[rfc][icedtea-web] Signed applets with codebase loading
Jiri Vanek
jvanek at redhat.com
Thu Feb 13 06:50:16 PST 2014
Hi!
Changes to classlaoder looks ok, but test do not work:
Passed: SignedAppletCodebaseLoadingTests.testCodebaseLoading - chromium-browser
- WARNING This test is known to fail, but have passed!
Passed: SignedAppletCodebaseLoadingTests.testCodebaseLoading - opera
- WARNING This test is known to fail, but have passed!
Passed: SignedAppletCodebaseLoadingTests.testCodebaseLoading - midori
- WARNING This test is known to fail, but have passed!
Passed: SignedAppletCodebaseLoadingTests.testCodebaseLoading - epiphany
- WARNING This test is known to fail, but have passed!
FAILED: testSignedAppletWithExternalMainClassLaunch -
chromium-browser(SignedAppletExternalMainClassTest) applet did not initialize
- This test is known to fail
FAILED: testSignedAppletWithExternalMainClassLaunch - opera(SignedAppletExternalMainClassTest)
applet did not initialize
- This test is known to fail
FAILED: testSignedAppletWithExternalMainClassLaunch - midori(SignedAppletExternalMainClassTest)
applet did not initialize
- This test is known to fail
FAILED: testSignedAppletWithExternalMainClassLaunch - epiphany(SignedAppletExternalMainClassTest)
applet did not initialize
- This test is known to fail
Total tests run: 8; From those : 8 known to fail
Test known to fail: passed: 4; failed: 4; ignored: 0
Test results: passed: 4; failed: 4; ignored: 0
why???
(after removal of exception)
After reading description, whole thread,and code, the second four should also pass....
minor note:
> + private static void assertNoExceptions(ProcessResult pr) {
> + assertFalse(pr.stdout.contains("xception"));
> + assertFalse(pr.stderr.contains("xception"));
> + }
Please , don't do this. I spent large amount of time in removal of all those.
nor do assertTrue(pr.stderr.contains("xception"));. Unless you are searching for
appearence/notappearence of some ExactException.
What about applet, which have few jars signed vith valid signature, and some vith invalid???
Isn't it also partially signed one?
The example is recently discovered reproducer for redirection -
https://java.net/projects/electric/downloads/download/electric.jnlp
Well it is jnlp app, but in this case it sounds to me like valid....
What do you think?
On 01/31/2014 05:16 PM, Andrew Azores wrote:
> Hi,
>
> This patch adds tests that were originally meant to be included with the PR1513 fix (signed applet
> with external/codebase main-class) but never made it in, as well as adding a similar test, where the
> applet is signed and uses codebase-loaded classes, but the main-class is within a signed JAR. In
> both of these cases, the applet is expected to run, and it is expected to be done with mixed
> permissions. The PR1592 tests already test the mixed permissions security implementation, so these
> tests simply assert that the applets can be run.
>
> Most notable however is the fact that without the JNLPClassLoader changes included in this patch,
> signed applets which load from the codebase are considered as fully signed by the classloader. They
> should really be treated as partially signed and the user prompted to run them. This patch makes it
> so. I do not know of any way to detect that this is going to happen beforehand, so this check is
> performed during classloading, which means it is possible for the dialog to appear for the first
> time in the middle of executing an applet, depending on the particular applet.
>
> The tests are currently immediately failing on purpose and marked KnownToFail. This is because the
> existing prompt used for Partially Signed purposes appears during reproducer runs, which causes the
> runs to be slower, and the tests to fail anyway. Once a NotAllSigned Dialog replacement is in place
> which can be made to not appear during reproducer runs (such as the proposed PartiallySigned dialog
> on this list), then these tests can be properly enabled.
>
> Apply the test patch and run them (whitelist SignedApplet.*), and note the behaviour regarding when
> NotAllSigned appears or does not appear. Then apply the classloader patch and re-run the tests,
> noting again the security prompt behaviour. I don't know how to programmatically ensure that the
> dialogs have actually appeared, other than putting print statements in the dialogs to detect them
> (which is kind of horrible). Any ideas on this?
