jdk-24/test/jdk/sun/security/tools/jarsigner/PosixPermissionsTest.java

206 lines
7.6 KiB
Java
Raw Normal View History

/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @test
* @bug 8218021
* @summary Have jarsigner preserve posix permission attributes
* @modules jdk.jartool/sun.security.tools.jarsigner
* java.base/sun.security.tools.keytool
* @library /test/lib
* @run main/othervm PosixPermissionsTest
*/
import java.net.URI;
import java.nio.file.FileSystem;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import jdk.test.lib.SecurityTools;
public class PosixPermissionsTest {
private static List<String> perms = List.of(
"---------",
"r--------",
"-w-------",
"--x------",
"rwx------",
"---r-----",
"----w----",
"-----x---",
"---rwx---",
"------r--",
"-------w-",
"--------x",
"------rwx",
"r--r-----",
"r--r--r--",
"rw-rw----",
"rwxrwx---",
"rw-rw-r--",
"r-xr-x---",
"r-xr-xr-x",
"rwxrwxrwx");
private final static String ZIPFILENAME = "8218021-test.zip";
private final static String JARFILENAME = "8218021-test.jar";
private final static URI JARURI = URI.create("jar:" + Path.of(JARFILENAME).toUri());
private final static URI ZIPURI = URI.create("jar:" + Path.of(ZIPFILENAME).toUri());
private static Path file;
private static int count;
private static Set<PosixFilePermission> permsSet;
private static String expectedJarPerms;
private static final String WARNING_MSG = "POSIX file permission and/or symlink " +
"attributes detected. These attributes are ignored when signing and are not " +
"protected by the signature.";
public static void main(String[] args) throws Exception {
createFiles();
// check permissions before signing
verifyFilePermissions(ZIPURI, true);
verifyFilePermissions(JARURI, false);
// generate key for signing
SecurityTools.keytool(
"-genkey",
"-keyalg", "RSA",
"-dname", "CN=Coffey, OU=JPG, O=Oracle, L=Santa Clara, ST=California, C=US",
"-alias", "examplekey",
"-storepass", "password",
"-keypass", "password",
"-keystore", "examplekeystore",
"-validity", "365")
.shouldHaveExitValue(0);
// sign zip file - expect warning
SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-verbose", ZIPFILENAME,
"-storepass", "password",
"-keypass", "password",
"examplekey")
.shouldHaveExitValue(0)
.shouldContain(WARNING_MSG);
// recheck permissions after signing
verifyFilePermissions(ZIPURI, true);
// sign jar file - expect no warning
SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-verbose", JARFILENAME,
"-storepass", "password",
"-keypass", "password",
"examplekey")
.shouldHaveExitValue(0)
.shouldNotContain(WARNING_MSG);
// recheck permissions after signing
verifyFilePermissions(JARURI, false);
// verify zip file - expect warning
SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-storepass", "password",
"-keypass", "password",
"-verbose",
"-verify", ZIPFILENAME)
.shouldHaveExitValue(0)
.shouldContain(WARNING_MSG);
// verify jar file - expect no warning
SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-storepass", "password",
"-keypass", "password",
"-verbose",
"-verify", JARFILENAME)
.shouldHaveExitValue(0)
.shouldNotContain(WARNING_MSG);
}
private static void createFiles() throws Exception {
String fileList = " ";
Map<String, String> env = new HashMap<>();
env.put("create", "true");
env.put("enablePosixFileAttributes", "true");
try (FileSystem zipfs = FileSystems.newFileSystem(ZIPURI, env)) {
for (String s : perms) {
file = Path.of("test_" + count++);
fileList += file + " ";
permsSet = PosixFilePermissions.fromString(s);
Files.createFile(file);
Files.copy(file,
zipfs.getPath(file.toString()),
StandardCopyOption.COPY_ATTRIBUTES);
Files.setPosixFilePermissions(zipfs.getPath(file.toString()), permsSet);
}
}
// create jar file for testing also
SecurityTools.jar("cf " + JARFILENAME + fileList);
try (FileSystem jarfs = FileSystems.newFileSystem(JARURI, env)) {
expectedJarPerms = PosixFilePermissions.toString(
Files.getPosixFilePermissions(jarfs.getPath("test_1")));
}
}
private static void verifyFilePermissions(URI u, boolean containAttributes) throws Exception {
count = 0;
for (String s : perms) {
file = Path.of("test_" + count++);
checkEntryAttributes(u, file, s, containAttributes);
}
}
private static void checkEntryAttributes(URI uri, Path file,
String expectedPerms, boolean containAttributes) throws Exception {
try (FileSystem zipfs = FileSystems.newFileSystem(uri, Map.of("enablePosixFileAttributes", "true"))) {
Path p = zipfs.getPath(file.getFileName().toString());
Set<PosixFilePermission> permsSet = Files.getPosixFilePermissions(p);
String actualPerms = PosixFilePermissions.toString(permsSet);
if (containAttributes) {
if (!expectedPerms.equals(actualPerms)) {
throw new RuntimeException("Unexpected permissions for: " + file + ". Received: " + actualPerms);
}
} else {
if (!actualPerms.equals(expectedJarPerms)) {
throw new RuntimeException("Expected default permissions for " + file);
}
}
}
}
}