1 /*
   2  * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /*
  25  * @test
  26  * @bug 8132734
  27  * @summary Test potential security related issues
  28  * @library /lib/testlibrary/java/util/jar
  29  * @build Compiler JarBuilder CreateMultiReleaseTestJars
  30  * @run testng MultiReleaseJarSecurity
  31  */
  32 
  33 import java.io.File;
  34 import java.io.IOException;
  35 import java.io.InputStream;
  36 import java.nio.file.Files;
  37 import java.security.CodeSigner;
  38 import java.security.cert.Certificate;
  39 import java.util.Arrays;
  40 import java.util.jar.JarEntry;
  41 import java.util.jar.JarFile;
  42 
  43 import org.testng.Assert;
  44 import org.testng.annotations.AfterClass;
  45 import org.testng.annotations.BeforeClass;
  46 import org.testng.annotations.Test;
  47 
  48 public class MultiReleaseJarSecurity {
  49     String userdir = System.getProperty("user.dir",".");
  50     File multirelease = new File(userdir, "multi-release.jar");
  51     File signedmultirelease = new File(userdir, "signed-multi-release.jar");
  52 
  53     @BeforeClass
  54     public void initialize() throws Exception {
  55         CreateMultiReleaseTestJars creator =  new CreateMultiReleaseTestJars();
  56         creator.compileEntries();
  57         creator.buildMultiReleaseJar();
  58         creator.buildSignedMultiReleaseJar();
  59     }
  60 
  61     @AfterClass
  62     public void close() throws IOException {
  63         Files.delete(multirelease.toPath());
  64         Files.delete(signedmultirelease.toPath());
  65     }
  66 
  67     @Test
  68     public void testCertsAndSigners() throws IOException {
  69         try (JarFile jf = new JarFile(signedmultirelease, true).setRuntimeVersioned()) {
  70             int version = jf.getVersioned();
  71             CertsAndSigners vcas = new CertsAndSigners(jf, jf.getJarEntry("version/Version.class"));
  72             CertsAndSigners rcas = new CertsAndSigners(jf, jf.getJarEntry("META-INF/versions/" + version + "/version/Version.class"));
  73             Assert.assertTrue(Arrays.equals(rcas.getCertificates(), vcas.getCertificates()));
  74             Assert.assertTrue(Arrays.equals(rcas.getCodeSigners(), vcas.getCodeSigners()));
  75         }
  76     }
  77 
  78     private static class CertsAndSigners {
  79         final private JarFile jf;
  80         final private JarEntry je;
  81         private boolean readComplete;
  82 
  83         CertsAndSigners(JarFile jf, JarEntry je) {
  84             this.jf = jf;
  85             this.je = je;
  86         }
  87 
  88         Certificate[] getCertificates() throws IOException {
  89             readEntry();
  90             return je.getCertificates();
  91         }
  92 
  93         CodeSigner[] getCodeSigners() throws IOException {
  94             readEntry();
  95             return je.getCodeSigners();
  96         }
  97 
  98         private void readEntry() throws IOException {
  99             if (!readComplete) {
 100                 try (InputStream is = jf.getInputStream(je)) {
 101                     is.readAllBytes();
 102                 }
 103                 readComplete = true;
 104             }
 105         }
 106     }
 107 }