>
> ChangeLog:
> * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: treat signed applets
> which load from the codebase as partially signed
> * tests/reproducers/custom/SignedAppletCodebaseLoading/resources/SignedAppletCodebaseLoading.html:
> new test to ensure that signed applets with codebase loading can run
> * tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/Makefile
> * tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/SignedAppletCodebaseLoading.java
> * tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/SignedAppletCodebaseLoadingHelper.java
> * tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java
> * tests/reproducers/custom/SignedAppletExternalMainClass/resources/SignedAppletExternalMainClass.html:
> new test to ensure that signed applets with codebase-loaded main-classes can run
> * tests/reproducers/custom/SignedAppletExternalMainClass/srcs/Makefile
> * tests/reproducers/custom/SignedAppletExternalMainClass/srcs/SignedAppletExternalMainClass.java
> * tests/reproducers/custom/SignedAppletExternalMainClass/srcs/SignedAppletExternalMainClassHelper.java
> *
> tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java
>
> Thanks,
>
> --
> Andrew A
>
>
> signed_applet_codebase_loading_classloader.patch
>
>
> diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
> @@ -752,8 +752,8 @@
>
> // If externalAppletMainClass is true and a LaunchException was not thrown above,
> // then the main-class can be loaded from the applet codebase, but is obviously not signed
> - if (!jcv.allJarsSigned() || externalAppletMainClass) {
> - signing = SigningState.PARTIAL;
> + if (!jcv.allJarsSigned()) {
> + checkPartialSigningWithUser();
> }
>
> // If main jar was found, but a signed JNLP file was not located
> @@ -832,11 +832,7 @@
> }
>
> if (containsSignedJar && containsUnsignedJar) {
> - signing = SigningState.PARTIAL;
> - }
> -
> - if (signing == SigningState.PARTIAL && JNLPRuntime.isVerifying()) {
> - checkNotAllSignedWithUser(file);
> + checkPartialSigningWithUser();
> }
>
> activateJars(initialJars);
> @@ -1135,11 +1131,11 @@
> }
>
> /**
> - * Prompt the user to proceed on applets with mixed signing.
> + * Display a dialog prompting the user to proceed on applets with mixed signing.
> * @param file the JNLPFile or PluginBridge describing the applet/application to be launched
> * @throws LaunchException if the user does not approve the prompt
> */
> - private void checkNotAllSignedWithUser(JNLPFile file) throws LaunchException {
> + private void showNotAllSignedDialog(JNLPFile file) throws LaunchException {
> if (JNLPRuntime.isTrustAll()) {
> return;
> }
> @@ -1972,6 +1968,29 @@
> return signing == SigningState.FULL;
> }
>
> + /**
> + * Call this when it's suspected that an applet's permission level may have
> + * just changed from Full Signing to Partial Signing.
> + * This will display a one-time prompt asking the user to confirm running
> + * the partially signed applet.
> + * Partially Signed applets always start off as appearing to be Fully
> + * Signed, and then during the initialization or loading process, we find
> + * that we actually need to demote the applet to Partial, either due to
> + * finding that not all of its JARs are actually signed, or because it
> + * needs to load something unsigned out of the codebase.
> + */
> + private void checkPartialSigningWithUser() {
> + if (signing == SigningState.FULL && JNLPRuntime.isVerifying()) {
> + signing = SigningState.PARTIAL;
> + try {
> + showNotAllSignedDialog(this.file);
> + } catch (LaunchException e) {
> + throw new RuntimeException("The signed applet required loading of unsigned code from the codebase, "
> + + "which the user refused", e);
> + }
> + }
> + }
> +
> protected SecurityDesc getSecurity() {
> return security;
> }
> @@ -2301,8 +2320,16 @@
>
> /*
> * Helper class to expose protected URLClassLoader methods.
