| /* |
| * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| /* |
| * @test |
| * @bug 8047305 8075618 |
| * @summary Tests jarsigner tool and JarSigner API work with multi-release JAR files. |
| * @library /test/lib |
| * @build jdk.test.lib.compiler.CompilerUtils |
| * jdk.test.lib.Utils |
| * jdk.test.lib.Asserts |
| * jdk.test.lib.JDKToolFinder |
| * jdk.test.lib.JDKToolLauncher |
| * jdk.test.lib.Platform |
| * jdk.test.lib.process.* |
| * @run main MVJarSigningTest |
| */ |
| |
| import jdk.security.jarsigner.JarSigner; |
| |
| import java.io.BufferedReader; |
| import java.io.File; |
| import java.io.FileInputStream; |
| import java.io.FileOutputStream; |
| import java.io.IOException; |
| import java.io.InputStreamReader; |
| import java.nio.file.Files; |
| import java.nio.file.Path; |
| import java.nio.file.Paths; |
| import java.security.KeyStore; |
| import java.security.PrivateKey; |
| import java.security.cert.Certificate; |
| import java.security.cert.CertificateFactory; |
| import java.util.ArrayList; |
| import java.util.Arrays; |
| import java.util.Collections; |
| import java.util.List; |
| import java.util.concurrent.TimeUnit; |
| import java.util.jar.JarFile; |
| import java.util.stream.Stream; |
| import java.util.zip.ZipEntry; |
| import java.util.zip.ZipFile; |
| import java.util.zip.ZipOutputStream; |
| |
| import jdk.test.lib.JDKToolFinder; |
| import jdk.test.lib.JDKToolLauncher; |
| import jdk.test.lib.Utils; |
| import jdk.test.lib.compiler.CompilerUtils; |
| import jdk.test.lib.process.OutputAnalyzer; |
| import jdk.test.lib.process.ProcessTools; |
| |
| |
| public class MVJarSigningTest { |
| |
| private static final String TEST_SRC = System.getProperty("test.src", "."); |
| private static final String USR_DIR = System.getProperty("user.dir", "."); |
| private static final String JAR_NAME = "MV.jar"; |
| private static final String KEYSTORE = "keystore.jks"; |
| private static final String ALIAS = "JavaTest"; |
| private static final String STOREPASS = "changeit"; |
| private static final String KEYPASS = "changeit"; |
| private static final String SIGNED_JAR = "Signed.jar"; |
| private static final String POLICY_FILE = "SignedJar.policy"; |
| private static final String VERSION = Integer.toString(10); |
| private static final String VERSION_MESSAGE = "I am running on version " + VERSION; |
| |
| public static void main(String[] args) throws Throwable { |
| // compile java files in jarContent directory |
| compile("jarContent"); |
| |
| // create multi-release jar |
| Path classes = Paths.get("classes"); |
| jar("cf", JAR_NAME, "-C", classes.resolve("base").toString(), ".", |
| "--release", "9", "-C", classes.resolve("v9").toString(), ".", |
| "--release", "10", "-C", classes.resolve("v10").toString(), ".") |
| .shouldHaveExitValue(0); |
| |
| genKey(); |
| signJar(JAR_NAME) |
| .shouldHaveExitValue(0) |
| .shouldMatch("signing.*META-INF/versions/9/version/Version.class") |
| .shouldMatch("signing.*META-INF/versions/10/version/Version.class") |
| .shouldMatch("signing.*version/Main.class") |
| .shouldMatch("signing.*version/Version.class"); |
| verify(SIGNED_JAR); |
| |
| // test with JarSigner API |
| Files.deleteIfExists(Paths.get(SIGNED_JAR)); |
| signWithJarSignerAPI(JAR_NAME); |
| verify(SIGNED_JAR); |
| |
| // test Permission granted |
| File keypass = new File("keypass"); |
| try (FileOutputStream fos = new FileOutputStream(keypass)) { |
| fos.write(KEYPASS.getBytes()); |
| } |
| String[] cmd = { |
| "-classpath", SIGNED_JAR, |
| "-Djava.security.manager", |
| "-Djava.security.policy=" + |
| TEST_SRC + File.separator + POLICY_FILE, |
| "version.Main"}; |
