test/jdk/jdk/security/jarsigner/Function.java - platform/libcore - Git at Google

 /*
  * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * version 2 for more details (a copy is included in the LICENSE file that
  * accompanied this code).
  *
  * You should have received a copy of the GNU General Public License version
  * 2 along with this work; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  *
  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */

 /*
  * @test
  * @bug 8056174 8130181
  * @summary test the functions of JarSigner API
  * @modules java.base/sun.security.tools.keytool
  *          jdk.jartool
  */

 import jdk.security.jarsigner.JarSigner;

 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.security.InvalidKeyException;
 import java.security.InvalidParameterException;
 import java.security.KeyStore;
 import java.security.MessageDigest;
 import java.security.PrivateKey;
 import java.security.Provider;
 import java.security.PublicKey;
 import java.security.Signature;
 import java.security.SignatureException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateFactory;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.jar.JarFile;
 import java.util.jar.Manifest;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipFile;
 import java.util.zip.ZipOutputStream;

 public class Function {
     public static void main(String[] args) throws Exception {

         try (FileOutputStream fout =new FileOutputStream("src.zip");
                 ZipOutputStream zout = new ZipOutputStream(fout)) {
             zout.putNextEntry(new ZipEntry("x"));
             zout.write(new byte[10]);
             zout.closeEntry();
         }

         sun.security.tools.keytool.Main.main(
                 ("-storetype jks -keystore ks -storepass changeit" +
                         " -keypass changeit -dname" +
                         " CN=RSA -alias r -genkeypair -keyalg rsa").split(" "));

         JarSigner.Builder jsb;

         try (FileInputStream fis = new FileInputStream("ks")) {
             KeyStore ks = KeyStore.getInstance("JKS");
             ks.load(fis, "changeit".toCharArray());
             PrivateKey key = (PrivateKey)ks.getKey("r", "changeit".toCharArray());
             Certificate cert = ks.getCertificate("r");
             jsb = new JarSigner.Builder(key,
                     CertificateFactory.getInstance("X.509").generateCertPath(
                             Collections.singletonList(cert)));
         }

         jsb.digestAlgorithm("SHA1");
         jsb.signatureAlgorithm("SHA1withRSA");

         AtomicInteger counter = new AtomicInteger(0);
         StringBuilder sb = new StringBuilder();
         jsb.eventHandler(
                 (a, f)->{
                     counter.incrementAndGet();
                     sb.append(a).append(' ').append(f).append('\n');
                 });

         OutputStream blackHole = new OutputStream() {
             @Override
             public void write(int b) throws IOException { }
         };

         try (ZipFile src = new ZipFile("src.zip")) {
             jsb.build().sign(src, blackHole);
         }

         if (counter.get() != 4) {
             throw new Exception("Event number is " + counter.get()
                     + ":\n" + sb.toString());
         }

         // Provider test.
         Provider p = new MyProvider();
         jsb.digestAlgorithm("Five", p);
         jsb.signatureAlgorithm("SHA1WithRSA", p);
         try (ZipFile src = new ZipFile("src.zip");
                 FileOutputStream out = new FileOutputStream("out.jar")) {
             jsb.build().sign(src, out);
         }

         try (JarFile signed = new JarFile("out.jar")) {
             Manifest man = signed.getManifest();
             assertTrue(man.getAttributes("x").getValue("Five-Digest").equals("FAKE"));

             Manifest sf = new Manifest(signed.getInputStream(
                     signed.getJarEntry("META-INF/SIGNER.SF")));
             assertTrue(sf.getMainAttributes().getValue("Five-Digest-Manifest")
                     .equals("FAKE"));
             assertTrue(sf.getAttributes("x").getValue("Five-Digest").equals("FAKE"));

             try (InputStream sig = signed.getInputStream(
                     signed.getJarEntry("META-INF/SIGNER.RSA"))) {
                 byte[] data = sig.readAllBytes();
                 assertTrue(Arrays.equals(
                         Arrays.copyOfRange(data, data.length-8, data.length),
                         "FAKEFAKE".getBytes()));
             }
         }
     }

     private static void assertTrue(boolean v) {
         if (!v) {
             throw new AssertionError();
         }
     }

     public static class MyProvider extends Provider {
         MyProvider() {
             super("MY", "1.0", null);
             put("MessageDigest.Five", Five.class.getName());
             put("Signature.SHA1WithRSA", SHA1WithRSA.class.getName());
         }
     }

