[RFC][PATCH][icedtea-web]: Added support for signed JNLP file- Updated Patch
Jiri Vanek
jvanek at redhat.com
Fri Jul 8 11:15:27 PDT 2011
On 07/06/2011 09:36 PM, Saad Mohammad wrote:
> This is the updated patch for adding support of signed JNLP file. I have attached two patches.
Hi!
One big error all over whole work - 9sorry for not mentioned earlier) - all fiels are missing "copyright" headers:( (java+jnlps :(( ) Please add tehm.
So I have walked through Patch1 it quite careful and whole composition seems ok.
Matcher works quite nice,and is fast enough. Trailing spaces are ignored, and matcher fails when mixed elements are include (as they should not appear in jnlp, then it is correct).
To matcher and its test I have four major points:
-JNLPmatcher should be immutable
-misuses of setup/tear down
-still converting list/arrays
-makefile - to much lines for pure copying!
+some cosmetic changes - if you will consider them as nit-picky, remeber that your code is going to community and so -- must be as good as possible;)
For Patch2 i can not review security issues (please, ask Deepak for this), but few small hints included.
Se inline:
>
> More Info:
> http://jcp.org/aboutJava/communityprocess/maintenance/jsr056/jnlp-7_0-changes.html (Change 3)
>
>
> Patch 1 Contains:
> - JNLPMatcher.java (renamed from JNLPVerify)
> - JNLPMatcherException.java (renamed from JNLPVerifyException)
> - Modification of Node.java
> - JNLPMatcherTest (Unit test that tests JNLPMatcher class)
> - Contains 10 templates JNLP files, 9 application JNLP files and one launching JNLP file for test (Resources for JNLPMatcherTest)
>
> Patch 2 Contains:
> - Modification to JNLPClassLoader.java
>
>
> CHANGELOG:
>
> 2011-07-06 Saad Mohammad <smohammad at redhat.com>
>
> * netx/net/sourceforge/jnlp/JNLPMatcher.java:
> Created this class to compare signed JNLP file with the launching JNLP file.
> When comparing, it has support for both method of signing of a JNLP file: APPLICATION_TEMPLATE.JNLP
> and APPLICATION.JNLP
> * netx/net/sourceforge/jnlp/JNLPMatcherException.java:
> Added a custom exception: JNLPMatcherException. Thrown if verifying signed JNLP files fails
> * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
> Added JNLPMatcherException to methods that throws the custom exception.
> (initializeResources): Checks if there are any signed JNLP files within the signed jars.
> If signed JNLP file fails to match or fails to be verified, the application throws
> a JNLPMatcherException.
> * netx/net/sourceforge/jnlp/Node.java:
> Created a method that retrieves the attribute names of the Node and stores it in
> private string [] member. The method returns the attribute names.
> * tests/netx/unit/net/sourceforge/jnlp/JNLPMatcherTest.java:
> This is a test case that tests the functionality of JNLPMatcher. It tests the algorithm
> with a variety of template and application JNLP files.
> * tests/netx/unit/net/sourceforge/jnlp/launchApp.jnlp:
> Launching JNLP file: This is the launching JNLP file used to compare with templates and
> application JNLP files in JNLPMatcherTest.java
> * tests/netx/unit/net/sourceforge/jnlp/templates/template0.jnlp:
> Test Template JNLP file: Contains CDATA
> * tests/netx/unit/net/sourceforge/jnlp/templates/template1.jnlp:
> Test Template JNLP file: An exact duplicate of the launching JNLP file
> * tests/netx/unit/net/sourceforge/jnlp/templates/template2.jnlp:
> Test Template JNLP file: Contains wildchars as attribute/element values
> * tests/netx/unit/net/sourceforge/jnlp/templates/template3.jnlp:
> Test Template JNLP file: Different order of element/attributes (but same value)
> * tests/netx/unit/net/sourceforge/jnlp/templates/template4.jnlp:
> Test Template JNLP file: Contains wildchars as values of ALL elements and attribute
> * tests/netx/unit/net/sourceforge/jnlp/templates/template5.jnlp:
> Test Template JNLP file: Contains comments
> * tests/netx/unit/net/sourceforge/jnlp/templates/template6.jnlp:
> Test Template JNLP file: Contains different attribute and element values
> * tests/netx/unit/net/sourceforge/jnlp/templates/template7.jnlp:
> Test Template JNLP file: Contains additional children in element
> * tests/netx/unit/net/sourceforge/jnlp/templates/template8.jnlp:
> Test Template JNLP file: Contains fewer children in element
> * tests/netx/unit/net/sourceforge/jnlp/templates/template9.jnlp:
