8180573: Refactor sun/security/tools shell tests to plain java tests
Reviewed-by: rhalade, valeriep
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/AlgOptions.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 5094028 6219522
+ * @summary test new jarsigner -sigalg and -digestalg options
+ * @author Sean Mullan
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.List;
+
+public class AlgOptions {
+ public static void main(String[] args) throws Exception {
+
+ // copy jar file into writeable location
+ Files.copy(Path.of(System.getProperty("test.src"), "AlgOptions.jar"),
+ Path.of("AlgOptionsTmp.jar"));
+
+ // test missing signature algorithm arg
+ sign("-sigalg").shouldNotHaveExitValue(0);
+
+ // test missing digest algorithm arg
+ sign("-digestalg").shouldNotHaveExitValue(0);
+
+ // test BOGUS signature algorithm
+ sign("-sigalg", "BOGUS").shouldNotHaveExitValue(0);
+
+ // test BOGUS digest algorithm
+ sign("-digestalg", "BOGUS").shouldNotHaveExitValue(0);
+
+ // test incompatible signature algorithm
+ sign("-sigalg", "SHA1withDSA").shouldNotHaveExitValue(0);
+
+ // test compatible signature algorithm
+ sign("-sigalg", "SHA512withRSA").shouldHaveExitValue(0);
+ verify();
+
+ // test non-default digest algorithm
+ sign("-digestalg", "SHA-1").shouldHaveExitValue(0);
+ verify();
+
+ // test SHA-512 digest algorithm (creates long lines)
+ sign("-digestalg", "SHA-512", "-sigalg", "SHA512withRSA")
+ .shouldHaveExitValue(0);
+ verify();
+ }
+
+ static OutputAnalyzer sign(String... options) throws Exception {
+ List<String> args = new ArrayList<>();
+ args.add("-keystore");
+ args.add(Path.of(System.getProperty("test.src"), "JarSigning.keystore")
+ .toString());
+ args.add("-storepass");
+ args.add("bbbbbb");
+ for (String option : options) {
+ args.add(option);
+ }
+ args.add("AlgOptionsTmp.jar");
+ args.add("c");
+ return SecurityTools.jarsigner(args);
+ }
+
+ static void verify() throws Exception {
+ SecurityTools.jarsigner(
+ "-verify", "AlgOptionsTmp.jar")
+ .shouldHaveExitValue(0);
+ }
+}
--- a/test/jdk/sun/security/tools/jarsigner/AlgOptions.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,224 +0,0 @@
-#
-# Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 5094028 6219522
-# @summary test new jarsigner -sigalg and -digestalg options
-# @author Sean Mullan
-#
-# @run shell AlgOptions.sh
-#
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
- TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
- echo "TESTJAVA not set. Test cannot execute."
- echo "FAILED!!!"
- exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- SunOS | Linux | Darwin | AIX )
- NULL=/dev/null
- PS=":"
- FS="/"
- CP="${FS}bin${FS}cp -f"
- ;;
- CYGWIN* )
- NULL=/dev/null
- PS=";"
- FS="/"
- CP="cp -f"
- ;;
- Windows_* )
- NULL=NUL
- PS=";"
- FS="\\"
- CP="cp -f"
- ;;
- * )
- echo "Unrecognized operating system!"
- exit 1;
- ;;
-esac
-
-# copy jar file into writeable location
-${CP} ${TESTSRC}${FS}AlgOptions.jar ${TESTCLASSES}${FS}AlgOptionsTmp.jar
-
-failed=0
-# test missing signature algorithm arg
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
- -keystore ${TESTSRC}${FS}JarSigning.keystore \
- -storepass bbbbbb \
- -sigalg \
- ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
- echo "test 1 failed"
- failed=1
-else
- echo "test 1 passed"
-fi
-
-# test missing digest algorithm arg
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
- -keystore ${TESTSRC}${FS}JarSigning.keystore \
- -storepass bbbbbb \
- -digestalg \
- ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
- echo "test 2 failed"
- failed=1
-else
- echo "test 2 passed"
-fi
-
-# test BOGUS signature algorithm
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
- -keystore ${TESTSRC}${FS}JarSigning.keystore \
- -storepass bbbbbb \
- -sigalg BOGUS \
- ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
- echo "test 3 failed"
- failed=1
-else
- echo "test 3 passed"
-fi
-
-# test BOGUS digest algorithm
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
- -keystore ${TESTSRC}${FS}JarSigning.keystore \
- -storepass bbbbbb \
- -digestalg BOGUS \
- ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
- echo "test 4 failed"
- failed=1
-else
- echo "test 4 passed"
-fi
-
-# test incompatible signature algorithm
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
- -keystore ${TESTSRC}${FS}JarSigning.keystore \
- -storepass bbbbbb \
- -sigalg SHA1withDSA \
- ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
- echo "test 5 failed"
- failed=1
-else
- echo "test 5 passed"
-fi
-
-# test compatible signature algorithm
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
- -keystore ${TESTSRC}${FS}JarSigning.keystore \
- -storepass bbbbbb \
- -sigalg SHA512withRSA \
- ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
- echo "test 6 passed"
-else
- echo "test 6 failed"
- failed=1
-fi
-
-# verify it
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -verify ${TESTCLASSES}${FS}AlgOptionsTmp.jar
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
- echo "test 7 passed"
-else
- echo "test 7 failed"
- failed=1
-fi
-
-# test non-default digest algorithm
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
- -keystore ${TESTSRC}${FS}JarSigning.keystore \
- -storepass bbbbbb \
- -digestalg SHA-256 \
- ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
- echo "test 8 passed"
-else
- echo "test 8 failed"
- failed=1
-fi
-
-# verify it
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -verify ${TESTCLASSES}${FS}AlgOptionsTmp.jar
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
- echo "test 9 passed"
-else
- echo "test 9 failed"
- failed=1
-fi
-
-# test SHA-512 digest algorithm (creates long lines)
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
- -keystore ${TESTSRC}${FS}JarSigning.keystore \
- -storepass bbbbbb \
- -digestalg SHA-512 \
- -sigalg SHA512withRSA \
- ${TESTCLASSES}${FS}AlgOptionsTmp.jar c
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
- echo "test 10 passed"
-else
- echo "test 10 failed"
- failed=1
-fi
-
-# verify it
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -verify ${TESTCLASSES}${FS}AlgOptionsTmp.jar
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
- echo "test 11 passed"
-else
- echo "test 11 failed"
- failed=1
-fi
-
-if [ $failed -eq 1 ]; then
- exit 1
-else
- exit 0
-fi
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/CertPolicy.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8036709
+ * @summary Java 7 jarsigner displays warning about cert policy tree
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.util.JarUtils;
+
+import java.io.FileOutputStream;
+import java.io.PrintStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class CertPolicy {
+ static OutputAnalyzer keytool(String cmd) throws Exception {
+ return SecurityTools.keytool("-keypass changeit -storepass changeit "
+ + "-keystore ks -keyalg rsa " + cmd);
+ }
+
+ static OutputAnalyzer jarsigner(String cmd) throws Exception {
+ return SecurityTools.jarsigner("-storepass changeit -keystore ks " + cmd);
+ }
+
+ public static void main(String[] args) throws Exception {
+
+ keytool("-genkeypair -alias ca -dname CN=CA -ext bc");
+ keytool("-genkeypair -alias int -dname CN=Int");
+ keytool("-genkeypair -alias ee -dname CN=EE");
+
+ // CertificatePolicies [[PolicyId: [1.2.3]], [PolicyId: [1.2.4]]]
+ // PolicyConstraints: [Require: 0; Inhibit: unspecified]
+ keytool("-certreq -alias int -file int.req");
+ keytool("-gencert -rfc -alias ca "
+ + "-ext 2.5.29.32=300C300406022A03300406022A04 "
+ + "-ext 2.5.29.36=3003800100 "
+ + "-ext bc -infile int.req -outfile int.cert");
+ keytool("-import -alias int -file int.cert");
+
+ // CertificatePolicies [[PolicyId: [1.2.3]]]
+ keytool("-certreq -alias ee -file ee.req");
+ keytool("-gencert -rfc -alias int -ext 2.5.29.32=3006300406022A03 "
+ + "-infile ee.req -outfile ee.cert");
+ keytool("-import -alias ee -file ee.cert");
+
+ Files.write(Path.of("cc"), List.of(
+ keytool("-export -alias ee -rfc").getOutput(),
+ keytool("-export -alias int -rfc").getOutput(),
+ keytool("-export -alias ca -rfc").getOutput()));
+
+ keytool("-delete -alias int");
+
+ JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("cc"));
+
+ // Make sure the certchain in the signed jar contains all 3 certs
+ jarsigner("-strict -certchain cc a.jar ee -debug")
+ .shouldHaveExitValue(0);
+
+ jarsigner("-strict -verify a.jar -debug")
+ .shouldHaveExitValue(0);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/CheckUsage.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,99 @@
+/*
+ * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7004168
+ * @summary jarsigner -verify checks for KeyUsage codesigning ext on all certs
+ * instead of just signing cert
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class CheckUsage {
+
+ static OutputAnalyzer keytool(String cmd) throws Exception {
+ return SecurityTools.keytool("-keypass changeit -storepass changeit "
+ + "-keyalg rsa " + cmd);
+ }
+
+ public static void main(String[] args) throws Exception {
+ Files.write(Path.of("x"), List.of("x"));
+ JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("x"));
+
+ // ################### 3 Keystores #######################
+
+ // Keystore js.jks: including CA and Publisher
+ // CA contains a non-empty KeyUsage
+ keytool("-keystore js.jks -genkeypair -alias ca -dname CN=CA "
+ + "-ext KU=kCS -ext bc -validity 365");
+ keytool("-keystore js.jks -genkeypair -alias pub -dname CN=Publisher");
+
+ // Publisher contains the correct KeyUsage
+ keytool("-keystore js.jks -certreq -alias pub -file pub.req");
+ keytool("-keystore js.jks -gencert -alias ca -ext KU=dig -validity 365 "
+ + "-infile pub.req -outfile pub.cert");
+ keytool("-keystore js.jks -importcert -alias pub -file pub.cert");
+
+ // Keystore trust.jks: including CA only
+ keytool("-keystore js.jks -exportcert -alias ca -file ca.cert");
+ keytool("-keystore trust.jks -importcert -alias ca -noprompt -file ca.cert");
+
+ // Keystore unrelated.jks: unrelated
+ keytool("-keystore unrelated.jks -genkeypair -alias nothing "
+ + "-dname CN=Nothing -validity 365");
+
+ // ################### 4 Tests #######################
+
+ // Test 1: Sign should be OK
+
+ SecurityTools.jarsigner("-keystore js.jks -storepass changeit a.jar pub")
+ .shouldHaveExitValue(0);
+
+ // Test 2: Verify should be OK
+
+ SecurityTools.jarsigner("-keystore trust.jks -storepass changeit "
+ + "-strict -verify a.jar")
+ .shouldHaveExitValue(0);
+
+ // Test 3: When no keystore is specified, the error is only
+ // "chain invalid"
+
+ SecurityTools.jarsigner("-strict -verify a.jar")
+ .shouldHaveExitValue(4);
+
+ // Test 4: When unrelated keystore is specified, the error is
+ // "chain invalid" and "not alias in keystore"
+
+ SecurityTools.jarsigner("-keystore unrelated.jks -storepass changeit "
+ + "-strict -verify a.jar")
+ .shouldHaveExitValue(36);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/Collator.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8021789
+ * @summary jarsigner parses alias as command line option (depending on locale)
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class Collator {
+ public static void main(String[] args) throws Exception {
+
+ Files.write(Path.of("collator"), List.of("12345"));
+ JarUtils.createJarFile(
+ Path.of("collator.jar"), Path.of("."), Path.of("collator"));
+
+ SecurityTools.keytool("-storepass changeit -keypass changeit "
+ + "-keyalg rsa -keystore collator.jks -alias debug "
+ + "-dname CN=debug -genkey -validity 300")
+ .shouldHaveExitValue(0);
+
+ // use "debug" as alias name
+ SecurityTools.jarsigner("-keystore collator.jks "
+ + "-storepass changeit collator.jar debug")
+ .shouldHaveExitValue(0);
+
+ // use "" as alias name (although there will be a warning)
+ SecurityTools.jarsigner("-keystore", "collator.jks",
+ "-storepass", "changeit", "-verify", "collator.jar", "")
+ .shouldHaveExitValue(0);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,273 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6802846 8172529
+ * @summary jarsigner needs enhanced cert validation(options)
+ * @library /test/lib
+ * @run main/timeout=240 ConciseJarsigner
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Calendar;
+import java.util.List;
+
+public class ConciseJarsigner {
+
+ static OutputAnalyzer kt(String cmd) throws Exception {
+ // Choose 1024-bit RSA to make sure it runs fine and fast. In
+ // fact, every keyalg/keysize combination is OK for this test.
+ return SecurityTools.keytool("-storepass changeit -keypass changeit "
+ + "-keystore ks -keyalg rsa -keysize 1024 " + cmd);
+ }
+
+ static void gencert(String owner, String cmd) throws Exception {
+ kt("-certreq -alias " + owner + " -file tmp.req");
+ kt("-gencert -infile tmp.req -outfile tmp.cert " + cmd);
+ kt("-import -alias " + owner + " -file tmp.cert");
+ }
+
+ static OutputAnalyzer js(String cmd) throws Exception {
+ return SecurityTools.jarsigner("-debug " + cmd);
+ }
+
+ public static void main(String[] args) throws Exception {
+
+ Files.write(Path.of("A1"), List.of("a1"));
+ Files.write(Path.of("A2"), List.of("a2"));
+ Files.write(Path.of("A3"), List.of("a3"));
+ Files.write(Path.of("A4"), List.of("a4"));
+ Files.write(Path.of("A5"), List.of("a5"));
+ Files.write(Path.of("A6"), List.of("a6"));
+
+ String year = "" + Calendar.getInstance().get(Calendar.YEAR);
+
+ // ==========================================================
+ // First part: output format
+ // ==========================================================
+
+ kt("-genkeypair -alias a1 -dname CN=a1 -validity 366");
+ kt("-genkeypair -alias a2 -dname CN=a2 -validity 366");
+
+ // a.jar includes 8 unsigned, 2 signed by a1 and a2, 2 signed by a3
+ SecurityTools.jar("cvf a.jar A1 A2");
+ js("-keystore ks -storepass changeit a.jar a1");
+ SecurityTools.jar("uvf a.jar A3 A4");
+ js("-keystore ks -storepass changeit a.jar a2");
+ SecurityTools.jar("uvf a.jar A5 A6");
+
+ // Verify OK
+ js("-verify a.jar").shouldHaveExitValue(0);
+
+ // 4(chainNotValidated)+16(hasUnsignedEntry)
+ js("-verify a.jar -strict").shouldHaveExitValue(20);
+
+ // 16(hasUnsignedEntry)
+ js("-verify a.jar -strict -keystore ks -storepass changeit")
+ .shouldHaveExitValue(16);
+
+ // 16(hasUnsignedEntry)+32(notSignedByAlias)
+ js("-verify a.jar a1 -strict -keystore ks -storepass changeit")
+ .shouldHaveExitValue(48);
+
+ // 16(hasUnsignedEntry)
+ js("-verify a.jar a1 a2 -strict -keystore ks -storepass changeit")
+ .shouldHaveExitValue(16);
+
+ // 12 entries all together
+ Asserts.assertTrue(js("-verify a.jar -verbose")
+ .asLines().stream()
+ .filter(s -> s.contains(year))
+ .count() == 12);
+
+ // 12 entries all listed
+ Asserts.assertTrue(js("-verify a.jar -verbose:grouped")
+ .asLines().stream()
+ .filter(s -> s.contains(year))
+ .count() == 12);
+
+ // 4 groups: MANIFST, unrelated, signed, unsigned
+ Asserts.assertTrue(js("-verify a.jar -verbose:summary")
+ .asLines().stream()
+ .filter(s -> s.contains(year))
+ .count() == 4);
+
+ // still 4 groups, but MANIFEST group has no other file
+ Asserts.assertTrue(js("-verify a.jar -verbose:summary")
+ .asLines().stream()
+ .filter(s -> s.contains("more)"))
+ .count() == 3);
+
+ // 5 groups: MANIFEST, unrelated, signed by a1/a2, signed by a2, unsigned
+ Asserts.assertTrue(js("-verify a.jar -verbose:summary -certs")
+ .asLines().stream()
+ .filter(s -> s.contains(year))
+ .count() == 5);
+
+ // 2 for MANIFEST, 2*2 for A1/A2, 2 for A3/A4
+ Asserts.assertTrue(js("-verify a.jar -verbose -certs")
+ .asLines().stream()
+ .filter(s -> s.contains("[certificate"))
+ .count() == 8);
+
+ // a1,a2 for MANIFEST, a1,a2 for A1/A2, a2 for A3/A4
+ Asserts.assertTrue(js("-verify a.jar -verbose:grouped -certs")
+ .asLines().stream()
+ .filter(s -> s.contains("[certificate"))
+ .count() == 5);
+
+ // a1,a2 for MANIFEST, a1,a2 for A1/A2, a2 for A3/A4
+ Asserts.assertTrue(js("-verify a.jar -verbose:summary -certs")
+ .asLines().stream()
+ .filter(s -> s.contains("[certificate"))
+ .count() == 5);
+
+ // still 5 groups, but MANIFEST group has no other file
+ Asserts.assertTrue(js("-verify a.jar -verbose:summary -certs")
+ .asLines().stream()
+ .filter(s -> s.contains("more)"))
+ .count() == 4);
+
+ // ==========================================================
+ // Second part: exit code 2, 4, 8.
