Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/java/security/Policy/SignedJar/SignedJarTest.java
38828 views
/*1* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import java.io.File;24import java.nio.file.Files;25import java.nio.file.Paths;26import java.security.AccessControlException;27import java.security.AccessController;28import java.security.Permission;29import java.security.PrivilegedAction;30import jdk.testlibrary.ProcessTools;3132/**33* @test34* @bug 804836035* @summary test policy entry with signedBy alias36* @library /lib/testlibrary37* @run main/othervm SignedJarTest38*/39public class SignedJarTest {4041private static final String FS = File.separator;42private static final String JAVA_HOME = System.getProperty("test.jdk");43private static final String TESTCLASSES = System.getProperty("test.classes", "");44private static final String TESTSRC = System.getProperty("test.src", "");45private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS + "keytool";46private static final String JAR = JAVA_HOME + FS + "bin" + FS + "jar";47private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS + "jarsigner";48private static final String PASSWORD = "password";49private static final String PWDFILE = "keypass";50private static final String POLICY1 = "SignedJarTest_1.policy";51private static final String POLICY2 = "SignedJarTest_2.policy";52private static final String KEYSTORE1 = "both.jks";53private static final String KEYSTORE2 = "first.jks";5455public static void main(String args[]) throws Throwable {56//copy PrivilegeTest.class, policy files and keystore password file into current direcotry57Files.copy(Paths.get(TESTCLASSES, "PrivilegeTest.class"), Paths.get("PrivilegeTest.class"));58Files.copy(Paths.get(TESTSRC, POLICY1), Paths.get(POLICY1));59Files.copy(Paths.get(TESTSRC, POLICY2), Paths.get(POLICY2));60Files.copy(Paths.get(TESTSRC, PWDFILE), Paths.get(PWDFILE));6162//create Jar file63ProcessTools.executeCommand(JAR, "-cvf", "test.jar", "PrivilegeTest.class");6465//Creating first key , keystore both.jks66ProcessTools.executeCommand(KEYTOOL,67"-genkey",68"-alias", "first",69"-keystore", KEYSTORE1,70"-keypass", PASSWORD,71"-dname", "cn=First",72"-storepass", PASSWORD73).shouldHaveExitValue(0);7475//Creating Second key, keystore both.jks76ProcessTools.executeCommand(KEYTOOL,77"-genkey",78// "-storetype","JKS",79"-alias", "second",80"-keystore", KEYSTORE1,81"-keypass", PASSWORD,82"-dname", "cn=Second",83"-storepass", PASSWORD84).shouldHaveExitValue(0);8586//copy both.jks to first.jks, remove second Keypair from first.jks87Files.copy(Paths.get(KEYSTORE1), Paths.get(KEYSTORE2));88ProcessTools.executeCommand(KEYTOOL,89"-delete",90"-keystore", KEYSTORE2,91"-alias", "second",92"-storepass", PASSWORD93).shouldHaveExitValue(0);9495//sign jar with first key, first.jar is only signed by first signer96ProcessTools.executeCommand(JARSIGNER,97"-keystore", KEYSTORE1,98"-storepass", PASSWORD,99"-keypass", PASSWORD,100"-signedjar", "first.jar", "test.jar",101"first").shouldHaveExitValue(0);102103//sign jar with second key, both.jar is signed by first and second signer104ProcessTools.executeCommand(JARSIGNER,105"-keystore", KEYSTORE1,106"-storepass", PASSWORD,107"-keypass", PASSWORD,108"-signedjar", "both.jar", "first.jar",109"second").shouldHaveExitValue(0);110111//test case 1112//setIO permission granted to code that was signed by first signer113//setFactory permission granted to code that was signed by second signer114//Keystore that contains both first and second keypairs115//code was singed by first signer116//Expect AccessControlException for setFactory permission117System.out.println("Test Case 1");118//copy policy file into current directory119String[] cmd = constructCMD("first.jar", POLICY1, "false", "true");120ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);121122//test case 2, test with both.jar123//setIO permission granted to code that was signed by first signer124//setFactory permission granted to code that was signed by second signer125//Keystore that contains both first and second keypairs126//code was singed by first signer and second signer127//Expect no AccessControlException128System.out.println("Test Case 2");129cmd = constructCMD("both.jar", POLICY1, "false", "false");130ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);131132//test case 3133//setIO permission granted to code that was signed by first signer134//setFactory permission granted to code that was signed by second signer135//Keystore that contains only first keypairs136//code was singed by first signer and second signer137//Expect AccessControlException for setFactory permission138System.out.println("Test Case 3");139cmd = constructCMD("both.jar", POLICY2, "false", "true");140ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);141142}143144private static String[] constructCMD(String classpath, String policy, String arg1, String arg2) {145String[] cmd = {146"-classpath", classpath,147"-Djava.security.manager",148"-Djava.security.policy=" + policy,149"PrivilegeTest",150arg1, arg2};151return cmd;152}153}154155class PrivilegeTest {156157private static final Permission PERM1 = new RuntimePermission("setIO");158private static final Permission PERM2 = new RuntimePermission("setFactory");159160public static void main(String args[]) {161boolean expectException1 = Boolean.parseBoolean(args[0]);162boolean expectException2 = Boolean.parseBoolean(args[1]);163test(PERM1, expectException1);164test(PERM2, expectException2);165}166167public static void test(Permission perm, boolean expectException) {168boolean getException = (Boolean) AccessController.doPrivileged((PrivilegedAction) () -> {169try {170AccessController.checkPermission(perm);171return (Boolean) false;172} catch (AccessControlException ex) {173return (Boolean) true;174}175});176177if (expectException ^ getException) {178String message = "Check Permission :" + perm + "\n ExpectException = "179+ expectException + "\n getException = " + getException;180throw new RuntimeException(message);181}182183}184185}186187188