Java Code Examples for jdk.testlibrary.JarUtils#createJar()
The following examples show how to use
jdk.testlibrary.JarUtils#createJar() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: AliasNotInStoreTest.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
Utils.createFiles(FIRST_FILE, SECOND_FILE);
System.out.println(String.format("Create a %s that contains %s",
new Object[]{UNSIGNED_JARFILE, FIRST_FILE}));
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create first key pair for signing
createAlias(FIRST_KEY_ALIAS);
createAlias(SECOND_KEY_ALIAS);
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
FIRST_KEY_ALIAS);
checkSigning(analyzer);
System.out.println(String.format("Copy %s to %s, and add %s",
new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE,
SECOND_FILE}));
JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE);
// sign jar with second key
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE,
SECOND_KEY_ALIAS);
checkSigning(analyzer);
// create keystore that contains only first key
ProcessTools.executeCommand(KEYTOOL,
"-importkeystore",
"-srckeystore", KEYSTORE,
"-srcalias", FIRST_KEY_ALIAS,
"-srcstorepass", PASSWORD,
"-srckeypass", PASSWORD,
"-destkeystore", FIRST_KEY_KEYSTORE,
"-destalias", FIRST_KEY_ALIAS,
"-deststorepass", PASSWORD,
"-destkeypass", PASSWORD).shouldHaveExitValue(0);
// verify jar with keystore that contains only first key,
// so there is signed entry (FirstClass.class) that is not signed
// by any alias in the keystore
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-keystore", FIRST_KEY_KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE);
checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
ALIAS_NOT_IN_STORE_VERIFYING_WARNING);
// verify jar with keystore that contains only first key in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-strict",
"-keystore", FIRST_KEY_KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE);
int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE
+ CHAIN_NOT_VALIDATED_EXIT_CODE;
checkVerifying(analyzer, expectedExitCode,
CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
ALIAS_NOT_IN_STORE_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 2
| Source File: TsacertOptionTest.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
void start() throws Throwable {
// create a jar file that contains one file
Utils.createFiles(FILENAME);
JarUtils.createJar(UNSIGNED_JARFILE, FILENAME);
// look for free network port for TSA service
int port = jdk.testlibrary.Utils.getFreePort();
String host = jdk.testlibrary.Utils.getHostname();
String tsaUrl = "http://" + host + ":" + port;
// create key pair for jar signing
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
"-alias", SIGNING_KEY_ALIAS,
"-keyalg", KEY_ALG,
"-keysize", Integer.toString(KEY_SIZE),
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-dname", "CN=Test",
"-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
// create key pair for TSA service
// SubjectInfoAccess extension contains URL to TSA service
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
"-v",
"-alias", TSA_KEY_ALIAS,
"-keyalg", KEY_ALG,
"-keysize", Integer.toString(KEY_SIZE),
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-dname", "CN=TSA",
"-ext", "ExtendedkeyUsage:critical=timeStamping",
"-ext", "SubjectInfoAccess=timeStamping:URI:" + tsaUrl,
"-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
try (TimestampCheck.Handler tsa = TimestampCheck.Handler.init(port,
KEYSTORE);) {
// start TSA
tsa.start();
// sign jar file
// specify -tsadigestalg option because
// TSA server uses SHA-1 digest algorithm
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-J-Dhttp.proxyHost=",
"-J-Dhttp.proxyPort=",
"-J-Djava.net.useSystemProxies=",
"-verbose",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
"-tsacert", TSA_KEY_ALIAS,
"-tsadigestalg", "SHA-1",
UNSIGNED_JARFILE,