+ // 16 and 32 already covered in the first part
+ // ==========================================================
+
+ kt("-genkeypair -alias ca -dname CN=ca -ext bc -validity 365");
+ kt("-genkeypair -alias expired -dname CN=expired");
+ gencert("expired", "-alias ca -startdate -10m");
+ kt("-genkeypair -alias notyetvalid -dname CN=notyetvalid");
+ gencert("notyetvalid", "-alias ca -startdate +1m");
+ kt("-genkeypair -alias badku -dname CN=badku");
+ gencert("badku", "-alias ca -ext KU=cRLSign -validity 365");
+ kt("-genkeypair -alias badeku -dname CN=badeku");
+ gencert("badeku", "-alias ca -ext EKU=sa -validity 365");
+ kt("-genkeypair -alias goodku -dname CN=goodku");
+ gencert("goodku", "-alias ca -ext KU=dig -validity 365");
+ kt("-genkeypair -alias goodeku -dname CN=goodeku");
+ gencert("goodeku", "-alias ca -ext EKU=codesign -validity 365");
+
+ js("-strict -keystore ks -storepass changeit a.jar expired")
+ .shouldHaveExitValue(4);
+
+ js("-strict -keystore ks -storepass changeit a.jar notyetvalid")
+ .shouldHaveExitValue(4);
+
+ js("-strict -keystore ks -storepass changeit a.jar badku")
+ .shouldHaveExitValue(8);
+
+ js("-strict -keystore ks -storepass changeit a.jar badeku")
+ .shouldHaveExitValue(8);
+
+ js("-strict -keystore ks -storepass changeit a.jar goodku")
+ .shouldHaveExitValue(0);
+
+ js("-strict -keystore ks -storepass changeit a.jar goodeku")
+ .shouldHaveExitValue(0);
+
+ // badchain signed by ca1, but ca1 is removed later
+ kt("-genkeypair -alias badchain -dname CN=badchain -validity 365");
+ kt("-genkeypair -alias ca1 -dname CN=ca1 -ext bc -validity 365");
+ gencert("badchain", "-alias ca1 -validity 365");
+
+ // save ca1.cert for easy replay
+ kt("-exportcert -file ca1.cert -alias ca1");
+ kt("-delete -alias ca1");
+
+ js("-strict -keystore ks -storepass changeit a.jar badchain")
+ .shouldHaveExitValue(4);
+
+ js("-verify a.jar").shouldHaveExitValue(0);
+
+ // ==========================================================
+ // Third part: -certchain test
+ // ==========================================================
+
+ // altchain signed by ca2
+ kt("-genkeypair -alias altchain -dname CN=altchain -validity 365");
+ kt("-genkeypair -alias ca2 -dname CN=ca2 -ext bc -validity 365");
+ kt("-certreq -alias altchain -file altchain.req");
+ Files.write(Path.of("certchain"), List.of(
+ kt("-gencert -alias ca2 -validity 365 -rfc -infile altchain.req")
+ .getOutput(),
+ kt("-exportcert -alias ca2 -rfc").getOutput()));
+
+ // Self-signed cert does not work
+ js("-strict -keystore ks -storepass changeit a.jar altchain")
+ .shouldHaveExitValue(4);
+
+ // -certchain works
+ js("-strict -keystore ks -storepass changeit -certchain certchain "
+ + "a.jar altchain")
+ .shouldHaveExitValue(0);
+
+ // if ca2 is removed, -certchain still work because altchain is a
+ // self-signed entry and it is trusted by jarsigner
+ // save ca2.cert for easy replay
+ kt("-exportcert -file ca2.cert -alias ca2");
+ kt("-delete -alias ca2");
+ js("-strict -keystore ks -storepass changeit "
+ + "-certchain certchain a.jar altchain")
+ .shouldHaveExitValue(0);
+
+ // if cert is imported, -certchain won't work because this
+ // certificate entry is not trusted
+ kt("-importcert -file certchain -alias altchain -noprompt");
+ js("-strict -keystore ks -storepass changeit "
+ + "-certchain certchain a.jar altchain")
+ .shouldHaveExitValue(4);
+
+ js("-verify a.jar").shouldHaveExitValue(0);
+
+ // ==========================================================
+ // 8172529
+ // ==========================================================
+
+ kt("-genkeypair -alias ee -dname CN=ee");
+ kt("-genkeypair -alias caone -dname CN=caone");
+ kt("-genkeypair -alias catwo -dname CN=catwo");
+
+ kt("-certreq -alias ee -file ee.req");
+ kt("-certreq -alias catwo -file catwo.req");
+
+ // This certchain contains a cross-signed weak catwo.cert
+ Files.write(Path.of("ee2"), List.of(
+ kt("-gencert -alias catwo -rfc -infile ee.req").getOutput(),
+ kt("-gencert -alias caone -sigalg MD5withRSA -rfc "
+ + "-infile catwo.req").getOutput()));
+
+ kt("-importcert -alias ee -file ee2");
+
+ SecurityTools.jar("cvf a.jar A1");
+ js("-strict -keystore ks -storepass changeit a.jar ee")
+ .shouldHaveExitValue(0);
+ js("-strict -keystore ks -storepass changeit -verify a.jar")
+ .shouldHaveExitValue(0);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/Crl.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6890876 6950931
+ * @summary jarsigner can add CRL info into signed jar (updated)
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+public class Crl {
+ static OutputAnalyzer kt(String cmd) throws Exception {
+ return SecurityTools.keytool("-storepass changeit -keypass changeit "
+ + "-keystore ks -keyalg rsa " + cmd);
+ }
+
+ public static void main(String[] args) throws Exception {
+ kt("-alias a -dname CN=a -keyalg rsa -genkey -validity 300");
+ kt("-alias a -gencrl -id 1:1 -id 2:2 -file crl1")
+ .shouldHaveExitValue(0);
+ kt("-alias a -gencrl -id 3:3 -id 4:4 -file crl2")
+ .shouldHaveExitValue(0);
+ kt("-alias a -gencrl -id 5:1 -id 6:2 -file crl3")
+ .shouldHaveExitValue(0);
+
+ // Test keytool -printcrl
+
+ kt("-printcrl -file crl1").shouldHaveExitValue(0);
+ kt("-printcrl -file crl2").shouldHaveExitValue(0);
+ kt("-printcrl -file crl3").shouldHaveExitValue(0);
+
+ // Test keytool -ext crl
+
+ kt("-alias b -dname CN=c -keyalg rsa -genkey -validity 300 "
+ + "-ext crl=uri:http://www.example.com/crl")
+ .shouldHaveExitValue(0);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/DefaultOptions.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8049834
+ * @summary Two security tools tests do not run with only JRE
+ * @library /test/lib
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.process.ProcessTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+import java.util.jar.JarFile;
+
+public class DefaultOptions {
+
+ static OutputAnalyzer jarsigner(String cmd) throws Throwable {
+ ProcessBuilder pb = SecurityTools.getProcessBuilder(
+ "jarsigner", List.of(cmd.trim().split("\\s+")));
+ pb.environment().put("PASS", "changeit");
+ return ProcessTools.executeCommand(pb);
+ }
+
+ static OutputAnalyzer keytool(String cmd) throws Throwable {
+ cmd = "-storepass:env PASS -keypass:env PASS -keystore ks " + cmd;
+ ProcessBuilder pb = SecurityTools.getProcessBuilder(
+ "keytool", List.of(cmd.trim().split("\\s+")));
+ pb.environment().put("PASS", "changeit");
+ return ProcessTools.executeCommand(pb);
+ }
+
+ public static void main(String[] args) throws Throwable {
+ keytool("-genkeypair -dname CN=A -alias a -keyalg rsa")
+ .shouldHaveExitValue(0);
+ keytool("-genkeypair -dname CN=CA -alias ca -keyalg rsa")
+ .shouldHaveExitValue(0);
+ keytool("-alias a -certreq -file a.req");
+ keytool("-alias ca -gencert -infile a.req -outfile a.cert");
+ keytool("-alias a -import -file a.cert").shouldHaveExitValue(0);
+
+ Files.write(Path.of("js.conf"), List.of(
+ "jarsigner.all = -keystore ${user.dir}/ks -storepass:env PASS "
+ + "-debug -strict",
+ "jarsigner.sign = -digestalg SHA1",
+ "jarsigner.verify = -verbose:summary"));
+
+ JarUtils.createJarFile(Path.of("a.jar"), Path.of("."),
+ Path.of("ks"), Path.of("js.conf"));
+
+ jarsigner("-conf js.conf a.jar a").shouldHaveExitValue(0);
+ jarsigner("-conf js.conf -verify a.jar").shouldHaveExitValue(0)
+ .shouldContain("and 1 more");
+
+ try (JarFile jf = new JarFile("a.jar")) {
+ Asserts.assertTrue(jf.getManifest().getAttributes("ks").keySet()
+ .stream()
+ .anyMatch(s -> s.toString().contains("SHA1-Digest")));
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/DiffEnd.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6948909
+ * @summary Jarsigner removes MANIFEST.MF info for badly packages jar's
+ * @library /test/lib
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import java.io.FileOutputStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.jar.Attributes;
+import java.util.jar.JarFile;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipOutputStream;
+
+public class DiffEnd {
+
+ static void check() throws Exception {
+ SecurityTools.jarsigner("-keystore "
+ + Path.of(System.getProperty("test.src"), "JarSigning.keystore")
+ .toString()
+ + " -storepass bbbbbb -digestalg SHA1"
+ + " -signedjar diffend.new.jar diffend.jar c");
+
+ try (JarFile jf = new JarFile("diffend.new.jar")) {
+ Asserts.assertTrue(jf.getManifest().getMainAttributes()
+ .containsKey(new Attributes.Name("Today")));
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+
+ // A MANIFEST.MF using \n as newlines and no double newlines at the end
+ byte[] manifest =
+ ("Manifest-Version: 1.0\n"
+ + "Created-By: 1.7.0-internal (Sun Microsystems Inc.)\n"
+ + "Today: Monday\n").getBytes(StandardCharsets.UTF_8);
+
+ // With the fake .RSA file, to trigger the if (wasSigned) block
+ try (FileOutputStream fos = new FileOutputStream("diffend.jar");
+ ZipOutputStream zos = new ZipOutputStream(fos)) {
+ zos.putNextEntry(new ZipEntry("META-INF/MANIFEST.MF"));
+ zos.write(manifest);
+ zos.putNextEntry(new ZipEntry("META-INF/x.RSA"));
+ zos.putNextEntry(new ZipEntry("1"));
+ zos.write(new byte[10]);
+ }
+
+ check();
+
+ // Without the fake .RSA file, to trigger the else block
+ try (FileOutputStream fos = new FileOutputStream("diffend.jar");
+ ZipOutputStream zos = new ZipOutputStream(fos)) {
+ zos.putNextEntry(new ZipEntry("META-INF/MANIFEST.MF"));
+ zos.write(manifest);
+ zos.putNextEntry(new ZipEntry("1"));
+ zos.write(new byte[10]);
+ }
+
+ check();
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/EC.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6870812
+ * @summary enhance security tools to use ECC algorithm
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class EC {
+ static OutputAnalyzer kt(String cmd) throws Exception {
+ return SecurityTools.keytool("-storepass changeit "
+ + "-keypass changeit -keystore ks " + cmd);
+ }
+
+ static void gencert(String owner, String cmd) throws Exception {
+ kt("-certreq -alias " + owner + " -file tmp.req")
+ .shouldHaveExitValue(0);
+ kt("-gencert -infile tmp.req -outfile tmp.cert " + cmd)
+ .shouldHaveExitValue(0);
+ kt("-import -alias " + owner + " -file tmp.cert")
+ .shouldHaveExitValue(0);
+ }
+
+ static OutputAnalyzer js(String cmd) throws Exception {
+ return SecurityTools.jarsigner("-keystore ks -storepass changeit " + cmd);
+ }
+
+ public static void main(String[] args) throws Exception {
+ Files.write(Path.of("A"), List.of("A"));
+ JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("A"));
+
+ kt("-alias ca -dname CN=ca -keyalg ec -genkey -validity 300")
+ .shouldHaveExitValue(0);
+ kt("-alias a -dname CN=a -keyalg ec -genkey")
+ .shouldHaveExitValue(0);
+ gencert("a", "-alias ca -validity 300");
+
+ kt("-alias b -dname CN=b -keyalg ec -genkey")
+ .shouldHaveExitValue(0);
+ gencert("b", "-alias ca -validity 300");
+
+ // Ensure key length sufficient for intended hash (SHA512withECDSA)
+ kt("-alias c -dname CN=c -keyalg ec -genkey -keysize 521")
+ .shouldHaveExitValue(0);
+ gencert("c", "-alias ca -validity 300");
+
+ kt("-alias x -dname CN=x -keyalg ec -genkey -validity 300")
+ .shouldHaveExitValue(0);
+ gencert("x", "-alias ca -validity 300");
+
+ js("a.jar a -debug -strict").shouldHaveExitValue(0);
+ js("a.jar b -debug -strict -sigalg SHA1withECDSA").shouldHaveExitValue(0);
+ js("a.jar c -debug -strict -sigalg SHA512withECDSA").shouldHaveExitValue(0);
+
+ js("-verify a.jar a -debug -strict").shouldHaveExitValue(0);
+ js("-verify a.jar b -debug -strict").shouldHaveExitValue(0);
+ js("-verify a.jar c -debug -strict").shouldHaveExitValue(0);
+
+ // Not signed by x, should exit with non-zero
+ js("-verify a.jar x -debug -strict").shouldNotHaveExitValue(0);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/EmptyManifest.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6712755
+ * @summary jarsigner fails to sign itextasian.jar since 1.5.0_b14,
+ * it works with 1.5.0_13
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+import java.io.FileOutputStream;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipOutputStream;
+
+public class EmptyManifest {
+
+ public static void main(String[] args) throws Exception {
+
+ try (FileOutputStream fos = new FileOutputStream("em.jar");
+ ZipOutputStream zos = new ZipOutputStream(fos)) {
+ zos.putNextEntry(new ZipEntry("META-INF/MANIFEST.MF"));
+ zos.write(new byte[]{'\r', '\n'});
+ zos.putNextEntry(new ZipEntry("A"));
+ zos.write(new byte[10]);
+ zos.putNextEntry(new ZipEntry("B"));
+ zos.write(new byte[0]);
+ }
+
+ SecurityTools.keytool("-keystore ks -storepass changeit "
+ + "-keypass changeit -alias a -dname CN=a -keyalg rsa "
+ + "-genkey -validity 300");
+
+ SecurityTools.jarsigner("-keystore ks -storepass changeit em.jar a")
+ .shouldHaveExitValue(0);
+ SecurityTools.jarsigner("-keystore ks -storepass changeit -verify "
+ + "-debug -strict em.jar")
+ .shouldHaveExitValue(0);
+ }
+}
--- a/test/jdk/sun/security/tools/jarsigner/EntriesOrder.java Thu Apr 11 22:56:11 2019 -0400
+++ b/test/jdk/sun/security/tools/jarsigner/EntriesOrder.java Fri Apr 12 13:35:23 2019 +0800
@@ -64,9 +64,9 @@
// directory ignored), we can get 2 signed ones (inf, a).
