1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.ByteArrayInputStream;
import java.lang.reflect.Method;
import java.nio.file.Path;
import java.util.jar.JarFile;
import java.util.jar.Manifest;
import java.util.jar.Attributes;
import java.util.jar.Attributes.Name;
import jdk.test.lib.util.JarUtils;
import jdk.test.lib.SecurityTools;
import org.testng.annotations.Test;
import org.testng.annotations.BeforeClass;
import static org.testng.Assert.*;
/**
* @test
* @bug 8217375
* @library /test/lib
* @modules java.base/java.util.jar:+open
* @run testng/othervm EmptyIndividualSectionName
* @summary Check that an individual section with an empty name is digested
* and signed.
* <p>
* See also
* jdk/test/jdk/sun/security/util/ManifestDigester/FindSections.java
* for much more detailed api level tests
*/
public class EmptyIndividualSectionName {
static final String KEYSTORE_FILENAME = "test.jks";
@BeforeClass
public void prepareCertificate() throws Exception {
SecurityTools.keytool("-genkeypair -keyalg EC -keystore "
+ KEYSTORE_FILENAME + " -storepass changeit -keypass changeit "
+ "-alias a -dname CN=X").shouldHaveExitValue(0);
}
/**
* Adds an additional section with name {@code sectionName} to the manifest
* of a JAR before signing it with {@code signOpts}.
* @return signature file {@code META-INF/A.SF} for further assertions
*/
Manifest test(String sectionName, String signOpts) throws Exception {
Manifest mf = new Manifest();
mf.getMainAttributes().put(Name.MANIFEST_VERSION, "1.0");
mf.getEntries().put(sectionName, new Attributes());
String jarFilename = "test" + sectionName +
(signOpts != null ? signOpts : "") + ".jar";
JarUtils.createJarFile(Path.of(jarFilename), mf, Path.of("."));
SecurityTools.jarsigner("-keystore " + KEYSTORE_FILENAME +
" -storepass changeit -verbose -debug " +
(signOpts != null ? signOpts + " " : "") + jarFilename + " a")
.shouldHaveExitValue(0);
SecurityTools.jarsigner("-verify -keystore " + KEYSTORE_FILENAME +
" -storepass changeit -debug -verbose " + jarFilename + " a")
.shouldHaveExitValue(0);
byte[] mfBytes = Utils.readJarManifestBytes(jarFilename);
Utils.echoManifest(mfBytes, "manifest");
mf = new Manifest(new ByteArrayInputStream(mfBytes));
assertNotNull(mf.getAttributes(sectionName));
byte[] sfBytes = Utils.readJarEntryBytes(jarFilename, "META-INF/A.SF");
Utils.echoManifest(sfBytes, "signature file META-INF/A.SF");
return new Manifest(new ByteArrayInputStream(sfBytes));
}
/**
* Verifies that it makes a difference if the name is empty or not
* by running the same test as {@link #testNameEmpty} with only a different
* section name.
*/
@Test
public void testNameNotEmpty() throws Exception {
String sectionName = "X";
assertNotNull(test(sectionName, null).getAttributes(sectionName));
}
/**
* Verifies that individual sections are digested and signed also if the
* name of such a section is empty.
* An empty name of an individual section cannot be tested by adding a file
* with an empty name to a JAR because such a file name is invalid and
* cannot be used to add a file because it cannot be created or added to
* the JAR file in the first place. However, an individual section with an
* empty name can be added to the manifest.
* Expected is a corresponding digest in the signature file which was not
* present or produced before resolution of bug 8217375.
*/
@Test
public void testNameEmpty() throws Exception {
String sectionName = "";
assertNotNull(test(sectionName, null).getAttributes(sectionName));
}
/**
* Similar to {@link #testNameEmpty} but tries to show a real difference
* rather than just some internals in a {@code .SF} file, but TODO
*/
@Test(enabled = false, description = "TODO")
public void testNameEmptyTrusted() throws Exception {
String sectionName = "";
test(sectionName, "-sectionsonly");
String jarFilename = "test" + sectionName + "-sectionsonly.jar";
try (JarFile jar = new JarFile(jarFilename, true)) {
Manifest m = jar.getManifest();
Method getTrustedAttributes = m.getClass()
.getDeclaredMethod("getTrustedAttributes", String.class);
getTrustedAttributes.setAccessible(true);
assertThrows(SecurityException.class, () ->
getTrustedAttributes.invoke(m, sectionName));
}
}
}
|
