stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8075618: Create tests to check jarsigner work with multi-version jar

Browse Source 
Reviewed-by: weijun
This commit is contained in:
Amanda Jiang 2016-12-19 12:47:54 -08:00
parent f26cc2ffd9
commit 8d09a2b2c9
6 changed files with 393 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

228
jdk/test/sun/security/tools/jarsigner/multiRelease/MVJarSigningTest.java Normal file
View File

@ -0,0 +1,228 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8047305 8075618
* @summary Tests jarsigner tool and JarSigner API work with multi-release JAR files.
* @library /test/lib
* @library /lib/testlibrary
* @run main MVJarSigningTest
*/
import jdk.security.jarsigner.JarSigner;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.jar.JarFile;
import java.util.stream.Stream;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;
import jdk.test.lib.JDKToolFinder;
import jdk.test.lib.JDKToolLauncher;
import jdk.test.lib.Utils;
import jdk.test.lib.process.OutputAnalyzer;
import jdk.test.lib.process.ProcessTools;
public class MVJarSigningTest {
private static final String TEST_SRC = System.getProperty("test.src", ".");
private static final String USR_DIR = System.getProperty("user.dir", ".");
private static final String JAR_NAME = "MV.jar";
private static final String KEYSTORE = "keystore.jks";
private static final String ALIAS = "JavaTest";
private static final String STOREPASS = "changeit";
private static final String KEYPASS = "changeit";
private static final String SIGNED_JAR = "Signed.jar";
private static final String POLICY_FILE = "SignedJar.policy";
private static final String VERSION_MESSAGE = "I am running on version 9";
public static void main(String[] args) throws Throwable {
// compile java files in jarContent directory
compile("jarContent");
// create multi-release jar
Path classes = Paths.get("classes");
jar("cf", JAR_NAME, "-C", classes.resolve("base").toString(), ".",
"--release", "9", "-C", classes.resolve("v9").toString(), ".",
"--release", "10", "-C", classes.resolve("v10").toString(), ".")
.shouldHaveExitValue(0);
genKey();
signJar(JAR_NAME)
.shouldHaveExitValue(0)
.shouldMatch("signing.*META-INF/versions/9/version/Version.class")
.shouldMatch("signing.*META-INF/versions/10/version/Version.class")
.shouldMatch("signing.*version/Main.class")
.shouldMatch("signing.*version/Version.class");
verify(SIGNED_JAR);
// test with JarSigner API
Files.deleteIfExists(Paths.get(SIGNED_JAR));
signWithJarSignerAPI(JAR_NAME);
verify(SIGNED_JAR);
// test Permission granted
File keypass = new File("keypass");
try (FileOutputStream fos = new FileOutputStream(keypass)) {
fos.write(KEYPASS.getBytes());
}
String[] cmd = {
"-classpath", SIGNED_JAR,
"-Djava.security.manager",
"-Djava.security.policy=" +
TEST_SRC + File.separator + POLICY_FILE,
"version.Main"};
ProcessTools.executeTestJvm(cmd)
.shouldHaveExitValue(0)
.shouldContain(VERSION_MESSAGE);
}
private static void compile (String jarContent_path) throws Throwable {
Path classes = Paths.get(USR_DIR, "classes", "base");
Path source = Paths.get(TEST_SRC, jarContent_path, "base", "version");
CompilerUtils.compile(source, classes);
classes = Paths.get(USR_DIR, "classes", "v9");
source = Paths.get(TEST_SRC, jarContent_path , "v9", "version");
CompilerUtils.compile(source, classes);
classes = Paths.get(USR_DIR, "classes", "v10");
source = Paths.get(TEST_SRC, jarContent_path, "v10", "version");
CompilerUtils.compile(source, classes);
}
private static OutputAnalyzer jar(String...args) throws Throwable {
JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("jar");
Stream.of(args).forEach(launcher::addToolArg);
return ProcessTools.executeCommand(launcher.getCommand());
}
private static void genKey() throws Throwable {
String keytool = JDKToolFinder.getJDKTool("keytool");
Files.deleteIfExists(Paths.get(KEYSTORE));
ProcessTools.executeCommand(keytool,
"-J-Duser.language=en",
"-J-Duser.country=US",
"-genkey",
"-alias", ALIAS,
"-keystore", KEYSTORE,
"-keypass", KEYPASS,
"-dname", "cn=sample",
"-storepass", STOREPASS
).shouldHaveExitValue(0);
}
private static OutputAnalyzer signJar(String jarName) throws Throwable {
List<String> args = new ArrayList<>();
args.add("-verbose");
args.add("-signedjar");
args.add(SIGNED_JAR);
args.add(jarName);
args.add(ALIAS);
return jarsigner(args);
}
private static void verify(String signedJarName) throws Throwable {
verifyJar(signedJarName)
.shouldHaveExitValue(0)
.shouldContain("jar verified")
.shouldMatch("smk.*META-INF/versions/9/version/Version.class")
.shouldMatch("smk.*META-INF/versions/10/version/Version.class")
.shouldMatch("smk.*version/Main.class")
.shouldMatch("smk.*version/Version.class");
}
private static OutputAnalyzer verifyJar(String signedJarName) throws Throwable {
List<String> args = new ArrayList<>();
args.add("-verbose");
args.add("-verify");
args.add(signedJarName);
return jarsigner(args);
}
private static OutputAnalyzer jarsigner(List<String> extra)
throws Throwable {
JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("jarsigner")
.addVMArg("-Duser.language=en")
.addVMArg("-Duser.country=US")
.addToolArg("-keystore")
.addToolArg(KEYSTORE)
.addToolArg("-storepass")
.addToolArg(STOREPASS)
.addToolArg("-keypass")
.addToolArg(KEYPASS);
for (String s : extra) {
if (s.startsWith("-J")) {
launcher.addVMArg(s.substring(2));
} else {
launcher.addToolArg(s);
}
}
return ProcessTools.executeCommand(launcher.getCommand());
}
private static void signWithJarSignerAPI(String jarName)
throws Throwable {
// Get JarSigner
try (FileInputStream fis = new FileInputStream(KEYSTORE)) {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(fis, STOREPASS.toCharArray());
PrivateKey pk = (PrivateKey)ks.getKey(ALIAS, KEYPASS.toCharArray());
Certificate cert = ks.getCertificate(ALIAS);
JarSigner signer = new JarSigner.Builder(pk,
CertificateFactory.getInstance("X.509").generateCertPath(
Collections.singletonList(cert)))
.build();
// Sign jar
try (ZipFile src = new JarFile(jarName);
FileOutputStream out = new FileOutputStream(SIGNED_JAR)) {
signer.sign(src,out);
}
}
}
}

