aliasNotInStore not severe

wangweij · Jul 24, 2024 · 0aab1a9 · 0aab1a9
1 parent 0f3be95
commit 0aab1a9
Show file tree

Hide file tree

Showing 7 changed files with 64 additions and 14 deletions.
diff --git a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
@@ -338,7 +338,7 @@ public int run(String args[]) {
             if (hasUnsignedEntry) {
                 exitCode |= 16;
             }
-            if (notSignedByAlias || aliasNotInStore) {
+            if (notSignedByAlias) {
                 exitCode |= 32;
             }
             if (tsaChainNotValidated) {

diff --git a/test/jdk/sun/security/tools/jarsigner/CheckUsage.java b/test/jdk/sun/security/tools/jarsigner/CheckUsage.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -82,23 +82,29 @@ public static void main(String[] args) throws Exception {
         // Verify with own keystore is perfect.
         SecurityTools.jarsigner("-keystore js.jks -storepass changeit "
                 + "-strict -verify a.jar")
+                .shouldNotContain("not signed by alias in this keystore")
                 .shouldHaveExitValue(0);
-        // Verify with only CA keystore is also mostly OK
+        // Verify with only CA keystore is mostly OK
         SecurityTools.jarsigner("-keystore trust.jks -storepass changeit "
                         + "-strict -verify a.jar")
-                .shouldHaveExitValue(32); //aliasNotInStore(32)
+                .shouldContain("not signed by alias in this keystore")
+                .shouldHaveExitValue(0);
 
         // Test 3: When no keystore is specified, the error is only
         // "chain invalid"
 
         SecurityTools.jarsigner("-strict -verify a.jar")
+                .shouldContainOrderedSequence("Error:", "certificate chain is invalid", "Warning:")
+                .shouldNotContain("not signed by alias in this keystore")
                 .shouldHaveExitValue(4);
 
         // Test 4: When unrelated keystore is specified, the error is
-        // "chain invalid" and "not alias in keystore"
+        // "chain invalid" and the warning is "not alias in keystore"
 
         SecurityTools.jarsigner("-keystore unrelated.jks -storepass changeit "
                 + "-strict -verify a.jar")
-                .shouldHaveExitValue(36);
+                .shouldContainOrderedSequence("Error:", "certificate chain is invalid", "Warning:")
+                .shouldContainOrderedSequence("Warning:", "not signed by alias in this keystore")
+                .shouldHaveExitValue(4);
     }
 }
diff --git a/test/jdk/sun/security/tools/jarsigner/EnableRevocation.java b/test/jdk/sun/security/tools/jarsigner/EnableRevocation.java
@@ -88,6 +88,6 @@ public static void main(String[] args) throws Exception {
                 "-strict -verbose -debug -revCheck")
                 .shouldContain("Contacting OCSP server at")
                 .shouldContain("Downloading CRL from")
-                .shouldHaveExitValue(36); // aliasNotInStore(32), chainNotValidated(4)
+                .shouldHaveExitValue(4);
     }
 }
diff --git a/test/jdk/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java b/test/jdk/sun/security/tools/jarsigner/warnings/AliasNotInStoreTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -117,8 +117,7 @@ private void start() throws Throwable {
                 "-keypass", PASSWORD,
                 UPDATED_SIGNED_JARFILE);
 
-        int expectedExitCode = ALIAS_NOT_IN_STORE_EXIT_CODE
-                + CHAIN_NOT_VALIDATED_EXIT_CODE;
+        int expectedExitCode = CHAIN_NOT_VALIDATED_EXIT_CODE;
         checkVerifying(analyzer, expectedExitCode,
                 CHAIN_NOT_VALIDATED_VERIFYING_WARNING,
                 ALIAS_NOT_IN_STORE_VERIFYING_WARNING);

diff --git a/test/jdk/sun/security/tools/jarsigner/warnings/Test.java b/test/jdk/sun/security/tools/jarsigner/warnings/Test.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -164,7 +164,6 @@ public abstract class Test {
     static final int BAD_EXTENDED_KEY_USAGE_EXIT_CODE = 8;
     static final int BAD_NETSCAPE_CERT_TYPE_EXIT_CODE = 8;
     static final int HAS_UNSIGNED_ENTRY_EXIT_CODE = 16;
-    static final int ALIAS_NOT_IN_STORE_EXIT_CODE = 32;
     static final int NOT_SIGNED_BY_ALIAS_EXIT_CODE = 32;
 
     protected void createAlias(String alias, String ... options)

diff --git a/test/lib-test/jdk/test/lib/process/OutputAnalyzerTest.java b/test/lib-test/jdk/test/lib/process/OutputAnalyzerTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -242,6 +242,31 @@ public static void main(String args[]) throws Exception {
                 }
             }
         }
-    }
 
+        // Multi lines
+        OutputAnalyzer multi = new OutputAnalyzer("""
+                first
+                second
+                third
+                fourth
+                fifth
+                """, "");
+        multi.shouldContainOrderedSequence();
+        multi.shouldContainOrderedSequence("first");
+        multi.shouldContainOrderedSequence("first", "third", "fifth");
+        multi.shouldContainOrderedSequence("fir", "ird", "fif");
+        multi.shouldContainOrderedSequence("second", "fourth");
+        try {
+            multi.shouldContainOrderedSequence("second", "first");
+            throw new RuntimeException("Should not succeed");
+        } catch (RuntimeException e) {
+            // good
+        }
+        try {
+            multi.shouldContainOrderedSequence("second", "sixth");
+            throw new RuntimeException("Should not succeed");
+        } catch (RuntimeException e) {
+            // good
+        }
+    }
 }
diff --git a/test/lib/jdk/test/lib/process/OutputAnalyzer.java b/test/lib/jdk/test/lib/process/OutputAnalyzer.java
@@ -897,4 +897,25 @@ public void shouldNotHaveFatalError() {
         shouldNotMatch(FATAL_ERROR_PAT);
     }
 
+    /**
+     * Verify that lines in the stdout and stderr contents of output buffer
+     * contains each item of strings, in the order they appear. Note that
+     * two items cannot appear in the same line.
+     *
+     * @param strings Strings that buffer should contain
+     * @throws RuntimeException If not all string are found
+     */
+    public OutputAnalyzer shouldContainOrderedSequence(String... strings) {
+        String[] lines = asLines().toArray(new String[0]);
+        int elementIndex = 0;
+        for (String line : lines) {
+            if (elementIndex < strings.length && line.contains(strings[elementIndex])) {
+                elementIndex++;
+            }
+        }
+        if (elementIndex != strings.length) {
+            throw new RuntimeException("Elements do not appear in the correct order.");
+        }
+        return this;
+    }
 }