Mercurial > hg > release > icedtea-web-1.8
changeset 1250:ac236a9d0b92
Partially signed reproducer adapted to new schema and enhanced
* tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplet.jnlp: moved from app to applet
* tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplication.jnlp: moved from applet to app
* tests/reproducers/signed/RunInSandbox/srcs/RunInSandbox.java: system exit not called in case of applet
* tests/reproducers/signed/RunInSandbox/testcases/RunInSandboxTest.java: added manipulation with certificates to simulate proper environment
* tests/test-extensions/net/sourceforge/jnlp/ServerAccess.java: fixed small bug headless switch now moved to start of argument list, not to the end. Being on end was killing -html or -jnlp arg functionality (arg was -headless then)
author | Jiri Vanek <jvanek@redhat.com> |
---|---|
date | Fri, 19 Jun 2015 12:22:43 +0200 |
parents | c09f70284a5f |
children | a5561b460631 |
files | ChangeLog tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplet.jnlp tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplication.jnlp tests/reproducers/signed/RunInSandbox/srcs/RunInSandbox.java tests/reproducers/signed/RunInSandbox/testcases/RunInSandboxTest.java tests/test-extensions/net/sourceforge/jnlp/ServerAccess.java |
diffstat | 6 files changed, 206 insertions(+), 38 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Jun 18 17:56:22 2015 +0200 +++ b/ChangeLog Fri Jun 19 12:22:43 2015 +0200 @@ -1,3 +1,18 @@ +2015-06-19 Jiri Vanek <jvanek@redhat.com> + + Partially signed reproducer adapted to new schema and enhanced + * tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplet.jnlp: + moved from app to applet + * tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplication.jnlp: + moved from applet to app + * tests/reproducers/signed/RunInSandbox/srcs/RunInSandbox.java: system exit not + called in case of applet + * tests/reproducers/signed/RunInSandbox/testcases/RunInSandboxTest.java: added + manipulation with certificates to simulate proper environment + * tests/test-extensions/net/sourceforge/jnlp/ServerAccess.java: fixed small bug + headless switch now moved to start of argument list, not to the end. Being on end + was killing -html or -jnlp arg functionality (arg was -headless then) + 2015-06-18 Jiri Vanek <jvanek@redhat.com> JnlpBoot and XBasicService are called with exitOnException true now.
--- a/tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplet.jnlp Thu Jun 18 17:56:22 2015 +0200 +++ b/tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplet.jnlp Fri Jun 19 12:22:43 2015 +0200 @@ -53,6 +53,6 @@ <jar href="RunInSandbox.jar" main="true"/> </resources> - <application-desc main-class="RunInSandbox"> - </application-desc> + <applet-desc main-class="RunInSandbox"> + </applet-desc> </jnlp>
--- a/tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplication.jnlp Thu Jun 18 17:56:22 2015 +0200 +++ b/tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplication.jnlp Fri Jun 19 12:22:43 2015 +0200 @@ -52,7 +52,7 @@ <j2se version="1.6+"/> <jar href="RunInSandbox.jar" main="true"/> </resources> - - <applet-desc main-class="RunInSandbox"> - </applet-desc> + <application-desc main-class="RunInSandbox"> + </application-desc> + </jnlp>
--- a/tests/reproducers/signed/RunInSandbox/srcs/RunInSandbox.java Thu Jun 18 17:56:22 2015 +0200 +++ b/tests/reproducers/signed/RunInSandbox/srcs/RunInSandbox.java Fri Jun 19 12:22:43 2015 +0200 @@ -6,11 +6,11 @@ public void start() { System.out.println("RunInSandbox read: " + read("user.home")); System.out.println("*** APPLET FINISHED ***"); - System.exit(0); } public static void main(String[] args) { new RunInSandbox().start(); + System.exit(0); } private String read(String key) {
--- a/tests/reproducers/signed/RunInSandbox/testcases/RunInSandboxTest.java Thu Jun 18 17:56:22 2015 +0200 +++ b/tests/reproducers/signed/RunInSandbox/testcases/RunInSandboxTest.java Fri Jun 19 12:22:43 2015 +0200 @@ -1,58 +1,117 @@ /* RunInSandboxTest.java -Copyright (C) 2014 Red Hat, Inc. + Copyright (C) 2014 Red Hat, Inc. -This file is part of IcedTea. + This file is part of IcedTea. -IcedTea is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License as published by -the Free Software Foundation, version 2. + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. -IcedTea is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. -You should have received a copy of the GNU General Public License -along with IcedTea; see the file COPYING. If not, write to -the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -02110-1301 USA. + You should have received mainCert copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. -Linking this library statically or dynamically with other modules is -making a combined work based on this library. Thus, the terms and -conditions of the GNU General Public License cover the whole -combination. + Linking this library statically or dynamically with other modules is + making mainCert combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent -modules, and to copy and distribute the resulting executable under -terms of your choice, provided that you also meet, for each linked -independent module, the terms and conditions of the license of that -module. An independent module is a module which is not derived from -or based on this library. If you modify this library, you may extend -this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this -exception statement from your version. + As mainCert special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is mainCert module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. */ +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; import net.sourceforge.jnlp.ProcessResult; import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; import net.sourceforge.jnlp.browsertesting.BrowserTest; import java.util.List; import java.util.Collections; import java.util.Arrays; +import net.sourceforge.jnlp.OptionsDefinitions; +import net.sourceforge.jnlp.ServerAccess; +import net.sourceforge.jnlp.annotations.TestInBrowsers; +import net.sourceforge.jnlp.browsertesting.Browsers; +import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener; +import net.sourceforge.jnlp.config.PathsAndFiles; +import org.junit.AfterClass; import static org.junit.Assert.*; +import org.junit.BeforeClass; import org.junit.Test; public class RunInSandboxTest extends BrowserTest { - private final List<String> TRUSTALL = Collections.unmodifiableList(Arrays.asList(new String[] { "-Xtrustall" })); - private final List<String> TRUSTNONE = Collections.unmodifiableList(Arrays.asList(new String[] { "-Xtrustnone" })); + private final List<String> TRUSTALL = Collections.unmodifiableList(Arrays.asList(new String[]{OptionsDefinitions.OPTIONS.TRUSTALL.option})); + private final List<String> TRUSTNONE = Collections.unmodifiableList(Arrays.asList(new String[]{OptionsDefinitions.OPTIONS.TRUSTNONE.option})); + private final List<String> TRUSTALLHTML = Collections.unmodifiableList(Arrays.asList(new String[]{OptionsDefinitions.OPTIONS.TRUSTALL.option, OptionsDefinitions.OPTIONS.HTML.option})); + private final List<String> TRUSTNONEHTML = Collections.unmodifiableList(Arrays.asList(new String[]{OptionsDefinitions.OPTIONS.TRUSTNONE.option, OptionsDefinitions.OPTIONS.HTML.option})); private static final String appletCloseString = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING; + private static final String ItwAlias = "icedteaweb_signed"; + private static final char[] kpass = "changeit".toCharArray(); + private static Certificate mainCert; + + @BeforeClass + public static void exportCertificate() throws FileNotFoundException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException { + if (PathsAndFiles.USER_CERTS.getFile().exists()) { + KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(new FileInputStream(PathsAndFiles.USER_CERTS.getFile()), null); + mainCert = ks.getCertificate(ItwAlias); + } + } + + + public static void deleteCertificate() throws FileNotFoundException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException { + if (mainCert != null) { + KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(new FileInputStream(PathsAndFiles.USER_CERTS.getFile()), null); + Certificate isThere = ks.getCertificate(ItwAlias); + if (isThere != null) { + ks.deleteEntry(ItwAlias); + ks.store(new FileOutputStream(PathsAndFiles.USER_CERTS.getFile()), kpass); + } + } + } + + + @AfterClass + public static void restoreCertificate() throws FileNotFoundException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException { + if (mainCert != null) { + KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(new FileInputStream(PathsAndFiles.USER_CERTS.getFile()), null); + ks.setCertificateEntry(ItwAlias, mainCert); + ks.store(new FileOutputStream(PathsAndFiles.USER_CERTS.getFile()), kpass); + } + } + + + //those tests must have NO certificate .. ItwAlias ... in keystore @Test public void testTrustAllJnlpAppletLaunch() throws Exception { + deleteCertificate(); ProcessResult pr = server.executeJavawsHeadless(TRUSTALL, "RunInSandboxApplet.jnlp"); assertReadProperty(pr); assertProperClose(pr); @@ -60,13 +119,16 @@ @Test public void testTrustNoneJnlpAppletLaunch() throws