jdk-sandbox: test/jdk/java/security/Policy/SignedJar/SignedJarTest.java@046e4024e55a (annotated)

29265 4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	1	/*
59104 046e4024e55a 8214024: Remove the default keytool -keyalg value weijun parents: 51675 diff changeset	2	* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
29265 4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	4	*
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	7	* published by the Free Software Foundation.
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	8	*
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	9	* This code is distributed in the hope that it will be useful, but WITHOUT
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	10	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	11	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	12	* version 2 for more details (a copy is included in the LICENSE file that
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	13	* accompanied this code).
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	14	*
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	15	* You should have received a copy of the GNU General Public License version
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	16	* 2 along with this work; if not, write to the Free Software Foundation,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	17	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	18	*
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	19	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	20	* or visit www.oracle.com if you need additional information or have any
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	21	* questions.
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	22	*/
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	23
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	24	import java.io.File;
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	25	import java.nio.file.Files;
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	26	import java.nio.file.Paths;
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	27	import java.security.AccessControlException;
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	28	import java.security.AccessController;
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	29	import java.security.Permission;
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	30	import java.security.PrivilegedAction;
51675 b487c1e914d0 8210112: remove jdk.testlibrary.ProcessTools iignatyev parents: 47216 diff changeset	31	import jdk.test.lib.process.ProcessTools;
29265 4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	32
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	33	/**
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	34	* @test
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	35	* @bug 8048360
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	36	* @summary test policy entry with signedBy alias
51675 b487c1e914d0 8210112: remove jdk.testlibrary.ProcessTools iignatyev parents: 47216 diff changeset	37	* @library /test/lib
29265 4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	38	* @run main/othervm SignedJarTest
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	39	*/
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	40	public class SignedJarTest {
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	41
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	42	private static final String FS = File.separator;
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	43	private static final String JAVA_HOME = System.getProperty("test.jdk");
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	44	private static final String TESTCLASSES = System.getProperty("test.classes", "");
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	45	private static final String TESTSRC = System.getProperty("test.src", "");
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	46	private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS + "keytool";
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	47	private static final String JAR = JAVA_HOME + FS + "bin" + FS + "jar";
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	48	private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS + "jarsigner";
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	49	private static final String PASSWORD = "password";
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	50	private static final String PWDFILE = "keypass";
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	51	private static final String POLICY1 = "SignedJarTest_1.policy";
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	52	private static final String POLICY2 = "SignedJarTest_2.policy";
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	53	private static final String KEYSTORE1 = "both.jks";
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	54	private static final String KEYSTORE2 = "first.jks";
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	55
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	56	public static void main(String args[]) throws Throwable {
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	57	//copy PrivilegeTest.class, policy files and keystore password file into current direcotry
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	58	Files.copy(Paths.get(TESTCLASSES, "PrivilegeTest.class"), Paths.get("PrivilegeTest.class"));
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	59	Files.copy(Paths.get(TESTSRC, POLICY1), Paths.get(POLICY1));
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	60	Files.copy(Paths.get(TESTSRC, POLICY2), Paths.get(POLICY2));
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	61	Files.copy(Paths.get(TESTSRC, PWDFILE), Paths.get(PWDFILE));
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	62
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	63	//create Jar file
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	64	ProcessTools.executeCommand(JAR, "-cvf", "test.jar", "PrivilegeTest.class");
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	65
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	66	//Creating first key , keystore both.jks
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	67	ProcessTools.executeCommand(KEYTOOL,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	68	"-genkey",
59104 046e4024e55a 8214024: Remove the default keytool -keyalg value weijun parents: 51675 diff changeset	69	"-keyalg", "DSA",
29265 4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	70	"-alias", "first",
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	71	"-keystore", KEYSTORE1,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	72	"-keypass", PASSWORD,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	73	"-dname", "cn=First",
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	74	"-storepass", PASSWORD
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	75	).shouldHaveExitValue(0);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	76
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	77	//Creating Second key, keystore both.jks
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	78	ProcessTools.executeCommand(KEYTOOL,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	79	"-genkey",
59104 046e4024e55a 8214024: Remove the default keytool -keyalg value weijun parents: 51675 diff changeset	80	"-keyalg", "DSA",
29265 4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	81	// "-storetype","JKS",
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	82	"-alias", "second",
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	83	"-keystore", KEYSTORE1,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	84	"-keypass", PASSWORD,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	85	"-dname", "cn=Second",
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	86	"-storepass", PASSWORD
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	87	).shouldHaveExitValue(0);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	88
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	89	//copy both.jks to first.jks, remove second Keypair from first.jks
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	90	Files.copy(Paths.get(KEYSTORE1), Paths.get(KEYSTORE2));
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	91	ProcessTools.executeCommand(KEYTOOL,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	92	"-delete",
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	93	"-keystore", KEYSTORE2,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	94	"-alias", "second",
