diff options
| author | Andrew Azores <[email protected]> | 2014-01-27 11:54:09 -0500 |
|---|---|---|
| committer | Andrew Azores <[email protected]> | 2014-01-27 11:54:09 -0500 |
| commit | 98c9d6e1ea22db18913b531b8056fbdc5465eb18 (patch) | |
| tree | ed4abbebdfbcd9100e8dcdee02789fff54301ed3 | |
| parent | 3b7b52a5775053bc10df88c71af5f22511e69d5f (diff) | |
PR1592 MixedSigningApplet reproducer rewrite/update
MixedSigningApplet reproducer (PR1592) moved into custom reproducer. JNLP
files generated per-test rather than premade. Many new tests added.
* tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.html:
moved to custom reproducer
* tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.jnlp:
moved to custom reproducer and now used as template by testcases file
* tests/reproducers/custom/MixedSigningApplet/srcs/Makefile: new Makefile
for custom reproducer
* tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletHelper.java
* tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletSigned.java
*
tests/reproducers/custom/MixedSigningApplet/testcases/MixedSigningAppletSignedTests.java:
new tests added, JNLP files generated per-test rather than all prepackaged
* tests/reproducers/signed/MixedSigningAppletSigned/srcs/MixedSigningAppletSigned.java:
moved to custom reproducer
* tests/reproducers/signed/MixedSigningAppletSigned/testcases/MixedSigningAppletSignedTests.java
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-1.jnlp
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-2.jnlp
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-3.jnlp
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-4.jnlp
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-5.jnlp
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-6.jnlp
* tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet.html
* tests/reproducers/simple/MixedSigningApplet/srcs/MixedSigningAppletHelper.java
14 files changed, 1249 insertions, 620 deletions
@@ -1,3 +1,30 @@ +2014-01-27 Andrew Azores <[email protected]> + + MixedSigningApplet reproducer (PR1592) moved into custom reproducer. JNLP + files generated per-test rather than premade. Many new tests added. + * tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.html: + moved to custom reproducer + * tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.jnlp: + moved to custom reproducer and now used as template by testcases file + * tests/reproducers/custom/MixedSigningApplet/srcs/Makefile: new Makefile + for custom reproducer + * tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletHelper.java + * tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletSigned.java + * + tests/reproducers/custom/MixedSigningApplet/testcases/MixedSigningAppletSignedTests.java: + new tests added, JNLP files generated per-test rather than all prepackaged + * tests/reproducers/signed/MixedSigningAppletSigned/srcs/MixedSigningAppletSigned.java: + moved to custom reproducer + * tests/reproducers/signed/MixedSigningAppletSigned/testcases/MixedSigningAppletSignedTests.java + * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-1.jnlp + * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-2.jnlp + * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-3.jnlp + * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-4.jnlp + * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-5.jnlp + * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-6.jnlp + * tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet.html + * tests/reproducers/simple/MixedSigningApplet/srcs/MixedSigningAppletHelper.java + 2014-01-27 Jiri Vanek <[email protected]> Tuning of properties loading. diff --git a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet.html b/tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.html index 6fe11d7..27f1b6c 100644 --- a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet.html +++ b/tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.html @@ -38,7 +38,7 @@ exception statement from your version. <html> <head></head> <body> - <applet code="com.redhat.mixedsigning.signed.MixedSigningAppletSigned.class" + <applet code="signed.MixedSigningAppletSigned.class" archive="MixedSigningAppletSigned.jar,MixedSigningApplet.jar" codebase="." width="640" diff --git a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-1.jnlp b/tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.jnlp index e79de8d..b6eb914 100644 --- a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-1.jnlp +++ b/tests/reproducers/custom/MixedSigningApplet/resources/MixedSigningApplet.jnlp @@ -36,7 +36,7 @@ exception statement from your version. --> <?xml version="1.0" encoding="utf-8"?> -<jnlp spec="1.0" href="MixedSigningApplet.jnlp" codebase="."> +<jnlp spec="1.0" href="JNLP_HREF" codebase="."> <information> <title>MixedSigningApplet</title> <vendor>IcedTea</vendor> @@ -49,13 +49,13 @@ exception statement from your version. <jar href="MixedSigningAppletSigned.jar"/> <jar href="MixedSigningApplet.jar"/> </resources> - <applet-desc + <APP_TYPE_TARGET documentBase="." name="AppletTest" - main-class="com.redhat.mixedsigning.signed.MixedSigningAppletSigned" + main-class="signed.MixedSigningAppletSigned" width="100" height="100"> - <param name="testName" value="testNonPrivilegedAction"/> - </applet-desc> - </application-desc> + PARAM_ARG_TARGET + </APP_TYPE_TARGET> + SECURITY_TAG_TARGET </jnlp> diff --git a/tests/reproducers/custom/MixedSigningApplet/srcs/Makefile b/tests/reproducers/custom/MixedSigningApplet/srcs/Makefile new file mode 100644 index 0000000..dc66d63 --- /dev/null +++ b/tests/reproducers/custom/MixedSigningApplet/srcs/Makefile @@ -0,0 +1,34 @@ +TESTNAME=MixedSigningApplet + +SRC_FILES=MixedSigningAppletSigned.java MixedSigningAppletHelper.java +ENTRYPOINT_CLASSES=MixedSigningApplet + +JAVAC_CLASSPATH=$(TEST_EXTENSIONS_DIR):$(NETX_DIR)/lib/classes.jar +JAVAC=$(BOOT_DIR)/bin/javac +JAR=$(BOOT_DIR)/bin/jar +JARSIGNER=$(BOOT_DIR)/bin/jarsigner +JARSIGNER_CMD=$(JARSIGNER) -keystore $(TOP_BUILD_DIR)/$(PRIVATE_KEYSTORE_NAME) -storepass $(PRIVATE_KEYSTORE_PASS) -keypass $(PRIVATE_KEYSTORE_PASS) + +TMPDIR:=$(shell mktemp -d) + +prepare-reproducer: + echo PREPARING REPRODUCER $(TESTNAME) + + $(JAVAC) -d $(TMPDIR) -classpath $(JAVAC_CLASSPATH) $(SRC_FILES); \ + + cp ../resources/* $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR); \ + + cd $(TMPDIR); \ + $(JAR) cfe MixedSigningAppletSigned.jar signed.MixedSigningAppletSigned signed; \ + $(JAR) cf MixedSigningApplet.jar helper; \ + cd -; \ + + $(JARSIGNER_CMD) -sigfile Alpha $(TMPDIR)/MixedSigningAppletSigned.jar $(TEST_CERT_ALIAS)_signed; \ + + cp $(TMPDIR)/MixedSigningApplet{Signed,}.jar $(REPRODUCERS_TESTS_SERVER_DEPLOYDIR); \ + + echo PREPARED REPRODUCER $(TESTNAME), removing $(TMPDIR); \ + rm -rf $(TMPDIR); \ + +clean-reproducer: + echo NOTHING TO CLEAN FOR $(TESTNAME) diff --git a/tests/reproducers/simple/MixedSigningApplet/srcs/MixedSigningAppletHelper.java b/tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletHelper.java index 939205d..a5803fb 100644 --- a/tests/reproducers/simple/MixedSigningApplet/srcs/MixedSigningAppletHelper.java +++ b/tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletHelper.java @@ -35,9 +35,12 @@ obligated to do so. If you do not wish to do so, delete this exception statement from your version. */ -package com.redhat.mixedsigning.helper; +package helper; +import signed.MixedSigningAppletSigned; import java.lang.reflect.Method; import java.lang.reflect.InvocationTargetException; +import java.security.AccessController; +import java.security.PrivilegedAction; /* See also signed/MixedSigningAppletSigned */ public class MixedSigningAppletHelper { @@ -46,13 +49,31 @@ public class MixedSigningAppletHelper { return "MixedSigningApplet Applet Running"; } + public static String helpDoPrivileged() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return "MixedSigningApplet Applet Running"; + } + }); + } + public static String getProperty(String prop) { return System.getProperty(prop); } + public static String getPropertyDoPrivileged(final String prop) { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return getProperty(prop); + } + }); + } + public static String getPropertyFromSignedJar(String prop) { try { - Class<?