Java Code Examples for jdk.testlibrary.JarUtils#updateJar()
The following examples show how to use
jdk.testlibrary.JarUtils#updateJar() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: TimestampCheck.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
private static void checkMissingOrInvalidFiles(String s) throws Throwable { JarUtils.updateJar(s, "1.jar", mapOf("META-INF/SIGNER.SF", Boolean.FALSE)); verify("1.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Missing signature-related file META-INF/SIGNER.SF"); JarUtils.updateJar(s, "2.jar", mapOf("META-INF/SIGNER.RSA", Boolean.FALSE)); verify("2.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Missing block file for signature-related file META-INF/SIGNER.SF"); JarUtils.updateJar(s, "3.jar", mapOf("META-INF/SIGNER.SF", "dummy")); verify("3.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Unparsable signature-related file META-INF/SIGNER.SF"); JarUtils.updateJar(s, "4.jar", mapOf("META-INF/SIGNER.RSA", "dummy")); verify("4.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Unparsable signature-related file META-INF/SIGNER.RSA"); }
Example 2
Source File: TimestampCheck.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
private static void checkMissingOrInvalidFiles(String s) throws Throwable { JarUtils.updateJar(s, "1.jar", mapOf("META-INF/SIGNER.SF", Boolean.FALSE)); verify("1.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Missing signature-related file META-INF/SIGNER.SF"); JarUtils.updateJar(s, "2.jar", mapOf("META-INF/SIGNER.RSA", Boolean.FALSE)); verify("2.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Missing block file for signature-related file META-INF/SIGNER.SF"); JarUtils.updateJar(s, "3.jar", mapOf("META-INF/SIGNER.SF", "dummy")); verify("3.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Unparsable signature-related file META-INF/SIGNER.SF"); JarUtils.updateJar(s, "4.jar", mapOf("META-INF/SIGNER.RSA", "dummy")); verify("4.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Unparsable signature-related file META-INF/SIGNER.RSA"); }
Example 3
Source File: TimestampCheck.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
private static void checkMissingOrInvalidFiles(String s) throws Throwable { JarUtils.updateJar(s, "1.jar", mapOf("META-INF/SIGNER.SF", Boolean.FALSE)); verify("1.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Missing signature-related file META-INF/SIGNER.SF"); JarUtils.updateJar(s, "2.jar", mapOf("META-INF/SIGNER.RSA", Boolean.FALSE)); verify("2.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Missing block file for signature-related file META-INF/SIGNER.SF"); JarUtils.updateJar(s, "3.jar", mapOf("META-INF/SIGNER.SF", "dummy")); verify("3.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Unparsable signature-related file META-INF/SIGNER.SF"); JarUtils.updateJar(s, "4.jar", mapOf("META-INF/SIGNER.RSA", "dummy")); verify("4.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Unparsable signature-related file META-INF/SIGNER.RSA"); }
Example 4
Source File: TimestampCheck.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
private static void checkMissingOrInvalidFiles(String s) throws Throwable { JarUtils.updateJar(s, "1.jar", mapOf("META-INF/SIGNER.SF", Boolean.FALSE)); verify("1.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Missing signature-related file META-INF/SIGNER.SF"); JarUtils.updateJar(s, "2.jar", mapOf("META-INF/SIGNER.RSA", Boolean.FALSE)); verify("2.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Missing block file for signature-related file META-INF/SIGNER.SF"); JarUtils.updateJar(s, "3.jar", mapOf("META-INF/SIGNER.SF", "dummy")); verify("3.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Unparsable signature-related file META-INF/SIGNER.SF"); JarUtils.updateJar(s, "4.jar", mapOf("META-INF/SIGNER.RSA", "dummy")); verify("4.jar", "-verbose") .shouldHaveExitValue(16) .shouldContain("treated as unsigned") .shouldContain("Unparsable signature-related file META-INF/SIGNER.RSA"); }
Example 5
Source File: TimestampCheck.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