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	95	"-storepass", PASSWORD
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	96	).shouldHaveExitValue(0);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	97
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	98	//sign jar with first key, first.jar is only signed by first signer
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	99	ProcessTools.executeCommand(JARSIGNER,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	100	"-keystore", KEYSTORE1,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	101	"-storepass", PASSWORD,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	102	"-keypass", PASSWORD,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	103	"-signedjar", "first.jar", "test.jar",
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	104	"first").shouldHaveExitValue(0);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	105
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	106	//sign jar with second key, both.jar is signed by first and second signer
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	107	ProcessTools.executeCommand(JARSIGNER,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	108	"-keystore", KEYSTORE1,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	109	"-storepass", PASSWORD,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	110	"-keypass", PASSWORD,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	111	"-signedjar", "both.jar", "first.jar",
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	112	"second").shouldHaveExitValue(0);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	113
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	114	//test case 1
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	115	//setIO permission granted to code that was signed by first signer
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	116	//setFactory permission granted to code that was signed by second signer
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	117	//Keystore that contains both first and second keypairs
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	118	//code was singed by first signer
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	119	//Expect AccessControlException for setFactory permission
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	120	System.out.println("Test Case 1");
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	121	//copy policy file into current directory
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	122	String[] cmd = constructCMD("first.jar", POLICY1, "false", "true");
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	123	ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	124
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	125	//test case 2, test with both.jar
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	126	//setIO permission granted to code that was signed by first signer
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	127	//setFactory permission granted to code that was signed by second signer
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	128	//Keystore that contains both first and second keypairs
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	129	//code was singed by first signer and second signer
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	130	//Expect no AccessControlException
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	131	System.out.println("Test Case 2");
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	132	cmd = constructCMD("both.jar", POLICY1, "false", "false");
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	133	ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	134
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	135	//test case 3
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	136	//setIO permission granted to code that was signed by first signer
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	137	//setFactory permission granted to code that was signed by second signer
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	138	//Keystore that contains only first keypairs
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	139	//code was singed by first signer and second signer
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	140	//Expect AccessControlException for setFactory permission
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	141	System.out.println("Test Case 3");
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	142	cmd = constructCMD("both.jar", POLICY2, "false", "true");
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	143	ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	144
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	145	}
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	146
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	147	private static String[] constructCMD(String classpath, String policy, String arg1, String arg2) {
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	148	String[] cmd = {
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	149	"-classpath", classpath,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	150	"-Djava.security.manager",
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	151	"-Djava.security.policy=" + policy,
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	152	"PrivilegeTest",
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	153	arg1, arg2};
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	154	return cmd;
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	155	}
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	156	}
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	157
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	158	class PrivilegeTest {
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	159
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	160	private static final Permission PERM1 = new RuntimePermission("setIO");
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	161	private static final Permission PERM2 = new RuntimePermission("setFactory");
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	162
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	163	public static void main(String args[]) {
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	164	boolean expectException1 = Boolean.parseBoolean(args[0]);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	165	boolean expectException2 = Boolean.parseBoolean(args[1]);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	166	test(PERM1, expectException1);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	167	test(PERM2, expectException2);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	168	}
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	169
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	170	public static void test(Permission perm, boolean expectException) {
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	171	boolean getException = (Boolean) AccessController.doPrivileged((PrivilegedAction) () -> {
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	172	try {
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	173	AccessController.checkPermission(perm);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	174	return (Boolean) false;
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	175	} catch (AccessControlException ex) {
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	176	return (Boolean) true;
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	177	}
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	178	});
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	179
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	180	if (expectException ^ getException) {
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	181	String message = "Check Permission :" + perm + "\n ExpectException = "
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	182	+ expectException + "\n getException = " + getException;
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	183	throw new RuntimeException(message);
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	184	}
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	185
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	186	}
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	187
4e0df0a96081 8048360: Test signed jar files weijun parents: diff changeset	188	}

author	weijun
	Fri, 15 Nov 2019 09:06:58 +0800
changeset 59104	046e4024e55a
parent 51675	b487c1e914d0
permissions	-rw-r--r--