> + * Classes loaded from the codebase are absolutely NOT signed, by definition!
> + * If the CodeBaseClassLoader is used to load any classes in JNLPClassLoader,
> + * then you*MUST* check if the JNLPClassLoader is set to FULL signing. If so,
> + * then it must be set instead to PARTIAL, and the user prompted if it is okay
> + * to proceed. If the JNLPClassLoader is already PARTIAL or NONE signing, then
> + * nothing must be done. This is required so that we can support partial signing
> + * of applets but also ensure that using codebase loading in conjunction with
> + * signed JARs still results in the user having to confirm that this is
> + * acceptable.
> */
> -
> public static class CodeBaseClassLoader extends URLClassLoader {
>
> JNLPClassLoader parentJNLPClassLoader;
> @@ -2322,17 +2349,21 @@
> super.addURL(url);
> }
>
> - Class<?> findClassNonRecursive(String name) throws ClassNotFoundException {
> + /*
> + * Use with care! Check the class-level Javadoc before calling this.
> + */
> + Class<?> findClassNonRecursive(final String name) throws ClassNotFoundException {
> // If we have searched this path before, don't try again
> if (Arrays.equals(super.getURLs(), notFoundResources.get(name)))
> throw new ClassNotFoundException(name);
>
> try {
> - final String fName = name;
> return AccessController.doPrivileged(
> new PrivilegedExceptionAction<Class<?>>() {
> public Class<?> run() throws ClassNotFoundException {
> - return CodeBaseClassLoader.super.findClass(fName);
> + Class<?> c = CodeBaseClassLoader.super.findClass(name);
> + parentJNLPClassLoader.checkPartialSigningWithUser();
> + return c;
> }
> }, parentJNLPClassLoader.getAccessControlContextForClassLoading());
> } catch (PrivilegedActionException pae) {
> @@ -2344,10 +2375,15 @@
> }
> }
>
> + /*
> + * Use with care! Check the class-level Javadoc before calling this.
> + */
> @Override
> public Class<?> findClass(String name) throws ClassNotFoundException {
> // Calls JNLPClassLoader#findClass which may call into this.findClassNonRecursive
> - return getParentJNLPClassLoader().findClass(name);
> + Class<?> c = getParentJNLPClassLoader().findClass(name);
> + parentJNLPClassLoader.checkPartialSigningWithUser();
> + return c;
> }
>
> /**
>
>
> signed_applet_codebase_loading_tests.patch
>
>
> diff --git a/tests/reproducers/custom/SignedAppletCodebaseLoading/resources/SignedAppletCodebaseLoading.html b/tests/reproducers/custom/SignedAppletCodebaseLoading/resources/SignedAppletCodebaseLoading.html
> new file mode 100644
> --- /dev/null
> +++ b/tests/reproducers/custom/SignedAppletCodebaseLoading/resources/SignedAppletCodebaseLoading.html
> @@ -0,0 +1,52 @@
> +<!--
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2, or (at your option)
> +any later version.
> +
> +IcedTea is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to the
> +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> +
> + -->
> +<html>
> + <head></head>
> + <body>
> + <applet code="signed.SignedAppletCodebaseLoading.class"
> + archive="SignedAppletCodebaseLoading.jar"
> + codebase="."
