1# 2# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. 3# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4# 5# This code is free software; you can redistribute it and/or modify it 6# under the terms of the GNU General Public License version 2 only, as 7# published by the Free Software Foundation. 8# 9# This code is distributed in the hope that it will be useful, but WITHOUT 10# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12# version 2 for more details (a copy is included in the LICENSE file that 13# accompanied this code). 14# 15# You should have received a copy of the GNU General Public License version 16# 2 along with this work; if not, write to the Free Software Foundation, 17# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18# 19# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20# or visit www.oracle.com if you need additional information or have any 21# questions. 22# 23 24# @test 25# @bug 8044755 26# @summary Add a test for algorithm constraints check in jarsigner 27# 28 29if [ "${TESTJAVA}" = "" ] ; then 30 JAVAC_CMD=`which javac` 31 TESTJAVA=`dirname $JAVAC_CMD`/.. 32fi 33 34TESTTOOLVMOPTS="$TESTTOOLVMOPTS -J-Duser.language=en -J-Duser.country=US" 35 36# The sigalg used is MD2withRSA, which is obsolete. 37 38KT="$TESTJAVA/bin/keytool ${TESTTOOLVMOPTS} -keystore ks 39 -storepass changeit -keypass changeit 40 -keyalg rsa -sigalg MD2withRSA -debug" 41JS="$TESTJAVA/bin/jarsigner ${TESTTOOLVMOPTS} -keystore ks 42 -storepass changeit -strict -debug" 43JAR="$TESTJAVA/bin/jar ${TESTTOOLVMOPTS}" 44 45rm ks 2> /dev/null 46 47$KT -genkeypair -alias ca -dname CN=CA -ext bc 48$KT -genkeypair -alias signer -dname CN=Signer 49 50$KT -certreq -alias signer | \ 51 $KT -gencert -alias ca -ext ku=dS -rfc | \ 52 $KT -importcert -alias signer 53 54$JAR cvf a.jar ks 55 56# We always trust a TrustedCertificateEntry 57$JS a.jar ca | grep "chain is not validated" && exit 1 58 59# An end-entity cert must follow algorithm constraints 60$JS a.jar signer | grep "chain is not validated" || exit 2 61 62exit 0 63