// Prepares raw files
- Files.write(Paths.get("a"), "a".getBytes());
+ Files.write(Paths.get("a"), List.of("a"));
Files.createDirectory(Paths.get("META-INF/"));
- Files.write(Paths.get("META-INF/inf"), "inf".getBytes());
+ Files.write(Paths.get("META-INF/inf"), List.of("inf"));
// Pack, sign, and extract to get all files
sun.tools.jar.Main m =
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/JvIndex.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8022761
+ * @summary regression: SecurityException is NOT thrown while trying
+ * to pack a wrongly signed Indexed Jar file
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class JvIndex {
+ public static void main(String[] args) throws Exception {
+
+ Files.write(Path.of("abcde"), List.of("12345"));
+ JarUtils.createJarFile(Path.of("jvindex.jar"), Path.of("."),
+ Path.of("abcde"));
+ SecurityTools.keytool("-storepass changeit -keypass changeit "
+ + "-keystore ks -keyalg rsa -alias a -dname CN=a "
+ + "-genkey -validity 300")
+ .shouldHaveExitValue(0);
+ SecurityTools.jarsigner("-keystore ks -storepass changeit jvindex.jar a")
+ .shouldHaveExitValue(0);
+
+ SecurityTools.jar("i jvindex.jar");
+
+ // Make sure the $F line has "sm" (signed and in manifest)
+ SecurityTools.jarsigner("-keystore ks -storepass changeit -verify "
+ + "-verbose jvindex.jar")
+ .shouldHaveExitValue(0)
+ .shouldMatch("sm.*abcde");
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/NameClash.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6876328
+ * @summary different names for the same digest algorithms breaks jarsigner
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class NameClash {
+ public static void main(String[] args) throws Exception {
+ String common = "-storepass changeit -keypass changeit -keystore ks ";
+
+ SecurityTools.keytool(common + "-alias a -dname CN=a -keyalg rsa "
+ + "-genkey -validity 300");
+ SecurityTools.keytool(common + "-alias b -dname CN=b -keyalg rsa "
+ + "-genkey -validity 300");
+
+ Files.write(Path.of("A"), List.of("A"));
+ JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("A"));
+
+ SecurityTools.jarsigner(common + "a.jar a -digestalg SHA1")
+ .shouldHaveExitValue(0);
+ SecurityTools.jarsigner(common + "a.jar b -digestalg SHA-1")
+ .shouldHaveExitValue(0);
+
+ SecurityTools.jarsigner(common + "-verify -debug -strict a.jar")
+ .shouldHaveExitValue(0);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/NewSize7.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6561126
+ * @summary keytool should use larger default keysize for keypairs
+ * @library /test/lib
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.jar.JarFile;
+import java.util.jar.Manifest;
+
+public class NewSize7 {
+ public static void main(String[] args) throws Exception {
+ String common = "-storepass changeit -keypass changeit -keystore ks ";
+ SecurityTools.keytool(common
+ + "-keyalg rsa -genkeypair -alias me -dname CN=Me");
+ Files.write(Path.of("ns7.txt"), new byte[0]);
+ JarUtils.createJarFile(Path.of("ns7.jar"), Path.of("."),
+ Path.of("ns7.txt"));
+ SecurityTools.jarsigner(common + "ns7.jar me");
+
+ try (JarFile jf = new JarFile("ns7.jar")) {
+ try (InputStream is = jf.getInputStream(
+ jf.getEntry("META-INF/MANIFEST.MF"))) {
+ Asserts.assertTrue(new Manifest(is).getAttributes("ns7.txt")
+ .keySet().stream()
+ .anyMatch(s -> s.toString().contains("SHA-256")));
+ }
+ try (InputStream is = jf.getInputStream(
+ jf.getEntry("META-INF/ME.SF"))) {
+ Asserts.assertTrue(new Manifest(is).getAttributes("ns7.txt")
+ .keySet().stream()
+ .anyMatch(s -> s.toString().contains("SHA-256")));
+ }
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/OldSig.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6543940 6868865
+ * @summary Exception thrown when signing a jarfile in java 1.5
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+public class OldSig {
+ public static void main(String[] args) throws Exception {
+ Path src = Path.of(System.getProperty("test.src"));
+ // copy jar file into writeable location
+ Files.copy(src.resolve("oldsig/A.jar"), Path.of("B.jar"));
+ Files.copy(src.resolve("oldsig/A.class"), Path.of("B.class"));
+
+ JarUtils.updateJarFile(Path.of("B.jar"), Path.of("."),
+ Path.of("B.class"));
+
+ SecurityTools.jarsigner("-keystore " + src.resolve("JarSigning.keystore")
+ + " -storepass bbbbbb -digestalg SHA1 B.jar c");
+ SecurityTools.jarsigner("-verify B.jar");
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/OnlyManifest.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7004035
+ * @summary signed jar with only META-INF/* inside is not verifiable
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class OnlyManifest {
+ static OutputAnalyzer kt(String cmd) throws Exception {
+ return SecurityTools.keytool("-storepass changeit -keypass changeit "
+ + "-keystore ks -keyalg rsa " + cmd);
+ }
+
+ static void gencert(String owner, String cmd) throws Exception {
+ kt("-certreq -alias " + owner + " -file tmp.req");
+ kt("-gencert -infile tmp.req -outfile tmp.cert " + cmd);
+ kt("-import -alias " + owner + " -file tmp.cert");
+ }
+
+ public static void main(String[] args) throws Exception {
+ // Create an empty jar file with only MANIFEST.MF
+ Files.write(Path.of("manifest"), List.of("Key: Value"));
+ SecurityTools.jar("cvfm a.jar manifest");
+
+ kt("-alias ca -dname CN=ca -genkey -validity 300")
+ .shouldHaveExitValue(0);
+ kt("-alias a -dname CN=a -genkey -validity 300")
+ .shouldHaveExitValue(0);
+ gencert("a", "-alias ca -validity 300");
+
+ SecurityTools.jarsigner("-keystore ks -storepass changeit"
+ + " a.jar a -debug -strict")
+ .shouldHaveExitValue(0);
+ SecurityTools.jarsigner("-keystore ks -storepass changeit"
+ + " -verify a.jar a -debug -strict")
+ .shouldHaveExitValue(0)
+ .shouldNotContain("unsigned");
+ }
+}
--- a/test/jdk/sun/security/tools/jarsigner/Options.java Thu Apr 11 22:56:11 2019 -0400
+++ b/test/jdk/sun/security/tools/jarsigner/Options.java Fri Apr 12 13:35:23 2019 +0800
@@ -58,7 +58,7 @@
public static void main(String[] args) throws Exception {
// Prepares raw file
- Files.write(Paths.get("a"), "a".getBytes());
+ Files.write(Paths.get("a"), List.of("a"));
// Pack
JarUtils.createJar("a.jar", "a");
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/PassType.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6868579
+ * @summary RFE: jarsigner to support reading password from environment variable
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.process.ProcessTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class PassType {
+
+ static OutputAnalyzer jarsignerWithEnv(String cmd) throws Throwable {
+ ProcessBuilder pb = SecurityTools.getProcessBuilder(
+ "jarsigner", List.of(cmd.trim().split("\\s+")));
+ pb.environment().put("PASSENV", "test12");
+ return ProcessTools.executeCommand(pb);
+ }
+
+ static OutputAnalyzer keytoolWithEnv(String cmd) throws Throwable {
+ ProcessBuilder pb = SecurityTools.getProcessBuilder(
+ "keytool", List.of(cmd.trim().split("\\s+")));
+ pb.environment().put("PASSENV", "test12");
+ return ProcessTools.executeCommand(pb);
+ }
+
+ public static void main(String[] args) throws Throwable {
+
+ SecurityTools.keytool("-keystore ks -validity 300 -keyalg rsa "
+ + "-alias a -dname CN=a -keyalg rsa -genkey "
+ + "-storepass test12 -keypass test12")
+ .shouldHaveExitValue(0);
+ keytoolWithEnv("-keystore ks -validity 300 -keyalg rsa "
+ + "-alias b -dname CN=b -keyalg rsa -genkey "
+ + "-storepass:env PASSENV -keypass:env PASSENV")
+ .shouldHaveExitValue(0);
+ Files.write(Path.of("passfile"), List.of("test12"));
+ SecurityTools.keytool("-keystore ks -validity 300 -keyalg rsa "
+ + "-alias c -dname CN=c -keyalg rsa -genkey "
+ + "-storepass:file passfile -keypass:file passfile")
+ .shouldHaveExitValue(0);
+
+ Files.write(Path.of("A"), List.of("A"));
+ JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("A"));
+
+ // Sign
+ SecurityTools.jarsigner("-keystore ks -storepass test12 a.jar a")
+ .shouldHaveExitValue(0);
+ jarsignerWithEnv("-keystore ks -storepass:env PASSENV a.jar b")
+ .shouldHaveExitValue(0);
+ SecurityTools.jarsigner("-keystore ks -storepass:file passfile a.jar c")
+ .shouldHaveExitValue(0);
+
+ // Verify
+ SecurityTools.jarsigner("-keystore ks -storepass test12 "
+ + "-verify -debug -strict a.jar")
+ .shouldHaveExitValue(0);
+ jarsignerWithEnv("-keystore ks -storepass:env PASSENV "
+ + "-verify -debug -strict a.jar")
+ .shouldHaveExitValue(0);
+ SecurityTools.jarsigner("-keystore ks -storepass:file passfile "
+ + "-verify -debug -strict a.jar")
+ .shouldHaveExitValue(0);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/PercentSign.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6522933
+ * @summary jarsigner fails in a directory with a path containing a % sign
+ * @author Wang Weijun
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+public class PercentSign {
+ public static void main(String[] args) throws Exception {
+
+ // copy jar file into writeable location
+ Files.copy(Path.of(System.getProperty("test.src"), "AlgOptions.jar"),
+ Path.of("AlgOptionsTmp.jar"));
+
+ SecurityTools.jarsigner("-keystore "
+ + Path.of(System.getProperty("test.src"), "a%b", "percent.keystore")
+ + " -storepass changeit AlgOptionsTmp.jar ok")
+ .shouldHaveExitValue(0);
+ }
+}
--- a/test/jdk/sun/security/tools/jarsigner/PercentSign.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,79 +0,0 @@
-#
-# Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6522933
-# @summary jarsigner fails in a directory with a path contianing a % sign
-# @author Wang Weijun
-#
-# @run shell PercentSign.sh
-#
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
- TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
- echo "TESTJAVA not set. Test cannot execute."
- echo "FAILED!!!"
- exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- SunOS | Linux | Darwin | AIX )
- NULL=/dev/null
- PS=":"
- FS="/"
- CP="${FS}bin${FS}cp -f"
- ;;
- CYGWIN* )
- NULL=/dev/null
- PS=";"
- FS="/"
- CP="cp -f"
- ;;
- Windows_* )
- NULL=NUL
- PS=";"
- FS="\\"
- CP="cp -f"
- ;;
- * )
- echo "Unrecognized operating system!"
- exit 1;
- ;;
-esac
-
-# copy jar file into writeable location
-${CP} ${TESTSRC}${FS}AlgOptions.jar ${TESTCLASSES}${FS}AlgOptionsTmp.jar
-
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
- -keystore ${TESTSRC}${FS}a%b${FS}percent.keystore \
- -storepass changeit \
- ${TESTCLASSES}${FS}AlgOptionsTmp.jar ok
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/SameName.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,56 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6866479
+ * @summary libzip.so caused JVM to crash when running jarsigner
+ * @library /test/lib
+ */
+
+import jdk.test.lib.Platform;
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class SameName {
+ public static void main(String[] args) throws Exception {
+
+ String signedJar = Platform.isWindows() ? "EM.jar" : "em.jar";
+
+ Files.write(Path.of("A"), List.of("A"));
+ JarUtils.createJarFile(Path.of("em.jar"), Path.of("."), Path.of("A"));
+
+ SecurityTools.keytool("-storepass changeit -keypass changeit "
+ + "-keystore ks -keyalg rsa -alias a -dname CN=a "
+ + "-keyalg rsa -genkey -validity 300")
+ .shouldHaveExitValue(0);
+
+ SecurityTools.jarsigner("-keystore ks -storepass changeit "
+ + "-signedjar " + signedJar + " em.jar a")
+ .shouldHaveExitValue(0);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/jarsigner/WeakSize.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,69 @@
+/*
+ * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8044755
+ * @summary Add a test for algorithm constraints check in jarsigner
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.util.JarUtils;
+
+import java.nio.file.Path;
+
+public class WeakSize {
+
+ static OutputAnalyzer kt(String cmd) throws Exception {
+ // The sigalg used is MD2withRSA, which is obsolete.
