8242260: Add forRemoval=true to already deprecated ContentSigner

Reviewed-by: alanb, mullan, xuelei

src/jdk.jartool/share/classes/com/sun/jarsigner/ContentSigner.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -38,7 +38,7 @@ import java.security.cert.CertificateException;
  * @deprecated This class has been deprecated.
  */
 
-@Deprecated(since="9")
+@Deprecated(since="9", forRemoval=true)
 public abstract class ContentSigner {
 
     /**
@@ -65,6 +65,7 @@ public abstract class ContentSigner {
      * @throws NullPointerException The exception is thrown if parameters is
      *         null.
      */
+    @SuppressWarnings("removal")
     public abstract byte[] generateSignedData(
         ContentSignerParameters parameters, boolean omitContent,
         boolean applyTimestamp)

src/jdk.jartool/share/classes/com/sun/jarsigner/ContentSignerParameters.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -36,7 +36,7 @@ import java.util.zip.ZipFile;
  * @author Vincent Ryan
  * @deprecated This class has been deprecated.
  */
-@Deprecated(since="9")
+@Deprecated(since="9", forRemoval=true)
 public interface ContentSignerParameters {
 
     /**

src/jdk.jartool/share/classes/com/sun/jarsigner/package-info.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -30,9 +30,9 @@
  * tool by supplying an alternative implementation of
  * {@link com.sun.jarsigner.ContentSigner}.
  *
- * The classes in this package have been deprecated. New classes should not be
+ * The classes in this package have been deprecated and will be removed in
- * added to this package. Use the {@link jdk.security.jarsigner.JarSigner} API
+ * a future release. New classes should not be added to this package.
- * to sign JAR files.
+ * Use the {@link jdk.security.jarsigner.JarSigner} API to sign JAR files.
  */
 
 package com.sun.jarsigner;

src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java

@@ -34,6 +34,7 @@ import sun.security.util.SignatureFileVerifier;
 import sun.security.x509.AlgorithmId;
 
 import java.io.*;
+import java.lang.reflect.InvocationTargetException;
 import java.net.SocketTimeoutException;
 import java.net.URI;
 import java.net.URL;
@@ -841,14 +842,14 @@ public final class JarSigner {
         signer.update(content);
         byte[] signature = signer.sign();
 
-        @SuppressWarnings("deprecation")
+        @SuppressWarnings("removal")
         ContentSigner signingMechanism = null;
         if (altSigner != null) {
             signingMechanism = loadSigningMechanism(altSigner,
                     altSignerPath);
         }
 
-        @SuppressWarnings("deprecation")
+        @SuppressWarnings("removal")
         ContentSignerParameters params =
                 new JarSignerParameters(null, tsaUrl, tSAPolicyID,
                         tSADigestAlg, signature,
@@ -1058,10 +1059,15 @@ public final class JarSigner {
      * Try to load the specified signing mechanism.
      * The URL class loader is used.
      */
-    @SuppressWarnings("deprecation")
+    @SuppressWarnings("removal")
     private ContentSigner loadSigningMechanism(String signerClassName,
                                                String signerClassPath) {
 
+        // If there is no signerClassPath provided, search from here
+        if (signerClassPath == null) {
+            signerClassPath = ".";
+        }
+
         // construct class loader
         String cpString;   // make sure env.class.path defaults to dot
 
@@ -1077,10 +1083,11 @@ public final class JarSigner {
         try {
             // attempt to find signer
             Class<?> signerClass = appClassLoader.loadClass(signerClassName);
-            Object signer = signerClass.newInstance();
+            Object signer = signerClass.getDeclaredConstructor().newInstance();
             return (ContentSigner) signer;
         } catch (ClassNotFoundException|InstantiationException|
-                IllegalAccessException|ClassCastException e) {
+                IllegalAccessException|ClassCastException|
+                NoSuchMethodException| InvocationTargetException e) {
             throw new IllegalArgumentException(
                     "Invalid altSigner or altSignerPath", e);
         }
@@ -1174,7 +1181,7 @@ public final class JarSigner {
         }
 
