test/jdk/sun/security/tools/jarsigner/LineBrokenMultiByteCharacter.java - platform/libcore - Git at Google

 /*
  * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License version 2 only, as
  * published by the Free Software Foundation.
  *
  * This code is distributed in the hope that it will be useful, but WITHOUT
  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * version 2 for more details (a copy is included in the LICENSE file that
  * accompanied this code).
  *
  * You should have received a copy of the GNU General Public License version
  * 2 along with this work; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  *
  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  * or visit www.oracle.com if you need additional information or have any
  * questions.
  */

 /*
  * @test
  * @bug 6695402
  * @summary verify signatures of jars containing classes with names
  *          with multi-byte unicode characters broken across lines
  * @library /test/lib
  */

 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.util.jar.JarFile;
 import java.util.jar.Attributes.Name;
 import java.util.jar.JarEntry;

 import static java.nio.charset.StandardCharsets.UTF_8;

 import jdk.test.lib.SecurityTools;
 import jdk.test.lib.util.JarUtils;

 public class LineBrokenMultiByteCharacter {

     /**
      * this name will break across lines in MANIFEST.MF at the
      * middle of a two-byte utf-8 encoded character due to its e acute letter
      * at its exact position.
      *
      * because no file with such a name exists {@link JarUtils} will add the
      * name itself as contents to the jar entry which would have contained a
      * compiled class in the original bug. For this test, the contents of the
      * files contained in the jar file is not important as long as they get
      * signed.
      *
      * @see #verifyClassNameLineBroken(JarFile, String)
      */
     static final String testClassName =
             "LineBrokenMultiByteCharacterA1234567890B1234567890C123456789D1234\u00E9xyz.class";

     static final String anotherName =
             "LineBrokenMultiByteCharacterA1234567890B1234567890C123456789D1234567890.class";

     static final String alias = "a";
     static final String keystoreFileName = "test.jks";
     static final String manifestFileName = "MANIFEST.MF";

     public static void main(String[] args) throws Exception {
         prepare();

         testSignJar("test.jar");
         testSignJarNoManifest("test-no-manifest.jar");
         testSignJarUpdate("test-update.jar", "test-updated.jar");
     }

     static void prepare() throws Exception {
         SecurityTools.keytool("-keystore", keystoreFileName, "-genkeypair",
                 "-storepass", "changeit", "-keypass", "changeit", "-storetype",
                 "JKS", "-alias", alias, "-dname", "CN=X", "-validity", "366")
             .shouldHaveExitValue(0);

         Files.write(Paths.get(manifestFileName), (Name.
                 MANIFEST_VERSION.toString() + ": 1.0\r\n").getBytes(UTF_8));
     }

     static void testSignJar(String jarFileName) throws Exception {
         JarUtils.createJar(jarFileName, manifestFileName, testClassName);
         verifyJarSignature(jarFileName);
     }

     static void testSignJarNoManifest(String jarFileName) throws Exception {
         JarUtils.createJar(jarFileName, testClassName);
         verifyJarSignature(jarFileName);
     }

     static void testSignJarUpdate(
             String initialFileName, String updatedFileName) throws Exception {
         JarUtils.createJar(initialFileName, manifestFileName, anotherName);
         SecurityTools.jarsigner("-keystore", keystoreFileName, "-storetype",
                 "JKS", "-storepass", "changeit", "-debug", initialFileName,
                 alias).shouldHaveExitValue(0);
         JarUtils.updateJar(initialFileName, updatedFileName, testClassName);
         verifyJarSignature(updatedFileName);
     }

     static void verifyJarSignature(String jarFileName) throws Exception {
         // actually sign the jar
         SecurityTools.jarsigner("-keystore", keystoreFileName, "-storetype",
                 "JKS", "-storepass", "changeit", "-debug", jarFileName, alias)
             .shouldHaveExitValue(0);

         try (
             JarFile jar = new JarFile(jarFileName);
         ) {
             verifyClassNameLineBroken(jar, testClassName);
             verifyCodeSigners(jar, jar.getJarEntry(testClassName));
         }
     }

