/hg/release/icedtea-web-1.6: Security dialogs got, moreover, uni...
jvanek at icedtea.classpath.org
jvanek at icedtea.classpath.org
Thu Jun 11 10:30:35 UTC 2015
changeset 1277621dfd03 in /hg/release/icedtea-web-1.6
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.6?cmd=changeset;node=1277621dfd03
author: Jiri Vanek <jvanek at redhat.com>
date: Thu Jun 11 12:30:23 2015 +0200
Security dialogs got, moreover, unified dealing with trustNone/All and headless
diffstat:
ChangeLog | 15 +
netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java | 4 +-
netx/net/sourceforge/jnlp/security/SecurityDialogs.java | 62 +-
netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java | 8 +-
tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java | 478 +++++++++-
5 files changed, 548 insertions(+), 19 deletions(-)
diffs (truncated from 717 to 500 lines):
diff -r 7b9e3303f691 -r 1277621dfd03 ChangeLog
--- a/ChangeLog Tue Jun 09 17:52:42 2015 +0200
+++ b/ChangeLog Thu Jun 11 12:30:23 2015 +0200
@@ -1,3 +1,18 @@
+2015-06-10 Jiri Vanek <jvanek at redhat.com>
+
+ Security dialogs got, moreover, unified dealing with trustNone/All and headless
+ * netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java: setTrustAll setTrustNone
+ made public so it can be used in testing.
+ * netx/net/sourceforge/jnlp/security/SecurityDialogs.java: all calls to show
+ security dialog now have correct introduction based on shouldPromptUser with
+ resolution based on trustAll. (shouldPromptUser) now takes also headless to
+ accounting.
+ * netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java:
+ (checkUnsignedWithUserIfRequired) now react trustAll and trustNone
+ (checkPartiallySignedWithUserIfRequired) now react also trustAll
+ * tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java: added
+ tests verifying adapted logic
+
2015-06-09 Jiri Vanek <jvanek at redhat.com>
Fixed issue, when desktop/menu shortcut created during -html mode, was not created like it
diff -r 7b9e3303f691 -r 1277621dfd03 netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Tue Jun 09 17:52:42 2015 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPRuntime.java Thu Jun 11 12:30:23 2015 +0200
@@ -841,7 +841,7 @@
return html;
}
- static void setTrustAll(boolean b) {
+ public static void setTrustAll(boolean b) {
trustAll=b;
}
@@ -849,7 +849,7 @@
return trustAll;
}
- static void setTrustNone(final boolean b) {
+ public static void setTrustNone(final boolean b) {
trustNone = b;
}
diff -r 7b9e3303f691 -r 1277621dfd03 netx/net/sourceforge/jnlp/security/SecurityDialogs.java
--- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Tue Jun 09 17:52:42 2015 +0200
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Thu Jun 11 12:30:23 2015 +0200
@@ -145,7 +145,7 @@
return (Boolean) o;
}
if (o instanceof Integer){
- return getIntegerResponseAsBoolean((Boolean)o);
+ return getIntegerResponseAsBoolean(o);
}
if (o instanceof AccessWarningPaneComplexReturn){
return getIntegerResponseAsBoolean(((AccessWarningPaneComplexReturn)o).getRegularReturn());
@@ -209,7 +209,11 @@
final JNLPFile file, final Object[] extras) {
if (!shouldPromptUser()) {
- return 1;
+ if (JNLPRuntime.isTrustAll()) {
+ return 0;
+ } else {
+ return 1;
+ }
}
final SecurityDialogMessage message = new SecurityDialogMessage();
@@ -234,7 +238,11 @@
public static AppSigningWarningAction showUnsignedWarningDialog(JNLPFile file) {
if (!shouldPromptUser()) {
- return new AppSigningWarningAction(ExecuteAppletAction.NO, false);
+ if (JNLPRuntime.isTrustAll()) {
+ return new AppSigningWarningAction(ExecuteAppletAction.YES, false);
+ } else {
+ return new AppSigningWarningAction(ExecuteAppletAction.NO, false);
+ }
}
final SecurityDialogMessage message = new SecurityDialogMessage();
@@ -264,7 +272,11 @@
