/hg/icedtea-web: Security dialogs got, moreover, unified dealing...
jvanek at icedtea.classpath.org
jvanek at icedtea.classpath.org
Thu Jun 11 09:44:29 UTC 2015
changeset 6565b10a1557 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=6565b10a1557
author: Jiri Vanek <jvanek at redhat.com>
date: Thu Jun 11 11:44:11 2015 +0200
Security dialogs got, moreover, unified dealing with trustNone/All and headless
diffstat:
ChangeLog | 15 +
netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java | 4 +-
netx/net/sourceforge/jnlp/security/SecurityDialogs.java | 54 +-
netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java | 8 +-
tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java | 520 ++++++++++
5 files changed, 586 insertions(+), 15 deletions(-)
diffs (truncated from 721 to 500 lines):
diff -r eb4e63805894 -r 6565b10a1557 ChangeLog
--- a/ChangeLog Wed Jun 10 08:16:54 2015 +0200
+++ b/ChangeLog Thu Jun 11 11:44:11 2015 +0200
@@ -1,3 +1,18 @@
+2015-06-10 Jiri Vanek <jvanek at redhat.com>
+
+ Security dialogs got, moreover, unified dealing with trustNone/All and headless
+ * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java: setTrustAll setTrustNone
+ made public so it can be used in testing.
+ * netx/net/sourceforge/jnlp/security/SecurityDialogs.java: all calls to show
+ security dialog now have correct introduction based on shouldPromptUser with
+ resolution based on trustAll. (shouldPromptUser) now takes also headless to
+ accounting.
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java:
+ (checkUnsignedWithUserIfRequired) now react trustAll and trustNone
+ (checkPartiallySignedWithUserIfRequired) now react also trustAll
+ * tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java: new
+ file, tests verifying adapted logic
+
2015-06-10 Jiri Vanek <jvanek at redhat.com>
* tests/netx/unit/net/sourceforge/jnlp/security/dialogresults/YesTest.java:
diff -r eb4e63805894 -r 6565b10a1557 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Wed Jun 10 08:16:54 2015 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Thu Jun 11 11:44:11 2015 +0200
@@ -841,7 +841,7 @@
return html;
}
- static void setTrustAll(boolean b) {
+ public static void setTrustAll(boolean b) {
trustAll=b;
}
@@ -849,7 +849,7 @@
return trustAll;
}
- static void setTrustNone(final boolean b) {
+ public static void setTrustNone(final boolean b) {
trustNone = b;
}
diff -r eb4e63805894 -r 6565b10a1557 netx/net/sourceforge/jnlp/security/SecurityDialogs.java
--- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Wed Jun 10 08:16:54 2015 +0200
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Thu Jun 11 11:44:11 2015 +0200
@@ -125,7 +125,11 @@
final JNLPFile file, final Object[] extras) {
if (!shouldPromptUser()) {
- return new AccessWarningPaneComplexReturn(false);
+ if (JNLPRuntime.isTrustAll()) {
+ return new AccessWarningPaneComplexReturn(true);
+ } else {
+ return new AccessWarningPaneComplexReturn(false);
+ }
}
final SecurityDialogMessage message = new SecurityDialogMessage();
@@ -184,7 +188,11 @@
JNLPFile file, CertVerifier certVerifier, SecurityDelegate securityDelegate) {
if (!shouldPromptUser()) {
- return YesNoSandbox.no();
+ if (JNLPRuntime.isTrustAll()) {
+ return YesNoSandbox.yes();
+ } else {
+ return YesNoSandbox.no();
+ }
}
final SecurityDialogMessage message = new SecurityDialogMessage();
@@ -211,7 +219,11 @@
SecurityDelegate securityDelegate) {
if (!shouldPromptUser()) {
- return new AppSigningWarningAction(ExecuteAppletAction.NO, false);
+ if (JNLPRuntime.isTrustAll()) {
+ return new AppSigningWarningAction(ExecuteAppletAction.YES, false);
+ } else {
+ return new AppSigningWarningAction(ExecuteAppletAction.NO, false);
+ }
}
final SecurityDialogMessage message = new SecurityDialogMessage();
@@ -238,6 +250,10 @@
*/
public static NamePassword showAuthenicationPrompt(String host, int port, String prompt, String type) {
