1#
2# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
3# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4#
5# This code is free software; you can redistribute it and/or modify it
6# under the terms of the GNU General Public License version 2 only, as
7# published by the Free Software Foundation.
8#
9# This code is distributed in the hope that it will be useful, but WITHOUT
10# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12# version 2 for more details (a copy is included in the LICENSE file that
13# accompanied this code).
14#
15# You should have received a copy of the GNU General Public License version
16# 2 along with this work; if not, write to the Free Software Foundation,
17# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18#
19# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20# or visit www.oracle.com if you need additional information or have any
21# questions.
22#
23
24# @test
25# @bug 8044755
26# @summary Add a test for algorithm constraints check in jarsigner
27#
28
29if [ "${TESTJAVA}" = "" ] ; then
30  JAVAC_CMD=`which javac`
31  TESTJAVA=`dirname $JAVAC_CMD`/..
32fi
33
34TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US"
35
36# The sigalg used is MD2withRSA, which is obsolete.
37
38KT="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -keystore ks
39    -storepass changeit -keypass changeit
40    -keyalg rsa -sigalg MD2withRSA -debug"
41JS="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS} -keystore ks
42    -storepass changeit -strict -debug"
43JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}"
44
45rm ks 2> /dev/null
46
47$KT -genkeypair -alias ca -dname CN=CA -ext bc
48$KT -genkeypair -alias signer -dname CN=Signer
49
50$KT -certreq -alias signer | \
51        $KT -gencert -alias ca -ext ku=dS -rfc | \
52        $KT -importcert -alias signer
53
54$JAR cvf a.jar ks
55
56# We always trust a TrustedCertificateEntry
57$JS a.jar ca | grep "chain is not validated" && exit 1
58
59# An end-entity cert must follow algorithm constraints
60$JS a.jar signer | grep "chain is not validated" || exit 2
61
62exit 0
63