8242260: Add forRemoval=true to already deprecated ContentSigner
Reviewed-by: alanb, mullan, xuelei
This commit is contained in:
Weijun Wang
parent
474ce89ebc
commit
dc6d76f518
src/jdk.jartool/share/classes
com/sun/jarsigner
jdk/security/jarsigner
sun/security/tools/jarsigner
test/jdk/sun/security/tools/jarsigner
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -38,7 +38,7 @@ import java.security.cert.CertificateException;
|
||||
* @deprecated This class has been deprecated.
|
||||
*/
|
||||
|
||||
@Deprecated(since="9")
|
||||
@Deprecated(since="9", forRemoval=true)
|
||||
public abstract class ContentSigner {
|
||||
|
||||
/**
|
||||
@ -65,6 +65,7 @@ public abstract class ContentSigner {
|
||||
* @throws NullPointerException The exception is thrown if parameters is
|
||||
* null.
|
||||
*/
|
||||
@SuppressWarnings("removal")
|
||||
public abstract byte[] generateSignedData(
|
||||
ContentSignerParameters parameters, boolean omitContent,
|
||||
boolean applyTimestamp)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -36,7 +36,7 @@ import java.util.zip.ZipFile;
|
||||
* @author Vincent Ryan
|
||||
* @deprecated This class has been deprecated.
|
||||
*/
|
||||
@Deprecated(since="9")
|
||||
@Deprecated(since="9", forRemoval=true)
|
||||
public interface ContentSignerParameters {
|
||||
|
||||
/**
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -30,9 +30,9 @@
|
||||
* tool by supplying an alternative implementation of
|
||||
* {@link com.sun.jarsigner.ContentSigner}.
|
||||
*
|
||||
* The classes in this package have been deprecated. New classes should not be
|
||||
* added to this package. Use the {@link jdk.security.jarsigner.JarSigner} API
|
||||
* to sign JAR files.
|
||||
* The classes in this package have been deprecated and will be removed in
|
||||
* a future release. New classes should not be added to this package.
|
||||
* Use the {@link jdk.security.jarsigner.JarSigner} API to sign JAR files.
|
||||
*/
|
||||
|
||||
package com.sun.jarsigner;
|
||||
|
||||
@ -34,6 +34,7 @@ import sun.security.util.SignatureFileVerifier;
|
||||
import sun.security.x509.AlgorithmId;
|
||||
|
||||
import java.io.*;
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.net.SocketTimeoutException;
|
||||
import java.net.URI;
|
||||
import java.net.URL;
|
||||
@ -841,14 +842,14 @@ public final class JarSigner {
|
||||
signer.update(content);
|
||||
byte[] signature = signer.sign();
|
||||
|
||||
@SuppressWarnings("deprecation")
|
||||
@SuppressWarnings("removal")
|
||||
ContentSigner signingMechanism = null;
|
||||
if (altSigner != null) {
|
||||
signingMechanism = loadSigningMechanism(altSigner,
|
||||
altSignerPath);
|
||||
}
|
||||
|
||||
@SuppressWarnings("deprecation")
|
||||
@SuppressWarnings("removal")
|
||||
ContentSignerParameters params =
|
||||
new JarSignerParameters(null, tsaUrl, tSAPolicyID,
|
||||
tSADigestAlg, signature,
|
||||
@ -1058,10 +1059,15 @@ public final class JarSigner {
|
||||
* Try to load the specified signing mechanism.
|
||||
* The URL class loader is used.