SIGNING_KEY_ALIAS);
analyzer.shouldHaveExitValue(0);
analyzer.stdoutShouldNotContain(WARNING);
analyzer.shouldContain(JAR_SIGNED);
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verbose",
"-verify",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
SIGNED_JARFILE);
analyzer.shouldHaveExitValue(0);
analyzer.stdoutShouldNotContain(WARNING);
analyzer.shouldContain(JAR_VERIFIED);
}
System.out.println("Test passed");
}
Example 3
| Source File: AliasNotInStoreTest.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
Utils.createFiles(FIRST_FILE, SECOND_FILE);
System.out.println(String.format("Create a %s that contains %s",
new Object[]{UNSIGNED_JARFILE, FIRST_FILE}));
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create first key pair for signing
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
"-alias", FIRST_KEY_ALIAS,
"-keyalg", KEY_ALG,
"-keysize", Integer.toString(KEY_SIZE),
"-keystore", BOTH_KEYS_KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-dname", "CN=First",
"-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
// create second key pair for signing
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
"-alias", SECOND_KEY_ALIAS,
"-keyalg", KEY_ALG,
"-keysize", Integer.toString(KEY_SIZE),
"-keystore", BOTH_KEYS_KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-dname", "CN=Second",
"-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", BOTH_KEYS_KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
FIRST_KEY_ALIAS);
checkSigning(analyzer);
System.out.println(String.format("Copy %s to %s, and add %s",
new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE,
SECOND_FILE}));
JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE);
// sign jar with second key
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", BOTH_KEYS_KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE,
SECOND_KEY_ALIAS);
checkSigning(analyzer);
// create keystore that contains only first key
ProcessTools.executeCommand(KEYTOOL,
"-importkeystore",
"-srckeystore", BOTH_KEYS_KEYSTORE,
"-srcalias", FIRST_KEY_ALIAS,
"-srcstorepass", PASSWORD,
"-srckeypass", PASSWORD,
"-destkeystore", FIRST_KEY_KEYSTORE,
"-destalias", FIRST_KEY_ALIAS,
"-deststorepass", PASSWORD,
"-destkeypass", PASSWORD).shouldHaveExitValue(0);
// verify jar with keystore that contains only first key in strict mode,
// so there is signed entry (FirstClass.class) that is not signed
// by any alias in the keystore
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-keystore", FIRST_KEY_KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE);
checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
ALIAS_NOT_IN_STORE_VERIFYING_WARNING);
// verify jar with keystore that contains only first key in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-strict",
"-keystore", FIRST_KEY_KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE);
int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE
+ CHAIN_NOT_VALIDATED_EXIT_CODE;
checkVerifying(analyzer, expectedExitCode,
CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
ALIAS_NOT_IN_STORE_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 4
| Source File: BadExtendedKeyUsageTest.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create a certificate whose signer certificate's
// ExtendedKeyUsage extension doesn't allow code signing
// create key pair for jar signing
createAlias(CA_KEY_ALIAS, "-ext", "bc:c");
createAlias(KEY_ALIAS);
issueCert(
KEY_ALIAS,
"-ext", "ExtendedkeyUsage=serverAuth",
"-validity", Integer.toString(VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verbose",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
KEY_ALIAS);
checkSigning(analyzer, BAD_EXTENDED_KEY_USAGE_SIGNING_WARNING);
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
checkVerifying(analyzer, 0, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING);