> signedAppletClass = Class.forName("com.redhat.mixedsigning.signed.MixedSigningAppletSigned"); + Class<?> signedAppletClass = Class.forName("signed.MixedSigningAppletSigned"); Method m = signedAppletClass.getMethod("getProperty", String.class); String result = (String) m.invoke(null, prop); return result; @@ -62,9 +83,18 @@ public class MixedSigningAppletHelper { } } + public static String getPropertyFromSignedJarDoPrivileged(final String prop) { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return getPropertyFromSignedJar(prop); + } + }); + } + public static String attack() { try { - Class<?> signedAppletClass = Class.forName("com.redhat.mixedsigning.signed.MixedSigningAppletSigned"); + Class<?> signedAppletClass = Class.forName("signed.MixedSigningAppletSigned"); Method m = signedAppletClass.getMethod("getProperty", String.class); String result = (String) m.invoke(signedAppletClass.newInstance(), "user.home"); return result; @@ -74,10 +104,19 @@ public class MixedSigningAppletHelper { } } + public static String attackDoPrivileged() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return new MixedSigningAppletSigned().testSignedReadPropertiesDoPrivileged(); + } + }); + } + public static String reflectiveAttack() { String result = null; try { - Object signedApplet = Class.forName("com.redhat.mixedsigning.signed.MixedSigningAppletSigned").newInstance(); + Object signedApplet = Class.forName("signed.MixedSigningAppletSigned").newInstance(); Method getProp = signedApplet.getClass().getMethod("calledByReflection"); result = (String)getProp.invoke(signedApplet); } catch (Exception e) { @@ -86,4 +125,13 @@ public class MixedSigningAppletHelper { } return result; } + + public static String reflectiveAttackDoPrivileged() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return reflectiveAttack(); + } + }); + } } diff --git a/tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletSigned.java b/tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletSigned.java new file mode 100644 index 0000000..e0331f7 --- /dev/null +++ b/tests/reproducers/custom/MixedSigningApplet/srcs/MixedSigningAppletSigned.java @@ -0,0 +1,349 @@ +/* MixedSigningAppletSigned.java +Copyright (C) 2013 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + +package signed; +import helper.MixedSigningAppletHelper; +import java.applet.Applet; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.List; +import java.security.AccessController; +import java.security.PrivilegedAction; + +/* See also simple/MixedSigningApplet */ +public class MixedSigningAppletSigned extends Applet { + + public static void main(String[] args) { + MixedSigningAppletSigned applet = new MixedSigningAppletSigned(); + applet.jnlpStart(args[0].replaceAll("\"", "")); + } + + public void jnlpStart(String testName) { + try { + Method m = this.getClass().getMethod(testName); + final String result = (String) m.invoke(this); + System.out.println(result); + } catch (Exception e) { + e.printStackTrace(); + } + + try { + Method m = this.getClass().getMethod(testName + "Reflect"); + final String result = (String) m.invoke(this); + System.out.println(result); + } catch (Exception e) { + e.printStackTrace(); + } + System.out.println("*** APPLET FINISHED ***"); + System.exit(0); + } + + @Override + public void start() { + jnlpStart(getParameter("testName")); + } + + public String testNonPrivilegedActionReflect() { + return new HelperMethodCall<String>().method("help").call(); + } + + public String testNonPrivilegedAction() { + return MixedSigningAppletHelper.help(); + } + + public String testNonPrivilegedActionDoPrivilegedReflect() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return testNonPrivilegedActionReflect(); + } + }); + } + + public String testNonPrivilegedActionDoPrivileged() { + return testNonPrivilegedActionDoPrivileged(); + } + + public String testNonPrivilegedActionDoPrivileged2Reflect() { + return new HelperMethodCall<String>().method("helpDoPrivileged").call(); + } + + public String testNonPrivilegedActionDoPrivileged2() { + return MixedSigningAppletHelper.helpDoPrivileged(); + } + + // Should succeed + public String testSignedReadProperties() { + return getProperty("user.home"); + } + + // Should just be the same as above. It doesn't make much sense to make a reflective version here + public String testSignedReadPropertiesReflect() { + return testSignedReadProperties(); + } + + public String testSignedReadPropertiesDoPrivileged() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return testSignedReadProperties(); + } + }); + } + + public String testSignedReadPropertiesDoPrivilegedReflect() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return testSignedReadPropertiesReflect(); + } + }); + } + + // Should result in AccessControlException + public String testUnsignedReadPropertiesReflect() { + return new HelperMethodCall<String>().type(String.class).method("getProperty").arg("user.home").call(); + } + + public String testUnsignedReadProperties() { + return MixedSigningAppletHelper.getProperty("user.home"); + } + + public String testUnsignedReadPropertiesDoPrivileged() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return testUnsignedReadProperties(); + } + }); + } + + public String testUnsignedReadPropertiesDoPrivilegedReflect() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return testUnsignedReadPropertiesReflect(); + } + }); + } + + public String testUnsignedReadPropertiesDoPrivileged2Reflect() { + return new HelperMethodCall<String>().type(String.class).method("getPropertyDoPrivileged").arg("user.home").call(); + } + + public String testUnsignedReadPropertiesDoPrivileged2() { + return MixedSigningAppletHelper.getPropertyDoPrivileged("user.home"); + } + + // Should result in AccessControlException + public String testSignedExportPropertiesToUnsignedReflect() { + return new HelperMethodCall<String>().type(String.class).method("getPropertyFromSignedJar").arg("user.home").call(); + } + + public String testSignedExportPropertiesToUnsigned() { + return MixedSigningAppletHelper.getPropertyFromSignedJar("user.home"); + } + + public String testSignedExportPropertiesToUnsignedDoPrivilegedReflect() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return testSignedExportPropertiesToUnsignedReflect(); + } + }); + } + + public String testSignedExportPropertiesToUnsignedDoPrivileged() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return testSignedExportPropertiesToUnsigned(); + } + }); + } + + public String testSignedExportPropertiesToUnsignedDoPrivileged2Reflect() { + return new