Exception { + deleteCertificate(); ProcessResult pr = server.executeJavawsHeadless(TRUSTNONE, "RunInSandboxApplet.jnlp"); + assertNotReadProperty(pr); assertAccessControlException(pr); assertProperClose(pr); } @Test public void testTrustAllStandardJnlpApplicationLaunch() throws Exception { + deleteCertificate(); ProcessResult pr = server.executeJavawsHeadless(TRUSTALL, "RunInSandboxApplication.jnlp"); assertReadProperty(pr); assertProperClose(pr); @@ -74,10 +136,97 @@ @Test public void testTrustNoneJnlpApplicationLaunch() throws Exception { + deleteCertificate(); ProcessResult pr = server.executeJavawsHeadless(TRUSTNONE, "RunInSandboxApplication.jnlp"); + assertNotReadProperty(pr); + assertAccessControlException(pr); + assertProperClose(pr); + } + + @Test + public void testTrustAlltHtmlJavawsLaunch() throws Exception { + deleteCertificate(); + ProcessResult pr = server.executeJavawsHeadless(TRUSTALLHTML, "RunInSandbox.html", new AutoOkClosingListener(), new AutoErrorClosingListener(), null); + assertReadProperty(pr); + assertProperClose(pr); + } + + + + @Test + public void testTrustNoneHtmlJavawsLaunch() throws Exception { + deleteCertificate(); + ProcessResult pr = server.executeJavawsHeadless(TRUSTNONEHTML, "RunInSandbox.html", new AutoOkClosingListener(), new AutoErrorClosingListener(), null); + assertNotReadProperty(pr); + assertAccessControlException(pr); + assertProperClose(pr); + } + + + @Test + public void testTrustAlltHtmlHrefJavawsLaunch() throws Exception { + deleteCertificate(); + ProcessResult pr = server.executeJavawsHeadless(TRUSTALLHTML, "RunInSandboxJnlpHref.html", new AutoOkClosingListener(), new AutoErrorClosingListener(), null); + assertReadProperty(pr); + assertProperClose(pr); + } + + + + @Test + public void testTrustNoneHtmlHrefJavawsLaunch() throws Exception { + deleteCertificate(); + ProcessResult pr = server.executeJavawsHeadless(TRUSTNONEHTML, "RunInSandboxJnlpHref.html", new AutoOkClosingListener(), new AutoErrorClosingListener(), null); + assertNotReadProperty(pr); assertAccessControlException(pr); assertProperClose(pr); } + + + ///end of must NOT be certificate + + //those MUST have certificate in sotre (see different result) + @Test + public void testHaveCErtJnlpAppletLaunch() throws Exception { + restoreCertificate(); + ProcessResult pr = server.executeJavawsHeadless("RunInSandboxApplet.jnlp"); + assertReadProperty(pr); + assertProperClose(pr); + } + + + + @Test + public void testHaveCertStandardJnlpApplicationLaunch() throws Exception { + restoreCertificate(); + ProcessResult pr = server.executeJavawsHeadless("RunInSandboxApplication.jnlp"); + assertReadProperty(pr); + assertProperClose(pr); + } + + @Test + @TestInBrowsers(testIn = Browsers.all) + public void testHaveCertHtmlAppletLaunch() throws Exception { + restoreCertificate(); + ProcessResult pr = server.executeBrowser("RunInSandbox.html", ServerAccess.AutoClose.CLOSE_ON_BOTH); + assertReadProperty(pr); + assertProperClose(pr); + } + + + + @Test + @TestInBrowsers(testIn = Browsers.all) + public void testHaveCertStandardHtmlHrefApplicationLaunch() throws Exception { + restoreCertificate(); + ProcessResult pr = server.executeBrowser("RunInSandboxJnlpHref.html", ServerAccess.AutoClose.CLOSE_ON_BOTH); + assertReadProperty(pr); + assertProperClose(pr); + } + + + + //end of must HAVE cert private void assertProperClose(ProcessResult pr) { assertTrue("applet should have closed correctly", pr.stdout.contains(appletCloseString)); @@ -87,9 +236,13 @@ assertTrue("applet should have been able to read user.home", pr.stdout.contains(System.getProperty("user.home"))); } + private void assertNotReadProperty(ProcessResult pr) { + assertFalse("applet should NOT been able to read user.home", pr.stdout.contains(System.getProperty("user.home"))); + } + private void assertAccessControlException(ProcessResult pr) { String ace = "java.security.AccessControlException: access denied (\"java.util.PropertyPermission\" \"user.home\" \"read\")"; - assertTrue("applet should not have been able to read user.home", pr.stdout.contains(ace)); + assertTrue("applet should have throw AccessControlException", pr.stdout.contains(ace)); } }
--- a/tests/test-extensions/net/sourceforge/jnlp/ServerAccess.java Thu Jun 18 17:56:22 2015 +0200 +++ b/tests/test-extensions/net/sourceforge/jnlp/ServerAccess.java Fri Jun 19 12:22:43 2015 +0200 @@ -549,7 +549,7 @@ otherargs = new ArrayList<>(1); } List<String> headlesList = new ArrayList<>(otherargs); - headlesList.add(HEADLES_OPTION); + headlesList.add(0, HEADLES_OPTION); return executeJavaws(headlesList, resource,stdoutl,stderrl,vars); }