8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /**
25 * @test
26 * @bug 8031572
27 * @summary jarsigner -verify exits with 0 when a jar file is not properly signed
28 */
29
30 import java.io.FileInputStream;
31 import java.io.FileOutputStream;
32 import java.nio.file.Files;
33 import java.nio.file.Paths;
34 import java.security.cert.Certificate;
35 import java.util.*;
36 import java.util.jar.JarEntry;
37 import java.util.jar.JarFile;
38 import java.util.jar.JarInputStream;
39 import java.util.zip.ZipEntry;
40 import java.util.zip.ZipOutputStream;
41
42 public class EntriesOrder {
43
44 public static void main(String[] args) throws Exception {
45
46 String[] entries = {
47 "META-INF/",
48 "META-INF/MANIFEST.MF",
49 "META-INF/A.RSA",
50 "META-INF/A.SF",
51 "META-INF/inf",
52 "a"};
53
54 Map<String,byte[]> content = new HashMap<>();
55
56 // We will create a jar containing entries above. Try all permutations
57 // and confirm 1) When opened as a JarFile, we can always get 3 signed
58 // ones (MANIFEST, inf, a), and 2) When opened as a JarInputStream,
59 // when the order is correct (MANIFEST at beginning, followed by RSA/SF,
60 // directory ignored), we can get 2 signed ones (inf, a).
61
89
90 // Test
91 for (List<String> perm: Permute(entries)) {
92
93 // Recreate a jar
94 try (ZipOutputStream zos
95 = new ZipOutputStream(new FileOutputStream("x.jar"))) {
96 for (String e: perm) {
97 zos.putNextEntry(new ZipEntry(e));
98 if (Paths.get(e).toFile().isDirectory()) continue;
99 zos.write(content.get(e));
100 }
101 }
102
103 // Open with JarFile, number of signed entries should be 3.
104 int cc = 0;
105 try (JarFile jf = new JarFile("x.jar")) {
106 Enumeration<JarEntry> jes = jf.entries();
107 while (jes.hasMoreElements()) {
108 JarEntry je = jes.nextElement();
109 sun.misc.IOUtils.readFully(jf.getInputStream(je), -1, true);
110 Certificate[] certs = je.getCertificates();
111 if (certs != null && certs.length > 0) {
112 cc++;
113 }
114 }
115 }
116
117 if (cc != 3) {
118 System.out.println(perm + " - jf - " + cc);
119 throw new Exception();
120 }
121
122 // Open with JarInputStream
123 int signed;
124
125 perm.remove("META-INF/");
126 if (perm.get(0).equals("META-INF/MANIFEST.MF") &&
127 perm.get(1).contains("/A.") &&
128 perm.get(2).contains("/A.")) {
129 signed = 2; // Good order
130 } else {
131 signed = 0; // Bad order. In this case, the number of signed
132 // entries is not documented. Just test impl.
133 }
134
135 cc = 0;
136 try (JarInputStream jis
137 = new JarInputStream(new FileInputStream("x.jar"))) {
138 while (true) {
139 JarEntry je = jis.getNextJarEntry();
140 if (je == null) break;
141 sun.misc.IOUtils.readFully(jis, -1, true);
142 Certificate[] certs = je.getCertificates();
143 if (certs != null && certs.length > 0) {
144 cc++;
145 }
146 }
147 }
148
149 if (cc != signed) {
150 System.out.println(perm + " - jis - " + cc + " " + signed);
151 throw new Exception();
152 }
153 }
154 }
155
156 // Helper method to return all permutations of an array. Each output can
157 // be altered without damaging the iteration process.
158 static Iterable<List<String>> Permute(String[] entries) {
159 return new Iterable<List<String>>() {
160
161 int s = entries.length;
|
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /**
25 * @test
26 * @bug 8031572
27 * @summary jarsigner -verify exits with 0 when a jar file is not properly signed
28 * @library /lib/testlibrary
29 * @build jdk.testlibrary.IOUtils
30 * @run main EntriesOrder
31 */
32
33 import java.io.FileInputStream;
34 import java.io.FileOutputStream;
35 import java.nio.file.Files;
36 import java.nio.file.Paths;
37 import java.security.cert.Certificate;
38 import java.util.*;
39 import java.util.jar.JarEntry;
40 import java.util.jar.JarFile;
41 import java.util.jar.JarInputStream;
42 import java.util.zip.ZipEntry;
43 import java.util.zip.ZipOutputStream;
44
45 import jdk.testlibrary.IOUtils;
46
47 public class EntriesOrder {
48
49 public static void main(String[] args) throws Exception {
50
51 String[] entries = {
52 "META-INF/",
53 "META-INF/MANIFEST.MF",
54 "META-INF/A.RSA",
55 "META-INF/A.SF",
56 "META-INF/inf",
57 "a"};
58
59 Map<String,byte[]> content = new HashMap<>();
60
61 // We will create a jar containing entries above. Try all permutations
62 // and confirm 1) When opened as a JarFile, we can always get 3 signed
63 // ones (MANIFEST, inf, a), and 2) When opened as a JarInputStream,
64 // when the order is correct (MANIFEST at beginning, followed by RSA/SF,
65 // directory ignored), we can get 2 signed ones (inf, a).
66
94
95 // Test
96 for (List<String> perm: Permute(entries)) {
97
98 // Recreate a jar
99 try (ZipOutputStream zos
100 = new ZipOutputStream(new FileOutputStream("x.jar"))) {
101 for (String e: perm) {
102 zos.putNextEntry(new ZipEntry(e));
103 if (Paths.get(e).toFile().isDirectory()) continue;
104 zos.write(content.get(e));
105 }
106 }
107
108 // Open with JarFile, number of signed entries should be 3.
109 int cc = 0;
110 try (JarFile jf = new JarFile("x.jar")) {
111 Enumeration<JarEntry> jes = jf.entries();
112 while (jes.hasMoreElements()) {
113 JarEntry je = jes.nextElement();
114 IOUtils.readFully(jf.getInputStream(je));
115 Certificate[] certs = je.getCertificates();
116 if (certs != null && certs.length > 0) {
117 cc++;
118 }
119 }
120 }
121
122 if (cc != 3) {
123 System.out.println(perm + " - jf - " + cc);
124 throw new Exception();
125 }
126
127 // Open with JarInputStream
128 int signed;
129
130 perm.remove("META-INF/");
131 if (perm.get(0).equals("META-INF/MANIFEST.MF") &&
132 perm.get(1).contains("/A.") &&
133 perm.get(2).contains("/A.")) {
134 signed = 2; // Good order
135 } else {
136 signed = 0; // Bad order. In this case, the number of signed
137 // entries is not documented. Just test impl.
138 }
139
140 cc = 0;
141 try (JarInputStream jis
142 = new JarInputStream(new FileInputStream("x.jar"))) {
143 while (true) {
144 JarEntry je = jis.getNextJarEntry();
145 if (je == null) break;
146 IOUtils.readFully(jis);
147 Certificate[] certs = je.getCertificates();
148 if (certs != null && certs.length > 0) {
149 cc++;
150 }
151 }
152 }
153
154 if (cc != signed) {
155 System.out.println(perm + " - jis - " + cc + " " + signed);
156 throw new Exception();
157 }
158 }
159 }
160
161 // Helper method to return all permutations of an array. Each output can
162 // be altered without damaging the iteration process.
163 static Iterable<List<String>> Permute(String[] entries) {
164 return new Iterable<List<String>>() {
165
166 int s = entries.length;
|