Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/tools/jarsigner/TsacertOptionTest.java
38853 views
/*1* Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import jdk.testlibrary.OutputAnalyzer;24import jdk.testlibrary.ProcessTools;25import jdk.testlibrary.JarUtils;2627/**28* @test29* @bug 8024302 802603730* @summary The test signs and verifies a jar file with -tsacert option31* @library /lib/testlibrary32* @run main TsacertOptionTest33*/34public class TsacertOptionTest {3536private static final String FS = System.getProperty("file.separator");37private static final String JAVA_HOME = System.getProperty("test.jdk");38private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS39+ "keytool";40private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS41+ "jarsigner";42private static final String UNSIGNED_JARFILE = "unsigned.jar";43private static final String SIGNED_JARFILE = "signed.jar";44private static final String FILENAME = TsacertOptionTest.class.getName()45+ ".txt";46private static final String PASSWORD = "changeit";47private static final String KEYSTORE = "ks.jks";48private static final String CA_KEY_ALIAS = "ca";49private static final String SIGNING_KEY_ALIAS = "sign_alias";50private static final String TSA_KEY_ALIAS = "ts";51private static final String KEY_ALG = "RSA";52private static final int KEY_SIZE = 2048;53private static final int VALIDITY = 365;54private static final String WARNING = "Warning:";55private static final String JAR_SIGNED = "jar signed.";56private static final String JAR_VERIFIED = "jar verified.";5758/**59* The test signs and verifies a jar file with -tsacert option,60* and checks that no warning was shown.61* A certificate that is addressed in -tsacert option contains URL to TSA62* in Subject Information Access extension.63*/64public static void main(String[] args) throws Throwable {65TsacertOptionTest test = new TsacertOptionTest();66test.start();67}6869void start() throws Throwable {70// create a jar file that contains one file71Utils.createFiles(FILENAME);72JarUtils.createJar(UNSIGNED_JARFILE, FILENAME);7374// look for free network port for TSA service75int port = jdk.testlibrary.Utils.getFreePort();76String host = "127.0.0.1";77String tsaUrl = "http://" + host + ":" + port;7879// create key pair for jar signing80ProcessTools.executeCommand(KEYTOOL,81"-genkey",82"-alias", CA_KEY_ALIAS,83"-keyalg", KEY_ALG,84"-keysize", Integer.toString(KEY_SIZE),85"-keystore", KEYSTORE,86"-storepass", PASSWORD,87"-keypass", PASSWORD,88"-dname", "CN=CA",89"-ext", "bc:c",90"-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);91ProcessTools.executeCommand(KEYTOOL,92"-genkey",93"-alias", SIGNING_KEY_ALIAS,94"-keyalg", KEY_ALG,95"-keysize", Integer.toString(KEY_SIZE),96"-keystore", KEYSTORE,97"-storepass", PASSWORD,98"-keypass", PASSWORD,99"-dname", "CN=Test").shouldHaveExitValue(0);100ProcessTools.executeCommand(KEYTOOL,101"-certreq",102"-alias", SIGNING_KEY_ALIAS,103"-keystore", KEYSTORE,104"-storepass", PASSWORD,105"-keypass", PASSWORD,106"-file", "certreq").shouldHaveExitValue(0);107ProcessTools.executeCommand(KEYTOOL,108"-gencert",109"-alias", CA_KEY_ALIAS,110"-keystore", KEYSTORE,111"-storepass", PASSWORD,112"-keypass", PASSWORD,113"-validity", Integer.toString(VALIDITY),114"-infile", "certreq",115"-outfile", "cert").shouldHaveExitValue(0);116ProcessTools.executeCommand(KEYTOOL,117"-importcert",118"-alias", SIGNING_KEY_ALIAS,119"-keystore", KEYSTORE,120"-storepass", PASSWORD,121"-keypass", PASSWORD,122"-file", "cert").shouldHaveExitValue(0);123124// create key pair for TSA service125// SubjectInfoAccess extension contains URL to TSA service126ProcessTools.executeCommand(KEYTOOL,127"-genkey",128"-v",129"-alias", TSA_KEY_ALIAS,130"-keyalg", KEY_ALG,131"-keysize", Integer.toString(KEY_SIZE),132"-keystore", KEYSTORE,133"-storepass", PASSWORD,134"-keypass", PASSWORD,135"-dname", "CN=TSA",136"-ext", "ExtendedkeyUsage:critical=timeStamping",137"-ext", "SubjectInfoAccess=timeStamping:URI:" + tsaUrl,138"-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);139140try (TimestampCheck.Handler tsa = TimestampCheck.Handler.init(port,141KEYSTORE);) {142143// start TSA144tsa.start();145146// sign jar file147// specify -tsadigestalg option because148// TSA server uses SHA-512 digest algorithm149OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,150"-J-Dhttp.proxyHost=",151"-J-Dhttp.proxyPort=",152"-J-Djava.net.useSystemProxies=",153"-verbose",154"-keystore", KEYSTORE,155"-storepass", PASSWORD,156"-keypass", PASSWORD,157"-signedjar", SIGNED_JARFILE,158"-tsacert", TSA_KEY_ALIAS,159"-tsadigestalg", "SHA-512",160UNSIGNED_JARFILE,161SIGNING_KEY_ALIAS);162163analyzer.shouldHaveExitValue(0);164analyzer.stdoutShouldNotContain(WARNING);165analyzer.shouldContain(JAR_SIGNED);166167// verify signed jar168analyzer = ProcessTools.executeCommand(JARSIGNER,169"-verbose",170"-verify",171"-keystore", KEYSTORE,172"-storepass", PASSWORD,173SIGNED_JARFILE);174175analyzer.shouldHaveExitValue(0);176analyzer.stdoutShouldNotContain(WARNING);177analyzer.shouldContain(JAR_VERIFIED);178}179180System.out.println("Test passed");181}182183}184185186