29265
|
1 |
/*
|
59104
|
2 |
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
|
29265
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
4 |
*
|
|
5 |
* This code is free software; you can redistribute it and/or modify it
|
|
6 |
* under the terms of the GNU General Public License version 2 only, as
|
|
7 |
* published by the Free Software Foundation.
|
|
8 |
*
|
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
13 |
* accompanied this code).
|
|
14 |
*
|
|
15 |
* You should have received a copy of the GNU General Public License version
|
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
18 |
*
|
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
20 |
* or visit www.oracle.com if you need additional information or have any
|
|
21 |
* questions.
|
|
22 |
*/
|
|
23 |
|
|
24 |
import java.io.File;
|
|
25 |
import java.nio.file.Files;
|
|
26 |
import java.nio.file.Paths;
|
|
27 |
import java.security.AccessControlException;
|
|
28 |
import java.security.AccessController;
|
|
29 |
import java.security.Permission;
|
|
30 |
import java.security.PrivilegedAction;
|
51675
|
31 |
import jdk.test.lib.process.ProcessTools;
|
29265
|
32 |
|
|
33 |
/**
|
|
34 |
* @test
|
|
35 |
* @bug 8048360
|
|
36 |
* @summary test policy entry with signedBy alias
|
51675
|
37 |
* @library /test/lib
|
29265
|
38 |
* @run main/othervm SignedJarTest
|
|
39 |
*/
|
|
40 |
public class SignedJarTest {
|
|
41 |
|
|
42 |
private static final String FS = File.separator;
|
|
43 |
private static final String JAVA_HOME = System.getProperty("test.jdk");
|
|
44 |
private static final String TESTCLASSES = System.getProperty("test.classes", "");
|
|
45 |
private static final String TESTSRC = System.getProperty("test.src", "");
|
|
46 |
private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS + "keytool";
|
|
47 |
private static final String JAR = JAVA_HOME + FS + "bin" + FS + "jar";
|
|
48 |
private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS + "jarsigner";
|
|
49 |
private static final String PASSWORD = "password";
|
|
50 |
private static final String PWDFILE = "keypass";
|
|
51 |
private static final String POLICY1 = "SignedJarTest_1.policy";
|
|
52 |
private static final String POLICY2 = "SignedJarTest_2.policy";
|
|
53 |
private static final String KEYSTORE1 = "both.jks";
|
|
54 |
private static final String KEYSTORE2 = "first.jks";
|
|
55 |
|
|
56 |
public static void main(String args[]) throws Throwable {
|
|
57 |
//copy PrivilegeTest.class, policy files and keystore password file into current direcotry
|
|
58 |
Files.copy(Paths.get(TESTCLASSES, "PrivilegeTest.class"), Paths.get("PrivilegeTest.class"));
|
|
59 |
Files.copy(Paths.get(TESTSRC, POLICY1), Paths.get(POLICY1));
|
|
60 |
Files.copy(Paths.get(TESTSRC, POLICY2), Paths.get(POLICY2));
|
|
61 |
Files.copy(Paths.get(TESTSRC, PWDFILE), Paths.get(PWDFILE));
|
|
62 |
|
|
63 |
//create Jar file
|
|
64 |
ProcessTools.executeCommand(JAR, "-cvf", "test.jar", "PrivilegeTest.class");
|
|
65 |
|
|
66 |
//Creating first key , keystore both.jks
|
|
67 |
ProcessTools.executeCommand(KEYTOOL,
|
|
68 |
"-genkey",
|
59104
|
69 |
"-keyalg", "DSA",
|
29265
|
70 |
"-alias", "first",
|
|
71 |
"-keystore", KEYSTORE1,
|
|
72 |
"-keypass", PASSWORD,
|
|
73 |
"-dname", "cn=First",
|
|
74 |
"-storepass", PASSWORD
|
|
75 |
).shouldHaveExitValue(0);
|
|
76 |
|
|
77 |
//Creating Second key, keystore both.jks
|
|
78 |
ProcessTools.executeCommand(KEYTOOL,
|
|
79 |
"-genkey",
|
59104
|
80 |
"-keyalg", "DSA",
|
29265
|
81 |
// "-storetype","JKS",
|
|
82 |
"-alias", "second",
|
|
83 |
"-keystore", KEYSTORE1,
|
|
84 |
"-keypass", PASSWORD,
|
|
85 |
"-dname", "cn=Second",
|
|
86 |
"-storepass", PASSWORD
|
|
87 |
).shouldHaveExitValue(0);
|
|
88 |
|
|
89 |
//copy both.jks to first.jks, remove second Keypair from first.jks
|
|
90 |
Files.copy(Paths.get(KEYSTORE1), Paths.get(KEYSTORE2));
|
|
91 |
ProcessTools.executeCommand(KEYTOOL,
|
|
92 |
"-delete",
|
|
93 |
"-keystore", KEYSTORE2,
|
|
94 |
"-alias", "second",
|
|
95 |
"-storepass", PASSWORD
