diff options
author | Sven Gothel <[email protected]> | 2019-04-03 06:04:52 +0200 |
---|---|---|
committer | Sven Gothel <[email protected]> | 2019-04-03 06:04:52 +0200 |
commit | 00ad70b3bd7f8859c710039857aa7da17a29b3d7 (patch) | |
tree | 6f3652dff1a1db7272b4f3e83ec98eeecf86ad87 /src/junit/com | |
parent | 1157b913a068167062c853b4b525954b223a5509 (diff) |
Bug 1369: Source Certification Contract (SCC): Initial SHA256 fingerprint & runtime validation
This change implements a strong SHA256 signature over:
1) source tree inclusive make recipe (SHA256-Source)
2) all class files (SHA256-Classes)
3) all native libraries (SHA256-Natives)
4) the class files as deployed in the jar (SHA256-Classes-this)
5) the native libraries as deployed in the jar (SHA256-Natives-this)
and drops all of these in the deployed Jar file.
This allows SHA256 validation of (4) + (5) at runtime
and further complete validation (1), (2) and (3) offline.
Full SCC would now required (1) - (3) to be placed on a server for further validation.
Optionally we may use GPG <https://gnupg.org/> or PGP to validate the build entity to implement the chain of trust <https://en.wikipedia.org/wiki/Chain_of_trust>
The SHA256 runtime validation is tested via: com.jogamp.common.util.TestVersionInfo
Diffstat (limited to 'src/junit/com')
-rw-r--r-- | src/junit/com/jogamp/common/util/TestVersionInfo.java | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/src/junit/com/jogamp/common/util/TestVersionInfo.java b/src/junit/com/jogamp/common/util/TestVersionInfo.java index 2a9dfa1..de0d8d6 100644 --- a/src/junit/com/jogamp/common/util/TestVersionInfo.java +++ b/src/junit/com/jogamp/common/util/TestVersionInfo.java @@ -29,19 +29,24 @@ package com.jogamp.common.util; import java.io.IOException; +import java.net.URISyntaxException; +import java.security.NoSuchAlgorithmException; import org.junit.Test; import com.jogamp.common.GlueGenVersion; import com.jogamp.junit.util.SingletonJunitCase; +import org.junit.Assert; import org.junit.FixMethodOrder; import org.junit.runners.MethodSorters; @FixMethodOrder(MethodSorters.NAME_ASCENDING) public class TestVersionInfo extends SingletonJunitCase { + static boolean VERBOSE = false; @Test - public void testInfo01() { + public void test01Info() { + System.err.println(VersionUtil.getPlatformInfo()); System.err.println("Version Info:"); System.err.println(GlueGenVersion.getInstance()); System.err.println(""); @@ -49,8 +54,23 @@ public class TestVersionInfo extends SingletonJunitCase { System.err.println(GlueGenVersion.getInstance().getFullManifestInfo(null)); } + @Test + public void test02ValidateSHA256() + throws IllegalArgumentException, IOException, URISyntaxException, SecurityException, NoSuchAlgorithmException + { + final GlueGenVersion info = GlueGenVersion.getInstance(); + final String sha256ClassesThis = info.getImplementationSHA256ClassesThis(); + System.err.println("SHA256 CLASSES.this (build-time): "+sha256ClassesThis); + + final GlueGenVersion.GluGenRTJarSHASum shaSum = new GlueGenVersion.GluGenRTJarSHASum(); + final byte[] shasum = shaSum.compute(VERBOSE); + final String sha256Classes = SHASum.toHexString(shasum, null).toString(); + System.err.println("SHA256 CLASSES.this (now): "+sha256Classes); + Assert.assertEquals("SHA256 not equal", sha256ClassesThis, sha256Classes); + } public static void main(final String args[]) throws IOException { + // VERBOSE = true; final String tstname = TestVersionInfo.class.getName(); org.junit.runner.JUnitCore.main(tstname); } |