Skip to content
Permalink
Browse files
8260286: Manual Test "ws/open/test/jdk/sun/security/tools/jarsigner/c…
…ompatibility/Compatibility.java" fails

Reviewed-by: rhalade
  • Loading branch information
Fernando Guallini authored and rhalade committed Jan 26, 2021
1 parent fd00ed7 commit 9f0a04364803c8797c2c10c2391635bd9ddb58bf
Showing with 21 additions and 4 deletions.
  1. +16 −3 test/jdk/sun/security/tools/jarsigner/compatibility/Compatibility.java
  2. +5 −1 test/jdk/sun/security/tools/jarsigner/warnings/Test.java
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,7 +23,7 @@

/*
* @test
* @bug 8217375
* @bug 8217375 8260286
* @summary This test is used to verify the compatibility of jarsigner across
* different JDK releases. It also can be used to check jar signing (w/
* and w/o TSA) and to verify some specific signing and digest algorithms.
@@ -720,6 +720,7 @@ private static void verifying(SignItem signItem, VerifyItem verifyItem)
expectedKeySize() + "-bit key"
+ ")|("
+ " Digest algorithm: " + signItem.expectedDigestAlg()
+ (isWeakAlg(signItem.expectedDigestAlg()) ? " \\(weak\\)" : "")
+ (signItem.tsaIndex < 0 ? "" :
")|("
+ "Timestamped by \".+\" on .*"
@@ -805,7 +806,12 @@ private static Status verifyingStatus(SignItem signItem, VerifyItem
boolean warning = false;
for (String line : outputAnalyzer.getOutput().lines()
.toArray(String[]::new)) {
if (line.isBlank()) continue;
if (line.isBlank()) {
// If line is blank and warning flag is true, it is the end of warnings section
// This is needed when some info is added after warnings, such as timestamp expiration date
if (warning) warning = false;
continue;
}
if (Test.JAR_VERIFIED.equals(line)) continue;
if (line.matches(Test.ERROR + " ?") && expectedExitCode == 0) {
System.out.println("verifyingStatus: error: line.matches(" + Test.ERROR + "\" ?\"): " + line);
@@ -835,6 +841,9 @@ private static Status verifyingStatus(SignItem signItem, VerifyItem
+ "not be able to validate this jar after the signer "
+ "certificate's expiration date \\([^\\)]+\\) or after "
+ "any future revocation date[.]") && !tsa) continue;

if (isWeakAlg(signItem.expectedDigestAlg())
&& line.contains(Test.WEAK_ALGORITHM_WARNING)) continue;
if (Test.CERTIFICATE_SELF_SIGNED.equals(line)) continue;
if (Test.HAS_EXPIRED_CERT_VERIFYING_WARNING.equals(line)
&& signItem.certInfo.expired) continue;
@@ -844,6 +853,10 @@ private static Status verifyingStatus(SignItem signItem, VerifyItem
return warning ? Status.WARNING : Status.NORMAL;
}

private static boolean isWeakAlg(String alg) {
return SHA1.equals(alg);
}

// Using specified jarsigner to sign the pre-created jar with specified
// algorithms.
private static OutputAnalyzer signJar(String jarsignerPath, String sigalg,
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -144,6 +144,10 @@
= "This jar contains entries "
+ "whose signer certificate is not yet valid.";

static final String WEAK_ALGORITHM_WARNING
= "algorithm is considered a security risk. "
+ "This algorithm will be disabled in a future update.";

static final String JAR_SIGNED = "jar signed.";

static final String JAR_VERIFIED = "jar verified.";

1 comment on commit 9f0a043

@openjdk-notifier

This comment has been minimized.

Copy link

@openjdk-notifier openjdk-notifier bot commented on 9f0a043 Jan 26, 2021

Please sign in to comment.