Search in sources :

Example 31 with OutputAnalyzer

use of jdk.testlibrary.OutputAnalyzer in project jdk8u_jdk by JetBrains.

the class BadKeyUsageTest method start.

private void start() throws Throwable {
    // create a jar file that contains one class file
    Utils.createFiles(FIRST_FILE);
    JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
    // create a certificate whose signer certificate's KeyUsage extension
    // doesn't allow code signing
    ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Test", "-ext", "KeyUsage=keyAgreement", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
    // sign jar
    OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS);
    checkSigning(analyzer, BAD_KEY_USAGE_SIGNING_WARNING);
    // verify signed jar
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE);
    checkVerifying(analyzer, 0, BAD_KEY_USAGE_VERIFYING_WARNING);
    // verify signed jar in strict mode
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE);
    checkVerifying(analyzer, BAD_KEY_USAGE_EXIT_CODE, BAD_KEY_USAGE_VERIFYING_WARNING);
    System.out.println("Test passed");
}
Also used : OutputAnalyzer(jdk.testlibrary.OutputAnalyzer)

Example 32 with OutputAnalyzer

use of jdk.testlibrary.OutputAnalyzer in project jdk8u_jdk by JetBrains.

the class HasUnsignedEntryTest method start.

private void start() throws Throwable {
    System.out.println(String.format("Create a %s that contains %s", UNSIGNED_JARFILE, FIRST_FILE));
    Utils.createFiles(FIRST_FILE, SECOND_FILE);
    JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
    // create key pair for signing
    ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Test", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
    // sign jar
    OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS);
    checkSigning(analyzer);
    System.out.println(String.format("Copy %s to %s, and add %s.class, " + "so it contains unsigned entry", new Object[] { SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE }));
    JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE);
    // verify jar
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE);
    checkVerifying(analyzer, 0, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING);
    // verify jar in strict mode
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-verbose", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE);
    checkVerifying(analyzer, HAS_UNSIGNED_ENTRY_EXIT_CODE, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING);
    System.out.println("Test passed");
}
Also used : OutputAnalyzer(jdk.testlibrary.OutputAnalyzer)

Example 33 with OutputAnalyzer

use of jdk.testlibrary.OutputAnalyzer in project jdk8u_jdk by JetBrains.

the class MultipleWarningsTest method start.

private void start() throws Throwable {
    Utils.createFiles(FIRST_FILE, SECOND_FILE);
    // create a jar file that contains one class file
    JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
    // create first expired certificate
    // whose ExtendedKeyUsage extension does not allow code signing
    ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", FIRST_KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=First", "-ext", "ExtendedkeyUsage=serverAuth", "-startdate", "-" + VALIDITY * 2 + "d", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
    // create second expired certificate
    // whose KeyUsage extension does not allow code signing
    ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", SECOND_KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Second", "-ext", "ExtendedkeyUsage=serverAuth", "-startdate", "-" + VALIDITY * 2 + "d", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
    // sign jar with first key
    OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, FIRST_KEY_ALIAS);
    checkSigning(analyzer, HAS_EXPIRED_CERT_SIGNING_WARNING, BAD_EXTENDED_KEY_USAGE_SIGNING_WARNING);
    // add a second class to created jar, so it contains unsigned entry
    JarUtils.updateJar(SIGNED_JARFILE, UPDATED_SIGNED_JARFILE, SECOND_FILE);
    // verify jar with second key
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, SECOND_KEY_ALIAS);
    checkVerifying(analyzer, 0, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, HAS_EXPIRED_CERT_VERIFYING_WARNING, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
    // verify jar with second key in strict mode
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, SECOND_KEY_ALIAS);
    int expectedExitCode = HAS_EXPIRED_CERT_EXIT_CODE + BAD_EXTENDED_KEY_USAGE_EXIT_CODE + HAS_UNSIGNED_ENTRY_EXIT_CODE + NOT_SIGNED_BY_ALIAS_EXIT_CODE;
    checkVerifying(analyzer, expectedExitCode, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, HAS_EXPIRED_CERT_VERIFYING_WARNING, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
    // verify jar with non-exisiting alias
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, "bogus");
    checkVerifying(analyzer, 0, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, HAS_EXPIRED_CERT_VERIFYING_WARNING, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
    // verify jar with non-exisiting alias in strict mode
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, UPDATED_SIGNED_JARFILE, "bogus");
    checkVerifying(analyzer, expectedExitCode, BAD_EXTENDED_KEY_USAGE_VERIFYING_WARNING, HAS_EXPIRED_CERT_VERIFYING_WARNING, HAS_UNSIGNED_ENTRY_VERIFYING_WARNING, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
    System.out.println("Test passed");
}
Also used : OutputAnalyzer(jdk.testlibrary.OutputAnalyzer)