| ProcessTools.executeTestJvm(cmd) |
| .shouldHaveExitValue(0) |
| .shouldContain(VERSION_MESSAGE); |
| } |
| |
| private static void compile (String jarContent_path) throws Throwable { |
| Path classes = Paths.get(USR_DIR, "classes", "base"); |
| Path source = Paths.get(TEST_SRC, jarContent_path, "base", "version"); |
| CompilerUtils.compile(source, classes); |
| |
| classes = Paths.get(USR_DIR, "classes", "v9"); |
| source = Paths.get(TEST_SRC, jarContent_path , "v9", "version"); |
| CompilerUtils.compile(source, classes); |
| |
| classes = Paths.get(USR_DIR, "classes", "v10"); |
| source = Paths.get(TEST_SRC, jarContent_path, "v10", "version"); |
| CompilerUtils.compile(source, classes); |
| } |
| |
| private static OutputAnalyzer jar(String...args) throws Throwable { |
| JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("jar"); |
| Stream.of(args).forEach(launcher::addToolArg); |
| return ProcessTools.executeCommand(launcher.getCommand()); |
| } |
| |
| private static void genKey() throws Throwable { |
| String keytool = JDKToolFinder.getJDKTool("keytool"); |
| Files.deleteIfExists(Paths.get(KEYSTORE)); |
| ProcessTools.executeCommand(keytool, |
| "-J-Duser.language=en", |
| "-J-Duser.country=US", |
| "-genkey", |
| "-alias", ALIAS, |
| "-keystore", KEYSTORE, |
| "-keypass", KEYPASS, |
| "-dname", "cn=sample", |
| "-storepass", STOREPASS |
| ).shouldHaveExitValue(0); |
| } |
| |
| private static OutputAnalyzer signJar(String jarName) throws Throwable { |
| List<String> args = new ArrayList<>(); |
| args.add("-verbose"); |
| args.add("-signedjar"); |
| args.add(SIGNED_JAR); |
| args.add(jarName); |
| args.add(ALIAS); |
| |
| return jarsigner(args); |
| } |
| |
| private static void verify(String signedJarName) throws Throwable { |
| verifyJar(signedJarName) |
| .shouldHaveExitValue(0) |
| .shouldContain("jar verified") |
| .shouldMatch("smk.*META-INF/versions/9/version/Version.class") |
| .shouldMatch("smk.*META-INF/versions/10/version/Version.class") |
| .shouldMatch("smk.*version/Main.class") |
| .shouldMatch("smk.*version/Version.class"); |
| } |
| |
| private static OutputAnalyzer verifyJar(String signedJarName) throws Throwable { |
| List<String> args = new ArrayList<>(); |
| args.add("-verbose"); |
| args.add("-verify"); |
| args.add(signedJarName); |
| |
| return jarsigner(args); |
| } |
| |
| private static OutputAnalyzer jarsigner(List<String> extra) |
| throws Throwable { |
| JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("jarsigner") |
| .addVMArg("-Duser.language=en") |
| .addVMArg("-Duser.country=US") |
| .addToolArg("-keystore") |
| .addToolArg(KEYSTORE) |
| .addToolArg("-storepass") |
| .addToolArg(STOREPASS) |
| .addToolArg("-keypass") |
| .addToolArg(KEYPASS); |
| for (String s : extra) { |
| if (s.startsWith("-J")) { |
| launcher.addVMArg(s.substring(2)); |
| } else { |
| launcher.addToolArg(s); |
| } |
| } |
| return ProcessTools.executeCommand(launcher.getCommand()); |
| } |
| |
| private static void signWithJarSignerAPI(String jarName) |
| throws Throwable { |
| // Get JarSigner |
| try (FileInputStream fis = new FileInputStream(KEYSTORE)) { |
| KeyStore ks = KeyStore.getInstance("JKS"); |
| ks.load(fis, STOREPASS.toCharArray()); |
| PrivateKey pk = (PrivateKey)ks.getKey(ALIAS, KEYPASS.toCharArray()); |
| Certificate cert = ks.getCertificate(ALIAS); |
| JarSigner signer = new JarSigner.Builder(pk, |
| CertificateFactory.getInstance("X.509").generateCertPath( |
| Collections.singletonList(cert))) |
| .build(); |
| // Sign jar |
| try (ZipFile src = new JarFile(jarName); |
| FileOutputStream out = new FileOutputStream(SIGNED_JAR)) { |
| signer.sign(src,out); |
| } |
| } |
| } |
| |
| } |
| |
| |