author | herrick |
Fri, 08 Nov 2019 14:53:03 -0500 | |
branch | JDK-8200758-branch |
changeset 58994 | b09ba68c6a19 |
parent 58648 | 3bf53ffa9ae7 |
permissions | -rw-r--r-- |
58464
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
1 |
/* |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
2 |
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
4 |
* |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
8 |
* |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
13 |
* accompanied this code). |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
14 |
* |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
15 |
* You should have received a copy of the GNU General Public License version |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
18 |
* |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
20 |
* or visit www.oracle.com if you need additional information or have any |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
21 |
* questions. |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
22 |
*/ |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
23 |
|
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
24 |
import java.util.List; |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
25 |
import java.util.regex.Matcher; |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
26 |
import java.util.regex.Pattern; |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
27 |
import java.util.stream.Collectors; |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
28 |
|
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
29 |
import jdk.jpackage.test.TKit; |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
30 |
import jdk.jpackage.test.Executor; |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
31 |
|
58994
b09ba68c6a19
8233636 : Make jpackage an incubator and remove tool provider implementation
herrick
parents:
58648
diff
changeset
|
32 |
import jdk.incubator.jpackage.internal.MacCertificate; |
58464
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
33 |
|
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
34 |
public class SigningCheck { |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
35 |
|
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
36 |
public static void checkCertificates() { |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
37 |
List<String> result = findCertificate(SigningBase.APP_CERT, SigningBase.KEYCHAIN); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
38 |
String key = findKey(SigningBase.APP_CERT, result); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
39 |
validateCertificate(key); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
40 |
validateCertificateTrust(SigningBase.APP_CERT); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
41 |
|
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
42 |
result = findCertificate(SigningBase.INSTALLER_CERT, SigningBase.KEYCHAIN); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
43 |
key = findKey(SigningBase.INSTALLER_CERT, result); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
44 |
validateCertificate(key); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
45 |
validateCertificateTrust(SigningBase.INSTALLER_CERT); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
46 |
} |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
47 |
|
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
48 |
private static List<String> findCertificate(String name, String keyChain) { |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
49 |
List<String> result = new Executor() |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
50 |
.setExecutable("security") |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
51 |
.addArguments("find-certificate", "-c", name, "-a", keyChain) |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
52 |
.executeAndGetOutput(); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
53 |
|
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
54 |
return result; |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
55 |
} |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
56 |
|
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
57 |
private static String findKey(String name, List<String> result) { |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
58 |
Pattern p = Pattern.compile("\"alis\"<blob>=\"([^\"]+)\""); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
59 |
Matcher m = p.matcher(result.stream().collect(Collectors.joining())); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
60 |
if (!m.find()) { |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
61 |
TKit.trace("Did not found a key for '" + name + "'"); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
62 |
return null; |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
63 |
} |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
64 |
String matchedKey = m.group(1); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
65 |
if (m.find()) { |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
66 |
TKit.trace("Found more than one key for '" + name + "'"); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
67 |
return null; |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
68 |
} |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
69 |
TKit.trace("Using key '" + matchedKey); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
70 |
return matchedKey; |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
71 |
} |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
72 |
|
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
73 |
private static void validateCertificate(String key) { |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
74 |
if (key != null) { |
58647
2c43b89b1679
8231862: Decouple DesktopIntegration and LinuxPackageBundler classes
herrick
parents:
58464
diff
changeset
|
75 |
MacCertificate certificate = new MacCertificate(key); |
58464
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
76 |
if (!certificate.isValid()) { |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
77 |
TKit.throwSkippedException("Certifcate expired: " + key); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
78 |
} else { |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
79 |
return; |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
80 |
} |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
81 |
} |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
82 |
|
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
83 |
TKit.throwSkippedException("Cannot find required certifciates: " + key); |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
84 |
} |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
85 |
|
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
86 |
private static void validateCertificateTrust(String name) { |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
87 |
List<String> result = new Executor() |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
88 |
.setExecutable("security") |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
89 |
.addArguments("dump-trust-settings") |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
90 |
.executeAndGetOutput(); |
58648 | 91 |
result.stream().forEachOrdered(TKit::trace); |
92 |
TKit.assertTextStream(name) |
|
93 |
.predicate((line, what) -> line.trim().endsWith(what)) |
|
94 |
.orElseThrow(() -> TKit.throwSkippedException( |
|
95 |
"Certifcate not trusted by current user: " + name)) |
|
96 |
.apply(result.stream()); |
|
58464
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
97 |
} |
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
98 |
|
d82489644b15
8215895: Verify and create tests for Mac installer specific signing options
herrick
parents:
diff
changeset
|
99 |
} |