JNLPFile file, CertVerifier certVerifier, SecurityDelegate securityDelegate) {
if (!shouldPromptUser()) {
- return AppletAction.CANCEL;
+ if (JNLPRuntime.isTrustAll()) {
+ return AppletAction.RUN;
+ } else {
+ return AppletAction.CANCEL;
+ }
}
final SecurityDialogMessage message = new SecurityDialogMessage();
@@ -291,7 +303,11 @@
SecurityDelegate securityDelegate) {
if (!shouldPromptUser()) {
- return new AppSigningWarningAction(ExecuteAppletAction.NO, false);
+ if (JNLPRuntime.isTrustAll()) {
+ return new AppSigningWarningAction(ExecuteAppletAction.YES, false);
+ } else {
+ return new AppSigningWarningAction(ExecuteAppletAction.NO, false);
+ }
}
final SecurityDialogMessage message = new SecurityDialogMessage();
@@ -318,6 +334,10 @@
*/
public static Object[] showAuthenicationPrompt(String host, int port, String prompt, String type) {
+ if (!shouldPromptUser()){
+ return null;
+ }
+
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
NetPermission requestPermission
@@ -336,9 +356,13 @@
public static boolean showMissingALACAttributePanel(String title, URL codeBase, Set<URL> remoteUrls) {
- if (!shouldPromptUser()) {
- return false;
- }
+ if (!shouldPromptUser()) {
+ if (JNLPRuntime.isTrustAll()) {
+ return true;
+ } else {
+ return false;
+ }
+ }
SecurityDialogMessage message = new SecurityDialogMessage();
message.dialogType = DialogType.MISSING_ALACA;
@@ -354,7 +378,7 @@
}
public static boolean showMatchingALACAttributePanel(JNLPFile file, URL codeBase, Set<URL> remoteUrls) {
-
+
ExecuteAppletAction storedAction = getStoredAction(file, AppletSecurityActions.MATCHING_ALACA_ACTION);
OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Stored action for matching alaca at " + file.getCodeBase() +" was " + storedAction);
@@ -368,8 +392,12 @@
}
- if (!shouldPromptUser()) {
- return false;
+ if (!shouldPromptUser()) {
+ if (JNLPRuntime.isTrustAll()) {
+ return true;
+ } else {
+ return false;
+ }
}
SecurityDialogMessage message = new SecurityDialogMessage();
@@ -416,7 +444,11 @@
public static boolean showMissingPermissionsAttributeDialogue(String title, URL codeBase) {
if (!shouldPromptUser()) {
- return false;
+ if (JNLPRuntime.isTrustAll()) {
+ return true;
+ } else {
+ return false;
+ }
}
SecurityDialogMessage message = new SecurityDialogMessage();
@@ -531,12 +563,16 @@
* Returns whether the current runtime configuration allows prompting user
* for security warnings.
*
- * @return true if security warnings should be shown to the user.
+ * @return true if security warnings should be shown to the user. false of
+ * otherwise or runtime is headless
*/
private static boolean shouldPromptUser() {
return AccessController.doPrivileged(new PrivilegedAction<Boolean >() {
@Override
public Boolean run() {
+ if (JNLPRuntime.isHeadless()){
+ return false;
+ }
return Boolean.valueOf(JNLPRuntime.getConfiguration()
.getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER));
}
diff -r 7b9e3303f691 -r 1277621dfd03 netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java
--- a/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java Tue Jun 09 17:52:42 2015 +0200
+++ b/netx/net/sourceforge/jnlp/security/appletextendedsecurity/UnsignedAppletTrustConfirmation.java Thu Jun 11 12:30:23 2015 +0200
@@ -186,12 +186,12 @@
public static void checkUnsignedWithUserIfRequired(JNLPFile file) throws LaunchException {
- if (unsignedAppletsAreForbidden()) {
+ if (unsignedAppletsAreForbidden() || JNLPRuntime.isTrustNone()) {
OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Not running unsigned applet at " + file.getCodeBase() +" because unsigned applets are disallowed by security policy.");
throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LUnsignedApplet"), R("LUnsignedAppletPolicyDenied"));
}
