[RFC][icedtea-web] extend reproducers engine for signed applications
Jiri Vanek
jvanek at redhat.com
Tue Sep 20 07:42:24 PDT 2011
Hi!
This is second attempt to enchant reproducers engine for signed ones. It introduce new directory tests/jnlp_tests/signed/. Reproducers in this directory should follow simple reproducers rules and are threaten in same way as simple ones except fact that are signed at the end of preparation process.
This changes are included in *signedReproducersEngine*.
There exists also ReadPropertiesSigned demo reproducer for engine. This one is included in *signedReproducersExample*.
Whole concept have one flaw - "accept certificate" dialog rised each time signed reproducer was lunched. Thats why I have added -XtrustAll option to icedtea-web source. This change is included in *xtrustAll* patch. Patch is quite simple and is affecting all methods which popuped dialog with certificate. It simply do not show dialog and return "accepted" to icedtea-web.
I was afraid, tahat -XtrustAll could be misused in way described in ReadPropertiesBySignedHack (included in *xtrustAllHack*) - that xtrustall can be setted on by reflection from signed code (this is possible) and then unsigned content can be loaded but it is not (luckily) possible, as SecurityMAnager is compalining about different signature (which is correct behaviour)
I'm not sure weather to include this patch into icedtea-web.
All patches are available as one big patch in *reproducersAll* file.
2011-09-20 Jiri Vanek <jvanek at redhat.com>
+++(signedReproducersEngine)+++
Added signed reproducers engine and examples
*Makefile.am added variable KEYSTORE_NAME
(stamps/junit-jnlp-dist-dirs): creates stamp and depend on next two targets
(junit-jnlp-dist-simple.txt): creates list of simple reproducers, extracted from ^
(junit-jnlp-dist-signed.txt): creates list of signed reproducers
(stamps/netx-dist-tests-prepare-reproducers.stamp): now traverse over signed and simple
(stamps/netx-dist-tests-sign-some-reproducers.stamp): depends on ^, traverse through signed reproducers and sign them
(stamps/netx-dist-tests-compile-testcases.stamp): now traverse over signed and simple
(stamps/bootstrap-directory.stamp): creates symlinks/stubs to jarsigner and keytool
(clean-netx-dist-tests):remove new stamps, signed and simple list and keysstore
*acinclude.m4: declared to proceed IT_FIND_KEYTOOL and IT_FIND_JARSIGNER macro
*configure.ac: declared macros to check for keytool and jarsigner
*tests/jnlp_tests/README: mentioned signed directory
+++(xtrustAll)+++
*netx/net/sourceforge/jnlp/runtime/Boot.java: (main): added logic to handle -Xtrustall option
*netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java: declared private static boolean trustAll=false; with public getter and pkg.private setter
*netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: (checkTrustWithUser): modified, when XtrustAll declared, then user is not asked and certificate is trusted
*netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java: (askUser): --||--
+++(xtrustAllHack)+++
*tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp: jnlp file to lunch ReadPropertiesBySignedHack, notice please dependenci on ReadProperties.jar from simple reproducers
*tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java - this reproducers verify, that even reflection-by enabled XtrustAll will not allow to lunch unsigned code
*tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java: testcase for ^
+++(signedReproducersExample)+++
*tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned1.jnlp:
*tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned2.jnlp:
*tests/jnlp_tests/signed/ReadPropertiesSigned/testcases/ReadPropertiesSignedTest.java:
*tests/jnlp_tests/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java: ^,^^, ^^^ example of signed reproducer
*tests/jnlp_tests/simple/ReadProperties/srcs/ReadProperties.java: now prints out got variable for comparsion with ^
+++(.*)+++ will not be included in changelog if patch applied as one.
Best Regard J.
ps: This patch was originally discused at http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-June/014832.html and http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2011-June/014919.htmll and *message-threads around*.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: xtrustAll
Url: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20110920/593fc060/xtrustAll.ksh
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: signedReproducersExample
Url: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20110920/593fc060/signedReproducersExample.ksh
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: xtrustAllHack
Url: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20110920/593fc060/xtrustAllHack.ksh
-------------- next part --------------
diff -r e9a9792ee189 Makefile.am
--- a/Makefile.am Thu Sep 15 15:27:40 2011 +0200
+++ b/Makefile.am Tue Sep 20 15:35:19 2011 +0200
@@ -22,6 +22,7 @@
JNLP_TESTS_ENGINE_DIR=$(TESTS_DIR)/netx/jnlp_testsengine
JNLP_TESTS_SERVER_DEPLOYDIR=$(TESTS_DIR)/jnlp_test_server
JNLP_TESTS_DIR=$(TESTS_DIR)/jnlp_tests
+KEYSTORE_NAME=teststore.ks
JUNIT_RUNNER_JAR=$(abs_top_builddir)/junit-runner.jar
@@ -455,39 +456,61 @@
@junit-runner-source-files.txt && \
$(BOOT_DIR)/bin/jar cf $@ -C $(JUNIT_RUNNER_DIR) .
