am cb11b9ff: Tests for API to check certificate chain signatures
* commit 'cb11b9fff2a1af8bb4fcad18986003a7f59189c6':
Tests for API to check certificate chain signatures
diff --git a/luni/src/test/java/org/apache/harmony/archive/tests/java/util/jar/JarFileTest.java b/luni/src/test/java/org/apache/harmony/archive/tests/java/util/jar/JarFileTest.java
index 226ea66..cd8c172 100644
--- a/luni/src/test/java/org/apache/harmony/archive/tests/java/util/jar/JarFileTest.java
+++ b/luni/src/test/java/org/apache/harmony/archive/tests/java/util/jar/JarFileTest.java
@@ -30,6 +30,7 @@
import java.net.URL;
import java.security.Permission;
import java.security.cert.Certificate;
+import java.util.Arrays;
import java.util.Enumeration;
import java.util.Vector;
import java.util.jar.Attributes;
@@ -85,6 +86,10 @@
private final String emptyEntry3 = "svgunit.js";
+ private static final String VALID_CHAIN_JAR = "hyts_signed_validChain.jar";
+
+ private static final String INVALID_CHAIN_JAR = "hyts_signed_invalidChain.jar";
+
private File resources;
// custom security manager
@@ -584,6 +589,59 @@
}
}
+ private Certificate[] getSignedJarCerts(String jarName, boolean chainCheck) throws Exception {
+ Support_Resources.copyFile(resources, null, jarName);
+
+ File file = new File(resources, jarName);
+ Certificate[] foundCerts = null;
+
+ JarFile jarFile = new JarFile(file, true, ZipFile.OPEN_READ, chainCheck);
+ try {
+
+ Enumeration<JarEntry> e = jarFile.entries();
+ while (e.hasMoreElements()) {
+ JarEntry entry = e.nextElement();
+ InputStream is = jarFile.getInputStream(entry);
+ // Skip bytes because we have to read the entire file for it to read signatures.
+ is.skip(entry.getSize());
+ is.close();
+ Certificate[] certs = entry.getCertificates();
+ if (certs != null && certs.length > 0) {
+ foundCerts = certs;
+ break;
+ }
+ }
+ } finally {
+ jarFile.close();
+ }
+
+ return foundCerts;
+ }
+
+ public void testJarFile_Signed_ValidChain_NoCheck() throws Exception {
+ Certificate[] certs = getSignedJarCerts(VALID_CHAIN_JAR, false);
+ assertNotNull(certs);
+ assertEquals(Arrays.deepToString(certs), 2, certs.length);
+ }
+
+ public void testJarFile_Signed_ValidChain_Check() throws Exception {
+ Certificate[] certs = getSignedJarCerts(VALID_CHAIN_JAR, true);
+ assertNotNull(certs);
+ assertEquals(Arrays.deepToString(certs), 2, certs.length);
+ }
+
+ public void testJarFile_Signed_InvalidChain_NoCheck() throws Exception {
+ Certificate[] certs = getSignedJarCerts(INVALID_CHAIN_JAR, false);
+ assertNotNull(certs);
+ assertEquals(Arrays.deepToString(certs), 2, certs.length);
+ }
+
+ public void testJarFile_Signed_InvalidChain_Check() throws Exception {
+ Certificate[] certs = getSignedJarCerts(INVALID_CHAIN_JAR, true);
+ assertNotNull(certs);
+ assertEquals(Arrays.deepToString(certs), 1, certs.length);
+ }
+
/*
* The jar created by 1.4 which does not provide a
* algorithm-Digest-Manifest-Main-Attributes entry in .SF file.
diff --git a/support/src/test/java/tests/resources/hyts_signed_invalidChain.jar b/support/src/test/java/tests/resources/hyts_signed_invalidChain.jar
new file mode 100644
index 0000000..2472dae
--- /dev/null
+++ b/support/src/test/java/tests/resources/hyts_signed_invalidChain.jar
Binary files differ
diff --git a/support/src/test/java/tests/resources/hyts_signed_validChain.jar b/support/src/test/java/tests/resources/hyts_signed_validChain.jar
new file mode 100644
index 0000000..67f3e87
--- /dev/null
+++ b/support/src/test/java/tests/resources/hyts_signed_validChain.jar
Binary files differ