Example 34 with OutputAnalyzer

use of jdk.testlibrary.OutputAnalyzer in project jdk8u_jdk by JetBrains.

the class NoTimestampTest method start.

private void start() throws Throwable {
    String timezone = System.getProperty("user.timezone");
    System.out.println(String.format("Timezone = %s", timezone));
    // create a jar file that contains one class file
    Utils.createFiles(FIRST_FILE);
    JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
    // calculate certificate expiration date
    Date expirationDate = new Date(System.currentTimeMillis() + VALIDITY * 24 * 60 * 60 * 1000L);
    // create key pair
    ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Test", "-validity", Integer.toString(VALIDITY));
    // sign jar file
    OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-J-Duser.timezone=" + timezone, "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, KEY_ALIAS);
    String warning = String.format(NO_TIMESTAMP_SIGNING_WARN_TEMPLATE, expirationDate);
    checkSigning(analyzer, warning);
    // verify signed jar
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-J-Duser.timezone=" + timezone, "-verify", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE, KEY_ALIAS);
    warning = String.format(NO_TIMESTAMP_VERIFYING_WARN_TEMPLATE, expirationDate);
    checkVerifying(analyzer, 0, warning);
    // verify signed jar in strict mode
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-J-Duser.timezone=" + timezone, "-verify", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE, KEY_ALIAS);
    checkVerifying(analyzer, 0, warning);
    System.out.println("Test passed");
}
Also used : OutputAnalyzer(jdk.testlibrary.OutputAnalyzer) Date(java.util.Date)

Example 35 with OutputAnalyzer

use of jdk.testlibrary.OutputAnalyzer in project jdk8u_jdk by JetBrains.

the class NotSignedByAliasTest method start.

protected void start() throws Throwable {
    // create a jar file that contains one class file
    Utils.createFiles(FIRST_FILE);
    JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
    // create first key pair for signing
    ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", FIRST_KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=First", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
    // create first key pair for signing
    ProcessTools.executeCommand(KEYTOOL, "-genkey", "-alias", SECOND_KEY_ALIAS, "-keyalg", KEY_ALG, "-keysize", Integer.toString(KEY_SIZE), "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-dname", "CN=Second", "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
    // sign jar with first key
    OutputAnalyzer analyzer = ProcessTools.executeCommand(JARSIGNER, "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, "-signedjar", SIGNED_JARFILE, UNSIGNED_JARFILE, FIRST_KEY_ALIAS);
    checkSigning(analyzer);
    // verify jar with second key
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE, SECOND_KEY_ALIAS);
    checkVerifying(analyzer, 0, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
    // verify jar with second key in strict mode
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE, SECOND_KEY_ALIAS);
    checkVerifying(analyzer, NOT_SIGNED_BY_ALIAS_EXIT_CODE, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
    // verify jar with non-existing alias
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE, "bogus");
    checkVerifying(analyzer, 0, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
    // verify jar with non-existing alias in strict mode
    analyzer = ProcessTools.executeCommand(JARSIGNER, "-verify", "-strict", "-keystore", KEYSTORE, "-storepass", PASSWORD, "-keypass", PASSWORD, SIGNED_JARFILE, "bogus");
    checkVerifying(analyzer, NOT_SIGNED_BY_ALIAS_EXIT_CODE, NOT_SIGNED_BY_ALIAS_VERIFYING_WARNING);
    System.out.println("Test passed");
}
Also used : OutputAnalyzer(jdk.testlibrary.OutputAnalyzer)

Aggregations

OutputAnalyzer (jdk.testlibrary.OutputAnalyzer)54 File (java.io.File)5 JDKToolLauncher (jdk.testlibrary.JDKToolLauncher)5 ArrayList (java.util.ArrayList)4 PortUnreachableException (java.net.PortUnreachableException)1 LocateRegistry (java.rmi.registry.LocateRegistry)1 Registry (java.rmi.registry.Registry)1 KeyStore (java.security.KeyStore)1 X509Certificate (java.security.cert.X509Certificate)1 Date (java.util.Date)1 HashMap (java.util.HashMap)1 List (java.util.List)1 MissingResourceException (java.util.MissingResourceException)1 ProcessThread (jdk.testlibrary.ProcessThread)1