|
|
96 |
).shouldHaveExitValue(0);
|
|
97 |
|
|
98 |
//sign jar with first key, first.jar is only signed by first signer
|
|
99 |
ProcessTools.executeCommand(JARSIGNER,
|
|
100 |
"-keystore", KEYSTORE1,
|
|
101 |
"-storepass", PASSWORD,
|
|
102 |
"-keypass", PASSWORD,
|
|
103 |
"-signedjar", "first.jar", "test.jar",
|
|
104 |
"first").shouldHaveExitValue(0);
|
|
105 |
|
|
106 |
//sign jar with second key, both.jar is signed by first and second signer
|
|
107 |
ProcessTools.executeCommand(JARSIGNER,
|
|
108 |
"-keystore", KEYSTORE1,
|
|
109 |
"-storepass", PASSWORD,
|
|
110 |
"-keypass", PASSWORD,
|
|
111 |
"-signedjar", "both.jar", "first.jar",
|
|
112 |
"second").shouldHaveExitValue(0);
|
|
113 |
|
|
114 |
//test case 1
|
|
115 |
//setIO permission granted to code that was signed by first signer
|
|
116 |
//setFactory permission granted to code that was signed by second signer
|
|
117 |
//Keystore that contains both first and second keypairs
|
|
118 |
//code was singed by first signer
|
|
119 |
//Expect AccessControlException for setFactory permission
|
|
120 |
System.out.println("Test Case 1");
|
|
121 |
//copy policy file into current directory
|
|
122 |
String[] cmd = constructCMD("first.jar", POLICY1, "false", "true");
|
|
123 |
ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
|
|
124 |
|
|
125 |
//test case 2, test with both.jar
|
|
126 |
//setIO permission granted to code that was signed by first signer
|
|
127 |
//setFactory permission granted to code that was signed by second signer
|
|
128 |
//Keystore that contains both first and second keypairs
|
|
129 |
//code was singed by first signer and second signer
|
|
130 |
//Expect no AccessControlException
|
|
131 |
System.out.println("Test Case 2");
|
|
132 |
cmd = constructCMD("both.jar", POLICY1, "false", "false");
|
|
133 |
ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
|
|
134 |
|
|
135 |
//test case 3
|
|
136 |
//setIO permission granted to code that was signed by first signer
|
|
137 |
//setFactory permission granted to code that was signed by second signer
|
|
138 |
//Keystore that contains only first keypairs
|
|
139 |
//code was singed by first signer and second signer
|
|
140 |
//Expect AccessControlException for setFactory permission
|
|
141 |
System.out.println("Test Case 3");
|
|
142 |
cmd = constructCMD("both.jar", POLICY2, "false", "true");
|
|
143 |
ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
|
|
144 |
|
|
145 |
}
|
|
146 |
|
|
147 |
private static String[] constructCMD(String classpath, String policy, String arg1, String arg2) {
|
|
148 |
String[] cmd = {
|
|
149 |
"-classpath", classpath,
|
|
150 |
"-Djava.security.manager",
|
|
151 |
"-Djava.security.policy=" + policy,
|
|
152 |
"PrivilegeTest",
|
|
153 |
arg1, arg2};
|
|
154 |
return cmd;
|
|
155 |
}
|
|
156 |
}
|
|
157 |
|
|
158 |
class PrivilegeTest {
|
|
159 |
|
|
160 |
private static final Permission PERM1 = new RuntimePermission("setIO");
|
|
161 |
private static final Permission PERM2 = new RuntimePermission("setFactory");
|
|
162 |
|
|
163 |
public static void main(String args[]) {
|
|
164 |
boolean expectException1 = Boolean.parseBoolean(args[0]);
|
|
165 |
boolean expectException2 = Boolean.parseBoolean(args[1]);
|
|
166 |
test(PERM1, expectException1);
|
|
167 |
test(PERM2, expectException2);
|
|
168 |
}
|
|
169 |
|
|
170 |
public static void test(Permission perm, boolean expectException) {
|
|
171 |
boolean getException = (Boolean) AccessController.doPrivileged((PrivilegedAction) () -> {
|
|
172 |
try {
|
|
173 |
AccessController.checkPermission(perm);
|
|
174 |
return (Boolean) false;
|
|
175 |
} catch (AccessControlException ex) {
|
|
176 |
return (Boolean) true;
|
|
177 |
}
|
|
178 |
});
|
|
179 |
|
|
180 |
if (expectException ^ getException) {
|
|
181 |
String message = "Check Permission :" + perm + "\n ExpectException = "
|
|
182 |
+ expectException + "\n getException = " + getException;
|
|
183 |
throw new RuntimeException(message);
|
|
184 |
}
|
|
185 |
|
|
186 |
}
|
|
187 |
|
|
188 |
}
|