private static void checkMissingOrInvalidFiles(String s) throws Throwable { JarUtils.updateJar(s, "1.jar", "-", "META-INF/OLD.SF"); verify("1.jar", "-verbose") .shouldHaveExitValue(0) .shouldContain("treated as unsigned") .shouldContain("Missing signature-related file META-INF/OLD.SF"); JarUtils.updateJar(s, "2.jar", "-", "META-INF/OLD.RSA"); verify("2.jar", "-verbose") .shouldHaveExitValue(0) .shouldContain("treated as unsigned") .shouldContain("Missing block file for signature-related file META-INF/OLD.SF"); JarUtils.updateJar(s, "3.jar", "META-INF/OLD.SF"); verify("3.jar", "-verbose") .shouldHaveExitValue(0) .shouldContain("treated as unsigned") .shouldContain("Unparsable signature-related file META-INF/OLD.SF"); JarUtils.updateJar(s, "4.jar", "META-INF/OLD.RSA"); verify("4.jar", "-verbose") .shouldHaveExitValue(0) .shouldContain("treated as unsigned") .shouldContain("Unparsable signature-related file META-INF/OLD.RSA"); }
Example 6
Source File: TimestampCheck.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
private static void checkInvalidTsaCertKeyUsage() throws Exception { // Hack: Rewrite the TSA cert inside normal.jar into ts2.jar. // Both the cert and the serial number must be rewritten. byte[] tsCert = Files.readAllBytes(Paths.get("ts.cert")); byte[] ts2Cert = Files.readAllBytes(Paths.get("ts2.cert")); byte[] tsSerial = getCert(tsCert) .getSerialNumber().toByteArray(); byte[] ts2Serial = getCert(ts2Cert) .getSerialNumber().toByteArray(); byte[] oldBlock; try (JarFile normal = new JarFile("normal.jar")) { oldBlock = Utils.readAllBytes(normal.getInputStream( normal.getJarEntry("META-INF/SIGNER.RSA"))); } JarUtils.updateJar("normal.jar", "ts2.jar", mapOf("META-INF/SIGNER.RSA", updateBytes(updateBytes(oldBlock, tsCert, ts2Cert), tsSerial, ts2Serial))); verify("ts2.jar", "-verbose", "-certs") .shouldHaveExitValue(64) .shouldContain("jar verified") .shouldContain("Invalid TSA certificate chain: Extended key usage does not permit use for TSA server"); }
Example 7
Source File: TimestampCheck.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
private static void checkInvalidTsaCertKeyUsage() throws Exception { // Hack: Rewrite the TSA cert inside normal.jar into ts2.jar. // Both the cert and the serial number must be rewritten. byte[] tsCert = Files.readAllBytes(Paths.get("ts.cert")); byte[] ts2Cert = Files.readAllBytes(Paths.get("ts2.cert")); byte[] tsSerial = getCert(tsCert) .getSerialNumber().toByteArray(); byte[] ts2Serial = getCert(ts2Cert) .getSerialNumber().toByteArray(); byte[] oldBlock; try (JarFile normal = new JarFile("normal.jar")) { oldBlock = Utils.readAllBytes(normal.getInputStream( normal.getJarEntry("META-INF/SIGNER.RSA"))); } JarUtils.updateJar("normal.jar", "ts2.jar", mapOf("META-INF/SIGNER.RSA", updateBytes(updateBytes(oldBlock, tsCert, ts2Cert), tsSerial, ts2Serial))); verify("ts2.jar", "-verbose", "-certs") .shouldHaveExitValue(64) .shouldContain("jar verified") .shouldContain("Invalid TSA certificate chain: Extended key usage does not permit use for TSA server"); }
Example 8
Source File: TimestampCheck.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
private static void checkInvalidTsaCertKeyUsage() throws Exception { // Hack: Rewrite the TSA cert inside normal.jar into ts2.jar. // Both the cert and the serial number must be rewritten. byte[] tsCert = Files.readAllBytes(Paths.get("ts.cert")); byte[] ts2Cert = Files.readAllBytes(Paths.get("ts2.cert")); byte[] tsSerial = getCert(tsCert) .getSerialNumber().toByteArray(); byte[] ts2Serial = getCert(ts2Cert) .getSerialNumber().toByteArray(); byte[] oldBlock; try (JarFile normal = new JarFile("normal.jar")) { oldBlock = Utils.readAllBytes(normal.getInputStream( normal.getJarEntry("META-INF/SIGNER.RSA"))); } JarUtils.updateJar("normal.jar", "ts2.jar", mapOf("META-INF/SIGNER.RSA", updateBytes(updateBytes(oldBlock, tsCert, ts2Cert), tsSerial, ts2Serial))); verify("ts2.jar", "-verbose", "-certs") .shouldHaveExitValue(64) .shouldContain("jar verified") .shouldContain("Invalid TSA certificate chain: Extended key usage does not permit use for TSA server"); }
Example 9
Source File: TimestampCheck.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
private static void checkInvalidTsaCertKeyUsage() throws Exception { // Hack: Rewrite the TSA cert inside normal.jar into ts2.jar. // Both the cert and the serial number must be rewritten. byte[] tsCert = Files.readAllBytes(Paths.get("ts.cert")); byte[] ts2Cert = Files.readAllBytes(Paths.get("ts2.cert")); byte[] tsSerial = getCert(tsCert) .getSerialNumber().toByteArray(); byte[] ts2Serial = getCert(ts2Cert) .getSerialNumber().toByteArray(); byte[] oldBlock; try (JarFile normal = new JarFile("normal.jar")) { oldBlock = Utils.readAllBytes(normal.getInputStream( normal.getJarEntry("META-INF/SIGNER.RSA"))); } JarUtils.updateJar("normal.jar", "ts2.jar", mapOf("META-INF/SIGNER.RSA", updateBytes(updateBytes(oldBlock, tsCert, ts2Cert), tsSerial, ts2Serial))); verify("ts2.jar", "-verbose", "-certs") .shouldHaveExitValue(64) .shouldContain("jar verified") .shouldContain("Invalid TSA certificate chain: Extended key usage does not permit use for TSA server"); }
