| author | weijun |
| Fri, 15 Nov 2019 09:06:58 +0800 | |
| changeset 59104 | 046e4024e55a |
| parent 53298 | bd9043ffaa2a |
| permissions | -rw-r--r-- |
|
53298
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
1 |
/* |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
2 |
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
4 |
* |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
8 |
* |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
13 |
* accompanied this code). |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
14 |
* |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
15 |
* You should have received a copy of the GNU General Public License version |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
18 |
* |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
20 |
* or visit www.oracle.com if you need additional information or have any |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
21 |
* questions. |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
22 |
*/ |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
23 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
24 |
/* |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
25 |
* @test |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
26 |
* @bug 8215922 |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
27 |
* @summary jar spec is not precise when describing jar file re-signing |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
28 |
* @library /test/lib |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
29 |
*/ |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
30 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
31 |
import jdk.test.lib.Asserts; |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
32 |
import jdk.test.lib.util.JarUtils; |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
33 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
34 |
import java.io.InputStream; |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
35 |
import java.security.MessageDigest; |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
36 |
import java.util.Base64; |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
37 |
import java.util.jar.JarEntry; |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
38 |
import java.util.jar.JarFile; |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
39 |
import java.util.jar.Manifest; |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
40 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
41 |
import static jdk.test.lib.SecurityTools.*; |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
42 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
43 |
public class SignedAgain {
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
44 |
public static void main(String[] args) throws Exception {
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
45 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
46 |
String opt = "-storepass changeit -keystore ks"; |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
47 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
48 |
keytool(opt + " -genkeypair -alias a -dname CN=A -keyalg RSA"); |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
49 |
keytool(opt + " -genkeypair -alias b -dname CN=B -keyalg RSA"); |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
50 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
51 |
JarUtils.createJar("a.jar", "f1");
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
52 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
53 |
// as.jar: signed by a |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
54 |
jarsigner(opt + " -signedjar as.jar a.jar a"); |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
55 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
56 |
JarUtils.updateJar("as.jar", "b.jar", "f2");
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
57 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
58 |
// bs.jar: signed again by b |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
59 |
jarsigner(opt + " -signedjar bs.jar b.jar b"); |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
60 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
61 |
// verified |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
62 |
jarsigner(opt + " -verify -strict -verbose -certs bs.jar") |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
63 |
.shouldHaveExitValue(0); |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
64 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
65 |
try (JarFile ja = new JarFile("as.jar");
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
66 |
JarFile jb = new JarFile("bs.jar");
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
67 |
InputStream ma = ja.getInputStream( |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
68 |
new JarEntry("META-INF/MANIFEST.MF"));
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
69 |
InputStream sa = jb.getInputStream(new JarEntry("META-INF/A.SF"));
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
70 |
InputStream mb = jb.getInputStream( |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
71 |
new JarEntry("META-INF/MANIFEST.MF"));
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
72 |
InputStream sb = jb.getInputStream(new JarEntry("META-INF/B.SF"))) {
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
73 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
74 |
// Hash of manifest for 2 signed JAR files |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
75 |
String da = Base64.getEncoder().encodeToString(MessageDigest |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
76 |
.getInstance("SHA-256").digest(ma.readAllBytes()));
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
77 |
String db = Base64.getEncoder().encodeToString(MessageDigest |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
78 |
.getInstance("SHA-256").digest(mb.readAllBytes()));
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
79 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
80 |
// They are not the same |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
81 |
Asserts.assertNotEquals(da, db); |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
82 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
83 |
// Digest-Manifest in A.SF matches da |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
84 |
Asserts.assertEQ(new Manifest(sa).getMainAttributes() |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
85 |
.getValue("SHA-256-Digest-Manifest"), da);
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
86 |
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
87 |
// Digest-Manifest in B.SF matches db |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
88 |
Asserts.assertEQ(new Manifest(sb).getMainAttributes() |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
89 |
.getValue("SHA-256-Digest-Manifest"), db);
|
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
90 |
} |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
91 |
} |
|
bd9043ffaa2a
8215922: jar spec is not precise when describing jar file re-signing
weijun
parents:
diff
changeset
|
92 |
} |