author | asmotrak |
Mon, 26 Jan 2015 18:13:42 +0800 | |
changeset 28662 | efd0203db371 |
parent 24116 | 9f9b4ba34aad |
child 28664 | 2f79ecb05ada |
permissions | -rw-r--r-- |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
1 |
/* |
28662
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
2 |
* Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
4 |
* |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
5 |
* This code is free software; you can redistribute it and/or modify it |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
7 |
* published by the Free Software Foundation. |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
8 |
* |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
9 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
10 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
11 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
12 |
* version 2 for more details (a copy is included in the LICENSE file that |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
13 |
* accompanied this code). |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
14 |
* |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
15 |
* You should have received a copy of the GNU General Public License version |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
16 |
* 2 along with this work; if not, write to the Free Software Foundation, |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
17 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
18 |
* |
5506 | 19 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
20 |
* or visit www.oracle.com if you need additional information or have any |
|
21 |
* questions. |
|
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
22 |
*/ |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
23 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
24 |
import com.sun.net.httpserver.*; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
25 |
import java.io.BufferedReader; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
26 |
import java.io.ByteArrayOutputStream; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
27 |
import java.io.FileInputStream; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
28 |
import java.io.IOException; |
24034
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
29 |
import java.io.InputStream; |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
30 |
import java.io.InputStreamReader; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
31 |
import java.io.OutputStream; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
32 |
import java.math.BigInteger; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
33 |
import java.net.InetSocketAddress; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
34 |
import java.security.KeyStore; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
35 |
import java.security.PrivateKey; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
36 |
import java.security.Signature; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
37 |
import java.security.cert.Certificate; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
38 |
import java.security.cert.X509Certificate; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
39 |
import java.util.Calendar; |
24034
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
40 |
import java.util.jar.JarEntry; |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
41 |
import java.util.jar.JarFile; |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
42 |
|
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
43 |
import sun.misc.IOUtils; |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
44 |
import sun.security.pkcs.ContentInfo; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
45 |
import sun.security.pkcs.PKCS7; |
24034
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
46 |
import sun.security.pkcs.PKCS9Attribute; |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
47 |
import sun.security.pkcs.SignerInfo; |
24034
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
48 |
import sun.security.timestamp.TimestampToken; |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
49 |
import sun.security.util.DerOutputStream; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
50 |
import sun.security.util.DerValue; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
51 |
import sun.security.util.ObjectIdentifier; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
52 |
import sun.security.x509.AlgorithmId; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
53 |
import sun.security.x509.X500Name; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
54 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
55 |
public class TimestampCheck { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
56 |
static final String TSKS = "tsks"; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
57 |
static final String JAR = "old.jar"; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
58 |
|
24034
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
59 |
static final String defaultPolicyId = "2.3.4.5"; |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
60 |
|
28662
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
61 |
static class Handler implements HttpHandler, AutoCloseable { |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
62 |
|
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
63 |
private final HttpServer httpServer; |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
64 |
private final String keystore; |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
65 |
|
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
66 |
@Override |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
67 |
public void handle(HttpExchange t) throws IOException { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
68 |
int len = 0; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
69 |
for (String h: t.getRequestHeaders().keySet()) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
70 |
if (h.equalsIgnoreCase("Content-length")) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
71 |
len = Integer.valueOf(t.getRequestHeaders().get(h).get(0)); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
72 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
73 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
74 |
byte[] input = new byte[len]; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
75 |
t.getRequestBody().read(input); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
76 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
77 |
try { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
78 |
int path = 0; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
79 |
if (t.getRequestURI().getPath().length() > 1) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
80 |
path = Integer.parseInt( |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
81 |
t.getRequestURI().getPath().substring(1)); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