> + width="640"
> + height="480">
> + <script language="javascript" type="text/javascript">
> + var testName = window.location.search.substring(1);
> + document.write("<param name='testName' value='" + testName + "'>");
> + </script>
> + </applet>
> + </body>
> +</html>
> diff --git a/tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/Makefile b/tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/Makefile
> new file mode 100644
> --- /dev/null
> +++ b/tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/Makefile
> @@ -0,0 +1,33 @@
> +TESTNAME=SignedAppletCodebaseLoading
> +
> +SRC_FILES=SignedAppletCodebaseLoading.java SignedAppletCodebaseLoadingHelper.java
> +
> +JAVAC_CLASSPATH=$(TEST_EXTENSIONS_DIR):$(NETX_DIR)/lib/classes.jar
> +JAVAC=$(BOOT_DIR)/bin/javac
> +JAR=$(BOOT_DIR)/bin/jar
> +JARSIGNER=$(BOOT_DIR)/bin/jarsigner
> +JARSIGNER_CMD=$(JARSIGNER) -keystore $(TOP_BUILD_DIR)/$(PRIVATE_KEYSTORE_NAME) -storepass $(PRIVATE_KEYSTORE_PASS) -keypass $(PRIVATE_KEYSTORE_PASS)
> +
> +TMPDIR:=$(shell mktemp -d)
> +
> +prepare-reproducer:
> + echo PREPARING REPRODUCER $(TESTNAME)
> +
> + $(JAVAC) -d $(TMPDIR) -classpath $(JAVAC_CLASSPATH) $(SRC_FILES); \
> +
> + cp ../resources/* $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR); \
> +
> + cd $(TMPDIR); \
> + $(JAR) cfe SignedAppletCodebaseLoading.jar signed.SignedAppletCodebaseLoading signed; \
> + cd -; \
> +
> + $(JARSIGNER_CMD) -sigfile Alpha $(TMPDIR)/SignedAppletCodebaseLoading.jar $(TEST_CERT_ALIAS)_signed; \
> +
> + cp $(TMPDIR)/SignedAppletCodebaseLoading.jar $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR); \
> + cp -r $(TMPDIR)/helper $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR); \
> +
> + echo PREPARED REPRODUCER $(TESTNAME), removing $(TMPDIR); \
> + rm -rf $(TMPDIR); \
> +
> +clean-reproducer:
> + echo NOTHING TO CLEAN FOR $(TESTNAME)
> diff --git a/tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/SignedAppletCodebaseLoading.java b/tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/SignedAppletCodebaseLoading.java
> new file mode 100644
> --- /dev/null
> +++ b/tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/SignedAppletCodebaseLoading.java
> @@ -0,0 +1,50 @@
> +/* SignedAppletCodebaseLoading.java
> +Copyright (C) 2014 Red Hat, Inc.
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or
> +modify it under the terms of the GNU General Public License as published by
> +the Free Software Foundation, version 2.
> +
> +IcedTea is distributed in the hope that it will be useful,
> +but WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to
> +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> + */
> +
> +package signed;
> +import helper.SignedAppletCodebaseLoadingHelper;
> +import java.applet.Applet;
> +
> +public class SignedAppletCodebaseLoading extends Applet {
> +
> + @Override
> + public void start() {
> + System.out.println(SignedAppletCodebaseLoadingHelper.getMessage());
> + System.out.println("*** APPLET FINISHED ***");
> + }
> +
> +}
> diff --git a/tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/SignedAppletCodebaseLoadingHelper.java b/tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/SignedAppletCodebaseLoadingHelper.java
> new file mode 100644
> --- /dev/null
> +++ b/tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/SignedAppletCodebaseLoadingHelper.java
> @@ -0,0 +1,47 @@
> +/* SignedAppletCodebaseLoadingHelper.java
> +Copyright (C) 2014 Red Hat, Inc.
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or
> +modify it under the terms of the GNU General Public License as published by
> +the Free Software Foundation, version 2.
> +
> +IcedTea is distributed in the hope that it will be useful,
> +but WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to
> +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> + */
> +
> +package helper;
> +import signed.SignedAppletCodebaseLoading;
> +
> +public class SignedAppletCodebaseLoadingHelper {
> +
> + public static String getMessage() {
> + return "SignedAppletCodebaseLoading Applet Running";
> + }
> +
> +}
> diff --git a/tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java b/tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java
> new file mode 100644
> --- /dev/null
> +++ b/tests/reproducers/custom/SignedAppletCodebaseLoading/testcases/SignedAppletCodebaseLoadingTests.java
> @@ -0,0 +1,89 @@
> +/* SignedAppletCodebaseLoadingTests.java
> +Copyright (C) 2014 Red Hat, Inc.