> Test Template JNLP file: All values are different from the launching JNLP file
> * tests/netx/unit/net/sourceforge/jnlp/application/application0.jnlp:
> Test Application JNLP file: Contains CDATA
> * tests/netx/unit/net/sourceforge/jnlp/application/application1.jnlp:
> Test Application JNLP file: An exact duplicate of the launching JNLP file
> * tests/netx/unit/net/sourceforge/jnlp/application/application2.jnlp:
> Test Application JNLP file: Different order of element/attributes (but same value)
> * tests/netx/unit/net/sourceforge/jnlp/application/application3.jnlp:
> Test Application JNLP file: Contains comments
> * tests/netx/unit/net/sourceforge/jnlp/application/application4.jnlp:
> Test Application JNLP file: Contains wildchars as attribute/element values
> * tests/netx/unit/net/sourceforge/jnlp/application/application5.jnlp:
> Test Application JNLP file: Contains a different attribute (codebase) value
> * tests/netx/unit/net/sourceforge/jnlp/application/application6.jnlp:
> Test Application JNLP file: Contains additional children in element
> * tests/netx/unit/net/sourceforge/jnlp/application/application7.jnlp:
> Test Application JNLP file: Contains fewer children in element
> * tests/netx/unit/net/sourceforge/jnlp/application/application8.jnlp:
> Test Application JNLP file: All values are different from the launching JNLP file
> * Makefile.am:
> (run-netx-unit-tests) Creates directories and copies resources (JNLP files) to test.build before
> running unit test: JNLPMatcherTest
>
Nice story;) Probalby chnagelog winner:)
> --
> Cheers,
> Saad Mohammad
>
>
> Patch1.patch
>
>
> diff -r 86abbf8be0b1 Makefile.am
> --- a/Makefile.am Thu Jun 23 15:29:45 2011 +0200
> +++ b/Makefile.am Wed Jul 06 15:03:44 2011 -0400
> @@ -539,6 +539,19 @@
> run-netx-unit-tests: stamps/netx-unit-tests-compile.stamp \
> $(JUNIT_RUNNER_JAR) $(TESTS_DIR)/$(REPORT_STYLES_DIRNAME)
> cp {$(NETX_UNIT_TEST_SRCDIR),$(NETX_UNIT_TEST_DIR)}/net/sourceforge/jnlp/basic.jnlp
> + mkdir -p $(NETX_UNIT_TEST_DIR)/net/sourceforge/jnlp/templates
> + mkdir -p $(NETX_UNIT_TEST_DIR)/net/sourceforge/jnlp/application
> + cp {$(NETX_UNIT_TEST_SRCDIR),$(NETX_UNIT_TEST_DIR)}/net/sourceforge/jnlp/launchApp.jnlp
> + (cd $(NETX_UNIT_TEST_SRCDIR)/net/sourceforge/jnlp/templates/; \
> + for files in $$(find . -type f); \
> + do \
> + cp {$(NETX_UNIT_TEST_SRCDIR),$(NETX_UNIT_TEST_DIR)}/net/sourceforge/jnlp/templates/$${files}; \
> + done)
> + (cd $(NETX_UNIT_TEST_SRCDIR)/net/sourceforge/jnlp/application/; \
> + for files in $$(find . -type f); \
> + do \
> + cp {$(NETX_UNIT_TEST_SRCDIR),$(NETX_UNIT_TEST_DIR)}/net/sourceforge/jnlp/application/$${files}; \
> + done)
> cd $(NETX_UNIT_TEST_DIR) ; \
> class_names= ; \
> for test in `find -type f` ; do \
To much lines for simple copying of few resources. As I do not like resources and sources in same directories and packages, the sources structure is already adapted for this :( - but not make file.
I thing best fix here is to remove old line with basic.jnlp and instead of your code to add copying of all not .java files form this al over this package (NETX_UNIT_TEST_SRCDIR)->(NETX_UNIT_TEST_DIR)
> diff -r 86abbf8be0b1 netx/net/sourceforge/jnlp/JNLPMatcher.java
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/netx/net/sourceforge/jnlp/JNLPMatcher.java Wed Jul 06 11:37:07 2011 -0400
> @@ -0,0 +1,197 @@
> +package net.sourceforge.jnlp;
> +
> +import java.io.InputStreamReader;
> +import java.io.PipedInputStream;
> +import java.io.PipedOutputStream;
> +import java.util.Arrays;
> +import java.util.LinkedList;
> +import net.sourceforge.nanoxml.XMLElement;
> +
> +/**
> + * To compare launching JNLP file with signed APPLICATION.JNLP or
> + * APPLICATION_TEMPLATE.jnlp.
> + *
> + * Used by net.sourceforge.jnlp.runtime.JNLPCLassLoader
> + */
> +
> +public final class JNLPMatcher {
> +
> + private Node appTemplateNode = null;
> + private Node launchJNLPNode = null;
> + boolean isTemplate = false;
Those variables are just set in constructor, and then read. Make them final, (and isTemplate should be also private) - with possible getter.
When those variables will be final with no setters (as it is now! and right), then whole this class is perfectly immutable. And considering that input streams going in can not be "rewind" then you can...SHOULD... cache return value of match method. Then this method will be able to follow conventions and be named isMatch.
