/hg/icedtea-web: PR1592 MixedSigningApplet reproducer rewrite/up...
aazores at icedtea.classpath.org
aazores at icedtea.classpath.org
Mon Jan 27 09:00:59 PST 2014
changeset e97da10f9309 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=e97da10f9309
author: Andrew Azores <aazores at redhat.com>
date: Mon Jan 27 11:54:09 2014 -0500
PR1592 MixedSigningApplet reproducer rewrite/update
MixedSigningApplet reproducer (PR1592) moved into custom reproducer. JNLP
files generated per-test rather than premade. Many new tests added.
* tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.html:
moved to custom reproducer
* tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.jnlp:
moved to custom reproducer and now used as template by testcases file
* tests/reproducers/custom/MixedSigningApplet/srcs/Makefile: new Makefile
for custom reproducer
* tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletHelper.java
* tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletSigned.java
*
tests/reproducers/custom/MixedSigningApplet/testcases/MixedSigningAppletSignedTests.java:
new tests added, JNLP files generated per-test rather than all prepackaged
* tests/reproducers/signed/MixedSigningAppletSigned/srcs/MixedSigningAppletSigned.java:
moved to custom reproducer
* tests/reproducers/signed/MixedSigningAppletSigned/testcases/MixedSigningAppletSignedTests.java
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-1.jnlp
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-2.jnlp
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-3.jnlp
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-4.jnlp
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-5.jnlp
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-6.jnlp
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet.html
* tests/reproducers/simple/MixedSigningApplet/srcs/MixedSigningAppletHelper.java
diffstat:
ChangeLog | 27 +
tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.html | 52 +
tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.jnlp | 61 +
tests/reproducers/custom/MixedSigningApplet/srcs/Makefile | 34 +
tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletHelper.java | 137 +
tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletSigned.java | 349 ++++
tests/reproducers/custom/MixedSigningApplet/testcases/MixedSigningAppletSignedTests.java | 780 ++++++++++
tests/reproducers/signed/MixedSigningAppletSigned/srcs/MixedSigningAppletSigned.java | 145 -
tests/reproducers/signed/MixedSigningAppletSigned/testcases/MixedSigningAppletSignedTests.java | 159 --
tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-1.jnlp | 61 -
tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-2.jnlp | 61 -
tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-3.jnlp | 61 -
tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-4.jnlp | 61 -
tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-5.jnlp | 61 -
tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-6.jnlp | 61 -
tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet.html | 52 -
tests/reproducers/simple/MixedSigningApplet/srcs/MixedSigningAppletHelper.java | 89 -
17 files changed, 1440 insertions(+), 811 deletions(-)
diffs (truncated from 2322 to 500 lines):
diff -r ba33e8e6a1f2 -r e97da10f9309 ChangeLog
--- a/ChangeLog Mon Jan 27 17:49:03 2014 +0100
+++ b/ChangeLog Mon Jan 27 11:54:09 2014 -0500
@@ -1,3 +1,30 @@
+2014-01-27 Andrew Azores <aazores at redhat.com>
+
+ MixedSigningApplet reproducer (PR1592) moved into custom reproducer. JNLP
+ files generated per-test rather than premade. Many new tests added.
+ * tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.html:
+ moved to custom reproducer
+ * tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.jnlp:
+ moved to custom reproducer and now used as template by testcases file
+ * tests/reproducers/custom/MixedSigningApplet/srcs/Makefile: new Makefile
+ for custom reproducer
+ * tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletHelper.java
+ * tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletSigned.java
+ *
+ tests/reproducers/custom/MixedSigningApplet/testcases/MixedSigningAppletSignedTests.java:
+ new tests added, JNLP files generated per-test rather than all prepackaged
+ * tests/reproducers/signed/MixedSigningAppletSigned/srcs/MixedSigningAppletSigned.java:
+ moved to custom reproducer
+ * tests/reproducers/signed/MixedSigningAppletSigned/testcases/MixedSigningAppletSignedTests.java
+ * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-1.jnlp
+ * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-2.jnlp
+ * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-3.jnlp
+ * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-4.jnlp
+ * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-5.jnlp
+ * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-6.jnlp
+ * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet.html
+ * tests/reproducers/simple/MixedSigningApplet/srcs/MixedSigningAppletHelper.java
+
2014-01-27 Jiri Vanek <jvanek at redhat.com>
Tuning of properties loading.
diff -r ba33e8e6a1f2 -r e97da10f9309 tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.html
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.html Mon Jan 27 11:54:09 2014 -0500
@@ -0,0 +1,52 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<html>
+ <head></head>
+ <body>
+ <applet code="signed.MixedSigningAppletSigned.class"
+ archive="MixedSigningAppletSigned.jar,MixedSigningApplet.jar"
+ codebase="."
