/hg/icedtea-web: Partially signed reproducer adapted to new sche...
jvanek at icedtea.classpath.org
jvanek at icedtea.classpath.org
Fri Jun 19 10:22:57 UTC 2015
changeset ac236a9d0b92 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=ac236a9d0b92
author: Jiri Vanek <jvanek at redhat.com>
date: Fri Jun 19 12:22:43 2015 +0200
Partially signed reproducer adapted to new schema and enhanced
* tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplet.jnlp: moved from app to applet
* tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplication.jnlp: moved from applet to app
* tests/reproducers/signed/RunInSandbox/srcs/RunInSandbox.java: system exit not called in case of applet
* tests/reproducers/signed/RunInSandbox/testcases/RunInSandboxTest.java: added manipulation with certificates to simulate proper environment
* tests/test-extensions/net/sourceforge/jnlp/ServerAccess.java: fixed small bug headless switch now moved to start of argument list, not to the end. Being on end was killing -html or -jnlp arg functionality (arg was -headless then)
diffstat:
ChangeLog | 15 +
tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplet.jnlp | 4 +-
tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplication.jnlp | 6 +-
tests/reproducers/signed/RunInSandbox/srcs/RunInSandbox.java | 2 +-
tests/reproducers/signed/RunInSandbox/testcases/RunInSandboxTest.java | 215 ++++++++-
tests/test-extensions/net/sourceforge/jnlp/ServerAccess.java | 2 +-
6 files changed, 206 insertions(+), 38 deletions(-)
diffs (357 lines):
diff -r c09f70284a5f -r ac236a9d0b92 ChangeLog
--- a/ChangeLog Thu Jun 18 17:56:22 2015 +0200
+++ b/ChangeLog Fri Jun 19 12:22:43 2015 +0200
@@ -1,3 +1,18 @@
+2015-06-19 Jiri Vanek <jvanek at redhat.com>
+
+ Partially signed reproducer adapted to new schema and enhanced
+ * tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplet.jnlp:
+ moved from app to applet
+ * tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplication.jnlp:
+ moved from applet to app
+ * tests/reproducers/signed/RunInSandbox/srcs/RunInSandbox.java: system exit not
+ called in case of applet
+ * tests/reproducers/signed/RunInSandbox/testcases/RunInSandboxTest.java: added
+ manipulation with certificates to simulate proper environment
+ * tests/test-extensions/net/sourceforge/jnlp/ServerAccess.java: fixed small bug
+ headless switch now moved to start of argument list, not to the end. Being on end
+ was killing -html or -jnlp arg functionality (arg was -headless then)
+
2015-06-18 Jiri Vanek <jvanek at redhat.com>
JnlpBoot and XBasicService are called with exitOnException true now.
diff -r c09f70284a5f -r ac236a9d0b92 tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplet.jnlp
--- a/tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplet.jnlp Thu Jun 18 17:56:22 2015 +0200
+++ b/tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplet.jnlp Fri Jun 19 12:22:43 2015 +0200
@@ -53,6 +53,6 @@
<jar href="RunInSandbox.jar" main="true"/>
</resources>
- <application-desc main-class="RunInSandbox">
- </application-desc>
+ <applet-desc main-class="RunInSandbox">
+ </applet-desc>
</jnlp>
diff -r c09f70284a5f -r ac236a9d0b92 tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplication.jnlp
--- a/tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplication.jnlp Thu Jun 18 17:56:22 2015 +0200
+++ b/tests/reproducers/signed/RunInSandbox/resources/RunInSandboxApplication.jnlp Fri Jun 19 12:22:43 2015 +0200
@@ -52,7 +52,7 @@
<j2se version="1.6+"/>
<jar href="RunInSandbox.jar" main="true"/>
</resources>
-
- <applet-desc main-class="RunInSandbox">
- </applet-desc>
+ <application-desc main-class="RunInSandbox">
+ </application-desc>
+
</jnlp>
diff -r c09f70284a5f -r ac236a9d0b92 tests/reproducers/signed/RunInSandbox/srcs/RunInSandbox.java
--- a/tests/reproducers/signed/RunInSandbox/srcs/RunInSandbox.java Thu Jun 18 17:56:22 2015 +0200
+++ b/tests/reproducers/signed/RunInSandbox/srcs/RunInSandbox.java Fri Jun 19 12:22:43 2015 +0200
@@ -6,11 +6,11 @@
public void start() {
System.out.println("RunInSandbox read: " + read("user.home"));
System.out.println("*** APPLET FINISHED ***");
- System.exit(0);
}
public static void main(String[] args) {
new RunInSandbox().start();
+ System.exit(0);
}
private String read(String key) {
diff -r c09f70284a5f -r ac236a9d0b92 tests/reproducers/signed/RunInSandbox/testcases/RunInSandboxTest.java
--- a/tests/reproducers/signed/RunInSandbox/testcases/RunInSandboxTest.java Thu Jun 18 17:56:22 2015 +0200
+++ b/tests/reproducers/signed/RunInSandbox/testcases/RunInSandboxTest.java Fri Jun 19 12:22:43 2015 +0200
@@ -1,58 +1,117 @@
/* RunInSandboxTest.java
-Copyright (C) 2014 Red Hat, Inc.