+ return SecurityTools.keytool("-storepass changeit -keypass changeit "
+ + "-keystore ks -keyalg rsa -sigalg MD2withRSA " + cmd);
+ }
+
+ static void gencert(String owner, String cmd) throws Exception {
+ kt("-certreq -alias " + owner + " -file tmp.req");
+ kt("-gencert -infile tmp.req -outfile tmp.cert " + cmd);
+ kt("-import -alias " + owner + " -file tmp.cert");
+ }
+
+ public static void main(String[] args) throws Exception {
+
+ kt("-genkeypair -alias ca -dname CN=CA -ext bc");
+ kt("-genkeypair -alias signer -dname CN=Signer");
+ gencert("signer", "-alias ca -ext ku=dS -rfc");
+
+ JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("ks"));
+
+ // We always trust a TrustedCertificateEntry
+ SecurityTools.jarsigner("-keystore ks -storepass changeit "
+ + "-strict -debug a.jar ca")
+ .shouldNotContain("chain is invalid");
+
+ // An end-entity cert must follow algorithm constraints
+ SecurityTools.jarsigner("-keystore ks -storepass changeit "
+ + "-strict -debug a.jar signer")
+ .shouldContain("chain is invalid");
+ }
+}
--- a/test/jdk/sun/security/tools/jarsigner/certpolicy.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,80 +0,0 @@
-#
-# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8036709
-# @summary Java 7 jarsigner displays warning about cert policy tree
-#
-# @run shell certpolicy.sh
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-KT="$TESTJAVA/bin/keytool $TESTTOOLVMOPTS \
- -keypass changeit -storepass changeit -keystore ks -keyalg rsa"
-JS="$TESTJAVA/bin/jarsigner $TESTTOOLVMOPTS -storepass changeit -keystore ks"
-JAR="$TESTJAVA/bin/jar $TESTTOOLVMOPTS"
-
-rm ks 2> /dev/null
-$KT -genkeypair -alias ca -dname CN=CA -ext bc
-$KT -genkeypair -alias int -dname CN=Int
-$KT -genkeypair -alias ee -dname CN=EE
-
-# CertificatePolicies [[PolicyId: [1.2.3]], [PolicyId: [1.2.4]]]
-# PolicyConstraints: [Require: 0; Inhibit: unspecified]
-$KT -certreq -alias int | \
- $KT -gencert -rfc -alias ca \
- -ext 2.5.29.32="30 0C 30 04 06 02 2A 03 30 04 06 02 2A 04" \
- -ext "2.5.29.36=30 03 80 01 00" -ext bc | \
- $KT -import -alias int
-
-# CertificatePolicies [[PolicyId: [1.2.3]]]
-$KT -certreq -alias ee | \
- $KT -gencert -rfc -alias int \
- -ext 2.5.29.32="30 06 30 04 06 02 2A 03" | \
- $KT -import -alias ee
-
-$KT -export -alias ee -rfc > cc
-$KT -export -alias int -rfc >> cc
-$KT -export -alias ca -rfc >> cc
-
-$KT -delete -alias int
-
-ERR=''
-$JAR cvf a.jar cc
-
-# Make sure the certchain in the signed jar contains all 3 certs
-$JS -strict -certchain cc a.jar ee -debug || ERR="sign"
-$JS -strict -verify a.jar -debug || ERR="$ERR verify"
-
-if [ "$ERR" = "" ]; then
- echo "Success"
- exit 0
-else
- echo "Failed: $ERR"
- exit 1
-fi
-
--- a/test/jdk/sun/security/tools/jarsigner/checkusage.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,109 +0,0 @@
-#
-# Copyright (c) 2010, 2017, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 7004168
-# @summary jarsigner -verify checks for KeyUsage codesigning ext on all certs
-# instead of just signing cert
-#
-# @run shell checkusage.sh
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keyalg rsa"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
-
-rm js.jks trust.jks unrelated.jks 2> /dev/null
-
-echo x > x
-$JAR cvf a.jar x
-
-################### 3 Keystores #######################
-
-# Keystore js.jks: including CA and Publisher
-# CA contains a non-empty KeyUsage
-$KT -keystore js.jks -genkeypair -alias ca -dname CN=CA -ext KU=kCS -ext bc -validity 365
-$KT -keystore js.jks -genkeypair -alias pub -dname CN=Publisher
-
-# Publisher contains the correct KeyUsage
-$KT -keystore js.jks -certreq -alias pub | \
- $KT -keystore js.jks -gencert -alias ca -ext KU=dig -validity 365 | \
- $KT -keystore js.jks -importcert -alias pub
-
-# Keystore trust.jks: including CA only
-$KT -keystore js.jks -exportcert -alias ca | \
- $KT -keystore trust.jks -importcert -alias ca -noprompt
-
-# Keystore unrelated.jks: unrelated
-$KT -keystore unrelated.jks -genkeypair -alias nothing -dname CN=Nothing -validity 365
-
-
-################### 4 Tests #######################
-
-# Test 1: Sign should be OK
-
-$JARSIGNER -keystore js.jks -storepass changeit a.jar pub
-RESULT=$?
-echo $RESULT
-#[ $RESULT = 0 ] || exit 1
-
-# Test 2: Verify should be OK
-
-$JARSIGNER -keystore trust.jks -strict -verify a.jar
-RESULT=$?
-echo $RESULT
-#[ $RESULT = 0 ] || exit 2
-
-# Test 3: When no keystore is specified, the error is only
-# "chain invalid"
-
-$JARSIGNER -strict -verify a.jar
-RESULT=$?
-echo $RESULT
-#[ $RESULT = 4 ] || exit 3
-
-# Test 4: When unrelated keystore is specified, the error is
-# "chain invalid" and "not alias in keystore"
-
-$JARSIGNER -keystore unrelated.jks -strict -verify a.jar
-RESULT=$?
-echo $RESULT
-#[ $RESULT = 36 ] || exit 4
-
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/collator.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-#
-# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8021789
-# @summary jarsigner parses alias as command line option (depending on locale)
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-F=collator
-KS=collator.jks
-JFILE=collator.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit \
- -keyalg rsa -keystore $KS"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -keystore $KS -storepass changeit"
-
-rm $F $KS $JFILE 2> /dev/null
-
-echo 12345 > $F
-$JAR cvf $JFILE $F
-
-ERR=""
-
-$KT -alias debug -dname CN=debug -genkey -validity 300 || ERR="$ERR 1"
-
-# use "debug" as alias name
-$JARSIGNER $JFILE debug || ERR="$ERR 2"
-
-# use "" as alias name (although there will be a warning)
-$JARSIGNER -verify $JFILE "" || ERR="$ERR 3"
-
-if [ "$ERR" = "" ]; then
- exit 0
-else
- echo "ERR is $ERR"
- exit 1
-fi
--- a/test/jdk/sun/security/tools/jarsigner/concise_jarsigner.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,247 +0,0 @@
-#
-# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6802846 8172529
-# @summary jarsigner needs enhanced cert validation(options)
-#
-# @run shell/timeout=240 concise_jarsigner.sh
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-# Choose 1024-bit RSA to make sure it runs fine and fast on all platforms. In
-# fact, every keyalg/keysize combination is OK for this test.
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-KS=js.ks
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa -keysize 1024"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -debug"
-JAVAC="$TESTJAVA${FS}bin${FS}javac ${TESTTOOLVMOPTS} ${TESTJAVACOPTS}"
-
-rm $KS
-
-echo class A1 {} > A1.java
-echo class A2 {} > A2.java
-echo class A3 {} > A3.java
-echo class A4 {} > A4.java
-echo class A5 {} > A5.java
-echo class A6 {} > A6.java
-
-$JAVAC A1.java A2.java A3.java A4.java A5.java A6.java
-YEAR=`date +%Y`
-
-# ==========================================================
-# First part: output format
-# ==========================================================
-
-$KT -genkeypair -alias a1 -dname CN=a1 -validity 366
-$KT -genkeypair -alias a2 -dname CN=a2 -validity 366
-
-# a.jar includes 8 unsigned, 2 signed by a1 and a2, 2 signed by a3
-$JAR cvf a.jar A1.class A2.class
-$JARSIGNER -keystore $KS -storepass changeit a.jar a1
-$JAR uvf a.jar A3.class A4.class
-$JARSIGNER -keystore $KS -storepass changeit a.jar a2
-$JAR uvf a.jar A5.class A6.class
-
-# Verify OK
-$JARSIGNER -verify a.jar
-[ $? = 0 ] || exit $LINENO
-
-# 4(chainNotValidated)+16(hasUnsignedEntry)
-$JARSIGNER -verify a.jar -strict
-[ $? = 20 ] || exit $LINENO
-
-# 16(hasUnsignedEntry)
-$JARSIGNER -verify a.jar -strict -keystore $KS -storepass changeit
-[ $? = 16 ] || exit $LINENO
-
-# 16(hasUnsignedEntry)+32(notSignedByAlias)
-$JARSIGNER -verify a.jar a1 -strict -keystore $KS -storepass changeit
-[ $? = 48 ] || exit $LINENO
-
-# 16(hasUnsignedEntry)
-$JARSIGNER -verify a.jar a1 a2 -strict -keystore $KS -storepass changeit
-[ $? = 16 ] || exit $LINENO
-
-# 12 entries all together
-LINES=`$JARSIGNER -verify a.jar -verbose | grep $YEAR | wc -l`
-[ $LINES = 12 ] || exit $LINENO
-
-# 12 entries all listed
-LINES=`$JARSIGNER -verify a.jar -verbose:grouped | grep $YEAR | wc -l`
-[ $LINES = 12 ] || exit $LINENO
-
-# 4 groups: MANIFST, unrelated, signed, unsigned
-LINES=`$JARSIGNER -verify a.jar -verbose:summary | grep $YEAR | wc -l`
-[ $LINES = 4 ] || exit $LINENO
-
-# still 4 groups, but MANIFEST group has no other file
-LINES=`$JARSIGNER -verify a.jar -verbose:summary | grep "more)" | wc -l`
-[ $LINES = 3 ] || exit $LINENO
-
-# 5 groups: MANIFEST, unrelated, signed by a1/a2, signed by a2, unsigned
-LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep $YEAR | wc -l`
-[ $LINES = 5 ] || exit $LINENO
-
-# 2 for MANIFEST, 2*2 for A1/A2, 2 for A3/A4
-LINES=`$JARSIGNER -verify a.jar -verbose -certs | grep "\[certificate" | wc -l`
-[ $LINES = 8 ] || exit $LINENO
-
-# a1,a2 for MANIFEST, a1,a2 for A1/A2, a2 for A3/A4
-LINES=`$JARSIGNER -verify a.jar -verbose:grouped -certs | grep "\[certificate" | wc -l`
-[ $LINES = 5 ] || exit $LINENO
-
-# a1,a2 for MANIFEST, a1,a2 for A1/A2, a2 for A3/A4
-LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep "\[certificate" | wc -l`
-[ $LINES = 5 ] || exit $LINENO
-
-# still 5 groups, but MANIFEST group has no other file
-LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep "more)" | wc -l`
-[ $LINES = 4 ] || exit $LINENO
-
-# ==========================================================
-# Second part: exit code 2, 4, 8.
-# 16 and 32 already covered in the first part
-# ==========================================================
-
-$KT -genkeypair -alias ca -dname CN=ca -ext bc -validity 365
-$KT -genkeypair -alias expired -dname CN=expired
-$KT -certreq -alias expired | $KT -gencert -alias ca -startdate -10m | $KT -import -alias expired
-$KT -genkeypair -alias notyetvalid -dname CN=notyetvalid
-$KT -certreq -alias notyetvalid | $KT -gencert -alias ca -startdate +1m | $KT -import -alias notyetvalid
-$KT -genkeypair -alias badku -dname CN=badku
-$KT -certreq -alias badku | $KT -gencert -alias ca -ext KU=cRLSign -validity 365 | $KT -import -alias badku
-$KT -genkeypair -alias badeku -dname CN=badeku
-$KT -certreq -alias badeku | $KT -gencert -alias ca -ext EKU=sa -validity 365 | $KT -import -alias badeku
-$KT -genkeypair -alias goodku -dname CN=goodku
-$KT -certreq -alias goodku | $KT -gencert -alias ca -ext KU=dig -validity 365 | $KT -import -alias goodku
-$KT -genkeypair -alias goodeku -dname CN=goodeku
-$KT -certreq -alias goodeku | $KT -gencert -alias ca -ext EKU=codesign -validity 365 | $KT -import -alias goodeku
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar expired
-[ $? = 4 ] || exit $LINENO
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar notyetvalid
-[ $? = 4 ] || exit $LINENO
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar badku
-[ $? = 8 ] || exit $LINENO
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar badeku
-[ $? = 8 ] || exit $LINENO
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar goodku
-[ $? = 0 ] || exit $LINENO
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar goodeku
-[ $? = 0 ] || exit $LINENO
-
-# badchain signed by ca1, but ca1 is removed later
-$KT -genkeypair -alias badchain -dname CN=badchain -validity 365
-$KT -genkeypair -alias ca1 -dname CN=ca1 -ext bc -validity 365
-$KT -certreq -alias badchain | $KT -gencert -alias ca1 -validity 365 | \
- $KT -importcert -alias badchain
-# save ca1.cert for easy replay
-$KT -exportcert -file ca1.cert -alias ca1
-$KT -delete -alias ca1
-
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar badchain
-[ $? = 4 ] || exit $LINENO
-
-$JARSIGNER -verify a.jar
-[ $? = 0 ] || exit $LINENO
-
-# ==========================================================
-# Third part: -certchain test
-# ==========================================================
-
-# altchain signed by ca2
-$KT -genkeypair -alias altchain -dname CN=altchain -validity 365
-$KT -genkeypair -alias ca2 -dname CN=ca2 -ext bc -validity 365
-$KT -certreq -alias altchain | $KT -gencert -alias ca2 -validity 365 -rfc > certchain
-$KT -exportcert -alias ca2 -rfc >> certchain
-
-# Self-signed cert does not work
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar altchain
-[ $? = 4 ] || exit $LINENO
-
-# -certchain works
-$JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain
-[ $? = 0 ] || exit $LINENO
-
-# if ca2 is removed, -certchain still work because altchain is a self-signed entry and
-# it is trusted by jarsigner
-# save ca2.cert for easy replay
-$KT -exportcert -file ca2.cert -alias ca2
-$KT -delete -alias ca2
-$JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain
-[ $? = 0 ] || exit $LINENO
-
-# if cert is imported, -certchain won't work because this certificate entry is not trusted
-$KT -importcert -file certchain -alias altchain -noprompt
-$JARSIGNER -strict -keystore $KS -storepass changeit -certchain certchain a.jar altchain
-[ $? = 4 ] || exit $LINENO
-
-$JARSIGNER -verify a.jar
-[ $? = 0 ] || exit $LINENO
-
-# ==========================================================
-# 8172529
-# ==========================================================
-
-$KT -genkeypair -alias ee -dname CN=ee
-$KT -genkeypair -alias caone -dname CN=caone
-$KT -genkeypair -alias catwo -dname CN=catwo
-
-$KT -certreq -alias ee | $KT -gencert -alias catwo -rfc > ee.cert
-$KT -certreq -alias catwo | $KT -gencert -alias caone -sigalg MD5withRSA -rfc > catwo.cert
-
-# This certchain contains a cross-signed weak catwo.cert
-cat ee.cert catwo.cert | $KT -importcert -alias ee
-
-$JAR cvf a.jar A1.class
-$JARSIGNER -strict -keystore $KS -storepass changeit a.jar ee
-[ $? = 0 ] || exit $LINENO
-$JARSIGNER -strict -keystore $KS -storepass changeit -verify a.jar
-[ $? = 0 ] || exit $LINENO
-
-echo OK
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/crl.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-#
-# Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6890876 6950931
-# @summary jarsigner can add CRL info into signed jar (updated)
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-
-OS=`uname -s`
-case "$OS" in
- Windows* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-KS=crl.jks
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa"
-
-rm $KS 2> /dev/null
-
-# Test keytool -gencrl
-
-$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
-$KT -alias a -gencrl -id 1:1 -id 2:2 -file crl1 || exit 1
-$KT -alias a -gencrl -id 3:3 -id 4:4 -file crl2 || exit 2
-$KT -alias a -gencrl -id 5:1 -id 6:2 -file crl3 || exit 4
-
-# Test keytool -printcrl
-
-$KT -printcrl -file crl1 || exit 5
-$KT -printcrl -file crl2 || exit 6
-$KT -printcrl -file crl3 || exit 7
-
-
-# Test keytool -ext crl
-
-$KT -alias b -dname CN=c -keyalg rsa -genkey -validity 300 \
- -ext crl=uri:http://www.example.com/crl || exit 10
-
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/default_options.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,68 +0,0 @@
-#
-# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8049834
-# @summary Two security tools tests do not run with only JRE
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-PASS=changeit
-export PASS
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-KS=ks
-KEYTOOL="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -storepass:env PASS -keypass:env PASS -keystore $KS"
-JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS}"
-
-rm $KS 2> /dev/null
-
-$KEYTOOL -genkeypair -dname CN=A -alias a -keyalg rsa || exit 1
-$KEYTOOL -genkeypair -dname CN=CA -alias ca -keyalg rsa || exit 2
-$KEYTOOL -alias a -certreq |
- $KEYTOOL -alias ca -gencert |
- $KEYTOOL -alias a -import || exit 3
-
-cat <<EOF > js.conf
-jarsigner.all = -keystore \${user.dir}/$KS -storepass:env PASS -debug -strict
-jarsigner.sign = -digestalg SHA1
-jarsigner.verify = -verbose:summary
-
-EOF
-
-$JAR cvf a.jar ks js.conf
-
-$JARSIGNER -conf js.conf a.jar a || exit 21
-$JARSIGNER -conf js.conf -verify a.jar > jarsigner.out || exit 22
-grep "and 1 more" jarsigner.out || exit 23
-$JAR xvf a.jar META-INF/MANIFEST.MF
-grep "SHA1-Digest" META-INF/MANIFEST.MF || exit 24
-
-echo Done
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/diffend.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,110 +0,0 @@
-#
-# Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6948909
-# @summary Jarsigner removes MANIFEST.MF info for badly packages jar's
-#
-
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
- TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
- echo "TESTJAVA not set. Test cannot execute."
