aboutsummaryrefslogtreecommitdiffstats
path: root/tests/netx/unit/net
diff options
context:
space:
mode:
authorDanesh Dadachanji <[email protected]>2012-10-22 11:02:38 -0400
committerDanesh Dadachanji <[email protected]>2012-10-22 11:02:38 -0400
commite150560769232e18fa516609933649dab002f358 (patch)
tree661e1b4d3c9d101447bc952e541e8f054c1d96be /tests/netx/unit/net
parent229e52bca7c9298d3a0889fe1bc6f9107b32639a (diff)
Major rework of JarCertVerifier certificate management.
This is a long-planned rework of JarCertVerifier, allowing it to handle multiple certificates. The algorithms used to verify jars with multiple certificates vary between JNLPs and Applets.
Diffstat (limited to 'tests/netx/unit/net')
-rw-r--r--tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java470
1 files changed, 468 insertions, 2 deletions
diff --git a/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java b/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
index 300b85b..88054ab 100644
--- a/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
+++ b/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
@@ -37,18 +37,484 @@ exception statement from your version.
package net.sourceforge.jnlp.tools;
-import static org.junit.Assert.*;
+import static net.sourceforge.jnlp.runtime.Translator.R;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import java.security.CodeSigner;
+import java.util.Date;
+import java.util.List;
+import java.util.Vector;
+import java.util.jar.JarEntry;
+
+import net.sourceforge.jnlp.JARDesc;
+import net.sourceforge.jnlp.tools.JarCertVerifier.VerifyResult;
+
+import org.junit.Assert;
+import org.junit.BeforeClass;
import org.junit.Test;
public class JarCertVerifierTest {
@Test
public void testIsMetaInfFile() {
- final String METAINF ="META-INF";
+ final String METAINF = "META-INF";
assertFalse(JarCertVerifier.isMetaInfFile("some_dir/" + METAINF + "/filename"));
assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "filename"));
assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));
}
+ class JarCertVerifierEntry extends JarEntry {
+ CodeSigner[] signers;
+
+ public JarCertVerifierEntry(String name, CodeSigner[] codesigners) {
+ super(name);
+ signers = codesigners;
+ }
+
+ public JarCertVerifierEntry(String name) {
+ this(name, null);
+ }
+
+ public CodeSigner[] getCodeSigners() {
+ return signers == null ? null : signers.clone();
+ }
+ }
+
+ // Empty list to be used with JarCertVerifier constructor.
+ private static final List<JARDesc> emptyJARDescList = new Vector<JARDesc>();
+
+ private static final String DNPARTIAL = ", OU=JarCertVerifier Unit Test, O=IcedTea, L=Toronto, ST=Ontario, C=CA";
+ private static CodeSigner alphaSigner, betaSigner, charlieSigner,
+ expiredSigner, expiringSigner, notYetValidSigner, expiringAndNotYetValidSigner;
+
+ @BeforeClass
+ public static void setUp() throws Exception {
+ Date currentDate = new Date();
+ Date pastDate = new Date(currentDate.getTime() - (1000L * 24L * 60L * 60L) - 1000L); // 1 day and 1 second in the past
+ Date futureDate = new Date(currentDate.getTime() + (1000L * 24L * 60L * 60L)); // 1 day in the future
+ alphaSigner = CodeSignerCreator.getOneCodeSigner("CN=Alpha Signer" + DNPARTIAL, currentDate, 365);
+ betaSigner = CodeSignerCreator.getOneCodeSigner("CN=Beta Signer" + DNPARTIAL, currentDate, 365);
+ charlieSigner = CodeSignerCreator.getOneCodeSigner("CN=Charlie Signer" + DNPARTIAL, currentDate, 365);
+ expiredSigner = CodeSignerCreator.getOneCodeSigner("CN=Expired Signer" + DNPARTIAL, pastDate, 1);
+ expiringSigner = CodeSignerCreator.getOneCodeSigner("CN=Expiring Signer" + DNPARTIAL, currentDate, 1);
+ notYetValidSigner = CodeSignerCreator.getOneCodeSigner("CN=Not Yet Valid Signer" + DNPARTIAL, futureDate, 365);
+ expiringAndNotYetValidSigner = CodeSignerCreator.getOneCodeSigner("CN=Expiring and Not Yet Valid Signer" + DNPARTIAL, futureDate, 3);
+ }
+
+ @Test
+ public void testNoManifest() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ VerifyResult result = jcv.verifyJarEntryCerts("", false, null);
+
+ Assert.assertEquals("No manifest should be considered unsigned.",
+ VerifyResult.UNSIGNED, result);
+ Assert.assertEquals("No manifest means no signers in the verifier.",
+ 0, jcv.getCertsList().size());
+ }
+
+ @Test
+ public void testNoSignableEntries() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("OneDirEntry/"));
+ entries.add(new JarCertVerifierEntry("META-INF/MANIFEST.MF"));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("No signable entry (only dirs/manifests) should be considered unsigned.",
