Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
切换分支/标签
查找文件 普通视图历史永久链接Permalink
ChainNotValidatedTest.java 4.3 KB
Newer Older
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
1 
/*
A
8230318: Better trust store usage  
alvdavi 已提交
2 
 * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

import jdk.testlibrary.OutputAnalyzer;
import jdk.testlibrary.ProcessTools;
import jdk.testlibrary.JarUtils;
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
28 29 30 
import java.nio.file.Files;
import java.nio.file.Paths;
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
31 32 33 34 35 
/**
 * @test
 * @bug 8024302 8026037
 * @summary Test for chainNotValidated warning
 * @library /lib/testlibrary ../
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
36 37 
 * @run main ChainNotValidatedTest ca2yes
 * @run main ChainNotValidatedTest ca2no
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
38 39 40 41 42 
 */
public class ChainNotValidatedTest extends Test {

    public static void main(String[] args) throws Throwable {
        ChainNotValidatedTest test = new ChainNotValidatedTest();
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
43 
        test.start(args[0].equals("ca2yes"));
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
44 45 
    }
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
46 
    private void start(boolean ca2yes) throws Throwable {
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
47 48 49 50 
        // create a jar file that contains one class file
        Utils.createFiles(FIRST_FILE);
        JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
51 52 
        // We have 2 @run. Need cleanup.
        Files.deleteIfExists(Paths.get(KEYSTORE));
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
53
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
54 55 56 
        // Root CA is not checked at all. If the intermediate CA has
        // BasicConstraints extension set to true, it will be valid.
        // Otherwise, chain validation will fail.
A
8230318: Better trust store usage  
alvdavi 已提交
57 
        createAlias(CA_KEY_ALIAS, "-ext", "bc:c");
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
58 59 60 61 
        createAlias(CA2_KEY_ALIAS);
        issueCert(CA2_KEY_ALIAS,
                "-ext",
                "bc=ca:" + ca2yes);
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
62
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
63 64 
        createAlias(KEY_ALIAS);
        issueCert(KEY_ALIAS, "-alias", CA2_KEY_ALIAS);
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
65
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
66 
        // remove CA2 certificate so it's not trusted
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
67 68 
        ProcessTools.executeCommand(KEYTOOL,
                "-delete",
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
69 
                "-alias", CA2_KEY_ALIAS,
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
70 71 72 73 74 75 76 77 78 79 80 81 82 
                "-keystore", KEYSTORE,
                "-storepass", PASSWORD,
                "-keypass", PASSWORD).shouldHaveExitValue(0);

        // sign jar
        OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER,
                "-keystore", KEYSTORE,
                "-storepass", PASSWORD,
                "-keypass", PASSWORD,
                "-signedjar", SIGNED_JARFILE,
                UNSIGNED_JARFILE,
                KEY_ALIAS);
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
83 84 85 86 87 
        if (ca2yes) {
            checkSigning(analyzer, "!" + CHAIN_NOT_VALIDATED_SIGNING_WARNING);
        } else {
            checkSigning(analyzer, CHAIN_NOT_VALIDATED_SIGNING_WARNING);
        }
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
88 89 90 91 92 93 94 95 96 97 

        // verify signed jar
        analyzer = ProcessTools.executeCommand(JARSIGNER,
                "-verify",
                "-verbose",
                "-keystore", KEYSTORE,
                "-storepass", PASSWORD,
                "-keypass", PASSWORD,
                SIGNED_JARFILE);
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
98 99 100 101 102 
        if (ca2yes) {
            checkVerifying(analyzer, 0, "!" + CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
        } else {
            checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
        }
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
103 104 105 106 107 108 109 110 111 112 113 

        // verify signed jar in strict mode
        analyzer = ProcessTools.executeCommand(JARSIGNER,
                "-verify",
                "-verbose",
                "-strict",
                "-keystore", KEYSTORE,
                "-storepass", PASSWORD,
                "-keypass", PASSWORD,
                SIGNED_JARFILE);
I
8191438: jarsigner should print when a timestamp will expire  
igerasim 已提交
114 115 116 117 118 119 120 
        if (ca2yes) {
            checkVerifying(analyzer, 0,
                    "!" + CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
        } else {
            checkVerifying(analyzer, CHAIN_NOT_VALIDATED_EXIT_CODE,
                    CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
        }
S
8049171: Additional tests for jarsigner's warnings  
snikandrova 已提交
121 122 123 124 125 

        System.out.println("Test passed");
    }

}