     /**
      * it would be too easy to miss the actual test case by just renaming an
      * identifier so that the multi-byte encoded character would not any longer
      * be broken across a line break.
      *
      * this check here verifies that the actual test case is tested based on
      * the manifest and not based on the signature file because at the moment,
      * the signature file does not even contain the desired entry at all.
      *
      * this relies on {@link java.util.jar.Manifest} breaking lines unaware
      * of bytes that belong to the same multi-byte utf characters.
      */
     static void verifyClassNameLineBroken(JarFile jar, String className)
             throws IOException {
         byte[] eAcute = "\u00E9".getBytes(UTF_8);
         byte[] eAcuteBroken =
                 new byte[] {eAcute[0], '\r', '\n', ' ', eAcute[1]};

         if (jar.getManifest().getAttributes(className) == null) {
             throw new AssertionError(className + " not found in manifest");
         }

         JarEntry manifestEntry = jar.getJarEntry(JarFile.MANIFEST_NAME);
         try (
             InputStream manifestIs = jar.getInputStream(manifestEntry);
         ) {
             int bytesMatched = 0;
             for (int b = manifestIs.read(); b > -1; b = manifestIs.read()) {
                 if ((byte) b == eAcuteBroken[bytesMatched]) {
                     bytesMatched++;
                     if (bytesMatched == eAcuteBroken.length) {
                         break;
                     }
                 } else {
                     bytesMatched = 0;
                 }
             }
             if (bytesMatched < eAcuteBroken.length) {
                 throw new AssertionError("self-test failed: multi-byte "
                         + "utf-8 character not broken across lines");
             }
         }
     }

     static void verifyCodeSigners(JarFile jar, JarEntry jarEntry)
             throws IOException {
         // codeSigners is initialized only after the entry has been read
         try (
             InputStream inputStream = jar.getInputStream(jarEntry);
         ) {
             inputStream.readAllBytes();
         }

         // a check for the presence of code signers is sufficient to check
         // bug JDK-6695402. no need to also verify the actual code signers
         // attributes here.
         if (jarEntry.getCodeSigners() == null
                 || jarEntry.getCodeSigners().length == 0) {
             throw new AssertionError(
                     "no signing certificate found for " + jarEntry.getName());
         }
     }

 }
	/*
	* Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	/*
	* @test
	* @bug 6695402
	* @summary verify signatures of jars containing classes with names
	* with multi-byte unicode characters broken across lines
	* @library /test/lib
	*/

	import java.io.IOException;
	import java.io.InputStream;
	import java.nio.file.Files;
	import java.nio.file.Paths;
	import java.util.jar.JarFile;
	import java.util.jar.Attributes.Name;
	import java.util.jar.JarEntry;

	import static java.nio.charset.StandardCharsets.UTF_8;

	import jdk.test.lib.SecurityTools;
	import jdk.test.lib.util.JarUtils;

	public class LineBrokenMultiByteCharacter {

	/**
	* this name will break across lines in MANIFEST.MF at the
	* middle of a two-byte utf-8 encoded character due to its e acute letter
	* at its exact position.
	*
	* because no file with such a name exists {@link JarUtils} will add the
	* name itself as contents to the jar entry which would have contained a
	* compiled class in the original bug. For this test, the contents of the
	* files contained in the jar file is not important as long as they get
	* signed.
	*
	* @see #verifyClassNameLineBroken(JarFile, String)
	*/
	static final String testClassName =
	"LineBrokenMultiByteCharacterA1234567890B1234567890C123456789D1234\u00E9xyz.class";

	static final String anotherName =
	"LineBrokenMultiByteCharacterA1234567890B1234567890C123456789D1234567890.class";

	static final String alias = "a";
	static final String keystoreFileName = "test.jks";
	static final String manifestFileName = "MANIFEST.MF";

	public static void main(String[] args) throws Exception {
	prepare();

	testSignJar("test.jar");
	testSignJarNoManifest("test-no-manifest.jar");
	testSignJarUpdate("test-update.jar", "test-updated.jar");
	}

	static void prepare() throws Exception {
	SecurityTools.keytool("-keystore", keystoreFileName, "-genkeypair",
	"-storepass", "changeit", "-keypass", "changeit", "-storetype",
	"JKS", "-alias", alias, "-dname", "CN=X", "-validity", "366")
	.shouldHaveExitValue(0);