> +
> +
> + /**
> + * Public constructor
> + *
> + * @param appTemplate
> + * the reader stream of the signed APPLICATION.jnlp or
> + * APPLICATION_TEMPLATE.jnlp
> + * @param launchJNLP
> + * the reader stream of the launching JNLP file
> + * @param isTemplate
> + * a boolean that specifies if appTemplateFile is a template
> + * @throws JNLPMatcherException
> + * if IOException, XMLParseException is thrown during parsing; Or launchJNLP/appTemplate is null
> + */
> + public JNLPMatcher(InputStreamReader appTemplate, InputStreamReader launchJNLP, boolean isTemplate)
> + throws JNLPMatcherException {
> +
> + try {
> +
> + if (appTemplate == null&& launchJNLP == null)
> + throw new NullPointerException(
> + "Template JNLP file and Launching JNLP file are both null.");
> + else if (appTemplate == null)
> + throw new NullPointerException("Template JNLP file is null.");
> + else if (launchJNLP == null)
> + throw new NullPointerException("Launching JNLP file is null.");
> +
> + XMLElement appTemplateXML = new XMLElement();
> + XMLElement launchJNLPXML = new XMLElement();
> +
> + // Remove the comments and CDATA from the JNLP file
> + final PipedInputStream pinTemplate = new PipedInputStream();
> + final PipedOutputStream poutTemplate = new PipedOutputStream(pinTemplate);
> + appTemplateXML.sanitizeInput(appTemplate, poutTemplate);
> +
> + final PipedInputStream pinJNLPFile = new PipedInputStream();
> + final PipedOutputStream poutJNLPFile = new PipedOutputStream(pinJNLPFile);
> + launchJNLPXML.sanitizeInput(launchJNLP, poutJNLPFile);
> +
> + // Parse both files
> + appTemplateXML.parseFromReader(new InputStreamReader(pinTemplate));
> + launchJNLPXML.parseFromReader(new InputStreamReader(pinJNLPFile));
> +
> + // Initialize parent nodes
> + this.appTemplateNode = new Node(appTemplateXML);
> + this.launchJNLPNode = new Node(launchJNLPXML);
> + this.isTemplate = isTemplate;
> +
> + } catch (Exception e) {
> + throw new JNLPMatcherException(
> + "Failed to create an instance of JNLPVerify with specified InputStreamReader", e);
> + }
> + }
nice
> +
> + /**
> + * Compares both JNLP files
> + *
> + * @return true if both JNLP files are 'matched', otherwise false
> + */
> + public boolean match() {
> + return matchNodes(appTemplateNode, launchJNLPNode);
When this class will become immutable, then this can look like:
if (match==null) {match=matchNodes(appTemplateNode, launchJNLPNode);}; return match;
Where match is class private variable of type Boolean, which will make the caching.
Please note, that as it is written now, double call of match() will cause an exception, which should not be JNLPMatcherException excepion.
Upper fix should be enough for this issue.
> + }
> +
> + /**
> + * Compares two Nodes regardless of the order of their children/attributes
> + *
> + * @param appTemplate
> + * signed application or template's Node
> + * @param launchJNLP
> + * launching JNLP file's Node
> + *
> + * @return true if both Nodes are 'matched', otherwise false
> + */
> + private boolean matchNodes(Node appTemplate, Node launchJNLP) {
> +
> + if (appTemplate != null&& launchJNLP != null) {
> +
> + Node appTemplateNode = (Node) appTemplate;
> + Node launchJNLPNode = (Node) launchJNLP;
Please rename Node variables (are hidingglobal fields with same names) and remove useless type cast. (just recommendation)
> +
> + //Store children of Node
> + LinkedList<Node> appTemplateChild = new LinkedList<Node>(Arrays.asList(appTemplateNode
> + .getChildNodes()));
> + LinkedList<Node> launchJNLPChild = new LinkedList<Node>(Arrays.asList(launchJNLPNode
> + .getChildNodes()));
Those should be just List<Node> app...= new LinkedList.... (just recommendation)
> +
> + // Compare only if both Nodes have the same name, else return false
> + if (appTemplateNode.getNodeName().equals(launchJNLPNode.getNodeName())) {
> +
> + if (appTemplateChild.size() == launchJNLPChild.size()) { // Compare children
> +
> + int childLength = appTemplateChild.size();
> +
> + for (int i = 0; i< childLength;) {
> + for (int j = 0; j< childLength; j++) {
> + boolean isSame = matchNodes(appTemplateChild.get(i),
> + launchJNLPChild.get(j));
> +
> + if (!isSame&& j == childLength - 1)
> + return false;
> + else if (isSame) { // If both child matches, remove them from the list of children
> + appTemplateChild.remove(i);
> + launchJNLPChild.remove(j);
> + --childLength;
> + break;
> + }
> + }
> + }
> +
> +
> + if (!appTemplateNode.getNodeValue().equals(launchJNLPNode.getNodeValue())) {
> +
> + //If it's a template and the template's value is NOT '*'
> + if (isTemplate&& !appTemplateNode.getNodeValue().equals("*"))
> + return false;
> + //Else if it's not a template, then return false
> + else if (!isTemplate)
> + return false;
> + }
> + //Compare attributes of both Nodes
> + return matchAttributes(appTemplateNode, launchJNLPNode);
> + }
> +
> + }
> + }
> + return false;
> + }
> +
> + /**
> + * Compares attributes of two Nodes regardless of order
> + *
> + * @param appTemplateNode
> + * signed application or template's Node with attributes
> + * @param launchJNLPNode
> + * launching JNLP file's Node with attributes
> + *
> + * @return true if both Nodes have 'matched' attributes, otherwise false
> + */
> + private boolean matchAttributes(Node appTemplateNode, Node launchJNLPNode) {
> +
> + if (appTemplateNode != null&& launchJNLPNode != null) {
> +
> + String [] appTemplateAttributes = appTemplateNode.getAttributeNames();
