1 # |
1 # |
2 # Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved. |
2 # Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved. |
3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 # |
4 # |
5 # This code is free software; you can redistribute it and/or modify it |
5 # This code is free software; you can redistribute it and/or modify it |
6 # under the terms of the GNU General Public License version 2 only, as |
6 # under the terms of the GNU General Public License version 2 only, as |
7 # published by the Free Software Foundation. |
7 # published by the Free Software Foundation. |
45 esac |
45 esac |
46 |
46 |
47 # Choose 1024-bit RSA to make sure it runs fine and fast on all platforms. In |
47 # Choose 1024-bit RSA to make sure it runs fine and fast on all platforms. In |
48 # fact, every keyalg/keysize combination is OK for this test. |
48 # fact, every keyalg/keysize combination is OK for this test. |
49 |
49 |
50 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore js.jks -keyalg rsa -keysize 1024" |
50 KS=js.ks |
|
51 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa -keysize 1024" |
51 JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}" |
52 JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}" |
52 JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}" |
53 JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}" |
53 JAVAC="$TESTJAVA${FS}bin${FS}javac ${TESTTOOLVMOPTS} ${TESTJAVACOPTS}" |
54 JAVAC="$TESTJAVA${FS}bin${FS}javac ${TESTTOOLVMOPTS} ${TESTJAVACOPTS}" |
54 |
55 |
55 rm js.jks |
56 rm $KS |
56 |
57 |
57 echo class A1 {} > A1.java |
58 echo class A1 {} > A1.java |
58 echo class A2 {} > A2.java |
59 echo class A2 {} > A2.java |
59 echo class A3 {} > A3.java |
60 echo class A3 {} > A3.java |
60 echo class A4 {} > A4.java |
61 echo class A4 {} > A4.java |
71 $KT -genkeypair -alias a1 -dname CN=a1 -validity 365 |
72 $KT -genkeypair -alias a1 -dname CN=a1 -validity 365 |
72 $KT -genkeypair -alias a2 -dname CN=a2 -validity 365 |
73 $KT -genkeypair -alias a2 -dname CN=a2 -validity 365 |
73 |
74 |
74 # a.jar includes 8 unsigned, 2 signed by a1 and a2, 2 signed by a3 |
75 # a.jar includes 8 unsigned, 2 signed by a1 and a2, 2 signed by a3 |
75 $JAR cvf a.jar A1.class A2.class |
76 $JAR cvf a.jar A1.class A2.class |
76 $JARSIGNER -keystore js.jks -storepass changeit a.jar a1 |
77 $JARSIGNER -keystore $KS -storepass changeit a.jar a1 |
77 $JAR uvf a.jar A3.class A4.class |
78 $JAR uvf a.jar A3.class A4.class |
78 $JARSIGNER -keystore js.jks -storepass changeit a.jar a2 |
79 $JARSIGNER -keystore $KS -storepass changeit a.jar a2 |
79 $JAR uvf a.jar A5.class A6.class |
80 $JAR uvf a.jar A5.class A6.class |
80 |
81 |
81 # Verify OK |
82 # Verify OK |
82 $JARSIGNER -verify a.jar |
83 $JARSIGNER -verify a.jar |
83 [ $? = 0 ] || exit $LINENO |
84 [ $? = 0 ] || exit $LINENO |
85 # 4(chainNotValidated)+16(hasUnsignedEntry) |
86 # 4(chainNotValidated)+16(hasUnsignedEntry) |
86 $JARSIGNER -verify a.jar -strict |
87 $JARSIGNER -verify a.jar -strict |
87 [ $? = 20 ] || exit $LINENO |
88 [ $? = 20 ] || exit $LINENO |
88 |
89 |
89 # 16(hasUnsignedEntry) |
90 # 16(hasUnsignedEntry) |
90 $JARSIGNER -verify a.jar -strict -keystore js.jks |
91 $JARSIGNER -verify a.jar -strict -keystore $KS -storepass changeit |
91 [ $? = 16 ] || exit $LINENO |
92 [ $? = 16 ] || exit $LINENO |
92 |
93 |
93 # 16(hasUnsignedEntry)+32(notSignedByAlias) |
94 # 16(hasUnsignedEntry)+32(notSignedByAlias) |
94 $JARSIGNER -verify a.jar a1 -strict -keystore js.jks |
95 $JARSIGNER -verify a.jar a1 -strict -keystore $KS -storepass changeit |
95 [ $? = 48 ] || exit $LINENO |
96 [ $? = 48 ] || exit $LINENO |
96 |
97 |
97 # 16(hasUnsignedEntry) |
98 # 16(hasUnsignedEntry) |
