|
1 /* |
|
2 * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. |
|
8 * |
|
9 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
12 * version 2 for more details (a copy is included in the LICENSE file that |
|
13 * accompanied this code). |
|
14 * |
|
15 * You should have received a copy of the GNU General Public License version |
|
16 * 2 along with this work; if not, write to the Free Software Foundation, |
|
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
18 * |
|
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
20 * or visit www.oracle.com if you need additional information or have any |
|
21 * questions. |
|
22 */ |
|
23 |
|
24 import jdk.testlibrary.OutputAnalyzer; |
|
25 import jdk.testlibrary.ProcessTools; |
|
26 import jdk.testlibrary.JarUtils; |
|
27 |
|
28 /** |
|
29 * @test |
|
30 * @bug 8024302 8026037 |
|
31 * @summary The test signs and verifies a jar file with -tsacert option |
|
32 * @library /lib/testlibrary |
|
33 * @run main TsacertOptionTest |
|
34 */ |
|
35 public class TsacertOptionTest { |
|
36 |
|
37 private static final String FS = System.getProperty("file.separator"); |
|
38 private static final String JAVA_HOME = System.getProperty("java.home"); |
|
39 private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS |
|
40 + "keytool"; |
|
41 private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS |
|
42 + "jarsigner"; |
|
43 private static final String UNSIGNED_JARFILE = "unsigned.jar"; |
|
44 private static final String SIGNED_JARFILE = "signed.jar"; |
|
45 private static final String FILENAME = TsacertOptionTest.class.getName() |
|
46 + ".txt"; |
|
47 private static final String PASSWORD = "changeit"; |
|
48 private static final String KEYSTORE = "ks.jks"; |
|
49 private static final String SIGNING_KEY_ALIAS = "sign_alias"; |
|
50 private static final String TSA_KEY_ALIAS = "ts"; |
|
51 private static final String KEY_ALG = "RSA"; |
|
52 private static final int KEY_SIZE = 2048; |
|
53 private static final int VALIDITY = 365; |
|
54 private static final String WARNING = "Warning:"; |
|
55 private static final String JAR_SIGNED = "jar signed."; |
|
56 private static final String JAR_VERIFIED = "jar verified."; |
|
57 |
|
58 /** |
|
59 * The test signs and verifies a jar file with -tsacert option, |
|
60 * and checks that no warning was shown. |
|
61 * A certificate that is addressed in -tsacert option contains URL to TSA |
|
62 * in Subject Information Access extension. |
|
63 */ |
|
64 public static void main(String[] args) throws Throwable { |
|
65 TsacertOptionTest test = new TsacertOptionTest(); |
|
66 test.start(); |
|
67 } |
|
68 |
|
69 void start() throws Throwable { |
|
70 // create a jar file that contains one file |
|
71 Utils.createFiles(FILENAME); |
|
72 JarUtils.createJar(UNSIGNED_JARFILE, FILENAME); |
|
73 |
|
74 // look for free network port for TSA service |
|
75 int port = jdk.testlibrary.Utils.getFreePort(); |
|
76 String host = jdk.testlibrary.Utils.getHostname(); |
|
77 String tsaUrl = "http://" + host + ":" + port; |
|
78 |
|
79 // create key pair for jar signing |
|
80 ProcessTools.executeCommand(KEYTOOL, |
|
81 "-genkey", |
|
82 "-alias", SIGNING_KEY_ALIAS, |
|
83 "-keyalg", KEY_ALG, |
|
84 "-keysize", Integer.toString(KEY_SIZE), |
|
85 "-keystore", KEYSTORE, |
|
86 "-storepass", PASSWORD, |
|
87 "-keypass", PASSWORD, |
|
88 "-dname", "CN=Test", |
|
89 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); |
|
90 |
|
91 // create key pair for TSA service |
|
92 // SubjectInfoAccess extension contains URL to TSA service |
|
93 ProcessTools.executeCommand(KEYTOOL, |
|
94 "-genkey", |
|
95 "-v", |
|
96 "-alias", TSA_KEY_ALIAS, |
|
97 "-keyalg", KEY_ALG, |
|
98 "-keysize", Integer.toString(KEY_SIZE), |
|
99 "-keystore", KEYSTORE, |
|
100 "-storepass", PASSWORD, |
|
101 "-keypass", PASSWORD, |
|
102 "-dname", "CN=TSA", |
|
103 "-ext", "ExtendedkeyUsage:critical=timeStamping", |
|
104 "-ext", "SubjectInfoAccess=timeStamping:URI:" + tsaUrl, |
|
105 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); |
|
106 |
|
107 try (TimestampCheck.Handler tsa = TimestampCheck.Handler.init(port, |
|
108 KEYSTORE);) { |
|
109 |
|
110 // start TSA |
|
111 tsa.start(); |
|
112 |
|
113 // sign jar file |
|
114 // specify -tsadigestalg option because |
|
115 // TSA server uses SHA-1 digest algorithm |
|
116 OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, |
|
117 "-verbose", |
|
118 "-keystore", KEYSTORE, |
|
119 "-storepass", PASSWORD, |
|
120 "-keypass", PASSWORD, |
|
121 "-signedjar", SIGNED_JARFILE, |
|
122 "-tsacert", TSA_KEY_ALIAS, |
|
123 "-tsadigestalg", "SHA-1", |
|
124 UNSIGNED_JARFILE, |
|
125 SIGNING_KEY_ALIAS); |
|
126 |
|
127 analyzer.shouldHaveExitValue(0); |
|
128 analyzer.stdoutShouldNotContain(WARNING); |
|
129 analyzer.shouldContain(JAR_SIGNED); |
|
130 |
|
131 // verify signed jar |
|
132 analyzer = ProcessTools.executeCommand(JARSIGNER, |
|
133 "-verbose", |
|
134 "-verify", |
|
135 "-keystore", KEYSTORE, |
|
136 "-storepass", PASSWORD, |
|
137 SIGNED_JARFILE); |
|
138 |
|
139 analyzer.shouldHaveExitValue(0); |
|
140 analyzer.stdoutShouldNotContain(WARNING); |
|
141 analyzer.shouldContain(JAR_VERIFIED); |
|
142 } |
|
143 |
|
144 System.out.println("Test passed"); |
|
145 } |
|
146 |
|
147 } |