Mercurial > hg > release > icedtea-web-1.8
changeset 1273:a8f8a311b30d
Initial push for big trusted-only/mixed-permissions reproducer
* tests/reproducers/custom/MixedSigningAndTrustedOnly/resources/MixedSigningAndTrustedOnly.html.in: template for javaws html and browser test (substitute archives and mainclass and commnad)
* tests/reproducers/custom/MixedSigningAndTrustedOnly/resources/MixedSigningAndTrustedOnlyApp.jnlp.in: template for javaws (substitute security, archives and mainclass and commnads)
* tests/reproducers/custom/MixedSigningAndTrustedOnly/resources/MixedSigningAndTrustedOnlyApplet.jnlp.in: template for javaws applet (substitute security, archives and mainclass and commnads)
* tests/reproducers/custom/MixedSigningAndTrustedOnly/srcs/MANIFEST.MF: manifest with Trusted-only: true to be potentially used in jars
* tests/reproducers/custom/MixedSigningAndTrustedOnly/srcs/Makefile: custom makefile which generates 12 jars. six signed, six unsigned, six with manifest, six without. two times two with one class, two with both classes
* tests/reproducers/custom/MixedSigningAndTrustedOnly/srcs/MixedSigningAndTrustedOnlyClass1.java: source class1, may confirm itself, try privileged action, try those two on second class,
* tests/reproducers/custom/MixedSigningAndTrustedOnly/srcs/MixedSigningAndTrustedOnlyClass2.java: same but vice versa
* tests/reproducers/custom/MixedSigningAndTrustedOnly/testcases/MixedSigningAndTrustedOnly.java: utility class for this reproducer (with tests)
* tests/reproducers/custom/MixedSigningAndTrustedOnly/testcases/MixedSigningAndTrustedOnlyBS1.java:
simple twelve tests verifying single signed jar with both classes without manifest work
line wrap: on
line diff
--- a/ChangeLog Mon Jul 27 18:46:37 2015 +0200 +++ b/ChangeLog Wed Jul 29 15:43:27 2015 +0200 @@ -1,3 +1,26 @@ +2015-07-29 Jiri Vanek <jvanek@redhat.com> + + Initial push for big trusted-only/mixed-permissions reproducer + * tests/reproducers/custom/MixedSigningAndTrustedOnly/resources/MixedSigningAndTrustedOnly.html.in: + template for javaws html and browser test (substitute archives and mainclass and commnad) + * tests/reproducers/custom/MixedSigningAndTrustedOnly/resources/MixedSigningAndTrustedOnlyApp.jnlp.in: + template for javaws (substitute security, archives and mainclass and commnads) + * tests/reproducers/custom/MixedSigningAndTrustedOnly/resources/MixedSigningAndTrustedOnlyApplet.jnlp.in: + template for javaws applet (substitute security, archives and mainclass and commnads) + * tests/reproducers/custom/MixedSigningAndTrustedOnly/srcs/MANIFEST.MF: + manifest with Trusted-only: true to be potentially used in jars + * tests/reproducers/custom/MixedSigningAndTrustedOnly/srcs/Makefile: + custom makefile which generates 12 jars. six signed, six unsigned, six with manifest, six without. + two times two with one class, two with both classes + * tests/reproducers/custom/MixedSigningAndTrustedOnly/srcs/MixedSigningAndTrustedOnlyClass1.java: + source class1, may confirm itself, try privileged action, try those two on second class, + * tests/reproducers/custom/MixedSigningAndTrustedOnly/srcs/MixedSigningAndTrustedOnlyClass2.java: + same but vice versa + * tests/reproducers/custom/MixedSigningAndTrustedOnly/testcases/MixedSigningAndTrustedOnly.java: + utility class for this reproducer (with tests) + * tests/reproducers/custom/MixedSigningAndTrustedOnly/testcases/MixedSigningAndTrustedOnlyBS1.java: + simple twelve tests verifying single signed jar with both classes without manifest works + 2015-07-27 Jiri Vanek <jvanek@redhat.com> Removed last remains of BOOT_DIR