82 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
83 |
byte[] output = sign(input, path); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
84 |
Headers out = t.getResponseHeaders(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
85 |
out.set("Content-Type", "application/timestamp-reply"); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
86 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
87 |
t.sendResponseHeaders(200, output.length); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
88 |
OutputStream os = t.getResponseBody(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
89 |
os.write(output); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
90 |
} catch (Exception e) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
91 |
e.printStackTrace(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
92 |
t.sendResponseHeaders(500, 0); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
93 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
94 |
t.close(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
95 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
96 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
97 |
/** |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
98 |
* @param input The data to sign |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
99 |
* @param path different cases to simulate, impl on URL path |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
100 |
* 0: normal |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
101 |
* 1: Missing nonce |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
102 |
* 2: Different nonce |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
103 |
* 3: Bad digets octets in messageImprint |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
104 |
* 4: Different algorithmId in messageImprint |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
105 |
* 5: whole chain in cert set |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
106 |
* 6: extension is missing |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
107 |
* 7: extension is non-critical |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
108 |
* 8: extension does not have timestamping |
24034
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
109 |
* 9: no cert in response |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
110 |
* 10: normal |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
111 |
* 11: always return default policy id |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
112 |
* 12: normal |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
113 |
* otherwise: normal |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
114 |
* @returns the signed |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
115 |
*/ |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
116 |
byte[] sign(byte[] input, int path) throws Exception { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
117 |
// Read TSRequest |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
118 |
DerValue value = new DerValue(input); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
119 |
System.err.println("\nIncoming Request\n==================="); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
120 |
System.err.println("Version: " + value.data.getInteger()); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
121 |
DerValue messageImprint = value.data.getDerValue(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
122 |
AlgorithmId aid = AlgorithmId.parse( |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
123 |
messageImprint.data.getDerValue()); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
124 |
System.err.println("AlgorithmId: " + aid); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
125 |
|
24034
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
126 |
ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId); |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
127 |
BigInteger nonce = null; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
128 |
while (value.data.available() > 0) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
129 |
DerValue v = value.data.getDerValue(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
130 |
if (v.tag == DerValue.tag_Integer) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
131 |
nonce = v.getBigInteger(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
132 |
System.err.println("nonce: " + nonce); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
133 |
} else if (v.tag == DerValue.tag_Boolean) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
134 |
System.err.println("certReq: " + v.getBoolean()); |
24034
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
135 |
} else if (v.tag == DerValue.tag_ObjectId) { |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
136 |
policyId = v.getOID(); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
137 |
System.err.println("PolicyID: " + policyId); |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
138 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
139 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
140 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
141 |
// Write TSResponse |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
142 |
System.err.println("\nResponse\n==================="); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
143 |
KeyStore ks = KeyStore.getInstance("JKS"); |
28662
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
144 |
try (FileInputStream fis = new FileInputStream(keystore)) { |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
145 |
ks.load(fis, "changeit".toCharArray()); |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
146 |
} |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
147 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
148 |
String alias = "ts"; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
149 |
if (path == 6) alias = "tsbad1"; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
150 |
if (path == 7) alias = "tsbad2"; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
151 |
if (path == 8) alias = "tsbad3"; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
152 |
|
24034
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
153 |
if (path == 11) { |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
154 |
policyId = new ObjectIdentifier(defaultPolicyId); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
155 |
} |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
156 |
|
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
157 |
DerOutputStream statusInfo = new DerOutputStream(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
158 |
statusInfo.putInteger(0); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
159 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
160 |
DerOutputStream token = new DerOutputStream(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
