[RFC][icedtea-web]: Fix for PR1040, PR1041, PR1042 w/ reproducers

Adam Domurad adomurad at redhat.com
Tue Jul 3 12:52:33 PDT 2012 

Thanks, looks good :) 
Reproducers & bugfixes OK for HEAD.
Remember to fix my little nitpick with the bugfix patch though :).

Cheers, Adam.

On Fri, 2012-06-29 at 15:57 -0400, Saad Mohammad wrote:
> Hi Adam,
> 
> Thanks for looking over the reproducers. I attached the new patch with 
> the Changelog.
> 
> On 06/28/2012 04:07 PM, Adam Domurad wrote:
> > Hi Saad. I think I would still prefer the at least ExtensionJnlp1-5.jnlp
> > be given unique names.
> I renamed all the jnlp files. Sorry for all the confusion, hopefully 
> it's much more legible now.
> [snip]
> >> +public class ExtensionJnlpTest {
> >> +
> >> +    private static ServerAccess server = new ServerAccess();
> >> +    private final List<String> l =
> >> Collections.unmodifiableList(Arrays.asList(new String[]
> >> { "-Xtrustall" }));
> >> +    private final String jarOutput = "Running SignedJarResource..";
> >> +    private final String signedJnlpException =
> >> "net.sourceforge.jnlp.LaunchException: Fatal: Application Error:"
> >> +            + "The signed JNLP file did not match the launching JNLP
> >> file. Missing Resource: Signed Application "
> >> +            + "did not match launching JNLP File";
> >> +
> >> +    @Test
> >> +    public void checkingForRequiredResources() throws Exception {
> >> +        ServerAccess.ProcessResult pr =
> >> server.executeJavawsHeadless(l, "/ExtensionJnlp4.jnlp");
> >> +        Assert.assertTrue("Could not locate SignedJarResource",
> >> pr.stdout.contains(jarOutput));
> > Theoretically the reproducer could locate SignedJarResource & still
> > break this assert.
> >> +
> >> +        String s = "Running SignedJnlpResource..";
> >> +        pr = server.executeJavawsHeadless(l, "/ExtensionJnlp5.jnlp");
> >> +        Assert.assertTrue("Could not locate SignedJnlpResource",
> >> pr.stdout.contains(s));
> > As above
> I changed the assert message to a much precise explanation.
> [snip]
> >> a/tests/jnlp_tests/signed/SignedJnlpResource/resources/SignedJnlpResource1.jnlp b/tests/jnlp_tests/signed/SignedJnlpResource/resources/SignedJnlpResource1.jnlp
> >> new file mode 100644
> >> --- /dev/null
> >> +++
> >> b/tests/jnlp_tests/signed/SignedJnlpResource/resources/SignedJnlpResource1.jnlp
> >> @@ -0,0 +1,62 @@
> >> +<!--
> >> +
> >> +This file is part of IcedTea.
> >> +
> >> +IcedTea is free software; you can redistribute it and/or modify
> >> +it under the terms of the GNU General Public License as published by
> >> +the Free Software Foundation; either version 2, or (at your option)
> >> +any later version.
> >> +
> >> +IcedTea is distributed in the hope that it will be useful, but
> >> +WITHOUT ANY WARRANTY; without even the implied warranty of
> >> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> >> +General Public License for more details.
> >> +
> >> +You should have received a copy of the GNU General Public License
> >> +along with IcedTea; see the file COPYING.  If not, write to the
> >> +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
> >> Boston, MA
> >> +02110-1301 USA.
> >> +
> >> +Linking this library statically or dynamically with other modules is
> >> +making a combined work based on this library.  Thus, the terms and
> >> +conditions of the GNU General Public License cover the whole
> >> +combination.
> >> +
> >> +As a special exception, the copyright holders of this library give
> >> you
> >> +permission to link this library with independent modules to produce
> >> an
> >> +executable, regardless of the license terms of these independent
> >> +modules, and to copy and distribute the resulting executable under
> >> +terms of your choice, provided that you also meet, for each linked
> >> +independent module, the terms and conditions of the license of that
> >> +module.  An independent module is a module which is not derived from
> >> +or based on this library.  If you modify this library, you may extend
> >> +this exception to your version of the library, but you are not
> >> +obligated to do so.  If you do not wish to do so, delete this
> >> +exception statement from your version.
> >> +
> >> +***********************************************************************
> >> +This file is used as an extension jnlp for the launching jnlp's
> >> resource - contains main within
> >> +SignedJnlpResource.jar which does not match the signed jnlp
> >> +***********************************************************************
