1 /* |
|
2 * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. |
|
8 * |
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 * version 2 for more details (a copy is included in the LICENSE file that |
|
13 * accompanied this code). |
|
14 * |
|
15 * You should have received a copy of the GNU General Public License version |
|
16 * 2 along with this work; if not, write to the Free Software Foundation, |
|
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 * |
|
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 * or visit www.oracle.com if you need additional information or have any |
|
21 * questions. |
|
22 */ |
|
23 |
|
24 import jdk.test.lib.process.OutputAnalyzer; |
|
25 import jdk.test.lib.util.JarUtils; |
|
26 |
|
27 /** |
|
28 * @test |
|
29 * @bug 8024302 8026037 |
|
30 * @summary Test for badKeyUsage warning |
|
31 * @library /test/lib ../ |
|
32 * @ignore until 8026393 is fixed |
|
33 * @build jdk.test.lib.util.JarUtils |
|
34 * @run main BadKeyUsageTest |
|
35 */ |
|
36 public class BadKeyUsageTest extends Test { |
|
37 |
|
38 /** |
|
39 * The test signs and verifies a jar that contains entries |
|
40 * whose signer certificate's KeyUsage extension |
|
41 * doesn't allow code signing (badKeyUsage). |
|
42 * Warning message is expected. |
|
43 */ |
|
44 public static void main(String[] args) throws Throwable { |
|
45 BadKeyUsageTest test = new BadKeyUsageTest(); |
|
46 test.start(); |
|
47 } |
|
48 |
|
49 private void start() throws Throwable { |
|
50 // create a jar file that contains one class file |
|
51 Utils.createFiles(FIRST_FILE); |
|
52 JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); |
|
53 |
|
54 // create a certificate whose signer certificate's KeyUsage extension |
|
55 // doesn't allow code signing |
|
56 createAlias(CA_KEY_ALIAS); |
|
57 createAlias(KEY_ALIAS); |
|
58 |
|
59 issueCert( |
|
60 KEY_ALIAS, |
|
61 "-ext", "KeyUsage=keyAgreement", |
|
62 "-validity", Integer.toString(VALIDITY)); |
|
63 |
|
64 // sign jar |
|
65 OutputAnalyzer analyzer = jarsigner( |
|
66 "-verbose", |
|
67 "-keystore", KEYSTORE, |
|
68 "-storepass", PASSWORD, |
|
69 "-keypass", PASSWORD, |
|
70 "-signedjar", SIGNED_JARFILE, |
|
71 UNSIGNED_JARFILE, |
|
72 KEY_ALIAS); |
|
73 |
|
74 checkSigning(analyzer, BAD_KEY_USAGE_SIGNING_WARNING); |
|
75 |
|
76 // verify signed jar |
|
77 analyzer = jarsigner( |
|
78 "-verify", |
|
79 "-verbose", |
|
80 "-keystore", KEYSTORE, |
|
81 "-storepass", PASSWORD, |
|
82 "-keypass", PASSWORD, |
|
83 SIGNED_JARFILE); |
|
84 |
|
85 checkVerifying(analyzer, 0, BAD_KEY_USAGE_VERIFYING_WARNING); |
|
86 |
|
87 // verify signed jar in strict mode |
|
88 analyzer = jarsigner( |
|
89 "-verify", |
|
90 "-verbose", |
|
91 "-strict", |
|
92 "-keystore", KEYSTORE, |
|
93 "-storepass", PASSWORD, |
|
94 "-keypass", PASSWORD, |
|
95 SIGNED_JARFILE); |
|
96 |
|
97 checkVerifying(analyzer, BAD_KEY_USAGE_EXIT_CODE, |
|
98 BAD_KEY_USAGE_VERIFYING_WARNING); |
|
99 |
|
100 System.out.println("Test passed"); |
|
101 } |
|
102 |
|
103 } |
|