Mercurial > hg > release > icedtea-web-1.5
changeset 942:022f56ff692f
Trusted-only manifest attribute implementation
Trusted-only manifest attribute implementation
* netx/net/sourceforge/jnlp/resources/Messages.properties:
(STrustedOnlyAttributeFailure) new message
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: added
ManifestsAttributesValidator#checkTrustedOnlyAttribute() to constructor
* netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java:
(checkTrustedOnlyAttribute) new method
* tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-nosecurity.jnlp:
new tests for Trusted-only attribute
* tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-security.jnlp
* tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed.html
* tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-nosecurity.jnlp
* tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-security.jnlp
* tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned.html
* tests/reproducers/custom/TrustedOnlyAttribute/srcs/MANIFEST.MF
* tests/reproducers/custom/TrustedOnlyAttribute/srcs/Makefile
* tests/reproducers/custom/TrustedOnlyAttribute/srcs/TrustedOnlyAttribute.java
* tests/reproducers/custom/TrustedOnlyAttribute/testcases/TrustedOnlyAttributeTest.java
line wrap: on
line diff
--- a/ChangeLog Thu Mar 20 15:23:33 2014 -0400 +++ b/ChangeLog Thu Mar 20 15:45:13 2014 -0400 @@ -1,3 +1,24 @@ +2014-03-20 Andrew Azores <aazores@redhat.com> + + Trusted-only manifest attribute implementation + * netx/net/sourceforge/jnlp/resources/Messages.properties: + (STrustedOnlyAttributeFailure) new message + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: added + ManifestsAttributesValidator#checkTrustedOnlyAttribute() to constructor + * netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java: + (checkTrustedOnlyAttribute) new method + * tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-nosecurity.jnlp: + new tests for Trusted-only attribute + * tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-security.jnlp + * tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed.html + * tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-nosecurity.jnlp + * tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-security.jnlp + * tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned.html + * tests/reproducers/custom/TrustedOnlyAttribute/srcs/MANIFEST.MF + * tests/reproducers/custom/TrustedOnlyAttribute/srcs/Makefile + * tests/reproducers/custom/TrustedOnlyAttribute/srcs/TrustedOnlyAttribute.java + * tests/reproducers/custom/TrustedOnlyAttribute/testcases/TrustedOnlyAttributeTest.java + 2014-03-20 Andrew Azores <aazores@redhat.com> Passing a reference to SecurityDelegate to CertWarningPane, so that UI
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Thu Mar 20 15:23:33 2014 -0400 +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Thu Mar 20 15:45:13 2014 -0400 @@ -299,6 +299,7 @@ SAuthenticationPrompt=The {0} server at {1} is requesting authentication. It says "{2}" SJNLPFileIsNotSigned=This application contains a digital signature in which the launching JNLP file is not signed. SAppletTitle=Applet title: {0} +STrustedOnlyAttributeFailure=This application specifies Trusted-only as True in its Manifest. {0} and requests permission level: {1}. This is not allowed. # Security - used for the More Information dialog SBadKeyUsage=Resources contain entries whose signer certificate's KeyUsage extension doesn't allow code signing.
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Thu Mar 20 15:23:33 2014 -0400 +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Thu Mar 20 15:45:13 2014 -0400 @@ -285,6 +285,7 @@ setSecurity(); ManifestsAttributesValidator mav = new ManifestsAttributesValidator(security, file, signing); + mav.checkTrustedOnlyAttribute(); mav.checkCodebaseAttribute(); mav.checkPermissionsAttribute(); mav.checkApplicationLibraryAllowableCodebaseAttribute();
--- a/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java Thu Mar 20 15:23:33 2014 -0400 +++ b/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java Thu Mar 20 15:45:13 2014 -0400 @@ -66,8 +66,50 @@ this.file = file; this.signing = signing; } - - + + /** + * http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#trusted_only + */ + void checkTrustedOnlyAttribute() throws LaunchException { + final ManifestBoolean trustedOnly = file.getManifestsAttributes().isTrustedOnly(); + if (trustedOnly == ManifestBoolean.UNDEFINED) { + OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, "Trusted Only manifest attribute not found. Continuing."); + return; + } + + if (trustedOnly == ManifestBoolean.FALSE) { + OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, "Trusted Only manifest attribute is false. Continuing."); + return; + } + + final Object desc = security.getSecurityType(); + + final String securityType; + if (desc == null) { + securityType = "Not Specified"; + } else if (desc.equals(SecurityDesc.ALL_PERMISSIONS)) { + securityType = "All-Permission"; + } else if (desc.equals(SecurityDesc.SANDBOX_PERMISSIONS)) { + securityType = "Sandbox"; + } else if (desc.equals(SecurityDesc.J2EE_PERMISSIONS)) { + securityType = "J2EE"; + } else { + securityType = "Unknown"; + } + + final boolean isFullySigned = signing == SigningState.FULL; + final String signedMsg; + if (isFullySigned) { + signedMsg = "The applet is fully signed"; + } else { + signedMsg = "The applet is not fully signed"; + } + OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, + "Trusted Only manifest attribute is \"true\". " + signedMsg + " and requests permission level: " + securityType); + if (!