-junit-jnlp-dist-dirs.txt:
+stamps/junit-jnlp-dist-dirs: junit-jnlp-dist-simple.txt junit-jnlp-dist-signed.txt
mkdir -p $(JNLP_TESTS_SERVER_DEPLOYDIR)
mkdir -p $(JNLP_TESTS_DIR)
mkdir -p $(JNLP_TESTS_ENGINE_DIR)
+ touch $@
+
+junit-jnlp-dist-simple.txt:
cd $(JNLP_TESTS_SRCDIR)/simple/ ; \
find . -maxdepth 1 -mindepth 1 | sed "s/.\/*//" > $(abs_top_builddir)/$@
-stamps/netx-dist-tests-prepare-reproducers.stamp: junit-jnlp-dist-dirs.txt
- simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-dirs.txt `); \
- for dir in "$${simpleReproducers[@]}" ; do \
- echo "processing: $$dir" ; \
- mkdir -p $(JNLP_TESTS_DIR)/$$dir ; \
- d=`pwd` ; \
- cd $(JNLP_TESTS_SRCDIR)/simple/$$dir/srcs/ ; \
- srcFiles=`find . -mindepth 1 -type f -name "*.java" | sed "s/.\/*//"` ; \
- notSrcFiles=`find . -mindepth 1 -type f \! -name "*.java" | sed "s/.\/*//"` ; \
- $(BOOT_DIR)/bin/javac -d $(JNLP_TESTS_DIR)/$$dir/ $$srcFiles ; \
- if [ -n "$$notSrcFiles" ] ; then \
- cp -R --parents $$notSrcFiles $(JNLP_TESTS_DIR)/$$dir/ ; \
- fi ; \
- cd $(JNLP_TESTS_DIR)/$$dir/ ; \
- $(BOOT_DIR)/bin/jar cf $(JNLP_TESTS_SERVER_DEPLOYDIR)/$$dir.jar * ; \
- cd $$d ; \
- cp -R $(JNLP_TESTS_SRCDIR)/simple/$$dir/resources/* $(JNLP_TESTS_SERVER_DEPLOYDIR)/ ; \
+junit-jnlp-dist-signed.txt:
+ cd $(JNLP_TESTS_SRCDIR)/signed/ ; \
+ find . -maxdepth 1 -mindepth 1 | sed "s/.\/*//" > $(abs_top_builddir)/$@
+
+stamps/netx-dist-tests-prepare-reproducers.stamp: stamps/junit-jnlp-dist-dirs
+ types=(simple signed); \
+ for which in "$${types[@]}" ; do \
+ simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-$$which.txt `); \
+ for dir in "$${simpleReproducers[@]}" ; do \
+ echo "processing: $$dir" ; \
+ mkdir -p $(JNLP_TESTS_DIR)/$$dir ; \
+ d=`pwd` ; \
+ cd $(JNLP_TESTS_SRCDIR)/$$which/$$dir/srcs/ ; \
+ srcFiles=`find . -mindepth 1 -type f -name "*.java" | sed "s/.\/*//"` ; \
+ notSrcFiles=`find . -mindepth 1 -type f \! -name "*.java" | sed "s/.\/*//"` ; \
+ $(BOOT_DIR)/bin/javac -d $(JNLP_TESTS_DIR)/$$dir/ $$srcFiles ; \
+ if [ -n "$$notSrcFiles" ] ; then \
+ cp -R --parents $$notSrcFiles $(JNLP_TESTS_DIR)/$$dir/ ; \
+ fi ; \
+ cd $(JNLP_TESTS_DIR)/$$dir/ ; \
+ $(BOOT_DIR)/bin/jar cf $(JNLP_TESTS_SERVER_DEPLOYDIR)/$$dir.jar * ; \
+ cd $$d ; \
+ cp -R $(JNLP_TESTS_SRCDIR)/$$which/$$dir/resources/* $(JNLP_TESTS_SERVER_DEPLOYDIR)/ ; \
+ done ; \
done ; \
mkdir -p stamps && \
touch $@
+stamps/netx-dist-tests-sign-some-reproducers.stamp: stamps/netx-dist-tests-prepare-reproducers.stamp
+ alias=icedteaweb; \
+ keystore=$(abs_top_builddir)/$(KEYSTORE_NAME); \
+ pass=123456789; \
+ $(BOOT_DIR)/bin/keytool -genkey -alias $$alias -keystore $$keystore -keypass $$pass -storepass $$pass -dname "cn=$$alias, ou=$$alias, o=$$alias, c=$$alias" ; \
+ signedReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-signed.txt `); \
+ for dir in "$${signedReproducers[@]}" ; do \
+ $(BOOT_DIR)/bin/jarsigner -keystore $$keystore -storepass $$pass -keypass $$pass $(JNLP_TESTS_SERVER_DEPLOYDIR)/$$dir.jar $$alias ; \
+ done ; \
+ mkdir -p stamps && \
+ touch $@
+
netx-dist-tests-source-files.txt:
find $(JNLP_TESTS_ENGINE_SRCDIR) -name '*.java' | sort > $@
stamps/netx-dist-tests-compile.stamp: stamps/netx.stamp \
- junit-jnlp-dist-dirs.txt netx-dist-tests-source-files.txt
+ stamps/junit-jnlp-dist-dirs netx-dist-tests-source-files.txt
$(BOOT_DIR)/bin/javac $(IT_JAVACFLAGS) \
-d $(JNLP_TESTS_ENGINE_DIR) \
-classpath $(JUNIT_JAR):$(NETX_DIR)/lib/classes.jar \
@@ -495,19 +518,22 @@
mkdir -p stamps && \
touch $@
-stamps/netx-dist-tests-compile-testcases.stamp: stamps/netx.stamp junit-jnlp-dist-dirs.txt\
+stamps/netx-dist-tests-compile-testcases.stamp: stamps/netx.stamp stamps/junit-jnlp-dist-dirs \
netx-dist-tests-source-files.txt stamps/netx-dist-tests-compile.stamp
- simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-dirs.txt `); \
- for dir in "$${simpleReproducers[@]}" ; do \
- $(BOOT_DIR)/bin/javac $(IT_JAVACFLAGS) \
- -d $(JNLP_TESTS_ENGINE_DIR) \
- -classpath $(JUNIT_JAR):$(NETX_DIR)/lib/classes.jar:$(JNLP_TESTS_ENGINE_DIR) \
- $(JNLP_TESTS_SRCDIR)/simple/$$dir/testcases/* ; \
+ types=(simple signed); \
+ for which in "$${types[@]}" ; do \
+ simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-$$which.txt `); \
+ for dir in "$${simpleReproducers[@]}" ; do \
+ $(BOOT_DIR)/bin/javac $(IT_JAVACFLAGS) \
+ -d $(JNLP_TESTS_ENGINE_DIR) \
+ -classpath $(JUNIT_JAR):$(NETX_DIR)/lib/classes.jar:$(JNLP_TESTS_ENGINE_DIR) \
+ $(JNLP_TESTS_SRCDIR)/$$which/$$dir/testcases/* ; \