Example 10
Source File: AliasNotInStoreTest.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
private void start() throws Throwable { Utils.createFiles(FIRST_FILE, SECOND_FILE); System.out.println(String.format("Create a %s that contains %s", new Object[]{UNSIGNED_JARFILE, FIRST_FILE})); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create first key pair for signing ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", FIRST_KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", BOTH_KEYS_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=First", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); // create second key pair for signing ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", SECOND_KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", BOTH_KEYS_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Second", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); // sign jar with first key OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-keystore", BOTH_KEYS_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, FIRST_KEY_ALIAS); checkSigning(analyzer); System.out.println(String.format("Copy %s to %s, and add %s", new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE})); JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); // sign jar with second key analyzer = ProcessTools.executeCommand(JARSIGNER, "-keystore", BOTH_KEYS_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, SECOND_KEY_ALIAS); checkSigning(analyzer); // create keystore that contains only first key ProcessTools.executeCommand(KEYTOOL, "-importkeystore", "-srckeystore", BOTH_KEYS_KEYSTORE, "-srcalias", FIRST_KEY_ALIAS, "-srcstorepass", PASSWORD, "-srckeypass", PASSWORD, "-destkeystore", FIRST_KEY_KEYSTORE, "-destalias", FIRST_KEY_ALIAS, "-deststorepass", PASSWORD, "-destkeypass", PASSWORD).shouldHaveExitValue(0); // verify jar with keystore that contains only first key in strict mode, // so there is signed entry (FirstClass.class) that is not signed // by any alias in the keystore analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", FIRST_KEY_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING, ALIAS_NOT_IN_STORE_VERIFYING_WARNING); // verify jar with keystore that contains only first key in strict mode analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", FIRST_KEY_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE + CHAIN_NOT_VALIDATED_EXIT_CODE; checkVerifying(analyzer, expectedExitCode, CHAIN_NOT_VALIDATED_VERIFYING_WARNING, ALIAS_NOT_IN_STORE_VERIFYING_WARNING); System.out.println("Test passed"); }
Example 11
Source File: HasUnsignedEntryTest.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
private void start() throws Throwable { System.out.println(String.format("Create a %s that contains %s", UNSIGNED_JARFILE, FIRST_FILE)); Utils.createFiles(FIRST_FILE, SECOND_FILE); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create key pair for signing createAlias(CA_KEY_ALIAS, "-ext", "bc:c"); createAlias(KEY_ALIAS); issueCert( KEY_ALIAS, "-validity", Integer.toString(VALIDITY)); // sign jar OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS); checkSigning(analyzer); System.out.println(String.format("Copy %s to %s, and add %s.class, " + "so it contains unsigned entry", new Object[]{SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE})); JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); // verify jar analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, 0, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); // verify jar in strict mode analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, HAS_UNSIGNED_ENTRY_EXIT_CODE, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); System.out.println("Test passed"); }
Example 12
Source File: HasUnsignedEntryTest.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