(isFullySigned && SecurityDesc.ALL_PERMISSIONS.equals(desc))) { + throw new LaunchException(Translator.R("STrustedOnlyAttributeFailure", signedMsg, securityType)); + } + } /** * http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#codebase
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-nosecurity.jnlp Thu Mar 20 15:45:13 2014 -0400 @@ -0,0 +1,58 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> + +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="TrustedOnlyAttribute-signed-nosecurity.jnlp" codebase="."> + <information> + <title>TrustedOnlyAttribute</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>Trusted-only Manifest Attribute Test</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="TrustedOnlyAttributeSigned.jar"/> + </resources> + <applet-desc + name="TrustedOnlyAttribute" + main-class="TrustedOnlyAttribute" + width="640" + height="480"> + </applet-desc> +</jnlp>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-security.jnlp Thu Mar 20 15:45:13 2014 -0400 @@ -0,0 +1,61 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> + +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="TrustedOnlyAttribute-signed-security.jnlp" codebase="."> + <information> + <title>TrustedOnlyAttribute</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>Trusted-only Manifest Attribute Test</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="TrustedOnlyAttributeSigned.jar"/> + </resources> + <applet-desc + name="TrustedOnlyAttribute" + main-class="TrustedOnlyAttribute" + width="640" + height="480"> + </applet-desc> + <security> + <all-permissions/> + </security> +</jnlp>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed.html Thu Mar 20 15:45:13 2014 -0400 @@ -0,0 +1,49 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> + +<html> + <head></head> + <body> + <applet code="TrustedOnlyAttribute.class" + archive="TrustedOnlyAttributeSigned.jar" + codebase="." + width="800" + height="600"> + </applet> + </body> +</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-nosecurity.jnlp Thu Mar 20 15:45:13 2014 -0400 @@ -0,0 +1,58 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> + +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="TrustedOnlyAttribute-unsigned-nosecurity.jnlp" codebase="."> + <information> + <title>TrustedOnlyAttribute</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>Trusted-only Manifest Attribute Test</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="TrustedOnlyAttributeSigned.jar"/> + </resources> + <applet-desc + name="TrustedOnlyAttribute" + main-class="TrustedOnlyAttribute" + width="640" + height="480"> + </applet-desc> +</jnlp>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-security.jnlp Thu Mar 20 15:45:13 2014 -0400 @@ -0,0 +1,61 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> + +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="TrustedOnlyAttribute-unsigned-security.jnlp" codebase="."> + <information> + <title>TrustedOnlyAttribute</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>Trusted-only Manifest Attribute Test</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="TrustedOnlyAttributeUnsigned.jar"/> + </resources> + <applet-desc + name="TrustedOnlyAttribute" + main-class="TrustedOnlyAttribute" + width="640" + height="480"> + </applet-desc> + <security> + <all-permissions/> + </security> +</jnlp>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned.html Thu Mar 20 15:45:13 2014 -0400 @@ -0,0 +1,49 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> + +<html> + <head></head> + <body> + <applet code="TrustedOnlyAttribute.class" + archive="TrustedOnlyAttributeUnsigned.jar" + codebase="." + width="800" + height="600"> + </applet> + </body> +</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/TrustedOnlyAttribute/srcs/MANIFEST.MF Thu Mar 20 15:45:13 2014 -0400 @@ -0,0 +1,1 @@ +Trusted-only: true