> > Can you explain the difference between this file and
> > SignedJnlpResource2.jnlp ? I don't really understand what the comment
> > means by 'does not match the signed jnlp."
> 
> SignedJnlpResource1.jnlp has been renamed to 'UnmatchingSignedJnlpExtension.jnlp'.
> SignedJnlpResource2.jnlp has been renamed to 'MatchingSignedJnlpExtension.jnlp'.
> 
> As you can tell by the filename, the difference between the two files is basically, one is matching the signed jnlp and the other one is not.
> 
> A signed jnlp file is located in JNLP-INF/(ApplicationTemplate.jnlp|Application.jnlp) within the jar with the main class. In this case its JNLP-INF/APPLICATION_TEMPLATE.jnlp. When a signed jnlp file is located, it gets compared to the launching jnlp file (the file that contains the main jar as its resource). If the two files 'match' all attributes and values, it continues the launch of the application, otherwise it will abort the launch with a  SignedJnlp exception thrown.
> 
> So coming back to your question, when UnmatchingSignedJnlpExtension is launched, an exception is thrown and the launch is aborted. When MatchingSignedJnlpExtension is called, the application runs normally since it matches the signed jnlp file.
> 
> If you want more information on how signed jnlp works, I would recommend reading some bits and pieces of <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-May/018788.html>. The thread also contains details directly from the specification.
> 
> 
> [snip]
> 
> Changelog:
> 
> 2012-06-29  Saad Mohammad  <smohammad at redhat.com>
> 
>      * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java:
>      (JNLPClassLoader): New constructor that accepts a parameter containing
>      the main class name.
>      (getInstance): Accepts mainName as parameter to override application's
>      main class name
>      (initializeExtensions): Passes in the name of the application's 
> main class
>      when creating a new JNLPClassLoader instance.
>      (initializeResources): If the loader owns no jars, it will consider
>      itself as signed if all of the extension loaders are signed. Also, 
> if the
>      extension jars have the main class, it will set foundMainJar to true.
>      (initializeResources): If the main class was not found, check if it was
>      found within the extension jars.
>      (checkForMain): Uses the overwritten main class name (if set) when
>      searching for the main within the jars.
>      (hasMainJar): Returns true if this loader holds the main jar.
>      (hasMainInExtensions): Returns true if extension loaders have the 
> main jar
>      * 
> tests/jnlp_tests/signed/ExtensionJnlp/resources/UsesSignedJarExtension.jnlp:
>      * 
> tests/jnlp_tests/signed/ExtensionJnlp/resources/UsesSignedJnlpExtension.jnlp:
>      * 
> tests/jnlp_tests/signed/ExtensionJnlp/resources/UsesSignedJnlpJarAndSignedJarExtension.jnlp:
>      Launching jnlps that use extension jnlp as its resource.
>      * tests/jnlp_tests/signed/ExtensionJnlp/resources/UsesSignedJar.jnlp:
>      Launching jnlp that directly launches SignedJarResource class.
>      * tests/jnlp_tests/signed/ExtensionJnlp/resources/UsesSignedJnlp.jnlp:
>      Launching jnlp that directly launches SignedJnlpResource class.
>      * 
> tests/jnlp_tests/signed/ExtensionJnlp/testcases/ExtensionJnlpTest.java:
>      Testcase that tests the launching of jnlp files containing 
> extension jnlps
>      as resource.
>      * 
> tests/jnlp_tests/signed/SignedJarResource/resources/SignedJarExtension.jnlp:
>      Component jnlp file that is used as an extension resource.
>      * 
> tests/jnlp_tests/signed/SignedJarResource/srcs/SignedJarResource.java:
>      A simple java class that outputs a string.
>      * 
> tests/jnlp_tests/signed/SignedJnlpResource/resources/UnmatchingSignedJnlpExtension.jnlp:
>      Component jnlp file that is used as an extension resource and does not
>      match the signed jnlp file.
>      * 
> tests/jnlp_tests/signed/SignedJnlpResource/resources/MatchingSignedJnlpExtension.jnlp:
>      Component jnlp file that is used as an extension resource and 
> matches the
>      signed jnlp file.
>      * 
> tests/jnlp_tests/signed/SignedJnlpResource/srcs/JNLP-INF/APPLICATION_TEMPLATE.jnlp:
>      Signed jnlp file.
>      * 
> tests/jnlp_tests/signed/SignedJnlpResource/srcs/SignedJnlpResource.java:
>      A simple java class that outputs a string.
>

More information about the distro-pkg-dev mailing list