1
/*
2
 * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
import java.nio.file.Path;
25
import java.util.List;
26

27
import jdk.jpackage.test.TKit;
28
import jdk.jpackage.test.Executor;
29
import jdk.jpackage.test.Executor.Result;
30

31
public class SigningBase {
32

33
    public static String DEV_NAME;
34
    public static String APP_CERT;
35
    public static String INSTALLER_CERT;
36
    public static String KEYCHAIN;
37
    static {
38
        String value = System.getProperty("jpackage.mac.signing.key.user.name");
39
        DEV_NAME = (value == null) ?  "jpackage.openjdk.java.net" : value;
40
        APP_CERT = "Developer ID Application: " + DEV_NAME;
41
        INSTALLER_CERT = "Developer ID Installer: " + DEV_NAME;
42
        value = System.getProperty("jpackage.mac.signing.keychain");
43
        KEYCHAIN = (value == null) ? "jpackagerTest.keychain" : value;
44
    }
45

46
    private static void checkString(List<String> result, String lookupString) {
47
        TKit.assertTextStream(lookupString).predicate(
48
                (line, what) -> line.trim().contains(what)).apply(result.stream());
49
    }
50

51
    private static List<String> codesignResult(Path target, boolean signed) {
52
        int exitCode = signed ? 0 : 1;
53
        List<String> result = new Executor()
54
                .setExecutable("/usr/bin/codesign")
55
                .addArguments("--verify", "--deep", "--strict", "--verbose=2",
56
                        target.toString())
57
                .saveOutput()
58
                .execute(exitCode).getOutput();
59

60
        return result;
61
    }
62

63
    private static void verifyCodesignResult(List<String> result, Path target,
64
            boolean signed) {
65
        result.stream().forEachOrdered(TKit::trace);
66
        if (signed) {
67
            String lookupString = target.toString() + ": valid on disk";
68
            checkString(result, lookupString);
69
            lookupString = target.toString() + ": satisfies its Designated Requirement";
70
            checkString(result, lookupString);
71
        } else {
72
            String lookupString = target.toString()
73
                    + ": code object is not signed at all";
74
            checkString(result, lookupString);
75
        }
76
    }
77

78
    private static Result spctlResult(Path target, String type) {
79
        Result result = new Executor()
80
                .setExecutable("/usr/sbin/spctl")
81
                .addArguments("-vvv", "--assess", "--type", type,
82
                        target.toString())
83
                .saveOutput()
84
                .executeWithoutExitCodeCheck();
85

86
        // allow exit code 3 for not being notarized
87
        if (result.getExitCode() != 3) {
88
            result.assertExitCodeIsZero();
89
        }
90
        return result;
91
    }
92

93
    private static void verifySpctlResult(List<String> output, Path target,
94
            String type, int exitCode) {
95
        output.stream().forEachOrdered(TKit::trace);
96
        String lookupString;
97

98
        if (exitCode == 0) {
99
            lookupString = target.toString() + ": accepted";
100
            checkString(output, lookupString);
101
        } else if (exitCode == 3) {
102
            // allow failure purely for not being notarized
103
            lookupString = target.toString() + ": rejected";
104
            checkString(output, lookupString);
105
        }
106

107
        if (type.equals("install")) {
108
            lookupString = "origin=" + INSTALLER_CERT;
109
        } else {
110
            lookupString = "origin=" + APP_CERT;
111
        }
112
        checkString(output, lookupString);
113
    }
114

115
    private static List<String> pkgutilResult(Path target) {
116
        List<String> result = new Executor()
117
                .setExecutable("/usr/sbin/pkgutil")
118
                .addArguments("--check-signature",
119
                        target.toString())
120
                .executeAndGetOutput();
121

122
        return result;
123
    }
124

125
    private static void verifyPkgutilResult(List<String> result) {
126
        result.stream().forEachOrdered(TKit::trace);
127
        String lookupString = "Status: signed by";
128
        checkString(result, lookupString);
129
        lookupString = "1. " + INSTALLER_CERT;
130
        checkString(result, lookupString);
131
    }
132

133
    public static void verifyCodesign(Path target, boolean signed) {
134
        List<String> result = codesignResult(target, signed);
135
        verifyCodesignResult(result, target, signed);
136
    }
137

138
    public static void verifySpctl(Path target, String type) {
139
        Result result = spctlResult(target, type);
140
        List<String> output = result.getOutput();
141

142
        verifySpctlResult(output, target, type, result.getExitCode());
143
    }
144

145
    public static void verifyPkgutil(Path target) {
146
        List<String> result = pkgutilResult(target);
147
        verifyPkgutilResult(result);
148
    }
149

150
}
151

152