+ if (!shouldPromptUser()){
+ return null;
+ }
+
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
NetPermission requestPermission
@@ -256,9 +272,13 @@
public static boolean showMissingALACAttributePanel(String title, URL codeBase, Set<URL> remoteUrls) {
- if (!shouldPromptUser()) {
- return false;
- }
+ if (!shouldPromptUser()) {
+ if (JNLPRuntime.isTrustAll()) {
+ return true;
+ } else {
+ return false;
+ }
+ }
SecurityDialogMessage message = new SecurityDialogMessage();
message.dialogType = DialogType.MISSING_ALACA;
@@ -274,7 +294,7 @@
}
public static boolean showMatchingALACAttributePanel(JNLPFile file, URL codeBase, Set<URL> remoteUrls) {
-
+
ExecuteAppletAction storedAction = getStoredAction(file, AppletSecurityActions.MATCHING_ALACA_ACTION);
OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Stored action for matching alaca at " + file.getCodeBase() +" was " + storedAction);
@@ -288,8 +308,12 @@
}
- if (!shouldPromptUser()) {
- return false;
+ if (!shouldPromptUser()) {
+ if (JNLPRuntime.isTrustAll()) {
+ return true;
+ } else {
+ return false;
+ }
}
SecurityDialogMessage message = new SecurityDialogMessage();
@@ -311,7 +335,11 @@
public static boolean showMissingPermissionsAttributeDialogue(String title, URL codeBase) {
if (!shouldPromptUser()) {
- return false;
+ if (JNLPRuntime.isTrustAll()) {
+ return true;
+ } else {
+ return false;
+ }
}
SecurityDialogMessage message = new SecurityDialogMessage();
@@ -403,12 +431,16 @@
* Returns whether the current runtime configuration allows prompting user
* for security warnings.
*
- * @return true if security warnings should be shown to the user.
+ * @return true if security warnings should be shown to the user. false of
+ * otherwise or runtime is headless
*/
private static boolean shouldPromptUser() {
return AccessController.doPrivileged(new PrivilegedAction<Boolean >() {
@Override
public Boolean run() {
+ if (JNLPRuntime.isHeadless()){
+ return false;
+ }
return Boolean.valueOf(JNLPRuntime.getConfiguration()
.getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER));
}
diff -r eb4e63805894 -r 6565b10a1557 netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java
--- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java Wed Jun 10 08:16:54 2015 +0200
+++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java Thu Jun 11 11:44:11 2015 +0200
@@ -186,12 +186,12 @@
public static void checkUnsignedWithUserIfRequired(JNLPFile file) throws LaunchException {
- if (unsignedAppletsAreForbidden()) {
+ if (unsignedAppletsAreForbidden() || JNLPRuntime.isTrustNone()) {
OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Not running unsigned applet at " + file.getCodeBase() +" because unsigned applets are disallowed by security policy.");
throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedApplet"), R("LUnsignedAppletPolicyDenied"));
}
- if (!unsignedConfirmationIsRequired()) {
+ if (!unsignedConfirmationIsRequired() || JNLPRuntime.isTrustAll()) {
OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running unsigned applet at " + file.getCodeBase() +" does not require confirmation according to security policy.");
return;
}
@@ -233,6 +233,10 @@
securityDelegate.setRunInSandbox();
return;
}
+ if (JNLPRuntime.isTrustAll()) {
+ OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running partially signed applet at " + file.getCodeBase() + " due to -Xtrustall flag");
+ return;
+ }
if (!unsignedConfirmationIsRequired()) {
OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running partially signed applet at " + file.getCodeBase() + " does not require confirmation according to security policy.");
diff -r eb4e63805894 -r 6565b10a1557 tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java Thu Jun 11 11:44:11 2015 +0200
@@ -0,0 +1,520 @@
+/*
+ Copyright (C) 2010 Red Hat, Inc.
