/* * Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @bug 8281234 * @summary The -protected option is not always checked in keytool and jarsigner * @library /test/lib * @modules java.base/sun.security.tools.keytool * java.base/sun.security.x509 */ import jdk.test.lib.Asserts; import jdk.test.lib.SecurityTools; import jdk.test.lib.util.JarUtils; import sun.security.tools.keytool.CertAndKeyGen; import sun.security.x509.X500Name; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.nio.file.Files; import java.nio.file.Path; import java.security.*; import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Date; import java.util.Enumeration; import java.util.List; import java.util.jar.JarFile; public class AutoKeyStore { public static void main(String[] args) throws Exception { JarUtils.createJarFile(Path.of("unsigned.jar"), Path.of("."), Files.writeString(Path.of("file"), "hello")); SecurityTools.keytool(""" -J--add-exports -Jjava.base/sun.security.tools.keytool=ALL-UNNAMED -J--add-exports -Jjava.base/sun.security.x509=ALL-UNNAMED -providerClass AutoKeyStore$AutoProvider -providerPath $test.classes -storetype AUTO -keystore NONE -protected -list """).shouldHaveExitValue(0) .shouldContain("Keystore type: AUTO") .shouldContain("Keystore provider: AUTO") .shouldContain("PrivateKeyEntry"); SecurityTools.jarsigner(""" -J--add-exports -Jjava.base/sun.security.tools.keytool=ALL-UNNAMED -J--add-exports -Jjava.base/sun.security.x509=ALL-UNNAMED -providerClass AutoKeyStore$AutoProvider -providerPath $test.classes -storetype AUTO -keystore NONE -protected -signedJar signed.jar unsigned.jar one """).shouldHaveExitValue(0) .shouldContain("jar signed."); Asserts.assertTrue(new JarFile("signed.jar") .getEntry("META-INF/ONE.EC") != null); } public static class AutoProvider extends Provider { public AutoProvider() { super("AUTO", "1.1.1", "auto"); put("KeyStore.AUTO", "AutoKeyStore$KeyStoreImpl"); } } // This keystore is not based on file. Whenever it's loaded // a self-sign certificate is generated inside public static class KeyStoreImpl extends KeyStoreSpi { private PrivateKey pri; private PublicKey pub; private X509Certificate cert; @Override public Key engineGetKey(String alias, char[] password) { return pri; } @Override public Certificate[] engineGetCertificateChain(String alias) { return new Certificate[] { cert }; } @Override public Certificate engineGetCertificate(String alias) { return cert; } @Override public Date engineGetCreationDate(String alias) { return new Date(); } @Override public void engineSetKeyEntry(String alias, Key key, char[] password, Certificate[] chain) throws KeyStoreException { throw new KeyStoreException("Not supported"); } @Override public void engineSetKeyEntry(String alias, byte[] key, Certificate[] chain) throws KeyStoreException { throw new KeyStoreException("Not supported"); } @Override public void engineSetCertificateEntry(String alias, Certificate cert) throws KeyStoreException { throw new KeyStoreException("Not supported"); } @Override public void engineDeleteEntry(String alias) throws KeyStoreException { throw new KeyStoreException("Not supported"); } @Override public Enumeration engineAliases() { return Collections.enumeration(List.of("one")); } @Override public boolean engineContainsAlias(String alias) { return alias.equalsIgnoreCase("one"); } @Override public int engineSize() { return 1; } @Override public boolean engineIsKeyEntry(String alias) { return true; } @Override public boolean engineIsCertificateEntry(String alias) { return false; } @Override public String engineGetCertificateAlias(Certificate cert) { return "one"; } @Override public void engineStore(OutputStream stream, char[] password) { } @Override public void engineLoad(InputStream stream, char[] password) throws IOException { try { CertAndKeyGen cag = new CertAndKeyGen("EC", "SHA256withECDSA"); cag.generate("secp256r1"); pri = cag.getPrivateKey(); pub = cag.getPublicKey(); cert = cag.getSelfCertificate(new X500Name("CN=one"), 3600); } catch (Exception e) { throw new IOException("Not loaded"); } } } }