98 $JARSIGNER -verify a.jar a1 a2 -strict -keystore js.jks |
99 $JARSIGNER -verify a.jar a1 a2 -strict -keystore $KS -storepass changeit |
99 [ $? = 16 ] || exit $LINENO |
100 [ $? = 16 ] || exit $LINENO |
100 |
101 |
101 # 12 entries all together |
102 # 12 entries all together |
102 LINES=`$JARSIGNER -verify a.jar -verbose | grep $YEAR | wc -l` |
103 LINES=`$JARSIGNER -verify a.jar -verbose | grep $YEAR | wc -l` |
103 [ $LINES = 12 ] || exit $LINENO |
104 [ $LINES = 12 ] || exit $LINENO |
151 $KT -genkeypair -alias ca -dname CN=ca -ext bc -validity 365 |
152 $KT -genkeypair -alias ca -dname CN=ca -ext bc -validity 365 |
152 $KT -certreq -alias badchain | $KT -gencert -alias ca -validity 365 | \ |
153 $KT -certreq -alias badchain | $KT -gencert -alias ca -validity 365 | \ |
153 $KT -importcert -alias badchain |
154 $KT -importcert -alias badchain |
154 $KT -delete -alias ca |
155 $KT -delete -alias ca |
155 |
156 |
156 $JARSIGNER -strict -keystore js.jks -storepass changeit a.jar expired |
157 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar expired |
157 [ $? = 4 ] || exit $LINENO |
158 [ $? = 4 ] || exit $LINENO |
158 |
159 |
159 $JARSIGNER -strict -keystore js.jks -storepass changeit a.jar notyetvalid |
160 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar notyetvalid |
160 [ $? = 4 ] || exit $LINENO |
161 [ $? = 4 ] || exit $LINENO |
161 |
162 |
162 $JARSIGNER -strict -keystore js.jks -storepass changeit a.jar badku |
163 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar badku |
163 [ $? = 8 ] || exit $LINENO |
164 [ $? = 8 ] || exit $LINENO |
164 |
165 |
165 $JARSIGNER -strict -keystore js.jks -storepass changeit a.jar badeku |
166 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar badeku |
166 [ $? = 8 ] || exit $LINENO |
167 [ $? = 8 ] || exit $LINENO |
167 |
168 |
168 $JARSIGNER -strict -keystore js.jks -storepass changeit a.jar goodku |
169 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar goodku |
169 [ $? = 0 ] || exit $LINENO |
170 [ $? = 0 ] || exit $LINENO |
170 |
171 |
171 $JARSIGNER -strict -keystore js.jks -storepass changeit a.jar goodeku |
172 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar goodeku |
172 [ $? = 0 ] || exit $LINENO |
173 [ $? = 0 ] || exit $LINENO |
173 |
174 |
174 $JARSIGNER -strict -keystore js.jks -storepass changeit a.jar badchain |
175 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar badchain |
175 [ $? = 4 ] || exit $LINENO |
176 [ $? = 4 ] || exit $LINENO |
176 |
177 |
177 $JARSIGNER -verify a.jar |
178 $JARSIGNER -verify a.jar |
178 [ $? = 0 ] || exit $LINENO |
179 [ $? = 0 ] || exit $LINENO |
179 |
180 |
187 $KT -certreq -alias altchain | $KT -gencert -alias ca2 -validity 365 -rfc > certchain |
188 $KT -certreq -alias altchain | $KT -gencert -alias ca2 -validity 365 -rfc > certchain |
188 $KT -exportcert -alias ca2 -rfc >> certchain |
189 $KT -exportcert -alias ca2 -rfc >> certchain |
189 $KT -delete -alias ca2 |
190 $KT -delete -alias ca2 |
190 |
191 |
191 # Now altchain is still self-signed |
192 # Now altchain is still self-signed |
192 $JARSIGNER -strict -keystore js.jks -storepass changeit a.jar altchain |
193 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar altchain |
193 [ $? = 0 ] || exit $LINENO |
194 [ $? = 0 ] || exit $LINENO |
194 |
195 |
195 # If -certchain is used, then it's bad |
196 # If -certchain is used, then it's bad |
196 $JARSIGNER -strict -keystore js.jks -storepass changeit -certchain certchain a.jar altchain |
197 $JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain |
197 [ $? = 4 ] || exit $LINENO |
198 [ $? = 4 ] || exit $LINENO |
198 |
199 |
199 $JARSIGNER -verify a.jar |
200 $JARSIGNER -verify a.jar |
200 [ $? = 0 ] || exit $LINENO |
201 [ $? = 0 ] || exit $LINENO |
201 |
202 |