File: ChainNotValidatedTest.java

package info (click to toggle)
openjdk-21 21.0.8%2B9-1
links: PTS, VCS
area: main
in suites: trixie
size: 823,976 kB
sloc: java: 5,613,338; xml: 1,643,607; cpp: 1,296,296; ansic: 420,291; asm: 404,850; objc: 20,994; sh: 15,271; javascript: 11,245; python: 6,895; makefile: 2,362; perl: 357; awk: 351; sed: 172; jsp: 24; csh: 3
file content (125 lines) | stat: -rw-r--r-- 4,323 bytes
parent folder | download | duplicates (14)
/*
 * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

import jdk.test.lib.process.OutputAnalyzer;
import jdk.test.lib.util.JarUtils;

import java.nio.file.Files;
import java.nio.file.Paths;

/**
 * @test
 * @bug 8024302 8026037
 * @summary Test for chainNotValidated warning
 * @library /test/lib ../
 * @build jdk.test.lib.util.JarUtils
 * @run main ChainNotValidatedTest ca2yes
 * @run main ChainNotValidatedTest ca2no
 */
public class ChainNotValidatedTest extends Test {

    public static void main(String[] args) throws Throwable {
        ChainNotValidatedTest test = new ChainNotValidatedTest();
        test.start(args[0].equals("ca2yes"));
    }

    private void start(boolean ca2yes) throws Throwable {
        // create a jar file that contains one class file
        Utils.createFiles(FIRST_FILE);
        JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);

        // We have 2 @run. Need cleanup.
        Files.deleteIfExists(Paths.get(KEYSTORE));

        // Root CA is not checked at all. If the intermediate CA has
        // BasicConstraints extension set to true, it will be valid.
        // Otherwise, chain validation will fail.
        createAlias(CA_KEY_ALIAS, "-ext", "bc:c");
        createAlias(CA2_KEY_ALIAS);
        issueCert(CA2_KEY_ALIAS,
                "-ext",
                "bc=ca:" + ca2yes);

        createAlias(KEY_ALIAS);
        issueCert(KEY_ALIAS, "-alias", CA2_KEY_ALIAS);

        // remove CA2 certificate so it's not trusted
        keytool(
                "-delete",
                "-alias", CA2_KEY_ALIAS,
                "-keystore", KEYSTORE,
                "-storepass", PASSWORD,
                "-keypass", PASSWORD).shouldHaveExitValue(0);

        // sign jar
        OutputAnalyzer analyzer = jarsigner(
                "-keystore", KEYSTORE,
                "-storepass", PASSWORD,
                "-keypass", PASSWORD,
                "-signedjar", SIGNED_JARFILE,
                UNSIGNED_JARFILE,
                KEY_ALIAS);

        if (ca2yes) {
            checkSigning(analyzer, "!" + CHAIN_NOT_VALIDATED_SIGNING_WARNING);
        } else {
            checkSigning(analyzer, CHAIN_NOT_VALIDATED_SIGNING_WARNING);
        }

        // verify signed jar
        analyzer = jarsigner(
                "-verify",
                "-verbose",
                "-keystore", KEYSTORE,
                "-storepass", PASSWORD,
                "-keypass", PASSWORD,
                SIGNED_JARFILE);

        if (ca2yes) {
            checkVerifying(analyzer, 0, "!" + CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
        } else {
            checkVerifying(analyzer, 0, CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
        }

        // verify signed jar in strict mode
        analyzer = jarsigner(
                "-verify",
                "-verbose",
                "-strict",
                "-keystore", KEYSTORE,
                "-storepass", PASSWORD,
                "-keypass", PASSWORD,
                SIGNED_JARFILE);

        if (ca2yes) {
            checkVerifying(analyzer, 0,
                    "!" + CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
        } else {
            checkVerifying(analyzer, CHAIN_NOT_VALIDATED_EXIT_CODE,
                    CHAIN_NOT_VALIDATED_VERIFYING_WARNING);
        }

        System.out.println("Test passed");
    }

}