         // Generates the PKCS#7 content of block file
-        @SuppressWarnings("deprecation")
+        @SuppressWarnings("removal")
         public byte[] generateBlock(ContentSignerParameters params,
                                     boolean externalSF,
                                     ContentSigner signingMechanism)
@@ -1192,7 +1199,7 @@ public final class JarSigner {
         }
     }
 
-    @SuppressWarnings("deprecation")
+    @SuppressWarnings("removal")
     class JarSignerParameters implements ContentSignerParameters {
 
         private String[] args;

src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java

@@ -444,13 +444,13 @@ public class Main {
                 if (++n == args.length) usageNoArg();
                 altSignerClass = args[n];
                 System.err.println(
-                        rb.getString("This.option.is.deprecated") +
+                        rb.getString("This.option.is.forremoval") +
                                 "-altsigner");
             } else if (collator.compare(flags, "-altsignerpath") ==0) {
                 if (++n == args.length) usageNoArg();
                 altSignerClasspath = args[n];
                 System.err.println(
-                        rb.getString("This.option.is.deprecated") +
+                        rb.getString("This.option.is.forremoval") +
                                 "-altsignerpath");
             } else if (collator.compare(flags, "-sectionsonly") ==0) {
                 signManifest = false;

src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java

@@ -44,7 +44,7 @@ public class Resources extends java.util.ListResourceBundle {
         {"provider.class.not.found", "Provider \"%s\" not found"},
         {"jarsigner.error.", "jarsigner error: "},
         {"Illegal.option.", "Illegal option: "},
-        {"This.option.is.deprecated", "This option is deprecated: "},
+        {"This.option.is.forremoval", "This option is deprecated and will be removed in a future release: "},
         {".keystore.must.be.NONE.if.storetype.is.{0}",
                 "-keystore must be NONE if -storetype is {0}"},
         {".keypass.can.not.be.specified.if.storetype.is.{0}",
@@ -93,10 +93,10 @@ public class Resources extends java.util.ListResourceBundle {
                 "[-tsadigestalg <algorithm>] algorithm of digest data in timestamping request"},
         {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
                 "[-altsigner <class>]        class name of an alternative signing mechanism\n" +
-                "                            (This option has been deprecated.)"},
+                "                            (This option is deprecated and will be removed in a future release.)"},
         {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
                 "[-altsignerpath <pathlist>] location of an alternative signing mechanism\n" +
-                "                            (This option has been deprecated.)"},
+                "                            (This option is deprecated and will be removed in a future release.)"},
         {".internalsf.include.the.SF.file.inside.the.signature.block",
                 "[-internalsf]               include the .SF file inside the signature block"},
         {".sectionsonly.don.t.compute.hash.of.entire.manifest",

src/jdk.jartool/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@ import sun.security.x509.*;
  *
  * @author Vincent Ryan
  */
-@SuppressWarnings("deprecation")
+@SuppressWarnings("removal")
 public final class TimestampedSigner extends ContentSigner {
 
     /*

test/jdk/sun/security/tools/jarsigner/Options.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,30 +23,25 @@
 
 /**
  * @test
- * @bug 8056174
+ * @bug 8056174 8242260
  * @summary Make sure the jarsigner tool still works after it's modified to
  *          be based on JarSigner API
  * @library /test/lib
- * @modules java.base/sun.security.tools.keytool
+ * @modules java.base/sun.security.pkcs
- *          jdk.jartool/sun.security.tools.jarsigner
- *          java.base/sun.security.pkcs
  *          java.base/sun.security.x509
- * @build jdk.test.lib.util.JarUtils
- * @run main Options
  */
 
 import com.sun.jarsigner.ContentSigner;
 import com.sun.jarsigner.ContentSignerParameters;
+import jdk.test.lib.Asserts;
+import jdk.test.lib.SecurityTools;
 import jdk.test.lib.util.JarUtils;
 import sun.security.pkcs.PKCS7;
 
 import java.io.ByteArrayInputStream;
-import java.io.IOException;
 import java.io.InputStream;
 import java.nio.file.Files;
-import java.nio.file.Paths;
+import java.nio.file.Path;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
 import java.util.*;
 import java.util.jar.Attributes;
 import java.util.jar.JarEntry;
@@ -57,21 +52,41 @@ public class Options {
 
