summaryrefslogtreecommitdiffstats
path: root/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java')
-rw-r--r--harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java167
1 files changed, 149 insertions, 18 deletions
diff --git a/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java b/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java
index d5d8191..0bc8920 100644
--- a/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java
+++ b/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java
@@ -24,12 +24,27 @@ import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.CodeSigner;
+import java.security.InvalidKeyException;
+import java.security.InvalidParameterException;
import java.security.Permission;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.SignatureException;
+import java.security.SignatureSpi;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
+import java.util.List;
import java.util.Vector;
+import java.util.concurrent.Callable;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.Future;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
@@ -89,6 +104,27 @@ public class JarFileTest extends TestCase {
private final String emptyEntryJar = "EmptyEntries_signed.jar";
+ /*
+ * /usr/bin/openssl genrsa 2048 > root1.pem
+ * /usr/bin/openssl req -new -key root1.pem -out root1.csr -subj '/CN=root1'
+ * /usr/bin/openssl x509 -req -days 3650 -in root1.csr -signkey root1.pem -out root1.crt
+ * /usr/bin/openssl genrsa 2048 > root2.pem
+ * /usr/bin/openssl req -new -key root2.pem -out root2.csr -subj '/CN=root2'
+ * echo 4000 > root1.srl
+ * echo 8000 > root2.srl
+ * /usr/bin/openssl x509 -req -days 3650 -in root2.csr -CA root1.crt -CAkey root1.pem -out root2.crt
+ * /usr/bin/openssl x509 -req -days 3650 -in root1.csr -CA root2.crt -CAkey root2.pem -out root1.crt
+ * /usr/bin/openssl genrsa 2048 > signer.pem
+ * /usr/bin/openssl req -new -key signer.pem -out signer.csr -subj '/CN=signer'
+ * /usr/bin/openssl x509 -req -days 3650 -in signer.csr -CA root1.crt -CAkey root1.pem -out signer.crt
+ * /usr/bin/openssl pkcs12 -inkey signer.pem -in signer.crt -export -out signer.p12 -name signer -passout pass:certloop
+ * keytool -importkeystore -srckeystore signer.p12 -srcstoretype PKCS12 -destkeystore signer.jks -srcstorepass certloop -deststorepass certloop
+ * cat signer.crt root1.crt root2.crt > chain.crt
+ * zip -d hyts_certLoop.jar 'META-INF/*'
+ * jarsigner -keystore signer.jks -certchain chain.crt -storepass certloop hyts_certLoop.jar signer
+ */
+ private final String certLoopJar = "hyts_certLoop.jar";
+
private final String emptyEntry1 = "subfolder/internalSubset01.js";
private final String emptyEntry2 = "svgtest.js";
@@ -608,6 +644,9 @@ public class JarFileTest extends TestCase {
// JAR with a signature that has PKCS#7 Authenticated Attributes
checkSignedJar(authAttrsJar);
+
+ // JAR with certificates that loop
+ checkSignedJar(certLoopJar, 3);
}
/**
@@ -620,29 +659,52 @@ public class JarFileTest extends TestCase {
checkSignedJar(jarName9);
}
+ /**
+ * Checks that a JAR is signed correctly with a signature length of 1.
+ */
private void checkSignedJar(String jarName) throws Exception {
- Support_Resources.copyFile(resources, null, jarName);
-
- File file = new File(resources, jarName);
- boolean foundCerts = false;
+ checkSignedJar(jarName, 1);
+ }
- JarFile jarFile = new JarFile(file, true);
- try {
+ /**
+ * Checks that a JAR is signed correctly with a signature length of sigLength.
+ */
+ private void checkSignedJar(String jarName, final int sigLength) throws Exception {
+ Support_Resources.copyFile(resources, null, jarName);
- Enumeration<JarEntry> e = jarFile.entries();
- while (e.hasMoreElements()) {
- JarEntry entry = e.nextElement();
- InputStream is = jarFile.getInputStream(entry);
- is.skip(100000);
- is.close();
- Certificate[] certs = entry.getCertificates();
- if (certs != null && certs.length > 0) {
- foundCerts = true;
- break;
+ final File file = new File(resources, jarName);
+
+ ExecutorService executor = Executors.newSingleThreadExecutor();
+ Future<Boolean> future = executor.submit(new Callable<Boolean>() {
+ @Override
+ public Boolean call() throws Exception {
+ JarFile jarFile = new JarFile(file, true);
+ try {
+ Enumeration<JarEntry> e = jarFile.entries();
+ while (e.hasMoreElements()) {
+ JarEntry entry = e.nextElement();
+ InputStream is = jarFile.getInputStream(entry);
+ is.skip(100000);
+ is.close();
+ Certificate[] certs = entry.getCertificates();
+ if (certs != null && certs.length > 0) {
+ assertEquals(sigLength, certs.length);
+ return true;
+ }
+ }
+ return false;
+ } finally {
+ jarFile.close();
}
}
- } finally {
- jarFile.close();
+ });
+ executor.shutdown();
+ final boolean foundCerts;
+ try {
+ foundCerts = future.get(10, TimeUnit.SECONDS);
+ } catch (TimeoutException e) {
+ fail("Could not finish building chain; possibly confused by loops");
+ return; // Not actually reached.
}
assertTrue(
@@ -1014,4 +1076,73 @@ public class JarFileTest extends TestCase {
res = jarFile.getInputStream(zipEntry).read();
assertEquals("Wrong length of empty jar entry", -1, res);
}
+
+ public void testJarFile_BadSignatureProvider_Success() throws Exception {
+ Security.insertProviderAt(new JarFileBadProvider(), 1);
+ try {
+ // Needs a JAR with "RSA" as digest encryption algorithm
+ checkSignedJar(jarName6);
+ } finally {
+ Security.removeProvider(JarFileBadProvider.NAME);
+ }
+ }
+
+ public static class JarFileBadProvider extends Provider {
+ public static final String NAME = "JarFileBadProvider";
+
+ public JarFileBadProvider() {
+ super(NAME, 1.0, "Bad provider for JarFileTest");
+
+ put("Signature.RSA", NotReallyASignature.class.getName());
+ }
+
+ /**
+ * This should never be instantiated, so everything throws an exception.
+ */
+ public static class NotReallyASignature extends SignatureSpi {
+ @Override
+ protected void engineInitVerify(PublicKey publicKey) throws InvalidKeyException {
+ fail("Should not call this provider");
+ }
+
+ @Override
+ protected void engineInitSign(PrivateKey privateKey) throws InvalidKeyException {
+ fail("Should not call this provider");
+ }
+
+ @Override
+ protected void engineUpdate(byte b) throws SignatureException {
+ fail("Should not call this provider");
+ }
+
+ @Override
+ protected void engineUpdate(byte[] b, int off, int len) throws SignatureException {
+ fail("Should not call this provider");
+ }
+
+ @Override
+ protected byte[] engineSign() throws SignatureException {
+ fail("Should not call this provider");
+ return null;
+ }
+
+ @Override
+ protected boolean engineVerify(byte[] sigBytes) throws SignatureException {
+ fail("Should not call this provider");
+ return false;
+ }
+
+ @Override
+ protected void engineSetParameter(String param, Object value)
+ throws InvalidParameterException {
+ fail("Should not call this provider");
+ }
+
+ @Override
+ protected Object engineGetParameter(String param) throws InvalidParameterException {
+ fail("Should not call this provider");
+ return null;
+ }
+ }
+ }
}
generated by cgit v1.1 at 2024-06-06 12:06:56 +0000