     // "Five" is a MessageDigest always returns the same value
     public static class Five extends MessageDigest {
         static final byte[] dig = {0x14, 0x02, (byte)0x84}; //base64 -> FAKE
         public Five() { super("Five"); }
         protected void engineUpdate(byte input) { }
         protected void engineUpdate(byte[] input, int offset, int len) { }
         protected byte[] engineDigest() { return dig; }
         protected void engineReset() { }
     }

     // This fake "SHA1withRSA" is a Signature always returns the same value.
     // An existing name must be used otherwise PKCS7 does not which OID to use.
     public static class SHA1WithRSA extends Signature {
         static final byte[] sig = "FAKEFAKE".getBytes();
         public SHA1WithRSA() { super("SHA1WithRSA"); }
         protected void engineInitVerify(PublicKey publicKey)
                 throws InvalidKeyException { }
         protected void engineInitSign(PrivateKey privateKey)
                 throws InvalidKeyException { }
         protected void engineUpdate(byte b) throws SignatureException { }
         protected void engineUpdate(byte[] b, int off, int len)
                 throws SignatureException { }
         protected byte[] engineSign() throws SignatureException { return sig; }
         protected boolean engineVerify(byte[] sigBytes)
                 throws SignatureException {
             return Arrays.equals(sigBytes, sig);
         }
         protected void engineSetParameter(String param, Object value)
                 throws InvalidParameterException { }
         protected Object engineGetParameter(String param)
                 throws InvalidParameterException { return null; }
     }
 }
	/*
	* Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	/*
	* @test
	* @bug 8056174 8130181
	* @summary test the functions of JarSigner API
	* @modules java.base/sun.security.tools.keytool
	* jdk.jartool
	*/

	import jdk.security.jarsigner.JarSigner;

	import java.io.FileInputStream;
	import java.io.FileOutputStream;
	import java.io.IOException;
	import java.io.InputStream;
	import java.io.OutputStream;
	import java.security.InvalidKeyException;
	import java.security.InvalidParameterException;
	import java.security.KeyStore;
	import java.security.MessageDigest;
	import java.security.PrivateKey;
	import java.security.Provider;
	import java.security.PublicKey;
	import java.security.Signature;
	import java.security.SignatureException;
	import java.security.cert.Certificate;
	import java.security.cert.CertificateFactory;
	import java.util.Arrays;
	import java.util.Collections;
	import java.util.concurrent.atomic.AtomicInteger;
	import java.util.jar.JarFile;
	import java.util.jar.Manifest;
	import java.util.zip.ZipEntry;
	import java.util.zip.ZipFile;
	import java.util.zip.ZipOutputStream;

	public class Function {
	public static void main(String[] args) throws Exception {

	try (FileOutputStream fout =new FileOutputStream("src.zip");
	ZipOutputStream zout = new ZipOutputStream(fout)) {
	zout.putNextEntry(new ZipEntry("x"));
	zout.write(new byte[10]);
	zout.closeEntry();
	}

	sun.security.tools.keytool.Main.main(
	("-storetype jks -keystore ks -storepass changeit" +
	" -keypass changeit -dname" +
	" CN=RSA -alias r -genkeypair -keyalg rsa").split(" "));

	JarSigner.Builder jsb;

	try (FileInputStream fis = new FileInputStream("ks")) {
	KeyStore ks = KeyStore.getInstance("JKS");
	ks.load(fis, "changeit".toCharArray());
	PrivateKey key = (PrivateKey)ks.getKey("r", "changeit".toCharArray());
	Certificate cert = ks.getCertificate("r");
	jsb = new JarSigner.Builder(key,
	CertificateFactory.getInstance("X.509").generateCertPath(
	Collections.singletonList(cert)));
	}

	jsb.digestAlgorithm("SHA1");
	jsb.signatureAlgorithm("SHA1withRSA");