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or
> +modify it under the terms of the GNU General Public License as published by
> +the Free Software Foundation, version 2.
> +
> +IcedTea is distributed in the hope that it will be useful,
> +but WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to
> +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> + */
> +
> +import java.io.File;
> +import java.io.FileInputStream;
> +
> +import net.sourceforge.jnlp.ProcessResult;
> +import net.sourceforge.jnlp.ServerAccess;
> +import net.sourceforge.jnlp.ServerAccess.AutoClose;
> +import net.sourceforge.jnlp.annotations.Bug;
> +import net.sourceforge.jnlp.annotations.KnownToFail;
> +import net.sourceforge.jnlp.annotations.NeedsDisplay;
> +import net.sourceforge.jnlp.annotations.TestInBrowsers;
> +import net.sourceforge.jnlp.browsertesting.BrowserTest;
> +import net.sourceforge.jnlp.browsertesting.Browsers;
> +import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener;
> +
> +import org.junit.Test;
> +import static org.junit.Assert.assertTrue;
> +import static org.junit.Assert.assertFalse;
> +
> +/* see also signed/SignedAppletExternalMainClass which is related */
> +public class SignedAppletCodebaseLoadingTests extends BrowserTest {
> +
> + private static final String RUNNING_STRING = "SignedAppletCodebaseLoading Applet Running";
> + private static final String CLOSE_STRING = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING;
> +
> + @KnownToFail
> + @Bug(id="PR1513")
> + @NeedsDisplay
> + @Test
> + @TestInBrowsers(testIn={Browsers.one})
> + public void testCodebaseLoading() throws Exception {
> + assertTrue("NotAllSigned dialog will appear if this test runs. Remove this exception and KnownToFail "
> + + "when a proper replacement is in place", false);
> + ProcessResult pr = server.executeBrowser("SignedAppletCodebaseLoading.html", AutoClose.CLOSE_ON_CORRECT_END);
> + assertProperStart(pr);
> + assertCloseString(pr);
> + assertNoExceptions(pr);
> + }
> +
> + private static void assertProperStart(ProcessResult pr) {
> + assertTrue("applet did not initialize", pr.stdout.contains(RUNNING_STRING));
> + }
> +
> + private static void assertCloseString(ProcessResult pr) {
> + assertTrue("applet should have closed normally", pr.stdout.contains(CLOSE_STRING));
> + }
> +
> + private static void assertNoExceptions(ProcessResult pr) {
> + assertFalse(pr.stdout.contains("xception"));
> + assertFalse(pr.stderr.contains("xception"));
> + }
> +
> +}
> diff --git a/tests/reproducers/custom/SignedAppletExternalMainClass/resources/SignedAppletExternalMainClass.html b/tests/reproducers/custom/SignedAppletExternalMainClass/resources/SignedAppletExternalMainClass.html
> new file mode 100644
> --- /dev/null
> +++ b/tests/reproducers/custom/SignedAppletExternalMainClass/resources/SignedAppletExternalMainClass.html
> @@ -0,0 +1,49 @@
> +<!--
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or modify
> +it under the terms of the GNU General Public License as published by
> +the Free Software Foundation; either version 2, or (at your option)
> +any later version.
> +
> +IcedTea is distributed in the hope that it will be useful, but
> +WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to the
> +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> +
> + -->
> +
> +<html>
> + <head></head>
> + <body>
> + <applet code="SignedAppletExternalMainClass.class"
> + archive="SignedAppletExternalMainClassHelper.jar"
> + codebase="."
