8209935: Test to cover CodeSource.getCodeSigners()

Backport-of: 0cb0ecf4433f1054ba2f0fbdabee01323893e0fe
openjdk · Feb 1, 2023 · 54692ca · 54692ca · openjdk-notifier · Feb 1, 2023
1 parent a6d4402
commit 54692ca
Show file tree

Hide file tree

Showing 3 changed files with 156 additions and 8 deletions.
diff --git a/test/jdk/java/security/CodeSource/CertsMatch.java b/test/jdk/java/security/CodeSource/CertsMatch.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+ /*
+ * @test
+ * @bug 6299163
+ * @summary Test to compare java.security.CodeSource
+ *          Instructions to re-create the used certs file.
+ *          - Generate a self-signed certificate with basicConstraints=CA:TRUE
+ *          - Copy the generated certificate 2 times into a newly created certs file.
+ */
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.net.URL;
+import java.security.CodeSigner;
+import java.security.CodeSource;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.util.ArrayList;
+import java.util.List;
+
+public class CertsMatch {
+
+    public static void main(String[] args) throws Exception {
+
+        File certsFile = new File(System.getProperty("test.src", "."), "certs");
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+        try (FileInputStream fis = new FileInputStream(certsFile);
+                BufferedInputStream bis = new BufferedInputStream(fis)) {
+
+            ArrayList certs1 = new ArrayList();
+            ArrayList certs2 = new ArrayList();
+
+            // read the first cert
+            Certificate cert = cf.generateCertificate(bis);
+            certs1.add(cert);
+            certs2.add(cert);
+
+            // read the second cert
+            cert = cf.generateCertificate(bis);
+            certs2.add(cert);
+
+            URL location = certsFile.toURI().toURL();
+            CodeSource cs0 = new CodeSource(location, (Certificate[]) null);
+            CodeSource cs1 = new CodeSource(location,
+                    (Certificate[]) certs1.toArray(new Certificate[certs1.size()]));
+            CodeSource cs2 = new CodeSource(location,
+                    (Certificate[]) certs2.toArray(new Certificate[certs2.size()]));
+
+            if (!cs0.implies(cs1) || !cs1.implies(cs2)) {
+                throw new Exception("The implies method is not working correctly");
+            }
+            if (cs0.equals(cs1) || cs1.equals(cs0)
+                    || cs2.equals(cs1) || cs1.equals(cs2)) {
+                throw new Exception("The equals method is not working correctly");
+            }
+            if (verifySigner(cs0.getCodeSigners(), null)) {
+                throw new RuntimeException("CodeSource.getCodeSigners() should be null");
+            }
+            if (!((verifySigner(cs1.getCodeSigners(), certs1))
+                    && (verifySigner(cs2.getCodeSigners(), certs2)))) {
+                throw new RuntimeException("Mismatched CodeSigners certificate");
+            }
+        }
+    }
+
+    private static boolean verifySigner(CodeSigner[] css, List certs) {
+        if (css == null || certs == null) {
+            return false;
+        }
+        if (css.length < 1 || certs.size() < 1) {
+            return false;
+        }
+        boolean result = true;
+        for (CodeSigner cs : css) {
+            result &= cs.getSignerCertPath().getCertificates().equals(certs);
+        }
+        return result;
+    }
+}
diff --git a/test/jdk/java/security/CodeSource/Implies.java b/test/jdk/java/security/CodeSource/Implies.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@
 import java.net.URL;
 
 public class Implies {
+
     public static void main(String[] args) throws Exception {
         URL thisURL = new URL("http", "localhost", "file");
         URL thatURL = new URL("http", null, "file");
@@ -51,14 +52,17 @@ public static void main(String[] args) throws Exception {
     }
 