+ done ; \
done ; \
mkdir -p stamps && \
touch $@
-run-netx-dist-tests: all-local stamps/netx.stamp junit-jnlp-dist-dirs.txt stamps/netx-dist-tests-prepare-reproducers.stamp \
+run-netx-dist-tests: all-local stamps/netx.stamp stamps/junit-jnlp-dist-dirs stamps/netx-dist-tests-sign-some-reproducers.stamp \
stamps/netx-dist-tests-compile.stamp stamps/netx-dist-tests-compile-testcases.stamp $(JUNIT_RUNNER_JAR) $(TESTS_DIR)/$(REPORT_STYLES_DIRNAME)
cd $(JNLP_TESTS_ENGINE_DIR) ; \
class_names= ; \
@@ -590,10 +616,14 @@
rm -rf $(JNLP_TESTS_DIR)
rm -rf $(JNLP_TESTS_SERVER_DEPLOYDIR)
rm -rf $(JNLP_TESTS_ENGINE_DIR)
+ rm -f stamps/junit-jnlp-dist-dirs
rm -f stamps/netx-dist-tests-compile.stamp
rm -f stamps/netx-dist-tests-prepare-reproducers.stamp
rm -f stamps/netx-dist-tests-compile-testcases.stamp
- rm -f junit-jnlp-dist-dirs.txt
+ rm -f stamps/netx-dist-tests-sign-some-reproducers.stamp
+ rm -f junit-jnlp-dist-simple.txt
+ rm -f junit-jnlp-dist-signed.txt
+ rm -f $(abs_top_builddir)/$(KEYSTORE_NAME)
# plugin tests
@@ -635,6 +665,20 @@
ln -sf $(JAR) $(BOOT_DIR)/bin/jar
ln -sf $(abs_top_builddir)/javac $(BOOT_DIR)/bin/javac
ln -sf $(JAVADOC) $(BOOT_DIR)/bin/javadoc
+ if [ -e "$(KEYTOOL)" ] ; then \
+ ln -sf $(KEYTOOL) $(BOOT_DIR)/bin/keytool ;\
+ else \
+ echo "#! /bin/sh" > $(BOOT_DIR)/bin/keytool ;\
+ echo "echo \"keytool not exist on your system\"" >> $(BOOT_DIR)/bin/keytool ;\
+ chmod 777 $(BOOT_DIR)/bin/keytool ;\
+ fi
+ if [ -e "$(JARSIGNER)" ] ; then \
+ ln -sf $(JARSIGNER) $(BOOT_DIR)/bin/jarsigner ;\
+ else \
+ echo "#! /bin/sh" > $(BOOT_DIR)/bin/jarsigner ;\
+ echo "echo \"jarsigner not exist on your system\"" >> $(BOOT_DIR)/bin/jarsigner ;\
+ chmod 777 $(BOOT_DIR)/bin/jarsigner ;\
+ fi
mkdir -p $(BOOT_DIR)/jre/lib && \
ln -s $(SYSTEM_JRE_DIR)/lib/rt.jar $(BOOT_DIR)/jre/lib && \
if [ -e $(SYSTEM_JRE_DIR)/lib/jsse.jar ] ; then \
diff -r e9a9792ee189 acinclude.m4
--- a/acinclude.m4 Thu Sep 15 15:27:40 2011 +0200
+++ b/acinclude.m4 Tue Sep 20 15:35:19 2011 +0200
@@ -655,6 +655,56 @@
AC_SUBST(JAVA)
])
+AC_DEFUN_ONCE([IT_FIND_KEYTOOL],
+[
+ AC_REQUIRE([IT_CHECK_FOR_JDK])
+ AC_MSG_CHECKING([for keytool])
+ AC_ARG_WITH([keytool],
+ [AS_HELP_STRING(--with-keytool,specify location of keytool for signed part of run-netx-dist)],
+ [
+ KEYTOOL="${withval}"
+ ],
+ [
+ KEYTOOL=${SYSTEM_JDK_DIR}/bin/keytool
+ ])
+ if ! test -f "${KEYTOOL}"; then
+ AC_PATH_PROG(KEYTOOL, keytool)
+ fi
+ if ! test -f "${KEYTOOL}"; then
+ KEYTOOL=""
+ fi
+ if test -z "${KEYTOOL}" ; then
+ AC_MSG_WARN("keytool not found so signed part of run-netx-dist will fail")
+ fi
+ AC_MSG_RESULT(${KEYTOOL})
+ AC_SUBST(KEYTOOL)
+])
+
+AC_DEFUN_ONCE([IT_FIND_JARSIGNER],
+[
+ AC_REQUIRE([IT_CHECK_FOR_JDK])
+ AC_MSG_CHECKING([for jarsigner])
+ AC_ARG_WITH([jarsigner],
+ [AS_HELP_STRING(--with-jarsigner,specify location of jarsigner for signed part od run-netx-dist)],
+ [
+ JARSIGNER="${withval}"
+ ],
+ [
+ JARSIGNER=${SYSTEM_JDK_DIR}/bin/jarsigner
+ ])
+ if ! test -f "${JARSIGNER}"; then
+ AC_PATH_PROG(JARSIGNER, jarsigner,"")
+ fi
+ if ! test -f "${JARSIGNER}"; then
+ JARSIGNER=""
+ fi
+ if test -z "${JARSIGNER}"; then
+ AC_MSG_WARN("jarsigner not found so signed part of run-netx-dist will fail")
+ fi
+ AC_MSG_RESULT(${JARSIGNER})
+ AC_SUBST(JARSIGNER)
+])
+
AC_DEFUN([IT_FIND_JAVADOC],
[
AC_REQUIRE([IT_CHECK_FOR_JDK])
diff -r e9a9792ee189 configure.ac
--- a/configure.ac Thu Sep 15 15:27:40 2011 +0200
+++ b/configure.ac Tue Sep 20 15:35:19 2011 +0200
@@ -33,6 +33,8 @@
FIND_JAR
FIND_ECJ_JAR
IT_FIND_JAVADOC
+IT_FIND_KEYTOOL
+IT_FIND_JARSIGNER
AC_CONFIG_FILES([javac], [chmod +x javac])
IT_SET_VERSION
diff -r e9a9792ee189 netx/net/sourceforge/jnlp/runtime/Boot.java
--- a/netx/net/sourceforge/jnlp/runtime/Boot.java Thu Sep 15 15:27:40 2011 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/Boot.java Tue Sep 20 15:35:19 2011 +0200
@@ -156,6 +156,9 @@
if (null != getOption("-Xnofork")) {
JNLPRuntime.setForksAllowed(false);
}
+ if (null != getOption("-Xtrustall")) {
+ JNLPRuntime.setTrustAll(true);
+ }
JNLPRuntime.setInitialArgments(Arrays.asList(argsIn));
diff -r e9a9792ee189 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Thu Sep 15 15:27:40 2011 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Tue Sep 20 15:35:19 2011 +0200
@@ -755,6 +755,9 @@
}
private void checkTrustWithUser(JarSigner js) throws LaunchException {
+ if (JNLPRuntime.isTrustAll()){
+ return;
+ }
if (!js.getRootInCacerts()) { //root cert is not in cacerts