- if (!unsignedConfirmationIsRequired()) {
+ if (!unsignedConfirmationIsRequired() || JNLPRuntime.isTrustAll()) {
OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running unsigned applet at " + file.getCodeBase() +" does not require confirmation according to security policy.");
return;
}
@@ -233,6 +233,10 @@
securityDelegate.setRunInSandbox();
return;
}
+ if (JNLPRuntime.isTrustAll()) {
+ OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running partially signed applet at " + file.getCodeBase() + " due to -Xtrustall flag");
+ return;
+ }
if (!unsignedConfirmationIsRequired()) {
OutputController.getLogger().log(OutputController.Level.ERROR_DEBUG, "Running partially signed applet at " + file.getCodeBase() + " does not require confirmation according to security policy.");
diff -r 7b9e3303f691 -r 1277621dfd03 tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java
--- a/tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java Tue Jun 09 17:52:42 2015 +0200
+++ b/tests/netx/unit/net/sourceforge/jnlp/security/SecurityDialogsTest.java Thu Jun 11 12:30:23 2015 +0200
@@ -36,13 +36,33 @@
package net.sourceforge.jnlp.security;
+import java.io.File;
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.HashSet;
+import net.sourceforge.jnlp.InformationDesc;
+import net.sourceforge.jnlp.LaunchException;
+import net.sourceforge.jnlp.browsertesting.browsers.firefox.FirefoxProfilesOperator;
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
+import net.sourceforge.jnlp.config.PathsAndFiles;
+import net.sourceforge.jnlp.mock.DummyJNLPFileWithJar;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
+import static net.sourceforge.jnlp.security.SecurityDialogs.AppletAction.*;
import static net.sourceforge.jnlp.security.SecurityDialogs.getIntegerResponseAsAppletAction;
import static net.sourceforge.jnlp.security.SecurityDialogs.getIntegerResponseAsBoolean;
+import net.sourceforge.jnlp.security.appletextendedsecurity.AppletSecurityLevel;
+import net.sourceforge.jnlp.security.appletextendedsecurity.ExecuteAppletAction;
+import net.sourceforge.jnlp.security.appletextendedsecurity.UnsignedAppletTrustConfirmation;
+import net.sourceforge.jnlp.security.dialogs.apptrustwarningpanel.AppTrustWarningPanel.AppSigningWarningAction;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Assert;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
-import static net.sourceforge.jnlp.security.SecurityDialogs.AppletAction.*;
-
+import org.junit.Before;
+import org.junit.BeforeClass;
import org.junit.Test;
public class SecurityDialogsTest {
@@ -100,4 +120,458 @@
assertEquals("Integer reference 2 should have resulted in CANCEL", getIntegerResponseAsAppletAction(intRef3), CANCEL);
assertEquals("Integer reference 3 should have resulted in CANCEL", getIntegerResponseAsAppletAction(intRef4), CANCEL);
}
+
+ private static boolean wasHeadless;
+ private static boolean wasTrustAll;
+ private static boolean wasTrustNone;
+ private static String prompt;
+ private static URL url;
+ private static File appletSecurityBackup;
+ private static String seclevel;
+
+ private static class DummyJnlpWithTitleAndUrls extends DummyJNLPFileWithJar {
+
+ public DummyJnlpWithTitleAndUrls() throws MalformedURLException {
+ super(new File("/some/path/blah.jar"));
+ }
+
+ @Override
+ public InformationDesc getInformation() {
+ return new InformationDesc(null, false) {
+
+ @Override
+ public String getTitle() {
+ return "Demo App";
+ }
+
+ };
+ }
+
+ @Override
+ public URL getCodeBase() {
+ return url;
+ }
+
+ @Override
+ public URL getSourceLocation() {
+ return url;
+ }
+
+ };
+
+ private static class ExpectedResults {
+
+ public static ExpectedResults PositiveResults = new ExpectedResults(true, RUN, ExecuteAppletAction.YES, null, true);