// verity signed jar in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-strict",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
checkVerifying(analyzer, BAD_EXTENDED_KEY_USAGE_EXIT_CODE,
BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 5
| Source File: ExtensiblePolicyWithJarTest.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
public static void main(String args[]) throws Throwable {
final String FS = File.separator;
final String PS = File.pathSeparator;
final String POL = "ExtensiblePolicyTest3.policy";
final String JAVA_HOME = System.getProperty("test.jdk");
final String KEYTOOL = JAVA_HOME + FS + "bin" + FS + "keytool";
final String JARSIGNER = JAVA_HOME + FS + "bin" + FS + "jarsigner";
final String KEYSTORE = "epkeystore";
final String PASSWORD = "password";
final String ALIAS = "duke2";
final String CLASSPATH = System.getProperty("test.class.path", "");
final String TESTCLASSES = System.getProperty("test.classes", "");
final String TVPERMJAR = "tvPerm.jar";
final String PATHTOJAR = System.getProperty("user.dir", "")
+ FS + TVPERMJAR;
// create jar file for TVpermission
new File("TVJar").mkdir();
Files.copy(Paths.get(TESTCLASSES + FS + "TVJar", "TVPermission.class"),
Paths.get("TVJar", "TVPermission.class"));
Files.copy(Paths.get(TESTCLASSES + FS + "TVJar",
"TVPermissionCollection.class"),
Paths.get("TVJar", "TVPermissionCollection.class"));
JarUtils.createJar(TVPERMJAR, "TVJar/TVPermission.class",
"TVJar/TVPermissionCollection.class");
// create key pair for jar signing
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
"-alias", ALIAS,
"-keystore", KEYSTORE,
"-storetype", "JKS",
"-keypass", PASSWORD,
"-dname", "cn=Blah",
"-storepass", PASSWORD
).shouldHaveExitValue(0);
// sign jar
ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
TVPERMJAR,
ALIAS).shouldHaveExitValue(0);
// add jar file to classpath
String cp = PATHTOJAR + PS + CLASSPATH;
// policy file grants permission signed by duke2 to watch TVChanel 5
try {
String[] cmd = {
"-classpath", cp,
"-Djava.security.manager",
"-Djava.security.policy=" + POL,
"ExtensiblePolicyTest_orig$TestMain"};
ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
} catch (Exception ex) {
System.out.println("ExtensiblePolicyWithJarTest Failed");
}
}
Example 6
| Source File: AliasNotInStoreTest.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
Utils.createFiles(FIRST_FILE, SECOND_FILE);
System.out.println(String.format("Create a %s that contains %s",
new Object[]{UNSIGNED_JARFILE, FIRST_FILE}));
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create first key pair for signing
createAlias(FIRST_KEY_ALIAS);
createAlias(SECOND_KEY_ALIAS);
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
FIRST_KEY_ALIAS);
checkSigning(analyzer);
System.out.println(String.format("Copy %s to %s, and add %s",
new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE,
SECOND_FILE}));
JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE);
// sign jar with second key
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE,
SECOND_KEY_ALIAS);
checkSigning(analyzer);
// create keystore that contains only first key
ProcessTools.executeCommand(KEYTOOL,
"-importkeystore",
"-srckeystore", KEYSTORE,
"-srcalias", FIRST_KEY_ALIAS,
"-srcstorepass", PASSWORD,
"-srckeypass", PASSWORD,
"-destkeystore", FIRST_KEY_KEYSTORE,
"-destalias", FIRST_KEY_ALIAS,
"-deststorepass", PASSWORD,
"-destkeypass", PASSWORD).shouldHaveExitValue(0);
// verify jar with keystore that contains only first key,
// so there is signed entry (FirstClass.class) that is not signed
// by any alias in the keystore
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-keystore", FIRST_KEY_KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE);
checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
ALIAS_NOT_IN_STORE_VERIFYING_WARNING);
// verify jar with keystore that contains only first key in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-strict",