	Files.write(Paths.get(manifestFileName), (Name.
	MANIFEST_VERSION.toString() + ": 1.0\r\n").getBytes(UTF_8));
	}

	static void testSignJar(String jarFileName) throws Exception {
	JarUtils.createJar(jarFileName, manifestFileName, testClassName);
	verifyJarSignature(jarFileName);
	}

	static void testSignJarNoManifest(String jarFileName) throws Exception {
	JarUtils.createJar(jarFileName, testClassName);
	verifyJarSignature(jarFileName);
	}

	static void testSignJarUpdate(
	String initialFileName, String updatedFileName) throws Exception {
	JarUtils.createJar(initialFileName, manifestFileName, anotherName);
	SecurityTools.jarsigner("-keystore", keystoreFileName, "-storetype",
	"JKS", "-storepass", "changeit", "-debug", initialFileName,
	alias).shouldHaveExitValue(0);
	JarUtils.updateJar(initialFileName, updatedFileName, testClassName);
	verifyJarSignature(updatedFileName);
	}

	static void verifyJarSignature(String jarFileName) throws Exception {
	// actually sign the jar
	SecurityTools.jarsigner("-keystore", keystoreFileName, "-storetype",
	"JKS", "-storepass", "changeit", "-debug", jarFileName, alias)
	.shouldHaveExitValue(0);

	try (
	JarFile jar = new JarFile(jarFileName);
	) {
	verifyClassNameLineBroken(jar, testClassName);
	verifyCodeSigners(jar, jar.getJarEntry(testClassName));
	}
	}

	/**
	* it would be too easy to miss the actual test case by just renaming an
	* identifier so that the multi-byte encoded character would not any longer
	* be broken across a line break.
	*
	* this check here verifies that the actual test case is tested based on
	* the manifest and not based on the signature file because at the moment,
	* the signature file does not even contain the desired entry at all.
	*
	* this relies on {@link java.util.jar.Manifest} breaking lines unaware
	* of bytes that belong to the same multi-byte utf characters.
	*/
	static void verifyClassNameLineBroken(JarFile jar, String className)
	throws IOException {
	byte[] eAcute = "\u00E9".getBytes(UTF_8);
	byte[] eAcuteBroken =
	new byte[] {eAcute[0], '\r', '\n', ' ', eAcute[1]};

	if (jar.getManifest().getAttributes(className) == null) {
	throw new AssertionError(className + " not found in manifest");
	}

	JarEntry manifestEntry = jar.getJarEntry(JarFile.MANIFEST_NAME);
	try (
	InputStream manifestIs = jar.getInputStream(manifestEntry);
	) {
	int bytesMatched = 0;
	for (int b = manifestIs.read(); b > -1; b = manifestIs.read()) {
	if ((byte) b == eAcuteBroken[bytesMatched]) {
	bytesMatched++;
	if (bytesMatched == eAcuteBroken.length) {
	break;
	}
	} else {
	bytesMatched = 0;
	}
	}
	if (bytesMatched < eAcuteBroken.length) {
	throw new AssertionError("self-test failed: multi-byte "
	+ "utf-8 character not broken across lines");
	}
	}
	}

	static void verifyCodeSigners(JarFile jar, JarEntry jarEntry)
	throws IOException {
	// codeSigners is initialized only after the entry has been read
	try (
	InputStream inputStream = jar.getInputStream(jarEntry);
	) {
	inputStream.readAllBytes();
	}

	// a check for the presence of code signers is sufficient to check
	// bug JDK-6695402. no need to also verify the actual code signers
	// attributes here.
	if (jarEntry.getCodeSigners() == null
	\|\| jarEntry.getCodeSigners().length == 0) {
	throw new AssertionError(
	"no signing certificate found for " + jarEntry.getName());
	}
	}

	}