+
+ This file is part of IcedTea.
+
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
+
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with IcedTea; see the file COPYING. If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library. Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module. An independent module is a module which is not derived from
+ or based on this library. If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so. If you do not wish to do so, delete this
+ exception statement from your version.
+ */
+package net.sourceforge.jnlp.security;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.HashSet;
+import net.sourceforge.jnlp.InformationDesc;
+import net.sourceforge.jnlp.LaunchException;
+import net.sourceforge.jnlp.browsertesting.browsers.firefox.FirefoxProfilesOperator;
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
+import net.sourceforge.jnlp.config.PathsAndFiles;
+import net.sourceforge.jnlp.mock.DummyJNLPFileWithJar;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
+import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
+import net.sourceforge.jnlp.security.appletextendedsecurity.AppletStartupSecuritySettings;
+import net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteAppletAction;
+import net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletTrustConfirmation;
+import net.sourceforge.jnlp.security.dialogresults.AccessWarningPaneComplexReturn;
+import net.sourceforge.jnlp.security.dialogresults.BasicDialogValue;
+import net.sourceforge.jnlp.security.dialogresults.NamePassword;
+import net.sourceforge.jnlp.security.dialogresults.YesNoSandbox;
+import net.sourceforge.jnlp.security.dialogs.remember.AppSigningWarningAction;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class SecurityDialogsTest {
+
+ private static boolean wasHeadless;
+ private static boolean wasTrustAll;
+ private static boolean wasTrustNone;
+ private static String prompt;
+ private static URL url;
+ private static File appletSecurityBackup;
+ private static String seclevel;
+
+ private static class DummyJnlpWithTitleAndUrls extends DummyJNLPFileWithJar {
+
+ public DummyJnlpWithTitleAndUrls() throws MalformedURLException {
+ super(new File("/some/path/blah.jar"));
+ }
+
+ @Override
+ public InformationDesc getInformation() {
+ return new InformationDesc(null, false) {
+
+ @Override
+ public String getTitle() {
+ return "Demo App";
+ }
+
+ };
+ }
+
+ @Override
+ public URL getCodeBase() {
+ return url;
+ }
+
+ @Override
+ public URL getSourceLocation() {
+ return url;
+ }
+
+ };
+
+ private static class ExpectedResults {
+
+ public static ExpectedResults PositiveResults = new ExpectedResults(BasicDialogValue.Primitive.YES, ExecuteAppletAction.YES, null, true);
+ public static ExpectedResults NegativeResults = new ExpectedResults(BasicDialogValue.Primitive.NO, ExecuteAppletAction.NO, null, false);
+ public final BasicDialogValue.Primitive p;
+ public final ExecuteAppletAction ea;
+ public final NamePassword np;
+ public final boolean b;
+
+ public ExpectedResults(BasicDialogValue.Primitive p, ExecuteAppletAction ea, NamePassword np, boolean b) {
+ this.p = p;
+ this.ea = ea;
+ this.np = np;
+ this.b = b;
+ }
+
+ }
+
+ @BeforeClass
+ public static void initUrl() throws MalformedURLException {
+ url = new URL("http://must.not.be.in/.appletSecurity");
+ }