> + String [] launchJNLPAttributes = launchJNLPNode.getAttributeNames();
> +
List and Collections framework will serve you well. Chose one of them and do not convert in vain;)
> + Arrays.sort(appTemplateAttributes);
> + Arrays.sort(launchJNLPAttributes);
> +
> + if (appTemplateAttributes.length == launchJNLPAttributes.length) {
> +
> + int size= appTemplateAttributes.length; //Number of attributes
> +
> + for (int i = 0; i< size; i++) {
> +
> + if (launchJNLPAttributes[i].equals(appTemplateAttributes[i])){ // If both Node's attribute name are the same then compare the values
> +
> + String attribute = launchJNLPAttributes[i];
> + boolean isSame = appTemplateNode.getAttribute(attribute).equals(// Check if the Attribute values match
> + launchJNLPNode.getAttribute(attribute));
> +
> + if (!isTemplate&& !isSame)
> + return false;
> + else if (isTemplate&& !isSame
> +&& !appTemplateNode.getAttribute(attribute).equals("*"))
> + return false;
> +
> + } else // If attributes names do not match, return false
> + return false;
> + }
> + return true;
> + }
> + }
> + return false;
> + }
> +}
> diff -r 86abbf8be0b1 netx/net/sourceforge/jnlp/JNLPMatcherException.java
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/netx/net/sourceforge/jnlp/JNLPMatcherException.java Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,16 @@
> +package net.sourceforge.jnlp;
> +
> +public class JNLPMatcherException extends Exception
> +{
> + private static final long serialVersionUID = 1L;
> +
> + public JNLPMatcherException(String message)
> + {
> + super(message);
> + }
> +
> + public JNLPMatcherException(String message, Throwable cause)
> + {
> + super(message, cause);
> + }
> +}
TYVM!
> diff -r 86abbf8be0b1 netx/net/sourceforge/jnlp/Node.java
> --- a/netx/net/sourceforge/jnlp/Node.java Thu Jun 23 15:29:45 2011 +0200
> +++ b/netx/net/sourceforge/jnlp/Node.java Tue Jul 05 14:53:27 2011 -0400
> @@ -19,6 +19,7 @@
> private XMLElement xml;
> private Node next;
> private Node children[];
> + private String attributeNames[];
>
> Node(XMLElement xml) {
> this.xml = xml;
> @@ -60,6 +61,19 @@
>
> return children;
> }
> +
> + String[] getAttributeNames() {
> + if (attributeNames == null) {
> + List<String> list = new ArrayList<String>();
> +
> + for (Enumeration e = xml.enumerateAttributeNames(); e.hasMoreElements();)
> + list.add(new String((String) e.nextElement()));
> +
> + attributeNames = list.toArray(new String[list.size()]);
> +
> + }
> + return attributeNames;
> + }
>
(recommandationon)
This smells bad:)
The onkly usage of ths method is in String [] launchJNLPAttributes = launchJNLPNode.getAttributeNames();
This array is then sorted and iterated through.
Here you create an (Empty!) arraylist, iterate through enumeration (without known size) and fill arraylist. Why tehn convert an array?
My recomandation here is to change attributeNames to List<String> (and use eg unmodifficable list or whatever).
You are following children[], I thing you do not need. Everybody can call List.toArray!
> String getAttribute(String name) {
> return (String) xml.getAttribute(name);
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/JNLPMatcherTest.java
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/JNLPMatcherTest.java Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,332 @@
> +package net.sourceforge.jnlp;
> +
> +import static org.junit.Assert.fail;
> +
> +import java.io.IOException;
> +import java.io.InputStream;
> +import java.io.InputStreamReader;
> +import junit.framework.Assert;
> +import org.junit.After;
> +import org.junit.Before;
> +import org.junit.Test;
> +
> +public class JNLPMatcherTest {
> +
> + String tests[] = {
> + "Testing template with CDATA",
> + "Testing template with an exact duplicate of the launching JNLP file",
> + "Testing template with wildchars as attribute/element values",
> + "Testing template with attributes/elements in different order",
> + "Testing template with wildchars as ALL element/attribute values",
> + "Testing template with comments",
> + "Testing template with different attribute/element values",
> + "Testing template by adding an additional children to element",
> + "Testing template by removing children from element",
> + "Testing template with a complete different JNLP template file ",
> + "Testing application with CDATA",
> + "Testing application with an exact duplicate of the launching JNLP file",
> + "Testing application with the same element/attribute name and value pair in different orders",
> + "Testing application with comments",
> + "Testing application with wildchars as attribute/element values",
> + "Testing application with a different codebase attribute value",
> + "Testing application by adding additional children to element",
> + "Testing application by removing children from element",
> + "Testing application with a complete different JNLP application file " };
> +
nice!
> + JNLPMatcher test;
> + InputStreamReader fileReader;
> + InputStreamReader launchReader;
Remove those three global fields and use them locally please. Minimze of variable scope is (more then) good habbit.
> + ClassLoader cl = JNLPMatcherTest.class.getClassLoader();
make him final.
> +
> + int i = 0;
remove this i - see lower
> +
> + @Before
> + public void setUp() throws Exception {
> +
> + InputStream launchStream = cl.getResourceAsStream("net/sourceforge/jnlp/launchApp.jnlp");
> + launchReader = new InputStreamReader(launchStream);
> +
> + }
This is misuse of setUp/tear down.
