1 /*
   2  * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 import jdk.testlibrary.OutputAnalyzer;
  25 import jdk.test.lib.util.JarUtils;
  26 
  27 /**
  28  * @test
  29  * @bug 8024302 8026037
  30  * @summary Test for notSignedByAlias warning
  31  * @library /lib/testlibrary /test/lib ../
  32  * @build jdk.test.lib.util.JarUtils
  33  * @run main NotSignedByAliasTest
  34  */
  35 public class NotSignedByAliasTest extends Test {
  36 
  37     /**
  38      * The test signs and verifies a jar that contains signed entries
  39      * which are not signed by the specified alias(es) (notSignedByAlias).
  40      * Warning message is expected.
  41      */
  42     public static void main(String[] args) throws Throwable {
  43         NotSignedByAliasTest test = new NotSignedByAliasTest();
  44         test.start();
  45     }
  46 
  47     protected void start() throws Throwable {
  48         // create a jar file that contains one class file
  49         Utils.createFiles(FIRST_FILE);
  50         JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
  51 
  52         // create first key pair for signing
  53         keytool(
  54                 "-genkey",
  55                 "-alias", FIRST_KEY_ALIAS,
  56                 "-keyalg", KEY_ALG,
  57                 "-keysize", Integer.toString(KEY_SIZE),
  58                 "-keystore", KEYSTORE,
  59                 "-storepass", PASSWORD,
  60                 "-keypass", PASSWORD,
  61                 "-dname", "CN=First",
  62                 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
  63 
  64         // create first key pair for signing
  65         keytool(
  66                 "-genkey",
  67                 "-alias", SECOND_KEY_ALIAS,
  68                 "-keyalg", KEY_ALG,
  69                 "-keysize", Integer.toString(KEY_SIZE),
  70                 "-keystore", KEYSTORE,
  71                 "-storepass", PASSWORD,
  72                 "-keypass", PASSWORD,
  73                 "-dname", "CN=Second",
  74                 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
  75 
  76         // sign jar with first key
  77         OutputAnalyzer analyzer = jarsigner(
  78                 "-keystore", KEYSTORE,
  79                 "-storepass", PASSWORD,
  80                 "-keypass", PASSWORD,
  81                 "-signedjar", SIGNED_JARFILE,
  82                 UNSIGNED_JARFILE,
  83                 FIRST_KEY_ALIAS);
  84 
  85         checkSigning(analyzer);
  86 
  87         // verify jar with second key
  88         analyzer = jarsigner(
  89                 "-verify",
  90                 "-keystore", KEYSTORE,
  91                 "-storepass", PASSWORD,
  92                 "-keypass", PASSWORD,
  93                 SIGNED_JARFILE,
  94                 SECOND_KEY_ALIAS);
  95 
  96         checkVerifying(analyzer, 0, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
  97 
  98         // verify jar with second key in strict mode
  99         analyzer = jarsigner(
 100                 "-verify",
 101                 "-strict",
 102                 "-keystore", KEYSTORE,
 103                 "-storepass", PASSWORD,
 104                 "-keypass", PASSWORD,
 105                 SIGNED_JARFILE,
 106                 SECOND_KEY_ALIAS);
 107 
 108         checkVerifying(analyzer, NOT_SIGNED_BY_ALIAS_EXIT_CODE,
 109                 NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
 110 
 111         // verify jar with non-existing alias
 112         analyzer = jarsigner(
 113                 "-verify",
 114                 "-keystore", KEYSTORE,
 115                 "-storepass", PASSWORD,
 116                 "-keypass", PASSWORD,
 117                 SIGNED_JARFILE,
 118                 "bogus");
 119 
 120         checkVerifying(analyzer, 0, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
 121 
 122         // verify jar with non-existing alias in strict mode
 123         analyzer = jarsigner(
 124                 "-verify",
 125                 "-strict",
 126                 "-keystore", KEYSTORE,
 127                 "-storepass", PASSWORD,
 128                 "-keypass", PASSWORD,
 129                 SIGNED_JARFILE,
 130                 "bogus");
 131 
 132         checkVerifying(analyzer, NOT_SIGNED_BY_ALIAS_EXIT_CODE,
 133                 NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
 134 
 135         System.out.println("Test passed");
 136     }
 137 
 138 }