1 /* 2 * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.nio.file.Path; 25 import java.util.List; 26 27 import jdk.jpackage.test.TKit; 28 import jdk.jpackage.test.Executor; 29 30 public class SigningBase { 31 32 public static String DEV_NAME = "jpackage.openjdk.java.net"; 33 public static String APP_CERT 34 = "Developer ID Application: " + DEV_NAME; 35 public static String INSTALLER_CERT 36 = "Developer ID Installer: " + DEV_NAME; 37 public static String KEYCHAIN = "jpackagerTest.keychain"; 38 39 private static void checkString(List<String> result, String lookupString) { 40 TKit.assertTextStream(lookupString).predicate( 41 (line, what) -> line.trim().equals(what)).apply(result.stream()); 42 } 43 44 private static List<String> codesignResult(Path target, boolean signed) { 45 int exitCode = signed ? 0 : 1; 46 List<String> result = new Executor() 47 .setExecutable("codesign") 48 .addArguments("--verify", "--deep", "--strict", "--verbose=2", 49 target.toString()) 50 .saveOutput() 51 .execute(exitCode).getOutput(); 52 53 return result; 54 } 55 56 private static void verifyCodesignResult(List<String> result, Path target, 57 boolean signed) { 58 result.stream().forEachOrdered(TKit::trace); 59 if (signed) { 60 String lookupString = target.toString() + ": valid on disk"; 61 checkString(result, lookupString); 62 lookupString = target.toString() + ": satisfies its Designated Requirement"; 63 checkString(result, lookupString); 64 } else { 65 String lookupString = target.toString() 66 + ": code object is not signed at all"; 67 checkString(result, lookupString); 68 } 69 } 70 71 private static List<String> spctlResult(Path target, String type) { 72 List<String> result = new Executor() 73 .setExecutable("/usr/sbin/spctl") 74 .addArguments("-vvv", "--assess", "--type", type, 75 target.toString()) 76 .executeAndGetOutput(); 77 78 return result; 79 } 80 81 private static void verifySpctlResult(List<String> result, Path target, String type) { 82 result.stream().forEachOrdered(TKit::trace); 83 String lookupString = target.toString() + ": accepted"; 84 checkString(result, lookupString); 85 lookupString = "source=" + DEV_NAME; 86 checkString(result, lookupString); 87 if (type.equals("install")) { 88 lookupString = "origin=" + INSTALLER_CERT; 89 } else { 90 lookupString = "origin=" + APP_CERT; 91 } 92 checkString(result, lookupString); 93 } 94 95 private static List<String> pkgutilResult(Path target) { 96 List<String> result = new Executor() 97 .setExecutable("/usr/sbin/pkgutil") 98 .addArguments("--check-signature", 99 target.toString()) 100 .executeAndGetOutput(); 101 102 return result; 103 } 104 105 private static void verifyPkgutilResult(List<String> result) { 106 result.stream().forEachOrdered(TKit::trace); 107 String lookupString = "Status: signed by a certificate trusted for current user"; 108 checkString(result, lookupString); 109 lookupString = "1. " + INSTALLER_CERT; 110 checkString(result, lookupString); 111 } 112 113 public static void verifyCodesign(Path target, boolean signed) { 114 List<String> result = codesignResult(target, signed); 115 verifyCodesignResult(result, target, signed); 116 } 117 118 public static void verifySpctl(Path target, String type) { 119 List<String> result = spctlResult(target, type); 120 verifySpctlResult(result, target, type); 121 } 122 123 public static void verifyPkgutil(Path target) { 124 List<String> result = pkgutilResult(target); 125 verifyPkgutilResult(result); 126 } 127 128 }