"-keystore", FIRST_KEY_KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE);
int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE
+ CHAIN_NOT_VALIDATED_EXIT_CODE;
checkVerifying(analyzer, expectedExitCode,
CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
ALIAS_NOT_IN_STORE_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 7
| Source File: HasExpiredCertTest.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for jar signing
keytool(
"-genkey",
"-alias", KEY_ALIAS,
"-keyalg", KEY_ALG,
"-keysize", Integer.toString(KEY_SIZE),
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-dname", "CN=Test",
"-startdate", "-" + SHORT_VALIDITY * 2 + "d",
"-validity", Integer.toString(SHORT_VALIDITY))
.shouldHaveExitValue(0);
// sign jar
OutputAnalyzer analyzer = jarsigner(
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
KEY_ALIAS);
checkSigning(analyzer, HAS_EXPIRED_CERT_SIGNING_WARNING);
// verify signed jar
analyzer = jarsigner(
"-verify",
"-verbose",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
checkVerifying(analyzer, 0, HAS_EXPIRED_CERT_VERIFYING_WARNING);
analyzer = jarsigner(
"-verify",
"-strict",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
checkVerifying(analyzer, HAS_EXPIRED_CERT_EXIT_CODE,
HAS_EXPIRED_CERT_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 8
| Source File: TimestampCheck.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
static void prepare() throws Exception {
JarUtils.createJar("unsigned.jar", "A");
Files.deleteIfExists(Paths.get("ks"));
keytool("-alias signer -genkeypair -ext bc -dname CN=signer");
keytool("-alias oldsigner -genkeypair -dname CN=oldsigner");
keytool("-alias dsakey -genkeypair -keyalg DSA -dname CN=dsakey");
keytool("-alias weakkeysize -genkeypair -keysize 512 -dname CN=weakkeysize");
keytool("-alias badku -genkeypair -dname CN=badku");
keytool("-alias ts -genkeypair -dname CN=ts");
keytool("-alias tsold -genkeypair -dname CN=tsold");
keytool("-alias tsweak -genkeypair -keysize 512 -dname CN=tsweak");
keytool("-alias tsbad1 -genkeypair -dname CN=tsbad1");
keytool("-alias tsbad2 -genkeypair -dname CN=tsbad2");
keytool("-alias tsbad3 -genkeypair -dname CN=tsbad3");
keytool("-alias tsnoca -genkeypair -dname CN=tsnoca");
keytool("-alias expired -genkeypair -dname CN=expired");
keytool("-alias expiring -genkeypair -dname CN=expiring");
keytool("-alias long -genkeypair -dname CN=long");
keytool("-alias tsexpired -genkeypair -dname CN=tsexpired");
keytool("-alias tsexpiring -genkeypair -dname CN=tsexpiring");
keytool("-alias tsexpiringsoon -genkeypair -dname CN=tsexpiringsoon");
keytool("-alias tslong -genkeypair -dname CN=tslong");
// tsnoca's issuer will be removed from keystore later
keytool("-alias ca -genkeypair -ext bc -dname CN=CA");
gencert("tsnoca", "-ext eku:critical=ts");
keytool("-delete -alias ca");
keytool("-alias ca -genkeypair -ext bc -dname CN=CA -startdate -40d");
gencert("signer");
gencert("oldsigner", "-startdate -30d -validity 20");
gencert("dsakey");
gencert("weakkeysize");
gencert("badku", "-ext ku:critical=keyAgreement");
gencert("ts", "-ext eku:critical=ts -validity 500");
gencert("expired", "-validity 10 -startdate -12d");
gencert("expiring", "-validity 178");
gencert("long", "-validity 182");
gencert("tsexpired", "-ext eku:critical=ts -validity 10 -startdate -12d");
gencert("tsexpiring", "-ext eku:critical=ts -validity 364");
gencert("tsexpiringsoon", "-ext eku:critical=ts -validity 170"); // earlier than expiring
gencert("tslong", "-ext eku:critical=ts -validity 367");
for (int i = 0; i < 5; i++) {
// Issue another cert for "ts" with a different EKU.
// Length might be different because serial number is
// random. Try several times until a cert with the same
// length is generated so we can substitute ts.cert
// embedded in the PKCS7 block with ts2.cert.
// If cannot create one, related test will be ignored.
