1 /*
2 * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 import jdk.testlibrary.OutputAnalyzer;
25 import jdk.testlibrary.JarUtils;
26
27 /**
28 * @test
29 * @bug 8024302 8026037
30 * @summary Test for badKeyUsage warning
31 * @library /lib/testlibrary ../
32 * @ignore until 8026393 is fixed
33 * @run main BadKeyUsageTest
34 */
35 public class BadKeyUsageTest extends Test {
36
37 /**
38 * The test signs and verifies a jar that contains entries
39 * whose signer certificate's KeyUsage extension
40 * doesn't allow code signing (badKeyUsage).
41 * Warning message is expected.
42 */
43 public static void main(String[] args) throws Throwable {
44 BadKeyUsageTest test = new BadKeyUsageTest();
45 test.start();
46 }
47
48 private void start() throws Throwable {
49 // create a jar file that contains one class file
50 Utils.createFiles(FIRST_FILE);
51 JarUtils.createJar(UNSIGNED_JARFILE, FIRST_FILE);
52
53 // create a certificate whose signer certificate's KeyUsage extension
54 // doesn't allow code signing
55 keytool(
56 "-genkey",
57 "-alias", KEY_ALIAS,
58 "-keyalg", KEY_ALG,
59 "-keysize", Integer.toString(KEY_SIZE),
60 "-keystore", KEYSTORE,
61 "-storepass", PASSWORD,
62 "-keypass", PASSWORD,
63 "-dname", "CN=Test",
64 "-ext", "KeyUsage=keyAgreement",
65 "-validity", Integer.toString(VALIDITY)).shouldHaveExitValue(0);
66
67 // sign jar
68 OutputAnalyzer analyzer = jarsigner(
69 "-verbose",
70 "-keystore", KEYSTORE,
71 "-storepass", PASSWORD,
72 "-keypass", PASSWORD,
73 "-signedjar", SIGNED_JARFILE,
74 UNSIGNED_JARFILE,
75 KEY_ALIAS);
76
77 checkSigning(analyzer, BAD_KEY_USAGE_SIGNING_WARNING);
78
79 // verify signed jar
80 analyzer = jarsigner(
81 "-verify",
82 "-verbose",
83 "-keystore", KEYSTORE,
84 "-storepass", PASSWORD,
85 "-keypass", PASSWORD,
86 SIGNED_JARFILE);
87
88 checkVerifying(analyzer, 0, BAD_KEY_USAGE_VERIFYING_WARNING);
89
90 // verify signed jar in strict mode
91 analyzer = jarsigner(
92 "-verify",
93 "-verbose",
94 "-strict",
95 "-keystore", KEYSTORE,
96 "-storepass", PASSWORD,
97 "-keypass", PASSWORD,
98 SIGNED_JARFILE);
99
100 checkVerifying(analyzer, BAD_KEY_USAGE_EXIT_CODE,
101 BAD_KEY_USAGE_VERIFYING_WARNING);
102
103 System.out.println("Test passed");
104 }
105
106 }