boolean b = SecurityDialogs.showCertWarningDialog(
AccessType.UNVERIFIED, file, js);
diff -r e9a9792ee189 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Thu Sep 15 15:27:40 2011 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Tue Sep 20 15:35:19 2011 +0200
@@ -123,6 +123,9 @@
/** set to false to indicate another JVM should not be spawned, even if necessary */
private static boolean forksAllowed = true;
+ /** all security dialogs will be consumed and pretented as beeing verified by user and allowed.*/
+ private static boolean trustAll=false;
+
/** contains the arguments passed to the jnlp runtime */
private static List<String> initialArguments;
@@ -132,6 +135,7 @@
public static final String STDERR_FILE = "java.stderr";
public static final String STDOUT_FILE = "java.stdout";
+
/**
* Returns whether the JNLP runtime environment has been
* initialized. Once initialized, some properties such as the
@@ -732,4 +736,12 @@
}
}
+ static void setTrustAll(boolean b) {
+ trustAll=b;
+ }
+
+ public static boolean isTrustAll() {
+ return trustAll;
+ }
+
}
diff -r e9a9792ee189 netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java
--- a/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Thu Sep 15 15:27:40 2011 +0200
+++ b/netx/net/sourceforge/jnlp/security/VariableX509TrustManager.java Tue Sep 20 15:35:19 2011 +0200
@@ -53,6 +53,7 @@
import sun.security.validator.ValidatorException;
import com.sun.net.ssl.internal.ssl.X509ExtendedTrustManager;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
import net.sourceforge.jnlp.security.SecurityDialogs.AccessType;
@@ -382,6 +383,9 @@
private boolean askUser(X509Certificate[] chain, String authType,
boolean isTrusted, boolean hostMatched,
String hostName) {
+ if (JNLPRuntime.isTrustAll()){
+ return true;
+ }
return SecurityDialogs.showCertWarningDialog(
AccessType.UNVERIFIED, null,
new HttpsCertVerifier(this, chain, authType,
diff -r e9a9792ee189 tests/jnlp_tests/README
--- a/tests/jnlp_tests/README Thu Sep 15 15:27:40 2011 +0200
+++ b/tests/jnlp_tests/README Tue Sep 20 15:35:19 2011 +0200
@@ -1,2 +1,3 @@
Each file in directory simple must follows naming convention and is compiled/jared automatically into server's working directory and content of resources likewise. The name of jnlp is independent, and there can be even more jnlps for each future jar. Directories should be honored in srcs and in resources, but noty in testcases.
+Directory signed is handling its content in similar way as simle's content is handled, but in addition final jars are signed with simple testkey.
Files in advanced directory have to care about themselves, but even those can have some parts inside simple directory, so some parts of them are processed automatically. There are three reproducers – simpletest1, simpletest2 and deadlocktest, which tests test’s suite itself and serve as examples of behaviour.
diff -r e9a9792ee189 tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp Tue Sep 20 15:35:19 2011 +0200
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0"
+ codebase="./"
+ href="ReadPropertiesBySignedHack.jnlp">
+ <information>
+ <title>read properties using System.getenv()</title>
+ </information>
+ <resources>
+ <jar href="ReadPropertiesBySignedHack.jar" main="true"/>
+ <jar href="ReadProperties.jar" main="false" download="lazy"/>
+ </resources>
+ <application-desc main-class="ReadPropertiesBySignedHack">
+ <argument>user.name</argument>
+ </application-desc>
+ <security>
+ <all-permissions/>
+ </security>
+</jnlp>
diff -r e9a9792ee189 tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java Tue Sep 20 15:35:19 2011 +0200
@@ -0,0 +1,63 @@
+/* ReadPropertiesSigned.java
+Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+import java.lang.reflect.*;
+
+public class ReadPropertiesBySignedHack {
+
+/**
+*some system property is expected as arg[0], eg user.name or user.home
+*/
+ public static void main(String[] args) throws Throwable {
+ //security manager is not protecting us from accessing classes from
+ //net.sourceforge.jnlp.runtime via reflection
+ Class c2= Class.forName("net.sourceforge.jnlp.runtime.JNLPRuntime");
+ Field f2 = c2.getDeclaredField("trustAll");
+ f2.setAccessible(true);
+ f2.setBoolean(null, true);
+ Method m2=c2.getDeclaredMethod("setTrustAll",Boolean.TYPE);
+ m2.setAccessible(true);
+ m2.invoke((Object) null, true );
+ //but security manager is guarding us against lunching unsigned code
+ //from signed archvive even if Xtrustall is on.