	AtomicInteger counter = new AtomicInteger(0);
	StringBuilder sb = new StringBuilder();
	jsb.eventHandler(
	(a, f)->{
	counter.incrementAndGet();
	sb.append(a).append(' ').append(f).append('\n');
	});

	OutputStream blackHole = new OutputStream() {
	@Override
	public void write(int b) throws IOException { }
	};

	try (ZipFile src = new ZipFile("src.zip")) {
	jsb.build().sign(src, blackHole);
	}

	if (counter.get() != 4) {
	throw new Exception("Event number is " + counter.get()
	+ ":\n" + sb.toString());
	}

	// Provider test.
	Provider p = new MyProvider();
	jsb.digestAlgorithm("Five", p);
	jsb.signatureAlgorithm("SHA1WithRSA", p);
	try (ZipFile src = new ZipFile("src.zip");
	FileOutputStream out = new FileOutputStream("out.jar")) {
	jsb.build().sign(src, out);
	}

	try (JarFile signed = new JarFile("out.jar")) {
	Manifest man = signed.getManifest();
	assertTrue(man.getAttributes("x").getValue("Five-Digest").equals("FAKE"));

	Manifest sf = new Manifest(signed.getInputStream(
	signed.getJarEntry("META-INF/SIGNER.SF")));
	assertTrue(sf.getMainAttributes().getValue("Five-Digest-Manifest")
	.equals("FAKE"));
	assertTrue(sf.getAttributes("x").getValue("Five-Digest").equals("FAKE"));

	try (InputStream sig = signed.getInputStream(
	signed.getJarEntry("META-INF/SIGNER.RSA"))) {
	byte[] data = sig.readAllBytes();
	assertTrue(Arrays.equals(
	Arrays.copyOfRange(data, data.length-8, data.length),
	"FAKEFAKE".getBytes()));
	}
	}
	}

	private static void assertTrue(boolean v) {
	if (!v) {
	throw new AssertionError();
	}
	}

	public static class MyProvider extends Provider {
	MyProvider() {
	super("MY", "1.0", null);
	put("MessageDigest.Five", Five.class.getName());
	put("Signature.SHA1WithRSA", SHA1WithRSA.class.getName());
	}
	}

	// "Five" is a MessageDigest always returns the same value
	public static class Five extends MessageDigest {
	static final byte[] dig = {0x14, 0x02, (byte)0x84}; //base64 -> FAKE
	public Five() { super("Five"); }
	protected void engineUpdate(byte input) { }
	protected void engineUpdate(byte[] input, int offset, int len) { }
	protected byte[] engineDigest() { return dig; }
	protected void engineReset() { }
	}

	// This fake "SHA1withRSA" is a Signature always returns the same value.
	// An existing name must be used otherwise PKCS7 does not which OID to use.
	public static class SHA1WithRSA extends Signature {
	static final byte[] sig = "FAKEFAKE".getBytes();
	public SHA1WithRSA() { super("SHA1WithRSA"); }
	protected void engineInitVerify(PublicKey publicKey)
	throws InvalidKeyException { }
	protected void engineInitSign(PrivateKey privateKey)
	throws InvalidKeyException { }
	protected void engineUpdate(byte b) throws SignatureException { }
	protected void engineUpdate(byte[] b, int off, int len)
	throws SignatureException { }
	protected byte[] engineSign() throws SignatureException { return sig; }
	protected boolean engineVerify(byte[] sigBytes)
	throws SignatureException {
	return Arrays.equals(sigBytes, sig);
	}
	protected void engineSetParameter(String param, Object value)
	throws InvalidParameterException { }
	protected Object engineGetParameter(String param)
	throws InvalidParameterException { return null; }
	}
	}