You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by eb...@apache.org on 2020/04/20 00:03:39 UTC
[tomcat-jakartaee-migration] 02/02: Test the migration of signed
jar files
This is an automated email from the ASF dual-hosted git repository.
ebourg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat-jakartaee-migration.git
commit f23a64982f793ebe43665466cf780f57979e63d4
Author: Emmanuel Bourg <eb...@apache.org>
AuthorDate: Mon Apr 20 02:02:55 2020 +0200
Test the migration of signed jar files
---
pom.xml | 15 +++++++++++
.../org/apache/tomcat/jakartaee/MigrationTest.java | 29 +++++++++++++++++++++
src/test/resources/keystore.p12 | Bin 0 -> 3848 bytes
3 files changed, 44 insertions(+)
diff --git a/pom.xml b/pom.xml
index b66f833..3ddfc68 100644
--- a/pom.xml
+++ b/pom.xml
@@ -136,6 +136,21 @@
<attribute name="Implementation-Version" value="1.2.3"/>
</manifest>
</jar>
+
+ <parallel>
+ <sequential>
+ <copy file="target/test-classes/hellocgi.jar" tofile="target/test-classes/hellocgi-signed-rsa.jar"/>
+ <signjar jar="target/test-classes/hellocgi-signed-rsa.jar" keystore="src/test/resources/keystore.p12" storepass="apache" alias="rsa"/>
+ </sequential>
+ <sequential>
+ <copy file="target/test-classes/hellocgi.jar" tofile="target/test-classes/hellocgi-signed-dsa.jar"/>
+ <signjar jar="target/test-classes/hellocgi-signed-dsa.jar" keystore="src/test/resources/keystore.p12" storepass="apache" alias="dsa"/>
+ </sequential>
+ <sequential>
+ <copy file="target/test-classes/hellocgi.jar" tofile="target/test-classes/hellocgi-signed-ec.jar"/>
+ <signjar jar="target/test-classes/hellocgi-signed-ec.jar" keystore="src/test/resources/keystore.p12" storepass="apache" alias="ec"/>
+ </sequential>
+ </parallel>
</target>
</configuration>
</execution>
diff --git a/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java b/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java
index 9ba59b0..418b57f 100644
--- a/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java
+++ b/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java
@@ -163,4 +163,33 @@ public class MigrationTest {
assertNotEquals("Implementation-Version manifest attribute not changed", "1.2.3", implementationVersion);
assertTrue("Implementation-Version manifest attribute doesn't match the expected pattern", implementationVersion.matches("1\\.2\\.3-migrated-[\\d\\.]+.*"));
}
+
+ @Test
+ public void testMigrateSignedJarFileRSA() throws Exception {
+ testMigrateSignedJarFile("rsa");
+ }
+
+ @Test
+ public void testMigrateSignedJarFileDSA() throws Exception {
+ testMigrateSignedJarFile("dsa");
+ }
+
+ @Test
+ public void testMigrateSignedJarFileEC() throws Exception {
+ testMigrateSignedJarFile("ec");
+ }
+
+ private void testMigrateSignedJarFile(String algorithm) throws Exception {
+ File jarFile = new File("target/test-classes/hellocgi-signed-" + algorithm + ".jar");
+
+ Migration migration = new Migration();
+ migration.setSource(jarFile);
+ migration.setDestination(jarFile);
+ migration.execute();
+
+ JarFile jar = new JarFile(jarFile);
+ assertNull("Digest not removed from the manifest", jar.getManifest().getAttributes("org/apache/tomcat/jakartaee/HelloCGI.class"));
+ assertNull("Signature key not removed", jar.getEntry("META-INF/" + algorithm.toUpperCase() + "." + algorithm.toUpperCase()));
+ assertNull("Signed manifest not removed", jar.getEntry("META-INF/" + algorithm.toUpperCase() + ".SF"));
+ }
}
diff --git a/src/test/resources/keystore.p12 b/src/test/resources/keystore.p12
new file mode 100644
index 0000000..6f1cf7a
Binary files /dev/null and b/src/test/resources/keystore.p12 differ
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [tomcat-jakartaee-migration] 02/02: Test the migration of signed
jar files
Posted by Martin Grigorov <mg...@apache.org>.
On Mon, Apr 20, 2020 at 10:58 AM Martin Grigorov <mg...@apache.org>
wrote:
> Hi,
>
> On Mon, Apr 20, 2020 at 3:03 AM <eb...@apache.org> wrote:
>
>> This is an automated email from the ASF dual-hosted git repository.
