Mercurial > hg > release > icedtea-web-1.8
changeset 1260:afb391ba4b20
Added tests for unsigned applet/app using Permission attribute
line wrap: on
line diff
--- a/ChangeLog Fri Jul 10 21:49:21 2015 +0200 +++ b/ChangeLog Mon Jul 13 17:19:00 2015 +0200 @@ -1,3 +1,53 @@ +2015-07-13 Jiri Vanek <jvanek@redhat.com> + + Added tests for unsigned applet/app using Permission attribute + * tests/reproducers/unsigned/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm.html + * tests/reproducers/unsigned/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm.jnlp + * tests/reproducers/unsigned/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm_applet.jnlp + * tests/reproducers/unsigned/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm_applet_security.jnlp + * tests/reproducers/unsigned/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm_security.jnlp + * tests/reproducers/unsigned/SandboxUnsignedAllPerm/srcs/META-INF/MANIFEST.MF + contains Permissions: all-permissions + * tests/reproducers/unsigned/SandboxUnsignedAllPerm/srcs/SandboxUnsignedAllPerm.java + * tests/reproducers/unsigned/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java + testcases with permissions in manifest check on. There is probably an bug in impl. + The applet should not run at all, or javaws without permissions should runin sandbox too. + * tests/reproducers/unsigned/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid.html + * tests/reproducers/unsigned/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid.jnlp + * tests/reproducers/unsigned/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid_applet.jnlp + * tests/reproducers/unsigned/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid_applet_security.jnlp + * tests/reproducers/unsigned/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid_security.jnlp + * tests/reproducers/unsigned/SandboxUnsignedInvalid/srcs/META-INF/MANIFEST.MF + contains Permissions: invalidValue + * tests/reproducers/unsigned/SandboxUnsignedInvalid/srcs/SandboxUnsignedInvalid.java + * tests/reproducers/unsigned/SandboxUnsignedInvalid/testcases/SandboxUnsignedInvalidTest.java + testcases with permissions in manifest check on + * tests/reproducers/unsigned/SandboxUnsignedMissing/resources/SandboxUnsignedMissing.html + * tests/reproducers/unsigned/SandboxUnsignedMissing/resources/SandboxUnsignedMissing.jnlp + * tests/reproducers/unsigned/SandboxUnsignedMissing/resources/SandboxUnsignedMissing_applet.jnlp + * tests/reproducers/unsigned/SandboxUnsignedMissing/resources/SandboxUnsignedMissing_applet_security.jnlp + * tests/reproducers/unsigned/SandboxUnsignedMissing/resources/SandboxUnsignedMissing_security.jnlp + * tests/reproducers/unsigned/SandboxUnsignedMissing/srcs/META-INF/MANIFEST.MF + does not contains Permissions + * tests/reproducers/unsigned/SandboxUnsignedMissing/srcs/SandboxUnsignedMissing.java + * tests/reproducers/unsigned/SandboxUnsignedMissing/testcases/SandboxUnsignedMissingTest.java + testcases with permissions in manifest check on + * tests/reproducers/unsigned/SandboxUnsignedMissing/testcases/SandboxUnsignedMissingTestHighSecurity.java + testcases with permissions in manifest check on and on high security => interactive tests + with autoreply + * tests/reproducers/unsigned/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox.html + * tests/reproducers/unsigned/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox.jnlp + * tests/reproducers/unsigned/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox_applet.jnlp + * tests/reproducers/unsigned/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox_applet_security.jnlp + * tests/reproducers/unsigned/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox_security.jnlp + * tests/reproducers/unsigned/SandboxUnsignedSandbox/srcs/META-INF/MANIFEST.MF + contains Permissions: sandbox + * tests/reproducers/unsigned/SandboxUnsignedSandbox/srcs/SandboxUnsignedSandbox.java + * tests/reproducers/unsigned/SandboxUnsignedSandbox/testcases/SandboxUnsignedSandboxTest.java + testcases with permissions in manifest check on. + * tests/reproducers/cloneReproducer.sh: small fix to support blue/red background for + unsigned/signed html applets + 2015-07-10 Jiri Vanek <jvanek@redhat.com> Added script to clone reproducer skeleton