+ width="640"
+ height="480">
+ <script language="javascript" type="text/javascript">
+ var testName = window.location.search.substring(1);
+ document.write("<param name='testName' value='" + testName + "'>");
+ </script>
+ </applet>
+ </body>
+</html>
diff -r ba33e8e6a1f2 -r e97da10f9309 tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.jnlp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.jnlp Mon Jan 27 11:54:09 2014 -0500
@@ -0,0 +1,61 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="JNLP_HREF" codebase=".">
+ <information>
+ <title>MixedSigningApplet</title>
+ <vendor>IcedTea</vendor>
+ <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+ <description>Test per-JAR security assignment and permissions</description>
+ <offline/>
+ </information>
+ <resources>
+ <j2se version="1.4+"/>
+ <jar href="MixedSigningAppletSigned.jar"/>
+ <jar href="MixedSigningApplet.jar"/>
+ </resources>
+ <APP_TYPE_TARGET
+ documentBase="."
+ name="AppletTest"
+ main-class="signed.MixedSigningAppletSigned"
+ width="100"
+ height="100">
+ PARAM_ARG_TARGET
+ </APP_TYPE_TARGET>
+ SECURITY_TAG_TARGET
+</jnlp>
diff -r ba33e8e6a1f2 -r e97da10f9309 tests/reproducers/custom/MixedSigningApplet/srcs/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/MixedSigningApplet/srcs/Makefile Mon Jan 27 11:54:09 2014 -0500
@@ -0,0 +1,34 @@
+TESTNAME=MixedSigningApplet
+
+SRC_FILES=MixedSigningAppletSigned.java MixedSigningAppletHelper.java
+ENTRYPOINT_CLASSES=MixedSigningApplet
+
+JAVAC_CLASSPATH=$(TEST_EXTENSIONS_DIR):$(NETX_DIR)/lib/classes.jar
+JAVAC=$(BOOT_DIR)/bin/javac
+JAR=$(BOOT_DIR)/bin/jar
+JARSIGNER=$(BOOT_DIR)/bin/jarsigner
+JARSIGNER_CMD=$(JARSIGNER) -keystore $(TOP_BUILD_DIR)/$(PRIVATE_KEYSTORE_NAME) -storepass $(PRIVATE_KEYSTORE_PASS) -keypass $(PRIVATE_KEYSTORE_PASS)
+
+TMPDIR:=$(shell mktemp -d)
+
+prepare-reproducer:
+ echo PREPARING REPRODUCER $(TESTNAME)
+
+ $(JAVAC) -d $(TMPDIR) -classpath $(JAVAC_CLASSPATH) $(SRC_FILES); \
+
+ cp ../resources/* $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR); \
+
+ cd $(TMPDIR); \
+ $(JAR) cfe MixedSigningAppletSigned.jar signed.MixedSigningAppletSigned signed; \
+ $(JAR) cf MixedSigningApplet.jar helper; \
+ cd -; \
+
+ $(JARSIGNER_CMD) -sigfile Alpha $(TMPDIR)/MixedSigningAppletSigned.jar $(TEST_CERT_ALIAS)_signed; \
+
+ cp $(TMPDIR)/MixedSigningApplet{Signed,}.jar $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR); \
+
+ echo PREPARED REPRODUCER $(TESTNAME), removing $(TMPDIR); \
+ rm -rf $(TMPDIR); \
+
+clean-reproducer:
+ echo NOTHING TO CLEAN FOR $(TESTNAME)
diff -r ba33e8e6a1f2 -r e97da10f9309 tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletHelper.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletHelper.java Mon Jan 27 11:54:09 2014 -0500
@@ -0,0 +1,137 @@
+/* MixedSigningAppletHelper.java
+Copyright (C) 2013 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+package helper;
+import signed.MixedSigningAppletSigned;
+import java.lang.reflect.Method;
+import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/* See also signed/MixedSigningAppletSigned */
+public class MixedSigningAppletHelper {
+
+ public static String help() {
+ return "MixedSigningApplet Applet Running";
+ }
+
+ public static String helpDoPrivileged() {
+ return AccessController.doPrivileged(new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return "MixedSigningApplet Applet Running";
+ }
+ });
+ }
+
+ public static String getProperty(String prop) {
+ return System.getProperty(prop);
+ }
+
+ public static String getPropertyDoPrivileged(final String prop) {
+ return AccessController.doPrivileged(new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return getProperty(prop);
+ }
+ });
+ }
+
+ public static String getPropertyFromSignedJar(String prop) {
+ try {
+ Class<?> signedAppletClass = Class.forName("signed.MixedSigningAppletSigned");
+ Method m = signedAppletClass.getMethod("getProperty", String.class);
+ String result = (String) m.invoke(null, prop);
+ return result;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return e.toString();
+ }
+ }
+
+ public static String getPropertyFromSignedJarDoPrivileged(final String prop) {
+ return AccessController.doPrivileged(new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return getPropertyFromSignedJar(prop);
+ }
+ });
+ }
+
+ public static String attack() {
+ try {
+ Class<?> signedAppletClass = Class.forName("signed.MixedSigningAppletSigned");
+ Method m = signedAppletClass.getMethod("getProperty", String.class);
+ String result = (String) m.invoke(signedAppletClass.newInstance(), "user.home");