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/MixedSigningAndTrustedOnly/resources/MixedSigningAndTrustedOnly.html.in Wed Jul 29 15:43:27 2015 +0200 @@ -0,0 +1,49 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<html> + <head></head> + <body> + <applet code="@MAIN_CLASS@.class" + archive="@APPLET_ARCHIVES@" + codebase="." + width="640" + height="480"> + @APPLET_PARAMS@ + </applet> + </body> +</html>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/MixedSigningAndTrustedOnly/resources/MixedSigningAndTrustedOnlyApp.jnlp.in Wed Jul 29 15:43:27 2015 +0200 @@ -0,0 +1,55 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" @HREF@ codebase="."> + <information> + <title>MixedSigningAndTrustedOnly</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>Test per-JAR security assignment and permissions with or without Tusted-Only</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + @JNLP_ARCHIVES@ + </resources> + @SECURITY_TAG@ + <application-desc main-class="@MAIN_CLASS@"> + @JNLP_ARGS@ + </application-desc> +</jnlp>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/MixedSigningAndTrustedOnly/resources/MixedSigningAndTrustedOnlyApplet.jnlp.in Wed Jul 29 15:43:27 2015 +0200 @@ -0,0 +1,60 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" @HREF@ codebase="."> + <information> + <title>MixedSigningAndTrustedOnly</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>Test per-JAR security assignment and permissions with or without Tusted-Only</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + @JNLP_ARCHIVES@ + </resources> + @SECURITY_TAG@ + <applet-desc + documentBase="." + name="MixedSigningAndTrustedOnly" + main-class="@MAIN_CLASS@" + width="100" + height="100"> + @APPLET_PARAMS@ + </applet-desc> +</jnlp>
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/MixedSigningAndTrustedOnly/srcs/MANIFEST.MF Wed Jul 29 15:43:27 2015 +0200 @@ -0,0 +1,2 @@ +Trusted-only: true +Application-Name: MixedSigningAndTrustedOnly
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/MixedSigningAndTrustedOnly/srcs/Makefile Wed Jul 29 15:43:27 2015 +0200 @@ -0,0 +1,69 @@ +TESTNAME=MixedSigningAndTrustedOnly + +SRC_NAME1=$(TESTNAME)Class1 +SRC_NAME2=$(TESTNAME)Class2 +SRC_FILE1=$(SRC_NAME1).java +SRC_FILE2=$(SRC_NAME2).java +COMPILED_FILES1=$(SRC_NAME1)*.class +COMPILED_FILES2=$(SRC_NAME2)*.class + +JAVAC_CLASSPATH=$(TEST_EXTENSIONS_DIR):$(NETX_DIR)/lib/classes.jar +JAVAC=$(EXPORTED_JAVAC) +JAR=$(EXPORTED_JAR) +JARSIGNER=$(EXPORTED_JARSIGNER) +JARSIGNER_CMD=$(JARSIGNER) -keystore $(TOP_BUILD_DIR)/$(PRIVATE_KEYSTORE_NAME) -storepass $(PRIVATE_KEYSTORE_PASS) -keypass $(PRIVATE_KEYSTORE_PASS) +SIGFILE=-sigfile Alpha + +SIGNED1=$(TESTNAME)BothSigned.jar +SIGNED2=$(TESTNAME)FirstSigned.jar +SIGNED3=$(TESTNAME)SecondSigned.jar +UNSIGNED1=$(TESTNAME)BothUnsigned.jar +UNSIGNED2=$(TESTNAME)FirstUnsigned.jar +UNSIGNED3=$(TESTNAME)SecondUnsigned.jar + +MSIGNED1=$(TESTNAME)BothSignedManifest.jar +MSIGNED2=$(TESTNAME)FirstSignedManifest.jar +MSIGNED3=$(TESTNAME)SecondSignedManifest.jar +MUNSIGNED1=$(TESTNAME)BothUnsignedManifest.jar +MUNSIGNED2=$(TESTNAME)FirstUnsignedManifest.jar +MUNSIGNED3=$(TESTNAME)SecondUnsignedManifest.jar + +MANIFEST=MANIFEST.MF +TMPDIR:=$(shell mktemp -d) + +prepare-reproducer: + echo PREPARING REPRODUCER $(TESTNAME) ; \ + $(JAVAC) -d $(TMPDIR) -classpath $(JAVAC_CLASSPATH) $(SRC_FILE1) $(SRC_FILE2); \ + cp ../resources/* $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR); \ + pushd $(TMPDIR); \ + $(JAR) cf $(SIGNED1) $(COMPILED_FILES1) $(COMPILED_FILES2); \ + $(JAR) cf $(SIGNED2) $(COMPILED_FILES1) ; \ + $(JAR) cf $(SIGNED3) $(COMPILED_FILES2); \ + $(JAR) cf $(UNSIGNED1) $(COMPILED_FILES1) $(COMPILED_FILES2); \ + $(JAR) cf $(UNSIGNED2) $(COMPILED_FILES1) ; \ + $(JAR) cf $(UNSIGNED3) $(COMPILED_FILES2); \ + popd ; \ + cp $(MANIFEST) $(TMPDIR) ; \ + pushd $(TMPDIR); \ + $(JAR) cfm $(MSIGNED1) $(MANIFEST) $(COMPILED_FILES1) $(COMPILED_FILES2); \ + $(JAR) cfm $(MSIGNED2) $(MANIFEST) $(COMPILED_FILES1) ; \ + $(JAR) cfm $(MSIGNED3) $(MANIFEST) $(COMPILED_FILES2); \ + $(JAR) cfm $(MUNSIGNED1) $(MANIFEST) $(COMPILED_FILES1) $(COMPILED_FILES2); \ + $(JAR) cfm $(MUNSIGNED2) $(MANIFEST) $(COMPILED_FILES1) ; \ + $(JAR) cfm $(MUNSIGNED3) $(MANIFEST) $(COMPILED_FILES2); \ + popd ; \ + $(JARSIGNER_CMD) $(SIGFILE) $(TMPDIR)/$(SIGNED1) $(TEST_CERT_ALIAS)_signed; \ + $(JARSIGNER_CMD) $(SIGFILE) $(TMPDIR)/$(SIGNED2) $(TEST_CERT_ALIAS)_signed; \ + $(JARSIGNER_CMD) $(SIGFILE) $(TMPDIR)/$(SIGNED3) $(TEST_CERT_ALIAS)_signed; \ + $(JARSIGNER_CMD) $(SIGFILE) $(TMPDIR)/$(MSIGNED1) $(TEST_CERT_ALIAS)_signed; \ + $(JARSIGNER_CMD) $(SIGFILE) $(TMPDIR)/$(MSIGNED2) $(TEST_CERT_ALIAS)_signed; \ + $(JARSIGNER_CMD) $(SIGFILE) $(TMPDIR)/$(MSIGNED3) $(TEST_CERT_ALIAS)_signed; \ + cp $(TMPDIR)/{$(SIGNED1),$(SIGNED2),$(SIGNED3)} $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR); \ + cp $(TMPDIR)/{$(UNSIGNED1),$(UNSIGNED2),$(UNSIGNED3)} $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR); \ + cp $(TMPDIR)/{$(MSIGNED1),$(MSIGNED2),$(MSIGNED3)} $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR); \ + cp $(TMPDIR)/{$(MUNSIGNED1),$(MUNSIGNED2),$(MUNSIGNED3)} $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR); \ + echo PREPARED REPRODUCER $(TESTNAME), removing $(TMPDIR); \ + rm -rf $(TMPDIR); + +clean-reproducer: + echo NOTHING TO CLEAN FOR $(TESTNAME)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/MixedSigningAndTrustedOnly/srcs/MixedSigningAndTrustedOnlyClass1.java Wed Jul 29 15:43:27 2015 +0200 @@ -0,0 +1,110 @@ +/* + Copyright (C) 2013 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ + +import java.applet.Applet; +import java.util.Arrays; + +public class MixedSigningAndTrustedOnlyClass1 extends Applet { + + private static final String ID1 = "MixedSigningAndTrustedOnlyClass1"; + private static final String ID2 = "MixedSigningAndTrustedOnlyClass2"; + + public static void main(String[] args) { + runBody(args); + } + + @Override + public void start() { + String c = getParameter("command"); + String[] cc = c.split(" "); + runBody(cc); + } + + private static void runBody(String... commands) { + try { + System.out.println(ID1 + " running"); + System.out.println("params: " + Arrays.toString(commands)); + boolean canDie = true; + for (String command : commands) { + try { + switch (command) { + case "canDie": + canDie = true; + break; + case "cantDie": + canDie = false; + break; + case ID1 + "_Normal": + doNormal(); + break; + case ID1 + "_Restricted": + doRestrictedAction(); + break; + case ID2 + "_Normal": + MixedSigningAndTrustedOnlyClass2.doNormal(); + break; + case ID2 + "_Restricted": + MixedSigningAndTrustedOnlyClass2.doRestrictedAction(); + break; + + } + } catch (Exception ex) { + if (canDie) { + throw ex; + } else { + ex.printStackTrace(); + } + } + } + } finally { + System.out.println("*** APPLET FINISHED ***"); + System.out.flush(); + System.out.println("some garbage forcing to flush"); + System.out.flush(); + } + } + + public static void doRestrictedAction() { + System.out.println(System.getProperty("user.home")); + System.out.println(ID1 + " Property read"); + } + + public static void doNormal() { + System.out.println(ID1 + " confirmed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/MixedSigningAndTrustedOnly/srcs/MixedSigningAndTrustedOnlyClass2.java Wed Jul 29 15:43:27 2015 +0200 @@ -0,0 +1,110 @@ + +import java.applet.Applet; +import java.util.Arrays; + +/* + Copyright (C) 2013 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ +public class MixedSigningAndTrustedOnlyClass2 extends Applet { + + private static final String ID1 = "MixedSigningAndTrustedOnlyClass2"; + private static final String ID2 = "MixedSigningAndTrustedOnlyClass1"; + + public static void main(String[] args) { + runBody(args); + } + + @Override + public void start() { + String c = getParameter("command"); + String[] cc = c.split(" "); + runBody(cc); + } + + private static void runBody(String... commands) { + try { + System.out.println(ID1 + " running"); + System.out.println("params: " + Arrays.toString(commands)); + boolean canDie = true; + for (String command : commands) { + try { + switch (command) { + case "canDie": + canDie = true; + break; + case "cantDie": + canDie = false; + break; + case ID1 + "_Normal": + doNormal(); + break; + case ID1 + "_Restricted": + doRestrictedAction(); + break; + case ID2 + "_Normal": + MixedSigningAndTrustedOnlyClass1.doNormal(); + break; + case