- echo "FAILED!!!"
- exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- SunOS | Linux | Darwin | AIX )
- NULL=/dev/null
- PS=":"
- FS="/"
- CP="${FS}bin${FS}cp -f"
- ;;
- CYGWIN* )
- NULL=/dev/null
- PS=";"
- FS="/"
- CP="cp -f"
- ;;
- Windows_* )
- NULL=NUL
- PS=";"
- FS="\\"
- CP="cp -f"
- ;;
- * )
- echo "Unrecognized operating system!"
- exit 1;
- ;;
-esac
-
-echo 1 > 1
-mkdir META-INF
-
-# Create a fake .RSA file so that jarsigner believes it's signed
-
-touch META-INF/x.RSA
-
-# A MANIFEST.MF using \n as newlines and no double newlines at the end
-
-cat > META-INF/MANIFEST.MF <<EOF
-Manifest-Version: 1.0
-Created-By: 1.7.0-internal (Sun Microsystems Inc.)
-Today: Monday
-EOF
-
-# With the fake .RSA file, to trigger the if (wasSigned) block
-
-rm diffend.jar
-zip diffend.jar META-INF/MANIFEST.MF META-INF/x.RSA 1
-
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
- -keystore ${TESTSRC}${FS}JarSigning.keystore \
- -storepass bbbbbb \
- -digestalg SHA1 \
- -signedjar diffend.new.jar \
- diffend.jar c
-
-unzip -p diffend.new.jar META-INF/MANIFEST.MF | grep Today || exit 1
-
-# Without the fake .RSA file, to trigger the else block
-
-rm diffend.jar
-zip diffend.jar META-INF/MANIFEST.MF 1
-
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
- -keystore ${TESTSRC}${FS}JarSigning.keystore \
- -storepass bbbbbb \
- -digestalg SHA1 \
- -signedjar diffend.new.jar \
- diffend.jar c
-
-unzip -p diffend.new.jar META-INF/MANIFEST.MF | grep Today || exit 2
-
--- a/test/jdk/sun/security/tools/jarsigner/ec.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,83 +0,0 @@
-#
-# Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6870812
-# @summary enhance security tools to use ECC algorithm
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-KS=ec.jks
-JFILE=ec.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
-
-rm $KS $JFILE
-echo A > A
-$JAR cvf $JFILE A
-
-$KT -alias ca -dname CN=ca -keyalg ec -genkey -validity 300 || exit 11
-
-$KT -alias a -dname CN=a -keyalg ec -genkey || exit 11
-$KT -alias a -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias a || exit 111
-
-$KT -alias b -dname CN=b -keyalg ec -genkey || exit 12
-$KT -alias b -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias b || exit 121
-
-# Ensure that key length is sufficient for the intended hash (SHA512withECDSA)
-$KT -alias c -dname CN=c -keyalg ec -genkey -keysize 521 || exit 13
-$KT -alias c -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias c || exit 131
-
-$KT -alias x -dname CN=x -keyalg ec -genkey -validity 300 || exit 14
-$KT -alias x -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias x || exit 141
-
-$JARSIGNER -keystore $KS -storepass changeit $JFILE a -debug -strict || exit 21
-$JARSIGNER -keystore $KS -storepass changeit $JFILE b -debug -strict -sigalg SHA1withECDSA || exit 22
-$JARSIGNER -keystore $KS -storepass changeit $JFILE c -debug -strict -sigalg SHA512withECDSA || exit 23
-
-$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE a -debug -strict || exit 31
-$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE b -debug -strict || exit 32
-$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE c -debug -strict || exit 33
-
-# Not signed by x, should exit with non-zero
-$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE x -debug -strict && exit 34
-
-exit 0
-
--- a/test/jdk/sun/security/tools/jarsigner/emptymanifest.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,76 +0,0 @@
-#
-# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6712755
-# @summary jarsigner fails to sign itextasian.jar since 1.5.0_b14, it works with 1.5.0_13
-#
-# @run shell emptymanifest.sh
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-KS=emptymanifest.ks
-JFILE=em.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JAVA="$TESTJAVA${FS}bin${FS}java ${TESTVMOPTS}"
-JAVAC="$TESTJAVA${FS}bin${FS}javac ${TESTTOOLVMOPTS} ${TESTJAVACOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -keystore $KS -storepass changeit"
-
-rm $KS $JFILE
-echo A > A
-echo B > B
-mkdir META-INF
-cat <<EOF > CrLf.java
-class CrLf {
- public static void main(String[] args) throws Exception {
- System.out.write(new byte[] {'\r', '\n'});
- }
-}
-EOF
-$JAVAC CrLf.java
-$JAVA CrLf > META-INF${FS}MANIFEST.MF
-zip $JFILE META-INF${FS}MANIFEST.MF A B
-
-$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
-
-$JARSIGNER $JFILE a || exit 1
-$JARSIGNER -verify -debug -strict $JFILE || exit 2
-
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/jvindex.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-#
-# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8022761
-# @summary regression: SecurityException is NOT thrown while trying to pack a wrongly signed Indexed Jar file
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-F=abcde
-KS=jvindex.jks
-JFILE=jvindex.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit \
- -keystore $KS -keyalg rsa"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -keystore $KS -storepass changeit"
-
-rm $F $KS $JFILE 2> /dev/null
-
-echo 12345 > $F
-$JAR cvf $JFILE $F
-
-ERR=""
-
-$KT -alias a -dname CN=a -genkey -validity 300 || ERR="$ERR 1"
-
-$JARSIGNER $JFILE a || ERR="$ERR 2"
-$JAR i $JFILE
-
-# Make sure the $F line has "sm" (signed and in manifest)
-$JARSIGNER -verify -verbose $JFILE | grep $F | grep sm || ERR="$ERR 3"
-
-if [ "$ERR" = "" ]; then
- exit 0
-else
- echo "ERR is $ERR"
- exit 1
-fi
--- a/test/jdk/sun/security/tools/jarsigner/nameclash.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-#
-# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6876328
-# @summary different names for the same digest algorithms breaks jarsigner
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-KS=nc.ks
-JFILE=nc.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -keystore $KS -storepass changeit"
-
-rm $KS $JFILE
-
-$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
-$KT -alias b -dname CN=b -keyalg rsa -genkey -validity 300
-
-echo A > A
-$JAR cvf $JFILE A
-
-$JARSIGNER $JFILE a -digestalg SHA1 || exit 1
-$JARSIGNER $JFILE b -digestalg SHA-1 || exit 2
-
-$JARSIGNER -verify -debug -strict $JFILE || exit 3
-
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/newsize7.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-#
-# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6561126
-# @summary keytool should use larger default keysize for keypairs
-#
-# @run shell newsize7.sh
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVA_CMD=`which java`
- TESTJAVA=`dirname $JAVA_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-KSFILE=ns7.jks
-
-KT="${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -keystore ns7.jks -storepass changeit -keypass changeit -keyalg rsa"
-JAR="${TESTJAVA}${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JS="${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -keystore ns7.jks -storepass changeit"
-
-rm ns7.*
-
-$KT -genkeypair -alias me -dname CN=Me
-
-touch ns7.txt
-$JAR cvf ns7.jar ns7.txt
-
-$JS ns7.jar me
-$JAR xvf ns7.jar
-
-grep SHA-256 META-INF/MANIFEST.MF || exit 1
-grep SHA-256 META-INF/ME.SF || exit 2
-
-#rm -rf META-INF
-
-exit 0
--- a/test/jdk/sun/security/tools/jarsigner/oldsig.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,79 +0,0 @@
-#
-# Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6543940 6868865
-# @summary Exception thrown when signing a jarfile in java 1.5
-#
-# @run shell oldsig.sh
-
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
- TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
- echo "TESTJAVA not set. Test cannot execute."
- echo "FAILED!!!"
- exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- SunOS | Linux | Darwin | AIX )
- NULL=/dev/null
- PS=":"
- FS="/"
- CP="${FS}bin${FS}cp -f"
- ;;
- CYGWIN* )
- NULL=/dev/null
- PS=";"
- FS="/"
- CP="cp -f"
- ;;
- Windows_* )
- NULL=NUL
- PS=";"
- FS="\\"
- CP="cp -f"
- ;;
- * )
- echo "Unrecognized operating system!"
- exit 1;
- ;;
-esac
-
-# copy jar file into writeable location
-${CP} ${TESTSRC}${FS}oldsig${FS}A.jar B.jar
-${CP} ${TESTSRC}${FS}oldsig${FS}A.class B.class
-
-${TESTJAVA}${FS}bin${FS}jar ${TESTTOOLVMOPTS} uvf B.jar B.class
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} \
- -keystore ${TESTSRC}${FS}JarSigning.keystore \
- -storepass bbbbbb \
- -digestalg SHA1 \
- B.jar c
-${TESTJAVA}${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS} -verify B.jar
--- a/test/jdk/sun/security/tools/jarsigner/onlymanifest.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,70 +0,0 @@
-#
-# Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 7004035
-# @summary signed jar with only META-INF/* inside is not verifiable
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-KS=onlymanifest.jks
-JFILE=onlymanifest.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit \
- -keystore $KS -keyalg rsa"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
-
-rm $KS $JFILE 2> /dev/null
-
-# Create an empty jar file with only MANIFEST.MF
-
-echo "Key: Value" > manifest
-$JAR cvfm $JFILE manifest
-
-$KT -alias ca -dname CN=ca -genkey -validity 300 || exit 1
-$KT -alias a -dname CN=a -genkey -validity 300 || exit 2
-$KT -alias a -certreq | $KT -gencert -alias ca -validity 300 | $KT -import -alias a || exit 3
-$JARSIGNER -keystore $KS -storepass changeit $JFILE a -debug -strict || exit 4
-$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE a -debug -strict \
- > onlymanifest.out || exit 5
-
-grep unsigned onlymanifest.out && exit 6
-
-exit 0
-
--- a/test/jdk/sun/security/tools/jarsigner/passtype.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,76 +0,0 @@
-#
-# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6868579
-# @summary RFE: jarsigner to support reading password from environment variable
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-KS=pt.ks
-JFILE=pt.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -keystore $KS -validity 300 -keyalg rsa"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
-
-rm $KS $JFILE
-
-$KT -alias a -dname CN=a -keyalg rsa -genkey \
- -storepass test12 -keypass test12 || exit 1
-PASSENV=test12 $KT -alias b -dname CN=b -keyalg rsa -genkey \
- -storepass:env PASSENV -keypass:env PASSENV || exit 2
-echo test12 > passfile
-$KT -alias c -dname CN=c -keyalg rsa -genkey \
- -storepass:file passfile -keypass:file passfile || exit 3
-
-echo A > A
-$JAR cvf $JFILE A
-
-# Sign
-$JARSIGNER -keystore $KS -storepass test12 $JFILE a || exit 4
-PASSENV=test12 $JARSIGNER -keystore $KS -storepass:env PASSENV $JFILE b || exit 5
-$JARSIGNER -keystore $KS -storepass:file passfile $JFILE b || exit 6
-
-# Verify
-$JARSIGNER -keystore $KS -storepass test12 -verify -debug -strict $JFILE || exit 7
-PASSENV=test12 $JARSIGNER -keystore $KS -storepass:env PASSENV -verify -debug -strict $JFILE || exit 8
-$JARSIGNER -keystore $KS -storepass:file passfile -verify -debug -strict $JFILE || exit 9
-
-exit 0
-
--- a/test/jdk/sun/security/tools/jarsigner/samename.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,61 +0,0 @@
-#
-# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6866479
-# @summary libzip.so caused JVM to crash when running jarsigner
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* | CYGWIN* )
- SIGNEDJAR=EM.jar
- FS="\\"
- ;;
- * )
- SIGNEDJAR=em.jar
- FS="/"
- ;;
-esac
-
-KS=samename.jks
-JFILE=em.jar
-
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa"
-JAR="$TESTJAVA${FS}bin${FS}jar ${TESTTOOLVMOPTS}"
-JARSIGNER="$TESTJAVA${FS}bin${FS}jarsigner ${TESTTOOLVMOPTS}"
-
-rm $KS $JFILE $SIGNEDJAR
-echo A > A
-$JAR cvf $JFILE A
-
-$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
-
-$JARSIGNER -keystore $KS -storepass changeit -signedjar $SIGNEDJAR $JFILE a
-
--- a/test/jdk/sun/security/tools/jarsigner/weaksize.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,62 +0,0 @@
-#
-# Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8044755
-# @summary Add a test for algorithm constraints check in jarsigner
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-# The sigalg used is MD2withRSA, which is obsolete.
-
-KT="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -keystore ks
- -storepass changeit -keypass changeit
- -keyalg rsa -sigalg MD2withRSA -debug"
-JS="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS} -keystore ks
- -storepass changeit -strict -debug"
-JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}"
-
-rm ks 2> /dev/null
-
-$KT -genkeypair -alias ca -dname CN=CA -ext bc
-$KT -genkeypair -alias signer -dname CN=Signer
-
-$KT -certreq -alias signer | \
- $KT -gencert -alias ca -ext ku=dS -rfc | \
- $KT -importcert -alias signer
-
-$JAR cvf a.jar ks
-
-# We always trust a TrustedCertificateEntry
-$JS a.jar ca | grep "chain is invalid" && exit 1
-
-# An end-entity cert must follow algorithm constraints
-$JS a.jar signer | grep "chain is invalid" || exit 2
-
-exit 0
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/CloneKeyAskPassword.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6178366
+ * @library /test/lib
+ * @summary confirm that keytool correctly finds (and clones) a private key
+ * when the user is prompted for the key's password.
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+
+import java.io.File;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.KeyStore;
+
+public class CloneKeyAskPassword {
+ public static void main(String[] args) throws Exception {
+
+ // Different storepass and keypass
+ Files.copy(Path.of(
+ System.getProperty("test.src"), "CloneKeyAskPassword.jks"),
+ Path.of("CloneKeyAskPassword.jks"));
+
+ // Clone with original keypass
+ SecurityTools.setResponse("test456", "");
+ SecurityTools.keytool(
+ "-keyclone",
+ "-alias", "mykey",
+ "-dest", "myclone1",
+ "-keystore", "CloneKeyAskPassword.jks",
+ "-storepass", "test123").shouldHaveExitValue(0);
+
+ // Clone with new keypass
+ SecurityTools.setResponse("test456", "test789", "test789");
+ SecurityTools.keytool(
+ "-keyclone",
+ "-alias", "mykey",
+ "-dest", "myclone2",
+ "-keystore", "CloneKeyAskPassword.jks",
+ "-storepass", "test123").shouldHaveExitValue(0);
+
+ KeyStore ks = KeyStore.getInstance(
+ new File("CloneKeyAskPassword.jks"), "test123".toCharArray());
+ Asserts.assertNotNull(ks.getKey("myclone1", "test456".toCharArray()));
+ Asserts.assertNotNull(ks.getKey("myclone2", "test789".toCharArray()));
+ }
+}
--- a/test/jdk/sun/security/tools/keytool/CloneKeyAskPassword.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,94 +0,0 @@
-#
-# Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6178366
-# @summary confirm that keytool correctly finds (and clones) a private key
-# when the user is prompted for the key's password.