--- a/tests/reproducers/cloneReproducer.sh Fri Jul 10 21:49:21 2015 +0200 +++ b/tests/reproducers/cloneReproducer.sh Mon Jul 13 17:19:00 2015 +0200 @@ -9,12 +9,15 @@ familyFrom=$3 familyTo=$4 #^simple,signed,signed2,custom (script will proabbly not work fine for custom) -#run from this dir, or use absolute path -top=. -#top=/home/jvanek/hg/icedtea-web/tests/reproducers +#run from this dir (tests/reproducers), or use absolute path +top1=. +#top1=/home/jvanek/hg/icedtea-web/tests/reproducers +top2=$top1 +#top2=/home/jvanek/Desktop -srcDir=$top/$familyFrom -destDir=$top/$familyTo + +srcDir=$top1/$familyFrom +destDir=$top2/$familyTo desc=$destDir/$to src=$srcDir/$from @@ -30,12 +33,19 @@ tree $desc cp -vr $src/srcs/META-INF $desc/srcs/ SED1="sed s/$from/$to/g" +SED2="sed s/a/a/" +if [ \( $familyFrom = signed -o $familyFrom = signed2 \) -a $familyTo = simple ] ; then +SED2='sed s/bgcolor=\"red\"/bgcolor=\"blue\"/g' +fi; +if [ \( $familyTo = signed -o $familyTo = signed2 \) -a $familyFrom = simple ] ; then +SED2='sed s/bgcolor=\"blue\"/bgcolor=\"red\"/g' +fi; for x in $drs ; do files=`ls $src/$x/` for f in $files ; do target=`echo $f | $SED1` - cat $src/$x/$f | $SED1 | sed "s/@Test/@Test FIXME!/g" > $desc/$x/$target + cat $src/$x/$f | $SED1 | sed "s/@Test/@Test FIXME!/g" | $SED2 > $desc/$x/$target done done
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm.html Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,42 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<html><head></head><body bgcolor="blue"> +<p><applet code="SandboxUnsignedAllPerm.class" archive="SandboxUnsignedAllPerm.jar" codebase="." width="250" height="200"> +</applet></p> +</body> +</html> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,53 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedAllPerm.jnlp" codebase="."> + <information> + <title>SandboxUnsignedAllPerm</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedAllPerm</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedAllPerm.jar"/> + </resources> + <application-desc main-class="SandboxUnsignedAllPerm"> + </application-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm_applet.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,58 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedAllPerm_applet.jnlp" codebase="."> + <information> + <title>SandboxUnsignedAllPerm</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedAllPerm</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedAllPerm.jar"/> + </resources> + <applet-desc + documentBase="." + name="SandboxUnsignedAllPerm" + main-class="SandboxUnsignedAllPerm" + width="250" + height="200"> + </applet-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm_applet_security.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,61 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + +--> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedAllPerm_applet_security.jnlp" codebase="."> + <information> + <title>SandboxUnsignedAllPerm</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedAllPerm</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedAllPerm.jar"/> + </resources> + <security> + <all-permissions/> + </security> + <applet-desc + documentBase="." + name="SandboxUnsignedAllPerm" + main-class="SandboxUnsignedAllPerm" + width="250" + height="200"> + </applet-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/resources/SandboxUnsignedAllPerm_security.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,56 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedAllPerm_security.jnlp" codebase="."> + <information> + <title>SandboxUnsignedAllPerm</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedAllPerm</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedAllPerm.jar"/> + </resources> + <security> + <all-permissions/> + </security> + <application-desc main-class="SandboxUnsignedAllPerm"> + </application-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/srcs/META-INF/MANIFEST.MF Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Permissions: all-permissions +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/srcs/SandboxUnsignedAllPerm.java Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,57 @@ + +import java.applet.Applet; + +/* AppletTest.java + Copyright (C) 2011 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ +public class SandboxUnsignedAllPerm extends Applet { + + @Override + public void init() { + confirm(); + } + + public static void main(String... s) { + confirm(); + } + + private static void confirm() { + System.out.println("*** applet running ***"); + System.out.println(System.getProperty("user.home")); + System.out.println("*** APPLET FINISHED ***"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedAllPerm/testcases/SandboxUnsignedAllPermTest.java Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,118 @@ + +import java.io.IOException; +import java.util.Arrays; +import net.sourceforge.jnlp.ProcessResult; +import net.sourceforge.jnlp.ServerAccess; +import net.sourceforge.jnlp.annotations.TestInBrowsers; +import net.sourceforge.jnlp.browsertesting.BrowserTest; +import net.sourceforge.jnlp.browsertesting.Browsers; +import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener; +import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; +import