+
+ @BeforeClass
+ public static void backupAppletSecurity() throws IOException {
+ appletSecurityBackup = File.createTempFile("appletSecurity", "itwTestBAckup");
+ FirefoxProfilesOperator.copyFile(PathsAndFiles.APPLET_TRUST_SETTINGS_USER.getFile(), appletSecurityBackup);
+ }
+
+ @Before
+ public void removeAppletSecurity() throws IOException {
+ removeAppletSecurityImpl();
+ }
+
+ public static void removeAppletSecurityImpl() throws IOException {
+ if (appletSecurityBackup.exists()) {
+ PathsAndFiles.APPLET_TRUST_SETTINGS_USER.getFile().delete();
+ }
+ }
+
+ @AfterClass
+ public static void restoreAppletSecurity() throws IOException {
+ if (appletSecurityBackup.exists()) {
+ removeAppletSecurityImpl();
+ FirefoxProfilesOperator.copyFile(appletSecurityBackup, PathsAndFiles.APPLET_TRUST_SETTINGS_USER.getFile());
+ appletSecurityBackup.delete();
+ }
+ }
+
+ @BeforeClass
+ public static void saveJnlpRuntime() {
+ wasHeadless = JNLPRuntime.isHeadless();
+ wasTrustAll = JNLPRuntime.isTrustAll();
+ //trutNone is not used in dialogues, its considered as default
+ //but is ussed in Unsigned... dialogs family
+ wasTrustNone = JNLPRuntime.isTrustNone();
+ prompt = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER);
+ seclevel = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL);
+ }
+
+ @After
+ public void restoreJnlpRuntime() throws Exception {
+ restoreJnlpRuntimeFinally();
+ }
+
+ private static void setPrompt(String p) {
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER, p);
+ }
+
+ private static void setPrompt(boolean p) {
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER, String.valueOf(p));
+ }
+
+ private static void setAS(AppletSecurityLevel as) {
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL, String.valueOf(as.toChars()));
+ }
+
+ @AfterClass
+ public static void restoreJnlpRuntimeFinally() throws Exception {
+ JNLPRuntime.setHeadless(wasHeadless);
+ JNLPRuntime.setTrustAll(wasTrustAll);
+ JNLPRuntime.setTrustNone(wasTrustNone);
+ setPrompt(prompt);
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL, seclevel);
+ }
+
+ @Test(timeout = 1000)//if gui pops up
+ public void testDialogsHeadlessTrustAllPrompt() throws Exception {
+ JNLPRuntime.setHeadless(true);
+ JNLPRuntime.setTrustAll(true);
+ JNLPRuntime.setTrustNone(false); //ignored
+ setPrompt(true); //should not metter becasue is headless
+ setAS(AppletSecurityLevel.ALLOW_UNSIGNED);
+ testAllDialogs(ExpectedResults.PositiveResults);
+ checkUnsignedActing(true);
+ setAS(AppletSecurityLevel.ASK_UNSIGNED);
+ checkUnsignedActing(true);
+ setAS(AppletSecurityLevel.DENY_ALL);
+ checkUnsignedActing(false, true);
+ setAS(AppletSecurityLevel.DENY_UNSIGNED);
+ checkUnsignedActing(false, true);
+ }
+
+ @Test(timeout = 1000)//if gui pops up
+ public void testDialogsHeadlessTrustNonePrompt() throws Exception {
+ JNLPRuntime.setHeadless(true);
+ JNLPRuntime.setTrustAll(false);
+ JNLPRuntime.setTrustNone(false); //used by Unsigne
+ setPrompt(true); //should not metter becasue is headless
+ setAS(AppletSecurityLevel.ALLOW_UNSIGNED);
+ testAllDialogs(ExpectedResults.NegativeResults);
+ checkUnsignedActing(true);
+ setAS(AppletSecurityLevel.ASK_UNSIGNED);
+ checkUnsignedActing(false);
+ setAS(AppletSecurityLevel.DENY_ALL);
+ checkUnsignedActing(false);
+ setAS(AppletSecurityLevel.DENY_UNSIGNED);
+ checkUnsignedActing(false);