+ VerifyResult.UNSIGNED, result);
+ Assert.assertEquals("No signable entry (only dirs/manifests) means no signers in the verifier.",
+ 0, jcv.getCertsList().size());
+ }
+
+ @Test
+ public void testSingleEntryNoSigners() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstEntryWithoutSigner"));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("One unsigned entry should be considered unsigned.",
+ VerifyResult.UNSIGNED, result);
+ Assert.assertEquals("One unsigned entry means no signers in the verifier.",
+ 0, jcv.getCertsList().size());
+ }
+
+ @Test
+ public void testManyEntriesNoSigners() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstEntryWithoutSigner"));
+ entries.add(new JarCertVerifierEntry("secondEntryWithoutSigner"));
+ entries.add(new JarCertVerifierEntry("thirdEntryWithoutSigner"));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("Many unsigned entries should be considered unsigned.",
+ VerifyResult.UNSIGNED, result);
+ Assert.assertEquals("Many unsigned entries means no signers in the verifier.", 0,
+ jcv.getCertsList().size());
+ }
+
+ @Test
+ public void testSingleEntrySingleValidSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] signers = { alphaSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByOne", signers));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("One signed entry should be considered signed and okay.",
+ VerifyResult.SIGNED_OK, result);
+ Assert.assertEquals("One signed entry means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("One signed entry means one signer in the verifier.",
+ jcv.getCertsList().contains(alphaSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testManyEntriesSingleValidSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] signers = { alphaSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByOne", signers));
+ entries.add(new JarCertVerifierEntry("secondSignedByOne", signers));
+ entries.add(new JarCertVerifierEntry("thirdSignedByOne", signers));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("Three entries signed by one signer should be considered signed and okay.",
+ VerifyResult.SIGNED_OK, result);
+ Assert.assertEquals("Three entries signed by one signer means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("Three entries signed by one signer means one signer in the verifier.",
+ jcv.getCertsList().contains(alphaSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testSingleEntryMultipleValidSigners() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] signers = { alphaSigner, betaSigner, charlieSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByThree", signers));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("One entry signed by three signers should be considered signed and okay.",
+ VerifyResult.SIGNED_OK, result);
+ Assert.assertEquals("One entry signed by three means three signers in the verifier.",
+ 3, jcv.getCertsList().size());
+ Assert.assertTrue("One entry signed by three means three signers in the verifier.",
+ jcv.getCertsList().contains(alphaSigner.getSignerCertPath())
+ && jcv.getCertsList().contains(betaSigner.getSignerCertPath())
+ && jcv.getCertsList().contains(charlieSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testManyEntriesMultipleValidSigners() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] signers = { alphaSigner, betaSigner, charlieSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByThree", signers));
+ entries.add(new JarCertVerifierEntry("secondSignedByThree", signers));
+ entries.add(new JarCertVerifierEntry("thirdSignedByThree", signers));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("Three entries signed by three signers should be considered signed and okay.",
+ VerifyResult.SIGNED_OK, result);
+ Assert.assertEquals("Three entries signed by three means three signers in the verifier.",
+ 3, jcv.getCertsList().size());
+ Assert.assertTrue("Three entries signed by three means three signers in the verifier.",
+ jcv.getCertsList().contains(alphaSigner.getSignerCertPath())
+ && jcv.getCertsList().contains(betaSigner.getSignerCertPath())
+ && jcv.getCertsList().contains(charlieSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testOneCommonSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] alphaSigners = { alphaSigner };
+ CodeSigner[] betaSigners = { alphaSigner, betaSigner };
+ CodeSigner[] charlieSigners = { alphaSigner, charlieSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByOne", alphaSigners));
+ entries.add(new JarCertVerifierEntry("secondSignedByTwo", betaSigners));
