Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
c694d39d
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
c694d39d
编写于
11月 23, 2016
作者:
R
robm
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8169911: Enhanced tests for jarsigner -verbose -verify after JDK-8163304
Reviewed-by: coffeys
上级
debafdcc
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
56 addition
and
3 deletion
+56
-3
test/sun/security/tools/jarsigner/TimestampCheck.java
test/sun/security/tools/jarsigner/TimestampCheck.java
+56
-3
未找到文件。
test/sun/security/tools/jarsigner/TimestampCheck.java
浏览文件 @
c694d39d
...
...
@@ -60,7 +60,7 @@ import sun.security.x509.X500Name;
/*
* @test
* @bug 6543842 6543440 6939248 8009636 8024302 8163304
* @bug 6543842 6543440 6939248 8009636 8024302 8163304
8169911
* @summary checking response of timestamp
* @modules java.base/sun.security.pkcs
* java.base/sun.security.timestamp
...
...
@@ -350,6 +350,18 @@ public class TimestampCheck {
.
shouldHaveExitValue
(
0
);
checkWeak
(
"weak.jar"
);
signWithAliasAndTsa
(
"halfWeak"
,
"old.jar"
,
"old"
,
"-digestalg"
,
"MD5"
)
.
shouldHaveExitValue
(
0
);
checkHalfWeak
(
"halfWeak.jar"
);
// sign with DSA key
signWithAliasAndTsa
(
"sign1"
,
"old.jar"
,
"dsakey"
)
.
shouldHaveExitValue
(
0
);
// sign with RSAkeysize < 1024
signWithAliasAndTsa
(
"sign2"
,
"sign1.jar"
,
"weakkeysize"
)
.
shouldHaveExitValue
(
0
);
checkMultiple
(
"sign2.jar"
);
// When .SF or .RSA is missing or invalid
checkMissingOrInvalidFiles
(
"normal.jar"
);
}
else
{
// Run as a standalone server
...
...
@@ -454,6 +466,37 @@ public class TimestampCheck {
.
shouldMatch
(
"SignatureException:.*Disabled"
);
}
static
void
checkHalfWeak
(
String
file
)
throws
Throwable
{
verify
(
file
)
.
shouldHaveExitValue
(
0
)
.
shouldContain
(
"treated as unsigned"
)
.
shouldMatch
(
"weak algorithm that is now disabled."
)
.
shouldMatch
(
"Re-run jarsigner with the -verbose option for more details"
);
verify
(
file
,
"-verbose"
)
.
shouldHaveExitValue
(
0
)
.
shouldContain
(
"treated as unsigned"
)
.
shouldMatch
(
"weak algorithm that is now disabled by"
)
.
shouldMatch
(
"Digest algorithm: .*weak"
)
.
shouldNotMatch
(
"Signature algorithm: .*weak"
)
.
shouldNotMatch
(
"Timestamp digest algorithm: .*weak"
)
.
shouldNotMatch
(
"Timestamp signature algorithm: .*weak.*weak"
)
.
shouldNotMatch
(
"Timestamp signature algorithm: .*key.*weak"
);
}
static
void
checkMultiple
(
String
file
)
throws
Throwable
{
verify
(
file
)
.
shouldHaveExitValue
(
0
)
.
shouldContain
(
"jar verified"
);
verify
(
file
,
"-verbose"
,
"-certs"
)
.
shouldHaveExitValue
(
0
)
.
shouldContain
(
"jar verified"
)
.
shouldMatch
(
"X.509.*CN=dsakey"
)
.
shouldNotMatch
(
"X.509.*CN=weakkeysize"
)
.
shouldMatch
(
"Signed by .*CN=dsakey"
)
.
shouldMatch
(
"Signed by .*CN=weakkeysize"
)
.
shouldMatch
(
"Signature algorithm: .*key.*weak"
);
}
static
void
checkTimestamp
(
String
file
,
String
policyId
,
String
digestAlg
)
throws
Exception
{
try
(
JarFile
jf
=
new
JarFile
(
file
))
{
...
...
@@ -487,6 +530,12 @@ public class TimestampCheck {
*/
static
OutputAnalyzer
sign
(
String
path
,
String
...
extra
)
throws
Throwable
{
String
alias
=
path
.
equals
(
"badku"
)
?
"badku"
:
"old"
;
return
signWithAliasAndTsa
(
path
,
"old.jar"
,
alias
,
extra
);
}
static
OutputAnalyzer
signWithAliasAndTsa
(
String
path
,
String
jar
,
String
alias
,
String
...
extra
)
throws
Throwable
{
which
++;
System
.
err
.
println
(
"\n>> Test #"
+
which
+
": "
+
Arrays
.
toString
(
extra
));
List
<
String
>
args
=
new
ArrayList
<>();
...
...
@@ -494,8 +543,8 @@ public class TimestampCheck {
args
.
add
(
"-debug"
);
args
.
add
(
"-signedjar"
);
args
.
add
(
path
+
".jar"
);
args
.
add
(
"old.jar"
);
args
.
add
(
path
.
equals
(
"badku"
)
?
"badku"
:
"old"
);
args
.
add
(
jar
);
args
.
add
(
alias
);
if
(!
path
.
equals
(
"none"
)
&&
!
path
.
equals
(
"badku"
))
{
args
.
add
(
"-tsa"
);
args
.
add
(
host
+
path
);
...
...
@@ -509,6 +558,8 @@ public class TimestampCheck {
Files
.
deleteIfExists
(
Paths
.
get
(
"tsks"
));
keytool
(
"-alias ca -genkeypair -ext bc -dname CN=CA"
);
keytool
(
"-alias old -genkeypair -dname CN=old"
);
keytool
(
"-alias dsakey -genkeypair -keyalg DSA -dname CN=dsakey"
);
keytool
(
"-alias weakkeysize -genkeypair -keysize 512 -dname CN=weakkeysize"
);
keytool
(
"-alias badku -genkeypair -dname CN=badku"
);
keytool
(
"-alias ts -genkeypair -dname CN=ts"
);
keytool
(
"-alias tsweak -genkeypair -keysize 512 -dname CN=tsbad1"
);
...
...
@@ -517,6 +568,8 @@ public class TimestampCheck {
keytool
(
"-alias tsbad3 -genkeypair -dname CN=tsbad3"
);
gencert
(
"old"
);
gencert
(
"dsakey"
);
gencert
(
"weakkeysize"
);
gencert
(
"badku"
,
"-ext ku:critical=keyAgreement"
);
gencert
(
"ts"
,
"-ext eku:critical=ts"
);
gencert
(
"tsweak"
,
"-ext eku:critical=ts"
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录