1 #

     2 # Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.

     3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4 #

     5 # This code is free software; you can redistribute it and/or modify it

     6 # under the terms of the GNU General Public License version 2 only, as

     7 # published by the Free Software Foundation.

     8 #

     9 # This code is distributed in the hope that it will be useful, but WITHOUT

    10 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    11 # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    12 # version 2 for more details (a copy is included in the LICENSE file that

    13 # accompanied this code).

    14 #

    15 # You should have received a copy of the GNU General Public License version

    16 # 2 along with this work; if not, write to the Free Software Foundation,

    17 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    18 #

    19 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    20 # or visit www.oracle.com if you need additional information or have any

    21 # questions.

    22 #

    23 

    24 # @test

    25 # @bug 8036709

    26 # @summary Java 7 jarsigner displays warning about cert policy tree

    27 #

    28 # @run shell certpolicy.sh

    29 #

    30 

    31 if [ "${TESTJAVA}" = "" ] ; then

    32   JAVAC_CMD=`which javac`

    33   TESTJAVA=`dirname $JAVAC_CMD`/..

    34 fi

    35 

    36 KT="$TESTJAVA/bin/keytool $TESTTOOLVMOPTS \

    37         -keypass changeit -storepass changeit -keystore ks -keyalg rsa"

    38 JS="$TESTJAVA/bin/jarsigner $TESTTOOLVMOPTS -storepass changeit -keystore ks"

    39 JAR="$TESTJAVA/bin/jar $TESTTOOLVMOPTS"

    40 

    41 rm ks 2> /dev/null

    42 $KT -genkeypair -alias ca -dname CN=CA -ext bc

    43 $KT -genkeypair -alias int -dname CN=Int

    44 $KT -genkeypair -alias ee -dname CN=EE

    45 

    46 # CertificatePolicies [[PolicyId: [1.2.3]], [PolicyId: [1.2.4]]]

    47 # PolicyConstraints: [Require: 0; Inhibit: unspecified]

    48 $KT -certreq -alias int | \

    49         $KT -gencert -rfc -alias ca \

    50                 -ext 2.5.29.32="30 0C 30 04 06 02 2A 03 30 04 06 02 2A 04" \

    51                 -ext "2.5.29.36=30 03 80 01 00" -ext bc | \

    52         $KT -import -alias int

    53 

    54 # CertificatePolicies [[PolicyId: [1.2.3]]]

    55 $KT -certreq -alias ee | \

    56         $KT -gencert -rfc -alias int \

    57                 -ext 2.5.29.32="30 06 30 04 06 02 2A 03" | \

    58         $KT -import -alias ee

    59 

    60 $KT -export -alias ee -rfc > cc

    61 $KT -export -alias int -rfc >> cc

    62 $KT -export -alias ca -rfc >> cc

    63 

    64 $KT -delete -alias int

    65 

    66 ERR=''

    67 $JAR cvf a.jar cc

    68 

    69 # Make sure the certchain in the signed jar contains all 3 certs

    70 $JS -strict -certchain cc a.jar ee -debug || ERR="sign"

    71 $JS -strict -verify a.jar -debug || ERR="$ERR verify"

    72 

    73 if [ "$ERR" = "" ]; then

    74     echo "Success"

    75     exit 0

    76 else

    77     echo "Failed: $ERR"

    78     exit 1

    79 fi

    80