[RFC][icedtea-web] Signed JNLP file: added regression tests

Saad Mohammad smohammad at redhat.com
Thu May 31 13:26:08 PDT 2012 

Hi,

 From previous reviews and suggestions, I have updated the patch which 
tests the launch of applications with unsigned and signed jnlp file. The 
test ensures that a signed jnlp file is checked/validated (if found) at 
launch and the appropriate actions are taken depending on the validation.

* Changelog entry is attached.

On a side note (and as mentioned in my previous email), Oracle's JDK 
validates the jnlp file (if found within jar) regardless of whether it 
is signed or not. But according to their specification (section 5.4):

"A JNLP file can optionally be signed. A JNLP Client must check if a 
signed version of the JNLP file or JNLP template exist, and if so, 
verify that at least one of them match the JNLP file that is used to 
launch the application. If a match is not found (see below), then the 
launch must be aborted. If no signed JNLP file or JNLP template exist, 
then the JNLP file is not signed, and no check needs to be performed."

"A JNLP file is signed either by including a copy of it in the signed 
main JAR file, or by including a matching (see below) template file in 
the signed main JAR file."

After running some tests, I can say IcedTea-Web behaves according to the 
specification. I'm just curious to whether this is fine or if we would 
like IcedTea-Web to behave similar to Oracle's JDK. Also, because of 
this, the unsigned tests (included in the patch) ensures no signed jnlp 
file is checked (because the jar is unsigned). Any thoughts?

Thanks. :)

-- 
Saad Mohammad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch09WithALL.patch
Type: text/x-patch
Size: 94971 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120531/a79024c3/patch09WithALL.patch 
-------------- next part --------------
2012-05-28  Saad Mohammad <smohammad at redhat.com>