keytool("-gencert -alias ca -infile ts.req -outfile ts2.cert " +
"-ext eku:critical=1.3.6.1.5.5.7.3.9");
if (Files.size(Paths.get("ts.cert")) != Files.size(Paths.get("ts2.cert"))) {
Files.delete(Paths.get("ts2.cert"));
System.out.println("Warning: cannot create same length");
} else {
break;
}
}
gencert("tsold", "-ext eku:critical=ts -startdate -40d -validity 500");
gencert("tsweak", "-ext eku:critical=ts");
gencert("tsbad1");
gencert("tsbad2", "-ext eku=ts");
gencert("tsbad3", "-ext eku:critical=cs");
}
Example 9
| Source File: NotYetValidCertTest.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
protected void start() throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create certificate that will be valid only tomorrow
keytool(
"-genkey",
"-alias", KEY_ALIAS,
"-keyalg", KEY_ALG,
"-keysize", Integer.toString(KEY_SIZE),
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-dname", "CN=Test",
"-startdate", "+1d",
"-validity", Integer.toString(VALIDITY));
// sign jar
OutputAnalyzer analyzer = jarsigner(
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
KEY_ALIAS);
checkSigning(analyzer, NOT_YET_VALID_CERT_SIGNING_WARNING);
// verify signed jar
analyzer = jarsigner(
"-verify",
"-verbose",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
KEY_ALIAS);
checkVerifying(analyzer, 0, NOT_YET_VALID_CERT_VERIFYING_WARNING);
// verify jar in strict mode
analyzer = jarsigner(
"-verify",
"-verbose",
"-strict",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
KEY_ALIAS);
checkVerifying(analyzer, HAS_EXPIRED_CERT_EXIT_CODE,
NOT_YET_VALID_CERT_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 10
| Source File: HasExpiringCertTest.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for jar signing
createAlias(CA_KEY_ALIAS, "-ext", "bc:c");
createAlias(KEY_ALIAS);
issueCert(
KEY_ALIAS,
"-validity", Integer.toString(SHORT_VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-verbose",
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
KEY_ALIAS);
checkSigning(analyzer, HAS_EXPIRING_CERT_SIGNING_WARNING);
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
KEY_ALIAS);
checkVerifying(analyzer, 0, HAS_EXPIRING_CERT_VERIFYING_WARNING);
// verify signed jar in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-strict",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
KEY_ALIAS);
checkVerifying(analyzer, 0, HAS_EXPIRING_CERT_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 11
| Source File: BadKeyUsageTest.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create a certificate whose signer certificate's KeyUsage extension
// doesn't allow code signing
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
"-alias", KEY_ALIAS,
"-keyalg", KEY_ALG,
"-keysize", Integer.toString(KEY_SIZE),
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-dname", "CN=Test",
"-ext", "KeyUsage=keyAgreement",
"-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verbose",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
KEY_ALIAS);
checkSigning(analyzer, BAD_KEY_USAGE_SIGNING_WARNING);
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
checkVerifying(analyzer, 0, BAD_KEY_USAGE_VERIFYING_WARNING);
// verify signed jar in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-strict",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
checkVerifying(analyzer, BAD_KEY_USAGE_EXIT_CODE,
BAD_KEY_USAGE_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 12
| Source File: HasExpiringCertTest.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for jar signing
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
"-alias", KEY_ALIAS,
"-keyalg", KEY_ALG,
"-keysize", Integer.toString(KEY_SIZE),
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-dname", "CN=Test",
"-validity", Integer.toString(SHORT_VALIDITY))
.shouldHaveExitValue(0);
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-verbose",
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
KEY_ALIAS);
checkSigning(analyzer, HAS_EXPIRING_CERT_SIGNING_WARNING);
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
KEY_ALIAS);
checkVerifying(analyzer, 0, HAS_EXPIRING_CERT_VERIFYING_WARNING);
// verify signed jar in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-strict",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
KEY_ALIAS);
checkVerifying(analyzer, 0, HAS_EXPIRING_CERT_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 13
| Source File: HasExpiredCertTest.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for jar signing
createAlias(CA_KEY_ALIAS, "-ext", "bc:c");
createAlias(KEY_ALIAS);
issueCert(
KEY_ALIAS,
"-startdate", "-" + SHORT_VALIDITY * 2 + "d",
"-validity", Integer.toString(SHORT_VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
KEY_ALIAS);
checkSigning(analyzer, HAS_EXPIRED_CERT_SIGNING_WARNING);
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
checkVerifying(analyzer, 0, HAS_EXPIRED_CERT_VERIFYING_WARNING);
