archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-09-20 11:04:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8256202: Some tweaks for jarsigner tests PosixPermissionsTest and SymLinkTest

Browse source 
Reviewed-by: mbaesken
This commit is contained in:
Christoph Langer 2020-11-13 17:28:05 +00:00
parent 1c47244b01
commit 1e9a432d59
2 changed files with 84 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

38
test/jdk/sun/security/tools/jarsigner/PosixPermissionsTest.java
View file

@ -32,15 +32,21 @@
*/ */
import java.net.URI; import java.net.URI;
import java.nio.file.*; import java.nio.file.FileSystem;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.PosixFilePermission; import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions; import java.nio.file.attribute.PosixFilePermissions;
import java.util.*; import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import jdk.test.lib.SecurityTools; import jdk.test.lib.SecurityTools;
public class PosixPermissionsTest { public class PosixPermissionsTest {
private static List<String> perms = List.of( private static List<String> perms = List.of(
"---------", "---------",
"r--------", "r--------",
@ -77,16 +83,13 @@ public class PosixPermissionsTest {
"protected by the signature."; "protected by the signature.";
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
if (!FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) {
System.out.println("No posix support. Skipping");
return;
}
createFiles(); createFiles();
// check permissions before signing // check permissions before signing
verifyFilePermissions(ZIPURI, true); verifyFilePermissions(ZIPURI, true);
verifyFilePermissions(JARURI, false); verifyFilePermissions(JARURI, false);
// generate key for signing
SecurityTools.keytool( SecurityTools.keytool(
"-genkey", "-genkey",
"-keyalg", "RSA", "-keyalg", "RSA",
@ -98,6 +101,7 @@ public class PosixPermissionsTest {
"-validity", "365") "-validity", "365")
.shouldHaveExitValue(0); .shouldHaveExitValue(0);
// sign zip file - expect warning
SecurityTools.jarsigner( SecurityTools.jarsigner(
"-keystore", "examplekeystore", "-keystore", "examplekeystore",
"-verbose", ZIPFILENAME, "-verbose", ZIPFILENAME,
@ -107,11 +111,12 @@ public class PosixPermissionsTest {
.shouldHaveExitValue(0) .shouldHaveExitValue(0)
.shouldContain(WARNING_MSG); .shouldContain(WARNING_MSG);
// zip file now signed. Recheck file permissions // recheck permissions after signing
verifyFilePermissions(ZIPURI, true); verifyFilePermissions(ZIPURI, true);
// sign jar file - no posix warning message expected // sign jar file - expect no warning
SecurityTools.jarsigner("-keystore", "examplekeystore", SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-verbose", JARFILENAME, "-verbose", JARFILENAME,
"-storepass", "password", "-storepass", "password",
"-keypass", "password", "-keypass", "password",
@ -119,10 +124,12 @@ public class PosixPermissionsTest {
.shouldHaveExitValue(0) .shouldHaveExitValue(0)
.shouldNotContain(WARNING_MSG); .shouldNotContain(WARNING_MSG);
// default attributes expected // recheck permissions after signing
verifyFilePermissions(JARURI, false); verifyFilePermissions(JARURI, false);
SecurityTools.jarsigner("-keystore", "examplekeystore", // verify zip file - expect warning
SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-storepass", "password", "-storepass", "password",
"-keypass", "password", "-keypass", "password",
"-verbose", "-verbose",
@ -130,8 +137,9 @@ public class PosixPermissionsTest {
.shouldHaveExitValue(0) .shouldHaveExitValue(0)
.shouldContain(WARNING_MSG); .shouldContain(WARNING_MSG);
// no warning expected for regular jar file // verify jar file - expect no warning
SecurityTools.jarsigner("-keystore", "examplekeystore", SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-storepass", "password", "-storepass", "password",
"-keypass", "password", "-keypass", "password",
"-verbose", "-verbose",

