Merge pull request #1735 from jjiwooLim/verifySig

Enable feature signature verification
OpenLiberty · Oct 24, 2023 · 95e466d · 95e466d
2 parents 2cc9190 + d1e744e
commit 95e466d
Show file tree

Hide file tree

Showing 13 changed files with 385 additions and 10 deletions.
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -88,7 +88,7 @@ jobs:
         - java: 11
           RUNTIME: wlp
     name: ${{ matrix.RUNTIME }} ${{ matrix.RUNTIME_VERSION }}, Java ${{ matrix.java }}, Windows
-    steps:    
+    steps:
     # Checkout repos
     - name: Checkout ci.maven
       uses: actions/checkout@v3

diff --git a/liberty-maven-plugin/src/it/verify-user-feature-it/invoker.properties b/liberty-maven-plugin/src/it/verify-user-feature-it/invoker.properties
@@ -0,0 +1,9 @@
+invoker.goals.1 = clean install -Dverify=all -Dkeyid=0x05534365803788CE
+invoker.goals.2 = clean install -Dverify=warn -Dkeyid=0xWRONGKEYID
+invoker.goals.3 = clean install -Dverify=enforce -Dkeyid=0xWRONGKEYID
+invoker.goals.4 = clean install -Dverify=skip
+#Should skip verification if version < 23.0.0.9
+invoker.goals.5 = clean install -Dliberty.runtime.version=23.0.0.9 -Dverify=enforce
+#Should fail 
+invoker.goals.6 = clean install -Dverify=all -Dkeyid=0xWRONGKEYID
+invoker.buildResult.6 = failure
diff --git a/liberty-maven-plugin/src/it/verify-user-feature-it/pom.xml b/liberty-maven-plugin/src/it/verify-user-feature-it/pom.xml
@@ -0,0 +1,170 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>io.openliberty.tools.it</groupId>
+        <artifactId>tests</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+
+    <artifactId>verify-usr-feature-it</artifactId>
+    <packaging>jar</packaging>
+
+    <dependencies>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.13.1</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.8.0</version>
+        </dependency>
+    </dependencies>  
+
+    <build>
+        <plugins>
+           <plugin>
+                <artifactId>maven-resources-plugin</artifactId>
+                <version>3.3.1</version>
+                <executions>
+                    <execution>
+                        <id>copy-resource-one</id>
+                        <phase>process-resources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+
+                        <configuration>
+                            <outputDirectory>${user.home}/.m2/repository/test/user/test/osgi/SimpleActivator-bom/1.0</outputDirectory>
+                            <resources>
+                                <resource>
+                                    <directory>src/test/resources</directory>
+                                    <includes>
+                                        <include>SimpleActivator-bom-1.0.pom</include>
+                                    </includes>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>copy-resource-two</id>
+                        <phase>process-resources</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+
+                        <configuration>
+                            <outputDirectory>${user.home}/.m2/repository/test/user/test/osgi/SimpleActivatorESA/1.0</outputDirectory>
+                            <resources>
+                                <resource>
+                                    <directory>src/test/resources</directory>
+                                    <includes>
+                                        <include>SimpleActivatorESA-1.0.esa</include>
+                                    </includes>
+                                </resource>
+                                <resource>
+                                    <directory>src/test/resources</directory>
+                                    <includes>
+                                        <include>SimpleActivatorESA-1.0.esa.asc</include>
+                                    </includes>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
+                 </executions>
+            </plugin> 
+            <plugin>
+                <groupId>io.openliberty.tools</groupId>
+                <artifactId>liberty-maven-plugin</artifactId>
+                <version>@pom.version@</version>
+                <configuration>
+                    <assemblyArtifact>
+                        <groupId>${runtimeGroupId}</groupId>
+                        <artifactId>${runtimeKernelId}</artifactId>
+                        <type>zip</type>
+                    </assemblyArtifact>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>install-liberty-server</id>
+                        <phase>compile</phase>
+                        <goals>
+                            <goal>install-server</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>prepare-feature</id>
+                        <phase>test-compile</phase>
+                        <goals>
+                            <goal>prepare-feature</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>install-feature</id>
+                        <phase>test-compile</phase>
+                        <goals>
+                            <goal>install-feature</goal>
+                        </goals>
+                        <configuration>
+                        <keys>
+                          <key1>
+                               <keyid>${keyid}</keyid>
+                               <keyurl>src/test/resources/SimpleActivatorValidKey.asc</keyurl>
+                          </key1>
+                        </keys>
+                            <features>
+                                <verify>${verify}</verify>
+                                <acceptLicense>true</acceptLicense>
+                                <feature>json-1.0</feature>
