Skip to content

Commit

Permalink
8256202: Some tweaks for jarsigner tests PosixPermissionsTest and Sym…
Browse files Browse the repository at this point in the history
…LinkTest

Reviewed-by: clanger
Backport-of: 1e9a432
  • Loading branch information
TheRealMDoerr committed Oct 29, 2021
1 parent d2fb307 commit 1c90fe0
Show file tree
Hide file tree
Showing 2 changed files with 81 additions and 49 deletions.
27 changes: 20 additions & 7 deletions test/jdk/sun/security/tools/jarsigner/PosixPermissionsTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,16 @@
*/

import java.net.URI;
import java.nio.file.*;
import java.nio.file.FileSystem;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.*;
import java.util.Formatter;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;

import jdk.test.lib.SecurityTools;

Expand All @@ -59,6 +66,7 @@ public static void main(String[] args) throws Exception {

createFiles();

// generate key for signing
SecurityTools.keytool(
"-genkey",
"-keyalg", "RSA",
Expand All @@ -70,6 +78,7 @@ public static void main(String[] args) throws Exception {
"-validity", "365")
.shouldHaveExitValue(0);

// sign zip file - expect warning
SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-verbose", ZIPFILENAME,
Expand All @@ -79,25 +88,29 @@ public static void main(String[] args) throws Exception {
.shouldHaveExitValue(0)
.shouldContain(WARNING_MSG);

// sign jar file - no posix warning message expected
SecurityTools.jarsigner("-keystore", "examplekeystore",
// sign jar file - expect no warning
SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-verbose", JARFILENAME,
"-storepass", "password",
"-keypass", "password",
"examplekey")
.shouldHaveExitValue(0)
.shouldNotContain(WARNING_MSG);

SecurityTools.jarsigner("-keystore", "examplekeystore",
// verify zip file - expect warning
SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-storepass", "password",
"-keypass", "password",
"-verbose",
"-verify", ZIPFILENAME)
.shouldHaveExitValue(0)
.shouldContain(WARNING_MSG);

// no warning expected for regular jar file
SecurityTools.jarsigner("-keystore", "examplekeystore",
// verify jar file - expect no warning
SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-storepass", "password",
"-keypass", "password",
"-verbose",
Expand Down
103 changes: 61 additions & 42 deletions test/jdk/sun/security/tools/jarsigner/SymLinkTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -31,28 +31,35 @@
* @run main/othervm SymLinkTest
*/

import java.io.*;
import java.net.URI;
import java.nio.file.*;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Formatter;

import jdk.test.lib.SecurityTools;

public class SymLinkTest {
private final static int BYTES_PER_ROW = 8;
private final static String ZIPFILENAME = "8250968-test.zip";
private static final String WARNING_MSG = "POSIX file permission and/or symlink " +
"attributes detected. These attributes are ignored when signing and are not " +
"protected by the signature.";

public static void main(String[] args) throws Exception {
Files.deleteIfExists(Paths.get(ZIPFILENAME));
try (FileOutputStream fos = new FileOutputStream(ZIPFILENAME)) {
fos.write(ZIPBYTES);
// call main with an argument to print the prepared zipfile as byte array declaration
if (args.length > 0) {
System.out.println("Bytes of " + ZIPFILENAME + ":");
System.out.println(createByteArray(Files.readAllBytes(Path.of(ZIPFILENAME)), "ZIPBYTES"));
System.exit(0);
}

// check permissions before signing
Files.write(Path.of(ZIPFILENAME), ZIPBYTES);

// check attributes before signing
verifyExtraAttrs(ZIPFILENAME);

// generate key for signing
SecurityTools.keytool(
"-genkey",
"-keyalg", "RSA",
Expand All @@ -64,6 +71,7 @@ public static void main(String[] args) throws Exception {
"-validity", "365")
.shouldHaveExitValue(0);

// sign zip file - expect warning
SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-verbose", ZIPFILENAME,
Expand All @@ -73,10 +81,12 @@ public static void main(String[] args) throws Exception {
.shouldHaveExitValue(0)
.shouldContain(WARNING_MSG);

// zip file now signed. Recheck attributes
// recheck attributes after signing
verifyExtraAttrs(ZIPFILENAME);

SecurityTools.jarsigner("-keystore", "examplekeystore",
// verify zip file - expect warning
SecurityTools.jarsigner(
"-keystore", "examplekeystore",
"-storepass", "password",
"-keypass", "password",
"-verbose",
Expand Down Expand Up @@ -114,48 +124,57 @@ private static void verifyExtraAttrs(String zipFileName) throws IOException {
* @param name Name to be used in the byte array declaration
* @return The formatted byte array declaration
*/
public static String createByteArray(byte[] bytes, String name) {
StringBuilder sb = new StringBuilder(bytes.length * 5);
Formatter fmt = new Formatter(sb);
fmt.format(" public static byte[] %s = {", name);
final int linelen = 8;
for (int i = 0; i < bytes.length; i++) {
if (i % linelen == 0) {
fmt.format("%n ");
private static String createByteArray(byte[] bytes, String name) {
StringBuilder sb = new StringBuilder();
try (Formatter fmt = new Formatter(sb)) {
fmt.format(" public final static byte[] %s = {", name);
for (int i = 0; i < bytes.length; i++) {
int mod = i % BYTES_PER_ROW;
if (mod == 0) {
fmt.format("%n ");
} else {
fmt.format(" ");
}
fmt.format("(byte)0x%02x", bytes[i]);
if (i != bytes.length - 1) {
fmt.format(",");
}
}
fmt.format(" (byte) 0x%x,", bytes[i] & 0xff);
fmt.format("%n };%n");
}
fmt.format("%n };%n");
return sb.toString();
}