Create eg method getResource(String path) which will return InputStreamReader like this ^^ method. and getLunchResoyrce wwhich will just call getResource with "net/sourceforge/jnlp/launchApp.jnlp", and teh use those two ethods in every test.
Dont forget to closeing streams (as you are doing now).
> +
> + @Test
> + public void testTemplateCDATA() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/templates/template0.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, true);
> +
> + Assert.assertEquals(tests[i], true, test.match());
> +
> + fileReader.close();
> + }
> +
> + @Test
> + public void testTemplateDuplicate() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/templates/template1.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, true);
> +
> + Assert.assertEquals(tests[i], true, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testTemplateWildCharsRandom() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/templates/template2.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, true);
> +
> + Assert.assertEquals(tests[i], true, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testTemplateDifferentOrder() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/templates/template3.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, true);
> +
> + Assert.assertEquals(tests[i], true, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testTemplateWildCharsAsAllValues() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/templates/template4.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, true);
> +
> + Assert.assertEquals(tests[i], true, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testTemplateComments() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/templates/template5.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, true);
> +
> + Assert.assertEquals(tests[i], true, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testTemplateDifferentValues() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/templates/template6.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, true);
> +
> + Assert.assertEquals(tests[i], false, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testTemplateExtraChild() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/templates/template7.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, true);
> +
> + Assert.assertEquals(tests[i], false, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testTemplateFewerChild() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/templates/template8.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, true);
> +
> + Assert.assertEquals(tests[i], false, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testTemplateDifferentFile() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/templates/template9.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, true);
> +
> + Assert.assertEquals(tests[i], false, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testApplicationCDATA() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/application/application0.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, false);
> +
> + Assert.assertEquals(tests[i], true, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testApplicationDuplicate() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/application/application1.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, false);
> +
> + Assert.assertEquals(tests[i], true, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testApplicationDifferentOrder() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/application/application2.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, false);
> +
> + Assert.assertEquals(tests[i], true, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testApplicationComments() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/application/application3.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, false);
> +
> + Assert.assertEquals(tests[i], true, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testApplicationWildCharsRandom() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/application/application4.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, false);
> +
> + Assert.assertEquals(tests[i], false, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testApplicationDifferentCodebaseValue() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/application/application5.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, false);
> +
> + Assert.assertEquals(tests[i], false, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testApplicationExtraChild() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/application/application6.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, false);
> +
> + Assert.assertEquals(tests[i], false, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testApplicationFewerChild() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/application/application7.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, false);
> +
> + Assert.assertEquals(tests[i], false, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testApplicationDifferentFile() throws JNLPMatcherException, IOException {
> +
> + InputStream fileStream = cl
> + .getResourceAsStream("net/sourceforge/jnlp/application/application8.jnlp");
> + fileReader = new InputStreamReader(fileStream);
> +
> + test = new JNLPMatcher(fileReader, launchReader, false);
> +
> + Assert.assertEquals(tests[i], false, test.match());
> + fileReader.close();
> + }
> +
> + @Test
> + public void testNullJNLPFiles() {
> +
> + fileReader = null;
> +
> + try {
> + test = new JNLPMatcher(null, launchReader, false);
> + fail("Created an instance of JNLPMatcher with a null JNLP reader parameter");
> + } catch (JNLPMatcherException e) {
> + // Do nothing, test passed
> + }
> +
> + try {
> + test = new JNLPMatcher(fileReader, null, false);
> + fail("Created an instance of JNLPMatcher with a null launching JNLP reader parameter");
> + } catch (JNLPMatcherException e) {
> + // Do nothing, test passed
> + }
> +
> + try {
> + test = new JNLPMatcher(null, null, false);
> + fail("Created an instance of JNLPMatcher with both JNLP reader as null parameters");
> + } catch (JNLPMatcherException e) {
> + // Do nothing, test passed
> + }
NOT DO NOTHING :DD
save exception, and assertequals with expected exception;)
> + }
> +
> + @After
> + public void tearDown() throws Exception {
> + launchReader.close();
> + i++;
> + }
> +
this 'i' approach is dangerous. The order of tests is not guaranted.And because you are using this i just for output, please use tests[1]... (with numbers instead f variable).
To be honsest - nice set of tests. Some exceptions are never thrown but those test may be added later (...==never? :) )
> +}
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/application/application0.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/application/application0.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,27 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+"
> + codebase="file"
> + href="www.redhat.com"
> +>
> +
> +<!CDATA[
> + Text you want to escape goes here...