net.sourceforge.jnlp.closinglisteners.StringBasedClosingListener; +import net.sourceforge.jnlp.config.DeploymentConfiguration; +import net.sourceforge.jnlp.runtime.ManifestAttributesChecker; +import net.sourceforge.jnlp.tools.DeploymentPropertiesModifier; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +/* AppletTest.java + Copyright (C) 2011 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ +public class SandboxUnsignedAllPermTest extends BrowserTest { + + private static final DeploymentPropertiesModifier dpm = new DeploymentPropertiesModifier(); + private static final StringBasedClosingListener aok = new AutoOkClosingListener(); + private static final StringBasedClosingListener aer = new AutoErrorClosingListener(); + private static final String confirmation = "*** applet running ***"; + + @BeforeClass + public static void setDeploymentManifestPermissionReadingOnly() throws IOException { + dpm.setProperties(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS.toString()); + } + + @AfterClass + public static void restoreDeploymentProeprtiees() throws IOException { + dpm.restoreProperties(); + } + + @Test + //bug, should run in sandbox, see appletAllPermAllSecurity + public void javawsAllPermNoSecurity() throws Exception { + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedAllPerm.jnlp"); + Assert.assertTrue(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + public void javawsAllPermAllSecurity() throws Exception { + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedAllPerm_security.jnlp"); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + //bug, should run in sandbox, see appletAllPermAllSecurity + public void javawsAppletAllPermNoSecurity() throws Exception { + ProcessResult p = server.executeJavaws(Arrays.asList(new String[]{"-headless", "-verbose"}), "SandboxUnsignedAllPerm_applet.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener()); + Assert.assertTrue(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); //applets have exception flused only in verbose mode? strange... + } + + @Test + public void javawsAppletAllPermAllSecurity() throws Exception { + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedAllPerm_applet_security.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener()); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + @TestInBrowsers(testIn = Browsers.one) + //or this one should fail + public void appletAllPermAllSecurity() throws Exception { + server.getBrowserLocation(); + ProcessResult p = server.executeBrowser("SandboxUnsignedAllPerm.html", ServerAccess.AutoClose.CLOSE_ON_BOTH); + Assert.assertTrue(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid.html Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,42 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<html><head></head><body bgcolor="red"> +<p><applet code="SandboxUnsignedInvalid.class" archive="SandboxUnsignedInvalid.jar" codebase="." width="250" height="200"> +</applet></p> +</body> +</html> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,53 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedInvalid.jnlp" codebase="."> + <information> + <title>SandboxUnsignedInvalid</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedInvalid</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedInvalid.jar"/> + </resources> + <application-desc main-class="SandboxUnsignedInvalid"> + </application-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid_applet.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,58 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedInvalid_applet.jnlp" codebase="."> + <information> + <title>SandboxUnsignedInvalid</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedInvalid</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedInvalid.jar"/> + </resources> + <applet-desc + documentBase="." + name="SandboxUnsignedInvalid" + main-class="SandboxUnsignedInvalid" + width="250" + height="200"> + </applet-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid_applet_security.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,61 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedInvalid_applet_security.jnlp" codebase="."> + <information> + <title>SandboxSignedMissing</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedInvalid</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedInvalid.jar"/> + </resources> + <security> + <all-permissions/> + </security> + <applet-desc + documentBase="." + name="SandboxUnsignedInvalid" + main-class="SandboxUnsignedInvalid" + width="250" + height="200"> + </applet-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedInvalid/resources/SandboxUnsignedInvalid_security.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,56 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedInvalid_security.jnlp" codebase="."