1/* 2 * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24/* 25 * @test 26 * @bug 8048357 27 * @summary Read signed data in one or more PKCS7 objects from individual files, 28 * verify SignerInfos and certificate chain. 29 * @modules java.base/sun.security.pkcs 30 * @run main/othervm PKCS7VerifyTest PKCS7TEST.DSA.base64 31 * @run main/othervm PKCS7VerifyTest PKCS7TEST.DSA.base64 PKCS7TEST.SF 32 */ 33import java.io.ByteArrayInputStream; 34import java.io.File; 35import java.io.FileInputStream; 36import java.nio.file.Files; 37import java.nio.file.Path; 38import java.nio.file.Paths; 39import java.security.Security; 40import java.security.cert.X509Certificate; 41import java.util.Base64; 42import java.util.HashMap; 43import java.util.Map; 44import sun.security.pkcs.PKCS7; 45import sun.security.pkcs.SignerInfo; 46 47public class PKCS7VerifyTest { 48 49 static final String TESTSRC = System.getProperty("test.src", "."); 50 static final String FS = File.separator; 51 static final String FILEPATH = TESTSRC + FS + "jarsigner" + FS + "META-INF" 52 + FS; 53 54 public static void main(String[] args) throws Exception { 55 if (args.length == 0) { 56 throw new RuntimeException("usage: java JarVerify <file1> <file2>"); 57 } 58 59 Security.setProperty("jdk.jar.disabledAlgorithms", ""); 60 61 // The command " java PKCS7VerifyTest file1 [file2] " 62 // treats file1 as containing the DER encoding of a PKCS7 signed data 63 // object. If file2 is absent, the program verifies that some signature 64 // (SignerInfo) file1 correctly signs the data contained in the 65 // ContentInfo component of the PKCS7 object encoded by file1. If file2 66 // is present, the program verifies file1 contains a correct signature 67 // for the contents of file2. 68 69 PKCS7 pkcs7; 70 byte[] data; 71 72 // to avoid attaching binary DSA file, the DSA file was encoded 73 // in Base64, decode encoded Base64 DSA file below 74 byte[] base64Bytes = Files.readAllBytes(Paths.get(FILEPATH + args[0])); 75 pkcs7 = new PKCS7(new ByteArrayInputStream( 76 Base64.getMimeDecoder().decode(base64Bytes))); 77 if (args.length < 2) { 78 data = null; 79 } else { 80 data = Files.readAllBytes(Paths.get(FILEPATH + args[1])); 81 82 } 83 84 SignerInfo[] signerInfos = pkcs7.verify(data); 85 86 if (signerInfos == null) { 87 throw new RuntimeException("no signers verify"); 88 } 89 System.out.println("Verifying SignerInfos:"); 90 for (SignerInfo signerInfo : signerInfos) { 91 System.out.println(signerInfo.toString()); 92 } 93 94 X509Certificate certs[] = pkcs7.getCertificates(); 95 96 HashMap<String, X509Certificate> certTable = new HashMap(certs.length); 97 for (X509Certificate cert : certs) { 98 certTable.put(cert.getSubjectDN().toString(), cert); 99 } 100 101 // try to verify all the certs 102 for (Map.Entry<String, X509Certificate> entry : certTable.entrySet()) { 103 104 X509Certificate cert = entry.getValue(); 105 X509Certificate issuerCert = certTable 106 .get(cert.getIssuerDN().toString()); 107 108 System.out.println("Subject: " + cert.getSubjectDN()); 109 if (issuerCert == null) { 110 System.out.println("Issuer certificate not found"); 111 } else { 112 System.out.println("Issuer: " + cert.getIssuerDN()); 113 cert.verify(issuerCert.getPublicKey()); 114 System.out.println("Cert verifies."); 115 } 116 System.out.println(); 117 } 118 } 119 120} 121