ID2 + "_Restricted": + MixedSigningAndTrustedOnlyClass1.doRestrictedAction(); + break; + + } + } catch (Exception ex) { + if (canDie) { + throw ex; + } else { + ex.printStackTrace(); + } + } + } + } finally { + System.out.println("*** APPLET FINISHED ***"); + System.out.flush(); + System.out.println("some garbage forcing to flush"); + System.out.flush(); + } + } + + public static void doRestrictedAction() { + System.out.println(System.getProperty("user.home")); + System.out.println(ID1 + " Property read"); + } + + public static void doNormal() { + System.out.println(ID1 + " confirmed"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/MixedSigningAndTrustedOnly/testcases/MixedSigningAndTrustedOnly.java Wed Jul 29 15:43:27 2015 +0200 @@ -0,0 +1,345 @@ +/* + Copyright (C) 2013 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ +package MixedSigningAndTrustedOnlyPackage; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.util.Arrays; +import java.util.List; +import net.sourceforge.jnlp.OptionsDefinitions; +import net.sourceforge.jnlp.ProcessResult; + +import net.sourceforge.jnlp.ServerAccess; +import net.sourceforge.jnlp.browsertesting.BrowserTest; +import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; +import net.sourceforge.jnlp.config.DeploymentConfiguration; +import net.sourceforge.jnlp.runtime.ManifestAttributesChecker; +import net.sourceforge.jnlp.tools.DeploymentPropertiesModifier; +import org.junit.Assert; +import org.junit.Test; + +public class MixedSigningAndTrustedOnly extends BrowserTest { + + static List<String> HEADLESS = Arrays.asList(new String[]{OptionsDefinitions.OPTIONS.HEADLESS.option}); + static List<String> HTML = Arrays.asList(new String[]{OptionsDefinitions.OPTIONS.HTML.option}); + + public static final String PREFIX = "MixedSigningAndTrustedOnly"; + public static final String C1 = "Class1"; + public static final String C2 = "Class2"; + + static final String ID11 = PREFIX + C1; + static final String ID12 = PREFIX + C2; + static final String ID21 = PREFIX + C2; + static final String ID22 = PREFIX + C1; + static final String RESTRICTED_CONFIRM_SUFFIX = " Property read"; //note the space + static final String NORMAL_CONFIRM_SUFFIX = " confirmed"; //same + + static final String RESTRICTED11 = ID11 + RESTRICTED_CONFIRM_SUFFIX; + static final String NORMAL11 = ID11 + NORMAL_CONFIRM_SUFFIX; + static final String RESTRICTED12 = ID12 + RESTRICTED_CONFIRM_SUFFIX; + static final String NORMAL12 = ID12 + NORMAL_CONFIRM_SUFFIX; + + static final String RESTRICTED21 = ID21 + RESTRICTED_CONFIRM_SUFFIX; + static final String NORMAL21 = ID21 + NORMAL_CONFIRM_SUFFIX; + static final String RESTRICTED22 = ID22 + RESTRICTED_CONFIRM_SUFFIX; + static final String NORMAL22 = ID22 + NORMAL_CONFIRM_SUFFIX; + + public static final String NORMAL_SUFFIX = "_Normal"; + public static final String RESTRICTED_SUFFIX = "_Restricted"; + public static final String COMMAND_C1_NORMAL = PREFIX + C1 + NORMAL_SUFFIX; + public static final String COMMAND_C1_RESTRICT = PREFIX + C1 + RESTRICTED_SUFFIX; + public static final String COMMAND_C2_NORMAL = PREFIX + C2 + NORMAL_SUFFIX; + public static final String COMMAND_C2_RESTRICT = PREFIX + C2 + RESTRICTED_SUFFIX; + public static final String COMMAND_CAN_DIE = "canDie"; + public static final String COMMAND_CANTTT_DIE = "cantDie"; + + public static final String BOTH = "Both"; + public static final String SIGNED = "Signed"; + public static final String MANIFESTED = "Manifest"; + public static final String UNSIGNED = "Unsigned"; + public static final String FIRST = "First"; + public static final String SECOND = "Second"; + public static final String JAR = ".jar"; + + static final Archives BS = new Archives(PREFIX + BOTH + SIGNED + JAR); + static final Archives BSM = new Archives(PREFIX + BOTH + SIGNED + MANIFESTED + JAR); + static final Archives BU = new Archives(PREFIX + BOTH + UNSIGNED + JAR); + static final Archives BUM = new Archives(PREFIX + BOTH + UNSIGNED + MANIFESTED + JAR); + static final Archives FS = new Archives(PREFIX + FIRST + SIGNED + JAR); + static final Archives FSM = new Archives(PREFIX + FIRST + SIGNED + MANIFESTED + JAR); + static final Archives FU = new Archives(PREFIX + FIRST + UNSIGNED + JAR); + static final Archives FUM = new Archives(PREFIX + FIRST + UNSIGNED + MANIFESTED + JAR); + static final Archives SS = new Archives(PREFIX + SECOND + SIGNED + JAR); + static final Archives SSM = new Archives(PREFIX + SECOND + SIGNED + MANIFESTED + JAR); + static final Archives SU = new Archives(PREFIX + SECOND + UNSIGNED + JAR); + static final Archives SUM = new Archives(PREFIX + SECOND + UNSIGNED + MANIFESTED + JAR); + + static final String CLOSE_STRING = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING; + static final String USER_HOME = System.getProperty("user.home"); + + private static final String MAIN_CLASS_KEY = "@MAIN_CLASS@"; + private static final String APPLET_ARCHIVES_KEY = "@APPLET_ARCHIVES@"; + private static final String APPLET_PARAMS_KEY = "@APPLET_PARAMS@"; + private static final String HREF_KEY = "@HREF@"; + private static final String JNLP_ARCHIVES_KEY = "@JNLP_ARCHIVES@"; + private static final String SECURITY_KEY = "@SECURITY_TAG@"; + private static final String JNLP_ARGS_KEY = "@JNLP_ARGS@"; + + private static final String JNLP_SECURITY_TAG = "<security><all-permissions/></security>"; + + static enum FileType { + + HTML, JNLP_APP, JNLP_APPLET + } + + static class Archives { + + private final String urlOrName; + private final boolean isMain; + + public Archives(String urlOrName, boolean isMain) { + this.urlOrName = urlOrName; + this.isMain = isMain; + } + + public Archives(String s) { + this(s, false); + } + + public Archives asMain() { + return new Archives(urlOrName, true); + } + + } + + private static CharSequence createAppletArchives(Archives[] archives) { + StringBuilder sb = new StringBuilder(); + if (archives == null || archives.length == 0) { + return sb; + } + for (Archives string : archives) { + sb.append(string.urlOrName).append(","); + } + sb.delete(sb.length() - 1, sb.length()); + return sb; + } + + private static CharSequence createAppletParams(String[] params) { + StringBuilder sb = new StringBuilder(); + if (params == null || params.length == 0) { + return sb; + } + sb.append("<param name=\"command\" value=\""); + for (String string : params) { + sb.append(string).append(" "); + } + sb.delete(sb.length() - 1, sb.length()); + sb.append("\"/>"); + return sb; + } + + private static CharSequence createJnlpArchives(Archives[] archives) { + StringBuilder sb = new StringBuilder(); + if (archives == null || archives.length == 0) { + return sb; + } + for (Archives string : archives) { + if (string.isMain) { + sb.append("<jar href=\"").append(string.urlOrName).append("\" main=\"true\" />").append("\n"); + } else { + sb.append("<jar href=\"").append(string.urlOrName).append("\" />").append("\n"); + } + } + sb.delete(sb.length() - 1, sb.length()); + return sb; + } + + private static CharSequence createJnlpParams(String[] params) { + StringBuilder sb = new StringBuilder(); + if (params == null || params.length == 0) { + return sb; + } + for (String string : params) { + sb.append("<argument>").append(string).append("</argument>").append("\n"); + } + sb.delete(sb.length() - 1, sb.length()); + return sb; + } + + static String prepareFile(FileType type, String mainClassSuffix, Archives[] archives, String[] params, boolean security) throws IOException { + String baseName = PREFIX; + switch (type) { + case HTML: + baseName = baseName + ".html"; + break; + case JNLP_APP: + baseName = baseName + "App.jnlp"; + break; + case JNLP_APPLET: + baseName = baseName + "Applet.jnlp"; + break; + default: + throw new RuntimeException("Unknown type"); + } + File src = new File(server.getDir(), baseName + ".in"); + String srcJnlp = ServerAccess.getContentOfStream(new FileInputStream(src)); + String resultJnlp = srcJnlp + .replace(HREF_KEY, "") //trying... + .replace(MAIN_CLASS_KEY, PREFIX + mainClassSuffix); + + switch (type) { + case HTML: + resultJnlp = resultJnlp + .replace(APPLET_ARCHIVES_KEY, createAppletArchives(archives)) + .replace(APPLET_PARAMS_KEY, createAppletParams(params)); + break; + case JNLP_APP: + resultJnlp = resultJnlp + .replace(JNLP_ARCHIVES_KEY, createJnlpArchives(archives)) + .replace(JNLP_ARGS_KEY, createJnlpParams(params)); + break; + case JNLP_APPLET: + resultJnlp = resultJnlp + .replace(JNLP_ARCHIVES_KEY, createJnlpArchives(archives)) + .replace(APPLET_PARAMS_KEY, createAppletParams(params)); + break; + default: + throw new RuntimeException("Unknown type"); + } + resultJnlp = resultJnlp + .replace(SECURITY_KEY, security ? JNLP_SECURITY_TAG : ""); + File dest = new File(server.getDir(), baseName); + ServerAccess.saveFile(resultJnlp, dest); + return baseName; + } + + @Test + public void createAppletArchivesWorks() { + CharSequence c1 = createAppletArchives(null); + Assert.assertEquals("", c1.toString()); + CharSequence c2 = createAppletArchives(new Archives[]{new Archives("archive")}); + Assert.assertEquals("archive", c2.toString()); + CharSequence c3 = createAppletArchives(new Archives[]{new Archives("archive1"), new Archives("archive2")}); + Assert.assertEquals("archive1,archive2", c3.toString()); + CharSequence c4 = createAppletArchives(new Archives[]{new Archives("archive1"), new Archives("archive2", true), new Archives("archive3")}); + Assert.assertEquals("archive1,archive2,archive3", c4.toString()); + } + + @Test + public void createAppletParamsWorks() { + CharSequence c1 = createAppletParams(null); + Assert.assertEquals("", c1.toString()); + CharSequence c2 = createAppletParams(new String[]{"archive"}); + Assert.assertEquals("<param name=\"command\" value=\"archive\"/>", c2.toString()); + CharSequence c3 = createAppletParams(new String[]{"archive1", "archive2"}); + Assert.assertEquals("<param name=\"command\" value=\"archive1 archive2\"/>", c3.toString()); + CharSequence c4 = createAppletParams(new String[]{"archive1", "archive2", "archive3"}); + Assert.assertEquals("<param name=\"command\" value=\"archive1 archive2 archive3\"/>", c4.toString()); + } + + @Test + public void createJnlpParamsWorks() { + CharSequence c1 = createJnlpParams(null); + Assert.assertEquals("", c1.toString()); + CharSequence c2 = createJnlpParams(new String[]{"archive"}); + Assert.assertEquals("<argument>archive</argument>", c2.toString()); + CharSequence c3 = createJnlpParams(new String[]{"archive1", "archive2"}); + Assert.assertEquals("<argument>archive1</argument>\n<argument>archive2</argument>", c3.toString()); + CharSequence c4 = createJnlpParams(new String[]{"archive1", "archive2", "archive3"}); + Assert.assertEquals("<argument>archive1</argument>\n<argument>archive2</argument>\n<argument>archive3</argument>", c4.toString()); + } + + @Test + public void createJnlpArchivesWorks() { + + CharSequence c1 = createJnlpArchives(null); + Assert.assertEquals("", c1.toString()); + CharSequence c2 = createJnlpArchives(new Archives[]{new Archives("archive", true)}); + Assert.assertEquals("<jar href=\"archive\" main=\"true\" />", c2.toString()); + CharSequence c22 = createJnlpArchives(new Archives[]{new Archives("archive")}); + Assert.assertEquals("<jar href=\"archive\" />", c22.toString()); + CharSequence c3 = createJnlpArchives(new Archives[]{new Archives("archive1"), new Archives("archive2")}); + Assert.assertEquals("<jar href=\"archive1\" />\n<jar href=\"archive2\" />", c3.toString()); + CharSequence c4 = createJnlpArchives(new Archives[]{new Archives("archive1"), new Archives("archive2", true), new Archives("archive3")}); + Assert.assertEquals("<jar href=\"archive1\" />\n<jar href=\"archive2\" main=\"true\" />\n<jar href=\"archive3\" />", c4.toString()); + } + + static void assertAllOk(ProcessResult