aboutsummaryrefslogtreecommitdiffstats
path: root/src/junit/com/jogamp/common
diff options
context:
space:
mode:
authorSven Gothel <[email protected]>2019-04-03 06:04:52 +0200
committerSven Gothel <[email protected]>2019-04-03 06:04:52 +0200
commit00ad70b3bd7f8859c710039857aa7da17a29b3d7 (patch)
tree6f3652dff1a1db7272b4f3e83ec98eeecf86ad87 /src/junit/com/jogamp/common
parent1157b913a068167062c853b4b525954b223a5509 (diff)
Bug 1369: Source Certification Contract (SCC): Initial SHA256 fingerprint & runtime validation
This change implements a strong SHA256 signature over: 1) source tree inclusive make recipe (SHA256-Source) 2) all class files (SHA256-Classes) 3) all native libraries (SHA256-Natives) 4) the class files as deployed in the jar (SHA256-Classes-this) 5) the native libraries as deployed in the jar (SHA256-Natives-this) and drops all of these in the deployed Jar file. This allows SHA256 validation of (4) + (5) at runtime and further complete validation (1), (2) and (3) offline. Full SCC would now required (1) - (3) to be placed on a server for further validation. Optionally we may use GPG <https://gnupg.org/> or PGP to validate the build entity to implement the chain of trust <https://en.wikipedia.org/wiki/Chain_of_trust> The SHA256 runtime validation is tested via: com.jogamp.common.util.TestVersionInfo
Diffstat (limited to 'src/junit/com/jogamp/common')
-rw-r--r--src/junit/com/jogamp/common/util/TestVersionInfo.java22
1 files changed, 21 insertions, 1 deletions
diff --git a/src/junit/com/jogamp/common/util/TestVersionInfo.java b/src/junit/com/jogamp/common/util/TestVersionInfo.java
index 2a9dfa1..de0d8d6 100644
--- a/src/junit/com/jogamp/common/util/TestVersionInfo.java
+++ b/src/junit/com/jogamp/common/util/TestVersionInfo.java
@@ -29,19 +29,24 @@
package com.jogamp.common.util;
import java.io.IOException;
+import java.net.URISyntaxException;
+import java.security.NoSuchAlgorithmException;
import org.junit.Test;
import com.jogamp.common.GlueGenVersion;
import com.jogamp.junit.util.SingletonJunitCase;
+import org.junit.Assert;
import org.junit.FixMethodOrder;
import org.junit.runners.MethodSorters;
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
public class TestVersionInfo extends SingletonJunitCase {
+ static boolean VERBOSE = false;
@Test
- public void testInfo01() {
+ public void test01Info() {
+ System.err.println(VersionUtil.getPlatformInfo());
System.err.println("Version Info:");
System.err.println(GlueGenVersion.getInstance());
System.err.println("");
@@ -49,8 +54,23 @@ public class TestVersionInfo extends SingletonJunitCase {
System.err.println(GlueGenVersion.getInstance().getFullManifestInfo(null));
}
+ @Test
+ public void test02ValidateSHA256()
+ throws IllegalArgumentException, IOException, URISyntaxException, SecurityException, NoSuchAlgorithmException
+ {
+ final GlueGenVersion info = GlueGenVersion.getInstance();
+ final String sha256ClassesThis = info.getImplementationSHA256ClassesThis();
+ System.err.println("SHA256 CLASSES.this (build-time): "+sha256ClassesThis);
+
+ final GlueGenVersion.GluGenRTJarSHASum shaSum = new GlueGenVersion.GluGenRTJarSHASum();
+ final byte[] shasum = shaSum.compute(VERBOSE);
+ final String sha256Classes = SHASum.toHexString(shasum, null).toString();
+ System.err.println("SHA256 CLASSES.this (now): "+sha256Classes);
+ Assert.assertEquals("SHA256 not equal", sha256ClassesThis, sha256Classes);
+ }
public static void main(final String args[]) throws IOException {
+ // VERBOSE = true;
final String tstname = TestVersionInfo.class.getName();
org.junit.runner.JUnitCore.main(tstname);
}