+ Copyright (C) 2014 Red Hat, Inc.
-This file is part of IcedTea.
+ This file is part of IcedTea.
-IcedTea is free software; you can redistribute it and/or
-modify it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 2.
+ IcedTea is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, version 2.
-IcedTea is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details.
+ IcedTea is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
-You should have received a copy of the GNU General Public License
-along with IcedTea; see the file COPYING. If not, write to
-the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-02110-1301 USA.
+ You should have received mainCert copy of the GNU General Public License
+ along with IcedTea; see the file COPYING. If not, write to
+ the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
-Linking this library statically or dynamically with other modules is
-making a combined work based on this library. Thus, the terms and
-conditions of the GNU General Public License cover the whole
-combination.
+ Linking this library statically or dynamically with other modules is
+ making mainCert combined work based on this library. Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
-As a special exception, the copyright holders of this library give you
-permission to link this library with independent modules to produce an
-executable, regardless of the license terms of these independent
-modules, and to copy and distribute the resulting executable under
-terms of your choice, provided that you also meet, for each linked
-independent module, the terms and conditions of the license of that
-module. An independent module is a module which is not derived from
-or based on this library. If you modify this library, you may extend
-this exception to your version of the library, but you are not
-obligated to do so. If you do not wish to do so, delete this
-exception statement from your version.
+ As mainCert special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module. An independent module is mainCert module which is not derived from
+ or based on this library. If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so. If you do not wish to do so, delete this
+ exception statement from your version.
*/
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
import net.sourceforge.jnlp.ProcessResult;
import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener;
import net.sourceforge.jnlp.browsertesting.BrowserTest;
import java.util.List;
import java.util.Collections;
import java.util.Arrays;
+import net.sourceforge.jnlp.OptionsDefinitions;
+import net.sourceforge.jnlp.ServerAccess;
+import net.sourceforge.jnlp.annotations.TestInBrowsers;
+import net.sourceforge.jnlp.browsertesting.Browsers;
+import net.sourceforge.jnlp.closinglisteners.AutoErrorClosingListener;
+import net.sourceforge.jnlp.config.PathsAndFiles;
+import org.junit.AfterClass;
import static org.junit.Assert.*;
+import org.junit.BeforeClass;
import org.junit.Test;
public class RunInSandboxTest extends BrowserTest {
- private final List<String> TRUSTALL = Collections.unmodifiableList(Arrays.asList(new String[] { "-Xtrustall" }));
- private final List<String> TRUSTNONE = Collections.unmodifiableList(Arrays.asList(new String[] { "-Xtrustnone" }));
+ private final List<String> TRUSTALL = Collections.unmodifiableList(Arrays.asList(new String[]{OptionsDefinitions.OPTIONS.TRUSTALL.option}));
+ private final List<String> TRUSTNONE = Collections.unmodifiableList(Arrays.asList(new String[]{OptionsDefinitions.OPTIONS.TRUSTNONE.option}));