> + width="800"
> + height="600">
> + </applet>
> + </body>
> +</html>
> diff --git a/tests/reproducers/custom/SignedAppletExternalMainClass/srcs/Makefile b/tests/reproducers/custom/SignedAppletExternalMainClass/srcs/Makefile
> new file mode 100644
> --- /dev/null
> +++ b/tests/reproducers/custom/SignedAppletExternalMainClass/srcs/Makefile
> @@ -0,0 +1,27 @@
> +TESTNAME=SignedAppletExternalMainClass
> +
> +JARSIGNER=$(BOOT_DIR)/bin/jarsigner
> +JAVAC=$(BOOT_DIR)/bin/javac
> +JAR=$(BOOT_DIR)/bin/jar
> +
> +TMPDIR:=$(shell mktemp -d)
> +
> +prepare-reproducer:
> + echo PREPARING REPRODUCER $(TESTNAME) in $(TMPDIR)
> +
> + $(JAVAC) -d $(TMPDIR) $(TESTNAME).java $(TESTNAME)Helper.java
> +
> + cd $(TMPDIR) ; \
> + $(JAR) cvf $(TESTNAME)Helper.jar $(TESTNAME)Helper.class ; \
> + $(BOOT_DIR)/bin/jarsigner -keystore $(TOP_BUILD_DIR)/$(PRIVATE_KEYSTORE_NAME) -storepass $(PRIVATE_KEYSTORE_PASS) \
> + -keypass $(PRIVATE_KEYSTORE_PASS) "$(TMPDIR)/$(TESTNAME)Helper.jar" $(TEST_CERT_ALIAS)_signed ; \
> +
> + cd $(TMPDIR); \
> + mv $(TESTNAME).class $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR) ; \
> + mv $(TESTNAME)Helper.jar $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR) ;
> +
> + echo PREPARED REPRODUCER $(TESTNAME), removing $(TMPDIR)
> + rm -rf $(TMPDIR)
> +
> +clean-reproducer:
> + echo NOTHING TO CLEAN FOR $(TESTNAME)
> diff --git a/tests/reproducers/custom/SignedAppletExternalMainClass/srcs/SignedAppletExternalMainClass.java b/tests/reproducers/custom/SignedAppletExternalMainClass/srcs/SignedAppletExternalMainClass.java
> new file mode 100644
> --- /dev/null
> +++ b/tests/reproducers/custom/SignedAppletExternalMainClass/srcs/SignedAppletExternalMainClass.java
> @@ -0,0 +1,49 @@
> +/* SignedAppletExternalMainClass.java
> +Copyright (C) 2013 Red Hat, Inc.
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or
> +modify it under the terms of the GNU General Public License as published by
> +the Free Software Foundation, version 2.
> +
> +IcedTea is distributed in the hope that it will be useful,
> +but WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to
> +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> + */
> +
> +import java.applet.Applet;
> +
> +public class SignedAppletExternalMainClass extends Applet {
> +
> + private static final String appletCloseString = "*** APPLET FINISHED ***";
> +
> + @Override
> + public void init() {
> + System.out.println(SignedAppletExternalMainClassHelper.help());
> + System.out.println(appletCloseString);
> + }
> +}
> diff --git a/tests/reproducers/custom/SignedAppletExternalMainClass/srcs/SignedAppletExternalMainClassHelper.java b/tests/reproducers/custom/SignedAppletExternalMainClass/srcs/SignedAppletExternalMainClassHelper.java
> new file mode 100644
> --- /dev/null
> +++ b/tests/reproducers/custom/SignedAppletExternalMainClass/srcs/SignedAppletExternalMainClassHelper.java
> @@ -0,0 +1,42 @@
> +/* SignedAppletExternalMainClassHelper.java
> +Copyright (C) 2013 Red Hat, Inc.
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or
> +modify it under the terms of the GNU General Public License as published by
> +the Free Software Foundation, version 2.
