1 /*

     2  * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.

     8  *

     9  * This code is distributed in the hope that it will be useful, but WITHOUT

    10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    12  * version 2 for more details (a copy is included in the LICENSE file that

    13  * accompanied this code).

    14  *

    15  * You should have received a copy of the GNU General Public License version

    16  * 2 along with this work; if not, write to the Free Software Foundation,

    17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    18  *

    19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    20  * or visit www.oracle.com if you need additional information or have any

    21  * questions.

    22  */

    23 

    24 import java.io.IOException;

    25 import java.io.OutputStream;

    26 import java.nio.file.Path;

    27 import java.util.Map;

    28 import java.util.jar.JarFile;

    29 import java.util.jar.Manifest;

    30 import java.util.jar.Attributes.Name;

    31 import java.util.zip.ZipEntry;

    32 import java.util.zip.ZipFile;

    33 

    34 import jdk.test.lib.util.JarUtils;

    35 import jdk.test.lib.SecurityTools;

    36 import org.testng.annotations.Test;

    37 import org.testng.annotations.BeforeClass;

    38 

    39 import static java.nio.charset.StandardCharsets.UTF_8;

    40 import static org.testng.Assert.*;

    41 

    42 /**

    43  * @test

    44  * @bug 8217375

    45  * @library /test/lib

    46  * @run testng WasSignedByOtherSigner

    47  * @summary Checks that {@code wasSigned} in

    48  * {@link jdk.security.jarsigner.JarSigner#sign0} is set true if the jar to sign

    49  * contains a signature that will not be overwritten with the current one.

    50  */

    51 public class WasSignedByOtherSigner {

    52 

    53     static final String KEYSTORE_FILENAME = "test.jks";

    54 

    55     @BeforeClass

    56     public void prepareKeyStore() throws Exception {

    57         SecurityTools.keytool("-genkeypair -keyalg EC -keystore "

    58                 + KEYSTORE_FILENAME + " -storepass changeit -keypass changeit"

    59                 + " -alias a -dname CN=A").shouldHaveExitValue(0);

    60     }

    61 

    62     void test(String secondSigner, boolean expRrewritten) throws Exception {

    63         String jarFilename1 = "test" + secondSigner + "-1.jar";

    64         JarUtils.createJarFile(Path.of(jarFilename1), (Manifest) null,

    65                 Path.of("."));

    66         // TODO: use jarsigner here only to create a default manifest...

    67         SecurityTools.jarsigner("-keystore " + KEYSTORE_FILENAME +

    68                 " -storepass changeit -verbose -debug " + jarFilename1 + " a")

    69                 .shouldHaveExitValue(0);

    70         Utils.echoManifest(Utils.readJarManifestBytes(

    71                 jarFilename1), "initial manifest");

    72 

    73         // replace manifest with a non-standard one that can later be checked

    74         String jarFilename2 = "test" + secondSigner + "-2.jar";

    75         JarUtils.updateJar(jarFilename1, jarFilename2, Map.of(

    76                 // add a fake sig-related file to trigger wasSigned in JarSigner

    77                 "META-INF/.SF", Name.SIGNATURE_VERSION + ": 1.0\r\n"));

    78         Utils.echoManifest(Utils.readJarManifestBytes(

    79                 jarFilename2), "with fake META-INF.SF file");

    80         String jarFilename3 = "test" + secondSigner + "-3.jar";

    81         JarUtils.updateManifest(jarFilename2, jarFilename3, new Manifest() {

    82             @Override public void write(OutputStream out) throws IOException {

    83                 // no trailing blank line

    84                 out.write((Name.MANIFEST_VERSION + ": 1.0\r\n").getBytes(UTF_8));

    85             }

    86         });

    87         Utils.echoManifest(Utils.readJarManifestBytes(

    88                 jarFilename3), "with manifest manipulated");

    89         SecurityTools.jarsigner("-keystore " + KEYSTORE_FILENAME +

    90                 " -storepass changeit -verbose -debug " + jarFilename3 + " a")

    91                 .shouldHaveExitValue(0);

    92         Utils.echoManifest(Utils.readJarManifestBytes(

    93                 jarFilename3), "signed");

    94         String jarFilename4 = "test" + secondSigner + "-4.jar";

    95         JarUtils.updateJar(jarFilename3, jarFilename4,

    96                 Map.of("META-INF/.SF", false));

    97         Utils.echoManifest(Utils.readJarManifestBytes(

    98                 jarFilename4), "with fake META-INF.SF file removed");

    99 

   100         // re-sign the jar with signer named secondSigner (same or different)

   101         SecurityTools.jarsigner("-keystore " + KEYSTORE_FILENAME +

   102                 " -storepass changeit -verbose -debug -sigfile " +

   103                 secondSigner + " " + jarFilename4 + " a")

   104                 .shouldHaveExitValue(0);

   105         Utils.echoManifest(Utils.readJarManifestBytes(

   106                 jarFilename4), "signed again");

   107         // remove META-INF/.SF from signed jar again which would not validate

   108 

   109         // in any case verify that the resulting jar file is valid

   110         SecurityTools.jarsigner("-verify -keystore " + KEYSTORE_FILENAME +

   111                 " -storepass changeit -debug -verbose " + jarFilename4)

   112                 .shouldHaveExitValue(0);

   113         SecurityTools.jarsigner("-verify -keystore " + KEYSTORE_FILENAME +

   114                 " -storepass changeit -debug -verbose " + jarFilename4 +

   115                 " a").shouldHaveExitValue(0);

   116 

   117         // if wasSigned was true in JarSigner#sign0 the manifest (only main

   118         // attributes present and tested here but same consideration applies

   119         // to individual sections just the same) should be reproduced with

   120         // unchanged binary form. Otherwise, if there were no previous

   121         // signatures or only one being replaced, the manifest is kind of

   122         // "normalized" by re-writing it thereby replacing all line breaks

   123         // (from cr or lf to crlf) and replacing all line breaks onto

   124         // continuation lines and also writing all section delimiting blank

   125         // lines.

   126         // if that "normalization" has took place the test here can conclude

   127         // whether wasSigned was true or was not.

   128         try (ZipFile jar = new ZipFile(jarFilename4)) {

   129             ZipEntry ze = jar.getEntry(JarFile.MANIFEST_NAME);

   130             byte[] manifestBytes = jar.getInputStream(ze).readAllBytes();

   131             Utils.echoManifest(manifestBytes, "manifest");

   132             String manifestString = new String(manifestBytes, UTF_8);

   133             boolean actRewritten = manifestString.endsWith("\r\n\r\n");

   134             assertEquals(actRewritten, expRrewritten);

   135         }

   136     }

   137 

   138     @Test

   139     public void reSignSameSigner() throws Exception {

   140         test("A", true);

   141     }

   142 

   143     @Test

   144     public void reSignOtherSigner() throws Exception {

   145         test("B", false);

   146     }

   147 

   148 }