+ entries.add(new JarCertVerifierEntry("thirdSignedByTwo", charlieSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("Three entries signed by at least one common signer should be considered signed and okay.",
+ VerifyResult.SIGNED_OK, result);
+ Assert.assertEquals("Three entries signed completely by only one signer means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("Three entries signed completely by only one signer means one signer in the verifier.",
+ jcv.getCertsList().contains(alphaSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testNoCommonSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] alphaSigners = { alphaSigner };
+ CodeSigner[] betaSigners = { betaSigner };
+ CodeSigner[] charlieSigners = { charlieSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByAlpha", alphaSigners));
+ entries.add(new JarCertVerifierEntry("secondSignedByBeta", betaSigners));
+ entries.add(new JarCertVerifierEntry("thirdSignedByCharlie", charlieSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("Three entries signed by no common signers should be considered unsigned.",
+ VerifyResult.UNSIGNED, result);
+ Assert.assertEquals("Three entries signed by no common signers means no signers in the verifier.",
+ 0, jcv.getCertsList().size());
+ }
+
+ @Test
+ public void testFewButNotAllCommonSigners() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] alphaSigners = { alphaSigner };
+ CodeSigner[] betaSigners = { betaSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByAlpha", alphaSigners));
+ entries.add(new JarCertVerifierEntry("secondSignedByAlpha", alphaSigners));
+ entries.add(new JarCertVerifierEntry("thirdSignedByBeta", betaSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("First two entries signed by alpha signer, third entry signed by beta signer should be considered unisgned.",
+ VerifyResult.UNSIGNED, result);
+ Assert.assertEquals("Three entries signed by some common signers but not all means no signers in the verifier.",
+ 0, jcv.getCertsList().size());
+ }
+
+ @Test
+ public void testNotAllEntriesSigned() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] alphaSigners = { alphaSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByAlpha", alphaSigners));
+ entries.add(new JarCertVerifierEntry("secondSignedByAlpha", alphaSigners));
+ entries.add(new JarCertVerifierEntry("thirdUnsigned"));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("First two entries signed by alpha signer, third entry not signed, should be considered unisgned.",
+ VerifyResult.UNSIGNED, result);
+ Assert.assertEquals("First two entries signed by alpha signer, third entry not signed, means no signers in the verifier.",
+ 0, jcv.getCertsList().size());
+ }
+
+ @Test
+ public void testSingleEntryExpiredSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] expiredSigners = { expiredSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByExpired", expiredSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("One entry signed by expired cert, should be considered signed but not okay.",
+ VerifyResult.SIGNED_NOT_OK, result);
+ Assert.assertEquals("One entry signed by expired cert means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("One entry signed by expired cert means one signer in the verifier.",
+ jcv.getCertsList().contains(expiredSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testManyEntriesExpiredSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] expiredSigners = { expiredSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByExpired", expiredSigners));
+ entries.add(new JarCertVerifierEntry("secondSignedBExpired", expiredSigners));
+ entries.add(new JarCertVerifierEntry("thirdSignedByExpired", expiredSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("Three entries signed by expired cert, should be considered signed but not okay.",
+ VerifyResult.SIGNED_NOT_OK, result);
+ Assert.assertEquals("Three entries signed by expired cert means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("Three entries signed by expired cert means one signer in the verifier.",
+ jcv.getCertsList().contains(expiredSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testSingleEntryExpiringSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] expiringSigners = { expiringSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByExpiring", expiringSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("One entry signed by expiring cert, should be considered signed and okay.",
+ VerifyResult.SIGNED_OK, result);