>>
>> ebourg pushed a commit to branch master
>> in repository
>> https://gitbox.apache.org/repos/asf/tomcat-jakartaee-migration.git
>>
>> commit f23a64982f793ebe43665466cf780f57979e63d4
>> Author: Emmanuel Bourg <eb...@apache.org>
>> AuthorDate: Mon Apr 20 02:02:55 2020 +0200
>>
>> Test the migration of signed jar files
>> ---
>> pom.xml | 15 +++++++++++
>> .../org/apache/tomcat/jakartaee/MigrationTest.java | 29
>> +++++++++++++++++++++
>> src/test/resources/keystore.p12 | Bin 0 -> 3848 bytes
>> 3 files changed, 44 insertions(+)
>>
>> diff --git a/pom.xml b/pom.xml
>> index b66f833..3ddfc68 100644
>> --- a/pom.xml
>> +++ b/pom.xml
>> @@ -136,6 +136,21 @@
>> <attribute name="Implementation-Version"
>> value="1.2.3"/>
>> </manifest>
>> </jar>
>> +
>> + <parallel>
>> + <sequential>
>> + <copy file="target/test-classes/hellocgi.jar"
>> tofile="target/test-classes/hellocgi-signed-rsa.jar"/>
>> + <signjar
>> jar="target/test-classes/hellocgi-signed-rsa.jar"
>> keystore="src/test/resources/keystore.p12" storepass="apache" alias="rsa"/>
>> + </sequential>
>> + <sequential>
>> + <copy file="target/test-classes/hellocgi.jar"
>> tofile="target/test-classes/hellocgi-signed-dsa.jar"/>
>> + <signjar
>> jar="target/test-classes/hellocgi-signed-dsa.jar"
>> keystore="src/test/resources/keystore.p12" storepass="apache" alias="dsa"/>
>> + </sequential>
>> + <sequential>
>> + <copy file="target/test-classes/hellocgi.jar"
>> tofile="target/test-classes/hellocgi-signed-ec.jar"/>
>> + <signjar
>> jar="target/test-classes/hellocgi-signed-ec.jar"
>> keystore="src/test/resources/keystore.p12" storepass="apache" alias="ec"/>
>> + </sequential>
>> + </parallel>
>> </target>
>> </configuration>
>> </execution>
>> diff --git a/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java
>> b/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java
>> index 9ba59b0..418b57f 100644
>> --- a/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java
>> +++ b/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java
>> @@ -163,4 +163,33 @@ public class MigrationTest {
>> assertNotEquals("Implementation-Version manifest attribute not
>> changed", "1.2.3", implementationVersion);
>> assertTrue("Implementation-Version manifest attribute doesn't
>> match the expected pattern",
>> implementationVersion.matches("1\\.2\\.3-migrated-[\\d\\.]+.*"));
>> }
>> +
>> + @Test
>> + public void testMigrateSignedJarFileRSA() throws Exception {
>> + testMigrateSignedJarFile("rsa");
>> + }
>> +
>> + @Test
>> + public void testMigrateSignedJarFileDSA() throws Exception {
>> + testMigrateSignedJarFile("dsa");
>> + }
>> +
>> + @Test
>> + public void testMigrateSignedJarFileEC() throws Exception {
>> + testMigrateSignedJarFile("ec");
>> + }
>> +
>> + private void testMigrateSignedJarFile(String algorithm) throws
>> Exception {
>> + File jarFile = new File("target/test-classes/hellocgi-signed-" +
>> algorithm + ".jar");
>> +
>> + Migration migration = new Migration();
>> + migration.setSource(jarFile);
>> + migration.setDestination(jarFile);
>> + migration.execute();
>> +
>> + JarFile jar = new JarFile(jarFile);
>> + assertNull("Digest not removed from the manifest",
>> jar.getManifest().getAttributes("org/apache/tomcat/jakartaee/HelloCGI.class"));
>> + assertNull("Signature key not removed", jar.getEntry("META-INF/"
>> + algorithm.toUpperCase() + "." + algorithm.toUpperCase()));
>> + assertNull("Signed manifest not removed",
>> jar.getEntry("META-INF/" + algorithm.toUpperCase() + ".SF"));
>>
>
> assertNull ?!
> I'd expect those to be non-null, i,e. preserved, after the migration.
>
>
Maybe I didn't understand the test.
Recently there was a complaint that if the signing is not preserved then
crypto functionality does not work (bcrypt ?!).
I will re-check the history and the latest implementation and I'll come
back!