161 |
AlgorithmId[] algorithms = {aid}; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
162 |
Certificate[] chain = ks.getCertificateChain(alias); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
163 |
X509Certificate[] signerCertificateChain = null; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
164 |
X509Certificate signer = (X509Certificate)chain[0]; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
165 |
if (path == 5) { // Only case 5 uses full chain |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
166 |
signerCertificateChain = new X509Certificate[chain.length]; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
167 |
for (int i=0; i<chain.length; i++) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
168 |
signerCertificateChain[i] = (X509Certificate)chain[i]; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
169 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
170 |
} else if (path == 9) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
171 |
signerCertificateChain = new X509Certificate[0]; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
172 |
} else { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
173 |
signerCertificateChain = new X509Certificate[1]; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
174 |
signerCertificateChain[0] = (X509Certificate)chain[0]; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
175 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
176 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
177 |
DerOutputStream tst = new DerOutputStream(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
178 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
179 |
tst.putInteger(1); |
24034
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
180 |
tst.putOID(policyId); |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
181 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
182 |
if (path != 3 && path != 4) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
183 |
tst.putDerValue(messageImprint); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
184 |
} else { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
185 |
byte[] data = messageImprint.toByteArray(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
186 |
if (path == 4) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
187 |
data[6] = (byte)0x01; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
188 |
} else { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
189 |
data[data.length-1] = (byte)0x01; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
190 |
data[data.length-2] = (byte)0x02; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
191 |
data[data.length-3] = (byte)0x03; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
192 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
193 |
tst.write(data); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
194 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
195 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
196 |
tst.putInteger(1); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
197 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
198 |
Calendar cal = Calendar.getInstance(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
199 |
tst.putGeneralizedTime(cal.getTime()); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
200 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
201 |
if (path == 2) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
202 |
tst.putInteger(1234); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
203 |
} else if (path == 1) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
204 |
// do nothing |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
205 |
} else { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
206 |
tst.putInteger(nonce); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
207 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
208 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
209 |
DerOutputStream tstInfo = new DerOutputStream(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
210 |
tstInfo.write(DerValue.tag_Sequence, tst); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
211 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
212 |
DerOutputStream tstInfo2 = new DerOutputStream(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
213 |
tstInfo2.putOctetString(tstInfo.toByteArray()); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
214 |
|
21342
7bbb056a1c23
8027026: Change keytool -genkeypair to use -keyalg RSA
weijun
parents:
17161
diff
changeset
|
215 |
Signature sig = Signature.getInstance("SHA1withRSA"); |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
216 |
sig.initSign((PrivateKey)(ks.getKey( |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
217 |
alias, "changeit".toCharArray()))); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
218 |
sig.update(tstInfo.toByteArray()); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
219 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
220 |
ContentInfo contentInfo = new ContentInfo(new ObjectIdentifier( |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
221 |
"1.2.840.113549.1.9.16.1.4"), |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
222 |
new DerValue(tstInfo2.toByteArray())); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
223 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
224 |
System.err.println("Signing..."); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
225 |
System.err.println(new X500Name(signer |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
226 |
.getIssuerX500Principal().getName())); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
227 |
System.err.println(signer.getSerialNumber()); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
228 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
229 |
SignerInfo signerInfo = new SignerInfo( |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
230 |
new X500Name(signer.getIssuerX500Principal().getName()), |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
231 |
signer.getSerialNumber(), |
21852
5059284b03a0
8029181: ts.sh generates invalid file after JDK-8027026
weijun
parents:
21342
diff
changeset
|
232 |
aid, AlgorithmId.get("RSA"), sig.sign()); |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
233 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
234 |
SignerInfo[] signerInfos = {signerInfo}; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
235 |
PKCS7 p7 = |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
236 |
new PKCS7(algorithms, contentInfo, signerCertificateChain, |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
237 |
signerInfos); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
238 |
ByteArrayOutputStream p7out = new ByteArrayOutputStream(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
239 |
p7.encodeSignedData(p7out); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