> +<test> random tag test</test>
> + ]]>
> +
> +<information>
> +<title>Sample Test</title>
> +<vendor>RedHat</vendor>
> +<offline-allowed/>
> +
> +</information>
> +
> +
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +
> +
> +<application-desc main-class='Test' />
> +</jnlp>
> \ No newline at end of file
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/application/application1.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/application/application1.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,13 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" codebase="file" href="www.redhat.com">
> +<information>
> +<title>Sample Test</title>
> +<vendor>RedHat</vendor>
> +<offline-allowed />
> +</information>
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/application/application2.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/application/application2.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,13 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" href="www.redhat.com" codebase="file">
> +<resources>
> +<jar main='true' href='myResource.jar' />
> +<j2se version='1.6+' />
> +</resources>
> +<information>
> +<vendor>RedHat</vendor>
> +<title>Sample Test</title>
> +<offline-allowed />
> +</information>
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/application/application3.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/application/application3.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,18 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" codebase="file" href="www.redhat.com">
> +<information>
> +<!-- This is my comment-->
> +<title>Sample Test</title>
> +<vendor>RedHat</vendor>
> +<offline-allowed />
> +<!-- This is my comment-->
> +</information>
> +<!-- This is my comment-->
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +<!-- This is my comment-->
> +<application-desc main-class='Test' />
> +</jnlp>
> +<!-- This is my comment-->
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/application/application4.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/application/application4.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,13 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" codebase="file" href="*">
> +<information>
> +<title>Sample Test</title>
> +<vendor>*</vendor>
> +<offline-allowed />
> +</information>
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/application/application5.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/application/application5.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,13 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" codebase="somefile" href="www.redhat.com">
> +<information>
> +<title>Sample Test</title>
> +<vendor>RedHat</vendor>
> +<offline-allowed />
> +</information>
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/application/application6.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/application/application6.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,16 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" codebase="file" href="www.redhat.com">
> +<information>
> +<title>Sample Test</title>
> +<vendor>RedHat</vendor>
> +<offline-allowed />
> +<shortcut>
> +<desktop />
> +</shortcut>
> +</information>
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/application/application7.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/application/application7.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,11 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" codebase="file" href="www.redhat.com">
> +<information>
> +<title>Sample Test</title>
> +<vendor>RedHat</vendor>
> +</information>
> +<resources>
> +<j2se version='1.6+' />
> +</resources>
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/application/application8.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/application/application8.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,14 @@
> +<?xml version="1.0" encoding="utf-8"?>
> +<jnlp spec="1.2+" codebase="file:///home/smohammad/Desktop/Test/" href="Sample2.jnlp">
> +<information>
> +<title>Sample</title>
> +<vendor>RedHat</vendor>
> +<description>This is a sample to test a bug</description>
> +<offline-allowed />
> +<icon href="red.gif" />
> +</information>
> +<resources>
> +<jar version="1.2+" href="myResource2.jar" />
> +</resources>
> +<application-desc main-class="test.Runner" />
> +</jnlp>
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/launchApp.jnlp Tue Jul 05 15:23:48 2011 -0400
> @@ -0,0 +1,23 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+"
> + codebase="file"
> + href="www.redhat.com"
> +>
> +
> +<information>
> +<title>Sample Test</title>
> +<vendor>RedHat</vendor>
> +<offline-allowed/>
> +
> +</information>
> +
> +
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +
> +
> +<application-desc main-class='Test' />
> +</jnlp>
> +
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/templates/template0.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/templates/template0.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,28 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+"
> + codebase="file"
> + href="*"
> +>
> +
> +<information>
> +<title>Sample Test</title>
> +<vendor>RedHat</vendor>
> +<offline-allowed/>
> +
> +</information>
> +
> +
> +<!CDATA[
> + Text you want to escape goes here...
> +<test> random tag test</test>
> + ]]>
> +
> +
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +
> +
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/templates/template1.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/templates/template1.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,13 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" codebase="file" href="*">
> +<information>
> +<title>Sample Test</title>
> +<vendor>RedHat</vendor>
> +<offline-allowed />
> +</information>
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/templates/template2.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/templates/template2.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,13 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" codebase="file" href="*">
> +<information>
> +<title>Sample Test</title>
> +<vendor>*</vendor>
> +<offline-allowed />
> +</information>
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/templates/template3.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/templates/template3.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,13 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" codebase="file" href="*">
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +<information>
> +<vendor>RedHat</vendor>
> +<title>Sample Test</title>
