/hg/icedtea-web: Trusted-only manifest attribute implementation
aazores at icedtea.classpath.org
aazores at icedtea.classpath.org
Thu Mar 20 19:45:39 UTC 2014
changeset 022f56ff692f in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=022f56ff692f
author: Andrew Azores <aazores at redhat.com>
date: Thu Mar 20 15:45:13 2014 -0400
Trusted-only manifest attribute implementation
Trusted-only manifest attribute implementation
* netx/net/sourceforge/jnlp/resources/Messages.properties:
(STrustedOnlyAttributeFailure) new message
* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: added
ManifestsAttributesValidator#checkTrustedOnlyAttribute() to constructor
* netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java:
(checkTrustedOnlyAttribute) new method
* tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-nosecurity.jnlp:
new tests for Trusted-only attribute
* tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-security.jnlp
* tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed.html
* tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-nosecurity.jnlp
* tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-security.jnlp
* tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned.html
* tests/reproducers/custom/TrustedOnlyAttribute/srcs/MANIFEST.MF
* tests/reproducers/custom/TrustedOnlyAttribute/srcs/Makefile
* tests/reproducers/custom/TrustedOnlyAttribute/srcs/TrustedOnlyAttribute.java
* tests/reproducers/custom/TrustedOnlyAttribute/testcases/TrustedOnlyAttributeTest.java
diffstat:
ChangeLog | 21 ++
netx/net/sourceforge/jnlp/resources/Messages.properties | 1 +
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 1 +
netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java | 46 ++++-
tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-nosecurity.jnlp | 58 +++++
tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-security.jnlp | 61 +++++
tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed.html | 49 ++++
tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-nosecurity.jnlp | 58 +++++
tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-security.jnlp | 61 +++++
tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned.html | 49 ++++
tests/reproducers/custom/TrustedOnlyAttribute/srcs/MANIFEST.MF | 1 +
tests/reproducers/custom/TrustedOnlyAttribute/srcs/Makefile | 29 ++
tests/reproducers/custom/TrustedOnlyAttribute/srcs/TrustedOnlyAttribute.java | 50 ++++
tests/reproducers/custom/TrustedOnlyAttribute/testcases/TrustedOnlyAttributeTest.java | 102 ++++++++++
14 files changed, 585 insertions(+), 2 deletions(-)
diffs (truncated from 664 to 500 lines):
diff -r fb2309dfa598 -r 022f56ff692f ChangeLog
--- a/ChangeLog Thu Mar 20 15:23:33 2014 -0400
+++ b/ChangeLog Thu Mar 20 15:45:13 2014 -0400
@@ -1,3 +1,24 @@
+2014-03-20 Andrew Azores <aazores at redhat.com>
+
+ Trusted-only manifest attribute implementation
+ * netx/net/sourceforge/jnlp/resources/Messages.properties:
+ (STrustedOnlyAttributeFailure) new message
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: added
+ ManifestsAttributesValidator#checkTrustedOnlyAttribute() to constructor
+ * netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java:
+ (checkTrustedOnlyAttribute) new method
+ * tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-nosecurity.jnlp:
+ new tests for Trusted-only attribute
+ * tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-security.jnlp
+ * tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed.html
+ * tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-nosecurity.jnlp
+ * tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-security.jnlp
+ * tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned.html
+ * tests/reproducers/custom/TrustedOnlyAttribute/srcs/MANIFEST.MF
+ * tests/reproducers/custom/TrustedOnlyAttribute/srcs/Makefile
+ * tests/reproducers/custom/TrustedOnlyAttribute/srcs/TrustedOnlyAttribute.java
+ * tests/reproducers/custom/TrustedOnlyAttribute/testcases/TrustedOnlyAttributeTest.java
+
2014-03-20 Andrew Azores <aazores at redhat.com>
Passing a reference to SecurityDelegate to CertWarningPane, so that UI
diff -r fb2309dfa598 -r 022f56ff692f netx/net/sourceforge/jnlp/resources/Messages.properties
--- a/netx/net/sourceforge/jnlp/resources/Messages.properties Thu Mar 20 15:23:33 2014 -0400
+++ b/netx/net/sourceforge/jnlp/resources/Messages.properties Thu Mar 20 15:45:13 2014 -0400
@@ -299,6 +299,7 @@
SAuthenticationPrompt=The {0} server at {1} is requesting authentication. It says "{2}"
SJNLPFileIsNotSigned=This application contains a digital signature in which the launching JNLP file is not signed.
SAppletTitle=Applet title: {0}
+STrustedOnlyAttributeFailure=This application specifies Trusted-only as True in its Manifest. {0} and requests permission level: {1}. This is not allowed.