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-strict",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
checkVerifying(analyzer, HAS_EXPIRED_CERT_EXIT_CODE,
HAS_EXPIRED_CERT_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 14
| Source File: NoTimestampTest.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
String timezone = System.getProperty("user.timezone");
System.out.println(String.format("Timezone = %s", timezone));
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// calculate certificate expiration date
Date expirationDate = new Date(System.currentTimeMillis() + VALIDITY
* 24 * 60 * 60 * 1000L);
// create key pair
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
"-alias", KEY_ALIAS,
"-keyalg", KEY_ALG,
"-keysize", Integer.toString(KEY_SIZE),
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-dname", "CN=Test",
"-validity", Integer.toString(VALIDITY));
// sign jar file
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-J-Duser.timezone=" + timezone,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
KEY_ALIAS);
String warning = String.format(NO_TIMESTAMP_SIGNING_WARN_TEMPLATE,
expirationDate);
checkSigning(analyzer, warning);
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-J-Duser.timezone=" + timezone,
"-verify",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
KEY_ALIAS);
warning = String.format(NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE, expirationDate);
checkVerifying(analyzer, 0, warning);
// verify signed jar in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-J-Duser.timezone=" + timezone,
"-verify",
"-strict",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
KEY_ALIAS);
checkVerifying(analyzer, 0, warning);
System.out.println("Test passed");
}
Example 15
| Source File: HasExpiringCertTest.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for jar signing
createAlias(CA_KEY_ALIAS, "-ext", "bc:c");
createAlias(KEY_ALIAS);
issueCert(
KEY_ALIAS,
"-validity", Integer.toString(SHORT_VALIDITY));
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-verbose",
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
KEY_ALIAS);
checkSigning(analyzer, HAS_EXPIRING_CERT_SIGNING_WARNING);
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
KEY_ALIAS);
checkVerifying(analyzer, 0, HAS_EXPIRING_CERT_VERIFYING_WARNING);
// verify signed jar in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-strict",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
KEY_ALIAS);
checkVerifying(analyzer, 0, HAS_EXPIRING_CERT_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 16
| Source File: AltProvider.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
public static void main(String[] args) throws Throwable {
// Compile the provider
CompilerUtils.compile(
MOD_SRC_DIR, MOD_DEST_DIR,
"--module-source-path",
MOD_SRC_DIR.toString());
// Create a keystore
tool("keytool", "-keystore x.jks -storetype jks -genkeypair" +
" -storepass changeit -keypass changeit -alias x -dname CN=X")
.shouldHaveExitValue(0);
// Create a jar file
JarUtils.createJar("x.jar", "x.jks");
// Test starts here
// Without new provider
testBoth("", 1, "DUMMYKS not found");
// legacy use (-providerPath only supported by keytool)
testKeytool("-providerPath mods/test.dummy " +
"-providerClass org.test.dummy.DummyProvider -providerArg full",
0, "loadProviderByClass: org.test.dummy.DummyProvider");
// legacy, on classpath
testBoth("-J-cp -Jmods/test.dummy " +
"-providerClass org.test.dummy.DummyProvider -providerArg full",
0, "loadProviderByClass: org.test.dummy.DummyProvider");
// Wrong name
testBoth("-J-cp -Jmods/test.dummy " +
"-providerClass org.test.dummy.Dummy -providerArg full",
1, "Provider \"org.test.dummy.Dummy\" not found");
// Not a provider name
testBoth("-J-cp -Jmods/test.dummy " +
"-providerClass java.lang.Object -providerArg full",
1, "java.lang.Object not a provider");
// without arg
testBoth("-J-cp -Jmods/test.dummy " +
"-providerClass org.test.dummy.DummyProvider",
1, "DUMMYKS not found");
// old -provider still works
testBoth("-J-cp -Jmods/test.dummy " +
"-provider org.test.dummy.DummyProvider -providerArg full",
0, "loadProviderByClass: org.test.dummy.DummyProvider");
// name in a module
testBoth("-J--module-path=mods " +
"-addprovider Dummy -providerArg full",
0, "loadProviderByName: Dummy");
// -providerClass does not work
testBoth("-J--module-path=mods " +
"-providerClass org.test.dummy.DummyProvider -providerArg full",
1, "Provider \"org.test.dummy.DummyProvider\" not found");
// -addprovider with class does not work
testBoth("-J--module-path=mods " +
"-addprovider org.test.dummy.DummyProvider -providerArg full",
1, "Provider named \"org.test.dummy.DummyProvider\" not found");
// -addprovider without arg does not work
testBoth("-J--module-path=mods " +
"-addprovider Dummy",
1, "DUMMYKS not found");
}
Example 17