     public static void main(String[] args) throws Exception {
 
+        // Help
+        boolean lastLineHasAltSigner = false;
+        for (String line : SecurityTools.jarsigner("--help").asLines()) {
+            if (line.contains("-altsigner")) {
+                lastLineHasAltSigner = true;
+            } else {
+                if (lastLineHasAltSigner) {
+                    Asserts.assertTrue(line.contains("deprecated and will be removed"));
+                }
+                lastLineHasAltSigner = false;
+            }
+        }
+
         // Prepares raw file
-        Files.write(Paths.get("a"), List.of("a"));
+        Files.write(Path.of("a"), List.of("a"));
 
         // Pack
-        JarUtils.createJar("a.jar", "a");
+        JarUtils.createJarFile(Path.of("a.jar"), Path.of("."), Path.of("a"));
 
         // Prepare a keystore
-        sun.security.tools.keytool.Main.main(
+        SecurityTools.keytool(
-                ("-keystore jks -storepass changeit -keypass changeit -dname" +
+                "-keystore jks -storepass changeit -keypass changeit -dname" +
-                        " CN=A -alias a -genkeypair -keyalg rsa").split(" "));
+                        " CN=A -alias a -genkeypair -keyalg rsa")
+                .shouldHaveExitValue(0);
 
         // -altsign
-        sun.security.tools.jarsigner.Main.main(
+        SecurityTools.jarsigner(
-                ("-debug -signedjar altsign.jar -keystore jks -storepass changeit" +
+                "-debug -signedjar altsign.jar -keystore jks -storepass changeit" +
-                        " -altsigner Options$X a.jar a").split(" "));
+                        " -altsigner Options$X" +
+                        " -altsignerpath " + System.getProperty("test.classes") +
+                        " a.jar a")
+                .shouldContain("removed in a future release: -altsigner")
+                .shouldContain("removed in a future release: -altsignerpath")
+                .shouldContain("PKCS7.parse");  // signature not parseable
+                                                // but signing succeeds
 
         try (JarFile jf = new JarFile("altsign.jar")) {
             JarEntry je = jf.getJarEntry("META-INF/A.RSA");
@@ -82,11 +97,25 @@ public class Options {
             }
         }
 
+        // -altsign with no -altsignerpath
+        Files.copy(Path.of(System.getProperty("test.classes"), "Options$X.class"),
+                Path.of("Options$X.class"));
+        SecurityTools.jarsigner(
+                "-debug -signedjar altsign.jar -keystore jks -storepass changeit" +
+                        " -altsigner Options$X" +
+                        " a.jar a")
+                .shouldContain("removed in a future release: -altsigner")
+                .shouldNotContain("removed in a future release: -altsignerpath")
+                .shouldContain("PKCS7.parse");  // signature not parseable
+                                                // but signing succeeds
+
         // -sigfile, -digestalg, -sigalg, -internalsf, -sectionsonly
-        sun.security.tools.jarsigner.Main.main(
+        SecurityTools.jarsigner(
-                ("-debug -signedjar new.jar -keystore jks -storepass changeit" +
+                "-debug -signedjar new.jar -keystore jks -storepass changeit" +
                 " -sigfile olala -digestalg SHA1 -sigalg SHA224withRSA" +
-                " -internalsf -sectionsonly a.jar a").split(" "));
+                " -internalsf -sectionsonly a.jar a")
+                .shouldHaveExitValue(0)
+                .shouldNotContain("Exception");     // a real success
 
         try (JarFile jf = new JarFile("new.jar")) {
             JarEntry je = jf.getJarEntry("META-INF/OLALA.SF");
@@ -130,9 +159,7 @@ public class Options {
     public static class X extends ContentSigner {
         @Override
         public byte[] generateSignedData(ContentSignerParameters parameters,
-                boolean omitContent, boolean applyTimestamp)
+                boolean omitContent, boolean applyTimestamp) {
-                throws NoSuchAlgorithmException, CertificateException,
-                        IOException {
             return "1234".getBytes();
         }
     }