Reproducer for PR822

author: Adam Domurad <[email protected]> 2012-10-22 11:15:48 -0400
committer: Adam Domurad <[email protected]> 2012-10-22 11:15:48 -0400
commit: 565c8b4f680d233a455d480dd6589e2d1d37f645 (patch)
tree: 40ccc98b979d3db765183ce1e7af4fd7bb1bb56b
parent: 3d595f35b4ec1966e364cd976b479a91e7e5f3f4 (diff)
9 files changed, 508 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index fb027ff..e7253fc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,31 @@
 
 2012-10-19  Adam Domurad  <[email protected]>
 
+	Reproduces PR822: Applets fail to load if jars have different signers.
+	Tests for applets & JNLPs with multiple signers per jar.
+	* tests/reproducers/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java:
+	Modified to end with standard applet finish message.
+	* tests/reproducers/simple/ReadProperties/srcs/ReadProperties.java:
+	* tests/reproducers/custom/MultipleSignaturesPerJar/README: Explains
+	dependence on ReadPropertiesSigned.
+	* tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMatching.html:
+	HTML applet test with a common signer.
+	* tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMatching.jnlp:	
+	JNLP test with a common signer.
+	* tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMismatching.html:
+	HTML applet test without a common signer.
+	* tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMismatching.jnlp:
+	JNLP test without a common signer.
+	* tests/reproducers/custom/MultipleSignaturesPerJar/srcs/Makefile:
+	Custom makefile used to sign a jar with multiple signers.
+	* tests/reproducers/custom/MultipleSignaturesPerJar/srcs/somecrazytestpackage/MultipleSignaturesPerJarMain.java:
+	Accesses ReadPropertiesSigned from another package with different 
+	signers.
+	* tests/reproducers/custom/MultipleSignaturesPerJar/testcases/MultipleSignaturesPerJarTests.java:
+	Test driver.
+
+2012-10-19  Adam Domurad  <[email protected]>
+
 	New message for signer mismatch in JNLP applications.
 	* netx/net/sourceforge/jnlp/resources/Messages.properties: Added 
 	message 'The JNLP application is not fully signed by a single cert.'
diff --git a/tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMatching.html b/tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMatching.html
new file mode 100644
index 0000000..fe25d06
--- /dev/null
+++ b/tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMatching.html
@@ -0,0 +1,46 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<html><head></head><body bgcolor="red"> <p>
+
+<applet code = "somecrazytestpackage.MultipleSignaturesPerJarMain" 
+	archive = "MultipleSignaturesPerJar_A_and_B.jar,MultipleSignaturesPerJar_A_only.jar"
+	codebase = "." width="800" height="600">
+</applet>
+
+</p> </body>
+</html>
diff --git a/tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMatching.jnlp b/tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMatching.jnlp
new file mode 100644
index 0000000..5cbfa98
--- /dev/null
+++ b/tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMatching.jnlp
@@ -0,0 +1,57 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="MultipleSignaturesPerJarMatching.jnlp" codebase=".">
+  <information>
+    <title>MultipleSignaturesPerJarMatching</title>
+    <vendor>IcedTea</vendor>
+    <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+    <description>MultipleSignaturesPerJarMatching</description>
+    <offline/>
+  </information>
+  <resources>
+    <j2se version="1.4+"/>
+    <jar href="MultipleSignaturesPerJar_A_and_B.jar"/>