103
test/jdk/sun/security/tools/jarsigner/SymLinkTest.java
View file

@ -31,28 +31,35 @@
* @run main/othervm SymLinkTest * @run main/othervm SymLinkTest
*/ */
import java.io.*; import java.io.FileInputStream;
import java.net.URI; import java.io.IOException;
import java.nio.file.*; import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Formatter; import java.util.Formatter;
import jdk.test.lib.SecurityTools; import jdk.test.lib.SecurityTools;
public class SymLinkTest { public class SymLinkTest {
private final static int BYTES_PER_ROW = 8;
private final static String ZIPFILENAME = "8250968-test.zip"; private final static String ZIPFILENAME = "8250968-test.zip";
private static final String WARNING_MSG = "POSIX file permission and/or symlink " + private static final String WARNING_MSG = "POSIX file permission and/or symlink " +
"attributes detected. These attributes are ignored when signing and are not " + "attributes detected. These attributes are ignored when signing and are not " +
"protected by the signature."; "protected by the signature.";
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
Files.deleteIfExists(Paths.get(ZIPFILENAME)); // call main with an argument to print the prepared zipfile as byte array declaration
try (FileOutputStream fos = new FileOutputStream(ZIPFILENAME)) { if (args.length > 0) {
fos.write(ZIPBYTES); System.out.println("Bytes of " + ZIPFILENAME + ":");
System.out.println(createByteArray(Files.readAllBytes(Path.of(ZIPFILENAME)), "ZIPBYTES"));
System.exit(0);
} }
// check permissions before signing Files.write(Path.of(ZIPFILENAME), ZIPBYTES);
// check attributes before signing
verifyExtraAttrs(ZIPFILENAME); verifyExtraAttrs(ZIPFILENAME);
// generate key for signing
SecurityTools.keytool( SecurityTools.keytool(
"-genkey", "-genkey",
"-keyalg", "RSA", "-keyalg", "RSA",
@ -64,6 +71,7 @@ public class SymLinkTest {
"-validity", "365") "-validity", "365")
.shouldHaveExitValue(0); .shouldHaveExitValue(0);
// sign zip file - expect warning
SecurityTools.jarsigner( SecurityTools.jarsigner(
"-keystore", "examplekeystore", "-keystore", "examplekeystore",
"-verbose", ZIPFILENAME, "-verbose", ZIPFILENAME,
@ -73,10 +81,12 @@ public class SymLinkTest {
.shouldHaveExitValue(0) .shouldHaveExitValue(0)
.shouldContain(WARNING_MSG); .shouldContain(WARNING_MSG);
// zip file now signed. Recheck attributes // recheck attributes after signing
verifyExtraAttrs(ZIPFILENAME); verifyExtraAttrs(ZIPFILENAME);
SecurityTools.jarsigner("-keystore", "examplekeystore", // verify zip file - expect warning
SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-storepass", "password", "-storepass", "password",
"-keypass", "password", "-keypass", "password",
"-verbose", "-verbose",
@ -114,48 +124,57 @@ public class SymLinkTest {
* @param name Name to be used in the byte array declaration * @param name Name to be used in the byte array declaration
* @return The formatted byte array declaration * @return The formatted byte array declaration
*/ */
public static String createByteArray(byte[] bytes, String name) { private static String createByteArray(byte[] bytes, String name) {
StringBuilder sb = new StringBuilder(bytes.length * 5); StringBuilder sb = new StringBuilder();
Formatter fmt = new Formatter(sb); try (Formatter fmt = new Formatter(sb)) {
fmt.format(" public static byte[] %s = {", name); fmt.format(" public final static byte[] %s = {", name);
final int linelen = 8; for (int i = 0; i < bytes.length; i++) {
for (int i = 0; i < bytes.length; i++) { int mod = i % BYTES_PER_ROW;
if (i % linelen == 0) { if (mod == 0) {
fmt.format("%n "); fmt.format("%n ");
} else {
fmt.format(" ");
}
fmt.format("(byte)0x%02x", bytes[i]);
if (i != bytes.length - 1) {
fmt.format(",");
}
} }
fmt.format(" (byte) 0x%x,", bytes[i] & 0xff); fmt.format("%n };%n");
} }
fmt.format("%n };%n");
return sb.toString(); return sb.toString();
} }
/* /*
* Created using the createByteArray utility method. * The zipfile itself was created like this:
* The zipfile itself was created via this example: * $ ln -s ../z z
* $ ls -l z * $ ls -l z