-#
-# @run shell CloneKeyAskPassword.sh
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-
-if [ "${TESTCLASSES}" = "" ] ; then
- TESTCLASSES="."
-fi
-
-if [ "${TESTJAVA}" = "" ] ; then
- echo "TESTJAVA not set. Test cannot execute."
- echo "FAILED!!!"
- exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- SunOS )
- PATHSEP=":"
- FILESEP="/"
- ;;
- Linux )
- PATHSEP=":"
- FILESEP="/"
- ;;
- Darwin )
- PATHSEP=":"
- FILESEP="/"
- ;;
- AIX )
- PATHSEP=":"
- FILESEP="/"
- ;;
- CYGWIN* )
- PATHSEP=";"
- FILESEP="/"
- ;;
- Windows* )
- PATHSEP=";"
- FILESEP="\\"
- ;;
- * )
- echo "Unrecognized system!"
- exit 1;
- ;;
-esac
-
-# get a writeable keystore
-cp ${TESTSRC}${FILESEP}CloneKeyAskPassword.jks .
-chmod 644 CloneKeyAskPassword.jks
-
-# run the test: attempt to clone the private key
-${TESTJAVA}${FILESEP}bin${FILESEP}keytool ${TESTTOOLVMOPTS} \
- -keyclone \
- -alias mykey \
- -dest myclone \
- -keystore CloneKeyAskPassword.jks \
- -storepass test123 <<EOF
-test456
-EOF
-
-exit $?
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/DefaultOptions.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,109 @@
+/*
+ * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8023197
+ * @summary Pre-configured command line options for keytool and jarsigner
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+import jdk.test.lib.process.ProcessTools;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+
+public class DefaultOptions {
+
+ public static void main(String[] args) throws Throwable {
+
+ Files.write(Path.of("kt.conf"), List.of(
+ "# A Pre-configured options file",
+ "keytool.all = -storepass:env PASS -keypass:env PASS "
+ + "-keystore ${user.dir}/ks -debug",
+ "keytool.genkey = -keyalg ec -ext bc",
+ "keytool.delete = -keystore nothing"));
+
+ // kt.conf is read
+ keytool("-conf kt.conf -genkeypair -dname CN=A -alias a")
+ .shouldHaveExitValue(0);
+ keytool("-conf kt.conf -list -alias a -v")
+ .shouldHaveExitValue(0)
+ .shouldMatch("Signature algorithm name.*ECDSA")
+ .shouldContain("BasicConstraints");
+
+ // kt.conf is read, and dup multi-valued options processed as expected
+ keytool("-conf kt.conf -genkeypair -dname CN=B -alias b -ext ku=ds")
+ .shouldHaveExitValue(0);
+ keytool("-conf kt.conf -list -alias b -v")
+ .shouldHaveExitValue(0)
+ .shouldContain("BasicConstraints")
+ .shouldContain("DigitalSignature");
+
+ // Single-valued option in command section override all
+ keytool("-conf kt.conf -delete -alias a")
+ .shouldNotHaveExitValue(0);
+
+ // Single-valued option on command line overrides again
+ keytool("-conf kt.conf -delete -alias b -keystore ks")
+ .shouldHaveExitValue(0);
+
+ // Error cases
+
+ // File does not exist
+ keytool("-conf no-such-file -help -list")
+ .shouldNotHaveExitValue(0);
+
+ // Cannot have both standard name (-genkeypair) and legacy name (-genkey)
+ Files.write(Path.of("bad.conf"), List.of(
+ "keytool.all = -storepass:env PASS -keypass:env PASS -keystore ks",
+ "keytool.genkeypair = -keyalg rsa",
+ "keytool.genkey = -keyalg ec"));
+
+ keytool("-conf bad.conf -genkeypair -alias me -dname cn=me")
+ .shouldNotHaveExitValue(0);
+
+ // Unknown options are rejected by tool
+ Files.write(Path.of("bad.conf"), List.of(
+ "keytool.all=-unknown"));
+
+ keytool("-conf bad.conf -help -list").shouldNotHaveExitValue(0);
+
+ // System property must be present
+ Files.write(Path.of("bad.conf"), List.of(
+ "keytool.all = -keystore ${no.such.prop}"));
+
+ keytool("-conf bad.conf -help -list").shouldNotHaveExitValue(0);
+ }
+
+ // Run keytool with one environment variable PASS=changeit
+ static OutputAnalyzer keytool(String cmd) throws Throwable {
+ ProcessBuilder pb = SecurityTools.getProcessBuilder(
+ "keytool", List.of(cmd.trim().split("\\s+")));
+ pb.environment().put("PASS", "changeit");
+ return ProcessTools.executeCommand(pb);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/EmptySubject.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6847026
+ * @summary keytool should be able to generate certreq and cert without subject name
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+public class EmptySubject{
+ static final String KS = "emptysubject.jks";
+ public static void main(String[] args) throws Exception {
+ kt("-alias", "ca", "-dname", "CN=CA", "-genkeypair");
+ kt("-alias", "me", "-dname", "CN=Me", "-genkeypair");
+
+ // When -dname is recognized, SAN must be specified, otherwise,
+ // -printcert fails.
+ kt("-alias", "me", "-certreq", "-dname", "", "-file", "me1.req")
+ .shouldHaveExitValue(0);
+ kt("-alias", "ca", "-gencert",
+ "-infile", "me1.req", "-outfile", "me1.crt")
+ .shouldHaveExitValue(0);
+ kt("-printcert", "-file", "me1.crt").shouldNotHaveExitValue(0);
+
+ kt("-alias", "me", "-certreq", "-file", "me2.req")
+ .shouldHaveExitValue(0);
+ kt("-alias", "ca", "-gencert", "-dname", "",
+ "-infile", "me2.req", "-outfile", "me2.crt")
+ .shouldHaveExitValue(0);
+ kt("-printcert", "-file", "me2.crt").shouldNotHaveExitValue(0);
+
+ kt("-alias", "me", "-certreq", "-dname", "", "-file", "me3.req")
+ .shouldHaveExitValue(0);
+ kt("-alias", "ca", "-gencert", "-ext", "san:c=email:me@me.com",
+ "-infile", "me3.req", "-outfile", "me3.crt")
+ .shouldHaveExitValue(0);
+ kt("-printcert", "-file", "me3.crt").shouldHaveExitValue(0);
+
+ kt("-alias", "me", "-certreq", "-file", "me4.req")
+ .shouldHaveExitValue(0);
+ kt("-alias", "ca", "-gencert", "-dname", "",
+ "-ext", "san:c=email:me@me.com",
+ "-infile", "me4.req", "-outfile", "me4.crt")
+ .shouldHaveExitValue(0);
+ kt("-printcert", "-file", "me4.crt").shouldHaveExitValue(0);
+ }
+
+ static OutputAnalyzer kt(String... s) throws Exception {
+ List<String> cmd = new ArrayList<>();
+ cmd.addAll(Arrays.asList(
+ "-storepass", "changeit",
+ "-keypass", "changeit",
+ "-keystore", KS,
+ "-keyalg", "rsa"));
+ cmd.addAll(Arrays.asList(s));
+ return SecurityTools.keytool(cmd);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/FileInHelp.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6922482
+ * @summary keytool's help on -file always shows 'output file'
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+public class FileInHelp {
+ public static void main(String[] args) throws Exception {
+ SecurityTools.keytool("-printcertreq -help")
+ .shouldHaveExitValue(0)
+ .shouldContain("input file");
+ SecurityTools.keytool("-exportcert -help")
+ .shouldHaveExitValue(0)
+ .shouldContain("output file");
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/ImportReadAll.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6819272
+ * @summary keytool -importcert should read the whole input
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+public class ImportReadAll {
+ public static void main(String[] args) throws Exception {
+ keytool("-genkeypair -alias a -dname CN=a").shouldHaveExitValue(0);
+ keytool("-genkeypair -alias ca -dname CN=ca").shouldHaveExitValue(0);
+
+ keytool("-certreq -alias a -file a.req").shouldHaveExitValue(0);
+ keytool("-gencert -alias ca -infile a.req -outfile a.crt")
+ .shouldHaveExitValue(0);
+ keytool("-importcert -alias a -file a.crt").shouldHaveExitValue(0);
+ }
+
+ static OutputAnalyzer keytool(String s) throws Exception {
+ return SecurityTools.keytool(
+ "-keystore importreadall.jks "
+ + "-storepass changeit -keypass changeit -keyalg rsa " + s);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/KeyAlg.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8029659
+ * @summary Keytool, print key algorithm of certificate or key entry
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+public class KeyAlg {
+ public static void main(String[] args) throws Exception {
+ keytool("-genkeypair -alias ca -dname CN=CA -keyalg EC")
+ .shouldHaveExitValue(0);
+ keytool("-genkeypair -alias user -dname CN=User -keyalg RSA -keysize 1024")
+ .shouldHaveExitValue(0);
+ keytool("-certreq -alias user -file user.req").shouldHaveExitValue(0);
+ keytool("-gencert -alias ca -rfc -sigalg SHA1withECDSA"
+ + " -infile user.req -outfile user.crt")
+ .shouldHaveExitValue(0);
+ keytool("-printcert -file user.crt")
+ .shouldHaveExitValue(0)
+ .shouldMatch("Signature algorithm name:.*SHA1withECDSA")
+ .shouldMatch("Subject Public Key Algorithm:.*1024.*RSA");
+ }
+
+ static OutputAnalyzer keytool(String s) throws Exception {
+ return SecurityTools.keytool(
+ "-keystore ks -storepass changeit -keypass changeit " + s);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/NewHelp.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6324292
+ * @summary keytool -help is unhelpful
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+public class NewHelp {
+ public static void main(String[] args) throws Exception {
+ SecurityTools.keytool("-help")
+ .shouldHaveExitValue(0)
+ .shouldContain("Commands:");
+ SecurityTools.keytool("-help -list")
+ .shouldHaveExitValue(0)
+ .shouldContain("Options:");
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/NoExtNPE.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6813402
+ * @summary keytool cannot -printcert entries without extensions
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+import java.nio.file.Path;
+
+public class NoExtNPE {
+ public static void main(String[] args) throws Exception {
+ SecurityTools.keytool("-list -v -keystore " +
+ Path.of(System.getProperty("test.src"), "CloneKeyAskPassword.jks")
+ + " -storepass test123").shouldHaveExitValue(0);
+ }
+}
--- a/test/jdk/sun/security/tools/keytool/NoExtNPE.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,75 +0,0 @@
-#
-# Copyright (c) 2009, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6813402
-# @summary keytool cannot -printcert entries without extensions
-#
-# @run shell NoExtNPE.sh
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-
-if [ "${TESTJAVA}" = "" ] ; then
- echo "TESTJAVA not set. Test cannot execute."
- echo "FAILED!!!"
- exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- SunOS )
- FILESEP="/"
- ;;
- Linux )
- FILESEP="/"
- ;;
- Darwin )
- FILESEP="/"
- ;;
- AIX )
- PATHSEP=":"
- FILESEP="/"
- ;;
- CYGWIN* )
- FILESEP="/"
- ;;
- Windows* )
- FILESEP="\\"
- ;;
- * )
- echo "Unrecognized system!"
- exit 1;
- ;;
-esac
-
-${TESTJAVA}${FILESEP}bin${FILESEP}keytool ${TESTTOOLVMOPTS} \
- -list -v \
- -keystore ${TESTSRC}${FILESEP}CloneKeyAskPassword.jks \
- -storepass test123
-
-exit $?
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/Resource.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6239297
+ * @summary keytool usage is broken after changing Resources.java
+ * @author Max Wang
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+public class Resource {
+ public static void main(String[] args) throws Exception {
+ SecurityTools.keytool()
+ .shouldNotContain("MissingResourceException");
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/SecretKeyKS.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 4694076
+ * @summary KeyTool throws ArrayIndexOutOfBoundsException for listing
+ * SecretKey entries in non-verbose mode.
+ * @author Valerie Peng
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+
+import java.nio.file.Path;
+
+public class SecretKeyKS {
+ public static void main(String[] args) throws Exception {
+ SecurityTools.keytool("-list -keystore " +
+ Path.of(System.getProperty("test.src"), "SecretKeyKS.jks") +
+ " -storepass password").shouldHaveExitValue(0);
+ }
+}
--- a/test/jdk/sun/security/tools/keytool/SecretKeyKS.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-#
-# Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 4694076
-# @summary KeyTool throws ArrayIndexOutOfBoundsException for listing
-# SecretKey entries in non-verbose mode.
-# @author Valerie Peng
-#
-# @run shell SecretKeyKS.sh
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
- TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
- echo "TESTJAVA not set. Test cannot execute."
- echo "FAILED!!!"
- exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- SunOS | Linux | Darwin | AIX )
- NULL=/dev/null
- PS=":"
- FS="/"
- ;;
- CYGWIN* )
- NULL=/dev/null
- PS=";"
- FS="/"
- ;;
- Windows_* )
- NULL=NUL
- PS=";"
- FS="\\"
- ;;
- * )
- echo "Unrecognized operating system!"
- exit 1;
- ;;
-esac
-
-# the test code
-
-${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -list -keystore ${TESTSRC}${FS}SecretKeyKS.jks -storepass password
-
-exit $?