private void start() throws Throwable { System.out.println(String.format("Create a %s that contains %s", UNSIGNED_JARFILE, FIRST_FILE)); Utils.createFiles(FIRST_FILE, SECOND_FILE); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create key pair for signing ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Test", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); // sign jar OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS); checkSigning(analyzer); System.out.println(String.format("Copy %s to %s, and add %s.class, " + "so it contains unsigned entry", new Object[]{SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE})); JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); // verify jar analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, 0, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); // verify jar in strict mode analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, HAS_UNSIGNED_ENTRY_EXIT_CODE, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); System.out.println("Test passed"); }
Example 13
Source File: AliasNotInStoreTest.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
private void start() throws Throwable { Utils.createFiles(FIRST_FILE, SECOND_FILE); System.out.println(String.format("Create a %s that contains %s", new Object[]{UNSIGNED_JARFILE, FIRST_FILE})); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create first key pair for signing keytool( "-genkey", "-alias", FIRST_KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", BOTH_KEYS_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=First", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); // create second key pair for signing keytool( "-genkey", "-alias", SECOND_KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", BOTH_KEYS_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Second", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); // sign jar with first key OutputAnalyzer analyzer = jarsigner( "-keystore", BOTH_KEYS_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, FIRST_KEY_ALIAS); checkSigning(analyzer); System.out.println(String.format("Copy %s to %s, and add %s", new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE})); JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); // sign jar with second key analyzer = jarsigner( "-keystore", BOTH_KEYS_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, SECOND_KEY_ALIAS); checkSigning(analyzer); // create keystore that contains only first key keytool( "-importkeystore", "-srckeystore", BOTH_KEYS_KEYSTORE, "-srcalias", FIRST_KEY_ALIAS, "-srcstorepass", PASSWORD, "-srckeypass", PASSWORD, "-destkeystore", FIRST_KEY_KEYSTORE, "-destalias", FIRST_KEY_ALIAS, "-deststorepass", PASSWORD, "-destkeypass", PASSWORD).shouldHaveExitValue(0); // verify jar with keystore that contains only first key in strict mode, // so there is signed entry (FirstClass.class) that is not signed // by any alias in the keystore analyzer = jarsigner( "-verify", "-verbose", "-keystore", FIRST_KEY_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING, ALIAS_NOT_IN_STORE_VERIFYING_WARNING); // verify jar with keystore that contains only first key in strict mode analyzer = jarsigner( "-verify", "-verbose", "-strict", "-keystore", FIRST_KEY_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE + CHAIN_NOT_VALIDATED_EXIT_CODE; checkVerifying(analyzer, expectedExitCode, CHAIN_NOT_VALIDATED_VERIFYING_WARNING, ALIAS_NOT_IN_STORE_VERIFYING_WARNING); System.out.println("Test passed"); }
Example 14
Source File: HasUnsignedEntryTest.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
private void start() throws Throwable { System.out.println(String.format("Create a %s that contains %s", UNSIGNED_JARFILE, FIRST_FILE)); Utils.createFiles(FIRST_FILE, SECOND_FILE); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create key pair for signing keytool( "-genkey", "-alias", KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Test", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); // sign jar OutputAnalyzer analyzer = jarsigner( "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS); checkSigning(analyzer); System.out.println(String.format("Copy %s to %s, and add %s.class, " + "so it contains unsigned entry", new Object[]{SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE})); JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); // verify jar analyzer = jarsigner( "-verify", "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, 0, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); // verify jar in strict mode analyzer = jarsigner( "-verify", "-verbose", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, HAS_UNSIGNED_ENTRY_EXIT_CODE, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); System.out.println("Test passed"); }