> + <information> + <title>SandboxSignedMissing</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedInvalid</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedInvalid.jar"/> + </resources> + <security> + <all-permissions/> + </security> + <application-desc main-class="SandboxUnsignedInvalid"> + </application-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedInvalid/srcs/META-INF/MANIFEST.MF Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Permissions: invalidValue +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedInvalid/srcs/SandboxUnsignedInvalid.java Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,57 @@ + +import java.applet.Applet; + +/* AppletTest.java + Copyright (C) 2011 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ +public class SandboxUnsignedInvalid extends Applet { + + + @Override + public void init() { + confirm(); + } + + public static void main(String... s) { + confirm(); + } + + private static void confirm() { + System.out.println("*** applet running ***"); + System.out.println(System.getProperty("user.home")); + System.out.println("*** APPLET FINISHED ***"); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedInvalid/testcases/SandboxUnsignedInvalidTest.java Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,115 @@ + +import java.io.IOException; +import net.sourceforge.jnlp.ProcessResult; +import net.sourceforge.jnlp.ServerAccess; +import net.sourceforge.jnlp.annotations.TestInBrowsers; +import net.sourceforge.jnlp.browsertesting.BrowserTest; +import static net.sourceforge.jnlp.browsertesting.BrowserTest.server; +import net.sourceforge.jnlp.browsertesting.Browsers; +import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener; +import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; +import net.sourceforge.jnlp.closinglisteners.StringBasedClosingListener; +import net.sourceforge.jnlp.config.DeploymentConfiguration; +import net.sourceforge.jnlp.runtime.ManifestAttributesChecker; +import net.sourceforge.jnlp.tools.DeploymentPropertiesModifier; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +/* AppletTest.java + Copyright (C) 2011 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ +public class SandboxUnsignedInvalidTest extends BrowserTest { + + private static final DeploymentPropertiesModifier dpm = new DeploymentPropertiesModifier(); + private static final StringBasedClosingListener aok = new AutoOkClosingListener(); + private static final StringBasedClosingListener aer = new AutoErrorClosingListener(); + private static final String confirmation = "*** applet running ***"; + + + @BeforeClass + public static void setDeploymentManifestPermissionReadingOnly() throws IOException{ + dpm.setProperties(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS.toString()); + } + + @AfterClass + public static void restoreDeploymentProeprtiees() throws IOException{ + dpm.restoreProperties(); + } + + @Test + public void javawsAllPermNoSecurity() throws Exception{ + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedInvalid.jnlp"); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + @Test + public void javawsAllPermAllSecurity() throws Exception{ + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedInvalid_security.jnlp"); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + public void javawsAppletAllPermNoSecurity() throws Exception{ + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedInvalid_applet.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener()); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + @Test + public void javawsAppletAllPermAllSecurity() throws Exception{ + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedInvalid_applet_security.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener()); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + @TestInBrowsers(testIn = Browsers.one) + public void appletAllPermAllSecurity() throws Exception{ + server.getBrowserLocation(); + ProcessResult p = server.executeBrowser("SandboxUnsignedInvalid.html", ServerAccess.AutoClose.CLOSE_ON_BOTH); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedMissing/resources/SandboxUnsignedMissing.html Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,42 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<html><head></head><body bgcolor="blue"> +<p><applet code="SandboxUnsignedMissing.class" archive="SandboxUnsignedMissing.jar" codebase="." width="250" height="200"> +</applet></p> +</body> +</html> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedMissing/resources/SandboxUnsignedMissing.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,53 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedMissing.jnlp" codebase="."