| Source File: NotSignedByAliasTest.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
|
protected void start() throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
createAlias(CA_KEY_ALIAS, "-ext", "bc:c");
// create first key pair for signing
createAlias(FIRST_KEY_ALIAS);
issueCert(
FIRST_KEY_ALIAS,
"-validity", Integer.toString(VALIDITY));
// create first key pair for signing
createAlias(SECOND_KEY_ALIAS);
issueCert(
SECOND_KEY_ALIAS,
"-validity", Integer.toString(VALIDITY));
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
FIRST_KEY_ALIAS);
checkSigning(analyzer);
// verify jar with second key
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
SECOND_KEY_ALIAS);
checkVerifying(analyzer, 0, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
// verify jar with second key in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-strict",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
SECOND_KEY_ALIAS);
checkVerifying(analyzer, NOT_SIGNED_BY_ALIAS_EXIT_CODE,
NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
// verify jar with non-existing alias
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
"bogus");
checkVerifying(analyzer, 0, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
// verify jar with non-existing alias in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-strict",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE,
"bogus");
checkVerifying(analyzer, NOT_SIGNED_BY_ALIAS_EXIT_CODE,
NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 18
| Source File: AliasNotInStoreTest.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
Utils.createFiles(FIRST_FILE, SECOND_FILE);
System.out.println(String.format("Create a %s that contains %s",
new Object[]{UNSIGNED_JARFILE, FIRST_FILE}));
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create first key pair for signing
createAlias(FIRST_KEY_ALIAS);
createAlias(SECOND_KEY_ALIAS);
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
FIRST_KEY_ALIAS);
checkSigning(analyzer);
System.out.println(String.format("Copy %s to %s, and add %s",
new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE,
SECOND_FILE}));
JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE);
// sign jar with second key
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE,
SECOND_KEY_ALIAS);
checkSigning(analyzer);
// create keystore that contains only first key
ProcessTools.executeCommand(KEYTOOL,
"-importkeystore",
"-srckeystore", KEYSTORE,
"-srcalias", FIRST_KEY_ALIAS,
"-srcstorepass", PASSWORD,
"-srckeypass", PASSWORD,
"-destkeystore", FIRST_KEY_KEYSTORE,
"-destalias", FIRST_KEY_ALIAS,
"-deststorepass", PASSWORD,
"-destkeypass", PASSWORD).shouldHaveExitValue(0);
// verify jar with keystore that contains only first key,
// so there is signed entry (FirstClass.class) that is not signed
// by any alias in the keystore
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-keystore", FIRST_KEY_KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE);
checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
ALIAS_NOT_IN_STORE_VERIFYING_WARNING);
// verify jar with keystore that contains only first key in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-strict",
"-keystore", FIRST_KEY_KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
UPDATED_SIGNED_JARFILE);
int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE
+ CHAIN_NOT_VALIDATED_EXIT_CODE;
checkVerifying(analyzer, expectedExitCode,
CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
ALIAS_NOT_IN_STORE_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 19
| Source File: HasExpiredCertTest.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
|
private void start() throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for jar signing
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
"-alias", KEY_ALIAS,
"-keyalg", KEY_ALG,
"-keysize", Integer.toString(KEY_SIZE),
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-dname", "CN=Test",
"-startdate", "-" + SHORT_VALIDITY * 2 + "d",
"-validity", Integer.toString(SHORT_VALIDITY))
.shouldHaveExitValue(0);
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", SIGNED_JARFILE,
UNSIGNED_JARFILE,
KEY_ALIAS);
checkSigning(analyzer, HAS_EXPIRED_CERT_SIGNING_WARNING);
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-verbose",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
checkVerifying(analyzer, 0, HAS_EXPIRED_CERT_VERIFYING_WARNING);
analyzer = ProcessTools.executeCommand(JARSIGNER,
"-verify",
"-strict",
"-keystore", KEYSTORE,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
SIGNED_JARFILE);
checkVerifying(analyzer, HAS_EXPIRED_CERT_EXIT_CODE,
HAS_EXPIRED_CERT_VERIFYING_WARNING);
System.out.println("Test passed");
}
Example 20
| Source File: Warning.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
|
static void recreateJar() throws Exception {
JarUtils.createJar("a.jar", "ks");
}
