added missing directory "signed" with its files

3 files changed, 150 insertions, 0 deletions

diff --git a/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp
new file mode 100644
index 0000000..31cd312
--- /dev/null
+++ b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?> 
+<jnlp spec="1.0"
+      codebase="./"
+      href="ReadPropertiesBySignedHack.jnlp">
+    <information>
+        <title>read properties using System.getenv()</title>
+    </information>
+    <resources>
+        <jar href="ReadPropertiesBySignedHack.jar" main="true"/>
+        <jar href="ReadProperties.jar" main="false" download="lazy"/>  
+    </resources>
+    <application-desc main-class="ReadPropertiesBySignedHack">
+      <argument>user.name</argument>
+    </application-desc>
+     <security>
+      <all-permissions/>
+    </security>
+</jnlp>
diff --git a/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java
new file mode 100644
index 0000000..cea64af
--- /dev/null
+++ b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java
@@ -0,0 +1,63 @@
+/* ReadPropertiesSigned.java
+Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+import java.lang.reflect.*;
+
+public class ReadPropertiesBySignedHack {
+
+    /**
+    *some system property is expected as arg[0], eg user.name or user.home
+    */    
+    public static void main(String[] args) throws Throwable {
+        //security manager is not protecting us from accessing classes  from
+        //net.sourceforge.jnlp.runtime via reflection
+        Class c2= Class.forName("net.sourceforge.jnlp.runtime.JNLPRuntime");
+        Field f2 = c2.getDeclaredField("trustAll");
+        f2.setAccessible(true);
+        f2.setBoolean(null, true);
+        Method m2=c2.getDeclaredMethod("setTrustAll",Boolean.TYPE);
+        m2.setAccessible(true);
+        m2.invoke((Object) null, true );
+        //but security manager is guarding us against lunching unsigned code
+        //from signed archvive even if Xtrustall is on.
+        Class c1= Class.forName("ReadProperties");
+        Method m1=c1.getDeclaredMethod("main",args.getClass());
+        m1.invoke((Object) null, (Object)args);
+    }
+         
+
+  
+}
diff --git a/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java
new file mode 100644
index 0000000..9fbd62e
--- /dev/null
+++ b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java
@@ -0,0 +1,69 @@
+/* ReadPropertiesSignedTest.java
+Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import net.sourceforge.jnlp.ServerAccess;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class ReadPropertiesBySignedHackTest {
+
+    private static ServerAccess server = new ServerAccess();
+    private final List<String> l=Collections.unmodifiableList(Arrays.asList(new String[] {"-Xtrustall"}));
+
+
+    @Test
+    public void ReadPropertiesBySignedHackWithjoutXtrustAll() throws Exception {
+        //no request for permissions
+        System.out.println("connecting ReadPropertiesBySignedHack request");
+        System.err.println("connecting ReadPropertiesBySignedHack request");
+        ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadPropertiesBySignedHack.jnlp");
+        System.out.println(pr.stdout);
+        System.err.println(pr.stderr);
+        String s="java.lang.SecurityException: class \"ReadProperties\"'s signer information does not match signer information of other classes in the same package";
+        Assert.assertTrue("Stderr should contains "+s+" but did not",pr.stderr.contains(s));
+        String ss="ClassNotFoundException";
+        Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss));
+        Assert.assertTrue("stdout lenght should be <2 but was "+pr.stdout.length(),pr.stdout.length()<2); // /home/user or /root or eanything else :(
+        Assert.assertFalse("should not be terminated but was",pr.wasTerminated);
+        Assert.assertEquals((Integer)0, pr.returnValue);
+   }
+
+  }