+    <jar href="MultipleSignaturesPerJar_A_only.jar"/>
+  </resources>
+  <application-desc main-class="somecrazytestpackage.MultipleSignaturesPerJarMain">
+  </application-desc>
+  <security>
+    <all-permissions/>
+  </security>
+</jnlp>
diff --git a/tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMismatching.html b/tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMismatching.html
new file mode 100644
index 0000000..75a95e5
--- /dev/null
+++ b/tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMismatching.html
@@ -0,0 +1,46 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<html><head></head><body bgcolor="red"> <p>
+
+<applet code = "somecrazytestpackage.MultipleSignaturesPerJarMain" 
+	archive = "MultipleSignaturesPerJar_A_only.jar,MultipleSignaturesPerJar_B_only.jar"
+	codebase = "." width="800" height="600">
+</applet>
+
+</p> </body>
+</html>
+\ No newline at end of file
diff --git a/tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMismatching.jnlp b/tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMismatching.jnlp
new file mode 100644
index 0000000..333ee50
--- /dev/null
+++ b/tests/reproducers/custom/MultipleSignaturesPerJar/resources/MultipleSignaturesPerJarMismatching.jnlp
@@ -0,0 +1,57 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="MultipleSignaturesPerJarMismatching.jnlp" codebase=".">
+  <information>
+    <title>MultipleSignaturesPerJarMismatching</title>
+    <vendor>IcedTea</vendor>
+    <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+    <description>MultipleSignaturesPerJarMismatching</description>
+    <offline/>
+  </information>
+  <resources>
+    <j2se version="1.4+"/>
+    <jar href="MultipleSignaturesPerJar_A_only.jar"/>
+    <jar href="MultipleSignaturesPerJar_B_only.jar"/>
+  </resources>
+  <application-desc main-class="somecrazytestpackage.MultipleSignaturesPerJarMain">
+  </application-desc>
+  <security>
+    <all-permissions/>
+  </security>
+</jnlp>
diff --git a/tests/reproducers/custom/MultipleSignaturesPerJar/srcs/Makefile b/tests/reproducers/custom/MultipleSignaturesPerJar/srcs/Makefile
new file mode 100644
index 0000000..ab9807e
--- /dev/null
+++ b/tests/reproducers/custom/MultipleSignaturesPerJar/srcs/Makefile
@@ -0,0 +1,56 @@
+TESTNAME=MultipleSignaturesPerJar
+
+JAVAC_CLASSPATH=$(TEST_EXTENSIONS_DIR):$(NETX_DIR)/lib/classes.jar
+KEYTOOL=$(BOOT_DIR)/bin/keytool
+JARSIGNER=$(BOOT_DIR)/bin/jarsigner
+JARSIGNER_CMD=$(JARSIGNER) -keystore $(TOP_BUILD_DIR)/$(PRIVATE_KEYSTORE_NAME) -storepass  $(PRIVATE_KEYSTORE_PASS) -keypass $(PRIVATE_KEYSTORE_PASS) 
+JAVAC=$(BOOT_DIR)/bin/javac
+JAR=$(BOOT_DIR)/bin/jar
+
+# Index jar causes main class jar to load
+
+TMPDIR:=$(shell mktemp -d)
+
+prepare-reproducer: 
+	echo PREPARING REPRODUCER $(TESTNAME) in $(TMPDIR)
+	
+	$(JAVAC) -d $(TMPDIR) -classpath $(JAVAC_CLASSPATH) somecrazytestpackage/MultipleSignaturesPerJarMain.java
+	
+	# Extract ReadPropertiesSigned.class for our usage
+	cd $(TMPDIR) ; \
+	$(JAR) xf $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR)/ReadPropertiesSigned.jar ReadPropertiesSigned.class ; 
+	
+	# Create jars *testname*_A_and_B.jar, *testname*_A_only.jar, *testname*_B_only.jar 
+	# These are signed by signatures A and B, A only, B only, respectively.
+	
+	# *testname*_A_and_B.jar as well as *testname*_B_only.jar contain ReadPropertiesSigned.class, which exercises the signing.
+	# *testname*_A_only.jar contains MultipleSignaturesTest.class, the (reused) main class for this reproducer.
