--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/security/Policy/SignedJar/SignedJarTest.java Wed Mar 04 10:12:25 2015 +0800
@@ -0,0 +1,186 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.File;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.AccessControlException;
+import java.security.AccessController;
+import java.security.Permission;
+import java.security.PrivilegedAction;
+import jdk.testlibrary.ProcessTools;
+
+/**
+ * @test
+ * @bug 8048360
+ * @summary test policy entry with signedBy alias
+ * @library /lib/testlibrary
+ * @run main/othervm SignedJarTest
+ */
+public class SignedJarTest {
+
+ private static final String FS = File.separator;
+ private static final String JAVA_HOME = System.getProperty("test.jdk");
+ private static final String TESTCLASSES = System.getProperty("test.classes", "");
+ private static final String TESTSRC = System.getProperty("test.src", "");
+ private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS + "keytool";
+ private static final String JAR = JAVA_HOME + FS + "bin" + FS + "jar";
+ private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS + "jarsigner";
+ private static final String PASSWORD = "password";
+ private static final String PWDFILE = "keypass";
+ private static final String POLICY1 = "SignedJarTest_1.policy";
+ private static final String POLICY2 = "SignedJarTest_2.policy";
+ private static final String KEYSTORE1 = "both.jks";
+ private static final String KEYSTORE2 = "first.jks";
+
+ public static void main(String args[]) throws Throwable {
+ //copy PrivilegeTest.class, policy files and keystore password file into current direcotry
+ Files.copy(Paths.get(TESTCLASSES, "PrivilegeTest.class"), Paths.get("PrivilegeTest.class"));
+ Files.copy(Paths.get(TESTSRC, POLICY1), Paths.get(POLICY1));
+ Files.copy(Paths.get(TESTSRC, POLICY2), Paths.get(POLICY2));
+ Files.copy(Paths.get(TESTSRC, PWDFILE), Paths.get(PWDFILE));
+
+ //create Jar file
+ ProcessTools.executeCommand(JAR, "-cvf", "test.jar", "PrivilegeTest.class");
+
+ //Creating first key , keystore both.jks
+ ProcessTools.executeCommand(KEYTOOL,
+ "-genkey",
+ "-alias", "first",
+ "-keystore", KEYSTORE1,
+ "-keypass", PASSWORD,
+ "-dname", "cn=First",
+ "-storepass", PASSWORD
+ ).shouldHaveExitValue(0);
+
+ //Creating Second key, keystore both.jks
+ ProcessTools.executeCommand(KEYTOOL,
+ "-genkey",
+ // "-storetype","JKS",
+ "-alias", "second",
+ "-keystore", KEYSTORE1,
+ "-keypass", PASSWORD,
+ "-dname", "cn=Second",
+ "-storepass", PASSWORD
+ ).shouldHaveExitValue(0);
+
+ //copy both.jks to first.jks, remove second Keypair from first.jks
+ Files.copy(Paths.get(KEYSTORE1), Paths.get(KEYSTORE2));
+ ProcessTools.executeCommand(KEYTOOL,
+ "-delete",
+ "-keystore", KEYSTORE2,
+ "-alias", "second",
+ "-storepass", PASSWORD
+ ).shouldHaveExitValue(0);
+
+ //sign jar with first key, first.jar is only signed by first signer
+ ProcessTools.executeCommand(JARSIGNER,
+ "-keystore", KEYSTORE1,
+ "-storepass", PASSWORD,
+ "-keypass", PASSWORD,
+ "-signedjar", "first.jar", "test.jar",
+ "first").shouldHaveExitValue(0);
+
+ //sign jar with second key, both.jar is signed by first and second signer
+ ProcessTools.executeCommand(JARSIGNER,
+ "-keystore", KEYSTORE1,
+ "-storepass", PASSWORD,
+ "-keypass", PASSWORD,
+ "-signedjar", "both.jar", "first.jar",
+ "second").shouldHaveExitValue(0);
+
+ //test case 1
+ //setIO permission granted to code that was signed by first signer
+ //setFactory permission granted to code that was signed by second signer
+ //Keystore that contains both first and second keypairs
+ //code was singed by first signer
+ //Expect AccessControlException for setFactory permission
+ System.out.println("Test Case 1");
+ //copy policy file into current directory
+ String[] cmd = constructCMD("first.jar", POLICY1, "false", "true");
+ ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
+
+ //test case 2, test with both.jar
+ //setIO permission granted to code that was signed by first signer
+ //setFactory permission granted to code that was signed by second signer
+ //Keystore that contains both first and second keypairs
+ //code was singed by first signer and second signer
+ //Expect no AccessControlException
+ System.out.println("Test Case 2");
+ cmd = constructCMD("both.jar", POLICY1, "false", "false");
+ ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
+
+ //test case 3
+ //setIO permission granted to code that was signed by first signer
+ //setFactory permission granted to code that was signed by second signer
+ //Keystore that contains only first keypairs
+ //code was singed by first signer and second signer
+ //Expect AccessControlException for setFactory permission
+ System.out.println("Test Case 3");
+ cmd = constructCMD("both.jar", POLICY2, "false", "true");
+ ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
+
+ }
+
+ private static String[] constructCMD(String classpath, String policy, String arg1, String arg2) {
+ String[] cmd = {
+ "-classpath", classpath,
+ "-Djava.security.manager",
+ "-Djava.security.policy=" + policy,
+ "PrivilegeTest",
+ arg1, arg2};
+ return cmd;
+ }
+}
+
+class PrivilegeTest {
+
+ private static final Permission PERM1 = new RuntimePermission("setIO");
+ private static final Permission PERM2 = new RuntimePermission("setFactory");
+
+ public static void main(String args[]) {
+ boolean expectException1 = Boolean.parseBoolean(args[0]);
+ boolean expectException2 = Boolean.parseBoolean(args[1]);
+ test(PERM1, expectException1);
+ test(PERM2, expectException2);
+ }
+
+ public static void test(Permission perm, boolean expectException) {
+ boolean getException = (Boolean) AccessController.doPrivileged((PrivilegedAction) () -> {
+ try {
+ AccessController.checkPermission(perm);
+ return (Boolean) false;
+ } catch (AccessControlException ex) {
+ return (Boolean) true;
+ }
+ });
+
+ if (expectException ^ getException) {
+ String message = "Check Permission :" + perm + "\n ExpectException = "
+ + expectException + "\n getException = " + getException;
+ throw new RuntimeException(message);
+ }
+
+ }
+
+}