HelperMethodCall<String>().type(String.class).method("getPropertyFromSignedJarDoPrivileged").arg("user.home").call(); + } + + public String testSignedExportPropertiesToUnsignedDoPrivileged2() { + return MixedSigningAppletHelper.getPropertyFromSignedJarDoPrivileged("user.home"); + } + + // Should result in AccessControlException + public String testUnsignedAttacksSignedReflect() { + return new HelperMethodCall<String>().method("attack").call(); + } + + public String testUnsignedAttacksSigned() { + return MixedSigningAppletHelper.attack(); + } + + public String testUnsignedAttacksSignedDoPrivilegedReflect() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return testUnsignedAttacksSignedReflect(); + } + }); + } + + public String testUnsignedAttacksSignedDoPrivileged() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return testUnsignedAttacksSigned(); + } + }); + } + + public String testUnsignedAttacksSignedDoPrivileged2Reflect() { + return new HelperMethodCall<String>().method("attackDoPrivileged").call(); + } + + public String testUnsignedAttacksSignedDoPrivileged2() { + return MixedSigningAppletHelper.attackDoPrivileged(); + } + + // Should result in InvocationTargetException (due to AccessControlException) + public String testUnsignedReflectionAttackReflect() { + return new HelperMethodCall<String>().method("reflectiveAttack").call(); + } + + public String testUnsignedReflectionAttack() { + return MixedSigningAppletHelper.reflectiveAttack(); + } + + public String testUnsignedReflectionAttackDoPrivilegedReflect() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return testUnsignedReflectionAttackReflect(); + } + }); + } + + public String testUnsignedReflectionAttackDoPrivileged() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return testUnsignedReflectionAttack(); + } + }); + } + + public String testUnsignedReflectionAttackDoPrivileged2Reflect() { + return new HelperMethodCall<String>().method("reflectiveAttackDoPrivileged").call(); + } + + public String testUnsignedReflectionAttackDoPrivileged2() { + return MixedSigningAppletHelper.reflectiveAttackDoPrivileged(); + } + + public String calledByReflection() { + return System.getProperty("user.home"); + } + + public String calledByReflectionDoPrivileged() { + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return calledByReflection(); + } + }); + } + + public static String getProperty(String prop) { + return System.getProperty(prop); + } + + public static String getPropertyDoPrivileged(String prop) { + final String fProp = prop; + return AccessController.doPrivileged(new PrivilegedAction<String>() { + @Override + public String run() { + return System.getProperty(fProp); + } + }); + } + + private static class HelperMethodCall<T> { + + private String methodName; + private final List<Class<?>> methodSignature; + private final List<String> args; + + public HelperMethodCall() { + methodSignature = new ArrayList<Class<?>>(); + args = new ArrayList<String>(); + } + + public HelperMethodCall<T> method(String methodName) { + this.methodName = methodName; + return this; + } + + public HelperMethodCall<T> type(Class<?> methodSignature) { + this.methodSignature.add(methodSignature); + return this; + } + + public HelperMethodCall<T> arg(String arg) { + this.args.add(arg); + return this; + } + + public T call() { + try { + Class<?> helper = Class.forName("helper.MixedSigningAppletHelper"); + Method m; + if (this.methodSignature == null) { + m = helper.getMethod(this.methodName); + } else { + m = helper.getMethod(this.methodName, this.methodSignature.toArray(new Class<?>[methodSignature.size()])); + } + Object[] params = args.toArray(new String[args.size()]); + @SuppressWarnings("unchecked") + T result = (T) m.invoke(null, params); + return result; + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + } +} diff --git a/tests/reproducers/custom/MixedSigningApplet/testcases/MixedSigningAppletSignedTests.java b/tests/reproducers/custom/MixedSigningApplet/testcases/MixedSigningAppletSignedTests.java new file mode 100644 index 0000000..2ae4097 --- /dev/null +++ b/tests/reproducers/custom/MixedSigningApplet/testcases/MixedSigningAppletSignedTests.java @@ -0,0 +1,780 @@ +/* MixedSigningAppletSignedTests.java +Copyright (C) 2013 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + +import static org.junit.Assert.assertTrue; + +import java.io.File; +import java.io.FileInputStream; + +import net.sourceforge.jnlp.ProcessResult; +import net.sourceforge.jnlp.ServerAccess; +import net.sourceforge.jnlp.ServerAccess.AutoClose; +import net.sourceforge.jnlp.annotations.Bug; +import net.sourceforge.jnlp.annotations.NeedsDisplay; +import net.sourceforge.jnlp.annotations.TestInBrowsers; +import net.sourceforge.jnlp.browsertesting.BrowserTest; +import net.sourceforge.jnlp.browsertesting.Browsers; +import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; + +import org.junit.Test; + +/* + * All JNLP tests expect to be unable to perform restricted actions, + * such as reading from System.getProperty. This is because partially signed + * applet support (PR1592) is enabled *only* for browser plugin applets, and + * not for JNLP applets or applications. The expected result in all JNLP + * tests is therefore an AccessControlException. Most plugin applets expect + * AccessControlExceptions as well, since they test to ensure that the signed + * JAR(s) of an applet cannot leak information to unsigned parts of the applet + * nor allow them to perform restricted actions. These tests also similarly + * expect AccessControlExceptions. The only tests that expect to be able to + * read successfully from System.getProperty are the plugin applet tests + * where the signed JAR reads the data and then does not in any way transfer + * it to the unsigned code, except when the signed JAR method specifically uses + * AccessController.doPrivileged. These are "testSignedReadProperties", + * "testSignedReadPropertiesDoPrivileged", and + * "testUnsignedAttacksSignedDoPrivileged2". + */ +public class MixedSigningAppletSignedTests extends BrowserTest { + + private static final String CLOSE_STRING = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING; + private static final String USER_HOME = System.getProperty("user.home"); + + private static final String HREF_TARGET = "JNLP_HREF", APP_TYPE_TARGET = "APP_TYPE_TARGET", ARG_TARGET = "PARAM_ARG_TARGET", + SECURITY_TARGET = "SECURITY_TAG_TARGET"; + + private static final String JNLP_SECURITY_TAG = "<security><all-permissions/></security>"; + + private static ProcessResult runJnlpApplet(String arg, boolean security) throws Exception { + String argString = "<param name=\"testName\" value=\"" + arg + "\"/>"; + String href = "MixedSigningApplet-Applet-" + arg + ".jnlp"; + return prepareJnlpFromTemplate(href, "applet-desc", argString, security); + } + + private static ProcessResult runJnlpApplication(String arg, boolean security) throws Exception { + String argString = "<argument>\"" + arg + "\"</argument>"; + String href = "MixedSigningApplet-Application-" + arg + ".jnlp"; + return prepareJnlpFromTemplate(href, "application-desc", argString, security); + } + + private static ProcessResult prepareJnlpFromTemplate(String href, String type, String arg, boolean security) throws Exception { + File src = new File(server.getDir(), "MixedSigningApplet.jnlp"); + File dest = new File(server.getDir(), href); + String srcJnlp = ServerAccess.getContentOfStream(new FileInputStream(src)); + String resultJnlp = srcJnlp.replaceAll(HREF_TARGET, href) + .replaceAll(APP_TYPE_TARGET, type) + .replaceAll(ARG_TARGET, arg) + .replaceAll(SECURITY_TARGET, security ? JNLP_SECURITY_TAG : ""); + ServerAccess.saveFile(resultJnlp, dest); + return server.executeJavawsHeadless(href); + } + + /* + * All browser tests disabled due to requiring user intervention to run + * (partially signed dialog will appear) + */ + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testNonPrivilegedAction() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testNonPrivilegedAction", AutoClose.CLOSE_ON_CORRECT_END); + assertProperStart(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testNonPrivilegedActionDoPrivileged() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testNonPrivilegedActionDoPrivileged", AutoClose.CLOSE_ON_CORRECT_END); + assertProperStart(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testNonPrivilegedActionDoPrivileged2() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testNonPrivilegedActionDoPrivileged2", AutoClose.CLOSE_ON_CORRECT_END); + assertProperStart(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testUnsignedReadProperties() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedReadProperties", AutoClose.CLOSE_ON_CORRECT_END); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testUnsignedReadPropertiesDoPrivileged() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedReadPropertiesDoPrivileged", AutoClose.CLOSE_ON_CORRECT_END); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testUnsignedReadPropertiesDoPrivileged2() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedReadPropertiesDoPrivileged2", AutoClose.CLOSE_ON_CORRECT_END); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testSignedReadProperties() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testSignedReadProperties", AutoClose.CLOSE_ON_CORRECT_END); + assertContainsUserHome(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testSignedReadPropertiesDoPrivileged() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testSignedReadPropertiesDoPrivileged", AutoClose.CLOSE_ON_CORRECT_END); + assertContainsUserHome(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testSignedExportPropertiesToUnsigned() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testSignedExportPropertiesToUnsigned", AutoClose.CLOSE_ON_CORRECT_END); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testSignedExportPropertiesToUnsignedDoPrivileged() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testSignedExportPropertiesToUnsignedDoPrivileged", AutoClose.CLOSE_ON_CORRECT_END); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testSignedExportPropertiesToUnsignedDoPrivileged2() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testSignedExportPropertiesToUnsignedDoPrivileged2", AutoClose.CLOSE_ON_CORRECT_END); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testUnsignedAttacksSigned() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedAttacksSigned", AutoClose.CLOSE_ON_CORRECT_END); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testUnsignedAttacksSignedDoPrivileged() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedAttacksSignedDoPrivileged", AutoClose.CLOSE_ON_CORRECT_END); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testUnsignedAttacksSignedDoPrivileged2() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedAttacksSignedDoPrivileged2", AutoClose.CLOSE_ON_CORRECT_END); + assertContainsUserHome(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testUnsignedReflectionAttack() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedReflectionAttack", AutoClose.CLOSE_ON_CORRECT_END); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testUnsignedReflectionAttackDoPrivileged() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedReflectionAttackDoPrivileged", AutoClose.CLOSE_ON_CORRECT_END); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @NeedsDisplay + //@Test + @TestInBrowsers(testIn={Browsers.one}) + public void testUnsignedReflectionAttackDoPrivileged2() throws Exception { + ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedReflectionAttackDoPrivileged2", AutoClose.CLOSE_ON_CORRECT_END); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testNonPrivilegedActionJNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testNonPrivilegedAction", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testNonPrivilegedActionJNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testNonPrivilegedAction", false); + assertProperStart(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testNonPrivilegedActionDoPrivilegedJNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testNonPrivilegedActionDoPrivileged", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testNonPrivilegedActionDoPrivilegedJNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testNonPrivilegedActionDoPrivileged", false); + assertProperStart(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testNonPrivilegedActionDoPrivileged2JNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testNonPrivilegedActionDoPrivileged2", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testNonPrivilegedActionDoPrivileged2JNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testNonPrivilegedActionDoPrivileged2", false); + assertProperStart(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReadPropertiesJNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedReadProperties", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReadPropertiesJNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedReadProperties", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReadPropertiesDoPrivilegedJNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedReadPropertiesDoPrivileged", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReadPropertiesDoPrivilegedJNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedReadPropertiesDoPrivileged", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedReadPropertiesJNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testSignedReadProperties", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedReadPropertiesJNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testSignedReadProperties", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedReadPropertiesDoPrivilegedJNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testSignedReadPropertiesDoPrivileged", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedReadPropertiesDoPrivilegedJNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testSignedReadPropertiesDoPrivileged", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedExportPropertiesToUnsignedJNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testSignedExportPropertiesToUnsigned", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedExportPropertiesToUnsignedJNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testSignedExportPropertiesToUnsigned", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedExportPropertiesToUnsignedDoPrivilegedJNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testSignedExportPropertiesToUnsignedDoPrivileged", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedExportPropertiesToUnsignedDoPrivilegedJNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testSignedExportPropertiesToUnsignedDoPrivileged", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedExportPropertiesToUnsignedDoPrivileged2JNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testSignedExportPropertiesToUnsignedDoPrivileged2", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedExportPropertiesToUnsignedDoPrivileged2JNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testSignedExportPropertiesToUnsignedDoPrivileged2", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedAttacksSignedJNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedAttacksSigned", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedAttacksSignedJNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedAttacksSigned", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedAttacksSignedDoPrivilegedJNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedAttacksSignedDoPrivileged", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedAttacksSignedDoPrivilegedJNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedAttacksSignedDoPrivileged", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedAttacksSignedDoPrivileged2JNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedAttacksSignedDoPrivileged2", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedAttacksSignedDoPrivileged2JNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedAttacksSignedDoPrivileged2", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReflectionAttackJNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedReflectionAttack", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReflectionAttackJNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedReflectionAttack", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReflectionAttackDoPrivilegedJNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedReflectionAttackDoPrivileged", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReflectionAttackDoPrivilegedJNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedReflectionAttackDoPrivileged", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReflectionAttackDoPrivileged2JNLPAppletWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedReflectionAttackDoPrivileged2", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReflectionAttackDoPrivileged2JNLPApplet() throws Exception { + ProcessResult pr = runJnlpApplet("testUnsignedReflectionAttackDoPrivileged2", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testNonPrivilegedActionJNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testNonPrivilegedAction", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testNonPrivilegedActionJNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testNonPrivilegedAction", false); + assertProperStart(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testNonPrivilegedActionDoPrivilegedJNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testNonPrivilegedActionDoPrivileged", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testNonPrivilegedActionDoPrivilegedJNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testNonPrivilegedActionDoPrivileged", false); + assertProperStart(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testNonPrivilegedActionDoPrivileged2JNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testNonPrivilegedActionDoPrivileged2", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testNonPrivilegedActionDoPrivileged2JNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testNonPrivilegedActionDoPrivileged2", false); + assertProperStart(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReadPropertiesJNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedReadProperties", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReadPropertiesJNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedReadProperties", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReadPropertiesDoPrivilegedJNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedReadPropertiesDoPrivileged", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReadPropertiesDoPrivilegedJNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedReadPropertiesDoPrivileged", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedReadPropertiesJNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testSignedReadProperties", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedReadPropertiesJNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testSignedReadProperties", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedReadPropertiesDoPrivilegedJNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testSignedReadPropertiesDoPrivileged", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedReadPropertiesDoPrivilegedJNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testSignedReadPropertiesDoPrivileged", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedExportPropertiesToUnsignedJNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testSignedExportPropertiesToUnsigned", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedExportPropertiesToUnsignedJNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testSignedExportPropertiesToUnsigned", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedExportPropertiesToUnsignedDoPrivilegedJNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testSignedExportPropertiesToUnsignedDoPrivileged", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedExportPropertiesToUnsignedDoPrivilegedJNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testSignedExportPropertiesToUnsignedDoPrivileged", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedExportPropertiesToUnsignedDoPrivileged2JNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testSignedExportPropertiesToUnsignedDoPrivileged2", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testSignedExportPropertiesToUnsignedDoPrivileged2JNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testSignedExportPropertiesToUnsignedDoPrivileged2", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedAttacksSignedJNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedAttacksSigned", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedAttacksSignedJNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedAttacksSigned", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedAttacksSignedDoPrivilegedJNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedAttacksSignedDoPrivileged", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedAttacksSignedDoPrivilegedJNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedAttacksSignedDoPrivileged", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedAttacksSignedDoPrivileged2JNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedAttacksSignedDoPrivileged2", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedAttacksSignedDoPrivileged2JNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedAttacksSignedDoPrivileged2", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReflectionAttackJNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedReflectionAttack", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReflectionAttackJNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedReflectionAttack", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReflectionAttackDoPrivilegedJNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedReflectionAttackDoPrivileged", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReflectionAttackDoPrivilegedJNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedReflectionAttackDoPrivileged", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReflectionAttackDoPrivileged2JNLPApplicationWithSecurity() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedReflectionAttackDoPrivileged2", true); + assertSecurityTagException(pr); + } + + @Bug(id="PR1592") + @Test + public void testUnsignedReflectionAttackDoPrivileged2JNLPApplication() throws Exception { + ProcessResult pr = runJnlpApplication("testUnsignedReflectionAttackDoPrivileged2", false); + assertAccessControlException(pr); + assertCloseString(pr); + } + + private static void assertProperStart(ProcessResult pr) { + assertTrue("stdout should contain MixedSigningApplet Applet Running but did not", pr.stdout.contains("MixedSigningApplet Applet Running")); + } + + private static void assertContainsUserHome(ProcessResult pr) { + assertTrue("stdout should contain " + USER_HOME + " but did not", pr.stdout.contains(USER_HOME)); + } + + private static void assertAccessControlException(ProcessResult pr) { + assertTrue("stderr should contain \"AccessControlException: access denied\" but did not", pr.stderr.contains("AccessControlException: access denied")); + } + + private static void assertSecurityTagException(ProcessResult pr) { + final String errorMessage = "Cannot grant permissions to unsigned jars. Application requested security permissions, but jars are not signed"; + assertTrue("stderr should contain \"" + errorMessage + "\" but did not.", pr.stderr.contains(errorMessage)); + } + + private static void assertCloseString(ProcessResult pr) { + assertTrue("stdout should contain " + CLOSE_STRING + " but did not", pr.stdout.contains(CLOSE_STRING)); + } +} diff --git a/tests/reproducers/signed/MixedSigningAppletSigned/srcs/MixedSigningAppletSigned.java b/tests/reproducers/signed/MixedSigningAppletSigned/srcs/MixedSigningAppletSigned.java deleted file mode 100644 index 1c55f19..0000000 --- a/tests/reproducers/signed/MixedSigningAppletSigned/srcs/MixedSigningAppletSigned.java +++ /dev/null @@ -1,145 +0,0 @@ -/* MixedSigningAppletSigned.java -Copyright (C) 2013 Red Hat, Inc. - -This file is part of IcedTea. - -IcedTea is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License as published by -the Free Software Foundation, version 2. - -IcedTea is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with IcedTea; see the file COPYING. If not, write to -the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -02110-1301 USA. - -Linking this library statically or dynamically with other modules is -making a combined work based on this library. Thus, the terms and -conditions of the GNU General Public License cover the whole -combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent -modules, and to copy and distribute the resulting executable under -terms of your choice, provided that you also meet, for each linked -independent module, the terms and conditions of the license of that -module. An independent module is a module which is not derived from -or based on this library. If you modify this library, you may extend -this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this -exception statement from your version. - */ - -package com.redhat.mixedsigning.signed; -import java.applet.Applet; -import java.lang.reflect.Method; -import java.util.Arrays; -import java.util.ArrayList; -import java.util.List; - -/* See also simple/MixedSigningApplet */ -public class MixedSigningAppletSigned extends Applet { - - @Override - public void init() { - System.out.println("MixedSigningAppletSigned applet started. testName: " + getParameter("testName")); - Method m = null; - try { - m = this.getClass().getMethod(getParameter("testName")); - final String result = (String) m.invoke(this); - System.out.println(result); - } catch (Exception e) { - e.printStackTrace(); - } finally { - System.out.println("*** APPLET FINISHED ***"); - } - } - - public String testNonPrivilegedAction() { - return new HelperMethodCall<String>().method("help").call(); - } - - // Should succeed - public String testSignedReadProperties() { - return System.getProperty("user.home"); - } - - // Should result in AccessControlException - public String testUnsignedReadProperties() { - return new HelperMethodCall<String>().type(String.class).method("getProperty").arg("user.home").call(); - } - - // Should result in AccessControlException - public String testSignedExportPropertiesToUnsigned() { - return new HelperMethodCall<String>().type(String.class).method("getPropertyFromSignedJar").arg("user.home").call(); - } - - // Should result in AccessControlException - public String testUnsignedAttacksSigned() { - return new HelperMethodCall<String>().method("attack").call(); - } - - // Should result in InvocationTargetException (due to AccessControlException) - public String testUnsignedReflectionAttack() { - return new HelperMethodCall<String>().method("reflectiveAttack").call(); - } - - public String calledByReflection() { - return System.getProperty("user.home"); - } - - public static String getProperty(String prop) { - return System.getProperty(prop); - } - - private static class HelperMethodCall<T> { - - private String methodName; - private final List<Class<?>> methodSignature; - private final List<String> args; - - public HelperMethodCall() { - methodSignature = new ArrayList<Class<?>>(); - args = new ArrayList<String>(); - } - - public HelperMethodCall<T> method(String methodName) { - this.methodName = methodName; - return this; - } - - public HelperMethodCall<T> type(Class<?> methodSignature) { - this.methodSignature.add(methodSignature); - return this; - } - - public HelperMethodCall<T> arg(String arg) { - this.args.add(arg); - return this; - } - - public T call() { - try { - Class<?> helper = Class.forName("com.redhat.mixedsigning.helper.MixedSigningAppletHelper"); - Method m; - if (this.methodSignature == null) { - m = helper.getMethod(this.methodName); - } else { - m = helper.getMethod(this.methodName, this.methodSignature.toArray(new Class<?>[methodSignature.size()])); - } - Object[] params = args.toArray(new String[args.size()]); - @SuppressWarnings("unchecked") - T result = (T) m.invoke(null, params); - return result; - } catch (Exception e) { - e.printStackTrace(); - return null; - } - } - } -} diff --git a/tests/reproducers/signed/MixedSigningAppletSigned/testcases/MixedSigningAppletSignedTests.java b/tests/reproducers/signed/MixedSigningAppletSigned/testcases/MixedSigningAppletSignedTests.java deleted file mode 100644 index f5c8bf0..0000000 --- a/tests/reproducers/signed/MixedSigningAppletSigned/testcases/MixedSigningAppletSignedTests.java +++ /dev/null @@ -1,159 +0,0 @@ -/* MixedSigningAppletSignedTests.java -Copyright (C) 2013 Red Hat, Inc. - -This file is part of IcedTea. - -IcedTea is free software; you can redistribute it and/or -modify it under the terms of the GNU General Public License as published by -the Free Software Foundation, version 2. - -IcedTea is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with IcedTea; see the file COPYING. If not, write to -the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -02110-1301 USA. - -Linking this library statically or dynamically with other modules is -making a combined work based on this library. Thus, the terms and -conditions of the GNU General Public License cover the whole -combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent -modules, and to copy and distribute the resulting executable under -terms of your choice, provided that you also meet, for each linked -independent module, the terms and conditions of the license of that -module. An independent module is a module which is not derived from -or based on this library. If you modify this library, you may extend -this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this -exception statement from your version. - */ - -import net.sourceforge.jnlp.ProcessResult; -import net.sourceforge.jnlp.ServerAccess.AutoClose; -import net.sourceforge.jnlp.annotations.KnownToFail; -import net.sourceforge.jnlp.annotations.NeedsDisplay; -import net.sourceforge.jnlp.annotations.TestInBrowsers; -import net.sourceforge.jnlp.browsertesting.BrowserTest; -import net.sourceforge.jnlp.browsertesting.Browsers; -import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener; - -import static org.junit.Assert.