Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/sun/security/tools/jarsigner/warnings/ChainNotValidatedTest.java
38861 views
/*1* Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223import jdk.testlibrary.OutputAnalyzer;24import jdk.testlibrary.ProcessTools;25import jdk.testlibrary.JarUtils;2627import java.nio.file.Files;28import java.nio.file.Paths;2930/**31* @test32* @bug 8024302 802603733* @summary Test for chainNotValidated warning34* @library /lib/testlibrary ../35* @run main ChainNotValidatedTest ca2yes36* @run main ChainNotValidatedTest ca2no37*/38public class ChainNotValidatedTest extends Test {3940public static void main(String[] args) throws Throwable {41ChainNotValidatedTest test = new ChainNotValidatedTest();42test.start(args[0].equals("ca2yes"));43}4445private void start(boolean ca2yes) throws Throwable {46// create a jar file that contains one class file47Utils.createFiles(FIRST_FILE);48JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);4950// We have 2 @run. Need cleanup.51Files.deleteIfExists(Paths.get(KEYSTORE));5253// Root CA is not checked at all. If the intermediate CA has54// BasicConstraints extension set to true, it will be valid.55// Otherwise, chain validation will fail.56createAlias(CA_KEY_ALIAS, "-ext", "bc:c");57createAlias(CA2_KEY_ALIAS);58issueCert(CA2_KEY_ALIAS,59"-ext",60"bc=ca:" + ca2yes);6162createAlias(KEY_ALIAS);63issueCert(KEY_ALIAS, "-alias", CA2_KEY_ALIAS);6465// remove CA2 certificate so it's not trusted66ProcessTools.executeCommand(KEYTOOL,67"-delete",68"-alias", CA2_KEY_ALIAS,69"-keystore", KEYSTORE,70"-storepass", PASSWORD,71"-keypass", PASSWORD).shouldHaveExitValue(0);7273// sign jar74OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,75"-keystore", KEYSTORE,76"-storepass", PASSWORD,77"-keypass", PASSWORD,78"-signedjar", SIGNED_JARFILE,79UNSIGNED_JARFILE,80KEY_ALIAS);8182if (ca2yes) {83checkSigning(analyzer, "!" + CHAIN_NOT_VALIDATED_SIGNING_WARNING);84} else {85checkSigning(analyzer, CHAIN_NOT_VALIDATED_SIGNING_WARNING);86}8788// verify signed jar89analyzer = ProcessTools.executeCommand(JARSIGNER,90"-verify",91"-verbose",92"-keystore", KEYSTORE,93"-storepass", PASSWORD,94"-keypass", PASSWORD,95SIGNED_JARFILE);9697if (ca2yes) {98checkVerifying(analyzer, 0, "!" + CHAIN_NOT_VALIDATED_VERIFYING_WARNING);99} else {100checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING);101}102103// verify signed jar in strict mode104analyzer = ProcessTools.executeCommand(JARSIGNER,105"-verify",106"-verbose",107"-strict",108"-keystore", KEYSTORE,109"-storepass", PASSWORD,110"-keypass", PASSWORD,111SIGNED_JARFILE);112113if (ca2yes) {114checkVerifying(analyzer, 0,115"!" + CHAIN_NOT_VALIDATED_VERIFYING_WARNING);116} else {117checkVerifying(analyzer, CHAIN_NOT_VALIDATED_EXIT_CODE,118CHAIN_NOT_VALIDATED_VERIFYING_WARNING);119}120121System.out.println("Test passed");122}123124}125126127