> +<offline-allowed />
> +</information>
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/templates/template4.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/templates/template4.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,13 @@
> +<?xml version="*"?>
> +<jnlp spec="*" codebase="*" href="*">
> +<information>
> +<title>*</title>
> +<vendor>*</vendor>
> +<offline-allowed />
> +</information>
> +<resources>
> +<j2se version='*' />
> +<jar href='*' main='*' />
> +</resources>
> +<application-desc main-class='*' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/templates/template5.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/templates/template5.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,23 @@
> +<?xml version="*"?>
> +<jnlp spec="*"
> + codebase="*"
> + href="*"
> +>
> +
> +<information>
> +<!-- This is my comment-->
> +<title>*</title>
> +<vendor>*</vendor>
> +<offline-allowed/>
> +</information>
> +
> +<!-- This is my comment-->
> +
> +<resources>
> +<j2se version='*' />
> +<jar href='*' main='*' />
> +</resources>
> +
> +
> +<application-desc<!-- This is my comment--> main-class='*' />
> +</jnlp>
> \ No newline at end of file
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/templates/template6.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/templates/template6.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,13 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" codebase="randomcodebase" href="*">
> +<information>
> +<title>Test Sample</title>
> +<vendor>RedHat</vendor>
> +<offline-allowed />
> +</information>
> +<resources>
> +<j2se version='22+' />
> +<jar href='myResource2.jar' main='true' />
> +</resources>
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/templates/template7.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/templates/template7.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,16 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" codebase="file" href="*">
> +<information>
> +<title>Sample Test</title>
> +<vendor>RedHat</vendor>
> +<shortcut>
> +<desktop />
> +</shortcut>
> +<offline-allowed />
> +</information>
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/templates/template8.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/templates/template8.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,8 @@
> +<?xml version="1.0"?>
> +<jnlp spec="1.5+" codebase="file" href="www.redhat.com">
> +<resources>
> +<j2se version='1.6+' />
> +<jar href='myResource.jar' main='true' />
> +</resources>
> +<application-desc main-class='Test' />
> +</jnlp>
> diff -r 86abbf8be0b1 tests/netx/unit/net/sourceforge/jnlp/templates/template9.jnlp
> --- /dev/null Thu Jan 01 00:00:00 1970 +0000
> +++ b/tests/netx/unit/net/sourceforge/jnlp/templates/template9.jnlp Tue Jul 05 14:53:27 2011 -0400
> @@ -0,0 +1,14 @@
> +<?xml version="1.0" encoding="utf-8"?>
> +<jnlp spec="1.2+" codebase="file:///home/smohammad/Desktop/Test/" href="Sample2.jnlp">
> +<information>
> +<title>Sample</title>
> +<vendor>RedHat</vendor>
> +<description>This is a sample to test a bug</description>
> +<offline-allowed />
> +<icon href="red.gif" />
> +</information>
> +<resources>
> +<jar version="1.2+" href="myResource2.jar" />
> +</resources>
> +<application-desc main-class="test.Runner" />
> +</jnlp>
>
>
> Patch2.patch
>
>
> diff -r 86abbf8be0b1 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Thu Jun 23 15:29:45 2011 +0200
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Jul 05 16:31:01 2011 -0400
> @@ -19,8 +19,10 @@
>
> import java.io.File;
> import java.io.FileOutputStream;
> +import java.io.FileReader;
> import java.io.IOException;
> import java.io.InputStream;
> +import java.io.InputStreamReader;
> import java.net.MalformedURLException;
> import java.net.URL;
> import java.net.URLClassLoader;
> @@ -51,6 +53,8 @@
> import net.sourceforge.jnlp.ExtensionDesc;
> import net.sourceforge.jnlp.JARDesc;
> import net.sourceforge.jnlp.JNLPFile;
> +import net.sourceforge.jnlp.JNLPMatcher;
> +import net.sourceforge.jnlp.JNLPMatcherException;
> import net.sourceforge.jnlp.LaunchException;
> import net.sourceforge.jnlp.ParseException;
> import net.sourceforge.jnlp.PluginBridge;
> @@ -80,7 +84,11 @@
> // todo: initializePermissions should get the permissions from
> // extension classes too so that main file classes can load
> // resources in an extension.
> -
> +
> + /** Signed JNLP File and Template */
> + final public static String template = "JNLP-INF/APPLICATION_TEMPLATE.JNLP";
> + final public static String application = "JNLP-INF/APPLICATION.JNLP";
> +
> /** map from JNLPFile url to shared classloader */
> private static Map<String, JNLPClassLoader> urlToLoader =
> new HashMap<String, JNLPClassLoader>(); // never garbage collected!
> @@ -158,8 +166,9 @@
> * Create a new JNLPClassLoader from the specified file.
> *
> * @param file the JNLP file
> + * @throws JNLPMatcherException if signed JNLP file failed to be verified or did not match
> */
> - protected JNLPClassLoader(JNLPFile file, UpdatePolicy policy) throws LaunchException {
> + protected JNLPClassLoader(JNLPFile file, UpdatePolicy policy) throws LaunchException, JNLPMatcherException {
> super(new URL[0], JNLPClassLoader.class.getClassLoader());
>
> if (JNLPRuntime.isDebug())
> @@ -273,8 +282,9 @@
> *
> * @param file the file to load classes for
> * @param policy the update policy to use when downloading resources
> + * @throws JNLPMatcherException if signed JNLP file failed to be verified or did not match
> */
> - public static JNLPClassLoader getInstance(JNLPFile file, UpdatePolicy policy) throws LaunchException {
> + public static JNLPClassLoader getInstance(JNLPFile file, UpdatePolicy policy) throws LaunchException, JNLPMatcherException {
> JNLPClassLoader baseLoader = null;
> JNLPClassLoader loader = null;
> String uniqueKey = file.getUniqueKey();
> @@ -341,9 +351,10 @@
> * @param location the file's location
> * @param version the file's version
> * @param policy the update policy to use when downloading resources
> + * @throws JNLPMatcherException if signed JNLP file failed to be verified or did not match
> */
> public static JNLPClassLoader getInstance(URL location, String uniqueKey, Version version, UpdatePolicy policy)
> - throws IOException, ParseException, LaunchException {
> + throws IOException, ParseException, LaunchException, JNLPMatcherException {
> JNLPClassLoader loader = urlToLoader.get(uniqueKey);
>
> if (loader == null || !location.equals(loader.getJNLPFile().getFileLocation()))
> @@ -403,7 +414,7 @@
> * Load all of the JARs used in this JNLP file into the
> * ResourceTracker for downloading.