+	
+	cd $(TMPDIR) ; \
+	$(JAR) cvf $(TESTNAME)_B_only.jar ReadPropertiesSigned.class ; \
+	cp $(TESTNAME)_B_only.jar $(TESTNAME)_A_and_B.jar ; \
+	$(JAR) cvf $(TESTNAME)_A_only.jar somecrazytestpackage ;
+	
+	# Sign with signature 'A', the signature used in the 'signed' reproducer group
+	cd $(TMPDIR) ; \
+	for jar_to_sign in $(TESTNAME)_A_only.jar $(TESTNAME)_A_and_B.jar; do \
+	   $(JARSIGNER_CMD) -sigfile Alpha "$$jar_to_sign" $(TEST_CERT_ALIAS)_signed  ; \
+	done
+	
+	# Sign with signature 'B', the signature used in the 'signed2' reproducer group
+	cd $(TMPDIR) ; \
+	for jar_to_sign in $(TESTNAME)_B_only.jar $(TESTNAME)_A_and_B.jar; do \
+	   $(JARSIGNER_CMD) -sigfile Beta "$$jar_to_sign" $(TEST_CERT_ALIAS)_signed2  ; \
+	done
+	
+	# Move jars into deployment directory
+	cd $(TMPDIR); \
+	mv $(TESTNAME)_B_only.jar $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR) ; \
+	mv $(TESTNAME)_A_only.jar $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR) ; \
+	mv $(TESTNAME)_A_and_B.jar $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR) ;
+	
+	echo PREPARED REPRODUCER $(TESTNAME), removing $(TMPDIR)
+	rm -rf $(TMPDIR)
+
+clean-reproducer:
+	echo NOTHING TO CLEAN FOR $(TESTNAME)
+\ No newline at end of file
diff --git a/tests/reproducers/custom/MultipleSignaturesPerJar/srcs/somecrazytestpackage/MultipleSignaturesPerJarMain.java b/tests/reproducers/custom/MultipleSignaturesPerJar/srcs/somecrazytestpackage/MultipleSignaturesPerJarMain.java
new file mode 100644
index 0000000..43452be
--- /dev/null
+++ b/tests/reproducers/custom/MultipleSignaturesPerJar/srcs/somecrazytestpackage/MultipleSignaturesPerJarMain.java
@@ -0,0 +1,90 @@
+
+
+/* MultipleSignaturesPerJarMain.java
+Copyright (C) 2012 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+package somecrazytestpackage;
+
+import java.applet.Applet;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+public class MultipleSignaturesPerJarMain extends Applet {
+
+    public static void main(String[] args) {
+        executeForeignMethodCaught();
+    }
+
+    public static void executeForeignMethodCaught() {
+        try {
+            executeForeignMethod();
+        } catch (Exception ex) {
+            throw new RuntimeException(ex);
+        }
+    }
+
+    public static void executeForeignMethod() throws ClassNotFoundException, NoSuchMethodException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, InstantiationException {
+        Class<?> clazz = Class.forName("ReadPropertiesSigned");
+        Method mainMethod = clazz.getDeclaredMethod("main", String[].class);
+        mainMethod.invoke(clazz.newInstance(), (Object)new String[] {"user.home"});
+        System.out.println("Test has finished.");
+    }
+    private class Killer extends Thread {
+
+        public int n = 2000;
+
+        @Override
+        public void run() {
+            try {
+                Thread.sleep(n);
+                System.exit(0);
+            } catch (Exception ex) {
+            }
+        }
+    }
+    private Killer killer;
+
+    @Override
+    public void init() {
+        killer = new Killer();
+    }
+
+    @Override
+    public void start() {
+        main(null);
+        System.out.println("*** APPLET FINISHED ***");
+    }
+}
diff --git a/tests/reproducers/custom/MultipleSignaturesPerJar/testcases/MultipleSignaturesPerJarTests.java b/tests/reproducers/custom/MultipleSignaturesPerJar/testcases/MultipleSignaturesPerJarTests.java
new file mode 100644
index 0000000..f523ed1
--- /dev/null
+++ b/tests/reproducers/custom/MultipleSignaturesPerJar/testcases/MultipleSignaturesPerJarTests.java
@@ -0,0 +1,129 @@
+/* MultipleSignaturesTestTests.java
+Copyright (C) 20121 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.assertFalse;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import net.sourceforge.jnlp.ProcessResult;
+import net.sourceforge.jnlp.ServerAccess.AutoClose;
+import net.sourceforge.jnlp.annotations.Bug;
+import net.sourceforge.jnlp.annotations.NeedsDisplay;
+import net.sourceforge.jnlp.annotations.TestInBrowsers;
+import net.sourceforge.jnlp.browsertesting.BrowserTest;
+import net.sourceforge.jnlp.browsertesting.Browsers;
+
+import org.junit.Test;
+
+@Bug(id = { "PR822" })
+public class MultipleSignaturesPerJarTests extends BrowserTest {
+    private final List<String> TRUST_ALL = Collections.unmodifiableList(Arrays.asList(new String[] { "-Xtrustall" }));
