author | weijun |
Fri, 15 Nov 2019 09:06:58 +0800 | |
changeset 59104 | 046e4024e55a |
parent 54521 | 8de62c4af8c7 |
permissions | -rw-r--r-- |
54521
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
1 |
/* |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
2 |
* Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved. |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
4 |
* |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
8 |
* |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
13 |
* accompanied this code). |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
14 |
* |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
15 |
* You should have received a copy of the GNU General Public License version |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
18 |
* |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
20 |
* or visit www.oracle.com if you need additional information or have any |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
21 |
* questions. |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
22 |
*/ |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
23 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
24 |
/* |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
25 |
* @test |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
26 |
* @bug 7004168 |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
27 |
* @summary jarsigner -verify checks for KeyUsage codesigning ext on all certs |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
28 |
* instead of just signing cert |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
29 |
* @library /test/lib |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
30 |
*/ |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
31 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
32 |
import jdk.test.lib.SecurityTools; |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
33 |
import jdk.test.lib.process.OutputAnalyzer; |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
34 |
import jdk.test.lib.util.JarUtils; |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
35 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
36 |
import java.nio.file.Files; |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
37 |
import java.nio.file.Path; |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
38 |
import java.util.List; |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
39 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
40 |
public class CheckUsage { |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
41 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
42 |
static OutputAnalyzer keytool(String cmd) throws Exception { |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
43 |
return SecurityTools.keytool("-keypass changeit -storepass changeit " |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
44 |
+ "-keyalg rsa " + cmd); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
45 |
} |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
46 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
47 |
public static void main(String[] args) throws Exception { |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
48 |
Files.write(Path.of("x"), List.of("x")); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
49 |
JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("x")); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
50 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
51 |
// ################### 3 Keystores ####################### |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
52 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
53 |
// Keystore js.jks: including CA and Publisher |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
54 |
// CA contains a non-empty KeyUsage |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
55 |
keytool("-keystore js.jks -genkeypair -alias ca -dname CN=CA " |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
56 |
+ "-ext KU=kCS -ext bc -validity 365"); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
57 |
keytool("-keystore js.jks -genkeypair -alias pub -dname CN=Publisher"); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
58 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
59 |
// Publisher contains the correct KeyUsage |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
60 |
keytool("-keystore js.jks -certreq -alias pub -file pub.req"); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
61 |
keytool("-keystore js.jks -gencert -alias ca -ext KU=dig -validity 365 " |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
62 |
+ "-infile pub.req -outfile pub.cert"); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
63 |
keytool("-keystore js.jks -importcert -alias pub -file pub.cert"); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
64 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
65 |
// Keystore trust.jks: including CA only |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
66 |
keytool("-keystore js.jks -exportcert -alias ca -file ca.cert"); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
67 |
keytool("-keystore trust.jks -importcert -alias ca -noprompt -file ca.cert"); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
68 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
69 |
// Keystore unrelated.jks: unrelated |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
70 |
keytool("-keystore unrelated.jks -genkeypair -alias nothing " |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
71 |
+ "-dname CN=Nothing -validity 365"); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
72 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
73 |
// ################### 4 Tests ####################### |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
74 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
75 |
// Test 1: Sign should be OK |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
76 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
77 |
SecurityTools.jarsigner("-keystore js.jks -storepass changeit a.jar pub") |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
78 |
.shouldHaveExitValue(0); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
79 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
80 |
// Test 2: Verify should be OK |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
81 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
82 |
SecurityTools.jarsigner("-keystore trust.jks -storepass changeit " |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
83 |
+ "-strict -verify a.jar") |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
84 |
.shouldHaveExitValue(0); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
85 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
86 |
// Test 3: When no keystore is specified, the error is only |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
87 |
// "chain invalid" |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
88 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
89 |
SecurityTools.jarsigner("-strict -verify a.jar") |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
90 |
.shouldHaveExitValue(4); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
91 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
92 |
// Test 4: When unrelated keystore is specified, the error is |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
93 |
// "chain invalid" and "not alias in keystore" |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
94 |
|
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
95 |
SecurityTools.jarsigner("-keystore unrelated.jks -storepass changeit " |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
96 |
+ "-strict -verify a.jar") |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
97 |
.shouldHaveExitValue(36); |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
98 |
} |
8de62c4af8c7
8180573: Refactor sun/security/tools shell tests to plain java tests
weijun
parents:
diff
changeset
|
99 |
} |