+ public static ExpectedResults NegativeResults = new ExpectedResults(false, CANCEL, ExecuteAppletAction.NO, null, false);
+ public final boolean p1;
+ public final SecurityDialogs.AppletAction p2;
+ public final ExecuteAppletAction ea;
+ public final Object[] np;
+ public final boolean b;
+
+ public ExpectedResults(boolean p1, SecurityDialogs.AppletAction p2, ExecuteAppletAction ea, Object[] np, boolean b) {
+ this.p1 = p1;
+ this.p2 = p2;
+ this.ea = ea;
+ this.np = np;
+ this.b = b;
+ }
+
+ }
+
+ @BeforeClass
+ public static void initUrl() throws MalformedURLException {
+ url = new URL("http://must.not.be.in/.appletSecurity");
+ }
+
+ @BeforeClass
+ public static void backupAppletSecurity() throws IOException {
+ appletSecurityBackup = File.createTempFile("appletSecurity", "itwTestBAckup");
+ FirefoxProfilesOperator.copyFile(PathsAndFiles.APPLET_TRUST_SETTINGS_USER.getFile(), appletSecurityBackup);
+ }
+
+ @Before
+ public void removeAppletSecurity() throws IOException {
+ removeAppletSecurityImpl();
+ }
+
+ public static void removeAppletSecurityImpl() throws IOException {
+ if (appletSecurityBackup.exists()) {
+ PathsAndFiles.APPLET_TRUST_SETTINGS_USER.getFile().delete();
+ }
+ }
+
+ @AfterClass
+ public static void restoreAppletSecurity() throws IOException {
+ if (appletSecurityBackup.exists()) {
+ removeAppletSecurityImpl();
+ FirefoxProfilesOperator.copyFile(appletSecurityBackup, PathsAndFiles.APPLET_TRUST_SETTINGS_USER.getFile());
+ appletSecurityBackup.delete();
+ }
+ }
+
+ @BeforeClass
+ public static void saveJnlpRuntime() {
+ wasHeadless = JNLPRuntime.isHeadless();
+ wasTrustAll = JNLPRuntime.isTrustAll();
+ //trutNone is not used in dialogues, its considered as default
+ //but is ussed in Unsigned... dialogs family
+ wasTrustNone = JNLPRuntime.isTrustNone();
+ prompt = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER);
+ seclevel = JNLPRuntime.getConfiguration().getProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL);
+ }
+
+ @After
+ public void restoreJnlpRuntime() throws Exception {
+ restoreJnlpRuntimeFinally();
+ }
+
+ private static void setPrompt(String p) {
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER, p);
+ }
+
+ private static void setPrompt(boolean p) {
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER, String.valueOf(p));
+ }
+
+ private static void setAS(AppletSecurityLevel as) {
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL, String.valueOf(as.toChars()));
+ }
+
+ @AfterClass
+ public static void restoreJnlpRuntimeFinally() throws Exception {
+ JNLPRuntime.setHeadless(wasHeadless);
+ JNLPRuntime.setTrustAll(wasTrustAll);
+ JNLPRuntime.setTrustNone(wasTrustNone);
+ setPrompt(prompt);
+ JNLPRuntime.getConfiguration().setProperty(DeploymentConfiguration.KEY_SECURITY_LEVEL, seclevel);
+ }
+
+ @Test(timeout = 1000)//if gui pops up
+ public void testDialogsHeadlessTrustAllPrompt() throws Exception {
+ JNLPRuntime.setHeadless(true);
+ JNLPRuntime.setTrustAll(true);
+ JNLPRuntime.setTrustNone(false); //ignored
+ setPrompt(true); //should not metter becasue is headless
+ setAS(AppletSecurityLevel.ALLOW_UNSIGNED);
+ testAllDialogs(ExpectedResults.PositiveResults);
+ checkUnsignedActing(true);
+ setAS(AppletSecurityLevel.ASK_UNSIGNED);
+ checkUnsignedActing(true);
+ setAS(AppletSecurityLevel.DENY_ALL);
+ checkUnsignedActing(false, true);
+ setAS(AppletSecurityLevel.DENY_UNSIGNED);
+ checkUnsignedActing(false, true);
+ }
+
+ @Test(timeout = 1000)//if gui pops up
+ public void testDialogsHeadlessTrustNonePrompt() throws Exception {
+ JNLPRuntime.setHeadless(true);
+ JNLPRuntime.setTrustAll(false);
+ JNLPRuntime.setTrustNone(false); //used by Unsigne
+ setPrompt(true); //should not metter becasue is headless
+ setAS(AppletSecurityLevel.ALLOW_UNSIGNED);