+ Assert.assertEquals("One entry signed by expiring cert means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("One entry signed by expiring cert means one signer in the verifier.",
+ jcv.getCertsList().contains(expiringSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testManyEntriesExpiringSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] expiringSigners = { expiringSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByExpiring", expiringSigners));
+ entries.add(new JarCertVerifierEntry("secondSignedBExpiring", expiringSigners));
+ entries.add(new JarCertVerifierEntry("thirdSignedByExpiring", expiringSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("Three entries signed by expiring cert, should be considered signed and okay.",
+ VerifyResult.SIGNED_OK, result);
+ Assert.assertEquals("Three entries signed by expiring cert means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("Three entries signed by expiring cert means one signer in the verifier.",
+ jcv.getCertsList().contains(expiringSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testSingleEntryNotYetValidSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] notYetValidSigners = { notYetValidSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByNotYetValid", notYetValidSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("One entry signed by cert that is not yet valid, should be considered signed but not okay.",
+ VerifyResult.SIGNED_NOT_OK, result);
+ Assert.assertEquals("One entry signed by cert that is not yet valid means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("One entry signed by cert that is not yet valid means one signer in the verifier.",
+ jcv.getCertsList().contains(notYetValidSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testManyEntriesNotYetValidSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] notYetValidSigners = { notYetValidSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByNotYetValid", notYetValidSigners));
+ entries.add(new JarCertVerifierEntry("secondSignedByNotYetValid", notYetValidSigners));
+ entries.add(new JarCertVerifierEntry("thirdSignedByNotYetValid", notYetValidSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("Three entries signed by cert that is not yet valid, should be considered signed but not okay.",
+ VerifyResult.SIGNED_NOT_OK, result);
+ Assert.assertEquals("Three entries signed by cert that is not yet valid means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("Three entries signed by cert that is not yet valid means one signer in the verifier.",
+ jcv.getCertsList().contains(notYetValidSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testSingleEntryExpiringAndNotYetValidSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] expiringAndNotYetValidSigners = { expiringAndNotYetValidSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByExpiringNotYetValid", expiringAndNotYetValidSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("One entry signed by cert that is not yet valid but also expiring, should be considered signed but not okay.",
+ VerifyResult.SIGNED_NOT_OK, result);
+ Assert.assertEquals("One entry signed by cert that is not yet valid but also expiring means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("One entry signed by cert that is not yet valid but also expiring means one signer in the verifier.",
+ jcv.getCertsList().contains(expiringAndNotYetValidSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testManyEntryExpiringAndNotYetValidSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+
+ CodeSigner[] expiringAndNotYetValidSigners = { expiringAndNotYetValidSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByExpiringNotYetValid", expiringAndNotYetValidSigners));
+ entries.add(new JarCertVerifierEntry("secondSignedByExpiringNotYetValid", expiringAndNotYetValidSigners));
+ entries.add(new JarCertVerifierEntry("thirdSignedByExpiringNotYetValid", expiringAndNotYetValidSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("Three entries signed by cert that is not yet valid but also expiring, should be considered signed but not okay.",
+ VerifyResult.SIGNED_NOT_OK, result);
+ Assert.assertEquals("Three entries signed by cert that is not yet valid but also expiring means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("Three entries signed by cert that is not yet valid but also expiring means one signer in the verifier.",
+ jcv.getCertsList().contains(expiringAndNotYetValidSigner.getSignerCertPath()));
+ Assert.assertTrue("Three entries signed by cert that is not yet valid but also expiring means expiring issue should be in details list.",