pr) { + Assert.assertTrue(pr.stdout.contains(NORMAL11)); + Assert.assertTrue(pr.stdout.contains(NORMAL12)); + Assert.assertTrue(pr.stdout.contains(NORMAL21)); + Assert.assertTrue(pr.stdout.contains(NORMAL22)); + Assert.assertTrue(pr.stdout.contains(RESTRICTED11)); + Assert.assertTrue(pr.stdout.contains(RESTRICTED12)); + Assert.assertTrue(pr.stdout.contains(RESTRICTED21)); + Assert.assertTrue(pr.stdout.contains(RESTRICTED22)); + } + + //mostly useless, all tests are killed + static void assertProcessOk(ProcessResult pr) { + Assert.assertEquals(0, pr.returnValue.intValue()); + } + + //mostly useless, all tests are killed + static void assertProcessNotOk(ProcessResult pr) { + Assert.assertNotEquals(0, pr.returnValue.intValue()); + } + + static void assertAllButRestricted(ProcessResult pr) { + Assert.assertTrue(pr.stdout.contains(NORMAL11)); + Assert.assertTrue(pr.stdout.contains(NORMAL12)); + Assert.assertTrue(pr.stdout.contains(NORMAL21)); + Assert.assertTrue(pr.stdout.contains(NORMAL22)); + Assert.assertFalse(pr.stdout.contains(RESTRICTED11)); + Assert.assertFalse(pr.stdout.contains(RESTRICTED12)); + Assert.assertFalse(pr.stdout.contains(RESTRICTED21)); + Assert.assertFalse(pr.stdout.contains(RESTRICTED22)); + } + + static DeploymentPropertiesModifier setDeploymentPropertiesImpl() throws IOException { + DeploymentPropertiesModifier q = new DeploymentPropertiesModifier(); + File f = q.src.getFile(); + if (!f.exists()) { + f.getParentFile().mkdirs(); + f.createNewFile(); + } + q.setProperties(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.TRUSTED.name()); + return q; + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/custom/MixedSigningAndTrustedOnly/testcases/MixedSigningAndTrustedOnlyBS1.java Wed Jul 29 15:43:27 2015 +0200 @@ -0,0 +1,177 @@ +/* + Copyright (C) 2013 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ +package MixedSigningAndTrustedOnlyPackage; + +import net.sourceforge.jnlp.ProcessResult; +import net.sourceforge.jnlp.ServerAccess.AutoClose; +import net.sourceforge.jnlp.annotations.NeedsDisplay; +import net.sourceforge.jnlp.annotations.TestInBrowsers; +import net.sourceforge.jnlp.browsertesting.BrowserTest; +import net.sourceforge.jnlp.browsertesting.Browsers; +import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener; +import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; + +import org.junit.Test; + +import static MixedSigningAndTrustedOnlyPackage.MixedSigningAndTrustedOnly.*; +import java.io.IOException; +import net.sourceforge.jnlp.tools.DeploymentPropertiesModifier; +import org.junit.AfterClass; +import org.junit.BeforeClass; + + +/** + * + * Very simple tests. Basic behavior. jnlp and html with single signed jar, no trusted-only manifest + */ +public class MixedSigningAndTrustedOnlyBS1 extends BrowserTest { + + + private static DeploymentPropertiesModifier q; + + @BeforeClass + public static void setDeploymentProperties() throws IOException{ + q = setDeploymentPropertiesImpl(); + } + + @AfterClass + public static void resetDeploymentProperties() throws IOException{ + q.restoreProperties(); + } + + @NeedsDisplay + @Test + @TestInBrowsers(testIn = {Browsers.one}) + public void htmlC1AllCommandsBS() throws Exception { + String file = prepareFile(FileType.HTML, C1, new Archives[]{BS}, + new String[]{COMMAND_C1_NORMAL, COMMAND_C2_NORMAL, COMMAND_C1_RESTRICT, COMMAND_C2_RESTRICT}, false); + ProcessResult pr = server.executeBrowser(file, AutoClose.CLOSE_ON_BOTH); + assertAllOk(pr); + } + + @NeedsDisplay + @Test + public void jnlpHtmlC1AllCommandsBS() throws Exception { + String file = prepareFile(FileType.HTML, C1, new Archives[]{BS}, + new String[]{COMMAND_C1_NORMAL, COMMAND_C2_NORMAL, COMMAND_C1_RESTRICT, COMMAND_C2_RESTRICT}, false); + ProcessResult pr = server.executeJavaws(HTML, file, new AutoOkClosingListener(), new AutoErrorClosingListener()); + assertAllOk(pr); + } + + @Test + public void jnlpAppC1AllCommandsBSnosec() throws Exception { + String file = prepareFile(FileType.JNLP_APP, C1, new Archives[]{BS}, + new String[]{COMMAND_C1_NORMAL, COMMAND_C2_NORMAL, COMMAND_C1_RESTRICT, COMMAND_C2_RESTRICT}, false); + ProcessResult pr = server.executeJavaws(HEADLESS, file, new AutoOkClosingListener(), new