author | weijun |
Mon, 15 Aug 2011 11:43:09 +0800 | |
changeset 10333 | 96264d6bb3a3 |
parent 7525 | 16d2b5e6517a |
child 14342 | 8435a30053c1 |
permissions | -rw-r--r-- |
2432
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
1 |
# |
7524
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
2 |
# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. |
2432
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
3 |
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
4 |
# |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
5 |
# This code is free software; you can redistribute it and/or modify it |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
6 |
# under the terms of the GNU General Public License version 2 only, as |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
7 |
# published by the Free Software Foundation. |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
8 |
# |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
9 |
# This code is distributed in the hope that it will be useful, but WITHOUT |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
10 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
11 |
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
12 |
# version 2 for more details (a copy is included in the LICENSE file that |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
13 |
# accompanied this code). |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
14 |
# |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
15 |
# You should have received a copy of the GNU General Public License version |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
16 |
# 2 along with this work; if not, write to the Free Software Foundation, |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
17 |
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
18 |
# |
5506 | 19 |
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
20 |
# or visit www.oracle.com if you need additional information or have any |
|
21 |
# questions. |
|
2432
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
22 |
# |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
23 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
24 |
# @test |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
25 |
# @bug 6802846 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
26 |
# @summary jarsigner needs enhanced cert validation(options) |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
27 |
# |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
28 |
# @run shell concise_jarsigner.sh |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
29 |
# |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
30 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
31 |
if [ "${TESTJAVA}" = "" ] ; then |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
32 |
JAVAC_CMD=`which javac` |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
33 |
TESTJAVA=`dirname $JAVAC_CMD`/.. |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
34 |
fi |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
35 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
36 |
# set platform-dependent variables |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
37 |
OS=`uname -s` |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
38 |
case "$OS" in |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
39 |
Windows_* ) |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
40 |
FS="\\" |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
41 |
;; |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
42 |
* ) |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
43 |
FS="/" |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
44 |
;; |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
45 |
esac |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
46 |
|
10333
96264d6bb3a3
7079144: concise_jarsigner.sh test often fails on solaris
weijun
parents:
7525
diff
changeset
|
47 |
# Choose 512-bit RSA to make sure it runs fine and fast on all platforms. In fact, |
96264d6bb3a3
7079144: concise_jarsigner.sh test often fails on solaris
weijun
parents:
7525
diff
changeset
|
48 |
# every keyalg/keysize combination is OK for this test. |
96264d6bb3a3
7079144: concise_jarsigner.sh test often fails on solaris
weijun
parents:
7525
diff
changeset
|
49 |
|
96264d6bb3a3
7079144: concise_jarsigner.sh test often fails on solaris
weijun
parents:
7525
diff
changeset
|
50 |
KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore js.jks -keyalg rsa -keysize 512" |
2432
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
51 |
JAR=$TESTJAVA${FS}bin${FS}jar |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
52 |
JARSIGNER=$TESTJAVA${FS}bin${FS}jarsigner |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
53 |
JAVAC=$TESTJAVA${FS}bin${FS}javac |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
54 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
55 |
rm js.jks |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
56 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
57 |
echo class A1 {} > A1.java |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
58 |
echo class A2 {} > A2.java |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
59 |
echo class A3 {} > A3.java |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
60 |
echo class A4 {} > A4.java |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
61 |
echo class A5 {} > A5.java |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
62 |
echo class A6 {} > A6.java |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
63 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
64 |
$JAVAC A1.java A2.java A3.java A4.java A5.java A6.java |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
65 |
YEAR=`date +%Y` |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
66 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
67 |
# ========================================================== |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
68 |
# First part: output format |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
69 |
# ========================================================== |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
70 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
71 |
$KT -genkeypair -alias a1 -dname CN=a1 -validity 365 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
72 |
$KT -genkeypair -alias a2 -dname CN=a2 -validity 365 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
