.JarUtils;
  41 import sun.security.pkcs.PKCS7;
  42 
  43 import java.io.ByteArrayInputStream;
  44 import java.io.IOException;
  45 import java.io.InputStream;
  46 import java.nio.file.Files;
  47 import java.nio.file.Paths;
  48 import java.security.NoSuchAlgorithmException;
  49 import java.security.cert.CertificateException;
  50 import java.util.*;
  51 import java.util.jar.Attributes;
  52 import java.util.jar.JarEntry;
  53 import java.util.jar.JarFile;
  54 import java.util.jar.Manifest;
  55 
  56 public class Options {
  57 
  58     public static void main(String[] args) throws Exception {
  59 
  60         // Prepares raw file
  61         Files.write(Paths.get("a"), "a".getBytes());
  62 
  63         // Pack
  64         JarUtils.createJar("a.jar", "a");
  65 
  66         // Prepare a keystore
  67         sun.security.tools.keytool.Main.main(
  68                 ("-keystore jks -storepass changeit -keypass changeit -dname" +
  69                         " CN=A -alias a -genkeypair -keyalg rsa").split(" "));
  70 
  71         // -altsign
  72         sun.security.tools.jarsigner.Main.main(
  73                 ("-debug -signedjar altsign.jar -keystore jks -storepass changeit" +
  74                         " -altsigner Options$X a.jar a").split(" "));
  75 
  76         try (JarFile jf = new JarFile("altsign.jar")) {
  77             JarEntry je = jf.getJarEntry("META-INF/A.RSA");
  78             try (InputStream is = jf.getInputStream(je)) {
  79                 if (!Arrays.equals(is.readAllBytes(), "1234".getBytes())) {
  80                     throw new Exception("altsign go wrong");
  81                 }
  82             }
  83         }
  84 
  85         // -sigfile, -digestalg, -sigalg, -internalsf, -sectionsonly
  86         sun.security.tools.jarsigner.Main.main(
  87                 ("-debug -signedjar new.jar -keystore jks -storepass changeit" +
  88                 " -sigfile olala -digestalg SHA1 -sigalg SHA224withRSA" +
  89                 " -internalsf -sectionsonly a.jar a").split(" "));
  90 
  91         try (JarFile jf = new JarFile("new.jar")) {
  92             JarEntry je = jf.getJarEntry("META-INF/OLALA.SF");
  93             Objects.requireNonNull(je);     // check -sigfile
  94             byte[] sf = null;               // content of .SF
  95             try (InputStream is = jf.getInputStream(je)) {
  96                 sf = is.readAllBytes();     // save for later comparison
  97                 Attributes attrs = new Manifest(new ByteArrayInputStream(sf))
  98                         .getMainAttributes();
  99                 // check -digestalg
 100                 if (!attrs.containsKey(new Attributes.Name(
 101                         "SHA1-Digest-Manifest-Main-Attributes"))) {
 102                     throw new Exception("digestalg incorrect");
 103                 }
 104                 // check -sectionsonly
 105                 if (attrs.containsKey(new Attributes.Name(
 106                         "SHA1-Digest-Manifest"))) {
 107                     throw new Exception("SF should not have file digest");
 108                 }
 109             }
 110 
 111             je = jf.getJarEntry("META-INF/OLALA.RSA");
 112             try (InputStream is = jf.getInputStream(je)) {
 113                 PKCS7 p7 = new PKCS7(is.readAllBytes());
 114                 String alg = p7.getSignerInfos()[0]
 115                         .getDigestAlgorithmId().getName();
 116                 if (!alg.equals("SHA-224")) {   // check -sigalg
 117                     throw new Exception("PKCS7 signing is using " + alg);
 118                 }
 119                 // check -internalsf
 120                 if (!Arrays.equals(sf, p7.getContentInfo().getData())) {
 121                     throw new Exception("SF not in RSA");
 122                 }
 123             }
 124 
 125         }
 126 
 127         // TSA-related ones are checked in ts.sh
 128     }
 129 
 130     public static class X extends ContentSigner {
 131         @Override
 132         public byte[] generateSignedData(ContentSignerParameters parameters,
 133                 boolean omitContent, boolean applyTimestamp)
 134                 throws NoSuchAlgorithmException, CertificateException,
 135                         IOException {
 136             return "1234".getBytes();
 137         }
 138     }
 139 }