+ private final List<String> TRUSTALLHTML = Collections.unmodifiableList(Arrays.asList(new String[]{OptionsDefinitions.OPTIONS.TRUSTALL.option, OptionsDefinitions.OPTIONS.HTML.option}));
+ private final List<String> TRUSTNONEHTML = Collections.unmodifiableList(Arrays.asList(new String[]{OptionsDefinitions.OPTIONS.TRUSTNONE.option, OptionsDefinitions.OPTIONS.HTML.option}));
private static final String appletCloseString = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING;
+ private static final String ItwAlias = "icedteaweb_signed";
+ private static final char[] kpass = "changeit".toCharArray();
+ private static Certificate mainCert;
+
+ @BeforeClass
+ public static void exportCertificate() throws FileNotFoundException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
+ if (PathsAndFiles.USER_CERTS.getFile().exists()) {
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(new FileInputStream(PathsAndFiles.USER_CERTS.getFile()), null);
+ mainCert = ks.getCertificate(ItwAlias);
+ }
+ }
+
+
+ public static void deleteCertificate() throws FileNotFoundException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
+ if (mainCert != null) {
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(new FileInputStream(PathsAndFiles.USER_CERTS.getFile()), null);
+ Certificate isThere = ks.getCertificate(ItwAlias);
+ if (isThere != null) {
+ ks.deleteEntry(ItwAlias);
+ ks.store(new FileOutputStream(PathsAndFiles.USER_CERTS.getFile()), kpass);
+ }
+ }
+ }
+
+
+ @AfterClass
+ public static void restoreCertificate() throws FileNotFoundException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
+ if (mainCert != null) {
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(new FileInputStream(PathsAndFiles.USER_CERTS.getFile()), null);
+ ks.setCertificateEntry(ItwAlias, mainCert);
+ ks.store(new FileOutputStream(PathsAndFiles.USER_CERTS.getFile()), kpass);
+ }
+ }
+
+
+ //those tests must have NO certificate .. ItwAlias ... in keystore
@Test
public void testTrustAllJnlpAppletLaunch() throws Exception {
+ deleteCertificate();
ProcessResult pr = server.executeJavawsHeadless(TRUSTALL, "RunInSandboxApplet.jnlp");
assertReadProperty(pr);
assertProperClose(pr);
@@ -60,13 +119,16 @@
@Test
public void testTrustNoneJnlpAppletLaunch() throws Exception {
+ deleteCertificate();
ProcessResult pr = server.executeJavawsHeadless(TRUSTNONE, "RunInSandboxApplet.jnlp");
+ assertNotReadProperty(pr);
assertAccessControlException(pr);
assertProperClose(pr);
}
@Test
public void testTrustAllStandardJnlpApplicationLaunch() throws Exception {
+ deleteCertificate();
ProcessResult pr = server.executeJavawsHeadless(TRUSTALL, "RunInSandboxApplication.jnlp");
assertReadProperty(pr);
assertProperClose(pr);
@@ -74,10 +136,97 @@
@Test
public void testTrustNoneJnlpApplicationLaunch() throws Exception {
+ deleteCertificate();
ProcessResult pr = server.executeJavawsHeadless(TRUSTNONE, "RunInSandboxApplication.jnlp");
+ assertNotReadProperty(pr);
assertAccessControlException(pr);
assertProperClose(pr);
}
+
+ @Test
+ public void testTrustAlltHtmlJavawsLaunch() throws Exception {
+ deleteCertificate();
+ ProcessResult pr = server.executeJavawsHeadless(TRUSTALLHTML, "RunInSandbox.html", new AutoOkClosingListener(), new AutoErrorClosingListener(), null);
+ assertReadProperty(pr);
+ assertProperClose(pr);
+ }
+
+
+
+ @Test
+ public void testTrustNoneHtmlJavawsLaunch() throws Exception {
+ deleteCertificate();
