[rfc][icedtea-web] reproducer for pr822 (I hope)

Jiri Vanek jvanek at redhat.com
Wed Aug 8 03:51:52 PDT 2012 

ping?



updated for latest states:

2012-05-30  Jiri Vanek  <jvanek at redhat.com>

	Added reproducer fro multiple signatures (and PR822)
	* Makefile.am: SIGNED_REPRODUCERS growth for signed2 directory
	* tests/reproducers/signed2/MultipleSignaturesTest/*: test for launching
	application containing two signed - each by different certificate - jars
	and different signatures are applied on different packages
	* tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest.html:
	* tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1.jnlp:
	* tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1_requesting.jnlp
	* tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest2.jnlp:
	* 
tests/reproducers/signed2/MultipleSignaturesTest/srcs/somecrazytestpackage/MultipleSignaturesTest.java:
	* tests/reproducers/signed2/MultipleSignaturesTest/testcases/MultipleSignaturesTestTests.java:
	* tests/reproducers/signed2/MultipleSignaturesTestSamePackage/*: test for launching
	application containing two signed - each by different certificate - jars
	but different signatures are applied on same packages
	* 
tests/reproducers/signed2/MultipleSignaturesTestSamePackage/resources/MultipleSignaturesTest1_SamePackage.jnlp:
	* 
tests/reproducers/signed2/MultipleSignaturesTestSamePackage/resources/MultipleSignaturesTest1_SamePackage_requesting.jnlp
	* 
tests/reproducers/signed2/MultipleSignaturesTestSamePackage/resources/MultipleSignaturesTest2_SamePackage.jnlp:
	* 
tests/reproducers/signed2/MultipleSignaturesTestSamePackage/resources/MultipleSignaturesTest_SamePackage.html:
	* 
tests/reproducers/signed2/MultipleSignaturesTestSamePackage/srcs/MultipleSignaturesTestSamePackage.java:
	* 
tests/reproducers/signed2/MultipleSignaturesTestSamePackage/testcases/MultipleSignaturesTestTestsSamePackage.java:
	* tests/test-extensions/net/sourceforge/jnlp/ServerAccess.java:
	introduced VERBOSE_OPTION with "-verbose" value


On 05/30/2012 06:20 PM, Jiri Vanek wrote:
> Hi!
>
> This reproducer is trying to lunch application/applet consisted from two jars, each signed by
> different signature.
>
> Applets are behaving correctly - are launched when packages are signed differently.
> jnlp application donot:
> a) when
>    <security>
>      <all-permissions/>
>    </security>
> is included in jnlp, then it dies with "jars are not signed exception"
> b) when the
>    <security>
>      <all-permissions/>
>    </security>
> is missing then restricted code is allowed (in case of same package it dies correctly with
> "different signatures for package" exception.
>
> I consider both a and b as incorrect, but we can live with b until a is fixed.
>
> So the last test method of both testcases should be @KnownToFail :)
>
> btw I'm not sure if this is representing pr822 but i guess it is.
>
> 8 new tests - two of them failing.
>
> Thanx in advice
>   J.
>
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: MultipleSignaturesReprodcuer2.diff
Type: text/x-patch
Size: 41398 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120808/ac3b3ea6/MultipleSignaturesReprodcuer2.diff

More information about the distro-pkg-dev mailing list