> */
> - void initializeResources() throws LaunchException {
> + void initializeResources() throws LaunchException, JNLPMatcherException {
> JARDesc jars[] = resources.getJARs();
> if (jars == null || jars.length == 0)
> return;
> @@ -471,8 +482,135 @@
> //otherwise this jar is simply unsigned -- make sure to ask
> //for permission on certain actions
> }
> +
> + if (js.anyJarsSigned()) {
> + //If there are any signed Jars, check if JNLP file is signed
> +
> + if (JNLPRuntime.isDebug())
> + System.out.println("STARTING check for signed JNLP file...");
> +
> + for (int i = 0; i< jars.length; i++) {
> + List<JARDesc> eachJar = new ArrayList<JARDesc>();
> + JarSigner signer = new JarSigner();
> + eachJar.add(jars[i]); //Adds only the single jar to check if the jar has a valid signature
> +
> + tracker.addResource(jars[i].getLocation(), jars[i].getVersion(),
> + getDownloadOptionsForJar(jars[i]),
> + jars[i].isCacheable() ? JNLPRuntime.getDefaultUpdatePolicy()
> + : UpdatePolicy.FORCE);
> +
> + try {
> + signer.verifyJars(eachJar, tracker);
> +
> + if (signer.allJarsSigned()) { //If the jar is signed
> + URL location = jars[i].getLocation();
> + File localFile = tracker.getCacheFile(location);
> +
> +
> + if(localFile == null)
> + {
> + throw new JNLPMatcherException("Could not locate jar file, returned null");
> + }
> +
> + else{
> + try {
> + JarFile jarFile = new JarFile(localFile);
> + Enumeration<JarEntry> entries = jarFile.entries();
> + JarEntry je;
> +
> + while (entries.hasMoreElements()) {
> + je = entries.nextElement();
> + String jeName = je.getName().toUpperCase();
> +
> + if (jeName.equals(template) || jeName.equals(application)) {
> +
> + if (JNLPRuntime.isDebug())
> + System.out.println("\tCreating Jar InputStream from Jar Entry");
> +
> + InputStream inStream = jarFile.getInputStream(je);
> + InputStreamReader inputReader = new InputStreamReader(
> + inStream);
> +
> + if (JNLPRuntime.isDebug())
> + System.out.println("\tCreating File InputStream from lauching JNLP file");
> +
> + JNLPFile jnlp = this.getJNLPFile();
> + URL url = jnlp.getFileLocation();
> + File jn = null;
> +
> + if (url.getProtocol().equals("file")) // If the file is on the local file system, use original path, otherwise find cache file
> + jn = new File(url.getPath());
> + else
> + jn = CacheUtil.getCacheFile(url, null);
> +
> + FileReader fr = new FileReader(jn);
> + InputStreamReader jnlpReader = fr;
> + JNLPMatcher matcher;
> +
> + try {
> +
> + if (jeName.equals(application)) { // If application was found
> +
> + if (JNLPRuntime.isDebug())
> + System.out.println("\tAPPLICATION.JNLP has been located within signed JAR. Starting verfication...");
> +
> + matcher = new JNLPMatcher(inputReader, jnlpReader, false);
> + } else // Otherwise template was
> + // found
> + {
> + if (JNLPRuntime.isDebug())
> + System.out
> + .println("\tAPPLICATION_TEMPLATE.JNLP has been located within signed JAR. Starting verfication...");
> +
> + matcher = new JNLPMatcher(inputReader,jnlpReader, true);
> + }
> +
> + if (!matcher.match())
> + throw new JNLPMatcherException(
> + "Signed Application did not match launching JNLP File");
> +
> + if (JNLPRuntime.isDebug())
> + System.out
> + .println("\t** Signed Application Verification Successful **");
> +
> + break; // break while loop
> +
> + } catch (Exception e) {
> + throw new JNLPMatcherException(e.getMessage(), e);
> + }
> + }
> +
> + }
> + } catch (IOException e) { //'new JarFile(localFile)' throws an IOException
> + if (JNLPRuntime.isDebug())
> + e.printStackTrace();
> +
> + //After this exception is caught, it is escaped.
> + //If this exception is thrown when creating an instance of JarFile,
> + //it will skip that jarFile and move on to the next jarFile (if there are any)
> + }
> + }
> + }
> + } catch (JNLPMatcherException e) {
> + //Throw e if signed JNLP file failed to be verified
> + //Throwing this exception will fail to initialize the application resulting in the termination of the application
> + throw e;
> +
> + } catch (Exception e) {
> + if (JNLPRuntime.isDebug())
> + e.printStackTrace();
> +
> + //After this exception is caught, it is escaped.
> + //If an exception is thrown while handling the jar file (mainly for JarSigner.verifyJars)
> + //it will consider the jar file to be unsigned and skip on to the next jar file (if there are any)
> + }
> + }
> + if (JNLPRuntime.isDebug())
> + System.out.println("ENDING check for signed JNLP file...");
> + }
> }
>
> +
> for (JARDesc jarDesc : file.getResources().getJARs()) {
> try {
> File cachedFile = tracker.getCacheFile(jarDesc.getLocation());
Generally the classlaoder seams doing what expected, but Deepak must say final word to it. Please discuss with me adding of reproducrs when time will come.
Regards and thanx for yor effort!
J.
More information about the distro-pkg-dev
mailing list