73 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
74 |
# a.jar includes 8 unsigned, 2 signed by a1 and a2, 2 signed by a3 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
75 |
$JAR cvf a.jar A1.class A2.class |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
76 |
$JARSIGNER -keystore js.jks -storepass changeit a.jar a1 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
77 |
$JAR uvf a.jar A3.class A4.class |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
78 |
$JARSIGNER -keystore js.jks -storepass changeit a.jar a2 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
79 |
$JAR uvf a.jar A5.class A6.class |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
80 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
81 |
# Verify OK |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
82 |
$JARSIGNER -verify a.jar |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
83 |
[ $? = 0 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
84 |
|
7525
16d2b5e6517a
7004168: jarsigner -verify checks for KeyUsage codesigning ext on all certs instead of just signing cert
weijun
parents:
7524
diff
changeset
|
85 |
# 4(chainNotValidated)+16(hasUnsignedEntry) |
2432
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
86 |
$JARSIGNER -verify a.jar -strict |
7525
16d2b5e6517a
7004168: jarsigner -verify checks for KeyUsage codesigning ext on all certs instead of just signing cert
weijun
parents:
7524
diff
changeset
|
87 |
[ $? = 20 ] || exit $LINENO |
2432
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
88 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
89 |
# 16(hasUnsignedEntry) |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
90 |
$JARSIGNER -verify a.jar -strict -keystore js.jks |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
91 |
[ $? = 16 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
92 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
93 |
# 16(hasUnsignedEntry)+32(notSignedByAlias) |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
94 |
$JARSIGNER -verify a.jar a1 -strict -keystore js.jks |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
95 |
[ $? = 48 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
96 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
97 |
# 16(hasUnsignedEntry) |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
98 |
$JARSIGNER -verify a.jar a1 a2 -strict -keystore js.jks |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
99 |
[ $? = 16 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
100 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
101 |
# 12 entries all together |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
102 |
LINES=`$JARSIGNER -verify a.jar -verbose | grep $YEAR | wc -l` |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
103 |
[ $LINES = 12 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
104 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
105 |
# 12 entries all listed |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
106 |
LINES=`$JARSIGNER -verify a.jar -verbose:grouped | grep $YEAR | wc -l` |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
107 |
[ $LINES = 12 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
108 |
|
7524
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
109 |
# 4 groups: MANIFST, unrelated, signed, unsigned |
2432
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
110 |
LINES=`$JARSIGNER -verify a.jar -verbose:summary | grep $YEAR | wc -l` |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
111 |
[ $LINES = 4 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
112 |
|
7524
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
113 |
# still 4 groups, but MANIFEST group has no other file |
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
114 |
LINES=`$JARSIGNER -verify a.jar -verbose:summary | grep "more)" | wc -l` |
2432
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
115 |
[ $LINES = 3 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
116 |
|
7524
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
117 |
# 5 groups: MANIFEST, unrelated, signed by a1/a2, signed by a2, unsigned |
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
118 |
LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep $YEAR | wc -l` |
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
119 |
[ $LINES = 5 ] || exit $LINENO |
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
120 |
|
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
121 |
# 2 for MANIFEST, 2*2 for A1/A2, 2 for A3/A4 |
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
122 |
LINES=`$JARSIGNER -verify a.jar -verbose -certs | grep "\[certificate" | wc -l` |
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
123 |
[ $LINES = 8 ] || exit $LINENO |
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
124 |
|
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
125 |
# a1,a2 for MANIFEST, a1,a2 for A1/A2, a2 for A3/A4 |
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
126 |
LINES=`$JARSIGNER -verify a.jar -verbose:grouped -certs | grep "\[certificate" | wc -l` |
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
127 |
[ $LINES = 5 ] || exit $LINENO |
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
128 |
|
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
129 |
# a1,a2 for MANIFEST, a1,a2 for A1/A2, a2 for A3/A4 |
2432
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
130 |
LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep "\[certificate" | wc -l` |
7524
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
131 |
[ $LINES = 5 ] || exit $LINENO |
2432
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
132 |
|
7524
ec12e1e6fa20
7004035: signed jar with only META-INF/* inside is not verifiable
weijun
parents:
5506
diff
changeset
|
133 |
# still 5 groups, but MANIFEST group has no other file |
2432
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
134 |
LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep "more)" | wc -l` |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
135 |
[ $LINES = 4 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
136 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
137 |
# ========================================================== |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
138 |
# Second part: exit code 2, 4, 8 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
139 |
