1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
/*
* Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
import jdk.testlibrary.ProcessTools;
/**
* @test
* @bug 8048360
* @summary test policy entry with signedBy alias
* @library /lib/testlibrary
* @run main/othervm SignedJarTest
*/
public class SignedJarTest {
private static final String FS = File.separator;
private static final String JAVA_HOME = System.getProperty("test.jdk");
private static final String TESTCLASSES = System.getProperty("test.classes", "");
private static final String TESTSRC = System.getProperty("test.src", "");
private static final String KEYTOOL = JAVA_HOME + FS + "bin" + FS + "keytool";
private static final String JAR = JAVA_HOME + FS + "bin" + FS + "jar";
private static final String JARSIGNER = JAVA_HOME + FS + "bin" + FS + "jarsigner";
private static final String PASSWORD = "password";
private static final String PWDFILE = "keypass";
private static final String POLICY1 = "SignedJarTest_1.policy";
private static final String POLICY2 = "SignedJarTest_2.policy";
private static final String KEYSTORE1 = "both.jks";
private static final String KEYSTORE2 = "first.jks";
public static void main(String args[]) throws Throwable {
//copy PrivilegeTest.class, policy files and keystore password file into current direcotry
Files.copy(Paths.get(TESTCLASSES, "PrivilegeTest.class"), Paths.get("PrivilegeTest.class"));
Files.copy(Paths.get(TESTSRC, POLICY1), Paths.get(POLICY1));
Files.copy(Paths.get(TESTSRC, POLICY2), Paths.get(POLICY2));
Files.copy(Paths.get(TESTSRC, PWDFILE), Paths.get(PWDFILE));
//create Jar file
ProcessTools.executeCommand(JAR, "-cvf", "test.jar", "PrivilegeTest.class");
//Creating first key , keystore both.jks
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
"-alias", "first",
"-keystore", KEYSTORE1,
"-keypass", PASSWORD,
"-dname", "cn=First",
"-storepass", PASSWORD
).shouldHaveExitValue(0);
//Creating Second key, keystore both.jks
ProcessTools.executeCommand(KEYTOOL,
"-genkey",
// "-storetype","JKS",
"-alias", "second",
"-keystore", KEYSTORE1,
"-keypass", PASSWORD,
"-dname", "cn=Second",
"-storepass", PASSWORD
).shouldHaveExitValue(0);
//copy both.jks to first.jks, remove second Keypair from first.jks
Files.copy(Paths.get(KEYSTORE1), Paths.get(KEYSTORE2));
ProcessTools.executeCommand(KEYTOOL,
"-delete",
"-keystore", KEYSTORE2,
"-alias", "second",
"-storepass", PASSWORD
).shouldHaveExitValue(0);
//sign jar with first key, first.jar is only signed by first signer
ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE1,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", "first.jar", "test.jar",
"first").shouldHaveExitValue(0);
//sign jar with second key, both.jar is signed by first and second signer
ProcessTools.executeCommand(JARSIGNER,
"-keystore", KEYSTORE1,
"-storepass", PASSWORD,
"-keypass", PASSWORD,
"-signedjar", "both.jar", "first.jar",
"second").shouldHaveExitValue(0);
//test case 1
//setIO permission granted to code that was signed by first signer
//setFactory permission granted to code that was signed by second signer
//Keystore that contains both first and second keypairs
//code was singed by first signer
//Expect AccessControlException for setFactory permission
System.out.println("Test Case 1");
//copy policy file into current directory
String[] cmd = constructCMD("first.jar", POLICY1, "false", "true");
ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
//test case 2, test with both.jar
//setIO permission granted to code that was signed by first signer
//setFactory permission granted to code that was signed by second signer
//Keystore that contains both first and second keypairs
//code was singed by first signer and second signer
//Expect no AccessControlException
System.out.println("Test Case 2");
cmd = constructCMD("both.jar", POLICY1, "false", "false");
ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
//test case 3
//setIO permission granted to code that was signed by first signer
//setFactory permission granted to code that was signed by second signer
//Keystore that contains only first keypairs
//code was singed by first signer and second signer
//Expect AccessControlException for setFactory permission
System.out.println("Test Case 3");
cmd = constructCMD("both.jar", POLICY2, "false", "true");
ProcessTools.executeTestJvm(cmd).shouldHaveExitValue(0);
}
private static String[] constructCMD(String classpath, String policy, String arg1, String arg2) {
String[] cmd = {
"-classpath", classpath,
"-Djava.security.manager",
"-Djava.security.policy=" + policy,
"PrivilegeTest",
arg1, arg2};
return cmd;
}
}
class PrivilegeTest {
private static final Permission PERM1 = new RuntimePermission("setIO");
private static final Permission PERM2 = new RuntimePermission("setFactory");
public static void main(String args[]) {
boolean expectException1 = Boolean.parseBoolean(args[0]);
boolean expectException2 = Boolean.parseBoolean(args[1]);
test(PERM1, expectException1);
test(PERM2, expectException2);
}
public static void test(Permission perm, boolean expectException) {
boolean getException = (Boolean) AccessController.doPrivileged((PrivilegedAction) () -> {
try {
AccessController.checkPermission(perm);
return (Boolean) false;
} catch (AccessControlException ex) {
return (Boolean) true;
}
});
if (expectException ^ getException) {
String message = "Check Permission :" + perm + "\n ExpectException = "
+ expectException + "\n getException = " + getException;
throw new RuntimeException(message);
}
}
}
|
