On Mon, Apr 20, 2020 at 10:58 AM Martin Grigorov <mgrigo...@apache.org> wrote:
> Hi, > > On Mon, Apr 20, 2020 at 3:03 AM <ebo...@apache.org> wrote: > >> This is an automated email from the ASF dual-hosted git repository. >> >> ebourg pushed a commit to branch master >> in repository >> https://gitbox.apache.org/repos/asf/tomcat-jakartaee-migration.git >> >> commit f23a64982f793ebe43665466cf780f57979e63d4 >> Author: Emmanuel Bourg <ebo...@apache.org> >> AuthorDate: Mon Apr 20 02:02:55 2020 +0200 >> >> Test the migration of signed jar files >> --- >> pom.xml | 15 +++++++++++ >> .../org/apache/tomcat/jakartaee/MigrationTest.java | 29 >> +++++++++++++++++++++ >> src/test/resources/keystore.p12 | Bin 0 -> 3848 bytes >> 3 files changed, 44 insertions(+) >> >> diff --git a/pom.xml b/pom.xml >> index b66f833..3ddfc68 100644 >> --- a/pom.xml >> +++ b/pom.xml >> @@ -136,6 +136,21 @@ >> <attribute name="Implementation-Version" >> value="1.2.3"/> >> </manifest> >> </jar> >> + >> + <parallel> >> + <sequential> >> + <copy file="target/test-classes/hellocgi.jar" >> tofile="target/test-classes/hellocgi-signed-rsa.jar"/> >> + <signjar >> jar="target/test-classes/hellocgi-signed-rsa.jar" >> keystore="src/test/resources/keystore.p12" storepass="apache" alias="rsa"/> >> + </sequential> >> + <sequential> >> + <copy file="target/test-classes/hellocgi.jar" >> tofile="target/test-classes/hellocgi-signed-dsa.jar"/> >> + <signjar >> jar="target/test-classes/hellocgi-signed-dsa.jar" >> keystore="src/test/resources/keystore.p12" storepass="apache" alias="dsa"/> >> + </sequential> >> + <sequential> >> + <copy file="target/test-classes/hellocgi.jar" >> tofile="target/test-classes/hellocgi-signed-ec.jar"/> >> + <signjar >> jar="target/test-classes/hellocgi-signed-ec.jar" >> keystore="src/test/resources/keystore.p12" storepass="apache" alias="ec"/> >> + </sequential> >> + </parallel> >> </target> >> </configuration> >> </execution> >> diff --git a/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java >> b/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java >> index 9ba59b0..418b57f 100644 >> --- a/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java >> +++ b/src/test/java/org/apache/tomcat/jakartaee/MigrationTest.java >> @@ -163,4 +163,33 @@ public class MigrationTest { >> assertNotEquals("Implementation-Version manifest attribute not >> changed", "1.2.3", implementationVersion); >> assertTrue("Implementation-Version manifest attribute doesn't >> match the expected pattern", >> implementationVersion.matches("1\\.2\\.3-migrated-[\\d\\.]+.*")); >> } >> + >> + @Test >> + public void testMigrateSignedJarFileRSA() throws Exception { >> + testMigrateSignedJarFile("rsa"); >> + } >> + >> + @Test >> + public void testMigrateSignedJarFileDSA() throws Exception { >> + testMigrateSignedJarFile("dsa"); >> + } >> + >> + @Test >> + public void testMigrateSignedJarFileEC() throws Exception { >> + testMigrateSignedJarFile("ec"); >> + } >> + >> + private void testMigrateSignedJarFile(String algorithm) throws >> Exception { >> + File jarFile = new File("target/test-classes/hellocgi-signed-" + >> algorithm + ".jar"); >> + >> + Migration migration = new Migration(); >> + migration.setSource(jarFile); >> + migration.setDestination(jarFile); >> + migration.execute(); >> + >> + JarFile jar = new JarFile(jarFile); >> + assertNull("Digest not removed from the manifest", >> jar.getManifest().getAttributes("org/apache/tomcat/jakartaee/HelloCGI.class")); >> + assertNull("Signature key not removed", jar.getEntry("META-INF/" >> + algorithm.toUpperCase() + "." + algorithm.toUpperCase())); >> + assertNull("Signed manifest not removed", >> jar.getEntry("META-INF/" + algorithm.toUpperCase() + ".SF")); >> > > assertNull ?! > I'd expect those to be non-null, i,e. preserved, after the migration. > > Maybe I didn't understand the test. Recently there was a complaint that if the signing is not preserved then crypto functionality does not work (bcrypt ?!). I will re-check the history and the latest implementation and I'll come back! > Martin > > >> + } >> } >> diff --git a/src/test/resources/keystore.p12 >> b/src/test/resources/keystore.p12 >> new file mode 100644 >> index 0000000..6f1cf7a >> Binary files /dev/null and b/src/test/resources/keystore.p12 differ >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> >>