> + <information> + <title>SandboxUnsignedMissing</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedMissing</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedMissing.jar"/> + </resources> + <application-desc main-class="SandboxUnsignedMissing"> + </application-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedMissing/resources/SandboxUnsignedMissing_applet.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,58 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedMissing_applet.jnlp" codebase="."> + <information> + <title>SandboxUnsignedMissing</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedMissing</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedMissing.jar"/> + </resources> + <applet-desc + documentBase="." + name="SandboxUnsignedMissing" + main-class="SandboxUnsignedMissing" + width="250" + height="200"> + </applet-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedMissing/resources/SandboxUnsignedMissing_applet_security.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,61 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedMissing_applet_security.jnlp" codebase="."> + <information> + <title>SandboxUnsignedMissing</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedMissing</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedMissing.jar"/> + </resources> + <security> + <all-permissions/> + </security> + <applet-desc + documentBase="." + name="SandboxUnsignedMissing" + main-class="SandboxUnsignedMissing" + width="250" + height="200"> + </applet-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedMissing/resources/SandboxUnsignedMissing_security.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,56 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedMissing_security.jnlp" codebase="."> + <information> + <title>SandboxUnsignedMissing</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedMissing</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedMissing.jar"/> + </resources> + <security> + <all-permissions/> + </security> + <application-desc main-class="SandboxUnsignedMissing"> + </application-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedMissing/srcs/META-INF/MANIFEST.MF Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,2 @@ +Manifest-Version: 1.0 +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedMissing/srcs/SandboxUnsignedMissing.java Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,57 @@ + +import java.applet.Applet; + +/* AppletTest.java + Copyright (C) 2011 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ +public class SandboxUnsignedMissing extends Applet { + + @Override + public void init() { + confirm(); + } + + public static void main(String... s) { + confirm(); + } + + private static void confirm() { + System.out.println("*** applet running ***"); + System.out.println(System.getProperty("user.home")); + System.out.println("*** APPLET FINISHED ***"); + } + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedMissing/testcases/SandboxUnsignedMissingTest.java Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,120 @@ + +import java.io.IOException; +import java.util.Arrays; +import net.sourceforge.jnlp.ProcessResult; +import net.sourceforge.jnlp.ServerAccess; +import net.sourceforge.jnlp.annotations.TestInBrowsers; +import net.sourceforge.jnlp.browsertesting.BrowserTest; +import static net.sourceforge.jnlp.browsertesting.BrowserTest.server; +import net.sourceforge.jnlp.browsertesting.Browsers; +import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener; +import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; +import net.sourceforge.jnlp.closinglisteners.StringBasedClosingListener; +import net.sourceforge.jnlp.config.DeploymentConfiguration; +import net.sourceforge.jnlp.runtime.ManifestAttributesChecker; +import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel; +import net.sourceforge.jnlp.tools.DeploymentPropertiesModifier; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +/* AppletTest.java + Copyright (C) 2011 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ +public class SandboxUnsignedMissingTest extends BrowserTest { + + private static final DeploymentPropertiesModifier dpm1 = new DeploymentPropertiesModifier(); + private static final DeploymentPropertiesModifier dpm2 = new DeploymentPropertiesModifier(); + private static final StringBasedClosingListener aok = new AutoOkClosingListener(); + private static final StringBasedClosingListener aer = new AutoErrorClosingListener(); + private static final String confirmation = "*** applet running ***"; + + + @BeforeClass + public static void setDeploymentManifestPermissionReadingOnly() throws IOException{ + dpm1.setProperties(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS.toString()); + dpm2.setProperties(DeploymentConfiguration.KEY_SECURITY_LEVEL, AppletSecurityLevel.ALLOW_UNSIGNED.toChars()); + } + + @AfterClass + public static void restoreDeploymentProeprtiees() throws IOException{ + dpm2.restoreProperties(); + dpm1.restoreProperties(); + } + + @Test + public void javawsAllPermNoSecurity() throws Exception{ + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedMissing.jnlp"); + Assert.assertTrue(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + @Test + public void javawsAllPermAllSecurity() throws Exception{ + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedMissing_security.jnlp"); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + public void javawsAppletAllPermNoSecurity() throws Exception{ + ProcessResult p = server.executeJavaws(Arrays.asList(new String[]{"-headless", "-verbose"}),"SandboxUnsignedMissing_applet.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener()); + Assert.assertTrue(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition()));//applets have exception flused only in verbose mode? strange... + } + @Test + public void javawsAppletAllPermAllSecurity() throws Exception{ + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedMissing_applet_security.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener()); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + @TestInBrowsers(testIn = Browsers.one) + public void appletAllPermAllSecurity() throws Exception{ + server.getBrowserLocation(); + ProcessResult p = server.executeBrowser("SandboxUnsignedMissing.html", ServerAccess.AutoClose.CLOSE_ON_BOTH); + Assert.assertTrue(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedMissing/testcases/SandboxUnsignedMissingTestHighSecurity.java Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,177 @@ + +import java.io.IOException; +import java.util.Arrays; +import net.sourceforge.jnlp.ProcessResult; +import net.sourceforge.jnlp.ProcessWrapper; +import net.sourceforge.jnlp.ServerAccess; +import net.sourceforge.jnlp.annotations.TestInBrowsers; +import net.sourceforge.jnlp.browsertesting.BrowserTest; +import static net.sourceforge.jnlp.browsertesting.BrowserTest.server; +import net.sourceforge.jnlp.browsertesting.Browsers; +import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener; +import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; +import net.sourceforge.jnlp.closinglisteners.StringBasedClosingListener; +import net.sourceforge.jnlp.config.DeploymentConfiguration; +import net.sourceforge.jnlp.runtime.ManifestAttributesChecker; +import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel; +import net.sourceforge.jnlp.tools.DeploymentPropertiesModifier; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +/* AppletTest.java + Copyright (C) 2011 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ +public class SandboxUnsignedMissingTestHighSecurity extends BrowserTest { + + private static final DeploymentPropertiesModifier dpm1 = new DeploymentPropertiesModifier(); + private static final DeploymentPropertiesModifier dpm2 = new DeploymentPropertiesModifier(); + private static final StringBasedClosingListener aok = new AutoOkClosingListener(); + private static final StringBasedClosingListener aer = new AutoErrorClosingListener(); + private static final String confirmation = "*** applet running ***"; + + + @BeforeClass + public static void setDeploymentManifestPermissionReadingOnly() throws IOException{ + dpm1.setProperties(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS.toString()); + dpm2.setProperties(DeploymentConfiguration.KEY_SECURITY_LEVEL, AppletSecurityLevel.ASK_UNSIGNED.toChars()); + } + + @AfterClass + public static void restoreDeploymentProeprtiees() throws IOException{ + dpm2.restoreProperties(); + dpm1.restoreProperties(); + } + + @Test + public void javawsAllPermNoSecurityYes() throws Exception{ + ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless"), server.getUrl("SandboxUnsignedMissing.jnlp")); + pw.setWriter("YES\n"); + ProcessResult p = pw.execute(); + Assert.assertTrue(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + public void javawsAllPermNoSecurityNo() throws Exception{ + ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless"), server.getUrl("SandboxUnsignedMissing.jnlp")); + pw.setWriter("NO\n"); + ProcessResult p = pw.execute(); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + public void javawsAllPermAllSecurityYes() throws Exception{ + ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless"), server.getUrl("SandboxUnsignedMissing_security.jnlp")); + pw.setWriter("YES\n"); + ProcessResult p = pw.execute(); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + public void javawsAllPermAllSecurityNo() throws Exception{ + ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless"), server.getUrl("SandboxUnsignedMissing_security.jnlp")); + pw.setWriter("NO\n"); + ProcessResult