    Added signed jnlp file regression tests.
    * tests/jnlp_tests/signed/SignedJnlpApplication/resources/SignedJnlpApplication1.jnlp:
    Launching jnlp file that matches the signed jnlp application file.
    * tests/jnlp_tests/signed/SignedJnlpApplication/resources/SignedJnlpApplication2.jnlp:
    * tests/jnlp_tests/signed/SignedJnlpApplication/resources/SignedJnlpApplication3.jnlp:
    Launching jnlp file that does not match the signed jnlp application file.
    * tests/jnlp_tests/signed/SignedJnlpApplication/srcs/JNLP-INF/APPLICATION.jnlp:
    Signed jnlp application file.
    * tests/jnlp_tests/signed/SignedJnlpApplication/srcs/SignedJnlpApplication.java:
    A simple java class that outputs a string.
    * tests/jnlp_tests/signed/SignedJnlpApplication/testcases/SignedJnlpApplicationTest.java:
    Testcase that tests the launching of applications with a signed jnlp application file.
    * tests/jnlp_tests/signed/SignedJnlpTemplate/resources/SignedJnlpTemplate1.jnlp:
    Launching jnlp file that matches the signed jnlp application template file.
    * tests/jnlp_tests/signed/SignedJnlpTemplate/resources/SignedJnlpTemplate2.jnlp:
    * tests/jnlp_tests/signed/SignedJnlpTemplate/resources/SignedJnlpTemplate3.jnlp:
    Launching jnlp file that does not match the signed jnlp application template file.
    * tests/jnlp_tests/signed/SignedJnlpTemplate/srcs/JNLP-INF/APPLICATION_TEMPLATE.jnlp:
    Signed jnlp application template file.
    * tests/jnlp_tests/signed/SignedJnlpTemplate/srcs/SignedJnlpTemplate.java:
    A simple java class that outputs a string.
    * tests/jnlp_tests/signed/SignedJnlpTemplate/testcases/SignedJnlpTemplateTest.java:
    Testcase that tests the launching of applications with a signed jnlp application template file.
    * tests/jnlp_tests/simple/UnsignedJnlpApplication/resources/UnsignedJnlpApplication1.jnlp:
    Launching jnlp file that matches the unsigned jnlp application file.
    * tests/jnlp_tests/simple/UnsignedJnlpApplication/resources/UnsignedJnlpApplication2.jnlp:
    * tests/jnlp_tests/simple/UnsignedJnlpApplication/resources/UnsignedJnlpApplication3.jnlp:
    Launching jnlp file that does not match the unsigned jnlp application file.
    * tests/jnlp_tests/simple/UnsignedJnlpApplication/srcs/JNLP-INF/APPLICATION.jnlp:
    Unsigned jnlp application file.
    * tests/jnlp_tests/simple/UnsignedJnlpApplication/srcs/UnsignedJnlpApplication.java:
    A simple java class that outputs a string.
    * tests/jnlp_tests/simple/UnsignedJnlpApplication/testcases/UnsignedJnlpApplicationTest.java:
    Testcase that tests the launching of applications with an unsigned jnlp application file.
    * tests/jnlp_tests/simple/UnsignedJnlpTemplate/resources/UnsignedJnlpTemplate1.jnlp:
    Launching jnlp file that matches the unsigned jnlp application template file.
    * tests/jnlp_tests/simple/UnsignedJnlpTemplate/resources/UnsignedJnlpTemplate2.jnlp:
    * tests/jnlp_tests/simple/UnsignedJnlpTemplate/resources/UnsignedJnlpTemplate3.jnlp:
    Launching jnlp file that does not match the unsigned jnlp application template file.
    * tests/jnlp_tests/simple/UnsignedJnlpTemplate/srcs/JNLP-INF/APPLICATION_TEMPLATE.jnlp:
    Unsigned jnlp application template file.
    * tests/jnlp_tests/simple/UnsignedJnlpTemplate/srcs/UnsignedJnlpTemplate.java:
    A simple java class that outputs a string.
    * tests/jnlp_tests/simple/UnsignedJnlpTemplate/testcases/UnsignedJnlpTemplateTest.java:
    Testcase that tests the launching of applications with an unsigned jnlp application template file.
    * tests/jnlp_tests/signed/SignedJnlpCaseTestOne/resources/SignedJnlpCaseTestOne1.jnlp:
    Launching jnlp file that matches the signed jnlp application file.
    * tests/jnlp_tests/signed/SignedJnlpCaseTestOne/resources/SignedJnlpCaseTestOne2.jnlp:
    Launching jnlp file that does not match the signed jnlp application file.
    * tests/jnlp_tests/signed/SignedJnlpCaseTestOne/srcs/JNLP-INF/aPpLiCaTioN.jnlp:
    Signed jnlp application file.
    * tests/jnlp_tests/signed/SignedJnlpCaseTestOne/srcs/SignedJnlpCase.java:
    A simple java class that outputs a string.
    * tests/jnlp_tests/signed/SignedJnlpCaseTestOne/testcases/SignedJnlpCaseOneTest.java:
    Testcase that tests the case-sensitivity of the signed jnlp application's filename.
    * tests/jnlp_tests/signed/SignedJnlpCaseTestTwo/resources/SignedJnlpCaseTestTwo1.jnlp:
    Launching jnlp file that matches the signed jnlp application template file.
    * tests/jnlp_tests/signed/SignedJnlpCaseTestTwo/resources/SignedJnlpCaseTestTwo2.jnlp:
    Launching jnlp file that does not match the signed jnlp application template file.
    * tests/jnlp_tests/signed/SignedJnlpCaseTestTwo/srcs/JNLP-INF/aPpLiCaTiOn_tEmPlAte.jnlp:
    Signed jnlp application template file.
    * tests/jnlp_tests/signed/SignedJnlpCaseTestTwo/srcs/SignedJnlpCase.java:
    A simple java class that outputs a string.
    * tests/jnlp_tests/signed/SignedJnlpCaseTestTwo/testcases/SignedJnlpCaseTwoTest.java:
    Testcase that tests the case-sensitivity of the signed jnlp application template's filename.

More information about the distro-pkg-dev mailing list