*; -import org.junit.Test; - -/* See also simple/MixedSigningApplet */ -public class MixedSigningAppletSignedTests extends BrowserTest { - - private static final String appletCloseString = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING; - private static final String userHome = System.getProperty("user.home"); - - @NeedsDisplay - // @Test - @TestInBrowsers(testIn={Browsers.one}) - public void testNonPrivilegedAction() throws Exception { - ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testNonPrivilegedAction", AutoClose.CLOSE_ON_CORRECT_END); - assertTrue("stdout should contain MixedSigningApplet Applet Running but did not", pr.stdout.contains("MixedSigningApplet Applet Running")); - assertCloseString(pr); - } - - @NeedsDisplay - // @Test - @TestInBrowsers(testIn={Browsers.one}) - public void testUnsignedReadProperties() throws Exception { - ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedReadProperties", AutoClose.CLOSE_ON_CORRECT_END); - assertAccessControlException(pr); - assertCloseString(pr); - } - - @NeedsDisplay - // @Test - @TestInBrowsers(testIn={Browsers.one}) - public void testSignedReadProperties() throws Exception { - ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testSignedReadProperties", AutoClose.CLOSE_ON_CORRECT_END); - assertTrue("stdout should contain " + userHome + " but did not", pr.stdout.contains(userHome)); - assertCloseString(pr); - } - - @NeedsDisplay - // @Test - @TestInBrowsers(testIn={Browsers.one}) - public void testSignedExportPropertiesToUnsigned() throws Exception { - ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testSignedExportPropertiesToUnsigned", AutoClose.CLOSE_ON_CORRECT_END); - assertAccessControlException(pr); - assertCloseString(pr); - } - - @NeedsDisplay - // @Test - @TestInBrowsers(testIn={Browsers.one}) - public void testUnsignedAttacksSigned() throws Exception { - ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedAttacksSigned", AutoClose.CLOSE_ON_CORRECT_END); - assertAccessControlException(pr); - assertCloseString(pr); - } - - @NeedsDisplay - // @Test - @TestInBrowsers(testIn={Browsers.one}) - public void testUnsignedReflectionAttack() throws Exception { - ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedReflectionAttack", AutoClose.CLOSE_ON_CORRECT_END); - assertAccessControlException(pr); - assertCloseString(pr); - } - - @Test - public void testNonPrivilegedActionJNLP() throws Exception { - ProcessResult pr = server.executeJavawsHeadless("MixedSigningApplet-1.jnlp"); - assertTrue("stdout should contain MixedSigningApplet Applet Running but did not", pr.stdout.contains("MixedSigningApplet Applet Running")); - assertCloseString(pr); - } - - @Test - public void testUnsignedReadPropertiesJNLP() throws Exception { - ProcessResult pr = server.executeJavawsHeadless("MixedSigningApplet-2.jnlp"); - assertAccessControlException(pr); - assertCloseString(pr); - } - - @Test - public void testSignedReadPropertiesJNLP() throws Exception { - ProcessResult pr = server.executeJavawsHeadless("MixedSigningApplet-3.jnlp"); - assertAccessControlException(pr); - assertCloseString(pr); - } - - @Test - public void testSignedExportPropertiesToUnsignedJNLP() throws Exception { - ProcessResult pr = server.executeJavawsHeadless("MixedSigningApplet-4.jnlp"); - assertAccessControlException(pr); - assertCloseString(pr); - } - - @Test - public void testUnsignedAttacksSignedJNLP() throws Exception { - ProcessResult pr = server.executeJavawsHeadless("MixedSigningApplet-5.jnlp"); - assertAccessControlException(pr); - assertCloseString(pr); - } - - @Test - public void testUnsignedReflectionAttackJNLP() throws Exception { - ProcessResult pr = server.executeJavawsHeadless("MixedSigningApplet-6.jnlp"); - assertAccessControlException(pr); - assertCloseString(pr); - } - - private static void assertAccessControlException(ProcessResult pr) { - assertTrue("stderr should contain AccessControlException but did not", pr.stderr.contains("AccessControlException")); - } - - private static void assertCloseString(ProcessResult pr) { - assertTrue("stdout should contain " + appletCloseString + " but did not", pr.stdout.contains(appletCloseString)); - } -} diff --git a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-2.jnlp b/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-2.jnlp deleted file mode 100644 index 0fb1c99..0000000 --- a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-2.jnlp +++ /dev/null @@ -1,61 +0,0 @@ -<!-- - -This file is part of IcedTea. - -IcedTea is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -IcedTea is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with IcedTea; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -02110-1301 USA. - -Linking this library statically or dynamically with other modules is -making a combined work based on this library. Thus, the terms and -conditions of the GNU General Public License cover the whole -combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent -modules, and to copy and distribute the resulting executable under -terms of your choice, provided that you also meet, for each linked -independent module, the terms and conditions of the license of that -module. An independent module is a module which is not derived from -or based on this library. If you modify this library, you may extend -this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this -exception statement from your version. - - --> -<?xml version="1.0" encoding="utf-8"?> -<jnlp spec="1.0" href="MixedSigningApplet.jnlp" codebase="."> - <information> - <title>MixedSigningApplet</title> - <vendor>IcedTea</vendor> - <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> - <description>Test per-JAR security assignment and permissions</description> - <offline/> - </information> - <resources> - <j2se version="1.4+"/> - <jar href="MixedSigningAppletSigned.jar"/> - <jar href="MixedSigningApplet.jar"/> - </resources> - <applet-desc - documentBase="." - name="AppletTest" - main-class="com.redhat.mixedsigning.signed.MixedSigningAppletSigned" - width="100" - height="100"> - <param name="testName" value="testUnsignedReadProperties"/> - </applet-desc> - </application-desc> -</jnlp> diff --git a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-3.jnlp b/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-3.jnlp deleted file mode 100644 index 5799007..0000000 --- a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-3.jnlp +++ /dev/null @@ -1,61 +0,0 @@ -<!