+ Class c1= Class.forName("ReadProperties");
+ Method m1=c1.getDeclaredMethod("main",args.getClass());
+ m1.invoke((Object) null, (Object)args);
+ }
+
+
+
+}
diff -r e9a9792ee189 tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java Tue Sep 20 15:35:19 2011 +0200
@@ -0,0 +1,76 @@
+/* ReadPropertiesSignedTest.java
+Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import net.sourceforge.jnlp.ServerAccess;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class ReadPropertiesBySignedHackTest {
+
+ private static ServerAccess server = new ServerAccess();
+ private final List<String> l;
+
+
+ public ReadPropertiesBySignedHackTest() {
+ List<String> ll=new ArrayList<String>(1);
+ ll.add("-Xtrustall");
+ l=Collections.unmodifiableList(ll);
+ }
+
+
+ @Test
+ public void ReadPropertiesBySignedHackWithjoutXtrustAll() throws Exception {
+ //no request for permissions
+ System.out.println("connecting ReadPropertiesBySignedHack request");
+ System.err.println("connecting ReadPropertiesBySignedHack request");
+ ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadPropertiesBySignedHack.jnlp");
+ System.out.println(pr.stdout);
+ System.err.println(pr.stderr);
+ String s="java.lang.SecurityException: class \"ReadProperties\"'s signer information does not match signer information of other classes in the same package";
+ Assert.assertTrue("Stderr should contains "+s+" but did not",pr.stderr.contains(s));
+ String ss="ClassNotFoundException";
+ Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss));
+ Assert.assertTrue("stdout lenght should be <2 but was "+pr.stdout.length(),pr.stdout.length()<2); // /home/user or /root or eanything else :(
+ Assert.assertFalse("should not be terminated but was",pr.wasTerminated);
+ Assert.assertEquals((Integer)0, pr.returnValue);
+ }
+
+ }
diff -r e9a9792ee189 tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned1.jnlp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned1.jnlp Tue Sep 20 15:35:19 2011 +0200
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0"
+ codebase="./"
+ href="ReadPropertiesSigned1.jnlp">
+ <information>
+ <title>read properties using System.getenv()</title>
+ </information>
+ <resources>
+ <jar href="ReadPropertiesSigned.jar" main="true"/>
+ </resources>
+ <application-desc main-class="ReadPropertiesSigned">
+ <argument>user.name</argument>
+ </application-desc>
+</jnlp>
diff -r e9a9792ee189 tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned2.jnlp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned2.jnlp Tue Sep 20 15:35:19 2011 +0200
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0"
+ codebase="./"
+ href="ReadPropertiesSigned2.jnlp">
+ <information>
+ <title>read properties using System.getenv()</title>
+ </information>
+ <resources>
+ <jar href="ReadPropertiesSigned.jar" main="true"/>
+ </resources>
+ <application-desc main-class="ReadPropertiesSigned">
+ <argument>user.name</argument>
+ </application-desc>
+ <security>
+ <all-permissions/>
+ </security>
+</jnlp>
diff -r e9a9792ee189 tests/jnlp_tests/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/jnlp_tests/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java Tue Sep 20 15:35:19 2011 +0200
@@ -0,0 +1,45 @@
+/* ReadPropertiesSigned.java
+Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+public class ReadPropertiesSigned {
+
+/**
+*some system property is expected as arg[0], eg user.name or user.home
+*/
+ public static void main(String[] args) {
+ System.out.println(System.getProperty(args[0]));
+ }
+}
diff -r e9a9792ee189 tests/jnlp_tests/signed/ReadPropertiesSigned/testcases/ReadPropertiesSignedTest.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/jnlp_tests/signed/ReadPropertiesSigned/testcases/ReadPropertiesSignedTest.java Tue Sep 20 15:35:19 2011 +0200
@@ -0,0 +1,112 @@
+/* ReadPropertiesSignedTest.java
+Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import net.sourceforge.jnlp.ServerAccess;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class ReadPropertiesSignedTest {
+
+ private static ServerAccess server = new ServerAccess();
+ private final List<String> l;
+
+
+ public ReadPropertiesSignedTest() {
+ List<String> ll=new ArrayList<String>(1);
+ ll.add("-Xtrustall");
+ l=Collections.unmodifiableList(ll);
+ }
+
+
+ @Test
+ public void ReadSignedPropertiesWithoutPermissionsWithXtrustAll() throws Exception {