p = pw.execute(); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + public void javawsAppletAllPermNoSecurityYes() throws Exception{ + ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless", "-verbose"), server.getUrl("SandboxUnsignedMissing_applet.jnlp")); + pw.addStdOutListener(new AutoOkClosingListener()); + pw.setWriter("YES\n"); + ProcessResult p = pw.execute(); + Assert.assertTrue(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition()));//applets have exception flused only in verbose mode? strange... + } + + @Test + public void javawsAppletAllPermNoSecurityNo() throws Exception{ + ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless", "-verbose"), server.getUrl("SandboxUnsignedMissing_applet.jnlp")); + pw.addStdErrListener(new AutoErrorClosingListener()); + pw.addStdOutListener(new AutoOkClosingListener()); + pw.setWriter("NO\n"); + ProcessResult p = pw.execute(); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition()));//applets have exception flused only in verbose mode? strange... + } + + @Test + public void javawsAppletAllPermAllSecurityYes() throws Exception{ + ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless"), server.getUrl("SandboxUnsignedMissing_applet_security.jnlp")); + pw.addStdOutListener(new AutoOkClosingListener()); + pw.setWriter("YES\n"); + ProcessResult p = pw.execute(); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + @Test + public void javawsAppletAllPermAllSecurityNo() throws Exception{ + ProcessWrapper pw = new ProcessWrapper(server.getJavawsLocation(), Arrays.asList("-headless"), server.getUrl("SandboxUnsignedMissing_applet_security.jnlp")); + pw.addStdErrListener(new AutoErrorClosingListener()); + pw.addStdOutListener(new AutoOkClosingListener()); + pw.setWriter("NO\n"); + ProcessResult p = pw.execute(); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + //browser do not support headless dialogues + //@Test + //@TestInBrowsers(testIn = Browsers.one) + public void appletAllPermAllSecurity() throws Exception{ + server.getBrowserLocation(); + ProcessResult p = server.executeBrowser("SandboxUnsignedMissing.html", ServerAccess.AutoClose.CLOSE_ON_BOTH); + Assert.assertTrue(p.stdout.contains(confirmation)); + Assert.assertTrue(p.stdout.contains(aok.getCondition())); + Assert.assertFalse(p.stderr.contains(aer.getCondition())); + } + + +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox.html Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,42 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<html><head></head><body bgcolor="blue"> +<p><applet code="SandboxUnsignedSandbox.class" archive="SandboxUnsignedSandbox.jar" codebase="." width="250" height="200"> +</applet></p> +</body> +</html> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,53 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedSandbox.jnlp" codebase="."> + <information> + <title>SandboxUnsignedSandbox</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedSandbox</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedSandbox.jar"/> + </resources> + <application-desc main-class="SandboxUnsignedSandbox"> + </application-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox_applet.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,58 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + +--> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedSandbox_applet.jnlp" codebase="."> + <information> + <title>SandboxUnsignedSandbox</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedSandbox</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedSandbox.jar"/> + </resources> + <applet-desc + documentBase="." + name="SandboxUnsignedSandbox" + main-class="SandboxUnsignedSandbox" + width="250" + height="200"> + </applet-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox_applet_security.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,61 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedSandbox_applet_security.jnlp" codebase="."> + <information> + <title>SandboxSignedMissing</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedSandbox</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedSandbox.jar"/> + </resources> + <security> + <all-permissions/> + </security> + <applet-desc + documentBase="." + name="SandboxUnsignedSandbox" + main-class="SandboxUnsignedSandbox" + width="250" + height="200"> + </applet-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedSandbox/resources/SandboxUnsignedSandbox_security.jnlp Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,56 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SandboxUnsignedSandbox_security.jnlp" codebase="."> + <information> + <title>SandboxSignedMissing</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SandboxUnsignedSandbox</description> + <offline/> + </information> + <resources> + <j2se version="1.4+"/> + <jar href="SandboxUnsignedSandbox.jar"/> + </resources> + <security> + <all-permissions/> + </security> + <application-desc main-class="SandboxUnsignedSandbox"> + </application-desc> +</jnlp> \ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedSandbox/srcs/META-INF/MANIFEST.MF Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Permissions: sandbox +
