diff options
author | Andrew Azores <[email protected]> | 2014-01-17 13:43:09 -0500 |
---|---|---|
committer | Andrew Azores <[email protected]> | 2014-01-17 13:43:09 -0500 |
commit | c4bef6cad39892b850022c8f85c1edd97b0c7b40 (patch) | |
tree | 50e5af192a64a3a7da0f04eaf5fae1a2c6eeee48 /tests/reproducers/simple/CustomPolicies/testcases/CustomPoliciesTest.java | |
parent | 4cc1ae82645431a5c1f0958a800e8e5dfc012086 (diff) |
Added PolicyPanel to itweb-settings for custom policies
Added itweb-settings panel to explain custom policy files and allow
launching a policy editor for user's policy file.
* netx/net/sourceforge/jnlp/controlpanel/ControlPanel.java:
(createMainSettingsPanel, createPolicySettingsPanel) added PolicyPanel
* netx/net/sourceforge/jnlp/resources/Messages.properties: new messages
for PolicyPanel
* netx/net/sourceforge/jnlp/controlpanel/PolicyPanel.java: new panel to
allow launching of external policy editor
* tests/reproducers/simple/CustomPolicies/resources/CustomPolicies.html:
new test to ensure custom user policy files work correctly
* tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesApplet.jnlp
* tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesApplication.jnlp
* tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesJnlpHref.html
* tests/reproducers/simple/CustomPolicies/srcs/CustomPolicies.java
* tests/reproducers/simple/CustomPolicies/testcases/CustomPoliciesTest.java
Diffstat (limited to 'tests/reproducers/simple/CustomPolicies/testcases/CustomPoliciesTest.java')
-rw-r--r-- | tests/reproducers/simple/CustomPolicies/testcases/CustomPoliciesTest.java | 227 |
1 files changed, 227 insertions, 0 deletions
diff --git a/tests/reproducers/simple/CustomPolicies/testcases/CustomPoliciesTest.java b/tests/reproducers/simple/CustomPolicies/testcases/CustomPoliciesTest.java new file mode 100644 index 0000000..24bdc4c --- /dev/null +++ b/tests/reproducers/simple/CustomPolicies/testcases/CustomPoliciesTest.java @@ -0,0 +1,227 @@ +/* CustomPoliciesTest.java +Copyright (C) 2014 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.io.File; +import java.io.FileWriter; +import java.io.FilenameFilter; +import java.io.IOException; +import java.net.URL; + +import net.sourceforge.jnlp.ProcessResult; +import net.sourceforge.jnlp.ServerAccess; +import net.sourceforge.jnlp.annotations.NeedsDisplay; +import net.sourceforge.jnlp.annotations.TestInBrowsers; +import net.sourceforge.jnlp.browsertesting.BrowserTest; +import net.sourceforge.jnlp.browsertesting.Browsers; +import net.sourceforge.jnlp.closinglisteners.RulesFolowingClosingListener; +import net.sourceforge.jnlp.config.DeploymentConfiguration; +import net.sourceforge.jnlp.runtime.JNLPRuntime; + +import org.junit.After; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; + +/* Test that adding permission for all codesources to read the user.home property + * results in an unsigned applet being able to perform this action + */ +public class CustomPoliciesTest extends BrowserTest { + + private static DeploymentConfiguration config = JNLPRuntime.getConfiguration(); + private static File policy, policyBackup; + + @BeforeClass + public static void setPolicyLocation() throws Exception { + policy = new File(new URL(config.getProperty(DeploymentConfiguration.KEY_USER_SECURITY_POLICY)).getPath()); + File securityDir = policy.getParentFile(); + File[] previousBackups = securityDir.listFiles(new FilenameFilter() { + @Override + public boolean accept(File dir, String name) { + return name.startsWith("java.policy.bak"); + } + }); + for (File backup : previousBackups) { + ServerAccess.logErrorReprint("Warning: found previous policy file backup at " + backup); + } + } + + @Before + public void backupPolicy() throws Exception { + if (policy.isFile()) { + policyBackup = File.createTempFile("java.policy.bak", null, policy.getParentFile()); + if (!policy.renameTo(policyBackup)) { + ServerAccess.logErrorReprint("Could not back up existing policy file"); + throw new RuntimeException("Could not back up existing policy file"); + } + } + + } + + @After + public void restorePolicy() { + policy.delete(); + if (policyBackup != null && policyBackup.isFile()) { + policyBackup.renameTo(policy); + } + } + + private void writePolicy() throws IOException { + FileWriter out = new FileWriter(policy); + try { + String policyText="grant {\n permission java.util.PropertyPermission \"user.home\", \"read\";\n};\n"; + out.write(policyText, 0, policyText.length()); + } finally { + out.close(); + } + } + + @NeedsDisplay + @Test + @TestInBrowsers(testIn={Browsers.one}) + public void testHtmlLaunchWithPolicy() throws Exception { + writePolicy(); + assertPolicyExists(); + RulesFolowingClosingListener listener = new RulesFolowingClosingListener(); + listener.addContainsRule("CustomPolicies applet read:"); + ProcessResult pr = server.executeBrowser("CustomPolicies.html", listener, null); + assertInit(pr); + assertReadProps(pr); + assertNoAccessControlException(pr); + } + + @NeedsDisplay + @Test + @TestInBrowsers(testIn={Browsers.one}) + public void testHtmlJnlpHrefLaunchWithPolicy() throws Exception { + writePolicy(); + assertPolicyExists(); + RulesFolowingClosingListener listener = new RulesFolowingClosingListener(); + listener.addContainsRule("CustomPolicies applet read:"); + ProcessResult pr = server.executeBrowser("CustomPoliciesJnlpHref.html", listener, null); + assertInit(pr); + assertReadProps(pr); + assertNoAccessControlException(pr); + } + + @Test + public void testJnlpAppletLaunchWithPolicy() throws Exception { + writePolicy(); + assertPolicyExists(); + ProcessResult pr = server.executeJavawsHeadless("CustomPoliciesApplet.jnlp"); + assertInit(pr); + assertReadProps(pr); + assertNoAccessControlException(pr); + } + + @Test + public void testJnlpApplicationLaunchWithPolicy() throws Exception { + writePolicy(); + assertPolicyExists(); + ProcessResult pr = server.executeJavawsHeadless("CustomPoliciesApplication.jnlp"); + assertInit(pr); + assertReadProps(pr); + assertNoAccessControlException(pr); + } + + @NeedsDisplay + @Test + @TestInBrowsers(testIn = { Browsers.one }) + public void testHtmlLaunch() throws Exception { + assertNoPolicyExists(); + RulesFolowingClosingListener listener = new RulesFolowingClosingListener(); + listener.addContainsRule("CustomPolicies applet read:"); + ProcessResult pr = server.executeBrowser("CustomPolicies.html", listener, null); + assertInit(pr); + assertAccessControlException(pr); + } + + @NeedsDisplay + @Test + @TestInBrowsers(testIn = { Browsers.one }) + public void testHtmlJnlpHrefLaunch() throws Exception { + assertNoPolicyExists(); + RulesFolowingClosingListener listener = new RulesFolowingClosingListener(); + listener.addContainsRule("CustomPolicies applet read:"); + ProcessResult pr = server.executeBrowser("CustomPoliciesJnlpHref.html", listener, null); + assertInit(pr); + assertAccessControlException(pr); + } + + @Test + public void testJnlpAppletLaunch() throws Exception { + assertNoPolicyExists(); + ProcessResult pr = server.executeJavawsHeadless("CustomPoliciesApplet.jnlp"); + assertInit(pr); + assertAccessControlException(pr); + } + + @Test + public void testJnlpApplicationLaunch() throws Exception { + assertNoPolicyExists(); + ProcessResult pr = server.executeJavawsHeadless("CustomPoliciesApplication.jnlp"); + assertInit(pr); + assertAccessControlException(pr); + } + + private void assertAccessControlException(ProcessResult pr) { + assertTrue("Applet should not have been able to read user.home", pr.stdout.contains("AccessControlException: access denied")); + } + + private void assertPolicyExists() { + assertTrue("A user policy file should be installed", policy.isFile()); + } + + private void assertNoPolicyExists() { + assertFalse("A user policy file should not be installed", policy.isFile()); + } + + private void assertInit(ProcessResult pr) { + assertTrue("Applet should have initialized", pr.stdout.contains("CustomPolicies applet read:")); + } + + private void assertReadProps(ProcessResult pr) { + assertTrue("stdout should contain user.home", pr.stdout.contains(System.getProperty("user.home"))); + } + + private void assertNoAccessControlException(ProcessResult pr) { + assertFalse("Applet should have been able to read user.home", pr.stdout.contains("AccessControlException: access denied")); + } + +} |