+ return result;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return e.toString();
+ }
+ }
+
+ public static String attackDoPrivileged() {
+ return AccessController.doPrivileged(new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return new MixedSigningAppletSigned().testSignedReadPropertiesDoPrivileged();
+ }
+ });
+ }
+
+ public static String reflectiveAttack() {
+ String result = null;
+ try {
+ Object signedApplet = Class.forName("signed.MixedSigningAppletSigned").newInstance();
+ Method getProp = signedApplet.getClass().getMethod("calledByReflection");
+ result = (String)getProp.invoke(signedApplet);
+ } catch (Exception e) {
+ e.printStackTrace();
+ result = e.toString();
+ }
+ return result;
+ }
+
+ public static String reflectiveAttackDoPrivileged() {
+ return AccessController.doPrivileged(new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return reflectiveAttack();
+ }
+ });
+ }
+}
diff -r ba33e8e6a1f2 -r e97da10f9309 tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletSigned.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletSigned.java Mon Jan 27 11:54:09 2014 -0500
@@ -0,0 +1,349 @@
+/* MixedSigningAppletSigned.java
+Copyright (C) 2013 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+package signed;
+import helper.MixedSigningAppletHelper;
+import java.applet.Applet;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.List;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/* See also simple/MixedSigningApplet */
+public class MixedSigningAppletSigned extends Applet {
+
+ public static void main(String[] args) {
+ MixedSigningAppletSigned applet = new MixedSigningAppletSigned();
+ applet.jnlpStart(args[0].replaceAll("\"", ""));
+ }
+
+ public void jnlpStart(String testName) {
+ try {
+ Method m = this.getClass().getMethod(testName);
+ final String result = (String) m.invoke(this);
+ System.out.println(result);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ try {
+ Method m = this.getClass().getMethod(testName + "Reflect");
+ final String result = (String) m.invoke(this);
+ System.out.println(result);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ System.out.println("*** APPLET FINISHED ***");
+ System.exit(0);
+ }
+
+ @Override
+ public void start() {
+ jnlpStart(getParameter("testName"));
+ }
+
+ public String testNonPrivilegedActionReflect() {
+ return new HelperMethodCall<String>().method("help").call();
+ }
+
+ public String testNonPrivilegedAction() {
+ return MixedSigningAppletHelper.help();
+ }
+
+ public String testNonPrivilegedActionDoPrivilegedReflect() {
+ return AccessController.doPrivileged(new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return testNonPrivilegedActionReflect();
+ }
+ });
+ }
+
+ public String testNonPrivilegedActionDoPrivileged() {
+ return testNonPrivilegedActionDoPrivileged();
+ }
+
+ public String testNonPrivilegedActionDoPrivileged2Reflect() {
+ return new HelperMethodCall<String>().method("helpDoPrivileged").call();
+ }
+
+ public String testNonPrivilegedActionDoPrivileged2() {
+ return MixedSigningAppletHelper.helpDoPrivileged();
+ }
+
+ // Should succeed
+ public String testSignedReadProperties() {
+ return getProperty("user.home");
+ }
+
+ // Should just be the same as above. It doesn't make much sense to make a reflective version here
+ public String testSignedReadPropertiesReflect() {
+ return testSignedReadProperties();
+ }
+
+ public String testSignedReadPropertiesDoPrivileged() {
+ return AccessController.doPrivileged(new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return testSignedReadProperties();
+ }
+ });
+ }
+
+ public String testSignedReadPropertiesDoPrivilegedReflect() {
+ return AccessController.doPrivileged(new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return testSignedReadPropertiesReflect();
+ }
+ });
+ }
+
+ // Should result in AccessControlException
+ public String testUnsignedReadPropertiesReflect() {
+ return new HelperMethodCall<String>().type(String.class).method("getProperty").arg("user.home").call();
+ }
+
+ public String testUnsignedReadProperties() {
+ return MixedSigningAppletHelper.getProperty("user.home");
+ }
+
+ public String testUnsignedReadPropertiesDoPrivileged() {
+ return AccessController.doPrivileged(new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return testUnsignedReadProperties();
+ }
+ });
+ }
+
+ public String testUnsignedReadPropertiesDoPrivilegedReflect() {
+ return AccessController.doPrivileged(new PrivilegedAction<String>() {
+ @Override
+ public String run() {
+ return testUnsignedReadPropertiesReflect();
+ }
+ });
+ }
More information about the distro-pkg-dev
mailing list