+ jcv.getDetails(expiringAndNotYetValidSigner.getSignerCertPath()).contains(R("SHasExpiringCert")));
+ }
+
+ @Test
+ public void testSingleEntryOneExpiredOneValidSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] oneExpiredOneValidSigner = { expiredSigner, alphaSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByTwo", oneExpiredOneValidSigner));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("One entry signed by one expired cert and another valid cert, should be considered signed and okay.",
+ VerifyResult.SIGNED_OK, result);
+ Assert.assertEquals("One entry signed by one expired cert and another valid cert means two signers in the verifier.",
+ 2, jcv.getCertsList().size());
+ Assert.assertTrue("One entry signed by one expired cert and another valid cert means two signers in the verifier.",
+ jcv.getCertsList().contains(expiredSigner.getSignerCertPath())
+ && jcv.getCertsList().contains(alphaSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testManyEntriesOneExpiredOneValidSigner() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] oneExpiredOneValidSigner = { expiredSigner, alphaSigner };
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByTwo", oneExpiredOneValidSigner));
+ entries.add(new JarCertVerifierEntry("secondSignedByTwo", oneExpiredOneValidSigner));
+ entries.add(new JarCertVerifierEntry("thirdSignedByTwo", oneExpiredOneValidSigner));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("Three entries signed by one expired cert and another valid cert, should be considered signed and okay.",
+ VerifyResult.SIGNED_OK, result);
+ Assert.assertEquals("Three entries signed by one expired cert and another valid cert means two signers in the verifier.",
+ 2, jcv.getCertsList().size());
+ Assert.assertTrue("Three entries signed by one expired cert and another valid cert means two signers in the verifier.",
+ jcv.getCertsList().contains(expiredSigner.getSignerCertPath())
+ && jcv.getCertsList().contains(alphaSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testSomeExpiredEntries() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] oneExpiredOneValidSigners = { expiredSigner, alphaSigner };
+ CodeSigner[] expiredSigners = { expiredSigner };
+
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("firstSignedByTwo", oneExpiredOneValidSigners));
+ entries.add(new JarCertVerifierEntry("secondSignedByTwo", oneExpiredOneValidSigners));
+ entries.add(new JarCertVerifierEntry("thirdSignedByExpired", expiredSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("Two entries signed by one expired and one valid cert, third signed by just expired cert, should be considered signed but not okay.",
+ VerifyResult.SIGNED_NOT_OK, result);
+ Assert.assertEquals("Two entries signed by one expired and one valid cert, third signed by just expired cert means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("Two entries signed by one expired and one valid cert, third signed by just expired cert means one signer in the verifier.",
+ jcv.getCertsList().contains(expiredSigner.getSignerCertPath()));
+ }
+
+ @Test
+ public void testManyInvalidOneValidStillSignedOkay() throws Exception {
+ JarCertVerifier jcv = new JarCertVerifier(null);
+ CodeSigner[] oneExpiredOneValidSigners = { alphaSigner, expiredSigner };
+ CodeSigner[] oneNotYetValidOneValidSigners = { alphaSigner, notYetValidSigner };
+ CodeSigner[] oneExpiringSigners = { alphaSigner, expiringSigner };
+
+ Vector<JarEntry> entries = new Vector<JarEntry>();
+ entries.add(new JarCertVerifierEntry("META-INF/MANIFEST.MF"));
+ entries.add(new JarCertVerifierEntry("firstSigned", oneExpiredOneValidSigners));
+ entries.add(new JarCertVerifierEntry("secondSigned", oneNotYetValidOneValidSigners));
+ entries.add(new JarCertVerifierEntry("thirdSigned", oneExpiringSigners));
+ entries.add(new JarCertVerifierEntry("oneDir/"));
+ entries.add(new JarCertVerifierEntry("oneDir/fourthSigned", oneExpiredOneValidSigners));
+ VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
+
+ Assert.assertEquals("Three entries sharing valid cert and others with issues, should be considered signed and okay.",
+ VerifyResult.SIGNED_OK, result);
+ Assert.assertEquals("Three entries sharing valid cert and others with issues means one signer in the verifier.",
+ 1, jcv.getCertsList().size());
+ Assert.assertTrue("Three entries sharing valid cert and others with issues means one signer in the verifier.",
+ jcv.getCertsList().contains(alphaSigner.getSignerCertPath()));
+ }
+
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-13 10:07:21 +0000