use of jdk.testlibrary.OutputAnalyzer in project jdk8u_jdk by JetBrains.
the class BadKeyUsageTest method start.
private void start() throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create a certificate whose signer certificate's KeyUsage extension
// doesn't allow code signing
ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Test", "-ext", "KeyUsage=keyAgreement", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS);
checkSigning(analyzer, BAD_KEY_USAGE_SIGNING_WARNING);
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE);
checkVerifying(analyzer, 0, BAD_KEY_USAGE_VERIFYING_WARNING);
// verify signed jar in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE);
checkVerifying(analyzer, BAD_KEY_USAGE_EXIT_CODE, BAD_KEY_USAGE_VERIFYING_WARNING);
System.out.println("Test passed");
}
use of jdk.testlibrary.OutputAnalyzer in project jdk8u_jdk by JetBrains.
the class HasUnsignedEntryTest method start.
private void start() throws Throwable {
System.out.println(String.format("Create a %s that contains %s", UNSIGNED_JARFILE, FIRST_FILE));
Utils.createFiles(FIRST_FILE, SECOND_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create key pair for signing
ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Test", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
// sign jar
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS);
checkSigning(analyzer);
System.out.println(String.format("Copy %s to %s, and add %s.class, " + "so it contains unsigned entry", new Object[] { SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE }));
JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE);
// verify jar
analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE);
checkVerifying(analyzer, 0, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING);
// verify jar in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE);
checkVerifying(analyzer, HAS_UNSIGNED_ENTRY_EXIT_CODE, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING);
System.out.println("Test passed");
}
use of jdk.testlibrary.OutputAnalyzer in project jdk8u_jdk by JetBrains.
the class MultipleWarningsTest method start.
private void start() throws Throwable {
Utils.createFiles(FIRST_FILE, SECOND_FILE);
// create a jar file that contains one class file
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create first expired certificate
// whose ExtendedKeyUsage extension does not allow code signing
ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", FIRST_KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=First", "-ext", "ExtendedkeyUsage=serverAuth", "-startdate", "-" + VALIDITY * 2 + "d", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
// create second expired certificate
// whose KeyUsage extension does not allow code signing
ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", SECOND_KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Second", "-ext", "ExtendedkeyUsage=serverAuth", "-startdate", "-" + VALIDITY * 2 + "d", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, FIRST_KEY_ALIAS);
checkSigning(analyzer, HAS_EXPIRED_CERT_SIGNING_WARNING, BAD_EXTENDED_KEY_USAGE_SIGNING_WARNING);
// add a second class to created jar, so it contains unsigned entry
JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE);
// verify jar with second key
analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, SECOND_KEY_ALIAS);
checkVerifying(analyzer, 0, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, HAS_EXPIRED_CERT_VERIFYING_WARNING, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
// verify jar with second key in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, SECOND_KEY_ALIAS);
int expectedExitCode = HAS_EXPIRED_CERT_EXIT_CODE + BAD_EXTENDED_KEY_USAGE_EXIT_CODE + HAS_UNSIGNED_ENTRY_EXIT_CODE + NOT_SIGNED_BY_ALIAS_EXIT_CODE;
checkVerifying(analyzer, expectedExitCode, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, HAS_EXPIRED_CERT_VERIFYING_WARNING, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
// verify jar with non-exisiting alias
analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, "bogus");
checkVerifying(analyzer, 0, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, HAS_EXPIRED_CERT_VERIFYING_WARNING, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
// verify jar with non-exisiting alias in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, "bogus");
checkVerifying(analyzer, expectedExitCode, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, HAS_EXPIRED_CERT_VERIFYING_WARNING, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
System.out.println("Test passed");
}
use of jdk.testlibrary.OutputAnalyzer in project jdk8u_jdk by JetBrains.
the class NoTimestampTest method start.
private void start() throws Throwable {
String timezone = System.getProperty("user.timezone");
System.out.println(String.format("Timezone = %s", timezone));
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// calculate certificate expiration date
Date expirationDate = new Date(System.currentTimeMillis() + VALIDITY * 24 * 60 * 60 * 1000L);
// create key pair
ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Test", "-validity", Integer.toString(VALIDITY));
// sign jar file
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-J-Duser.timezone=" + timezone, "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS);
String warning = String.format(NO_TIMESTAMP_SIGNING_WARN_TEMPLATE, expirationDate);
checkSigning(analyzer, warning);
// verify signed jar
analyzer = ProcessTools.executeCommand(JARSIGNER, "-J-Duser.timezone=" + timezone, "-verify", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE, KEY_ALIAS);
warning = String.format(NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE, expirationDate);
checkVerifying(analyzer, 0, warning);
// verify signed jar in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER, "-J-Duser.timezone=" + timezone, "-verify", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE, KEY_ALIAS);
checkVerifying(analyzer, 0, warning);
System.out.println("Test passed");
}
use of jdk.testlibrary.OutputAnalyzer in project jdk8u_jdk by JetBrains.
the class NotSignedByAliasTest method start.
protected void start() throws Throwable {
// create a jar file that contains one class file
Utils.createFiles(FIRST_FILE);
JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
// create first key pair for signing
ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", FIRST_KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=First", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
// create first key pair for signing
ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", SECOND_KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Second", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
// sign jar with first key
OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, FIRST_KEY_ALIAS);
checkSigning(analyzer);
// verify jar with second key
analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE, SECOND_KEY_ALIAS);
checkVerifying(analyzer, 0, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
// verify jar with second key in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE, SECOND_KEY_ALIAS);
checkVerifying(analyzer, NOT_SIGNED_BY_ALIAS_EXIT_CODE, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
// verify jar with non-existing alias
analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE, "bogus");
checkVerifying(analyzer, 0, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
// verify jar with non-existing alias in strict mode
analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE, "bogus");
checkVerifying(analyzer, NOT_SIGNED_BY_ALIAS_EXIT_CODE, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
System.out.println("Test passed");
}
Aggregations