# Security - used for the More Information dialog
SBadKeyUsage=Resources contain entries whose signer certificate's KeyUsage extension doesn't allow code signing.
diff -r fb2309dfa598 -r 022f56ff692f netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Thu Mar 20 15:23:33 2014 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Thu Mar 20 15:45:13 2014 -0400
@@ -285,6 +285,7 @@
setSecurity();
ManifestsAttributesValidator mav = new ManifestsAttributesValidator(security, file, signing);
+ mav.checkTrustedOnlyAttribute();
mav.checkCodebaseAttribute();
mav.checkPermissionsAttribute();
mav.checkApplicationLibraryAllowableCodebaseAttribute();
diff -r fb2309dfa598 -r 022f56ff692f netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java
--- a/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java Thu Mar 20 15:23:33 2014 -0400
+++ b/netx/net/sourceforge/jnlp/runtime/ManifestsAttributesValidator.java Thu Mar 20 15:45:13 2014 -0400
@@ -66,8 +66,50 @@
this.file = file;
this.signing = signing;
}
-
-
+
+ /**
+ * http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/manifest.html#trusted_only
+ */
+ void checkTrustedOnlyAttribute() throws LaunchException {
+ final ManifestBoolean trustedOnly = file.getManifestsAttributes().isTrustedOnly();
+ if (trustedOnly == ManifestBoolean.UNDEFINED) {
+ OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, "Trusted Only manifest attribute not found. Continuing.");
+ return;
+ }
+
+ if (trustedOnly == ManifestBoolean.FALSE) {
+ OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG, "Trusted Only manifest attribute is false. Continuing.");
+ return;
+ }
+
+ final Object desc = security.getSecurityType();
+
+ final String securityType;
+ if (desc == null) {
+ securityType = "Not Specified";
+ } else if (desc.equals(SecurityDesc.ALL_PERMISSIONS)) {
+ securityType = "All-Permission";
+ } else if (desc.equals(SecurityDesc.SANDBOX_PERMISSIONS)) {
+ securityType = "Sandbox";
+ } else if (desc.equals(SecurityDesc.J2EE_PERMISSIONS)) {
+ securityType = "J2EE";
+ } else {
+ securityType = "Unknown";
+ }
+
+ final boolean isFullySigned = signing == SigningState.FULL;
+ final String signedMsg;
+ if (isFullySigned) {
+ signedMsg = "The applet is fully signed";
+ } else {
+ signedMsg = "The applet is not fully signed";
+ }
+ OutputController.getLogger().log(OutputController.Level.MESSAGE_DEBUG,
+ "Trusted Only manifest attribute is \"true\". " + signedMsg + " and requests permission level: " + securityType);
+ if (!(isFullySigned && SecurityDesc.ALL_PERMISSIONS.equals(desc))) {
+ throw new LaunchException(Translator.R("STrustedOnlyAttributeFailure", signedMsg, securityType));
+ }
+ }
/**
* http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/manifest.html#codebase
diff -r fb2309dfa598 -r 022f56ff692f tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-nosecurity.jnlp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-nosecurity.jnlp Thu Mar 20 15:45:13 2014 -0400
@@ -0,0 +1,58 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="TrustedOnlyAttribute-signed-nosecurity.jnlp" codebase=".">
+ <information>
+ <title>TrustedOnlyAttribute</title>
+ <vendor>IcedTea</vendor>
+ <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+ <description>Trusted-only Manifest Attribute Test</description>
+ <offline/>
+ </information>
+ <resources>
+ <j2se version="1.4+"/>
+ <jar href="TrustedOnlyAttributeSigned.jar"/>
+ </resources>
+ <applet-desc
+ name="TrustedOnlyAttribute"
+ main-class="TrustedOnlyAttribute"
+ width="640"
+ height="480">
+ </applet-desc>
+</jnlp>
diff -r fb2309dfa598 -r 022f56ff692f tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-security.jnlp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed-security.jnlp Thu Mar 20 15:45:13 2014 -0400
@@ -0,0 +1,61 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="TrustedOnlyAttribute-signed-security.jnlp" codebase=".">
+ <information>
+ <title>TrustedOnlyAttribute</title>
+ <vendor>IcedTea</vendor>
+ <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+ <description>Trusted-only Manifest Attribute Test</description>
+ <offline/>
+ </information>
+ <resources>
+ <j2se version="1.4+"/>
+ <jar href="TrustedOnlyAttributeSigned.jar"/>
+ </resources>
+ <applet-desc
+ name="TrustedOnlyAttribute"
+ main-class="TrustedOnlyAttribute"
+ width="640"
+ height="480">
+ </applet-desc>
+ <security>
+ <all-permissions/>
+ </security>
+</jnlp>
diff -r fb2309dfa598 -r 022f56ff692f tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed.html
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-signed.html Thu Mar 20 15:45:13 2014 -0400
@@ -0,0 +1,49 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+
+<html>
+ <head></head>
+ <body>
+ <applet code="TrustedOnlyAttribute.class"
+ archive="TrustedOnlyAttributeSigned.jar"
+ codebase="."