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/SecurityToolsTest.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,61 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8180573
+ * @summary Enhance SecurityTools input line parsing
+ * @library /test/lib
+ */
+
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
+
+import java.util.List;
+
+public class SecurityToolsTest {
+ public static void main(String[] args) {
+ Asserts.assertEQ(SecurityTools.makeList("a b c"),
+ List.of("a", "b", "c"));
+ Asserts.assertEQ(SecurityTools.makeList(" a b c "),
+ List.of("a", "b", "c"));
+ Asserts.assertEQ(SecurityTools.makeList("a\tb\nc"),
+ List.of("a", "b", "c"));
+ Asserts.assertEQ(SecurityTools.makeList("a `b` c"),
+ List.of("a", "b", "c"));
+ Asserts.assertEQ(SecurityTools.makeList("`a` b c"),
+ List.of("a", "b", "c"));
+ Asserts.assertEQ(SecurityTools.makeList("a b `c`"),
+ List.of("a", "b", "c"));
+ Asserts.assertEQ(SecurityTools.makeList("`a b` b c"),
+ List.of("a b", "b", "c"));
+ Asserts.assertEQ(SecurityTools.makeList("`a b c`"),
+ List.of("a b c"));
+ Asserts.assertEQ(SecurityTools.makeList("a ` b ` c"),
+ List.of("a", " b ", "c"));
+ Asserts.assertEQ(SecurityTools.makeList("a`b c"),
+ List.of("a`b", "c"));
+ Asserts.assertEQ(SecurityTools.makeList("a `\"b\"` c"),
+ List.of("a", "\"b\"", "c"));
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/SelfIssued.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,68 @@
+/*
+ * Copyright (c) 2009, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 6825352 6937978
+ * @summary support self-issued certificate in keytool and let -gencert generate the chain
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+public class SelfIssued {
+ public static void main(String[] args) throws Exception {
+ keytool("-alias ca -dname CN=CA -genkeypair");
+ keytool("-alias ca1 -dname CN=CA1 -genkeypair");
+ keytool("-alias ca2 -dname CN=CA2 -genkeypair");
+ keytool("-alias e1 -dname CN=E1 -genkeypair");
+
+ // ca signs ca1, ca1 signs ca2, all self-issued
+ keytool("-alias ca1 -certreq -file ca1.req");
+ keytool("-alias ca -gencert -ext san=dns:ca1 "
+ + "-infile ca1.req -outfile ca1.crt");
+ keytool("-alias ca1 -importcert -file ca1.crt");
+
+ keytool("-alias ca2 -certreq -file ca2.req");
+ keytool("-alias ca1 -gencert -ext san=dns:ca2 "
+ + "-infile ca2.req -outfile ca2.crt");
+ keytool("-alias ca2 -importcert -file ca2.crt");
+
+ // Import e1 signed by ca2, should add ca2 and ca1, at least 3 certs in the chain
+ keytool("-alias e1 -certreq -file e1.req");
+ keytool("-alias ca2 -gencert -infile e1.req -outfile e1.crt");
+
+ keytool("-alias ca1 -delete");
+ keytool("-alias ca2 -delete");
+ keytool("-alias e1 -importcert -file e1.crt");
+ keytool("-alias e1 -list -v")
+ .shouldContain("[3]");
+ }
+
+ static OutputAnalyzer keytool(String s) throws Exception {
+ return SecurityTools.keytool("-storepass changeit -keypass changeit "
+ + "-keystore ks -keyalg rsa " + s);
+ }
+}
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/StandardAlgName.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 4909889
+ * @summary KeyTool accepts any input that user make as long as we can make some
+ * sense out of it, but when comes to present the info the user, it
+ * promotes a standard look.
+ * @author Andrew Fan
+ * @library /test/lib
+ * @run main/timeout=240 StandardAlgName
+ */
+
+import jdk.test.lib.SecurityTools;
+
+public class StandardAlgName {
+ public static void main(String[] args) throws Exception {
+ // CA
+ SecurityTools.keytool("-genkey", "-v", "-alias", "pkcs12testCA",
+ "-keyalg", "RsA", "-keysize", "2048",
+ "-sigalg", "ShA1wItHRSA",
+ "-dname", "cn=PKCS12 Test CA, ou = Security SQE, o = JavaSoft, c = US",
+ "-validity", "3650",
+ "-keypass", "storepass", "-keystore", "keystoreCA.jceks.data",
+ "-storepass", "storepass", "-storetype", "jceKS")
+ .shouldHaveExitValue(0)
+ .shouldNotContain("RsA")
+ .shouldNotContain("ShA1wItHRSA")
+ .shouldContain("RSA")
+ .shouldContain("SHA1withRSA");
+
+ // Lead
+ SecurityTools.keytool("-genkey", "-v", "-alias", "pkcs12testLead",
+ "-keyalg", "rSA", "-keysize", "1024",
+ "-sigalg", "mD5withRSA",
+ "-dname", "cn=PKCS12 Test Lead, ou=Security SQE, o=JavaSoft, c=US",
+ "-validity", "3650",
+ "-keypass", "storepass", "-keystore", "keystoreLead.jceks.data",
+ "-storepass", "storepass", "-storetype", "jCeks")
+ .shouldHaveExitValue(0)
+ .shouldNotContain("rSA")
+ .shouldNotContain("mD5withRSA")
+ .shouldContain("RSA")
+ .shouldContain("MD5withRSA");
+
+ // End User 1
+ SecurityTools.keytool("-genkey", "-v", "-alias", "pkcs12testEndUser1",
+ "-keyalg", "RSa", "-keysize", "1024",
+ "-sigalg", "sHa1wIThRSA",
+ "-dname", "cn=PKCS12 Test End User 1, ou=Security SQE, o=JavaSoft, c=US",
+ "-validity", "3650",
+ "-keypass", "storepass", "-keystore", "keystoreEndUser1.jceks.data",
+ "-storepass", "storepass", "-storetype", "Jceks")
+ .shouldHaveExitValue(0)
+ .shouldNotContain("RSa")
+ .shouldNotContain("sHa1wIThRSA")
+ .shouldContain("RSA")
+ .shouldContain("SHA1withRSA");
+ }
+}
--- a/test/jdk/sun/security/tools/keytool/StandardAlgName.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,94 +0,0 @@
-#
-# Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test 1.1 04/11/12
-# @bug 4909889
-# @summary KeyTool accepts any input that user make as long as we can make some
-# sense out of it, but when comes to present the info the user, it
-# promotes a standard look.
-# @author Andrew Fan
-#
-# @run shell/timeout=240 StandardAlgName.sh
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
- TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
- echo "TESTJAVA not set. Test cannot execute."
- echo "FAILED!!!"
- exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- SunOS | Linux | Darwin | AIX )
- NULL=/dev/null
- PS=":"
- FS="/"
- ;;
- CYGWIN* )
- NULL=/dev/null
- PS=";"
- FS="/"
- ;;
- Windows_* )
- NULL=NUL
- PS=";"
- FS="\\"
- ;;
- * )
- echo "Unrecognized operating system!"
- exit 1;
- ;;
-esac
-
-# the test code
-#CA
-${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -genkey -v -alias pkcs12testCA -keyalg "RsA" -keysize 2048 -sigalg "ShA1wItHRSA" -dname "cn=PKCS12 Test CA, ou=Security SQE, o=JavaSoft, c=US" -validity 3650 -keypass storepass -keystore keystoreCA.jceks.data -storepass storepass -storetype jceKS 2>&1 | egrep 'RsA|ShA1wItHRSA'
-
-RESULT=$?
-if [ $RESULT -eq 0 ]; then
- exit 1
-else
- #Lead
- ${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -genkey -v -alias pkcs12testLead -keyalg "rSA" -keysize 1024 -sigalg "mD5withRSA" -dname "cn=PKCS12 Test Lead, ou=Security SQE, o=JavaSoft, c=US" -validity 3650 -keypass storepass -keystore keystoreLead.jceks.data -storepass storepass -storetype jCeks 2>&1 | egrep 'rSA|mD5withRSA'
- RESULT=$?
- if [ $RESULT -eq 0 ]; then
- exit 1
- else
- #End User 1
- ${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -genkey -v -alias pkcs12testEndUser1 -keyalg "RSa" -keysize 1024 -sigalg "sHa1wIThRSA" -dname "cn=PKCS12 Test End User 1, ou=Security SQE, o=JavaSoft, c=US" -validity 3650 -keypass storepass -keystore keystoreEndUser1.jceks.data -storepass storepass -storetype Jceks 2>&1 | egrep 'RSa|sHa1wIThRSA'
- RESULT=$?
- if [ $RESULT -eq 0 ]; then
- exit 1
- else
- exit 0
- fi
- fi
-fi
-
--- a/test/jdk/sun/security/tools/keytool/StorePasswords.java Thu Apr 11 22:56:11 2019 -0400
+++ b/test/jdk/sun/security/tools/keytool/StorePasswords.java Fri Apr 12 13:35:23 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,8 +25,12 @@
* @test
* @bug 8008296
* @summary Store and retrieve user passwords using PKCS#12 keystore
+ * @library /test/lib
*/
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
import java.io.*;
import java.security.*;
import java.util.*;
@@ -79,6 +83,18 @@
"recovered " + recoverCount + " user passwords");
new File(KEYSTORE).delete();
+
+ storeCount = storeByShell();
+ recoverCount = recoverByShell();
+
+ if (recoverCount != storeCount || storeCount < 11) {
+ throw new Exception("Stored " + storeCount + " user passwords, " +
+ "recovered " + recoverCount + " user passwords");
+ }
+ System.out.println("\nStored " + storeCount + " user passwords, " +
+ "recovered " + recoverCount + " user passwords");
+
+ new File(KEYSTORE).delete();
}
private static int store() throws Exception {
@@ -189,4 +205,35 @@
return count;
}
+
+ private static int storeByShell() throws Exception {
+ int count = 0;
+ for (String algorithm : PBE_ALGORITHMS) {
+ System.out.println("Storing user password (protected by " + algorithm + " )");
+ String importCmd = count < 5 ? "-importpassword" : "-importpass";
+ String keyAlg = algorithm.equals("default PBE algorithm")
+ ? "" : (" -keyalg " + algorithm);
+ SecurityTools.setResponse("hello1");
+ OutputAnalyzer oa = SecurityTools.keytool(importCmd
+ + " -storetype pkcs12 -keystore mykeystore.p12"
+ + " -storepass changeit -alias `this entry is protected by "
+ + algorithm + "`" + keyAlg);
+ if (oa.getExitValue() == 0) {
+ System.out.println("OK");
+ count++;
+ } else {
+ System.out.println("ERROR");
+ }
+ }
+ return count;
+ }
+
+ private static int recoverByShell() throws Exception {
+ return (int)SecurityTools.keytool("-list -storetype pkcs12"
+ + " -keystore mykeystore.p12 -storepass changeit")
+ .shouldHaveExitValue(0)
+ .asLines().stream()
+ .filter(s -> s.contains("this entry is protected by"))
+ .count();
+ }
}
--- a/test/jdk/sun/security/tools/keytool/StorePasswordsByShell.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,132 +0,0 @@
-#
-# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8008296
-# @summary confirm that keytool correctly imports user passwords
-#
-# @run shell StorePasswordsByShell.sh
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-
-if [ "${TESTCLASSES}" = "" ] ; then
- TESTCLASSES="."
-fi
-
-if [ "${TESTJAVA}" = "" ] ; then
- echo "TESTJAVA not set. Test cannot execute."
- echo "FAILED!!!"
- exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- SunOS | Linux | Darwin | AIX)
- PATHSEP=":"
- FILESEP="/"
- ;;
- CYGWIN* )
- PATHSEP=";"
- FILESEP="/"
- ;;
- Windows* )
- PATHSEP=";"
- FILESEP="\\"
- ;;
- * )
- echo "Unrecognized system!"
- exit 1;
- ;;
-esac
-
-PBE_ALGORITHMS="\
- default-PBE-algorithm \
- PBEWithMD5AndDES \
- PBEWithSHA1AndDESede \
- PBEWithSHA1AndRC2_40 \
- PBEWithSHA1AndRC2_128
- PBEWithSHA1AndRC4_40 \
- PBEWithSHA1AndRC4_128 \
- PBEWithHmacSHA1AndAES_128 \
- PBEWithHmacSHA224AndAES_128 \
- PBEWithHmacSHA256AndAES_128 \
- PBEWithHmacSHA384AndAES_128 \
- PBEWithHmacSHA512AndAES_128 \
- PBEWithHmacSHA1AndAES_256 \
- PBEWithHmacSHA224AndAES_256 \
- PBEWithHmacSHA256AndAES_256 \
- PBEWithHmacSHA384AndAES_256 \
- PBEWithHmacSHA512AndAES_256"
-
-USER_PWD="hello1\n"
-ALIAS_PREFIX="this entry is protected by "
-COUNTER=0
-
-# cleanup
-rm mykeystore.p12 > /dev/null 2>&1
-
-echo
-for i in $PBE_ALGORITHMS; do
-
- if [ $i = "default-PBE-algorithm" ]; then
- KEYALG=""
- else
- KEYALG="-keyalg ${i}"
- fi
-
- if [ $COUNTER -lt 5 ]; then
- IMPORTPASSWORD="-importpassword"
- else
- IMPORTPASSWORD="-importpass"
- fi
-
- echo "Storing user password (protected by ${i})"
- echo "${USER_PWD}" | \
- ${TESTJAVA}${FILESEP}bin${FILESEP}keytool ${TESTTOOLVMOPTS} ${IMPORTPASSWORD} \
- -storetype pkcs12 -keystore mykeystore.p12 -storepass changeit \
- -alias "${ALIAS_PREFIX}${i}" ${KEYALG} > /dev/null 2>&1
- if [ $? -ne 0 ]; then
- echo Error
- else
- echo OK
- COUNTER=`expr ${COUNTER} + 1`
- fi
-done
-echo
-
-COUNTER2=`${TESTJAVA}${FILESEP}bin${FILESEP}keytool ${TESTTOOLVMOPTS} -list -storetype pkcs12 \
- -keystore mykeystore.p12 -storepass changeit | grep -c "${ALIAS_PREFIX}"`
-
-RESULT="stored ${COUNTER} user passwords, detected ${COUNTER2} user passwords"
-if [ $COUNTER -ne $COUNTER2 -o $COUNTER -lt 11 ]; then
- echo "ERROR: $RESULT"
- exit 1
-else
- echo "OK: $RESULT"
- exit 0
-fi
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/tools/keytool/TryStore.java Fri Apr 12 13:35:23 2019 +0800
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 7047200
+ * @summary keytool can try save to a byte array before overwrite the file
+ * @library /test/lib
+ */
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+public class TryStore {
+ public static void main(String[] args) throws Exception {
+ keytool("-genkeypair -alias a -dname CN=A -storepass changeit -keypass changeit");
+ keytool("-genkeypair -alias b -dname CN=B -storepass changeit -keypass changeit");
+
+ // We use -protected for JKS keystore. This is illegal so the command should
+ // fail. Then we can check if the keystore is damaged.
+
+ keytool("-genkeypair -protected -alias b -delete -debug")
+ .shouldNotHaveExitValue(0);
+
+ keytool("-list -storepass changeit")
+ .shouldHaveExitValue(0);
+ }
+
+ static OutputAnalyzer keytool(String s) throws Exception {
+ return SecurityTools.keytool(
+ "-storetype jks -keystore trystore.jks -keyalg rsa " + s);
+ }
+}
--- a/test/jdk/sun/security/tools/keytool/default_options.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,99 +0,0 @@
-#
-# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8023197
-# @summary Pre-configured command line options for keytool and jarsigner
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-KS=ks
-KEYTOOL="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS}"
-
-rm $KS 2> /dev/null
-
-PASS=changeit
-export PASS
-
-cat <<EOF > kt.conf
-# A Pre-configured options file
-keytool.all = -storepass:env PASS -keypass:env PASS -keystore \${user.dir}/$KS -debug
-keytool.genkey = -keyalg ec -ext bc
-keytool.delete = -keystore nothing
-EOF
-
-# kt.conf is read
-$KEYTOOL -conf kt.conf -genkeypair -dname CN=A -alias a || exit 1
-$KEYTOOL -conf kt.conf -list -alias a -v > a_certinfo || exit 2
-grep "Signature algorithm name" a_certinfo | grep ECDSA || exit 3
-grep "BasicConstraints" a_certinfo || exit 4
-
-# kt.conf is read, and dup multi-valued options processed as expected
-$KEYTOOL -conf kt.conf -genkeypair -dname CN=B -alias b -ext ku=ds \
- || exit 11
-$KEYTOOL -conf kt.conf -list -alias b -v > b_certinfo || exit 12
-grep "BasicConstraints" b_certinfo || exit 14
-grep "DigitalSignature" b_certinfo || exit 15
-
-# Single-valued option in command section override all
-$KEYTOOL -conf kt.conf -delete -alias a && exit 16
-
-# Single-valued option on command line overrides again
-$KEYTOOL -conf kt.conf -delete -alias b -keystore $KS || exit 17
-
-# Error cases
-
-# File does not exist
-$KEYTOOL -conf no-such-file -help -list && exit 31
-
-# Cannot have both standard name (-genkeypair) and legacy name (-genkey)
-cat <<EOF > bad.conf
-keytool.all = -storepass:env PASS -keypass:env PASS -keystore ks
-keytool.genkeypair = -keyalg rsa
-keytool.genkey = -keyalg ec
-EOF
-
-$KEYTOOL -conf bad.conf -genkeypair -alias me -dname "cn=me" && exit 32
-
-# Unknown options are rejected by tool
-cat <<EOF > bad.conf
-keytool.all=-unknown
-EOF
-
-$KEYTOOL -conf bad.conf -help -list && exit 33
-
-# System property must be present
-cat <<EOF > bad.conf
-keytool.all = -keystore \${no.such.prop}
-EOF
-
-$KEYTOOL -conf bad.conf -help -list && exit 34
-
-echo Done
-exit 0
--- a/test/jdk/sun/security/tools/keytool/emptysubject.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,68 +0,0 @@
-#
-# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6847026
-# @summary keytool should be able to generate certreq and cert without subject name
-#
-# @run shell emptysubject.sh
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-KS=emptysubject.jks
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa"
-
-rm $KS
-
-$KT -alias ca -dname CN=CA -genkeypair
-$KT -alias me -dname CN=Me -genkeypair
-
-# When -dname is recognized, SAN must be specfied, otherwise, -printcert fails.