|
||||
*/
|
||||
@SuppressWarnings("deprecation")
|
||||
@SuppressWarnings("removal")
|
||||
private ContentSigner loadSigningMechanism(String signerClassName,
|
||||
String signerClassPath) {
|
||||
|
||||
// If there is no signerClassPath provided, search from here
|
||||
if (signerClassPath == null) {
|
||||
signerClassPath = ".";
|
||||
}
|
||||
|
||||
// construct class loader
|
||||
String cpString; // make sure env.class.path defaults to dot
|
||||
|
||||
@ -1077,10 +1083,11 @@ public final class JarSigner {
|
||||
try {
|
||||
// attempt to find signer
|
||||
Class<?> signerClass = appClassLoader.loadClass(signerClassName);
|
||||
Object signer = signerClass.newInstance();
|
||||
Object signer = signerClass.getDeclaredConstructor().newInstance();
|
||||
return (ContentSigner) signer;
|
||||
} catch (ClassNotFoundException|InstantiationException|
|
||||
IllegalAccessException|ClassCastException e) {
|
||||
IllegalAccessException|ClassCastException|
|
||||
NoSuchMethodException| InvocationTargetException e) {
|
||||
throw new IllegalArgumentException(
|
||||
"Invalid altSigner or altSignerPath", e);
|
||||
}
|
||||
@ -1174,7 +1181,7 @@ public final class JarSigner {
|
||||
}
|
||||
|
||||
// Generates the PKCS#7 content of block file
|
||||
@SuppressWarnings("deprecation")
|
||||
@SuppressWarnings("removal")
|
||||
public byte[] generateBlock(ContentSignerParameters params,
|
||||
boolean externalSF,
|
||||
ContentSigner signingMechanism)
|
||||
@ -1192,7 +1199,7 @@ public final class JarSigner {
|
||||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings("deprecation")
|
||||
@SuppressWarnings("removal")
|
||||
class JarSignerParameters implements ContentSignerParameters {
|
||||
|
||||
private String[] args;
|
||||
|
||||
@ -444,13 +444,13 @@ public class Main {
|
||||
if (++n == args.length) usageNoArg();
|
||||
altSignerClass = args[n];
|
||||
System.err.println(
|
||||
rb.getString("This.option.is.deprecated") +
|
||||
rb.getString("This.option.is.forremoval") +
|
||||
"-altsigner");
|
||||
} else if (collator.compare(flags, "-altsignerpath") ==0) {
|
||||
if (++n == args.length) usageNoArg();
|
||||
altSignerClasspath = args[n];
|
||||
System.err.println(
|
||||
rb.getString("This.option.is.deprecated") +
|
||||
rb.getString("This.option.is.forremoval") +
|
||||
"-altsignerpath");
|
||||
} else if (collator.compare(flags, "-sectionsonly") ==0) {
|
||||
signManifest = false;
|
||||
|
||||
@ -44,7 +44,7 @@ public class Resources extends java.util.ListResourceBundle {
|
||||
{"provider.class.not.found", "Provider \"%s\" not found"},
|
||||
{"jarsigner.error.", "jarsigner error: "},
|
||||
{"Illegal.option.", "Illegal option: "},
|
||||
{"This.option.is.deprecated", "This option is deprecated: "},
|
||||
{"This.option.is.forremoval", "This option is deprecated and will be removed in a future release: "},
|
||||
{".keystore.must.be.NONE.if.storetype.is.{0}",
|
||||
"-keystore must be NONE if -storetype is {0}"},
|
||||
{".keypass.can.not.be.specified.if.storetype.is.{0}",
|
||||
@ -93,10 +93,10 @@ public class Resources extends java.util.ListResourceBundle {
|
||||
"[-tsadigestalg <algorithm>] algorithm of digest data in timestamping request"},
|
||||
{".altsigner.class.class.name.of.an.alternative.signing.mechanism",
|
||||
"[-altsigner <class>] class name of an alternative signing mechanism\n" +
|
||||
" (This option has been deprecated.)"},
|
||||
" (This option is deprecated and will be removed in a future release.)"},
|
||||
{".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
|
||||
"[-altsignerpath <pathlist>] location of an alternative signing mechanism\n" +
|
||||
" (This option has been deprecated.)"},
|
||||
" (This option is deprecated and will be removed in a future release.)"},
|
||||
{".internalsf.include.the.SF.file.inside.the.signature.block",
|
||||
"[-internalsf] include the .SF file inside the signature block"},
|
||||
{".sectionsonly.don.t.compute.hash.of.entire.manifest",
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2007, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -45,7 +45,7 @@ import sun.security.x509.*;
|
||||
*
|
||||
* @author Vincent Ryan
|
||||
*/
|
||||
@SuppressWarnings("deprecation")
|
||||
@SuppressWarnings("removal")
|
||||
public final class TimestampedSigner extends ContentSigner {
|
||||
|
||||
/*
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -23,30 +23,25 @@
|
||||
|
||||
/**
|
||||
* @test
|
||||
* @bug 8056174
|
||||
* @bug 8056174 8242260
|
||||
* @summary Make sure the jarsigner tool still works after it's modified to