     private static void testImplies(URL thisURL, URL thatURL, boolean result)
-        throws SecurityException
-    {
-        CodeSource thisCs =
-            new CodeSource(thisURL, (java.security.cert.Certificate[]) null);
-        CodeSource thatCs =
-            new CodeSource(thatURL, (java.security.cert.Certificate[]) null);
+            throws SecurityException {
+        CodeSource thisCs
+                = new CodeSource(thisURL, (java.security.cert.Certificate[]) null);
+        CodeSource thatCs
+                = new CodeSource(thatURL, (java.security.cert.Certificate[]) null);
         if (thisCs.implies(thatCs) != result) {
-            throw new SecurityException("test failed");
+            throw new SecurityException("CodeSource.implies() returned "
+                    + !result + " instead of " + result);
+        }
+        if (thisCs.getCodeSigners() != null && thatCs.getCodeSigners() != null) {
+            throw new SecurityException("Both getCodeSigners should be null");
         }
     }
 }
diff --git a/test/jdk/java/security/CodeSource/certs b/test/jdk/java/security/CodeSource/certs
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmugAwIBAgIJALi3XHB1pDxTMA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV
+BAYTAlVTMQ0wCwYDVQQIDAR0ZXN0MQ0wCwYDVQQHDAR0ZXN0MQ0wCwYDVQQKDAR0
+ZXN0MQ0wCwYDVQQLDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MB4XDTIyMDYwODA3Mzkz
+MFoXDTQ3MDYwMjA3MzkzMFowWDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBHRlc3Qx
+DTALBgNVBAcMBHRlc3QxDTALBgNVBAoMBHRlc3QxDTALBgNVBAsMBHRlc3QxDTAL
+BgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUfQUR
+jdnE1KyZKjPoL2np9T9grBJFaApt1oxNOXLzOW19EYUbbmzERKf9bHALfYIRZonj
+wYEywWMLxVuM1YdJAKO2X/X2nvPZLmi9BPVa0aGyG/X19L9FKXEKugzujrq2gko0
+ryDpV1Rrbqpv5G9wXA1+jzPVteFgCX9IoNLEatXVAN8gfnuOCvAM83VMit91+LNs
+uK9Eo9xcPyVt0n7Tl+VtW/nVzlRz/p6xHIB0Uo3Dl//QziMllWng98TCxtcTvOBd
+gl1AlTAwFWGwQRL2xC8iFrJ5vgY4/afth68W0pqsIH5TCJumGVf/0VBYIs+OWdyT
+Wu0Eswjx34gsuvyTAgMBAAGjUDBOMB0GA1UdDgQWBBRmeQRExt2gPyc+b6fB8hL8
++oiT+jAfBgNVHSMEGDAWgBRmeQRExt2gPyc+b6fB8hL8+oiT+jAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCRlgYqBPXnrhHySR0GzTG2eSQ2B6MqLTOX
+nt10kmp92zFJ/AZIoHZGyNC45dRXLX1ZcV8dtAKzbZLo2u07TGxM/q66bHOpXbCn
+FGZqyhanDrkwHWPI58pyDuzRKUQKq+kuwpctDiZpjVBcZIVP/ecZcI0DO7qKWEXc
+JVXgfkqjU0PMCQDpahDuPLQ3otYDUgNAY82c4WETypjTE8GaLCg++JmPy0Yo8kR4
+VBabOgp4FJi+DDo7VNZRuCTZG91pNlKUZNnR/T1VO0KPtbJoRV5XBRcwdCfhtxNW
+lK33pqJx7xAY5Gkg+SdvQOA0d4y6YbCF7eO1QyA5x+dqq+YGHpw7
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAmugAwIBAgIJALi3XHB1pDxTMA0GCSqGSIb3DQEBCwUAMFgxCzAJBgNV
+BAYTAlVTMQ0wCwYDVQQIDAR0ZXN0MQ0wCwYDVQQHDAR0ZXN0MQ0wCwYDVQQKDAR0
+ZXN0MQ0wCwYDVQQLDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MB4XDTIyMDYwODA3Mzkz
+MFoXDTQ3MDYwMjA3MzkzMFowWDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBHRlc3Qx
+DTALBgNVBAcMBHRlc3QxDTALBgNVBAoMBHRlc3QxDTALBgNVBAsMBHRlc3QxDTAL
+BgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUfQUR
+jdnE1KyZKjPoL2np9T9grBJFaApt1oxNOXLzOW19EYUbbmzERKf9bHALfYIRZonj
+wYEywWMLxVuM1YdJAKO2X/X2nvPZLmi9BPVa0aGyG/X19L9FKXEKugzujrq2gko0
+ryDpV1Rrbqpv5G9wXA1+jzPVteFgCX9IoNLEatXVAN8gfnuOCvAM83VMit91+LNs
+uK9Eo9xcPyVt0n7Tl+VtW/nVzlRz/p6xHIB0Uo3Dl//QziMllWng98TCxtcTvOBd
+gl1AlTAwFWGwQRL2xC8iFrJ5vgY4/afth68W0pqsIH5TCJumGVf/0VBYIs+OWdyT
+Wu0Eswjx34gsuvyTAgMBAAGjUDBOMB0GA1UdDgQWBBRmeQRExt2gPyc+b6fB8hL8
++oiT+jAfBgNVHSMEGDAWgBRmeQRExt2gPyc+b6fB8hL8+oiT+jAMBgNVHRMEBTAD
+AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCRlgYqBPXnrhHySR0GzTG2eSQ2B6MqLTOX
+nt10kmp92zFJ/AZIoHZGyNC45dRXLX1ZcV8dtAKzbZLo2u07TGxM/q66bHOpXbCn
+FGZqyhanDrkwHWPI58pyDuzRKUQKq+kuwpctDiZpjVBcZIVP/ecZcI0DO7qKWEXc
+JVXgfkqjU0PMCQDpahDuPLQ3otYDUgNAY82c4WETypjTE8GaLCg++JmPy0Yo8kR4
+VBabOgp4FJi+DDo7VNZRuCTZG91pNlKUZNnR/T1VO0KPtbJoRV5XBRcwdCfhtxNW
+lK33pqJx7xAY5Gkg+SdvQOA0d4y6YbCF7eO1QyA5x+dqq+YGHpw7
+-----END CERTIFICATE-----