> Martin
>
>
>> + }
>> }
>> diff --git a/src/test/resources/keystore.p12
>> b/src/test/resources/keystore.p12
>> new file mode 100644
>> index 0000000..6f1cf7a
>> Binary files /dev/null and b/src/test/resources/keystore.p12 differ
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: dev-help@tomcat.apache.org
>>
>>
Re: [tomcat-jakartaee-migration] 02/02: Test the migration of signed
jar files
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
On Mon, Apr 20, 2020 at 3:03 AM <eb...@apache.org> wrote:
> This is an automated email from the ASF dual-hosted git repository.
>
> ebourg pushed a commit to branch master
> in repository
> https://gitbox.apache.org/repos/asf/tomcat-jakartaee-migration.git
>
> commit f23a64982f793ebe43665466cf780f57979e63d4
> Author: Emmanuel Bourg <eb...@apache.org>
> AuthorDate: Mon Apr 20 02:02:55 2020 +0200
>
> Test the migration of signed jar files
> ---
> pom.xml | 15 +++++++++++
> .../org/apache/tomcat/jakartaee/MigrationTest.java | 29
> +++++++++++++++++++++
> src/test/resources/keystore.p12 | Bin 0 -> 3848 bytes
> 3 files changed, 44 insertions(+)
>
> diff --git a/pom.xml b/pom.xml
> index b66f833..3ddfc68 100644
> --- a/pom.xml
> +++ b/pom.xml
> @@ -136,6 +136,21 @@
> <attribute name="Implementation-Version"
> value="1.2.3"/>
> </manifest>
> </jar>
> +
> + <parallel>
> + <sequential>
> + <copy file="target/test-classes/hellocgi.jar"
> tofile="target/test-classes/hellocgi-signed-rsa.jar"/>
> + <signjar
> jar="target/test-classes/hellocgi-signed-rsa.jar"
> keystore="src/test/resources/keystore.p12" storepass="apache" alias="rsa"/>
> + </sequential>
> + <sequential>
> + <copy file="target/test-classes/hellocgi.jar"
> tofile="target/test-classes/hellocgi-signed-dsa.jar"/>
> + <signjar
> jar="target/test-classes/hellocgi-signed-dsa.jar"
> keystore="src/test/resources/keystore.p12" storepass="apache" alias="dsa"/>
> + </sequential>
> + <sequential>
> + <copy file="target/test-classes/hellocgi.jar"
> tofile="target/test-classes/hellocgi-signed-ec.jar"/>
> + <signjar
> jar="target/test-classes/hellocgi-signed-ec.jar"
> keystore="src/test/resources/keystore.p12" storepass="apache" alias="ec"/>
> + </sequential>
> + </parallel>
> </target>
> </configuration>
> </execution>
> diff --git a/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java
> b/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java
> index 9ba59b0..418b57f 100644
> --- a/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java
> +++ b/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java
> @@ -163,4 +163,33 @@ public class MigrationTest {
> assertNotEquals("Implementation-Version manifest attribute not
> changed", "1.2.3", implementationVersion);
> assertTrue("Implementation-Version manifest attribute doesn't
> match the expected pattern",
> implementationVersion.matches("1\\.2\\.3-migrated-[\\d\\.]+.*"));
> }
> +
> + @Test
> + public void testMigrateSignedJarFileRSA() throws Exception {
> + testMigrateSignedJarFile("rsa");
> + }
> +
> + @Test
> + public void testMigrateSignedJarFileDSA() throws Exception {
> + testMigrateSignedJarFile("dsa");
> + }
> +
> + @Test
> + public void testMigrateSignedJarFileEC() throws Exception {
> + testMigrateSignedJarFile("ec");
> + }
> +
> + private void testMigrateSignedJarFile(String algorithm) throws
> Exception {
> + File jarFile = new File("target/test-classes/hellocgi-signed-" +
> algorithm + ".jar");
> +
> + Migration migration = new Migration();
> + migration.setSource(jarFile);
> + migration.setDestination(jarFile);
> + migration.execute();
> +
> + JarFile jar = new JarFile(jarFile);
> + assertNull("Digest not removed from the manifest",
> jar.getManifest().getAttributes("org/apache/tomcat/jakartaee/HelloCGI.class"));
> + assertNull("Signature key not removed", jar.getEntry("META-INF/"
> + algorithm.toUpperCase() + "." + algorithm.toUpperCase()));
> + assertNull("Signed manifest not removed",
> jar.getEntry("META-INF/" + algorithm.toUpperCase() + ".SF"));
>
assertNull ?!
I'd expect those to be non-null, i,e. preserved, after the migration.
Martin
> + }
> }
> diff --git a/src/test/resources/keystore.p12
> b/src/test/resources/keystore.p12
> new file mode 100644
> index 0000000..6f1cf7a
> Binary files /dev/null and b/src/test/resources/keystore.p12 differ
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>