+ ProcessResult pr = server.executeJavawsHeadless(TRUSTNONEHTML, "RunInSandbox.html", new AutoOkClosingListener(), new AutoErrorClosingListener(), null);
+ assertNotReadProperty(pr);
+ assertAccessControlException(pr);
+ assertProperClose(pr);
+ }
+
+
+ @Test
+ public void testTrustAlltHtmlHrefJavawsLaunch() throws Exception {
+ deleteCertificate();
+ ProcessResult pr = server.executeJavawsHeadless(TRUSTALLHTML, "RunInSandboxJnlpHref.html", new AutoOkClosingListener(), new AutoErrorClosingListener(), null);
+ assertReadProperty(pr);
+ assertProperClose(pr);
+ }
+
+
+
+ @Test
+ public void testTrustNoneHtmlHrefJavawsLaunch() throws Exception {
+ deleteCertificate();
+ ProcessResult pr = server.executeJavawsHeadless(TRUSTNONEHTML, "RunInSandboxJnlpHref.html", new AutoOkClosingListener(), new AutoErrorClosingListener(), null);
+ assertNotReadProperty(pr);
+ assertAccessControlException(pr);
+ assertProperClose(pr);
+ }
+
+
+ ///end of must NOT be certificate
+
+ //those MUST have certificate in sotre (see different result)
+ @Test
+ public void testHaveCErtJnlpAppletLaunch() throws Exception {
+ restoreCertificate();
+ ProcessResult pr = server.executeJavawsHeadless("RunInSandboxApplet.jnlp");
+ assertReadProperty(pr);
+ assertProperClose(pr);
+ }
+
+
+
+ @Test
+ public void testHaveCertStandardJnlpApplicationLaunch() throws Exception {
+ restoreCertificate();
+ ProcessResult pr = server.executeJavawsHeadless("RunInSandboxApplication.jnlp");
+ assertReadProperty(pr);
+ assertProperClose(pr);
+ }
+
+ @Test
+ @TestInBrowsers(testIn = Browsers.all)
+ public void testHaveCertHtmlAppletLaunch() throws Exception {
+ restoreCertificate();
+ ProcessResult pr = server.executeBrowser("RunInSandbox.html", ServerAccess.AutoClose.CLOSE_ON_BOTH);
+ assertReadProperty(pr);
+ assertProperClose(pr);
+ }
+
+
+
+ @Test
+ @TestInBrowsers(testIn = Browsers.all)
+ public void testHaveCertStandardHtmlHrefApplicationLaunch() throws Exception {
+ restoreCertificate();
+ ProcessResult pr = server.executeBrowser("RunInSandboxJnlpHref.html", ServerAccess.AutoClose.CLOSE_ON_BOTH);
+ assertReadProperty(pr);
+ assertProperClose(pr);
+ }
+
+
+
+ //end of must HAVE cert
private void assertProperClose(ProcessResult pr) {
assertTrue("applet should have closed correctly", pr.stdout.contains(appletCloseString));
@@ -87,9 +236,13 @@
assertTrue("applet should have been able to read user.home", pr.stdout.contains(System.getProperty("user.home")));
}
+ private void assertNotReadProperty(ProcessResult pr) {
+ assertFalse("applet should NOT been able to read user.home", pr.stdout.contains(System.getProperty("user.home")));
+ }
+
private void assertAccessControlException(ProcessResult pr) {
String ace = "java.security.AccessControlException: access denied (\"java.util.PropertyPermission\" \"user.home\" \"read\")";
- assertTrue("applet should not have been able to read user.home", pr.stdout.contains(ace));
+ assertTrue("applet should have throw AccessControlException", pr.stdout.contains(ace));
}
}
diff -r c09f70284a5f -r ac236a9d0b92 tests/test-extensions/net/sourceforge/jnlp/ServerAccess.java
--- a/tests/test-extensions/net/sourceforge/jnlp/ServerAccess.java Thu Jun 18 17:56:22 2015 +0200
+++ b/tests/test-extensions/net/sourceforge/jnlp/ServerAccess.java Fri Jun 19 12:22:43 2015 +0200
@@ -549,7 +549,7 @@
otherargs = new ArrayList<>(1);
}
List<String> headlesList = new ArrayList<>(otherargs);
- headlesList.add(HEADLES_OPTION);
+ headlesList.add(0, HEADLES_OPTION);
return executeJavaws(headlesList, resource,stdoutl,stderrl,vars);
}
More information about the distro-pkg-dev
mailing list