1 /*
2  * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.
8  *
9  * This code is distributed in the hope that it will be useful, but WITHOUT
10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12  * version 2 for more details (a copy is included in the LICENSE file that
13  * accompanied this code).
14  *
15  * You should have received a copy of the GNU General Public License version
16  * 2 along with this work; if not, write to the Free Software Foundation,
17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20  * or visit www.oracle.com if you need additional information or have any
21  * questions.
22  */
23 
24 /**
25  * @test
26  * @bug 8056174
27  * @summary Make sure the jarsigner tool still works after it's modified to
28  *          be based on JarSigner API
29  * @library /test/lib
30  * @modules java.base/sun.security.tools.keytool
31  *          jdk.jartool/sun.security.tools.jarsigner
32  *          java.base/sun.security.pkcs
33  *          java.base/sun.security.x509
34  * @build jdk.test.lib.util.JarUtils
35  * @run main Options
36  */
37 
38 import com.sun.jarsigner.ContentSigner;
39 import com.sun.jarsigner.ContentSignerParameters;
40 import jdk.test.lib.util.JarUtils;
41 import sun.security.pkcs.PKCS7;
42 
43 import java.io.ByteArrayInputStream;
44 import java.io.IOException;
45 import java.io.InputStream;
46 import java.nio.file.Files;
47 import java.nio.file.Paths;
48 import java.security.NoSuchAlgorithmException;
49 import java.security.cert.CertificateException;
50 import java.util.*;
51 import java.util.jar.Attributes;
52 import java.util.jar.JarEntry;
53 import java.util.jar.JarFile;
54 import java.util.jar.Manifest;
55 
56 public class Options {
57 
main(String[] args)58     public static void main(String[] args) throws Exception {
59 
60         // Prepares raw file
61         Files.write(Paths.get("a"), "a".getBytes());
62 
63         // Pack
64         JarUtils.createJar("a.jar", "a");
65 
66         // Prepare a keystore
67         sun.security.tools.keytool.Main.main(
68                 ("-keystore jks -storepass changeit -keypass changeit -dname" +
69                         " CN=A -alias a -genkeypair -keyalg rsa").split(" "));
70 
71         // -altsign
72         sun.security.tools.jarsigner.Main.main(
73                 ("-debug -signedjar altsign.jar -keystore jks -storepass changeit" +
74                         " -altsigner Options$X a.jar a").split(" "));
75 
76         try (JarFile jf = new JarFile("altsign.jar")) {
77             JarEntry je = jf.getJarEntry("META-INF/A.RSA");
78             try (InputStream is = jf.getInputStream(je)) {
79                 if (!Arrays.equals(is.readAllBytes(), "1234".getBytes())) {
80                     throw new Exception("altsign go wrong");
81                 }
82             }
83         }
84 
85         // -sigfile, -digestalg, -sigalg, -internalsf, -sectionsonly
86         sun.security.tools.jarsigner.Main.main(
87                 ("-debug -signedjar new.jar -keystore jks -storepass changeit" +
88                 " -sigfile olala -digestalg SHA1 -sigalg SHA224withRSA" +
89                 " -internalsf -sectionsonly a.jar a").split(" "));
90 
91         try (JarFile jf = new JarFile("new.jar")) {
92             JarEntry je = jf.getJarEntry("META-INF/OLALA.SF");
93             Objects.requireNonNull(je);     // check -sigfile
94             byte[] sf = null;               // content of .SF
95             try (InputStream is = jf.getInputStream(je)) {
96                 sf = is.readAllBytes();     // save for later comparison
97                 Attributes attrs = new Manifest(new ByteArrayInputStream(sf))
98                         .getMainAttributes();
99                 // check -digestalg
100                 if (!attrs.containsKey(new Attributes.Name(
101                         "SHA1-Digest-Manifest-Main-Attributes"))) {
102                     throw new Exception("digestalg incorrect");
103                 }
104                 // check -sectionsonly
105                 if (attrs.containsKey(new Attributes.Name(
106                         "SHA1-Digest-Manifest"))) {
107                     throw new Exception("SF should not have file digest");
108                 }
109             }
110 
111             je = jf.getJarEntry("META-INF/OLALA.RSA");
112             try (InputStream is = jf.getInputStream(je)) {
113                 PKCS7 p7 = new PKCS7(is.readAllBytes());
114                 String alg = p7.getSignerInfos()[0]
115                         .getDigestAlgorithmId().getName();
116                 if (!alg.equals("SHA-224")) {   // check -sigalg
117                     throw new Exception("PKCS7 signing is using " + alg);
118                 }
119                 // check -internalsf
120                 if (!Arrays.equals(sf, p7.getContentInfo().getData())) {
121                     throw new Exception("SF not in RSA");
122                 }
123             }
124 
125         }
126 
127         // TSA-related ones are checked in ts.sh
128     }
129 
130     public static class X extends ContentSigner {
131         @Override
generateSignedData(ContentSignerParameters parameters, boolean omitContent, boolean applyTimestamp)132         public byte[] generateSignedData(ContentSignerParameters parameters,
133                 boolean omitContent, boolean applyTimestamp)
134                 throws NoSuchAlgorithmException, CertificateException,
135                         IOException {
136             return "1234".getBytes();
137         }
138     }
139 }
140