2020-07-02 08:17:31 +00:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
|
|
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
|
*
|
|
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
|
|
* accompanied this code).
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU General Public License version
|
|
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
*
|
|
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
|
|
* questions.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @test
|
|
|
|
* @bug 8218021
|
|
|
|
* @summary Have jarsigner preserve posix permission attributes
|
|
|
|
* @modules jdk.jartool/sun.security.tools.jarsigner
|
|
|
|
* java.base/sun.security.tools.keytool
|
|
|
|
* @library /test/lib
|
|
|
|
* @run main/othervm PosixPermissionsTest
|
|
|
|
*/
|
|
|
|
|
|
|
|
import java.net.URI;
|
2020-11-13 17:28:05 +00:00
|
|
|
import java.nio.file.FileSystem;
|
|
|
|
import java.nio.file.FileSystems;
|
|
|
|
import java.nio.file.Files;
|
|
|
|
import java.nio.file.Path;
|
|
|
|
import java.nio.file.StandardCopyOption;
|
2020-07-02 08:17:31 +00:00
|
|
|
import java.nio.file.attribute.PosixFilePermission;
|
|
|
|
import java.nio.file.attribute.PosixFilePermissions;
|
2020-11-13 17:28:05 +00:00
|
|
|
import java.util.HashMap;
|
|
|
|
import java.util.List;
|
|
|
|
import java.util.Map;
|
|
|
|
import java.util.Set;
|
2020-07-02 08:17:31 +00:00
|
|
|
|
|
|
|
import jdk.test.lib.SecurityTools;
|
|
|
|
|
|
|
|
public class PosixPermissionsTest {
|
|
|
|
private static List<String> perms = List.of(
|
|
|
|
"---------",
|
|
|
|
"r--------",
|
|
|
|
"-w-------",
|
|
|
|
"--x------",
|
|
|
|
"rwx------",
|
|
|
|
"---r-----",
|
|
|
|
"----w----",
|
|
|
|
"-----x---",
|
|
|
|
"---rwx---",
|
|
|
|
"------r--",
|
|
|
|
"-------w-",
|
|
|
|
"--------x",
|
|
|
|
"------rwx",
|
|
|
|
"r--r-----",
|
|
|
|
"r--r--r--",
|
|
|
|
"rw-rw----",
|
|
|
|
"rwxrwx---",
|
|
|
|
"rw-rw-r--",
|
|
|
|
"r-xr-x---",
|
|
|
|
"r-xr-xr-x",
|
|
|
|
"rwxrwxrwx");
|
|
|
|
|
|
|
|
private final static String ZIPFILENAME = "8218021-test.zip";
|
|
|
|
private final static String JARFILENAME = "8218021-test.jar";
|
|
|
|
private final static URI JARURI = URI.create("jar:" + Path.of(JARFILENAME).toUri());
|
|
|
|
private final static URI ZIPURI = URI.create("jar:" + Path.of(ZIPFILENAME).toUri());
|
|
|
|
private static Path file;
|
|
|
|
private static int count;
|
|
|
|
private static Set<PosixFilePermission> permsSet;
|
|
|
|
private static String expectedJarPerms;
|
2020-09-07 19:01:07 +00:00
|
|
|
private static final String WARNING_MSG = "POSIX file permission and/or symlink " +
|
|
|
|
"attributes detected. These attributes are ignored when signing and are not " +
|
|
|
|
"protected by the signature.";
|
2020-07-02 08:17:31 +00:00
|
|
|
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
|
|
createFiles();
|
2020-11-13 17:28:05 +00:00
|
|
|
|
2020-07-02 08:17:31 +00:00
|
|
|
// check permissions before signing
|
|
|
|
verifyFilePermissions(ZIPURI, true);
|
|
|
|
verifyFilePermissions(JARURI, false);
|
|
|
|
|
2020-11-13 17:28:05 +00:00
|
|
|
// generate key for signing
|
2020-07-02 08:17:31 +00:00
|
|
|
SecurityTools.keytool(
|
|
|
|
"-genkey",
|
|
|
|
"-keyalg", "RSA",
|
|
|
|
"-dname", "CN=Coffey, OU=JPG, O=Oracle, L=Santa Clara, ST=California, C=US",
|
|
|
|
"-alias", "examplekey",
|
|
|
|
"-storepass", "password",
|
|
|
|
"-keypass", "password",
|
|
|
|
"-keystore", "examplekeystore",
|
|
|
|
"-validity", "365")
|
|
|
|
.shouldHaveExitValue(0);
|
|
|
|
|
2020-11-13 17:28:05 +00:00
|
|
|
// sign zip file - expect warning
|
2020-07-02 08:17:31 +00:00
|
|
|
SecurityTools.jarsigner(
|
|
|
|
"-keystore", "examplekeystore",
|
|
|
|
"-verbose", ZIPFILENAME,
|
|
|
|
"-storepass", "password",
|
|
|
|
"-keypass", "password",
|
|
|
|
"examplekey")
|
|
|
|
.shouldHaveExitValue(0)
|
2020-09-07 19:01:07 +00:00
|
|
|
.shouldContain(WARNING_MSG);
|
2020-07-02 08:17:31 +00:00