+ }
+
+ @Test(timeout = 1000)//if gui pops up
+ public void testDialogsNotHeadlessTrustAllDontPrompt() throws Exception {
+ JNLPRuntime.setHeadless(false); //should not metter as is nto asking
+ JNLPRuntime.setTrustAll(true);
+ JNLPRuntime.setTrustNone(false); //ignored
+ setPrompt(false);
+ setAS(AppletSecurityLevel.ALLOW_UNSIGNED);
+ testAllDialogs(ExpectedResults.PositiveResults);
+ checkUnsignedActing(true);
+ setAS(AppletSecurityLevel.ASK_UNSIGNED);
+ checkUnsignedActing(true);
+ setAS(AppletSecurityLevel.DENY_ALL);
+ checkUnsignedActing(false, true);
+ setAS(AppletSecurityLevel.DENY_UNSIGNED);
+ checkUnsignedActing(false, true);
+ }
+
+ @Test(timeout = 1000)//if gui pops up
+ public void testDialogsNotHeadlessTrustNoneDontPrompt() throws Exception {
+ JNLPRuntime.setHeadless(false); //should not metter as is nto asking
+ JNLPRuntime.setTrustAll(false);
+ JNLPRuntime.setTrustNone(false); //ignored
+ setPrompt(false);
+ setAS(AppletSecurityLevel.ALLOW_UNSIGNED);
+ testAllDialogs(ExpectedResults.NegativeResults);
+ checkUnsignedActing(true);
+ setAS(AppletSecurityLevel.ASK_UNSIGNED);
+ checkUnsignedActing(false);
+ setAS(AppletSecurityLevel.DENY_ALL);
+ checkUnsignedActing(false);
+ setAS(AppletSecurityLevel.DENY_UNSIGNED);
+ checkUnsignedActing(false);
+ }
+
+ private void testAllDialogs(ExpectedResults r) throws MalformedURLException {
+ //anything but shoertcut
+ AccessWarningPaneComplexReturn r1 = SecurityDialogs.showAccessWarningDialog(SecurityDialogs.AccessType.PRINTER, null, null);
+ Assert.assertEquals(r.p, r1.getRegularReturn().getValue());
+ //shortcut
+ AccessWarningPaneComplexReturn r2 = SecurityDialogs.showAccessWarningDialog(SecurityDialogs.AccessType.CREATE_DESTKOP_SHORTCUT, null, null);
+ Assert.assertEquals(r.p, r2.getRegularReturn().getValue());
+ AppSigningWarningAction r3 = SecurityDialogs.showUnsignedWarningDialog(null);
+ Assert.assertEquals(r.ea, r3.getAction());
+ YesNoSandbox r4 = SecurityDialogs.showCertWarningDialog(SecurityDialogs.AccessType.UNVERIFIED, null, null, null);
+ Assert.assertEquals(r.p, r4.getValue());
+ AppSigningWarningAction r5 = SecurityDialogs.showPartiallySignedWarningDialog(null, null, null);
+ Assert.assertEquals(r.ea, r5.getAction());
+ NamePassword r6 = SecurityDialogs.showAuthenicationPrompt(null, 123456, null, null);
+ Assert.assertEquals(r.np, r6);
+ boolean r7 = SecurityDialogs.showMissingALACAttributePanel(null, null, null);
+ Assert.assertEquals(r.b, r7);
+ boolean r8 = SecurityDialogs.showMatchingALACAttributePanel(new DummyJnlpWithTitleAndUrls(), url, new HashSet<URL>());
+ Assert.assertEquals(r.b, r8);
+ boolean r9 = SecurityDialogs.showMissingPermissionsAttributeDialogue(null, null);
+ Assert.assertEquals(r.b, r9);
+ }
+
+ private void checkUnsignedActing(boolean b) throws MalformedURLException {
+ checkUnsignedActing(b, b);
+ }
+
+ /*
+ * testPartiallySignedBehaviour(); needs security delegate to set sandbox, so somtetimes results are strange
+ */
+ private void checkUnsignedActing(boolean b1, boolean b2) throws MalformedURLException {
+ boolean r10 = testUnsignedBehaviour();
+ Assert.assertEquals(b1, r10);
+ boolean r11 = testPartiallySignedBehaviour();
+ Assert.assertEquals(b2, r11);
+ }
+
+ private boolean testUnsignedBehaviour() throws MalformedURLException {
+ try {
More information about the distro-pkg-dev
mailing list