# 16 and 32 already covered in the first part |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
140 |
# ========================================================== |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
141 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
142 |
$KT -genkeypair -alias expiring -dname CN=expiring -startdate -1m |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
143 |
$KT -genkeypair -alias expired -dname CN=expired -startdate -10m |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
144 |
$KT -genkeypair -alias notyetvalid -dname CN=notyetvalid -startdate +1m |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
145 |
$KT -genkeypair -alias badku -dname CN=badku -ext KU=cRLSign -validity 365 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
146 |
$KT -genkeypair -alias badeku -dname CN=badeku -ext EKU=sa -validity 365 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
147 |
$KT -genkeypair -alias goodku -dname CN=goodku -ext KU=dig -validity 365 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
148 |
$KT -genkeypair -alias goodeku -dname CN=goodeku -ext EKU=codesign -validity 365 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
149 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
150 |
# badchain signed by ca, but ca is removed later |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
151 |
$KT -genkeypair -alias badchain -dname CN=badchain -validity 365 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
152 |
$KT -genkeypair -alias ca -dname CN=ca -ext bc -validity 365 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
153 |
$KT -certreq -alias badchain | $KT -gencert -alias ca -validity 365 | \ |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
154 |
$KT -importcert -alias badchain |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
155 |
$KT -delete -alias ca |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
156 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
157 |
$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar expiring |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
158 |
[ $? = 2 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
159 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
160 |
$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar expired |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
161 |
[ $? = 4 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
162 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
163 |
$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar notyetvalid |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
164 |
[ $? = 4 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
165 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
166 |
$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar badku |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
167 |
[ $? = 8 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
168 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
169 |
$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar badeku |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
170 |
[ $? = 8 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
171 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
172 |
$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar goodku |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
173 |
[ $? = 0 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
174 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
175 |
$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar goodeku |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
176 |
[ $? = 0 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
177 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
178 |
$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar badchain |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
179 |
[ $? = 4 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
180 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
181 |
$JARSIGNER -verify a.jar |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
182 |
[ $? = 0 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
183 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
184 |
# ========================================================== |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
185 |
# Third part: -certchain test |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
186 |
# ========================================================== |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
187 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
188 |
# altchain signed by ca2, but ca2 is removed later |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
189 |
$KT -genkeypair -alias altchain -dname CN=altchain -validity 365 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
190 |
$KT -genkeypair -alias ca2 -dname CN=ca2 -ext bc -validity 365 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
191 |
$KT -certreq -alias altchain | $KT -gencert -alias ca2 -validity 365 -rfc > certchain |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
192 |
$KT -exportcert -alias ca2 -rfc >> certchain |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
193 |
$KT -delete -alias ca2 |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
194 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
195 |
# Now altchain is still self-signed |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
196 |
$JARSIGNER -strict -keystore js.jks -storepass changeit a.jar altchain |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
197 |
[ $? = 0 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
198 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
199 |
# If -certchain is used, then it's bad |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
200 |
$JARSIGNER -strict -keystore js.jks -storepass changeit -certchain certchain a.jar altchain |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
201 |
[ $? = 4 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
202 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
203 |
$JARSIGNER -verify a.jar |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
204 |
[ $? = 0 ] || exit $LINENO |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
205 |
|
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
206 |
echo OK |
dc17f417ef85
6802846: jarsigner needs enhanced cert validation(options)
weijun
parents:
diff
changeset
|
207 |
exit 0 |