jar/JarInputStream/ScanSignedJar.java

0N/A/*
4046N/A * Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A/*
0N/A * @test
0N/A * @bug 6284489
0N/A * @summary Confirm that JarEntry.getCertificates identifies signed entries.
0N/A */
0N/A
0N/Aimport java.net.URL;
0N/Aimport java.security.CodeSigner;
0N/Aimport java.security.cert.Certificate;
0N/Aimport java.util.jar.*;
0N/A
0N/A/*
0N/A * Confirm that the signed entries in a JAR file are identified correctly
0N/A * when JarEntry.getCertificates is used to extract the signer's certificates.
0N/A *
0N/A * NOTE: the original problem occurred only when entries were extracted using
0N/A *       the JarInputStream.getNextJarEntry method; it never occurred when
0N/A *       entries were extracted using the JarFile.entries method.
0N/A */
0N/Apublic class ScanSignedJar {
0N/A
0N/A    private static final String JAR_LOCATION =
0N/A        "file:" +
0N/A        System.getProperty("test.src", ".") +
0N/A        System.getProperty("file.separator") +
0N/A        "signed.jar";
0N/A
0N/A    public static void main(String[] args) throws Exception {
0N/A
0N/A        System.out.println("Opening " + JAR_LOCATION + "...");
0N/A        JarInputStream inStream =
0N/A            new JarInputStream(new URL(JAR_LOCATION).openStream(), true);
0N/A        JarEntry entry;
0N/A        byte[] buffer = new byte[1024];
0N/A
0N/A        while ((entry = inStream.getNextJarEntry()) != null) {
0N/A
0N/A            // need to read the entry's data to see the certs.
0N/A            while(inStream.read(buffer) != -1)
0N/A                ;
0N/A
0N/A            String name = entry.getName();
0N/A            long size = entry.getSize();
0N/A            Certificate[] certificates = entry.getCertificates();
0N/A            CodeSigner[] signers = entry.getCodeSigners();
0N/A
0N/A            if (signers == null && certificates == null) {
0N/A                System.out.println("[unsigned]\t" + name + "\t(" + size +
0N/A                    " bytes)");
4046N/A                if (name.equals("Count.class")) {
4046N/A                    throw new Exception("Count.class should be signed");
4046N/A                }
0N/A            } else if (signers != null && certificates != null) {
0N/A                System.out.println("[" + signers.length +
0N/A                    (signers.length == 1 ? " signer" : " signers") + "]\t" +
0N/A                    name + "\t(" + size + " bytes)");
0N/A            } else {
0N/A                System.out.println("[*ERROR*]\t" + name + "\t(" + size +
0N/A                    " bytes)");
0N/A                throw new Exception("Cannot determine whether the entry is " +
0N/A                    "signed or unsigned (signers[] doesn't match certs[]).");
0N/A            }
0N/A        }
0N/A    }
0N/A}