50 TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US" |
50 TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US" |
51 |
51 |
52 KS=js.ks |
52 KS=js.ks |
53 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa -keysize 1024" |
53 KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa -keysize 1024" |
54 JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}" |
54 JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}" |
55 JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}" |
55 JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -debug" |
56 JAVAC="$TESTJAVA${FS}bin${FS}javac ${TESTTOOLVMOPTS} ${TESTJAVACOPTS}" |
56 JAVAC="$TESTJAVA${FS}bin${FS}javac ${TESTTOOLVMOPTS} ${TESTJAVACOPTS}" |
57 |
57 |
58 rm $KS |
58 rm $KS |
59 |
59 |
60 echo class A1 {} > A1.java |
60 echo class A1 {} > A1.java |
136 # still 5 groups, but MANIFEST group has no other file |
136 # still 5 groups, but MANIFEST group has no other file |
137 LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep "more)" | wc -l` |
137 LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep "more)" | wc -l` |
138 [ $LINES = 4 ] || exit $LINENO |
138 [ $LINES = 4 ] || exit $LINENO |
139 |
139 |
140 # ========================================================== |
140 # ========================================================== |
141 # Second part: exit code 2, 4, 8 |
141 # Second part: exit code 2, 4, 8. |
142 # 16 and 32 already covered in the first part |
142 # 16 and 32 already covered in the first part |
143 # ========================================================== |
143 # ========================================================== |
144 |
144 |
145 $KT -genkeypair -alias ca -dname CN=ca -ext bc -validity 365 |
145 $KT -genkeypair -alias ca -dname CN=ca -ext bc -validity 365 |
146 $KT -genkeypair -alias expired -dname CN=expired |
146 $KT -genkeypair -alias expired -dname CN=expired |
172 [ $? = 0 ] || exit $LINENO |
172 [ $? = 0 ] || exit $LINENO |
173 |
173 |
174 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar goodeku |
174 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar goodeku |
175 [ $? = 0 ] || exit $LINENO |
175 [ $? = 0 ] || exit $LINENO |
176 |
176 |
177 # badchain signed by ca, but ca is removed later |
177 # badchain signed by ca1, but ca1 is removed later |
178 $KT -genkeypair -alias badchain -dname CN=badchain -validity 365 |
178 $KT -genkeypair -alias badchain -dname CN=badchain -validity 365 |
179 $KT -certreq -alias badchain | $KT -gencert -alias ca -validity 365 | \ |
179 $KT -genkeypair -alias ca1 -dname CN=ca1 -ext bc -validity 365 |
|
180 $KT -certreq -alias badchain | $KT -gencert -alias ca1 -validity 365 | \ |
180 $KT -importcert -alias badchain |
181 $KT -importcert -alias badchain |
181 $KT -delete -alias ca |
182 # save ca1.cert for easy replay |
|
183 $KT -exportcert -file ca1.cert -alias ca1 |
|
184 $KT -delete -alias ca1 |
182 |
185 |
183 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar badchain |
186 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar badchain |
184 [ $? = 4 ] || exit $LINENO |
187 [ $? = 4 ] || exit $LINENO |
185 |
188 |
186 $JARSIGNER -verify a.jar |
189 $JARSIGNER -verify a.jar |
202 |
205 |
203 # -certchain works |
206 # -certchain works |
204 $JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain |
207 $JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain |
205 [ $? = 0 ] || exit $LINENO |
208 [ $? = 0 ] || exit $LINENO |
206 |
209 |
207 # but if ca2 is removed, -certchain does not work |
210 # if ca2 is removed, -certchain still work because altchain is a self-signed entry and |
|
211 # it is trusted by jarsigner |
|
212 # save ca2.cert for easy replay |
|
213 $KT -exportcert -file ca2.cert -alias ca2 |
208 $KT -delete -alias ca2 |
214 $KT -delete -alias ca2 |
209 $JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain |
215 $JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain |
|
216 [ $? = 0 ] || exit $LINENO |
|
217 |
|
218 # if cert is imported, -certchain won't work because this certificate entry is not trusted |
|
219 $KT -importcert -file certchain -alias altchain -noprompt |
|
220 $JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain |
210 [ $? = 4 ] || exit $LINENO |
221 [ $? = 4 ] || exit $LINENO |
211 |
222 |
212 $JARSIGNER -verify a.jar |
223 $JARSIGNER -verify a.jar |
|
224 [ $? = 0 ] || exit $LINENO |
|
225 |
|
226 # ========================================================== |
|
227 # 8172529 |
|
228 # ========================================================== |
|
229 |
|
230 $KT -genkeypair -alias ee -dname CN=ee |
|
231 $KT -genkeypair -alias caone -dname CN=caone |
|
232 $KT -genkeypair -alias catwo -dname CN=catwo |
|
233 |
|
234 $KT -certreq -alias ee | $KT -gencert -alias catwo -rfc > ee.cert |
|
235 $KT -certreq -alias catwo | $KT -gencert -alias caone -sigalg MD5withRSA -rfc > catwo.cert |
|
236 |
|
237 # This certchain contains a cross-signed weak catwo.cert |
|
238 cat ee.cert catwo.cert | $KT -importcert -alias ee |
|
239 |
|
240 $JAR cvf a.jar A1.class |
|
241 $JARSIGNER -strict -keystore $KS -storepass changeit a.jar ee |
|
242 [ $? = 0 ] || exit $LINENO |
|
243 $JARSIGNER -strict -keystore $KS -storepass changeit -verify a.jar |
213 [ $? = 0 ] || exit $LINENO |
244 [ $? = 0 ] || exit $LINENO |
214 |
245 |
215 echo OK |
246 echo OK |
216 exit 0 |
247 exit 0 |