-$KT -alias me -certreq -dname "" | \
- $KT -alias ca -gencert | $KT -printcert && exit 1
-$KT -alias me -certreq | \
- $KT -alias ca -gencert -dname "" | $KT -printcert && exit 2
-$KT -alias me -certreq -dname "" | \
- $KT -alias ca -gencert -ext san:c=email:me@me.com | \
- $KT -printcert || exit 3
-$KT -alias me -certreq | \
- $KT -alias ca -gencert -dname "" -ext san:c=email:me@me.com | \
- $KT -printcert || exit 4
-
-exit 0
-
--- a/test/jdk/sun/security/tools/keytool/file-in-help.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
-#
-# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6922482
-# @summary keytool's help on -file always shows 'output file'
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -printcertreq -help 2> h1 || exit 1
-$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -exportcert -help 2> h2 || exit 2
-
-grep "input file" h1 || exit 3
-grep "output file" h2 || exit 4
-
-exit 0
-
--- a/test/jdk/sun/security/tools/keytool/i18n.html Thu Apr 11 22:56:11 2019 -0400
+++ b/test/jdk/sun/security/tools/keytool/i18n.html Fri Apr 12 13:35:23 2019 +0800
@@ -1,11 +1,7 @@
<html>
<body>
-<applet width=100 height=100 code=i18n.class>
-</applet>
-
-This is a multi-stage test. Click on "done" when you have completed
-reading these instructions. For each instruction, make sure the output
+This is a multi-stage test. For each instruction, make sure the output
from keytool is correct (you can read everything in english fine).
<ol>
@@ -115,7 +111,5 @@
If all the output (english) is correct, then the test passed.
Otherwise, the test failed.
-Press "Pass" if ... press "Fail" otherwise.
-
</body>
</html>
--- a/test/jdk/sun/security/tools/keytool/i18n.java Thu Apr 11 22:56:11 2019 -0400
+++ b/test/jdk/sun/security/tools/keytool/i18n.java Fri Apr 12 13:35:23 2019 +0800
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,8 +21,19 @@
* questions.
*/
-// This trivial file is only necessary to display instructions and "pass/fail"
-// buttons for a manual test.
-public class i18n extends java.applet.Applet
-{
+/*
+ * @test
+ * @bug 4348369 8076069
+ * @summary keytool not i18n compliant
+ * @author charlie lai
+ * @run main/manual i18n
+ */
+
+import java.nio.file.Path;
+
+public class i18n{
+ public static void main(String[] args) throws Exception {
+ System.out.println("see i18n.html");
+ System.out.println(Path.of(System.getProperty("test.jdk"), "bin", "keytool"));
+ }
}
--- a/test/jdk/sun/security/tools/keytool/i18n.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,73 +0,0 @@
-#
-# Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 4348369 8076069
-# @summary keytool not i18n compliant
-# @author charlie lai
-# @run shell/manual i18n.sh
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
- TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
- echo "TESTJAVA not set. Test cannot execute."
- echo "FAILED!!!"
- exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- AIX | Darwin | Linux | SunOS )
- NULL=/dev/null
- PS=":"
- FS="/"
- ;;
- CYGWIN* )
- NULL=/dev/null
- PS=";"
- FS="/"
- ;;
- Windows* )
- NULL=NUL
- PS=";"
- FS="\\"
- ;;
- * )
- echo "Unrecognized system!"
- exit 1;
- ;;
-esac
-KEYTOOL=${TESTJAVA}${FS}bin${FS}keytool
-
-# the test code
-
-# see i18n.html
-
-exit $?
--- a/test/jdk/sun/security/tools/keytool/importreadall.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,62 +0,0 @@
-#
-# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6819272
-# @summary keytool -importcert should read the whole input
-#
-# @run shell importreadall.sh
-
-# set a few environment variables so that the shell-script can run stand-alone
-# in the source directory
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVA_CMD=`which java`
- TESTJAVA=`dirname $JAVA_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-KEYTOOL="${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -keystore importreadall.jks -storepass changeit -keypass changeit -keyalg rsa"
-
-# In case the test is run twice in the same directory
-
-$KEYTOOL -delete -alias a
-$KEYTOOL -delete -alias ca
-$KEYTOOL -genkeypair -alias a -dname CN=a || exit 1
-$KEYTOOL -genkeypair -alias ca -dname CN=ca || exit 2
-$KEYTOOL -certreq -alias a | $KEYTOOL -gencert -alias ca | $KEYTOOL -importcert -alias a
-
-exit $?
--- a/test/jdk/sun/security/tools/keytool/keyalg.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,49 +0,0 @@
-#
-# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 8029659
-# @summary Keytool, print key algorithm of certificate or key entry
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-KS=ks
-KEYTOOL="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -keystore ks -storepass changeit -keypass changeit"
-
-rm $KS 2> /dev/null
-
-$KEYTOOL -genkeypair -alias ca -dname CN=CA -keyalg EC || exit 1
-$KEYTOOL -genkeypair -alias user -dname CN=User -keyalg RSA -keysize 1024 || exit 2
-$KEYTOOL -certreq -alias user |
- $KEYTOOL -gencert -alias ca -rfc -sigalg SHA1withECDSA |
- $KEYTOOL -printcert > user.dump || exit 3
-
-cat user.dump | grep "Signature algorithm name:" | grep SHA1withECDSA || exit 4
-cat user.dump | grep "Subject Public Key Algorithm:" | grep RSA | grep 1024 || exit 5
-
--- a/test/jdk/sun/security/tools/keytool/newhelp.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,54 +0,0 @@
-#
-# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6324292
-# @summary keytool -help is unhelpful
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
-
-$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -help 2> h1 || exit 1
-$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -help -list 2> h2 || exit 2
-
-grep Commands: h1 || exit 3
-grep Options: h2 || exit 4
-
-exit 0
-
--- a/test/jdk/sun/security/tools/keytool/resource.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,72 +0,0 @@
-#
-# Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6239297
-# @summary keytool usage is broken after changing Resources.java
-# @author Max Wang
-#
-# @run shell resource.sh
-
-if [ "${TESTSRC}" = "" ] ; then
- TESTSRC="."
-fi
-if [ "${TESTCLASSES}" = "" ] ; then
- TESTCLASSES="."
-fi
-if [ "${TESTJAVA}" = "" ] ; then
- echo "TESTJAVA not set. Test cannot execute."
- echo "FAILED!!!"
- exit 1
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- SunOS | Linux | Darwin | AIX )
- NULL=/dev/null
- FS="/"
- ;;
- CYGWIN* )
- NULL=/dev/null
- FS="/"
- ;;
- Windows_* )
- NULL=NUL
- FS="\\"
- ;;
- * )
- echo "Unrecognized operating system!"
- exit 1;
- ;;
-esac
-
-# the test code
-${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} > temp_file_40875602475 2> ${NULL}
-grep MissingResourceException temp_file_40875602475
-
-if [ $? -eq 0 ]; then
- exit 1
-fi
-
-exit 0
--- a/test/jdk/sun/security/tools/keytool/selfissued.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,71 +0,0 @@
-#
-# Copyright (c) 2009, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 6825352 6937978
-# @summary support self-issued certificate in keytool and let -gencert generate the chain
-#
-# @run shell selfissued.sh
-#
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-KS=selfsigned.ks
-KT="$TESTJAVA${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storepass changeit -keypass changeit -keystore $KS -keyalg rsa"
-
-rm $KS
-
-$KT -alias ca -dname CN=CA -genkeypair
-$KT -alias ca1 -dname CN=CA1 -genkeypair
-$KT -alias ca2 -dname CN=CA2 -genkeypair
-$KT -alias e1 -dname CN=E1 -genkeypair
-
-# ca signs ca1, ca1 signs ca2, all self-issued
-$KT -alias ca1 -certreq | $KT -alias ca -gencert -ext san=dns:ca1 \
- | $KT -alias ca1 -importcert
-$KT -alias ca2 -certreq | $KT -alias ca1 -gencert -ext san=dns:ca2 \
- | $KT -alias ca2 -importcert
-
-# Import e1 signed by ca2, should add ca2 and ca1, at least 3 certs in the chain
-$KT -alias e1 -certreq | $KT -alias ca2 -gencert > e1.cert
-$KT -alias ca1 -delete
-$KT -alias ca2 -delete
-cat e1.cert | $KT -alias e1 -importcert
-$KT -alias e1 -list -v | grep '\[3\]' || { echo Bad E1; exit 1; }
-
-echo Good
-
--- a/test/jdk/sun/security/tools/keytool/trystore.sh Thu Apr 11 22:56:11 2019 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-#
-# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# @test
-# @bug 7047200
-# @summary keytool can try save to a byte array before overwrite the file
-
-if [ "${TESTJAVA}" = "" ] ; then
- JAVAC_CMD=`which javac`
- TESTJAVA=`dirname $JAVAC_CMD`/..
-fi
-
-# set platform-dependent variables
-OS=`uname -s`
-case "$OS" in
- Windows_* )
- FS="\\"
- ;;
- * )
- FS="/"
- ;;
-esac
-
-rm trystore.jks 2> /dev/null
-
-KEYTOOL="${TESTJAVA}${FS}bin${FS}keytool ${TESTTOOLVMOPTS} -storetype jks -keystore trystore.jks -keyalg rsa"
-$KEYTOOL -genkeypair -alias a -dname CN=A -storepass changeit -keypass changeit
-$KEYTOOL -genkeypair -alias b -dname CN=B -storepass changeit -keypass changeit
-
-# We use -protected for JKS keystore. This is illegal so the command should
-# fail. Then we can check if the keystore is damaged.
-
-$KEYTOOL -genkeypair -protected -alias b -delete -debug
-
-if [ $? = 0 ]; then
- echo "What? -protected works for JKS?"
- exit 1
-fi
-
-$KEYTOOL -list -storepass changeit
-
-if [ $? != 0 ]; then
- echo "Keystore file damaged"
- exit 2
-fi
--- a/test/lib/jdk/test/lib/SecurityTools.java Thu Apr 11 22:56:11 2019 -0400
+++ b/test/lib/jdk/test/lib/SecurityTools.java Fri Apr 12 13:35:23 2019 +0800
@@ -28,6 +28,7 @@
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
+import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
@@ -52,7 +53,7 @@
private SecurityTools() {}
- private static ProcessBuilder getProcessBuilder(String tool, List<String> args) {
+ public static ProcessBuilder getProcessBuilder(String tool, List<String> args) {
JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK(tool)
.addVMArg("-Duser.language=en")
.addVMArg("-Duser.country=US");
@@ -62,6 +63,9 @@
for (String arg : args) {
if (arg.startsWith("-J")) {
launcher.addVMArg(arg.substring(2));
+ } else if (Platform.isWindows() && arg.isEmpty()) {
+ // JDK-6518827: special handling for empty argument on Windows
+ launcher.addToolArg("\"\"");
} else {
launcher.addToolArg(arg);
}
@@ -97,14 +101,13 @@
/**
* Runs keytool.
*
- * @param args arguments to keytool in a single string. Only call this if
- * there is no white space inside an argument. This string will
- * be split with {@code \s+}.
+ * @param args arguments to keytool in a single string. The string is
+ * converted to be List with makeList.
* @return an {@link OutputAnalyzer} object
* @throws Exception if there is an error
*/
public static OutputAnalyzer keytool(String args) throws Exception {
- return keytool(args.split("\\s+"));
+ return keytool(makeList(args));
}
/**
@@ -174,15 +177,14 @@
/**
* Runs jarsigner.
*
- * @param args arguments to jarsigner in a single string. Only call this if
- * there is no white space inside an argument. This string will
- * be split with {@code \s+}.
+ * @param args arguments to jarsigner in a single string. The string is
+ * converted to be List with makeList.
* @return an {@link OutputAnalyzer} object
* @throws Exception if there is an error
*/
public static OutputAnalyzer jarsigner(String args) throws Exception {
- return jarsigner(args.split("\\s+"));
+ return jarsigner(makeList(args));
}
/**
@@ -199,29 +201,79 @@
/**
* Runs ktab.
*
- * @param args arguments to ktab in a single string. Only call this if
- * there is no white space inside an argument. This string will
- * be split with {@code \s+}.
+ * @param args arguments to ktab in a single string. The string is
+ * converted to be List with makeList.
* @return an {@link OutputAnalyzer} object
* @throws Exception if there is an error
*/
public static OutputAnalyzer ktab(String args) throws Exception {
- return execute(getProcessBuilder(
- "ktab", List.of(args.trim().split("\\s+"))));
+ return execute(getProcessBuilder("ktab", makeList(args)));
}
/**
* Runs klist.
*
- * @param args arguments to klist in a single string. Only call this if
- * there is no white space inside an argument. This string will
- * be split with {@code \s+}.
+ * @param args arguments to klist in a single string. The string is
+ * converted to be List with makeList.
* @return an {@link OutputAnalyzer} object
* @throws Exception if there is an error
*/
public static OutputAnalyzer klist(String args) throws Exception {
- return execute(getProcessBuilder(
- "klist", List.of(args.trim().split("\\s+"))));
+ return execute(getProcessBuilder("klist", makeList(args)));
+ }
+
+ /**
+ * Runs jar.
+ *
+ * @param args arguments to jar in a single string. The string is
+ * converted to be List with makeList.
+ * @return an {@link OutputAnalyzer} object
+ * @throws Exception if there is an error
+ */
+ public static OutputAnalyzer jar(String args) throws Exception {
+ return execute(getProcessBuilder("jar", makeList(args)));
+ }
+
+ /**
+ * Split a line to a list of string. All whitespaces are treated as
+ * delimiters unless quoted between ` and `.
+ *
+ * @param line the input
+ * @return the list
+ */
+ public static List<String> makeList(String line) {
+ List<String> result = new ArrayList<>();
+ StringBuilder sb = new StringBuilder();
+ boolean inBackTick = false;
+ for (char c : line.toCharArray()) {
+ if (inBackTick) {
+ if (c == '`') {
+ result.add(sb.toString());
+ sb.setLength(0);
+ inBackTick = false;
+ } else {
+ sb.append(c);
+ }
+ } else {
+ if (sb.length() == 0 && c == '`') {
+ // Allow ` inside a string
+ inBackTick = true;
+ } else {
+ if (Character.isWhitespace(c)) {
+ if (sb.length() != 0) {
+ result.add(sb.toString());
+ sb.setLength(0);
+ }
+ } else {
+ sb.append(c);
+ }
+ }
+ }
+ }
+ if (sb.length() != 0) {
+ result.add(sb.toString());
+ }
+ return result;
}
}