+ width="800"
+ height="600">
+ </applet>
+ </body>
+</html>
diff -r fb2309dfa598 -r 022f56ff692f tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-nosecurity.jnlp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-nosecurity.jnlp Thu Mar 20 15:45:13 2014 -0400
@@ -0,0 +1,58 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="TrustedOnlyAttribute-unsigned-nosecurity.jnlp" codebase=".">
+ <information>
+ <title>TrustedOnlyAttribute</title>
+ <vendor>IcedTea</vendor>
+ <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+ <description>Trusted-only Manifest Attribute Test</description>
+ <offline/>
+ </information>
+ <resources>
+ <j2se version="1.4+"/>
+ <jar href="TrustedOnlyAttributeSigned.jar"/>
+ </resources>
+ <applet-desc
+ name="TrustedOnlyAttribute"
+ main-class="TrustedOnlyAttribute"
+ width="640"
+ height="480">
+ </applet-desc>
+</jnlp>
diff -r fb2309dfa598 -r 022f56ff692f tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-security.jnlp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned-security.jnlp Thu Mar 20 15:45:13 2014 -0400
@@ -0,0 +1,61 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="TrustedOnlyAttribute-unsigned-security.jnlp" codebase=".">
+ <information>
+ <title>TrustedOnlyAttribute</title>
+ <vendor>IcedTea</vendor>
+ <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+ <description>Trusted-only Manifest Attribute Test</description>
+ <offline/>
+ </information>
+ <resources>
+ <j2se version="1.4+"/>
+ <jar href="TrustedOnlyAttributeUnsigned.jar"/>
+ </resources>
+ <applet-desc
+ name="TrustedOnlyAttribute"
+ main-class="TrustedOnlyAttribute"
+ width="640"
+ height="480">
+ </applet-desc>
+ <security>
+ <all-permissions/>
+ </security>
+</jnlp>
diff -r fb2309dfa598 -r 022f56ff692f tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned.html
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/TrustedOnlyAttribute/resources/TrustedOnlyAttribute-unsigned.html Thu Mar 20 15:45:13 2014 -0400
@@ -0,0 +1,49 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+
+<html>
+ <head></head>
+ <body>
+ <applet code="TrustedOnlyAttribute.class"
+ archive="TrustedOnlyAttributeUnsigned.jar"
+ codebase="."
+ width="800"
+ height="600">
+ </applet>
+ </body>
+</html>
diff -r fb2309dfa598 -r 022f56ff692f tests/reproducers/custom/TrustedOnlyAttribute/srcs/MANIFEST.MF
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/TrustedOnlyAttribute/srcs/MANIFEST.MF Thu Mar 20 15:45:13 2014 -0400
@@ -0,0 +1,1 @@
+Trusted-only: true
diff -r fb2309dfa598 -r 022f56ff692f tests/reproducers/custom/TrustedOnlyAttribute/srcs/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/reproducers/custom/TrustedOnlyAttribute/srcs/Makefile Thu Mar 20 15:45:13 2014 -0400
@@ -0,0 +1,29 @@
+TESTNAME=TrustedOnlyAttribute
+
+JARSIGNER=$(BOOT_DIR)/bin/jarsigner
+JAVAC=$(BOOT_DIR)/bin/javac
+JAR=$(BOOT_DIR)/bin/jar
+
+TMPDIR:=$(shell mktemp -d)
+
+prepare-reproducer:
+ echo PREPARING REPRODUCER $(TESTNAME) in $(TMPDIR)
+
+ cp MANIFEST.MF $(TMPDIR) ; \
+ $(JAVAC) -d $(TMPDIR) $(TESTNAME).java ; \
+
+ cd $(TMPDIR) ; \
+ $(JAR) cvfm $(TESTNAME)Signed.jar MANIFEST.MF $(TESTNAME).class ; \
+ $(JAR) cvfm $(TESTNAME)Unsigned.jar MANIFEST.MF $(TESTNAME).class ; \
+ $(BOOT_DIR)/bin/jarsigner -keystore $(TOP_BUILD_DIR)/$(PRIVATE_KEYSTORE_NAME) -storepass $(PRIVATE_KEYSTORE_PASS) \
+ -keypass $(PRIVATE_KEYSTORE_PASS) "$(TMPDIR)/$(TESTNAME)Signed.jar" $(TEST_CERT_ALIAS)_signed ; \
+
+ cd $(TMPDIR); \
+ mv $(TESTNAME)Signed.jar $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR) ; \
+ mv $(TESTNAME)Unsigned.jar $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR) ; \
+
+ echo PREPARED REPRODUCER $(TESTNAME), removing $(TMPDIR)
More information about the distro-pkg-dev
mailing list