+ //no request for permissions
+ System.out.println("connecting ReadPropertiesSigned1 request");
+ System.err.println("connecting ReadPropertiesSigned1 request");
+ ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadPropertiesSigned1.jnlp");
+ System.out.println(pr.stdout);
+ System.err.println(pr.stderr);
+ String s="java.security.AccessControlException: access denied (java.util.PropertyPermission user.name read)";
+ Assert.assertTrue("Stderr should contains "+s+" but did not",pr.stderr.contains(s));
+ String ss="ClassNotFoundException";
+ Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss));
+ Assert.assertTrue("stdout lenght should be <2 but was "+pr.stdout.length(),pr.stdout.length()<2); // /home/user or /root or eanything else :(
+ Assert.assertFalse("should not be terminated but was",pr.wasTerminated);
+ Assert.assertEquals((Integer)0, pr.returnValue);
+ }
+
+ @Test
+ public void ReadSignedPropertiesWithPermissionsWithXtrustAll() throws Exception {
+ //request for allpermissions
+ System.out.println("connecting ReadPropertiesSigned2 request");
+ System.err.println("connecting ReadPropertiesSigned2 request");
+ ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadPropertiesSigned2.jnlp");
+ System.out.println(pr.stdout);
+ System.err.println(pr.stderr);
+ String s="java.security.AccessControlException: access denied (java.util.PropertyPermission user.name read)";
+ Assert.assertFalse("Stderr should NOT contains "+s+" but did",pr.stderr.contains(s));
+ String ss="ClassNotFoundException";
+ Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss));
+ Assert.assertTrue("stdout lenght should be >= but was "+pr.stdout.length(),pr.stdout.length()>=4); // /home/user or /root or eanything else :(
+ Assert.assertFalse("should not be terminated but was",pr.wasTerminated);
+ Assert.assertEquals((Integer)0, pr.returnValue);
+ }
+
+ @Test
+ public void EnsureXtrustallNotAffectingUnsignedBehaviour() throws Exception {
+ System.err.println("connecting ReadPropertiesSigned3 request");
+ System.out.println("connecting ReadPropertiesSigned3 request");
+ ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadProperties1.jnlp");
+ System.out.println(pr.stdout);
+ System.err.println(pr.stderr);
+ String s="java.security.AccessControlException: access denied (java.util.PropertyPermission user.name read)";
+ Assert.assertTrue(pr.stderr.contains(s));
+ String ss="ClassNotFoundException";
+ Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss));
+ Assert.assertFalse("stdout lenght should not be >2 but was "+pr.stdout.length(),pr.stdout.length()>2);
+ Assert.assertFalse("should not be terminated but was",pr.wasTerminated);
+ Assert.assertEquals((Integer)0, pr.returnValue);
+ ServerAccess.ProcessResult pr2=server.executeJavawsHeadless(null,"/ReadProperties1.jnlp");
+ Assert.assertEquals(pr.stderr, pr2.stderr);
+ Assert.assertEquals(pr.stdout, pr2.stdout);
+
+ }
+ }
diff -r e9a9792ee189 tests/jnlp_tests/simple/ReadProperties/srcs/ReadProperties.java
--- a/tests/jnlp_tests/simple/ReadProperties/srcs/ReadProperties.java Thu Sep 15 15:27:40 2011 +0200
+++ b/tests/jnlp_tests/simple/ReadProperties/srcs/ReadProperties.java Tue Sep 20 15:35:19 2011 +0200
@@ -40,6 +40,6 @@
*some system property is expected as arg[0], eg user.name or user.home
*/
public static void main(String[] args) {
- System.getProperty(args[0]);
+ System.out.println(System.getProperty(args[0]));
}
}
-------------- next part --------------
diff -r e9a9792ee189 Makefile.am
--- a/Makefile.am Thu Sep 15 15:27:40 2011 +0200
+++ b/Makefile.am Tue Sep 20 12:07:29 2011 +0200
@@ -22,6 +22,7 @@
JNLP_TESTS_ENGINE_DIR=$(TESTS_DIR)/netx/jnlp_testsengine
JNLP_TESTS_SERVER_DEPLOYDIR=$(TESTS_DIR)/jnlp_test_server
JNLP_TESTS_DIR=$(TESTS_DIR)/jnlp_tests
+KEYSTORE_NAME=teststore.ks
JUNIT_RUNNER_JAR=$(abs_top_builddir)/junit-runner.jar
@@ -455,39 +456,61 @@
@junit-runner-source-files.txt && \
$(BOOT_DIR)/bin/jar cf $@ -C $(JUNIT_RUNNER_DIR) .
-junit-jnlp-dist-dirs.txt:
+stamps/junit-jnlp-dist-dirs: junit-jnlp-dist-simple.txt junit-jnlp-dist-signed.txt
mkdir -p $(JNLP_TESTS_SERVER_DEPLOYDIR)
mkdir -p $(JNLP_TESTS_DIR)
mkdir -p $(JNLP_TESTS_ENGINE_DIR)
+ touch $@
+
+junit-jnlp-dist-simple.txt:
cd $(JNLP_TESTS_SRCDIR)/simple/ ; \
find . -maxdepth 1 -mindepth 1 | sed "s/.\/*//" > $(abs_top_builddir)/$@
