--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/EmptyIndividualSectionName.java Thu Jul 18 08:53:06 2019 +0800
@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.ByteArrayInputStream;
+import java.lang.reflect.Method;
+import java.nio.file.Path;
+import java.util.jar.JarFile;
+import java.util.jar.Manifest;
+import java.util.jar.Attributes;
+import java.util.jar.Attributes.Name;
+
+import jdk.test.lib.util.JarUtils;
+import jdk.test.lib.SecurityTools;
+import org.testng.annotations.Test;
+import org.testng.annotations.BeforeClass;
+
+import static org.testng.Assert.*;
+
+/**
+ * @test
+ * @bug 8217375
+ * @library /test/lib
+ * @modules java.base/java.util.jar:+open
+ * @run testng/othervm EmptyIndividualSectionName
+ * @summary Check that an individual section with an empty name is digested
+ * and signed.
+ * <p>
+ * See also
+ * jdk/test/jdk/sun/security/util/ManifestDigester/FindSections.java
+ * for much more detailed api level tests
+ */
+public class EmptyIndividualSectionName {
+
+ static final String KEYSTORE_FILENAME = "test.jks";
+
+ @BeforeClass
+ public void prepareCertificate() throws Exception {
+ SecurityTools.keytool("-genkeypair -keyalg EC -keystore "
+ + KEYSTORE_FILENAME + " -storepass changeit -keypass changeit "
+ + "-alias a -dname CN=X").shouldHaveExitValue(0);
+ }
+
+ /**
+ * Adds an additional section with name {@code sectionName} to the manifest
+ * of a JAR before signing it with {@code signOpts}.
+ * @return signature file {@code META-INF/A.SF} for further assertions
+ */
+ Manifest test(String sectionName, String signOpts) throws Exception {
+ Manifest mf = new Manifest();
+ mf.getMainAttributes().put(Name.MANIFEST_VERSION, "1.0");
+ mf.getEntries().put(sectionName, new Attributes());
+ String jarFilename = "test" + sectionName +
+ (signOpts != null ? signOpts : "") + ".jar";
+ JarUtils.createJarFile(Path.of(jarFilename), mf, Path.of("."));
+ SecurityTools.jarsigner("-keystore " + KEYSTORE_FILENAME +
+ " -storepass changeit -verbose -debug " +
+ (signOpts != null ? signOpts + " " : "") + jarFilename + " a")
+ .shouldHaveExitValue(0);
+ SecurityTools.jarsigner("-verify -keystore " + KEYSTORE_FILENAME +
+ " -storepass changeit -debug -verbose " + jarFilename + " a")
+ .shouldHaveExitValue(0);
+
+ byte[] mfBytes = Utils.readJarManifestBytes(jarFilename);
+ Utils.echoManifest(mfBytes, "manifest");
+ mf = new Manifest(new ByteArrayInputStream(mfBytes));
+ assertNotNull(mf.getAttributes(sectionName));
+ byte[] sfBytes = Utils.readJarEntryBytes(jarFilename, "META-INF/A.SF");
+ Utils.echoManifest(sfBytes, "signature file META-INF/A.SF");
+ return new Manifest(new ByteArrayInputStream(sfBytes));
+ }
+
+ /**
+ * Verifies that it makes a difference if the name is empty or not
+ * by running the same test as {@link #testNameEmpty} with only a different
+ * section name.
+ */
+ @Test
+ public void testNameNotEmpty() throws Exception {
+ String sectionName = "X";
+ assertNotNull(test(sectionName, null).getAttributes(sectionName));
+ }
+
+ /**
+ * Verifies that individual sections are digested and signed also if the
+ * name of such a section is empty.
+ * An empty name of an individual section cannot be tested by adding a file
+ * with an empty name to a JAR because such a file name is invalid and
+ * cannot be used to add a file because it cannot be created or added to
+ * the JAR file in the first place. However, an individual section with an
+ * empty name can be added to the manifest.
+ * Expected is a corresponding digest in the signature file which was not
+ * present or produced before resolution of bug 8217375.
+ */
+ @Test
+ public void testNameEmpty() throws Exception {
+ String sectionName = "";
+ assertNotNull(test(sectionName, null).getAttributes(sectionName));
+ }
+
+ /**
+ * Similar to {@link #testNameEmpty} but tries to show a real difference
+ * rather than just some internals in a {@code .SF} file, but TODO
+ */
+ @Test(enabled = false, description = "TODO")
+ public void testNameEmptyTrusted() throws Exception {
+ String sectionName = "";
+ test(sectionName, "-sectionsonly");
+ String jarFilename = "test" + sectionName + "-sectionsonly.jar";
+ try (JarFile jar = new JarFile(jarFilename, true)) {
+ Manifest m = jar.getManifest();
+ Method getTrustedAttributes = m.getClass()
+ .getDeclaredMethod("getTrustedAttributes", String.class);
+ getTrustedAttributes.setAccessible(true);
+ assertThrows(SecurityException.class, () ->
+ getTrustedAttributes.invoke(m, sectionName));
+ }
+ }
+
+}