* lrwxrwxrwx 1 test test 4 Aug 27 18:33 z -> ../z * lrwxrwxrwx 1 test test 4 Aug 27 18:33 z -> ../z
* $ zip -ry test.zip z * $ zip -ry 8250968-test.zip z
*
* The byte array representation was generated using the createByteArray utility method:
* $ java SymLinkTest generate
*/ */
public final static byte[] ZIPBYTES = { public final static byte[] ZIPBYTES = {
(byte) 0x50, (byte) 0x4b, (byte) 0x3, (byte) 0x4, (byte) 0xa, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte)0x50, (byte)0x4b, (byte)0x03, (byte)0x04, (byte)0x0a, (byte)0x00, (byte)0x00, (byte)0x00,
(byte) 0x0, (byte) 0x0, (byte) 0x2e, (byte) 0x94, (byte) 0x1b, (byte) 0x51, (byte) 0xb4, (byte) 0xcc, (byte)0x00, (byte)0x00, (byte)0x2e, (byte)0x94, (byte)0x1b, (byte)0x51, (byte)0xb4, (byte)0xcc,
(byte) 0xb6, (byte) 0xf1, (byte) 0x4, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x4, (byte) 0x0, (byte)0xb6, (byte)0xf1, (byte)0x04, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x04, (byte)0x00,
(byte) 0x0, (byte) 0x0, (byte) 0x1, (byte) 0x0, (byte) 0x1c, (byte) 0x0, (byte) 0x7a, (byte) 0x55, (byte)0x00, (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x1c, (byte)0x00, (byte)0x7a, (byte)0x55,
(byte) 0x54, (byte) 0x9, (byte) 0x0, (byte) 0x3, (byte) 0x77, (byte) 0xfc, (byte) 0x47, (byte) 0x5f, (byte)0x54, (byte)0x09, (byte)0x00, (byte)0x03, (byte)0x77, (byte)0xfc, (byte)0x47, (byte)0x5f,
(byte) 0x78, (byte) 0xfc, (byte) 0x47, (byte) 0x5f, (byte) 0x75, (byte) 0x78, (byte) 0xb, (byte) 0x0, (byte)0x78, (byte)0xfc, (byte)0x47, (byte)0x5f, (byte)0x75, (byte)0x78, (byte)0x0b, (byte)0x00,
(byte) 0x1, (byte) 0x4, (byte) 0xec, (byte) 0x3, (byte) 0x0, (byte) 0x0, (byte) 0x4, (byte) 0xec, (byte)0x01, (byte)0x04, (byte)0xec, (byte)0x03, (byte)0x00, (byte)0x00, (byte)0x04, (byte)0xec,
(byte) 0x3, (byte) 0x0, (byte) 0x0, (byte) 0x2e, (byte) 0x2e, (byte) 0x2f, (byte) 0x7a, (byte) 0x50, (byte)0x03, (byte)0x00, (byte)0x00, (byte)0x2e, (byte)0x2e, (byte)0x2f, (byte)0x7a, (byte)0x50,
(byte) 0x4b, (byte) 0x1, (byte) 0x2, (byte) 0x1e, (byte) 0x3, (byte) 0xa, (byte) 0x0, (byte) 0x0, (byte)0x4b, (byte)0x01, (byte)0x02, (byte)0x1e, (byte)0x03, (byte)0x0a, (byte)0x00, (byte)0x00,
(byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x2e, (byte) 0x94, (byte) 0x1b, (byte) 0x51, (byte) 0xb4, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x2e, (byte)0x94, (byte)0x1b, (byte)0x51, (byte)0xb4,
(byte) 0xcc, (byte) 0xb6, (byte) 0xf1, (byte) 0x4, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x4, (byte)0xcc, (byte)0xb6, (byte)0xf1, (byte)0x04, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x04,
(byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x1, (byte) 0x0, (byte) 0x18, (byte) 0x0, (byte) 0x0, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x18, (byte)0x00, (byte)0x00,
(byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0xff, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0xff,
(byte) 0xa1, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x7a, (byte) 0x55, (byte) 0x54, (byte)0xa1, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x7a, (byte)0x55, (byte)0x54,
(byte) 0x5, (byte) 0x0, (byte) 0x3, (byte) 0x77, (byte) 0xfc, (byte) 0x47, (byte) 0x5f, (byte) 0x75, (byte)0x05, (byte)0x00, (byte)0x03, (byte)0x77, (byte)0xfc, (byte)0x47, (byte)0x5f, (byte)0x75,
(byte) 0x78, (byte) 0xb, (byte) 0x0, (byte) 0x1, (byte) 0x4, (byte) 0xec, (byte) 0x3, (byte) 0x0, (byte)0x78, (byte)0x0b, (byte)0x00, (byte)0x01, (byte)0x04, (byte)0xec, (byte)0x03, (byte)0x00,
(byte) 0x0, (byte) 0x4, (byte) 0xec, (byte) 0x3, (byte) 0x0, (byte) 0x0, (byte) 0x50, (byte) 0x4b, (byte)0x00, (byte)0x04, (byte)0xec, (byte)0x03, (byte)0x00, (byte)0x00, (byte)0x50, (byte)0x4b,
(byte) 0x5, (byte) 0x6, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x1, (byte) 0x0, (byte)0x05, (byte)0x06, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01, (byte)0x00,
(byte) 0x1, (byte) 0x0, (byte) 0x47, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x3f, (byte) 0x0, (byte)0x01, (byte)0x00, (byte)0x47, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x3f, (byte)0x00,
(byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00
}; };
} }