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedSandbox/srcs/SandboxUnsignedSandbox.java Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,57 @@ + +import java.applet.Applet; + +/* AppletTest.java + Copyright (C) 2011 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ +public class SandboxUnsignedSandbox extends Applet { + + + @Override + public void init() { + confirm(); + } + + public static void main(String... s) { + confirm(); + } + + private static void confirm() { + System.out.println("*** applet running ***"); + System.out.println(System.getProperty("user.home")); + System.out.println("*** APPLET FINISHED ***"); + } +}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/tests/reproducers/simple/SandboxUnsignedSandbox/testcases/SandboxUnsignedSandboxTest.java Mon Jul 13 17:19:00 2015 +0200 @@ -0,0 +1,116 @@ + +import java.io.IOException; +import java.util.Arrays; +import net.sourceforge.jnlp.ProcessResult; +import net.sourceforge.jnlp.ServerAccess; +import net.sourceforge.jnlp.annotations.TestInBrowsers; +import net.sourceforge.jnlp.browsertesting.BrowserTest; +import static net.sourceforge.jnlp.browsertesting.BrowserTest.server; +import net.sourceforge.jnlp.browsertesting.Browsers; +import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener; +import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; +import net.sourceforge.jnlp.closinglisteners.StringBasedClosingListener; +import net.sourceforge.jnlp.config.DeploymentConfiguration; +import net.sourceforge.jnlp.runtime.ManifestAttributesChecker; +import net.sourceforge.jnlp.tools.DeploymentPropertiesModifier; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +/* AppletTest.java + Copyright (C) 2011 Red Hat, Inc. + + This file is part of IcedTea. + + IcedTea is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as published by + the Free Software Foundation, version 2. + + IcedTea is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with IcedTea; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. + */ +public class SandboxUnsignedSandboxTest extends BrowserTest { + + private static final DeploymentPropertiesModifier dpm = new DeploymentPropertiesModifier(); + private static final StringBasedClosingListener aok = new AutoOkClosingListener(); + private static final StringBasedClosingListener aer = new AutoErrorClosingListener(); + private static final String confirmation = "*** applet running ***"; + + + @BeforeClass + public static void setDeploymentManifestPermissionReadingOnly() throws IOException{ + dpm.setProperties(DeploymentConfiguration.KEY_ENABLE_MANIFEST_ATTRIBUTES_CHECK, ManifestAttributesChecker.MANIFEST_ATTRIBUTES_CHECK.PERMISSIONS.toString()); + } + + @AfterClass + public static void restoreDeploymentProeprtiees() throws IOException{ + dpm.restoreProperties(); + } + + @Test + public void javawsAllPermNoSecurity() throws Exception{ + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedSandbox.jnlp"); + Assert.assertTrue(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + @Test + public void javawsAllPermAllSecurity() throws Exception{ + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedSandbox_security.jnlp"); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + public void javawsAppletAllPermNoSecurity() throws Exception{ + ProcessResult p = server.executeJavaws(Arrays.asList(new String[]{"-headless", "-verbose"}),"SandboxUnsignedSandbox_applet.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener()); + Assert.assertTrue(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition()));//applets have exception flused only in verbose mode? strange... + } + @Test + public void javawsAppletAllPermAllSecurity() throws Exception{ + ProcessResult p = server.executeJavawsHeadless("SandboxUnsignedSandbox_applet_security.jnlp", new AutoOkClosingListener(), new AutoErrorClosingListener()); + Assert.assertFalse(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + @Test + @TestInBrowsers(testIn = Browsers.one) + public void appletAllPermAllSecurity() throws Exception{ + server.getBrowserLocation(); + ProcessResult p = server.executeBrowser("SandboxUnsignedSandbox.html", ServerAccess.AutoClose.CLOSE_ON_BOTH); + Assert.assertTrue(p.stdout.contains(confirmation)); + Assert.assertFalse(p.stdout.contains(aok.getCondition())); + Assert.assertTrue(p.stderr.contains(aer.getCondition())); + } + + +}