-stamps/netx-dist-tests-prepare-reproducers.stamp: junit-jnlp-dist-dirs.txt
- simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-dirs.txt `); \
- for dir in "$${simpleReproducers[@]}" ; do \
- echo "processing: $$dir" ; \
- mkdir -p $(JNLP_TESTS_DIR)/$$dir ; \
- d=`pwd` ; \
- cd $(JNLP_TESTS_SRCDIR)/simple/$$dir/srcs/ ; \
- srcFiles=`find . -mindepth 1 -type f -name "*.java" | sed "s/.\/*//"` ; \
- notSrcFiles=`find . -mindepth 1 -type f \! -name "*.java" | sed "s/.\/*//"` ; \
- $(BOOT_DIR)/bin/javac -d $(JNLP_TESTS_DIR)/$$dir/ $$srcFiles ; \
- if [ -n "$$notSrcFiles" ] ; then \
- cp -R --parents $$notSrcFiles $(JNLP_TESTS_DIR)/$$dir/ ; \
- fi ; \
- cd $(JNLP_TESTS_DIR)/$$dir/ ; \
- $(BOOT_DIR)/bin/jar cf $(JNLP_TESTS_SERVER_DEPLOYDIR)/$$dir.jar * ; \
- cd $$d ; \
- cp -R $(JNLP_TESTS_SRCDIR)/simple/$$dir/resources/* $(JNLP_TESTS_SERVER_DEPLOYDIR)/ ; \
+junit-jnlp-dist-signed.txt:
+ cd $(JNLP_TESTS_SRCDIR)/signed/ ; \
+ find . -maxdepth 1 -mindepth 1 | sed "s/.\/*//" > $(abs_top_builddir)/$@
+
+stamps/netx-dist-tests-prepare-reproducers.stamp: stamps/junit-jnlp-dist-dirs
+ types=(simple signed); \
+ for which in "$${types[@]}" ; do \
+ simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-$$which.txt `); \
+ for dir in "$${simpleReproducers[@]}" ; do \
+ echo "processing: $$dir" ; \
+ mkdir -p $(JNLP_TESTS_DIR)/$$dir ; \
+ d=`pwd` ; \
+ cd $(JNLP_TESTS_SRCDIR)/$$which/$$dir/srcs/ ; \
+ srcFiles=`find . -mindepth 1 -type f -name "*.java" | sed "s/.\/*//"` ; \
+ notSrcFiles=`find . -mindepth 1 -type f \! -name "*.java" | sed "s/.\/*//"` ; \
+ $(BOOT_DIR)/bin/javac -d $(JNLP_TESTS_DIR)/$$dir/ $$srcFiles ; \
+ if [ -n "$$notSrcFiles" ] ; then \
+ cp -R --parents $$notSrcFiles $(JNLP_TESTS_DIR)/$$dir/ ; \
+ fi ; \
+ cd $(JNLP_TESTS_DIR)/$$dir/ ; \
+ $(BOOT_DIR)/bin/jar cf $(JNLP_TESTS_SERVER_DEPLOYDIR)/$$dir.jar * ; \
+ cd $$d ; \
+ cp -R $(JNLP_TESTS_SRCDIR)/$$which/$$dir/resources/* $(JNLP_TESTS_SERVER_DEPLOYDIR)/ ; \
+ done ; \
done ; \
mkdir -p stamps && \
touch $@
+stamps/netx-dist-tests-sign-some-reproducers.stamp: stamps/netx-dist-tests-prepare-reproducers.stamp
+ alias=icedteaweb; \
+ keystore=$(abs_top_builddir)/$(KEYSTORE_NAME); \
+ pass=123456789; \
+ $(BOOT_DIR)/bin/keytool -genkey -alias $$alias -keystore $$keystore -keypass $$pass -storepass $$pass -dname "cn=$$alias, ou=$$alias, o=$$alias, c=$$alias" ; \
+ signedReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-signed.txt `); \
+ for dir in "$${signedReproducers[@]}" ; do \
+ $(BOOT_DIR)/bin/jarsigner -keystore $$keystore -storepass $$pass -keypass $$pass $(JNLP_TESTS_SERVER_DEPLOYDIR)/$$dir.jar $$alias ; \
+ done ; \
+ mkdir -p stamps && \
+ touch $@
+
netx-dist-tests-source-files.txt:
find $(JNLP_TESTS_ENGINE_SRCDIR) -name '*.java' | sort > $@
stamps/netx-dist-tests-compile.stamp: stamps/netx.stamp \
- junit-jnlp-dist-dirs.txt netx-dist-tests-source-files.txt
+ stamps/junit-jnlp-dist-dirs netx-dist-tests-source-files.txt
$(BOOT_DIR)/bin/javac $(IT_JAVACFLAGS) \
-d $(JNLP_TESTS_ENGINE_DIR) \
-classpath $(JUNIT_JAR):$(NETX_DIR)/lib/classes.jar \
@@ -495,19 +518,22 @@
mkdir -p stamps && \
touch $@
-stamps/netx-dist-tests-compile-testcases.stamp: stamps/netx.stamp junit-jnlp-dist-dirs.txt\
+stamps/netx-dist-tests-compile-testcases.stamp: stamps/netx.stamp stamps/junit-jnlp-dist-dirs \
netx-dist-tests-source-files.txt stamps/netx-dist-tests-compile.stamp
- simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-dirs.txt `); \
- for dir in "$${simpleReproducers[@]}" ; do \
- $(BOOT_DIR)/bin/javac $(IT_JAVACFLAGS) \
- -d $(JNLP_TESTS_ENGINE_DIR) \
- -classpath $(JUNIT_JAR):$(NETX_DIR)/lib/classes.jar:$(JNLP_TESTS_ENGINE_DIR) \
- $(JNLP_TESTS_SRCDIR)/simple/$$dir/testcases/* ; \
+ types=(simple signed); \
+ for which in "$${types[@]}" ; do \
+ simpleReproducers=(`cat $(abs_top_builddir)/junit-jnlp-dist-$$which.txt `); \
+ for dir in "$${simpleReproducers[@]}" ; do \
+ $(BOOT_DIR)/bin/javac $(IT_JAVACFLAGS) \
+ -d $(JNLP_TESTS_ENGINE_DIR) \
+ -classpath $(JUNIT_JAR):$(NETX_DIR)/lib/classes.jar:$(JNLP_TESTS_ENGINE_DIR) \
+ $(JNLP_TESTS_SRCDIR)/$$which/$$dir/testcases/* ; \
+ done ; \
done ; \
mkdir -p stamps && \
touch $@
-run-netx-dist-tests: all-local stamps/netx.stamp junit-jnlp-dist-dirs.txt stamps/netx-dist-tests-prepare-reproducers.stamp \