|
||||
* be based on JarSigner API
|
||||
* @library /test/lib
|
||||
* @modules java.base/sun.security.tools.keytool
|
||||
* jdk.jartool/sun.security.tools.jarsigner
|
||||
* java.base/sun.security.pkcs
|
||||
* @modules java.base/sun.security.pkcs
|
||||
* java.base/sun.security.x509
|
||||
* @build jdk.test.lib.util.JarUtils
|
||||
* @run main Options
|
||||
*/
|
||||
|
||||
import com.sun.jarsigner.ContentSigner;
|
||||
import com.sun.jarsigner.ContentSignerParameters;
|
||||
import jdk.test.lib.Asserts;
|
||||
import jdk.test.lib.SecurityTools;
|
||||
import jdk.test.lib.util.JarUtils;
|
||||
import sun.security.pkcs.PKCS7;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Paths;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.nio.file.Path;
|
||||
import java.util.*;
|
||||
import java.util.jar.Attributes;
|
||||
import java.util.jar.JarEntry;
|
||||
@ -57,21 +52,41 @@ public class Options {
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
|
||||
// Help
|
||||
boolean lastLineHasAltSigner = false;
|
||||
for (String line : SecurityTools.jarsigner("--help").asLines()) {
|
||||
if (line.contains("-altsigner")) {
|
||||
lastLineHasAltSigner = true;
|
||||
} else {
|
||||
if (lastLineHasAltSigner) {
|
||||
Asserts.assertTrue(line.contains("deprecated and will be removed"));
|
||||
}
|
||||
lastLineHasAltSigner = false;
|
||||
}
|
||||
}
|
||||
|
||||
// Prepares raw file
|
||||
Files.write(Paths.get("a"), List.of("a"));
|
||||
Files.write(Path.of("a"), List.of("a"));
|
||||
|
||||
// Pack
|
||||
JarUtils.createJar("a.jar", "a");
|
||||
JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("a"));
|
||||
|
||||
// Prepare a keystore
|
||||
sun.security.tools.keytool.Main.main(
|
||||
("-keystore jks -storepass changeit -keypass changeit -dname" +
|
||||
" CN=A -alias a -genkeypair -keyalg rsa").split(" "));
|
||||
SecurityTools.keytool(
|
||||
"-keystore jks -storepass changeit -keypass changeit -dname" +
|
||||
" CN=A -alias a -genkeypair -keyalg rsa")
|
||||
.shouldHaveExitValue(0);
|
||||
|
||||
// -altsign
|
||||
sun.security.tools.jarsigner.Main.main(
|
||||
("-debug -signedjar altsign.jar -keystore jks -storepass changeit" +
|
||||
" -altsigner Options$X a.jar a").split(" "));
|
||||
SecurityTools.jarsigner(
|
||||
"-debug -signedjar altsign.jar -keystore jks -storepass changeit" +
|
||||
" -altsigner Options$X" +
|
||||
" -altsignerpath " + System.getProperty("test.classes") +
|
||||
" a.jar a")
|
||||
.shouldContain("removed in a future release: -altsigner")
|
||||
.shouldContain("removed in a future release: -altsignerpath")
|
||||
.shouldContain("PKCS7.parse"); // signature not parseable
|
||||
// but signing succeeds
|
||||
|
||||
try (JarFile jf = new JarFile("altsign.jar")) {
|
||||
JarEntry je = jf.getJarEntry("META-INF/A.RSA");
|
||||
@ -82,11 +97,25 @@ public class Options {
|
||||
}
|
||||
}
|
||||
|
||||
// -altsign with no -altsignerpath
|
||||
Files.copy(Path.of(System.getProperty("test.classes"), "Options$X.class"),
|
||||
Path.of("Options$X.class"));
|
||||
SecurityTools.jarsigner(
|
||||
"-debug -signedjar altsign.jar -keystore jks -storepass changeit" +
|
||||
" -altsigner Options$X" +
|
||||
" a.jar a")
|
||||
.shouldContain("removed in a future release: -altsigner")
|
||||
.shouldNotContain("removed in a future release: -altsignerpath")
|
||||
.shouldContain("PKCS7.parse"); // signature not parseable
|
||||
// but signing succeeds
|
||||
|
||||
// -sigfile, -digestalg, -sigalg, -internalsf, -sectionsonly
|
||||
sun.security.tools.jarsigner.Main.main(
|
||||
("-debug -signedjar new.jar -keystore jks -storepass changeit" +
|
||||
SecurityTools.jarsigner(
|
||||
"-debug -signedjar new.jar -keystore jks -storepass changeit" +
|
||||
" -sigfile olala -digestalg SHA1 -sigalg SHA224withRSA" +
|
||||
" -internalsf -sectionsonly a.jar a").split(" "));
|
||||
" -internalsf -sectionsonly a.jar a")
|
||||
.shouldHaveExitValue(0)
|
||||
.shouldNotContain("Exception"); // a real success
|
||||
|
||||
try (JarFile jf = new JarFile("new.jar")) {
|
||||
JarEntry je = jf.getJarEntry("META-INF/OLALA.SF");
|
||||
@ -130,9 +159,7 @@ public class Options {
|
||||
public static class X extends ContentSigner {
|
||||
@Override
|
||||
public byte[] generateSignedData(ContentSignerParameters parameters,
|
||||
boolean omitContent, boolean applyTimestamp)
|
||||
throws NoSuchAlgorithmException, CertificateException,
|
||||
IOException {
|
||||
boolean omitContent, boolean applyTimestamp) {
|
||||
return "1234".getBytes();
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user