Mercurial > hg > release > icedtea-web-1.6
changeset 1183:7dc1ec5da8c5
Change Manifest Attributes Checker to check combinations of attributes
2015-03-25 Lukasz Dracz <ldracz@redhat.com>
Change Manifest Attributes Checker to check combinations of attributes
* netx/net/sourceforge/jnlp/config/BasicValueValidators.java:
Added MultipleStringValueValidator that validates single and combination
of string values. Added ManifestAttributesCheckValidator uses
MultipleStringValueValidator with the appropriate Manifest Attributes
options
* netx/net/sourceforge/jnlp/config/Defaults.java:
Changed manifest attributes check validator to ManifestAttributesCheckValidator
and made have default value of ALL
* netx/net/sourceforge/jnlp/resources/Messages.properties:
(MACDisabledMessage, MACCheckSkipped): added
* netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java:
MANIFEST_ATTRIBUTES_CHECK enum added,
changed logic to allow combinations of attributes to be checked,
Translator.R made into static import
* tests/netx/unit/net/sourceforge/jnlp/config/BasicValueValidatorsTests.java:
(testMultipleStringValueValidator, testMultipleStringValueValidatorCantMixSingleAndComboValues,
testManifestAttributesCheckValidator): added
* tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java:
Changed to work with new ManifestAttributesChecker, set to ALL which is equivalent to
the old value of true
* tests/reproducers/custom/PartiallySignedAppletManifestSpecifiesSandbox/testcases/PartiallySignedAppletManifestSpecifiesSandboxTests.java:
Added BeforeClass and AfterClass handling of deployment.properties file to ensure PERMISSIONS
and ALLOW_UNSIGNED are active for tests to pass then reverted to previous values for next tests
* tests/reproducers/signed/SignedAppletManifestSpecifiesSandbox/testcases/SignedAppletManifestSpecifiesSandboxTests.java:
Added BeforeClass and AfterClass handling of deployment.properties file to ensure PERMISSIONS
is set for tests to pass then reverted to previous values for next tests
author | Lukasz Dracz <ldracz@redhat.com> |
---|---|
date | Wed, 25 Mar 2015 14:33:42 -0400 |
parents | 7895d4fc25aa |
children | 3a1ad6a916a8 |
files | ChangeLog netx/net/sourceforge/jnlp/config/BasicValueValidators.java netx/net/sourceforge/jnlp/config/Defaults.java netx/net/sourceforge/jnlp/resources/Messages.properties netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java tests/netx/unit/net/sourceforge/jnlp/config/BasicValueValidatorsTests.java tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java tests/reproducers/custom/PartiallySignedAppletManifestSpecifiesSandbox/testcases/PartiallySignedAppletManifestSpecifiesSandboxTests.java tests/reproducers/signed/SignedAppletManifestSpecifiesSandbox/testcases/SignedAppletManifestSpecifiesSandboxTests.java |
diffstat | 9 files changed, 366 insertions(+), 28 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Mon Mar 23 12:01:40 2015 -0400 +++ b/ChangeLog Wed Mar 25 14:33:42 2015 -0400 @@ -1,3 +1,33 @@ +2015-03-25 Lukasz Dracz <ldracz@redhat.com> + + Change Manifest Attributes Checker to check combinations of attributes + * netx/net/sourceforge/jnlp/config/BasicValueValidators.java: + Added MultipleStringValueValidator that validates single and combination + of string values. Added ManifestAttributesCheckValidator uses + MultipleStringValueValidator with the appropriate Manifest Attributes + options + * netx/net/sourceforge/jnlp/config/Defaults.java: + Changed manifest attributes check validator to ManifestAttributesCheckValidator + and made have default value of ALL + * netx/net/sourceforge/jnlp/resources/Messages.properties: + (MACDisabledMessage, MACCheckSkipped): added + * netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java: + MANIFEST_ATTRIBUTES_CHECK enum added, + changed logic to allow combinations of attributes to be checked, + Translator.R made into static import + * tests/netx/unit/net/sourceforge/jnlp/config/BasicValueValidatorsTests.java: + (testMultipleStringValueValidator, testMultipleStringValueValidatorCantMixSingleAndComboValues, + testManifestAttributesCheckValidator): added + * tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java: + Changed to work with new ManifestAttributesChecker, set to ALL which is equivalent to + the old value of true + * tests/reproducers/custom/PartiallySignedAppletManifestSpecifiesSandbox/testcases/PartiallySignedAppletManifestSpecifiesSandboxTests.java: + Added BeforeClass and AfterClass handling of deployment.properties file to ensure PERMISSIONS + and ALLOW_UNSIGNED are active for tests to pass then reverted to previous values for next tests + * tests/reproducers/signed/SignedAppletManifestSpecifiesSandbox/testcases/SignedAppletManifestSpecifiesSandboxTests.java: + Added BeforeClass and AfterClass handling of deployment.properties file to ensure PERMISSIONS + is set for tests to pass then reverted to previous values for next tests + 2015-03-23 Lukasz Dracz <ldracz@redhat.com> Fix itweb-settings set command to allow duplicate strings
--- a/netx/net/sourceforge/jnlp/config/BasicValueValidators.java Mon Mar 23 12:01:40 2015 -0400 +++ b/netx/net/sourceforge/jnlp/config/BasicValueValidators.java Wed Mar 25 14:33:42 2015 -0400 @@ -37,6 +37,8 @@ package net.sourceforge.jnlp.config; +import net.sourceforge.jnlp.runtime.ManifestAttributesChecker; + import java.io.File; import static net.sourceforge.jnlp.runtime.Translator.R; @@ -202,6 +204,91 @@ } /** + * Checks that the value is one of the acceptable single String values + * or an acceptable combination of String values + */ + private static class MultipleStringValueValidator implements ValueValidator { + private final String[] singleOptions; + private final String[] comboOptions; + + public MultipleStringValueValidator(String[] singleOptions, String[] comboOptions) { + this.singleOptions = singleOptions; + this.comboOptions = comboOptions; + } + + @Override + public void validate(Object value) throws IllegalArgumentException { + Object possibleValue = value; + if (!(possibleValue instanceof String)) { + throw new IllegalArgumentException("Must be a string"); + } + + String stringVal = (String) possibleValue; + boolean found = false; + for (String knownVal : singleOptions) { + if (knownVal.equals(stringVal)) { + found = true; + break; + } + } + + if (!found) { + String[] possibleCombo = splitCombination(stringVal); + for (String val : possibleCombo) { + if (comboOptionsContains(val)) { + found = true; + } else { + throw new IllegalArgumentException(); + } + } + } + + if (!found) { + throw new IllegalArgumentException(); + } + } + + private boolean comboOptionsContains(String possibleVal) { + for (String value : comboOptions) { + if (value.equals(possibleVal)) { + return true; + } + } + return false; + } + + @Override + public String getPossibleValues() { + String message = "(Values that can be used alone only): " + Arrays.toString(singleOptions) + + " (Values that can be used in combination separated by the delimiter \"" + + DELIMITER + "\" with no space expected ): " + Arrays.toString(comboOptions); + return message; + } + + } + + private final static String DELIMITER = ","; + + public static String[] splitCombination(String val) { + return val.split(DELIMITER); + } + + private static class ManifestAttributeCheckValidator extends MultipleStringValueValidator { + + public ManifestAttributeCheckValidator() { + super(new String[] { + ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.ALL.toString(), + ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.NONE.toString() + }, new String[] { + ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.ALAC.toString(), + ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.CODEBASE.toString(), + ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.ENTRYPOINT.toString(), + ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS.toString(), + ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.TRUSTED.toString() + }); + } + } + /** * Checks that the value is a URL */ private static class UrlValidator implements ValueValidator { @@ -262,6 +349,26 @@ } /** + * Returns a {@link ValueValidator} that checks if an object is a string from + * one of the provided single option Strings or a combination from + * the provided combination Strings. + * @param singleValues an array of Strings which are considered valid only by themselves + * @param comboValues an array of Strings which are considered valid in any combination + * with themselves + */ + public static ValueValidator getMultipleStringValidator(String[] singleValues, String[] comboValues) { + return new MultipleStringValueValidator(singleValues, comboValues); + } + + /** + * Returns a {@link ValueValidator} that checks if an object is a string + * from the possible single or combination ManifestAttributeCheck values + */ + public static ValueValidator getManifestAttributeCheckValidator() { + return new ManifestAttributeCheckValidator(); + } + + /** * @return a {@link ValueValidator} that checks if an object represents a * valid url */