-- - -This file is part of IcedTea. - -IcedTea is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -IcedTea is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with IcedTea; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -02110-1301 USA. - -Linking this library statically or dynamically with other modules is -making a combined work based on this library. Thus, the terms and -conditions of the GNU General Public License cover the whole -combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent -modules, and to copy and distribute the resulting executable under -terms of your choice, provided that you also meet, for each linked -independent module, the terms and conditions of the license of that -module. An independent module is a module which is not derived from -or based on this library. If you modify this library, you may extend -this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this -exception statement from your version. - - --> -<?xml version="1.0" encoding="utf-8"?> -<jnlp spec="1.0" href="MixedSigningApplet.jnlp" codebase="."> - <information> - <title>MixedSigningApplet</title> - <vendor>IcedTea</vendor> - <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> - <description>Test per-JAR security assignment and permissions</description> - <offline/> - </information> - <resources> - <j2se version="1.4+"/> - <jar href="MixedSigningAppletSigned.jar"/> - <jar href="MixedSigningApplet.jar"/> - </resources> - <applet-desc - documentBase="." - name="AppletTest" - main-class="com.redhat.mixedsigning.signed.MixedSigningAppletSigned" - width="100" - height="100"> - <param name="testName" value="testSignedReadProperties"/> - </applet-desc> - </application-desc> -</jnlp> diff --git a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-4.jnlp b/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-4.jnlp deleted file mode 100644 index 6975138..0000000 --- a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-4.jnlp +++ /dev/null @@ -1,61 +0,0 @@ -<!-- - -This file is part of IcedTea. - -IcedTea is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -IcedTea is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with IcedTea; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -02110-1301 USA. - -Linking this library statically or dynamically with other modules is -making a combined work based on this library. Thus, the terms and -conditions of the GNU General Public License cover the whole -combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent -modules, and to copy and distribute the resulting executable under -terms of your choice, provided that you also meet, for each linked -independent module, the terms and conditions of the license of that -module. An independent module is a module which is not derived from -or based on this library. If you modify this library, you may extend -this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this -exception statement from your version. - - --> -<?xml version="1.0" encoding="utf-8"?> -<jnlp spec="1.0" href="MixedSigningApplet.jnlp" codebase="."> - <information> - <title>MixedSigningApplet</title> - <vendor>IcedTea</vendor> - <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> - <description>Test per-JAR security assignment and permissions</description> - <offline/> - </information> - <resources> - <j2se version="1.4+"/> - <jar href="MixedSigningAppletSigned.jar"/> - <jar href="MixedSigningApplet.jar"/> - </resources> - <applet-desc - documentBase="." - name="AppletTest" - main-class="com.redhat.mixedsigning.signed.MixedSigningAppletSigned" - width="100" - height="100"> - <param name="testName" value="testSignedExportPropertiesToUnsigned"/> - </applet-desc> - </application-desc> -</jnlp> diff --git a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-5.jnlp b/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-5.jnlp deleted file mode 100644 index 2c1f11c..0000000 --- a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-5.jnlp +++ /dev/null @@ -1,61 +0,0 @@ -<!-- - -This file is part of IcedTea. - -IcedTea is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -IcedTea is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with IcedTea; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -02110-1301 USA. - -Linking this library statically or dynamically with other modules is -making a combined work based on this library. Thus, the terms and -conditions of the GNU General Public License cover the whole -combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent -modules, and to copy and distribute the resulting executable under -terms of your choice, provided that you also meet, for each linked -independent module, the terms and conditions of the license of that -module. An independent module is a module which is not derived from -or based on this library. If you modify this library, you may extend -this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this -exception statement from your version. - - --> -<?xml version="1.0" encoding="utf-8"?> -<jnlp spec="1.0" href="MixedSigningApplet.jnlp" codebase="."> - <information> - <title>MixedSigningApplet</title> - <vendor>IcedTea</vendor> - <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> - <description>Test per-JAR security assignment and permissions</description> - <offline/> - </information> - <resources> - <j2se version="1.4+"/> - <jar href="MixedSigningAppletSigned.jar"/> - <jar href="MixedSigningApplet.jar"/> - </resources> - <applet-desc - documentBase="." - name="AppletTest" - main-class="com.redhat.mixedsigning.signed.MixedSigningAppletSigned" - width="100" - height="100"> - <param name="testName" value="testUnsignedAttacksSigned"/> - </applet-desc> - </application-desc> -</jnlp> diff --git a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-6.jnlp b/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-6.jnlp deleted file mode 100644 index 789a3cc..0000000 --- a/tests/reproducers/simple/MixedSigningApplet/resources/MixedSigningApplet-6.jnlp +++ /dev/null @@ -1,61 +0,0 @@ -<!-- - -This file is part of IcedTea. - -IcedTea is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -IcedTea is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with IcedTea; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -02110-1301 USA. - -Linking this library statically or dynamically with other modules is -making a combined work based on this library. Thus, the terms and -conditions of the GNU General Public License cover the whole -combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent -modules, and to copy and distribute the resulting executable under -terms of your choice, provided that you also meet, for each linked -independent module, the terms and conditions of the license of that -module. An independent module is a module which is not derived from -or based on this library. If you modify this library, you may extend -this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this -exception statement from your version. - - --> -<?xml version="1.0" encoding="utf-8"?> -<jnlp spec="1.0" href="MixedSigningApplet.jnlp" codebase="."> - <information> - <title>MixedSigningApplet</title> - <vendor>IcedTea</vendor> - <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> - <description>Test per-JAR security assignment and permissions</description> - <offline/> - </information> - <resources> - <j2se version="1.4+"/> - <jar href="MixedSigningAppletSigned.jar"/> - <jar href="MixedSigningApplet.jar"/> - </resources> - <applet-desc - documentBase="." - name="AppletTest" - main-class="com.redhat.mixedsigning.signed.MixedSigningAppletSigned" - width="100" - height="100"> - <param name="testName" value="testUnsignedReflectionAttack"/> - </applet-desc> - </application-desc> -</jnlp> |