xref: /openjdk10/jdk/test/sun/security/tools/jarsigner/multiRelease/MVJarSigningTest.java

/*
 * Copyright (c) 2016, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 * @test
 * @bug 8047305 8075618
 * @summary Tests jarsigner tool and JarSigner API work with multi-release JAR files.
 * @library /test/lib
 * @build jdk.test.lib.compiler.CompilerUtils
 *        jdk.test.lib.Utils
 *        jdk.test.lib.Asserts
 *        jdk.test.lib.JDKToolFinder
 *        jdk.test.lib.JDKToolLauncher
 *        jdk.test.lib.Platform
 *        jdk.test.lib.process.*
 * @run main MVJarSigningTest
 */

import jdk.security.jarsigner.JarSigner;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.jar.JarFile;
import java.util.stream.Stream;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;

import jdk.test.lib.JDKToolFinder;
import jdk.test.lib.JDKToolLauncher;
import jdk.test.lib.Utils;
import jdk.test.lib.compiler.CompilerUtils;
import jdk.test.lib.process.OutputAnalyzer;
import jdk.test.lib.process.ProcessTools;


public class MVJarSigningTest {

    private static final String TEST_SRC = System.getProperty("test.src", ".");
    private static final String USR_DIR = System.getProperty("user.dir", ".");
    private static final String JAR_NAME = "MV.jar";
    private static final String KEYSTORE = "keystore.jks";
    private static final String ALIAS = "JavaTest";
    private static final String STOREPASS = "changeit";
    private static final String KEYPASS = "changeit";
    private static final String SIGNED_JAR = "Signed.jar";
    private static final String POLICY_FILE = "SignedJar.policy";
    private static final String VERSION = "" + Runtime.version().major();
    private static final String VERSION_MESSAGE = "I am running on version " + VERSION;

    public static void main(String[] args) throws Throwable {
        // compile java files in jarContent directory
        compile("jarContent");

        // create multi-release jar
        Path classes = Paths.get("classes");
        jar("cf", JAR_NAME, "-C", classes.resolve("base").toString(), ".",
                "--release", "9", "-C", classes.resolve("v9").toString(), ".",
                "--release", "10", "-C", classes.resolve("v10").toString(), ".")
            .shouldHaveExitValue(0);

        genKey();
        signJar(JAR_NAME)
            .shouldHaveExitValue(0)
            .shouldMatch("signing.*META-INF/versions/9/version/Version.class")
            .shouldMatch("signing.*META-INF/versions/10/version/Version.class")
            .shouldMatch("signing.*version/Main.class")
            .shouldMatch("signing.*version/Version.class");
        verify(SIGNED_JAR);

        // test with JarSigner API
        Files.deleteIfExists(Paths.get(SIGNED_JAR));
        signWithJarSignerAPI(JAR_NAME);
        verify(SIGNED_JAR);

        // test Permission granted
        File keypass = new File("keypass");
        try (FileOutputStream fos = new FileOutputStream(keypass)) {
            fos.write(KEYPASS.getBytes());
        }
        String[] cmd = {
                "-classpath", SIGNED_JAR,
                "-Djava.security.manager",
                "-Djava.security.policy=" +
                TEST_SRC + File.separator + POLICY_FILE,
                "version.Main"};
        ProcessTools.executeTestJvm(cmd)
            .shouldHaveExitValue(0)
            .shouldContain(VERSION_MESSAGE);
    }

    private static void compile (String jarContent_path) throws Throwable {
        Path classes = Paths.get(USR_DIR, "classes", "base");
        Path source = Paths.get(TEST_SRC, jarContent_path, "base", "version");
        CompilerUtils.compile(source, classes);

        classes = Paths.get(USR_DIR, "classes", "v9");
        source = Paths.get(TEST_SRC, jarContent_path , "v9", "version");
        CompilerUtils.compile(source, classes);

        classes = Paths.get(USR_DIR, "classes", "v10");
        source = Paths.get(TEST_SRC, jarContent_path, "v10", "version");
        CompilerUtils.compile(source, classes);
    }

    private static OutputAnalyzer jar(String...args) throws Throwable {
        JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("jar");
        Stream.of(args).forEach(launcher::addToolArg);
        return ProcessTools.executeCommand(launcher.getCommand());
    }

    private static void genKey() throws Throwable {
        String keytool = JDKToolFinder.getJDKTool("keytool");
        Files.deleteIfExists(Paths.get(KEYSTORE));
        ProcessTools.executeCommand(keytool,
                "-J-Duser.language=en",
                "-J-Duser.country=US",
                "-genkey",
                "-alias", ALIAS,
                "-keystore", KEYSTORE,
                "-keypass", KEYPASS,
                "-dname", "cn=sample",
                "-storepass", STOREPASS
        ).shouldHaveExitValue(0);
    }

    private static OutputAnalyzer signJar(String jarName) throws Throwable {
        List<String> args = new ArrayList<>();
        args.add("-verbose");
        args.add("-signedjar");
        args.add(SIGNED_JAR);
        args.add(jarName);
        args.add(ALIAS);

        return jarsigner(args);
    }

    private static void verify(String signedJarName) throws Throwable {
        verifyJar(signedJarName)
            .shouldHaveExitValue(0)
            .shouldContain("jar verified")
            .shouldMatch("smk.*META-INF/versions/9/version/Version.class")
            .shouldMatch("smk.*META-INF/versions/10/version/Version.class")
            .shouldMatch("smk.*version/Main.class")
            .shouldMatch("smk.*version/Version.class");
    }

    private static OutputAnalyzer verifyJar(String signedJarName) throws Throwable {
        List<String> args = new ArrayList<>();
        args.add("-verbose");
        args.add("-verify");
        args.add(signedJarName);

        return jarsigner(args);
    }

    private static OutputAnalyzer jarsigner(List<String> extra)
            throws Throwable {
        JDKToolLauncher launcher = JDKToolLauncher.createUsingTestJDK("jarsigner")
                .addVMArg("-Duser.language=en")
                .addVMArg("-Duser.country=US")
                .addToolArg("-keystore")
                .addToolArg(KEYSTORE)
                .addToolArg("-storepass")
                .addToolArg(STOREPASS)
                .addToolArg("-keypass")
                .addToolArg(KEYPASS);
        for (String s : extra) {
            if (s.startsWith("-J")) {
                launcher.addVMArg(s.substring(2));
            } else {
                launcher.addToolArg(s);
            }
        }
        return ProcessTools.executeCommand(launcher.getCommand());
    }

    private static void signWithJarSignerAPI(String jarName)
            throws Throwable {
        // Get JarSigner
        try (FileInputStream fis = new FileInputStream(KEYSTORE)) {
                KeyStore ks = KeyStore.getInstance("JKS");
                ks.load(fis, STOREPASS.toCharArray());
                PrivateKey pk = (PrivateKey)ks.getKey(ALIAS, KEYPASS.toCharArray());
                Certificate cert = ks.getCertificate(ALIAS);
                JarSigner signer = new JarSigner.Builder(pk,
                        CertificateFactory.getInstance("X.509").generateCertPath(
                                Collections.singletonList(cert)))
                        .build();
            // Sign jar
            try (ZipFile src = new JarFile(jarName);
                    FileOutputStream out = new FileOutputStream(SIGNED_JAR)) {
                signer.sign(src,out);
            }
        }
    }

}