Example 15
Source File: HasUnsignedEntryTest.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
private void start() throws Throwable { System.out.println(String.format("Create a %s that contains %s", UNSIGNED_JARFILE, FIRST_FILE)); Utils.createFiles(FIRST_FILE, SECOND_FILE); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create key pair for signing createAlias(CA_KEY_ALIAS, "-ext", "bc:c"); createAlias(KEY_ALIAS); issueCert( KEY_ALIAS, "-validity", Integer.toString(VALIDITY)); // sign jar OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS); checkSigning(analyzer); System.out.println(String.format("Copy %s to %s, and add %s.class, " + "so it contains unsigned entry", new Object[]{SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE})); JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); // verify jar analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, 0, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); // verify jar in strict mode analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, HAS_UNSIGNED_ENTRY_EXIT_CODE, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); System.out.println("Test passed"); }
Example 16
Source File: HasUnsignedEntryTest.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
private void start() throws Throwable { System.out.println(String.format("Create a %s that contains %s", UNSIGNED_JARFILE, FIRST_FILE)); Utils.createFiles(FIRST_FILE, SECOND_FILE); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create key pair for signing ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Test", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0); // sign jar OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS); checkSigning(analyzer); System.out.println(String.format("Copy %s to %s, and add %s.class, " + "so it contains unsigned entry", new Object[]{SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE})); JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); // verify jar analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, 0, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); // verify jar in strict mode analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, HAS_UNSIGNED_ENTRY_EXIT_CODE, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); System.out.println("Test passed"); }
Example 17
Source File: AliasNotInStoreTest.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
private void start() throws Throwable { Utils.createFiles(FIRST_FILE, SECOND_FILE); System.out.println(String.format("Create a %s that contains %s", new Object[]{UNSIGNED_JARFILE, FIRST_FILE})); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create first key pair for signing createAlias(FIRST_KEY_ALIAS); createAlias(SECOND_KEY_ALIAS); // sign jar with first key OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, FIRST_KEY_ALIAS); checkSigning(analyzer); System.out.println(String.format("Copy %s to %s, and add %s", new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE})); JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); // sign jar with second key analyzer = ProcessTools.executeCommand(JARSIGNER, "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, SECOND_KEY_ALIAS); checkSigning(analyzer); // create keystore that contains only first key ProcessTools.executeCommand(KEYTOOL, "-importkeystore", "-srckeystore", KEYSTORE, "-srcalias", FIRST_KEY_ALIAS, "-srcstorepass", PASSWORD, "-srckeypass", PASSWORD, "-destkeystore", FIRST_KEY_KEYSTORE, "-destalias", FIRST_KEY_ALIAS, "-deststorepass", PASSWORD, "-destkeypass", PASSWORD).shouldHaveExitValue(0); // verify jar with keystore that contains only first key, // so there is signed entry (FirstClass.class) that is not signed // by any alias in the keystore analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", FIRST_KEY_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING, ALIAS_NOT_IN_STORE_VERIFYING_WARNING); // verify jar with keystore that contains only first key in strict mode analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", FIRST_KEY_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE + CHAIN_NOT_VALIDATED_EXIT_CODE; checkVerifying(analyzer, expectedExitCode, CHAIN_NOT_VALIDATED_VERIFYING_WARNING, ALIAS_NOT_IN_STORE_VERIFYING_WARNING); System.out.println("Test passed"); }