+run-netx-dist-tests: all-local stamps/netx.stamp stamps/junit-jnlp-dist-dirs stamps/netx-dist-tests-sign-some-reproducers.stamp \
stamps/netx-dist-tests-compile.stamp stamps/netx-dist-tests-compile-testcases.stamp $(JUNIT_RUNNER_JAR) $(TESTS_DIR)/$(REPORT_STYLES_DIRNAME)
cd $(JNLP_TESTS_ENGINE_DIR) ; \
class_names= ; \
@@ -590,10 +616,14 @@
rm -rf $(JNLP_TESTS_DIR)
rm -rf $(JNLP_TESTS_SERVER_DEPLOYDIR)
rm -rf $(JNLP_TESTS_ENGINE_DIR)
+ rm -f stamps/junit-jnlp-dist-dirs
rm -f stamps/netx-dist-tests-compile.stamp
rm -f stamps/netx-dist-tests-prepare-reproducers.stamp
rm -f stamps/netx-dist-tests-compile-testcases.stamp
- rm -f junit-jnlp-dist-dirs.txt
+ rm -f stamps/netx-dist-tests-sign-some-reproducers.stamp
+ rm -f junit-jnlp-dist-simple.txt
+ rm -f junit-jnlp-dist-signed.txt
+ rm -f $(abs_top_builddir)/$(KEYSTORE_NAME)
# plugin tests
@@ -635,6 +665,20 @@
ln -sf $(JAR) $(BOOT_DIR)/bin/jar
ln -sf $(abs_top_builddir)/javac $(BOOT_DIR)/bin/javac
ln -sf $(JAVADOC) $(BOOT_DIR)/bin/javadoc
+ if [ -e "$(KEYTOOL)" ] ; then \
+ ln -sf $(KEYTOOL) $(BOOT_DIR)/bin/keytool ;\
+ else \
+ echo "#! /bin/sh" > $(BOOT_DIR)/bin/keytool ;\
+ echo "echo \"keytool not exist on your system\"" >> $(BOOT_DIR)/bin/keytool ;\
+ chmod 777 $(BOOT_DIR)/bin/keytool ;\
+ fi
+ if [ -e "$(JARSIGNER)" ] ; then \
+ ln -sf $(JARSIGNER) $(BOOT_DIR)/bin/jarsigner ;\
+ else \
+ echo "#! /bin/sh" > $(BOOT_DIR)/bin/jarsigner ;\
+ echo "echo \"jarsigner not exist on your system\"" >> $(BOOT_DIR)/bin/jarsigner ;\
+ chmod 777 $(BOOT_DIR)/bin/jarsigner ;\
+ fi
mkdir -p $(BOOT_DIR)/jre/lib && \
ln -s $(SYSTEM_JRE_DIR)/lib/rt.jar $(BOOT_DIR)/jre/lib && \
if [ -e $(SYSTEM_JRE_DIR)/lib/jsse.jar ] ; then \
diff -r e9a9792ee189 acinclude.m4
--- a/acinclude.m4 Thu Sep 15 15:27:40 2011 +0200
+++ b/acinclude.m4 Tue Sep 20 15:35:19 2011 +0200
@@ -655,6 +655,56 @@
AC_SUBST(JAVA)
])
+AC_DEFUN_ONCE([IT_FIND_KEYTOOL],
+[
+ AC_REQUIRE([IT_CHECK_FOR_JDK])
+ AC_MSG_CHECKING([for keytool])
+ AC_ARG_WITH([keytool],
+ [AS_HELP_STRING(--with-keytool,specify location of keytool for signed part of run-netx-dist)],
+ [
+ KEYTOOL="${withval}"
+ ],
+ [
+ KEYTOOL=${SYSTEM_JDK_DIR}/bin/keytool
+ ])
+ if ! test -f "${KEYTOOL}"; then
+ AC_PATH_PROG(KEYTOOL, keytool)
+ fi
+ if ! test -f "${KEYTOOL}"; then
+ KEYTOOL=""
+ fi
+ if test -z "${KEYTOOL}" ; then
+ AC_MSG_WARN("keytool not found so signed part of run-netx-dist will fail")
+ fi
+ AC_MSG_RESULT(${KEYTOOL})
+ AC_SUBST(KEYTOOL)
+])
+
+AC_DEFUN_ONCE([IT_FIND_JARSIGNER],
+[
+ AC_REQUIRE([IT_CHECK_FOR_JDK])
+ AC_MSG_CHECKING([for jarsigner])
+ AC_ARG_WITH([jarsigner],
+ [AS_HELP_STRING(--with-jarsigner,specify location of jarsigner for signed part od run-netx-dist)],
+ [
+ JARSIGNER="${withval}"
+ ],
+ [
+ JARSIGNER=${SYSTEM_JDK_DIR}/bin/jarsigner
+ ])
+ if ! test -f "${JARSIGNER}"; then
+ AC_PATH_PROG(JARSIGNER, jarsigner,"")
+ fi
+ if ! test -f "${JARSIGNER}"; then
+ JARSIGNER=""
+ fi
+ if test -z "${JARSIGNER}"; then
+ AC_MSG_WARN("jarsigner not found so signed part of run-netx-dist will fail")
+ fi
+ AC_MSG_RESULT(${JARSIGNER})
+ AC_SUBST(JARSIGNER)
+])
+
diff -r e9a9792ee189 configure.ac
--- a/configure.ac Thu Sep 15 15:27:40 2011 +0200
+++ b/configure.ac Tue Sep 20 15:35:19 2011 +0200
@@ -33,6 +33,8 @@
FIND_JAR
FIND_ECJ_JAR
IT_FIND_JAVADOC
+IT_FIND_KEYTOOL
+IT_FIND_JARSIGNER
AC_CONFIG_FILES([javac], [chmod +x javac])
IT_SET_VERSION
diff -r e9a9792ee189 tests/jnlp_tests/README
--- a/tests/jnlp_tests/README Thu Sep 15 15:27:40 2011 +0200
+++ b/tests/jnlp_tests/README Tue Sep 20 12:07:29 2011 +0200
@@ -1,2 +1,3 @@
Each file in directory simple must follows naming convention and is compiled/jared automatically into server's working directory and content of resources likewise. The name of jnlp is independent, and there can be even more jnlps for each future jar. Directories should be honored in srcs and in resources, but noty in testcases.
+Directory signed is handling its content in similar way as simle's content is handled, but in addition final jars are signed with simple testkey.
Files in advanced directory have to care about themselves, but even those can have some parts inside simple directory, so some parts of them are processed automatically. There are three reproducers – simpletest1, simpletest2 and deadlocktest, which tests test’s suite itself and serve as examples of behaviour.
More information about the distro-pkg-dev
mailing list