am a317f758: am ced71a50: am 99a25a47: am 5321ebb7: am 6d949cbf: am 951aa4f4: am 531968cf: am cb11b9ff: Tests for API to check certificate chain signatures

* commit 'a317f7585cc09844f8746afe49eb55a5b18d9ee7':
  Tests for API to check certificate chain signatures

3 files changed, 58 insertions, 0 deletions

diff --git a/luni/src/test/java/org/apache/harmony/archive/tests/java/util/jar/JarFileTest.java b/luni/src/test/java/org/apache/harmony/archive/tests/java/util/jar/JarFileTest.java
index 3944afd..f6dec65 100644
--- a/luni/src/test/java/org/apache/harmony/archive/tests/java/util/jar/JarFileTest.java
+++ b/luni/src/test/java/org/apache/harmony/archive/tests/java/util/jar/JarFileTest.java
@@ -30,6 +30,7 @@ import java.io.InputStream;
 import java.net.URL;
 import java.security.Permission;
 import java.security.cert.Certificate;
+import java.util.Arrays;
 import java.util.Enumeration;
 import java.util.Vector;
 import java.util.jar.Attributes;
@@ -93,6 +94,10 @@ public class JarFileTest extends TestCase {
 
     private final String emptyEntry3 = "svgunit.js";
 
+    private static final String VALID_CHAIN_JAR = "hyts_signed_validChain.jar";
+
+    private static final String INVALID_CHAIN_JAR = "hyts_signed_invalidChain.jar";
+
     private File resources;
 
     // custom security manager
@@ -631,6 +636,59 @@ public class JarFileTest extends TestCase {
                         + jarName + "\"", foundCerts);
     }
 
+    private Certificate[] getSignedJarCerts(String jarName, boolean chainCheck) throws Exception {
+        Support_Resources.copyFile(resources, null, jarName);
+
+        File file = new File(resources, jarName);
+        Certificate[] foundCerts = null;
+
+        JarFile jarFile = new JarFile(file, true, ZipFile.OPEN_READ, chainCheck);
+        try {
+
+            Enumeration<JarEntry> e = jarFile.entries();
+            while (e.hasMoreElements()) {
+                JarEntry entry = e.nextElement();
+                InputStream is = jarFile.getInputStream(entry);
+                // Skip bytes because we have to read the entire file for it to read signatures.
+                is.skip(entry.getSize());
+                is.close();
+                Certificate[] certs = entry.getCertificates();
+                if (certs != null && certs.length > 0) {
+                    foundCerts = certs;
+                    break;
+                }
+            }
+        } finally {
+            jarFile.close();
+        }
+
+        return foundCerts;
+    }
+
+    public void testJarFile_Signed_ValidChain_NoCheck() throws Exception {
+        Certificate[] certs = getSignedJarCerts(VALID_CHAIN_JAR, false);
+        assertNotNull(certs);
+        assertEquals(Arrays.deepToString(certs), 2, certs.length);
+    }
+
+    public void testJarFile_Signed_ValidChain_Check() throws Exception {
+        Certificate[] certs = getSignedJarCerts(VALID_CHAIN_JAR, true);
+        assertNotNull(certs);
+        assertEquals(Arrays.deepToString(certs), 2, certs.length);
+    }
+
+    public void testJarFile_Signed_InvalidChain_NoCheck() throws Exception {
+        Certificate[] certs = getSignedJarCerts(INVALID_CHAIN_JAR, false);
+        assertNotNull(certs);
+        assertEquals(Arrays.deepToString(certs), 2, certs.length);
+    }
+
+    public void testJarFile_Signed_InvalidChain_Check() throws Exception {
+        Certificate[] certs = getSignedJarCerts(INVALID_CHAIN_JAR, true);
+        assertNotNull(certs);
+        assertEquals(Arrays.deepToString(certs), 1, certs.length);
+    }
+
     /*
      * The jar created by 1.4 which does not provide a
      * algorithm-Digest-Manifest-Main-Attributes entry in .SF file.
diff --git a/support/src/test/java/tests/resources/hyts_signed_invalidChain.jar b/support/src/test/java/tests/resources/hyts_signed_invalidChain.jar
new file mode 100644
index 0000000..2472dae
--- /dev/null
+++ b/support/src/test/java/tests/resources/hyts_signed_invalidChain.jar
diff --git a/support/src/test/java/tests/resources/hyts_signed_validChain.jar b/support/src/test/java/tests/resources/hyts_signed_validChain.jar
new file mode 100644
index 0000000..67f3e87
--- /dev/null
+++ b/support/src/test/java/tests/resources/hyts_signed_validChain.jar