--- a/netx/net/sourceforge/jnlp/config/Defaults.java Mon Mar 23 12:01:40 2015 -0400 +++ b/netx/net/sourceforge/jnlp/config/Defaults.java Wed Mar 25 14:33:42 2015 -0400 @@ -43,6 +43,8 @@ import net.sourceforge.jnlp.ShortcutDesc; import static net.sourceforge.jnlp.config.PathsAndFiles.*; import net.sourceforge.jnlp.runtime.JNLPProxySelector; +import net.sourceforge.jnlp.runtime.ManifestAttributesChecker; + import static net.sourceforge.jnlp.runtime.Translator.R; /** @@ -409,8 +411,8 @@ //enable manifest-attributes checks { DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, - BasicValueValidators.getBooleanValidator(), - String.valueOf(true) + BasicValueValidators.getManifestAttributeCheckValidator(), + String.valueOf("ALL") } };
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Mon Mar 23 12:01:40 2015 -0400 +++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Wed Mar 25 14:33:42 2015 -0400 @@ -95,6 +95,10 @@ and<br/> <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/no_redeploy.html"> \ Preventing the Repurposing of an Application</a> +MACDisabledMessage=Manifest attribute checks are disabled. +MACCheckSkipped=check on {0} skipped because property of deployment.manifest.attributes.check \ +was not set to ALL or includes {1} in the combination of options + # LS - Severity LSMinor=Minor LSFatal=Fatal
--- a/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java Mon Mar 23 12:01:40 2015 -0400 +++ b/netx/net/sourceforge/jnlp/runtime/ManifestAttributesChecker.java Wed Mar 25 14:33:42 2015 -0400 @@ -37,7 +37,9 @@ package net.sourceforge.jnlp.runtime; import java.net.URL; +import java.util.ArrayList; import java.util.HashSet; +import java.util.List; import java.util.Set; import net.sourceforge.jnlp.ExtensionDesc; @@ -59,13 +61,15 @@ import net.sourceforge.jnlp.util.UrlUtils; import net.sourceforge.jnlp.util.logging.OutputController; +import static net.sourceforge.jnlp.config.BasicValueValidators.splitCombination; +import static net.sourceforge.jnlp.runtime.Translator.R; + public class ManifestAttributesChecker { private final SecurityDesc security; private final JNLPFile file; private final SigningState signing; private final SecurityDelegate securityDelegate; - public static final String MANIFEST_CHECK_DISABLED_MESSAGE = "Manifest attribute checks are disabled."; public ManifestAttributesChecker(final SecurityDesc security, final JNLPFile file, final SigningState signing, final SecurityDelegate securityDelegate) throws LaunchException { @@ -75,24 +79,66 @@ this.securityDelegate = securityDelegate; } + public enum MANIFEST_ATTRIBUTES_CHECK { + ALL, + NONE, + PERMISSIONS, + CODEBASE, + TRUSTED, + ALAC, + ENTRYPOINT + } + void checkAll() throws LaunchException { - if (isCheckEnabled()) { - checkPermissionsAttribute(); - checkTrustedOnlyAttribute(); - checkCodebaseAttribute(); - checkPermissionsAttribute(); - checkApplicationLibraryAllowableCodebaseAttribute(); - checkEntryPoint(); + List<MANIFEST_ATTRIBUTES_CHECK> attributesCheck = getAttributesCheck(); + if (attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.NONE)) { + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, R("MACDisabledMessage")); } else { - OutputController.getLogger().log(OutputController.Level.WARNING_ALL, MANIFEST_CHECK_DISABLED_MESSAGE); + + if (attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.TRUSTED) || + attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.ALL)) { + checkTrustedOnlyAttribute(); + } else { + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, R("MACCheckSkipped", "Trusted-Only", "TRUSTED")); + } + + if (attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.CODEBASE) || + attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.ALL)) { + checkCodebaseAttribute(); + } else { + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, R("MACCheckSkipped", "Codebase", "CODEBASE")); + } + + if (attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS) || + attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.ALL)) { + checkPermissionsAttribute(); + } else { + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, R("MACCheckSkipped", "Permissions", "PERMISSIONS")); + } + + if (attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.ALAC) || + attributesCheck.contains(MANIFEST_ATTRIBUTES_CHECK.ALL)) { + checkApplicationLibraryAllowableCodebaseAttribute(); + } else { + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, R("MACCheckSkipped", "Application Library Allowable Codebase", "ALAC")); + } + } } - public static boolean isCheckEnabled() { + public static List<MANIFEST_ATTRIBUTES_CHECK> getAttributesCheck() { final String deploymentProperty = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK); - return Boolean.parseBoolean(deploymentProperty); + String[] attributesCheck = splitCombination(deploymentProperty); + List<MANIFEST_ATTRIBUTES_CHECK> manifestAttributesCheckList = new ArrayList<>(); + for (String attribute : attributesCheck) { + for (MANIFEST_ATTRIBUTES_CHECK manifestAttribute : MANIFEST_ATTRIBUTES_CHECK.values()) { + if (manifestAttribute.toString().equals(attribute)) { + manifestAttributesCheckList.add(manifestAttribute); + } + } + } + return manifestAttributesCheckList; } - /* * http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#entry_pt */ @@ -159,16 +205,16 @@ || (isSandboxed && SecurityDesc.SANDBOX_PERMISSIONS.equals(desc)); final String signedMsg; if (isFullySigned && !isSandboxed) { - signedMsg = Translator.R("STOAsignedMsgFully"); + signedMsg = R("STOAsignedMsgFully"); } else if (isFullySigned && isSandboxed) { - signedMsg = Translator.R("STOAsignedMsgAndSandbox"); + signedMsg = R("STOAsignedMsgAndSandbox"); } else { - signedMsg = Translator.R("STOAsignedMsgPartiall"); + signedMsg = R("STOAsignedMsgPartiall"); } OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, "Trusted Only manifest attribute is \"true\". " + signedMsg + " and requests permission level: " + securityType); if (!(isFullySigned && requestsCorrectPermissions)) { - throw new LaunchException(Translator.R("STrustedOnlyAttributeFailure", signedMsg, securityType)); + throw new LaunchException(R("STrustedOnlyAttributeFailure", signedMsg, securityType)); } } @@ -177,30 +223,30 @@ */ private void checkCodebaseAttribute() throws LaunchException { if (file.getCodeBase() == null || file.getCodeBase().getProtocol().equals("file")) { - OutputController.getLogger().log(OutputController.Level.WARNING_ALL, Translator.R("CBCheckFile")); + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, R("CBCheckFile")); return; } final Object securityType = security.getSecurityType(); final URL codebase = UrlUtils.guessCodeBase(file); final ClasspathMatchers codebaseAtt = file.getManifestsAttributes().getCodebase(); if (codebaseAtt == null) { - OutputController.getLogger().log(OutputController.Level.WARNING_ALL, Translator.R("CBCheckNoEntry")); + OutputController.getLogger().log(OutputController.Level.WARNING_ALL, R("CBCheckNoEntry")); return; } if (securityType.equals(SecurityDesc.SANDBOX_PERMISSIONS)) { if (codebaseAtt.matches(codebase)) { - OutputController.getLogger().log(OutputController.Level.MESSAGE_ALL, Translator.R("CBCheckUnsignedPass")); + OutputController.getLogger().log(OutputController.Level.MESSAGE_ALL, R("CBCheckUnsignedPass")); } else { - OutputController.getLogger().log(OutputController.Level.ERROR_ALL, Translator.R("CBCheckUnsignedFail")); + OutputController.getLogger().log(OutputController.Level.ERROR_ALL, R("CBCheckUnsignedFail")); } } else { if (codebaseAtt.matches(codebase)) { - OutputController.getLogger().log(OutputController.Level.MESSAGE_ALL, Translator.R("CBCheckOkSignedOk")); + OutputController.getLogger().log(OutputController.Level.MESSAGE_ALL, R("CBCheckOkSignedOk")); } else { if (file instanceof PluginBridge) { - throw new LaunchException(Translator.R("CBCheckSignedAppletDontMatchException", file.getManifestsAttributes().getCodebase().toString(), codebase)); + throw new LaunchException(R("CBCheckSignedAppletDontMatchException", file.getManifestsAttributes().getCodebase().toString(), codebase)); } else { - OutputController.getLogger().log(OutputController.Level.ERROR_ALL, Translator.R("CBCheckSignedFail")); + OutputController.getLogger().log(OutputController.Level.ERROR_ALL, R("CBCheckSignedFail")); } } }