240 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
241 |
DerOutputStream response = new DerOutputStream(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
242 |
response.write(DerValue.tag_Sequence, statusInfo); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
243 |
response.putDerValue(new DerValue(p7out.toByteArray())); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
244 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
245 |
DerOutputStream out = new DerOutputStream(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
246 |
out.write(DerValue.tag_Sequence, response); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
247 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
248 |
return out.toByteArray(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
249 |
} |
28662
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
250 |
|
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
251 |
private Handler(HttpServer httpServer, String keystore) { |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
252 |
this.httpServer = httpServer; |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
253 |
this.keystore = keystore; |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
254 |
} |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
255 |
|
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
256 |
/** |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
257 |
* Initialize TSA instance. |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
258 |
* |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
259 |
* Extended Key Info extension of certificate that is used for |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
260 |
* signing TSA responses should contain timeStamping value. |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
261 |
*/ |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
262 |
static Handler init(int port, String keystore) throws IOException { |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
263 |
HttpServer httpServer = HttpServer.create( |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
264 |
new InetSocketAddress(port), 0); |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
265 |
Handler tsa = new Handler(httpServer, keystore); |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
266 |
httpServer.createContext("/", tsa); |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
267 |
return tsa; |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
268 |
} |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
269 |
|
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
270 |
/** |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
271 |
* Start TSA service. |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
272 |
*/ |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
273 |
void start() { |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
274 |
httpServer.start(); |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
275 |
} |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
276 |
|
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
277 |
/** |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
278 |
* Stop TSA service. |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
279 |
*/ |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
280 |
void stop() { |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
281 |
httpServer.stop(0); |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
282 |
} |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
283 |
|
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
284 |
/** |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
285 |
* Return server port number. |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
286 |
*/ |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
287 |
int getPort() { |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
288 |
return httpServer.getAddress().getPort(); |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
289 |
} |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
290 |
|
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
291 |
@Override |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
292 |
public void close() throws Exception { |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
293 |
stop(); |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
294 |
} |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
295 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
296 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
297 |
public static void main(String[] args) throws Exception { |
28662
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
298 |
try (Handler tsa = Handler.init(0, TSKS);) { |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
299 |
tsa.start(); |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
300 |
int port = tsa.getPort(); |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
301 |
|
28662
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
302 |
String cmd; |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
303 |
// Use -J-Djava.security.egd=file:/dev/./urandom to speed up |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
304 |
// nonce generation in timestamping request. Not avaibale on |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
305 |
// Windows and defaults to thread seed generator, not too bad. |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
306 |
if (System.getProperty("java.home").endsWith("jre")) { |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
307 |
cmd = System.getProperty("java.home") + "/../bin/jarsigner"; |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
308 |
} else { |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
309 |
cmd = System.getProperty("java.home") + "/bin/jarsigner"; |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
310 |
} |
24116
9f9b4ba34aad
8040321: keytool and jarsigner tests doesn't pass though VM tools to tools
weijun
parents:
24034
diff
changeset
|
311 |
|
28662
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
312 |
cmd += System.getProperty("test.tool.vm.opts") |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
313 |
+ " -J-Djava.security.egd=file:/dev/./urandom" |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
314 |
+ " -debug -keystore " + TSKS + " -storepass changeit" |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
315 |
+ " -tsa http://localhost:" + port + "/%d" |
efd0203db371
8049171: Additional tests for jarsigner's warnings
asmotrak
parents:
24116
diff
changeset
|
316 |
+ " -signedjar new_%d.jar " + JAR + " old"; |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
317 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
318 |
if (args.length == 0) { // Run this test |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
319 |
jarsigner(cmd, 0, true); // Success, normal call |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
320 |