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/TrustedOnlyAttribute/srcs/Makefile Thu Mar 20 15:45:13 2014 -0400 @@ -0,0 +1,29 @@ +TESTNAME=TrustedOnlyAttribute + +JARSIGNER=$(BOOT_DIR)/bin/jarsigner +JAVAC=$(BOOT_DIR)/bin/javac +JAR=$(BOOT_DIR)/bin/jar + +TMPDIR:=$(shell mktemp -d) + +prepare-reproducer: + echo PREPARING REPRODUCER $(TESTNAME) in $(TMPDIR) + + cp MANIFEST.MF $(TMPDIR) ; \ + $(JAVAC) -d $(TMPDIR) $(TESTNAME).java ; \ + + cd $(TMPDIR) ; \ + $(JAR) cvfm $(TESTNAME)Signed.jar MANIFEST.MF $(TESTNAME).class ; \ + $(JAR) cvfm $(TESTNAME)Unsigned.jar MANIFEST.MF $(TESTNAME).class ; \ + $(BOOT_DIR)/bin/jarsigner -keystore $(TOP_BUILD_DIR)/$(PRIVATE_KEYSTORE_NAME) -storepass $(PRIVATE_KEYSTORE_PASS) \ + -keypass $(PRIVATE_KEYSTORE_PASS) "$(TMPDIR)/$(TESTNAME)Signed.jar" $(TEST_CERT_ALIAS)_signed ; \ + + cd $(TMPDIR); \ + mv $(TESTNAME)Signed.jar $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR) ; \ + mv $(TESTNAME)Unsigned.jar $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR) ; \ + + echo PREPARED REPRODUCER $(TESTNAME), removing $(TMPDIR) + rm -rf $(TMPDIR) + +clean-reproducer: + echo NOTHING TO CLEAN FOR $(TESTNAME)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/TrustedOnlyAttribute/srcs/TrustedOnlyAttribute.java Thu Mar 20 15:45:13 2014 -0400 @@ -0,0 +1,50 @@ +/* TrustedOnlyAttribute.java +Copyright (C) 2014 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + +import java.applet.Applet; + +public class TrustedOnlyAttribute extends Applet { + + private static final String appletCloseString = "*** APPLET FINISHED ***"; + + @Override + public void init() { + System.out.println("TrustedOnlyAttribute applet running"); + System.out.println(appletCloseString); + System.exit(0); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/TrustedOnlyAttribute/testcases/TrustedOnlyAttributeTest.java Thu Mar 20 15:45:13 2014 -0400 @@ -0,0 +1,102 @@ +/* TrustedOnlyAttributeTest.java +Copyright (C) 2014 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + +import net.sourceforge.jnlp.ProcessResult; +import net.sourceforge.jnlp.ServerAccess.AutoClose; +import net.sourceforge.jnlp.annotations.Bug; +import net.sourceforge.jnlp.annotations.KnownToFail; +import net.sourceforge.jnlp.annotations.NeedsDisplay; +import net.sourceforge.jnlp.annotations.TestInBrowsers; +import net.sourceforge.jnlp.browsertesting.BrowserTest; +import net.sourceforge.jnlp.browsertesting.Browsers; +import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; + +import org.junit.Test; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.assertFalse; + +public class TrustedOnlyAttributeTest extends BrowserTest { + + private static final String RUNNING_STRING = "TrustedOnlyAttribute applet running"; + private static final String CLOSE_STRING = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING; + + @NeedsDisplay + @Test + @TestInBrowsers(testIn={Browsers.one}) + public void testSignedAppletWithManifestAttributeAndNoHtmlSecurity() throws Exception { + ProcessResult pr = server.executeBrowser("TrustedOnlyAttribute-signed.html", AutoClose.CLOSE_ON_BOTH); + assertFalse("Applet should not have failed to launch", pr.stderr.contains("LaunchException")); + assertTrue("Applet should have run", pr.stdout.contains(RUNNING_STRING)); + } + + @Test + public void testSignedAppletWithManifestAttributeAndNoJnlpSecurity() throws Exception { + ProcessResult pr = server.executeJavawsHeadless("TrustedOnlyAttribute-signed-nosecurity.jnlp"); + assertTrue("Applet should have failed to launch", pr.stderr.contains("LaunchException")); + assertFalse("Applet should not have run", pr.stdout.contains(RUNNING_STRING)); + } + + @Test + public void testSignedAppletWithManifestAttributeWithJnlpSecurity() throws Exception { + ProcessResult pr = server.executeJavawsHeadless("TrustedOnlyAttribute-signed-security.jnlp"); + assertFalse("Applet should not have failed to launch", pr.stderr.contains("LaunchException")); + assertTrue("Applet should have run", pr.stdout.contains(RUNNING_STRING)); + } + + @NeedsDisplay + @Test + @TestInBrowsers(testIn={Browsers.one}) + public void testUnsignedAppletWithManifestAttributeAndNoHtmlSecurity() throws Exception { + ProcessResult pr = server.executeBrowser("TrustedOnlyAttribute-unsigned.html", AutoClose.CLOSE_ON_BOTH); + assertTrue("Applet should have failed to launch", pr.stderr.contains("LaunchException")); + assertFalse("Applet should not have run", pr.stdout.contains(RUNNING_STRING)); + } + + @Test + public void testUnsignedAppletWithManifestAttributeAndNoJnlpSecurity() throws Exception { + ProcessResult pr = server.executeJavawsHeadless("TrustedOnlyAttribute-unsigned-nosecurity.jnlp"); + assertTrue("Applet should have failed to launch", pr.stderr.contains("LaunchException")); + assertFalse("Applet should not have run", pr.stdout.contains(RUNNING_STRING)); + } + + @Test + public void testUnsignedAppletWithManifestAttributeWithJnlpSecurity() throws Exception { + ProcessResult pr = server.executeJavawsHeadless("TrustedOnlyAttribute-unsigned-security.jnlp"); + assertTrue("Applet should have failed to launch", pr.stderr.contains("LaunchException")); + assertFalse("Applet should not have run", pr.stdout.contains(RUNNING_STRING)); + } +}