--- a/tests/netx/unit/net/sourceforge/jnlp/config/BasicValueValidatorsTests.java Mon Mar 23 12:01:40 2015 -0400 +++ b/tests/netx/unit/net/sourceforge/jnlp/config/BasicValueValidatorsTests.java Wed Mar 25 14:33:42 2015 -0400 @@ -130,4 +130,55 @@ Assert.assertTrue(ex instanceof IllegalArgumentException); } } + + @Test + public void testMultipleStringValueValidator() { + String[] singleValues = { + "SINGLE", "ONLY", "NONE" + }; + String[] multipleValues = { + "MULTIPLE", "COMBO", "ONE", "TWO", "THREE" + }; + ValueValidator multipleValidator = BasicValueValidators.getMultipleStringValidator(singleValues, multipleValues); + + multipleValidator.validate("SINGLE"); + multipleValidator.validate("ONLY"); + multipleValidator.validate("NONE"); + multipleValidator.validate("MULTIPLE"); + multipleValidator.validate("MULTIPLE,COMBO,TWO"); + multipleValidator.validate("THREE,ONE,COMBO,MULTIPLE"); + } + + @Test(expected = IllegalArgumentException.class) + public void testMultipleStringValueValidatorCantMixSingleAndComboValues() { + String[] singleValues = { + "SINGLE", "ONLY", "NONE" + }; + String[] multipleValues = { + "MULTIPLE", "COMBO", "ONE", "TWO", "THREE" + }; + ValueValidator multipleValidator = BasicValueValidators.getMultipleStringValidator(singleValues, multipleValues); + + multipleValidator.validate("SINGLE,COMBO"); + } + + @Test + public void testManifestAttributeCheckValidator() { + ValueValidator multipleValidator = BasicValueValidators.getManifestAttributeCheckValidator(); + + multipleValidator.validate("ALL"); + multipleValidator.validate("PERMISSIONS"); + multipleValidator.validate("NONE"); + multipleValidator.validate("ALAC"); + multipleValidator.validate("CODEBASE"); + multipleValidator.validate("CODEBASE,ALAC,PERMISSIONS"); + multipleValidator.validate("TRUSTED,ALAC,CODEBASE"); + } + + @Test(expected = IllegalArgumentException.class) + public void testManifestAttributeCheckValidatorCantMixSingleAndComboValues() { + ValueValidator multipleValidator = BasicValueValidators.getManifestAttributeCheckValidator(); + + multipleValidator.validate("ALL,CODEBASE,NONE"); + } }
--- a/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java Mon Mar 23 12:01:40 2015 -0400 +++ b/tests/netx/unit/net/sourceforge/jnlp/runtime/JNLPFileTest.java Wed Mar 25 14:33:42 2015 -0400 @@ -39,6 +39,7 @@ import java.io.File; import java.net.URL; import java.util.Arrays; +import java.util.List; import java.util.Locale; import java.util.jar.Attributes; import java.util.jar.Manifest; @@ -60,14 +61,14 @@ public class JNLPFileTest extends NoStdOutErrTest { private static AppletSecurityLevel level; - private static boolean attCheckValue; + private static List<ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK> attCheckValue; @BeforeClass public static void setPermissions() { level = AppletStartupSecuritySettings.getInstance().getSecurityLevel(); - attCheckValue = ManifestAttributesChecker.isCheckEnabled(); + attCheckValue = ManifestAttributesChecker.getAttributesCheck(); JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL, AppletSecurityLevel.ALLOW_UNSIGNED.toChars()); - JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, String.valueOf(true)); + JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, String.valueOf(ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.ALL)); } @AfterClass
--- a/tests/reproducers/custom/PartiallySignedAppletManifestSpecifiesSandbox/testcases/PartiallySignedAppletManifestSpecifiesSandboxTests.java Mon Mar 23 12:01:40 2015 -0400 +++ b/tests/reproducers/custom/PartiallySignedAppletManifestSpecifiesSandbox/testcases/PartiallySignedAppletManifestSpecifiesSandboxTests.java Wed Mar 25 14:33:42 2015 -0400 @@ -36,6 +36,10 @@ */ import static org.junit.Assert.assertTrue; + +import java.io.File; +import java.io.IOException; + import net.sourceforge.jnlp.ProcessResult; import net.sourceforge.jnlp.annotations.Bug; import net.sourceforge.jnlp.annotations.NeedsDisplay; @@ -44,6 +48,10 @@ import net.sourceforge.jnlp.browsertesting.Browsers; import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; +import net.sourceforge.jnlp.config.PathsAndFiles; +import net.sourceforge.jnlp.util.FileUtils; +import org.junit.AfterClass; +import org.junit.BeforeClass; import org.junit.Test; public class PartiallySignedAppletManifestSpecifiesSandboxTests extends BrowserTest { @@ -56,6 +64,52 @@ private static final String STACKTRACE_NOT_GRANT_PERMISSIONS_TYPE = "Cannot grant permissions to unsigned jars"; private static final String USER_HOME = System.getProperty("user.home"); + private static File deployFile; + private static String attributesCheck; + private static String securityLevel; + + @BeforeClass + public static void setupDeploymentProperties() throws IOException { + deployFile = PathsAndFiles.USER_DEPLOYMENT_FILE.getFile(); + String properties = FileUtils.loadFileAsString(deployFile); + + for (String line : properties.split("\n")) { + if (line.contains("deployment.manifest.attribute.check")) { + attributesCheck = line; + properties = properties.replace(line, "deployment.manifest.attributes.check=PERMISSIONS\n"); + } + if (line.contains("deployment.security.level")) { + securityLevel = line; + properties = properties.replace(line, "deployment.security.level=ALLOW_UNSIGNED\n"); + } + } + if (attributesCheck == null) { + properties += "deployment.manifest.attributes.check=PERMISSIONS\n"; + } + if (securityLevel == null) { + properties += "deployment.security.level=ALLOW_UNSIGNED\n"; + } + + FileUtils.saveFile(properties, deployFile); + } + + @AfterClass + public static void setbackDeploymentProperties() throws IOException { + String properties = FileUtils.loadFileAsString(deployFile); + if (attributesCheck != null) { + properties = properties.replace("deployment.manifest.attributes.check=PERMISSIONS\n", attributesCheck); + } else { + properties = properties.replace("deployment.manifest.attributes.check=PERMISSIONS\n", ""); + } + + if (securityLevel != null) { + properties = properties.replace("deployment.security.level=ALLOW_UNSIGNED\n", securityLevel); + } else { + properties = properties.replace("deployment.security.level=ALLOW_UNSIGNED\n", ""); + } + FileUtils.saveFile(properties, deployFile); + } + @Test @NeedsDisplay @TestInBrowsers(testIn={Browsers.one})
--- a/tests/reproducers/signed/SignedAppletManifestSpecifiesSandbox/testcases/SignedAppletManifestSpecifiesSandboxTests.java Mon Mar 23 12:01:40 2015 -0400 +++ b/tests/reproducers/signed/SignedAppletManifestSpecifiesSandbox/testcases/SignedAppletManifestSpecifiesSandboxTests.java Wed Mar 25 14:33:42 2015 -0400 @@ -36,6 +36,11 @@ */ import static org.junit.Assert.assertTrue; + +import java.io.File; +import java.io.IOException; +import java.util.List; + import net.sourceforge.jnlp.ProcessResult; import net.sourceforge.jnlp.annotations.Bug; import net.sourceforge.jnlp.annotations.NeedsDisplay; @@ -44,6 +49,11 @@ import net.sourceforge.jnlp.browsertesting.Browsers; import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; +import net.sourceforge.jnlp.config.PathsAndFiles; +import net.sourceforge.jnlp.runtime.ManifestAttributesChecker; +import net.sourceforge.jnlp.util.FileUtils; +import org.junit.AfterClass; +import org.junit.BeforeClass; import org.junit.Test; public class SignedAppletManifestSpecifiesSandboxTests extends BrowserTest { @@ -56,6 +66,39 @@ private static final String JNLP_EXPECTED_STDOUT = "Initialization Error"; private static final String JNLP_EXPECTED_STDERR = "net.sourceforge.jnlp.LaunchException"; + private static File deployFile; + private static String attributesCheck; + + @BeforeClass + public static void setupDeploymentProperties() throws IOException { + deployFile = PathsAndFiles.USER_DEPLOYMENT_FILE.getFile(); + String properties = FileUtils.loadFileAsString(deployFile); + + for (String line : properties.split("\n")) { + if (line.contains("deployment.manifest.attribute.check")) { + attributesCheck = line; + properties = properties.replace(line, "deployment.manifest.attributes.check=PERMISSIONS\n"); + } + } + if (attributesCheck == null) { + properties += "deployment.manifest.attributes.check=PERMISSIONS\n"; + } + + FileUtils.saveFile(properties, deployFile); + } + + @AfterClass + public static void setbackDeploymentProperties() throws IOException { + String properties = FileUtils.loadFileAsString(deployFile); + if (attributesCheck != null) { + properties = properties.replace("deployment.manifest.attributes.check=PERMISSIONS\n", attributesCheck); + } else { + properties = properties.replace("deployment.manifest.attributes.check=PERMISSIONS\n", ""); + } + + FileUtils.saveFile(properties, deployFile); + } + @Test @NeedsDisplay @TestInBrowsers(testIn={Browsers.one})