10
jdk/test/sun/security/tools/jarsigner/multiRelease/SignedJar.policy Normal file
View File

@ -0,0 +1,10 @@
keystore "file:keystore.jks";
keystorePasswordURL "file:keypass";
grant signedBy "JavaTest" {
permission java.lang.RuntimePermission "setIO";
};
grant signedBy "other" {
permission java.lang.RuntimePermission "setFactory";
};

34
jdk/test/sun/security/tools/jarsigner/multiRelease/jarContent/base/version/Main.java Normal file
View File

@ -0,0 +1,34 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package version;
import java.security.Permission;
public class Main {
public static void main(String[] args) {
Version v = new Version();
System.out.println("I am running on version " + v.getVersion());
}
}

31
jdk/test/sun/security/tools/jarsigner/multiRelease/jarContent/base/version/Version.java Normal file
View File

@ -0,0 +1,31 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package version;
public class Version {
public int getVersion() {
return 8;
}
}

32
jdk/test/sun/security/tools/jarsigner/multiRelease/jarContent/v10/version/Version.java Normal file
View File

@ -0,0 +1,32 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package version;
public class Version {
public int getVersion() {
return 10;
}
}

58
jdk/test/sun/security/tools/jarsigner/multiRelease/jarContent/v9/version/Version.java Normal file
View File

@ -0,0 +1,58 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package version;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
public class Version {
private static final Permission PERM1 = new RuntimePermission("setIO");
private static final Permission PERM2 = new RuntimePermission("setFactory");
public int getVersion() {
checkPermission(PERM1, false);
checkPermission(PERM2, true);
return 9;
}
private void checkPermission(Permission perm, boolean expectException) {
boolean getException = (Boolean) AccessController
.doPrivileged((PrivilegedAction) () -> {
try {
AccessController.checkPermission(perm);
return (Boolean) false;
} catch (AccessControlException ex) {
return (Boolean) true;
}
});
if (expectException ^ getException) {
String message = "Check Permission :" + perm + "\n ExpectException = "
+ expectException + "\n getException = " + getException;
throw new RuntimeException(message);
}
}
}