|
|
|
|
2020-11-13 17:28:05 +00:00
|
|
|
// recheck permissions after signing
|
2020-07-02 08:17:31 +00:00
|
|
|
verifyFilePermissions(ZIPURI, true);
|
|
|
|
|
2020-11-13 17:28:05 +00:00
|
|
|
// sign jar file - expect no warning
|
|
|
|
SecurityTools.jarsigner(
|
|
|
|
"-keystore", "examplekeystore",
|
2020-07-02 08:17:31 +00:00
|
|
|
"-verbose", JARFILENAME,
|
|
|
|
"-storepass", "password",
|
|
|
|
"-keypass", "password",
|
|
|
|
"examplekey")
|
|
|
|
.shouldHaveExitValue(0)
|
2020-09-07 19:01:07 +00:00
|
|
|
.shouldNotContain(WARNING_MSG);
|
2020-07-02 08:17:31 +00:00
|
|
|
|
2020-11-13 17:28:05 +00:00
|
|
|
// recheck permissions after signing
|
2020-07-02 08:17:31 +00:00
|
|
|
verifyFilePermissions(JARURI, false);
|
|
|
|
|
2020-11-13 17:28:05 +00:00
|
|
|
// verify zip file - expect warning
|
|
|
|
SecurityTools.jarsigner(
|
|
|
|
"-keystore", "examplekeystore",
|
2020-07-02 08:17:31 +00:00
|
|
|
"-storepass", "password",
|
|
|
|
"-keypass", "password",
|
|
|
|
"-verbose",
|
|
|
|
"-verify", ZIPFILENAME)
|
|
|
|
.shouldHaveExitValue(0)
|
2020-09-07 19:01:07 +00:00
|
|
|
.shouldContain(WARNING_MSG);
|
2020-07-02 08:17:31 +00:00
|
|
|
|
2020-11-13 17:28:05 +00:00
|
|
|
// verify jar file - expect no warning
|
|
|
|
SecurityTools.jarsigner(
|
|
|
|
"-keystore", "examplekeystore",
|
2020-07-02 08:17:31 +00:00
|
|
|
"-storepass", "password",
|
|
|
|
"-keypass", "password",
|
|
|
|
"-verbose",
|
|
|
|
"-verify", JARFILENAME)
|
|
|
|
.shouldHaveExitValue(0)
|
2020-09-07 19:01:07 +00:00
|
|
|
.shouldNotContain(WARNING_MSG);
|
2020-07-02 08:17:31 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
private static void createFiles() throws Exception {
|
|
|
|
|
|
|
|
String fileList = " ";
|
|
|
|
Map<String, String> env = new HashMap<>();
|
|
|
|
env.put("create", "true");
|
|
|
|
env.put("enablePosixFileAttributes", "true");
|
|
|
|
|
|
|
|
try (FileSystem zipfs = FileSystems.newFileSystem(ZIPURI, env)) {
|
|
|
|
for (String s : perms) {
|
|
|
|
file = Path.of("test_" + count++);
|
|
|
|
fileList += file + " ";
|
|
|
|
permsSet = PosixFilePermissions.fromString(s);
|
|
|
|
Files.createFile(file);
|
|
|
|
|
|
|
|
Files.copy(file,
|
|
|
|
zipfs.getPath(file.toString()),
|
|
|
|
StandardCopyOption.COPY_ATTRIBUTES);
|
|
|
|
Files.setPosixFilePermissions(zipfs.getPath(file.toString()), permsSet);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// create jar file for testing also
|
|
|
|
SecurityTools.jar("cf " + JARFILENAME + fileList);
|
|
|
|
try (FileSystem jarfs = FileSystems.newFileSystem(JARURI, env)) {
|
|
|
|
expectedJarPerms = PosixFilePermissions.toString(
|
|
|
|
Files.getPosixFilePermissions(jarfs.getPath("test_1")));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
private static void verifyFilePermissions(URI u, boolean containAttributes) throws Exception {
|
|
|
|
count = 0;
|
|
|
|
for (String s : perms) {
|
|
|
|
file = Path.of("test_" + count++);
|
|
|
|
checkEntryAttributes(u, file, s, containAttributes);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
private static void checkEntryAttributes(URI uri, Path file,
|
|
|
|
String expectedPerms, boolean containAttributes) throws Exception {
|
|
|
|
try (FileSystem zipfs = FileSystems.newFileSystem(uri, Map.of("enablePosixFileAttributes", "true"))) {
|
|
|
|
Path p = zipfs.getPath(file.getFileName().toString());
|
|
|
|
Set<PosixFilePermission> permsSet = Files.getPosixFilePermissions(p);
|
|
|
|
String actualPerms = PosixFilePermissions.toString(permsSet);
|
|
|
|
if (containAttributes) {
|
|
|
|
if (!expectedPerms.equals(actualPerms)) {
|
|
|
|
throw new RuntimeException("Unexpected permissions for: " + file + ". Received: " + actualPerms);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if (!actualPerms.equals(expectedJarPerms)) {
|
|
|
|
throw new RuntimeException("Expected default permissions for " + file);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|