+                                <feature>SimpleActivator-1.0</feature>
+                            </features>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-failsafe-plugin</artifactId>
+                <version>3.1.2</version>
+                <configuration>
+                    <workingDirectory>${project.build.directory}</workingDirectory>
+                    <argLine>-enableassertions</argLine>
+                </configuration>
+                <executions>
+                    <execution>
+                        <id>integration-test</id>
+                        <goals>
+                            <goal>integration-test</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>verify</id>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>verify</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+  <dependencyManagement>
+    <dependencies>
+        <dependency>
+          <groupId>test.user.test.osgi</groupId>
+          <artifactId>SimpleActivator-bom</artifactId>
+          <version>1.0</version>
+          <type>pom</type>
+        </dependency>
+    </dependencies>
+  </dependencyManagement>
+
+
+</project>
diff --git a/liberty-maven-plugin/src/it/verify-user-feature-it/postbuild.groovy b/liberty-maven-plugin/src/it/verify-user-feature-it/postbuild.groovy
@@ -0,0 +1,10 @@
+import java.io.File;
+
+File buildLog = new File( basedir, 'build.log' )
+assert buildLog.text.contains( 'All features were successfully verified.')
+/*CWWKF1514E: The 0X05534365803788CE public key ID does not match the 0xWRONGKEYID provided key ID.*/
+assert buildLog.text.contains( 'CWWKF1514E')
+/*CWWKF1508E: The public key ID for the src/test/resources/SimpleActivatorValidKey.asc key URL was not provided.*/
+assert buildLog.text.contains( 'CWWKF1508E')
+/*CWWKF1512E: Unable to verify the following feature signatures:*/
+assert buildLog.text.contains( 'CWWKF1512E')
diff --git a/...fy-user-feature-it/src/test/java/net/wasdev/wlp/test/feature/it/VerifyUsrFeatureTest.java b/...fy-user-feature-it/src/test/java/net/wasdev/wlp/test/feature/it/VerifyUsrFeatureTest.java
@@ -0,0 +1,50 @@
+/*******************************************************************************
+ * (c) Copyright IBM Corporation 2023.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *******************************************************************************/
+package net.wasdev.wlp.test.feature.it;
+
+import static junit.framework.Assert.*;
+import org.junit.Test;
+import org.junit.After;
+import org.junit.Assume;
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.logging.Logger;
+
+import org.apache.commons.io.FileUtils;
+import java.io.FilenameFilter;
+
+public class VerifyUsrFeatureTest {
+
+	static File mavenLocalRepo = new File(System.getProperty("user.home")+ "/.m2/repository");
+	static File userTestRepo = new File(mavenLocalRepo, "test/user/test/features");
+
+	Logger logger = Logger.getLogger(VerifyUsrFeatureTest.class.getName());
+
+
+    @Test
+    public void testVerifyUsrFeature() throws Exception {
+    	try {
+    		File featureFile = new File("target/liberty/wlp/usr/extension/lib/features/test.user.test.osgi.SimpleActivator.mf");
+
+            assert featureFile.exists() : "SimpleActivator.mf cannot be generated";
+
+        } catch (Exception e) {
+            throw new AssertionError ("Fail to install user feature.", e);
+        }
+    }
+
+}
diff --git a/...maven-plugin/src/it/verify-user-feature-it/src/test/resources/SimpleActivator-bom-1.0.pom b/...maven-plugin/src/it/verify-user-feature-it/src/test/resources/SimpleActivator-bom-1.0.pom
@@ -0,0 +1,19 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>test.user.test.osgi</groupId>
+  <artifactId>SimpleActivator-bom</artifactId>
+  <version>1.0</version>
+  <packaging>pom</packaging>
+
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>test.user.test.osgi</groupId>
+        <artifactId>SimpleActivatorESA</artifactId>
+        <version>1.0</version>
+        <type>esa</type>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+</project>
diff --git a/...-maven-plugin/src/it/verify-user-feature-it/src/test/resources/SimpleActivatorESA-1.0.esa b/...-maven-plugin/src/it/verify-user-feature-it/src/test/resources/SimpleActivatorESA-1.0.esa
diff --git a/...en-plugin/src/it/verify-user-feature-it/src/test/resources/SimpleActivatorESA-1.0.esa.asc b/...en-plugin/src/it/verify-user-feature-it/src/test/resources/SimpleActivatorESA-1.0.esa.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYKAB0WIQTZfjfdN9icDzpsd5oFU0NlgDeIzgUCYuXWWgAKCRAFU0NlgDeI
+zoQoAP9Ml57juXFOVpqNljeLKEZ+OfDsLs5QJbZJ2JbXF+d7zwEAm1QDQaTRy4Kl
+tghBIFPUgTSrKl0U39pMpje5xvvVpgM=
+=1Xtn
+-----END PGP SIGNATURE-----
diff --git a/...maven-plugin/src/it/verify-user-feature-it/src/test/resources/SimpleActivatorValidKey.asc b/...maven-plugin/src/it/verify-user-feature-it/src/test/resources/SimpleActivatorValidKey.asc
@@ -0,0 +1,15 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: Hostname: 
+Version: Hockeypuck 2.1.0-223-gdc2762b
+
+xjMEYryhzxYJKwYBBAHaRw8BAQdAr/PgyIUi11nwm9t1hb5hPXV2C+fMFex0wQ1e
+dnR7IEXNHVNhcmFoIExpbSA8aml3b28ubGltQGlibS5jb20+wpoEExYKAEIWIQTZ
+fjfdN9icDzpsd5oFU0NlgDeIzgUCYryhzwIbAwUJA8JnAAULCQgHAgMiAgEGFQoJ
+CAsCBBYCAwECHgcCF4AACgkQBVNDZYA3iM4zpwEAk/GjVbe1Nh6Sdgz6Bz7m7Ri8
+PTOm83nJbLQ58wiQjLIBAPROmPtM2GZtZpXnLvcTQZ1LMagtO8bf2Lrmwr4sSecE
+zjgEYryhzxIKKwYBBAGXVQEFAQEHQO6uNNAomeS4cvSOOiF8TZp57y3srA0jQCTM
+4FgyA4EeAwEIB8J+BBgWCgAmFiEE2X433TfYnA86bHeaBVNDZYA3iM4FAmK8oc8C
+GwwFCQPCZwAACgkQBVNDZYA3iM5QsQEA9wCJkczk0UicmUhI+yywuTuh5MF3csdD
+fyUL++G/Co0A/19f4kf/LVLh+EfsGRHU256OI8RWd9JUR8O2M/HSJ8sK
+=JYSd
+-----END PGP PUBLIC KEY BLOCK-----