/*
* Created using the createByteArray utility method.
* The zipfile itself was created via this example:
* The zipfile itself was created like this:
* $ ln -s ../z z
* $ ls -l z
* lrwxrwxrwx 1 test test 4 Aug 27 18:33 z -> ../z
* $ zip -ry test.zip z
* $ zip -ry 8250968-test.zip z
*
* The byte array representation was generated using the createByteArray utility method:
* $ java SymLinkTest generate
*/
public final static byte[] ZIPBYTES = {
(byte) 0x50, (byte) 0x4b, (byte) 0x3, (byte) 0x4, (byte) 0xa, (byte) 0x0, (byte) 0x0, (byte) 0x0,
(byte) 0x0, (byte) 0x0, (byte) 0x2e, (byte) 0x94, (byte) 0x1b, (byte) 0x51, (byte) 0xb4, (byte) 0xcc,
(byte) 0xb6, (byte) 0xf1, (byte) 0x4, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x4, (byte) 0x0,
(byte) 0x0, (byte) 0x0, (byte) 0x1, (byte) 0x0, (byte) 0x1c, (byte) 0x0, (byte) 0x7a, (byte) 0x55,
(byte) 0x54, (byte) 0x9, (byte) 0x0, (byte) 0x3, (byte) 0x77, (byte) 0xfc, (byte) 0x47, (byte) 0x5f,
(byte) 0x78, (byte) 0xfc, (byte) 0x47, (byte) 0x5f, (byte) 0x75, (byte) 0x78, (byte) 0xb, (byte) 0x0,
(byte) 0x1, (byte) 0x4, (byte) 0xec, (byte) 0x3, (byte) 0x0, (byte) 0x0, (byte) 0x4, (byte) 0xec,
(byte) 0x3, (byte) 0x0, (byte) 0x0, (byte) 0x2e, (byte) 0x2e, (byte) 0x2f, (byte) 0x7a, (byte) 0x50,
(byte) 0x4b, (byte) 0x1, (byte) 0x2, (byte) 0x1e, (byte) 0x3, (byte) 0xa, (byte) 0x0, (byte) 0x0,
(byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x2e, (byte) 0x94, (byte) 0x1b, (byte) 0x51, (byte) 0xb4,
(byte) 0xcc, (byte) 0xb6, (byte) 0xf1, (byte) 0x4, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x4,
(byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x1, (byte) 0x0, (byte) 0x18, (byte) 0x0, (byte) 0x0,
(byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0xff,
(byte) 0xa1, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x7a, (byte) 0x55, (byte) 0x54,
(byte) 0x5, (byte) 0x0, (byte) 0x3, (byte) 0x77, (byte) 0xfc, (byte) 0x47, (byte) 0x5f, (byte) 0x75,
(byte) 0x78, (byte) 0xb, (byte) 0x0, (byte) 0x1, (byte) 0x4, (byte) 0xec, (byte) 0x3, (byte) 0x0,
(byte) 0x0, (byte) 0x4, (byte) 0xec, (byte) 0x3, (byte) 0x0, (byte) 0x0, (byte) 0x50, (byte) 0x4b,
(byte) 0x5, (byte) 0x6, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x1, (byte) 0x0,
(byte) 0x1, (byte) 0x0, (byte) 0x47, (byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x3f, (byte) 0x0,
(byte) 0x0, (byte) 0x0, (byte) 0x0, (byte) 0x0,
(byte)0x50, (byte)0x4b, (byte)0x03, (byte)0x04, (byte)0x0a, (byte)0x00, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x2e, (byte)0x94, (byte)0x1b, (byte)0x51, (byte)0xb4, (byte)0xcc,
(byte)0xb6, (byte)0xf1, (byte)0x04, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x04, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x1c, (byte)0x00, (byte)0x7a, (byte)0x55,
(byte)0x54, (byte)0x09, (byte)0x00, (byte)0x03, (byte)0x77, (byte)0xfc, (byte)0x47, (byte)0x5f,
(byte)0x78, (byte)0xfc, (byte)0x47, (byte)0x5f, (byte)0x75, (byte)0x78, (byte)0x0b, (byte)0x00,
(byte)0x01, (byte)0x04, (byte)0xec, (byte)0x03, (byte)0x00, (byte)0x00, (byte)0x04, (byte)0xec,
(byte)0x03, (byte)0x00, (byte)0x00, (byte)0x2e, (byte)0x2e, (byte)0x2f, (byte)0x7a, (byte)0x50,
(byte)0x4b, (byte)0x01, (byte)0x02, (byte)0x1e, (byte)0x03, (byte)0x0a, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x2e, (byte)0x94, (byte)0x1b, (byte)0x51, (byte)0xb4,
(byte)0xcc, (byte)0xb6, (byte)0xf1, (byte)0x04, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x04,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01, (byte)0x00, (byte)0x18, (byte)0x00, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0xff,
(byte)0xa1, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x7a, (byte)0x55, (byte)0x54,
(byte)0x05, (byte)0x00, (byte)0x03, (byte)0x77, (byte)0xfc, (byte)0x47, (byte)0x5f, (byte)0x75,
(byte)0x78, (byte)0x0b, (byte)0x00, (byte)0x01, (byte)0x04, (byte)0xec, (byte)0x03, (byte)0x00,
(byte)0x00, (byte)0x04, (byte)0xec, (byte)0x03, (byte)0x00, (byte)0x00, (byte)0x50, (byte)0x4b,
(byte)0x05, (byte)0x06, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x01, (byte)0x00,
(byte)0x01, (byte)0x00, (byte)0x47, (byte)0x00, (byte)0x00, (byte)0x00, (byte)0x3f, (byte)0x00,
(byte)0x00, (byte)0x00, (byte)0x00, (byte)0x00
};
}

1 comment on commit 1c90fe0

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.