From 56dcca5b5f8bd11303d94bd8cb1ee7c0fe96621e Mon Sep 17 00:00:00 2001 From: Mikhail Yankelevich Date: Wed, 8 Jan 2025 18:54:55 +0000 Subject: [PATCH 1/4] JDK-8345134: Test sun/security/tools/jarsigner/ConciseJarsigner.java failed: unable to find valid certification path to requested target set the date as -1M in the cert to prevent the future cert from being used. --- test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java b/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java index 69b45ea22930d..d7a471b0d0d51 100644 --- a/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java +++ b/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java @@ -23,7 +23,7 @@ /* * @test - * @bug 6802846 8172529 8227758 8260960 + * @bug 6802846 8172529 8227758 8260960 8345134 * @summary jarsigner needs enhanced cert validation(options) * @library /test/lib * @run main/timeout=240 ConciseJarsigner @@ -256,9 +256,9 @@ public static void main(String[] args) throws Exception { // This certchain contains a cross-signed weak catwo.cert Files.write(Path.of("ee2"), List.of( - kt("-gencert -alias catwo -rfc -infile ee.req").getOutput(), + kt("-gencert -alias catwo -rfc -infile ee.req -startdate -1M").getOutput(), kt("-gencert -alias caone -sigalg MD5withRSA -rfc " - + "-infile catwo.req").getOutput())); + + "-infile catwo.req -startdate -1M").getOutput())); kt("-importcert -alias ee -file ee2"); From 4e03e25051cec4fa488f6bcdd275eb6574707d4a Mon Sep 17 00:00:00 2001 From: Mikhail Yankelevich Date: Thu, 9 Jan 2025 18:55:43 +0000 Subject: [PATCH 2/4] removed the bug number --- test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java b/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java index d7a471b0d0d51..22af7a2895fdf 100644 --- a/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java +++ b/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java @@ -23,7 +23,7 @@ /* * @test - * @bug 6802846 8172529 8227758 8260960 8345134 + * @bug 6802846 8172529 8227758 8260960 * @summary jarsigner needs enhanced cert validation(options) * @library /test/lib * @run main/timeout=240 ConciseJarsigner From 065d82c13028c8a6a43d9852d9ad5daa0d82f93c Mon Sep 17 00:00:00 2001 From: Mikhail Yankelevich Date: Mon, 13 Jan 2025 15:16:48 +0000 Subject: [PATCH 3/4] updated copyright --- test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java b/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java index 22af7a2895fdf..9e28abea25ab4 100644 --- a/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java +++ b/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2025, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it From bcc232d999f3b2aff5f31ed8af029e6ca5bd9ba9 Mon Sep 17 00:00:00 2001 From: Mikhail Yankelevich Date: Wed, 15 Jan 2025 10:17:43 +0000 Subject: [PATCH 4/4] updated the test to apply -startdate -1M to all unspecified certificates --- .../tools/jarsigner/ConciseJarsigner.java | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java b/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java index 9e28abea25ab4..e81a25712a6b2 100644 --- a/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java +++ b/test/jdk/sun/security/tools/jarsigner/ConciseJarsigner.java @@ -43,8 +43,15 @@ public class ConciseJarsigner { static OutputAnalyzer kt(String cmd) throws Exception { // Choose 2048-bit RSA to make sure it runs fine and fast. In // fact, every keyalg/keysize combination is OK for this test. - return SecurityTools.keytool("-storepass changeit -keypass changeit " - + "-keystore ks -keyalg rsa -keysize 2048 " + cmd); + // The start date is set to -1M to prevent the certificate not yet valid during fast enough execution. + // If -startdate is specified in cmd, cmd version will be used. + if (cmd.contains("-startdate")) { + return SecurityTools.keytool("-storepass changeit -keypass changeit " + + "-keystore ks -keyalg rsa -keysize 2048 " + cmd); + } else { + return SecurityTools.keytool("-storepass changeit -keypass changeit " + + "-keystore ks -keyalg rsa -keysize 2048 -startdate -1M " + cmd); + } } static void gencert(String owner, String cmd) throws Exception { @@ -256,9 +263,9 @@ public static void main(String[] args) throws Exception { // This certchain contains a cross-signed weak catwo.cert Files.write(Path.of("ee2"), List.of( - kt("-gencert -alias catwo -rfc -infile ee.req -startdate -1M").getOutput(), + kt("-gencert -alias catwo -rfc -infile ee.req").getOutput(), kt("-gencert -alias caone -sigalg MD5withRSA -rfc " - + "-infile catwo.req -startdate -1M").getOutput())); + + "-infile catwo.req").getOutput())); kt("-importcert -alias ee -file ee2");