AutoErrorClosingListener()); + assertAllButRestricted(pr); + } + + @Test + @NeedsDisplay + public void jnlpAppletC1AllCommandsBSnosec() throws Exception { + String file = prepareFile(FileType.JNLP_APPLET, C1, new Archives[]{BS}, + new String[]{COMMAND_C1_NORMAL, COMMAND_C2_NORMAL, COMMAND_C1_RESTRICT, COMMAND_C2_RESTRICT}, false); + ProcessResult pr = server.executeJavaws(file, new AutoOkClosingListener(), new AutoErrorClosingListener()); + assertAllButRestricted(pr); + } + + @Test + public void jnlpAppC1AllCommandsBSsec() throws Exception { + String file = prepareFile(FileType.JNLP_APP, C1, new Archives[]{BS}, + new String[]{COMMAND_C1_NORMAL, COMMAND_C2_NORMAL, COMMAND_C1_RESTRICT, COMMAND_C2_RESTRICT}, true); + ProcessResult pr = server.executeJavaws(HEADLESS, file, new AutoOkClosingListener(), new AutoErrorClosingListener()); + } + + @Test + @NeedsDisplay + public void jnlpAppletC1AllCommandsBSsec() throws Exception { + String file = prepareFile(FileType.JNLP_APPLET, C1, new Archives[]{BS}, + new String[]{COMMAND_C1_NORMAL, COMMAND_C2_NORMAL, COMMAND_C1_RESTRICT, COMMAND_C2_RESTRICT}, true); + ProcessResult pr = server.executeJavaws(file, new AutoOkClosingListener(), new AutoErrorClosingListener()); + } + + @NeedsDisplay + @Test + @TestInBrowsers(testIn = {Browsers.one}) + public void htmlCc2llCommandsBS() throws Exception { + String file = prepareFile(FileType.HTML, C2, new Archives[]{BS}, + new String[]{COMMAND_C1_NORMAL, COMMAND_C2_NORMAL, COMMAND_C1_RESTRICT, COMMAND_C2_RESTRICT}, false); + ProcessResult pr = server.executeBrowser(file, AutoClose.CLOSE_ON_BOTH); + } + + @NeedsDisplay + @Test + public void jnlphtmlCc2llCommandsBS() throws Exception { + String file = prepareFile(FileType.HTML, C2, new Archives[]{BS}, + new String[]{COMMAND_C1_NORMAL, COMMAND_C2_NORMAL, COMMAND_C1_RESTRICT, COMMAND_C2_RESTRICT}, false); + ProcessResult pr = server.executeJavaws(HTML, file, new AutoOkClosingListener(), new AutoErrorClosingListener()); + } + + @Test + public void jnlpAppC2AllCommandsBSnosec() throws Exception { + String file = prepareFile(FileType.JNLP_APP, C2, new Archives[]{BS}, + new String[]{COMMAND_C1_NORMAL, COMMAND_C2_NORMAL, COMMAND_C1_RESTRICT, COMMAND_C2_RESTRICT}, false); + ProcessResult pr = server.executeJavaws(HEADLESS, file, new AutoOkClosingListener(), new AutoErrorClosingListener()); + assertAllButRestricted(pr); + } + + @Test + @NeedsDisplay + public void jnlpAppletC2AllCommandsBSnosec() throws Exception { + String file = prepareFile(FileType.JNLP_APPLET, C2, new Archives[]{BS}, + new String[]{COMMAND_C1_NORMAL, COMMAND_C2_NORMAL, COMMAND_C1_RESTRICT, COMMAND_C2_RESTRICT}, false); + ProcessResult pr = server.executeJavaws(file, new AutoOkClosingListener(), new AutoErrorClosingListener()); + assertAllButRestricted(pr); + } + + @Test + public void jnlpAppC2AllCommandsBSsec() throws Exception { + String file = prepareFile(FileType.JNLP_APP, C2, new Archives[]{BS}, + new String[]{COMMAND_C1_NORMAL, COMMAND_C2_NORMAL, COMMAND_C1_RESTRICT, COMMAND_C2_RESTRICT}, true); + ProcessResult pr = server.executeJavaws(HEADLESS, file, new AutoOkClosingListener(), new AutoErrorClosingListener()); + } + + @Test + @NeedsDisplay + public void jnlpAppletC2AllCommandsBSsec() throws Exception { + String file = prepareFile(FileType.JNLP_APPLET, C2, new Archives[]{BS}, + new String[]{COMMAND_C1_NORMAL, COMMAND_C2_NORMAL, COMMAND_C1_RESTRICT, COMMAND_C2_RESTRICT}, true); + ProcessResult pr = server.executeJavaws(file, new AutoOkClosingListener(), new AutoErrorClosingListener()); + } + + +}
--- a/tests/test-extensions/net/sourceforge/jnlp/tools/DeploymentPropertiesModifier.java Mon Jul 27 18:46:37 2015 +0200 +++ b/tests/test-extensions/net/sourceforge/jnlp/tools/DeploymentPropertiesModifier.java Wed Jul 29 15:43:27 2015 +0200 @@ -86,7 +86,7 @@ } - private final InfrastructureFileDescriptor src; + public final InfrastructureFileDescriptor src; private String savedValue; private String requestedProperty; private String requestedValue;