> +
> +IcedTea is distributed in the hope that it will be useful,
> +but WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to
> +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> + */
> +
> +public class SignedAppletExternalMainClassHelper {
> + public static String help() {
> + return "SignedAppletExternalMainClass Applet Running";
> + }
> +}
> diff --git a/tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java b/tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java
> new file mode 100644
> --- /dev/null
> +++ b/tests/reproducers/custom/SignedAppletExternalMainClass/testcases/SignedAppletExternalMainClassTest.java
> @@ -0,0 +1,84 @@
> +/* SignedAppletExternalMainClassTest.java
> +Copyright (C) 2013 Red Hat, Inc.
> +
> +This file is part of IcedTea.
> +
> +IcedTea is free software; you can redistribute it and/or
> +modify it under the terms of the GNU General Public License as published by
> +the Free Software Foundation, version 2.
> +
> +IcedTea is distributed in the hope that it will be useful,
> +but WITHOUT ANY WARRANTY; without even the implied warranty of
> +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +General Public License for more details.
> +
> +You should have received a copy of the GNU General Public License
> +along with IcedTea; see the file COPYING. If not, write to
> +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> +02110-1301 USA.
> +
> +Linking this library statically or dynamically with other modules is
> +making a combined work based on this library. Thus, the terms and
> +conditions of the GNU General Public License cover the whole
> +combination.
> +
> +As a special exception, the copyright holders of this library give you
> +permission to link this library with independent modules to produce an
> +executable, regardless of the license terms of these independent
> +modules, and to copy and distribute the resulting executable under
> +terms of your choice, provided that you also meet, for each linked
> +independent module, the terms and conditions of the license of that
> +module. An independent module is a module which is not derived from
> +or based on this library. If you modify this library, you may extend
> +this exception to your version of the library, but you are not
> +obligated to do so. If you do not wish to do so, delete this
> +exception statement from your version.
> + */
> +
> +import net.sourceforge.jnlp.ProcessResult;
> +import net.sourceforge.jnlp.ServerAccess.AutoClose;
> +import net.sourceforge.jnlp.annotations.Bug;
> +import net.sourceforge.jnlp.annotations.KnownToFail;
> +import net.sourceforge.jnlp.annotations.NeedsDisplay;
> +import net.sourceforge.jnlp.annotations.TestInBrowsers;
> +import net.sourceforge.jnlp.browsertesting.BrowserTest;
> +import net.sourceforge.jnlp.browsertesting.Browsers;
> +import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener;
> +
> +import org.junit.Test;
> +import static org.junit.Assert.assertTrue;
> +import static org.junit.Assert.assertFalse;
> +
> +/* see also signed/SignedAppletCodebaseLoading which is related */
> +public class SignedAppletExternalMainClassTest extends BrowserTest {
> +
> + private static final String RUNNING_STRING = "SignedAppletExternalMainClass Applet Running";
> + private static final String CLOSE_STRING = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING;
> +
> + @KnownToFail
> + @Bug(id="PR1513")
> + @NeedsDisplay
> + @Test
> + @TestInBrowsers(testIn={Browsers.one})
> + public void testSignedAppletWithExternalMainClassLaunch() throws Exception {
> + assertTrue("NotAllSigned dialog will appear if this test runs. Remove this exception and KnownToFail "
> + + "when a proper replacement is in place", false);
> + ProcessResult pr = server.executeBrowser("SignedAppletExternalMainClass.html", AutoClose.CLOSE_ON_CORRECT_END);
> + assertProperStart(pr);
> + assertCloseString(pr);
> + assertNoExceptions(pr);
> + }
> +
> + private static void assertProperStart(ProcessResult pr) {
> + assertTrue("applet did not initialize", pr.stdout.contains(RUNNING_STRING));
> + }
> +
> + private static void assertCloseString(ProcessResult pr) {
> + assertTrue("applet should have closed normally", pr.stdout.contains(CLOSE_STRING));
> + }
> +
> + private static void assertNoExceptions(ProcessResult pr) {
> + assertFalse(pr.stdout.contains("xception"));
> + assertFalse(pr.stderr.contains("xception"));
> + }
> +}
>
More information about the distro-pkg-dev
mailing list