jarsigner(cmd, 1, false); // These 4 should fail |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
321 |
jarsigner(cmd, 2, false); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
322 |
jarsigner(cmd, 3, false); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
323 |
jarsigner(cmd, 4, false); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
324 |
jarsigner(cmd, 5, true); // Success, 6543440 solved. |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
325 |
jarsigner(cmd, 6, false); // tsbad1 |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
326 |
jarsigner(cmd, 7, false); // tsbad2 |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
327 |
jarsigner(cmd, 8, false); // tsbad3 |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
328 |
jarsigner(cmd, 9, false); // no cert in timestamp |
24034
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
329 |
jarsigner(cmd + " -tsapolicyid 1.2.3.4", 10, true); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
330 |
checkTimestamp("new_10.jar", "1.2.3.4", "SHA-256"); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
331 |
jarsigner(cmd + " -tsapolicyid 1.2.3.5", 11, false); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
332 |
jarsigner(cmd + " -tsadigestalg SHA", 12, true); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
333 |
checkTimestamp("new_12.jar", defaultPolicyId, "SHA-1"); |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
334 |
} else { // Run as a standalone server |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
335 |
System.err.println("Press Enter to quit server"); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
336 |
System.in.read(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
337 |
} |
24034
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
338 |
} |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
339 |
} |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
340 |
|
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
341 |
static void checkTimestamp(String file, String policyId, String digestAlg) |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
342 |
throws Exception { |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
343 |
try (JarFile jf = new JarFile(file)) { |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
344 |
JarEntry je = jf.getJarEntry("META-INF/OLD.RSA"); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
345 |
try (InputStream is = jf.getInputStream(je)) { |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
346 |
byte[] content = IOUtils.readFully(is, -1, true); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
347 |
PKCS7 p7 = new PKCS7(content); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
348 |
SignerInfo[] si = p7.getSignerInfos(); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
349 |
if (si == null || si.length == 0) { |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
350 |
throw new Exception("Not signed"); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
351 |
} |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
352 |
PKCS9Attribute p9 = si[0].getUnauthenticatedAttributes() |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
353 |
.getAttribute(PKCS9Attribute.SIGNATURE_TIMESTAMP_TOKEN_OID); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
354 |
PKCS7 tsToken = new PKCS7((byte[]) p9.getValue()); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
355 |
TimestampToken tt = |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
356 |
new TimestampToken(tsToken.getContentInfo().getData()); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
357 |
if (!tt.getHashAlgorithm().toString().equals(digestAlg)) { |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
358 |
throw new Exception("Digest alg different"); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
359 |
} |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
360 |
if (!tt.getPolicyID().equals(policyId)) { |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
361 |
throw new Exception("policyId different"); |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
362 |
} |
31fe17eef94a
8038837: Add support to jarsigner for specifying timestamp hash algorithm
weijun
parents:
23010
diff
changeset
|
363 |
} |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
364 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
365 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
366 |
|
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
367 |
/** |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
368 |
* @param cmd the command line (with a hole to plug in) |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
369 |
* @param path the path in the URL, i.e, http://localhost/path |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
370 |
* @param expected if this command should succeed |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
371 |
*/ |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
372 |
static void jarsigner(String cmd, int path, boolean expected) |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
373 |
throws Exception { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
374 |
System.err.println("Test " + path); |
22315 | 375 |
Process p = Runtime.getRuntime().exec(String.format(cmd, path, path)); |
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
376 |
BufferedReader reader = new BufferedReader( |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
377 |
new InputStreamReader(p.getErrorStream())); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
378 |
while (true) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
379 |
String s = reader.readLine(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
380 |
if (s == null) break; |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
381 |
System.err.println(s); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
382 |
} |
22315 | 383 |
|
384 |
// Will not see noTimestamp warning |
|
385 |
boolean seeWarning = false; |
|
386 |
reader = new BufferedReader( |
|
387 |
new InputStreamReader(p.getInputStream())); |
|
388 |
while (true) { |
|
389 |
String s = reader.readLine(); |
|
390 |
if (s == null) break; |
|
391 |
System.err.println(s); |
|
392 |
if (s.indexOf("Warning:") >= 0) { |
|
393 |
seeWarning = true; |
|
394 |
} |
|
395 |
} |
|
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
396 |
int result = p.waitFor(); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
397 |
if (expected && result != 0 || !expected && result == 0) { |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
398 |
throw new Exception("Failed"); |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
399 |
} |
22315 | 400 |
if (seeWarning) { |
401 |
throw new Exception("See warning"); |
|
402 |
} |
|
5297
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
403 |
} |
61fb331e1dad
6939248: Jarsigner can't extract Extended Key Usage from Timestamp Reply correctly
weijun
parents:
diff
changeset
|
404 |
} |