+ testAllDialogs(ExpectedResults.NegativeResults);
+ checkUnsignedActing(true);
+ setAS(AppletSecurityLevel.ASK_UNSIGNED);
+ checkUnsignedActing(false);
+ setAS(AppletSecurityLevel.DENY_ALL);
+ checkUnsignedActing(false);
+ setAS(AppletSecurityLevel.DENY_UNSIGNED);
+ checkUnsignedActing(false);
+ }
+
+ @Test(timeout = 1000)//if gui pops up
+ public void testDialogsNotHeadlessTrustAllDontPrompt() throws Exception {
+ JNLPRuntime.setHeadless(false); //should not metter as is nto asking
+ JNLPRuntime.setTrustAll(true);
+ JNLPRuntime.setTrustNone(false); //ignored
+ setPrompt(false);
+ setAS(AppletSecurityLevel.ALLOW_UNSIGNED);
+ testAllDialogs(ExpectedResults.PositiveResults);
+ checkUnsignedActing(true);
+ setAS(AppletSecurityLevel.ASK_UNSIGNED);
+ checkUnsignedActing(true);
+ setAS(AppletSecurityLevel.DENY_ALL);
+ checkUnsignedActing(false, true);
+ setAS(AppletSecurityLevel.DENY_UNSIGNED);
+ checkUnsignedActing(false, true);
+ }
+
+ @Test(timeout = 1000)//if gui pops up
+ public void testDialogsNotHeadlessTrustNoneDontPrompt() throws Exception {
+ JNLPRuntime.setHeadless(false); //should not metter as is nto asking
+ JNLPRuntime.setTrustAll(false);
+ JNLPRuntime.setTrustNone(false); //ignored
+ setPrompt(false);
+ setAS(AppletSecurityLevel.ALLOW_UNSIGNED);
+ testAllDialogs(ExpectedResults.NegativeResults);
+ checkUnsignedActing(true);
+ setAS(AppletSecurityLevel.ASK_UNSIGNED);
+ checkUnsignedActing(false);
+ setAS(AppletSecurityLevel.DENY_ALL);
+ checkUnsignedActing(false);
+ setAS(AppletSecurityLevel.DENY_UNSIGNED);
+ checkUnsignedActing(false);
+ }
+
+ private void testAllDialogs(ExpectedResults r) throws MalformedURLException {
+ //anything but shoertcut
+ boolean r1 = SecurityDialogs.showAccessWarningDialogB(SecurityDialogs.AccessType.PRINTER, null, null);
+ Assert.assertEquals(r.p1, r1);
+ //shortcut
+ boolean r2 = SecurityDialogs.showAccessWarningDialogB(SecurityDialogs.AccessType.CREATE_DESTKOP_SHORTCUT, null, null);
+ Assert.assertEquals(r.p1, r2);
+ AppSigningWarningAction r3 = SecurityDialogs.showUnsignedWarningDialog(null);
+ Assert.assertEquals(r.ea, r3.getAction());
+ SecurityDialogs.AppletAction r4 = SecurityDialogs.showCertWarningDialog(SecurityDialogs.AccessType.UNVERIFIED, null, null, null);
+ Assert.assertEquals(r.p2, r4);
+ AppSigningWarningAction r5 = SecurityDialogs.showPartiallySignedWarningDialog(null, null, null);
+ Assert.assertEquals(r.ea, r5.getAction());
+ Object[] r6 = SecurityDialogs.showAuthenicationPrompt(null, 123456, null, null);
+ Assert.assertEquals(r.np, r6); //the np is null in both positive and negative
+ boolean r7 = SecurityDialogs.showMissingALACAttributePanel(null, null, null);
+ Assert.assertEquals(r.b, r7);
+ boolean r8 = SecurityDialogs.showMatchingALACAttributePanel(new DummyJnlpWithTitleAndUrls(), url, new HashSet<URL>());
+ Assert.assertEquals(r.b, r8);
+ boolean r9 = SecurityDialogs.showMissingPermissionsAttributeDialogue(null, null);
+ Assert.assertEquals(r.b, r9);
+ }
+
+ private void checkUnsignedActing(boolean b) throws MalformedURLException {
+ checkUnsignedActing(b, b);
+ }
+
+ /*
+ * testPartiallySignedBehaviour(); needs security delegate to set sandbox, so somtetimes results are strange
+ */
+ private void checkUnsignedActing(boolean b1, boolean b2) throws MalformedURLException {
+ boolean r10 = testUnsignedBehaviour();
+ Assert.assertEquals(b1, r10);
+ boolean r11 = testPartiallySignedBehaviour();
+ Assert.assertEquals(b2, r11);
+ }
+
+ private boolean testUnsignedBehaviour() throws MalformedURLException {
+ try {
+ UnsignedAppletTrustConfirmation.checkUnsignedWithUserIfRequired(new DummyJnlpWithTitleAndUrls());
+ return true;
+ } catch (LaunchException ex) {
+ return false;
More information about the distro-pkg-dev
mailing list