+
+    public static final String CORRECT_FINISH = "Test has finished.";
+    public static final String CNFEXCEPTION = "ClassNotFoundException";
+    public static final String DIFF_CERTS_EXCEPTION = "Fatal: Application Error: The JNLP application is not fully signed by a single cert.";
+    public static final String ACEXCEPTION = "java.security.AccessControlException: access denied";
+
+    @Test
+    @NeedsDisplay
+    public void multipleSignaturesPerJarMatchingJNLP() throws Exception {
+        ProcessResult pr = server.executeJavawsHeadless(TRUST_ALL, "/MultipleSignaturesPerJarMatching.jnlp");
+        // Assert relevant exceptions did not occur
+        assertFalse("stderr should NOT contain `" + CNFEXCEPTION + "`, but did",
+                pr.stderr.contains(CNFEXCEPTION));
+        assertFalse("stderr should NOT contain `" + ACEXCEPTION + "`, but did",
+                pr.stderr.contains(ACEXCEPTION));
+        assertFalse("stderr should NOT contain `" + DIFF_CERTS_EXCEPTION + "`, but did",
+                pr.stderr.contains(DIFF_CERTS_EXCEPTION));
+
+        // Assert that we correctly finish
+        assertTrue("stdout should contain `" + CORRECT_FINISH + "`, but did not",
+                pr.stdout.contains(CORRECT_FINISH));
+    }
+
+    @Test
+    @NeedsDisplay
+    public void multipleSignaturesPerJarMismatchingJNLP() throws Exception {
+        ProcessResult pr = server.executeJavawsHeadless(TRUST_ALL, "/MultipleSignaturesPerJarMismatching.jnlp");
+        // Assert only for the expected exception
+        assertTrue("stderr should contain `" + DIFF_CERTS_EXCEPTION + "`, but did not",
+                pr.stderr.contains(DIFF_CERTS_EXCEPTION));
+
+        // Assert that we did not correctly finish
+        assertFalse("stdout should NOT contain " + CORRECT_FINISH + " but did",
+                pr.stdout.contains(CORRECT_FINISH));
+    }
+
+    private static void testForCorrectAppletExecution(ProcessResult pr) {
+
+        // Assert relevant exceptions did not occur
+        assertFalse("stderr should NOT contain `" + CNFEXCEPTION + "`, but did",
+                pr.stderr.contains(CNFEXCEPTION));
+        assertFalse("stderr should NOT contain `" + ACEXCEPTION + "`, but did",
+                pr.stderr.contains(ACEXCEPTION));
+        assertFalse("stderr should NOT contain `" + DIFF_CERTS_EXCEPTION + "`, but did",
+                pr.stderr.contains(DIFF_CERTS_EXCEPTION));
+
+        // Assert that we correctly finish
+        // It is difficult to check for user.home's value here, so we only check for the ending message:
+        assertTrue("stdout should contain `" + CORRECT_FINISH + "`, but did not",
+                pr.stdout.contains(CORRECT_FINISH));
+    }
+
+    @Test
+    @NeedsDisplay
+    @TestInBrowsers(testIn = Browsers.one)
+    @Bug(id = { "PR822" })
+    public void multipleSignaturesPerJarMismatchingApplet() throws Exception {
+        ProcessResult pr = server.executeBrowser("/MultipleSignaturesPerJarMismatching.html", AutoClose.CLOSE_ON_CORRECT_END);
+        // NB: Both this and the matching applet should pass
+        // Unlike JNLPs, applets pass as long as all their parts are signed by *something*
+        testForCorrectAppletExecution(pr);
+    }
+
+    @Test
+    @NeedsDisplay
+    @TestInBrowsers(testIn = Browsers.one)
+    public void multipleSignaturesPerJarMatchingApplet() throws Exception {
+        ProcessResult pr = server.executeBrowser("/MultipleSignaturesPerJarMatching.html", AutoClose.CLOSE_ON_CORRECT_END);
+        testForCorrectAppletExecution(pr);
+    }
+
+}
+\ No newline at end of file
diff --git a/tests/reproducers/signed/ReadPropertiesSigned/README b/tests/reproducers/signed/ReadPropertiesSigned/README
new file mode 100644
index 0000000..63bbd82
--- /dev/null
+++ b/tests/reproducers/signed/ReadPropertiesSigned/README
@@ -0,0 +1,2 @@
+This test is relied on by custom/MultipleSignaturesPerJar.
+Any changes to this reproducer may require updates there.
+\ No newline at end of file
author	Adam Domurad <[email protected]>	2012-10-22 11:15:48 -0400
committer	Adam Domurad <[email protected]>	2012-10-22 11:15:48 -0400
commit	565c8b4f680d233a455d480dd6589e2d1d37f645 (patch)
tree	40ccc98b979d3db765183ce1e7af4fd7bb1bb56b
parent	3d595f35b4ec1966e364cd976b479a91e7e5f3f4 (diff)