1 # |
|
2 # Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. |
|
3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 # |
|
5 # This code is free software; you can redistribute it and/or modify it |
|
6 # under the terms of the GNU General Public License version 2 only, as |
|
7 # published by the Free Software Foundation. |
|
8 # |
|
9 # This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 # version 2 for more details (a copy is included in the LICENSE file that |
|
13 # accompanied this code). |
|
14 # |
|
15 # You should have received a copy of the GNU General Public License version |
|
16 # 2 along with this work; if not, write to the Free Software Foundation, |
|
17 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 # |
|
19 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 # or visit www.oracle.com if you need additional information or have any |
|
21 # questions. |
|
22 # |
|
23 |
|
24 # @test |
|
25 # @bug 8036709 |
|
26 # @summary Java 7 jarsigner displays warning about cert policy tree |
|
27 # |
|
28 # @run shell certpolicy.sh |
|
29 # |
|
30 |
|
31 if [ "${TESTJAVA}" = "" ] ; then |
|
32 JAVAC_CMD=`which javac` |
|
33 TESTJAVA=`dirname $JAVAC_CMD`/.. |
|
34 fi |
|
35 |
|
36 KT="$TESTJAVA/bin/keytool $TESTTOOLVMOPTS \ |
|
37 -keypass changeit -storepass changeit -keystore ks -keyalg rsa" |
|
38 JS="$TESTJAVA/bin/jarsigner $TESTTOOLVMOPTS -storepass changeit -keystore ks" |
|
39 JAR="$TESTJAVA/bin/jar $TESTTOOLVMOPTS" |
|
40 |
|
41 rm ks 2> /dev/null |
|
42 $KT -genkeypair -alias ca -dname CN=CA -ext bc |
|
43 $KT -genkeypair -alias int -dname CN=Int |
|
44 $KT -genkeypair -alias ee -dname CN=EE |
|
45 |
|
46 # CertificatePolicies [[PolicyId: [1.2.3]], [PolicyId: [1.2.4]]] |
|
47 # PolicyConstraints: [Require: 0; Inhibit: unspecified] |
|
48 $KT -certreq -alias int | \ |
|
49 $KT -gencert -rfc -alias ca \ |
|
50 -ext 2.5.29.32="30 0C 30 04 06 02 2A 03 30 04 06 02 2A 04" \ |
|
51 -ext "2.5.29.36=30 03 80 01 00" -ext bc | \ |
|
52 $KT -import -alias int |
|
53 |
|
54 # CertificatePolicies [[PolicyId: [1.2.3]]] |
|
55 $KT -certreq -alias ee | \ |
|
56 $KT -gencert -rfc -alias int \ |
|
57 -ext 2.5.29.32="30 06 30 04 06 02 2A 03" | \ |
|
58 $KT -import -alias ee |
|
59 |
|
60 $KT -export -alias ee -rfc > cc |
|
61 $KT -export -alias int -rfc >> cc |
|
62 $KT -export -alias ca -rfc >> cc |
|
63 |
|
64 $KT -delete -alias int |
|
65 |
|
66 ERR='' |
|
67 $JAR cvf a.jar cc |
|
68 |
|
69 # Make sure the certchain in the signed jar contains all 3 certs |
|
70 $JS -strict -certchain cc a.jar ee -debug || ERR="sign" |
|
71 $JS -strict -verify a.jar -debug || ERR="$ERR verify" |
|
72 |
|
73 if [ "$ERR" = "" ]; then |
|
74 echo "Success" |
|
75 exit 0 |
|
76 else |
|
77 echo "Failed: $ERR" |
|
78 exit 1 |
|
79 fi |
|
80 |
|