[icedtea-web][rfc] Update on Danesh's major rework of JarCertVerifier

Adam Domurad adomurad at redhat.com
Tue Sep 25 07:59:23 PDT 2012 

The original topic email for this is: [RFC][icedtea-web] Major rework
of JarCertVerifier. I have picked up review of this and added
additional patches on top for review.

I will still be creating an additional reproducer that tests the effect
of multiple signers per jar for JNLP & HTML-based applications, but
wanted to get review on my additional patches.

I have ensured there was no regressions in the reproducer suite (I
fixed one regression with empty signed jars). I have also ran the
manual browser tests. (Note these tests were with all patches applied)


Here are the patches, in order that they should be applied, and how to
direct reviewing attention. Essentially the JCV rework patch has been
more or less validated, and I want the additional patches reviewed
before I continue.


===========================================================================
1) jcv-major-rework-02.patch:

The most recent version of Danesh's patch, unmodified. I have purposely
left this as-was and made additional patches on top of it, because
between Omair and I, I consider this patch reviewed. Feel free to point
out 
any additional concerns (but hopefully addressable after we get this in
HEAD.)

See the original discussion for details + ChangeLog. 

===========================================================================

===========================================================================
2) CodeStyle.patch:

Modifies newly added code to use interface types instead of concrete
types 
wherever it is applicable.

ChangeLog:
2012-09-25  Adam Domurad  <adomurad at redhat.com>
	* netx/net/sourceforge/jnlp/security/AppVerifier.java: Use interface 
	types for declared types where applicable.
	* netx/net/sourceforge/jnlp/security/PluginAppVerifier.java: Same.
	* netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: Same.

===========================================================================

===========================================================================
3) FixForEmptySignedReproducer.patch

Fixes a slight problem that prohibited correctly identifying trivially 
signed jars.

ChangeLog:
2012-09-25  Adam Domurad  <adomurad at redhat.com>
	Fixes JCV#isTriviallySigned(). Reproducer 'EmptySignedJar' passes 
	again.
	* netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: Remove 
	problematic 'triviallySigned' variable and instead determine 
	whether triviallySigned on the fly. Consider jars with 0 signable 
	entries as SIGNED_OK.

===========================================================================

===========================================================================
3) NewMessage.patch:

A new message for when a JNLP application is fully signed, but by
mismatching signers. (A JNLP application can have multiple signers, but
each jar needs a common signer).

ChangeLog:
2012-09-25  Adam Domurad  <adomurad at redhat.com>
	New message for signer mismatch in JNLP applications.
	* netx/net/sourceforge/jnlp/resources/Messages.properties: Added 
	message 'The JNLP application is not fully signed by a single cert.'
	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: Message 
	thrown when JNLP's jcv.allJarsSigned() is true but not 
	jcv.isFullySigned();

===========================================================================

===========================================================================
4) TestForPR822.patch:

The existing tests for PR822 weren't really demonstrating the offending
behaviour. I have removed their @Bug annotation, and made them expect
the 
new messages added. 
Also added an HTML test applet to signed2/MultipleSignaturesTest that is
fully
signed, but by different signers. (In the case of HTML-tag applets, this
is 
allowed.)

ChangeLog:
2012-09-25  Adam Domurad  <adomurad at redhat.com>
	Revised multiple signatures test to check for new message. Added more 
	accurate reproducer for PR822.
	*
tests/reproducers/signed2/MultipleSignaturesTest/srcs/somecrazytestpackage/MultipleSignaturesTest.java:
	Made class take a classname parameter so different out-of-package
	classes could be executed.
	*
tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest.html: 
	Added main-class parameter.
	*
tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1.jnlp:
	Same.
	*
tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1_requesting.jnlp:
	Same.
	*
tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest2.jnlp:
	Same.
	*
tests/reproducers/signed2/MultipleSignaturesTest/testcases/MultipleSignaturesTestTests.java
	(multipleSignaturesTestHtmlAppletUsesPermissions): New, tests if fully 
	signed HTML applets with varied signers can (as they should) execute 
	with full permissions. Reproduces PR822.
	(multipleSignaturesTestJnlpApplicationRequesting): Check for 
	mismatching signers JNLP failure message. Remove known-to-fail & 
	(incorrect) bug annotation.
	*
tests/reproducers/signed2/MultipleSignaturesTestSamePackage/testcases/MultipleSignaturesTestTestsSamePackage.java
	(multipleSignaturesTestSamePackageJnlpApplicationRequesting): Check
for 
	mismatching signers JNLP failure message. Remove known-to-fail & 
	(incorrect) bug annotation.

===========================================================================



-------------- next part --------------
A non-text attachment was scrubbed...
Name: jcv-major-rework-02.patch
Type: text/x-patch
Size: 118979 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120925/c13576b5/jcv-major-rework-02.patch 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CodeStyle.patch
Type: text/x-patch
Size: 9623 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120925/c13576b5/CodeStyle.patch 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FixForEmptySignedReproducer.patch
Type: text/x-patch
Size: 2659 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120925/c13576b5/FixForEmptySignedReproducer.patch 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NewMessage.patch
Type: text/x-patch
Size: 2202 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120925/c13576b5/NewMessage.patch 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: TestforPR822.patch
Type: text/x-patch
Size: 11286 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120925/c13576b5/TestforPR822.patch

More information about the distro-pkg-dev mailing list