Example 18
Source File: HasUnsignedEntryTest.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
private void start() throws Throwable { System.out.println(String.format("Create a %s that contains %s", UNSIGNED_JARFILE, FIRST_FILE)); Utils.createFiles(FIRST_FILE, SECOND_FILE); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create key pair for signing createAlias(CA_KEY_ALIAS, "-ext", "bc:c"); createAlias(KEY_ALIAS); issueCert( KEY_ALIAS, "-validity", Integer.toString(VALIDITY)); // sign jar OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS); checkSigning(analyzer); System.out.println(String.format("Copy %s to %s, and add %s.class, " + "so it contains unsigned entry", new Object[]{SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE})); JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); // verify jar analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, 0, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); // verify jar in strict mode analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, HAS_UNSIGNED_ENTRY_EXIT_CODE, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); System.out.println("Test passed"); }
Example 19
Source File: HasUnsignedEntryTest.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
private void start() throws Throwable { System.out.println(String.format("Create a %s that contains %s", UNSIGNED_JARFILE, FIRST_FILE)); Utils.createFiles(FIRST_FILE, SECOND_FILE); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create key pair for signing createAlias(CA_KEY_ALIAS, "-ext", "bc:c"); createAlias(KEY_ALIAS); issueCert( KEY_ALIAS, "-validity", Integer.toString(VALIDITY)); // sign jar OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS); checkSigning(analyzer); System.out.println(String.format("Copy %s to %s, and add %s.class, " + "so it contains unsigned entry", new Object[]{SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE})); JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); // verify jar analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, 0, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); // verify jar in strict mode analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, HAS_UNSIGNED_ENTRY_EXIT_CODE, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING); System.out.println("Test passed"); }
Example 20
Source File: AliasNotInStoreTest.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
private void start() throws Throwable { Utils.createFiles(FIRST_FILE, SECOND_FILE); System.out.println(String.format("Create a %s that contains %s", new Object[]{UNSIGNED_JARFILE, FIRST_FILE})); JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE); // create first key pair for signing createAlias(FIRST_KEY_ALIAS); createAlias(SECOND_KEY_ALIAS); // sign jar with first key OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, FIRST_KEY_ALIAS); checkSigning(analyzer); System.out.println(String.format("Copy %s to %s, and add %s", new Object[] {SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE})); JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE); // sign jar with second key analyzer = ProcessTools.executeCommand(JARSIGNER, "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, SECOND_KEY_ALIAS); checkSigning(analyzer); // create keystore that contains only first key ProcessTools.executeCommand(KEYTOOL, "-importkeystore", "-srckeystore", KEYSTORE, "-srcalias", FIRST_KEY_ALIAS, "-srcstorepass", PASSWORD, "-srckeypass", PASSWORD, "-destkeystore", FIRST_KEY_KEYSTORE, "-destalias", FIRST_KEY_ALIAS, "-deststorepass", PASSWORD, "-destkeypass", PASSWORD).shouldHaveExitValue(0); // verify jar with keystore that contains only first key, // so there is signed entry (FirstClass.class) that is not signed // by any alias in the keystore analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", FIRST_KEY_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING, ALIAS_NOT_IN_STORE_VERIFYING_WARNING); // verify jar with keystore that contains only first key in strict mode analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", FIRST_KEY_KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE); int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE + CHAIN_NOT_VALIDATED_EXIT_CODE; checkVerifying(analyzer, expectedExitCode, CHAIN_NOT_VALIDATED_VERIFYING_WARNING, ALIAS_NOT_IN_STORE_VERIFYING_WARNING); System.out.println("Test passed"); }