diff options
8 files changed, 342 insertions, 0 deletions
@@ -1,3 +1,15 @@ +2011-10-03 Jiri Vanek <[email protected]> + + * tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp + * tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java + * tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java + * tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned1.jnlp + * tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned2.jnlp + * tests/jnlp_tests/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java + * tests/jnlp_tests/signed/ReadPropertiesSigned/testcases/ReadPropertiesSignedTest.java + Direcory signed was somehow missing from my commit from 2011-09-22. + Now it have been added with all its original files + 2011-09-29 Omair Majid <[email protected]> PR618: Can't install OpenDJ, JavaWebStart fails with Input stream is null diff --git a/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp new file mode 100644 index 0000000..31cd312 --- /dev/null +++ b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" + codebase="./" + href="ReadPropertiesBySignedHack.jnlp"> + <information> + <title>read properties using System.getenv()</title> + </information> + <resources> + <jar href="ReadPropertiesBySignedHack.jar" main="true"/> + <jar href="ReadProperties.jar" main="false" download="lazy"/> + </resources> + <application-desc main-class="ReadPropertiesBySignedHack"> + <argument>user.name</argument> + </application-desc> + <security> + <all-permissions/> + </security> +</jnlp> diff --git a/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java new file mode 100644 index 0000000..cea64af --- /dev/null +++ b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java @@ -0,0 +1,63 @@ +/* ReadPropertiesSigned.java +Copyright (C) 2011 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ +import java.lang.reflect.*; + +public class ReadPropertiesBySignedHack { + + /** + *some system property is expected as arg[0], eg user.name or user.home + */ + public static void main(String[] args) throws Throwable { + //security manager is not protecting us from accessing classes from + //net.sourceforge.jnlp.runtime via reflection + Class c2= Class.forName("net.sourceforge.jnlp.runtime.JNLPRuntime"); + Field f2 = c2.getDeclaredField("trustAll"); + f2.setAccessible(true); + f2.setBoolean(null, true); + Method m2=c2.getDeclaredMethod("setTrustAll",Boolean.TYPE); + m2.setAccessible(true); + m2.invoke((Object) null, true ); + //but security manager is guarding us against lunching unsigned code + //from signed archvive even if Xtrustall is on. + Class c1= Class.forName("ReadProperties"); + Method m1=c1.getDeclaredMethod("main",args.getClass()); + m1.invoke((Object) null, (Object)args); + } + + + +} diff --git a/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java new file mode 100644 index 0000000..9fbd62e --- /dev/null +++ b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java @@ -0,0 +1,69 @@ +/* ReadPropertiesSignedTest.java +Copyright (C) 2011 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import net.sourceforge.jnlp.ServerAccess; +import org.junit.Assert; +import org.junit.Test; + +public class ReadPropertiesBySignedHackTest { + + private static ServerAccess server = new ServerAccess(); + private final List<String> l=Collections.unmodifiableList(Arrays.asList(new String[] {"-Xtrustall"})); + + + @Test + public void ReadPropertiesBySignedHackWithjoutXtrustAll() throws Exception { + //no request for permissions + System.out.println("connecting ReadPropertiesBySignedHack request"); + System.err.println("connecting ReadPropertiesBySignedHack request"); + ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadPropertiesBySignedHack.jnlp"); + System.out.println(pr.stdout); + System.err.println(pr.stderr); + String s="java.lang.SecurityException: class \"ReadProperties\"'s signer information does not match signer information of other classes in the same package"; + Assert.assertTrue("Stderr should contains "+s+" but did not",pr.stderr.contains(s)); + String ss="ClassNotFoundException"; + Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss)); + Assert.assertTrue("stdout lenght should be <2 but was "+pr.stdout.length(),pr.stdout.length()<2); // /home/user or /root or eanything else :( + Assert.assertFalse("should not be terminated but was",pr.wasTerminated); + Assert.assertEquals((Integer)0, pr.returnValue); + } + + } diff --git a/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned1.jnlp b/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned1.jnlp new file mode 100644 index 0000000..a3e71af --- /dev/null +++ b/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned1.jnlp @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" + codebase="./" + href="ReadPropertiesSigned1.jnlp"> + <information> + <title>read properties using System.getenv()</title> + </information> + <resources> + <jar href="ReadPropertiesSigned.jar" main="true"/> + </resources> + <application-desc main-class="ReadPropertiesSigned"> + <argument>user.name</argument> + </application-desc> +</jnlp> diff --git a/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned2.jnlp b/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned2.jnlp new file mode 100644 index 0000000..a34eaa6 --- /dev/null +++ b/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned2.jnlp @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" + codebase="./" + href="ReadPropertiesSigned2.jnlp"> + <information> + <title>read properties using System.getenv()</title> + </information> + <resources> + <jar href="ReadPropertiesSigned.jar" main="true"/> + </resources> + <application-desc main-class="ReadPropertiesSigned"> + <argument>user.name</argument> + </application-desc> + <security> + <all-permissions/> + </security> +</jnlp> diff --git a/tests/jnlp_tests/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java b/tests/jnlp_tests/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java new file mode 100644 index 0000000..60f53cb --- /dev/null +++ b/tests/jnlp_tests/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java @@ -0,0 +1,45 @@ +/* ReadPropertiesSigned.java +Copyright (C) 2011 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ +public class ReadPropertiesSigned { + + /** + *some system property is expected as arg[0], eg user.name or user.home + */ + public static void main(String[] args) { + System.out.println(System.getProperty(args[0])); + } +} diff --git a/tests/jnlp_tests/signed/ReadPropertiesSigned/testcases/ReadPropertiesSignedTest.java b/tests/jnlp_tests/signed/ReadPropertiesSigned/testcases/ReadPropertiesSignedTest.java new file mode 100644 index 0000000..40d64c1 --- /dev/null +++ b/tests/jnlp_tests/signed/ReadPropertiesSigned/testcases/ReadPropertiesSignedTest.java @@ -0,0 +1,104 @@ +/* ReadPropertiesSignedTest.java +Copyright (C) 2011 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import net.sourceforge.jnlp.ServerAccess; +import org.junit.Assert; +import org.junit.Test; + +public class ReadPropertiesSignedTest { + + private static ServerAccess server = new ServerAccess(); + private final List<String> l=Collections.unmodifiableList(Arrays.asList(new String[] {"-Xtrustall"})); + + @Test + public void ReadSignedPropertiesWithoutPermissionsWithXtrustAll() throws Exception { + //no request for permissions + System.out.println("connecting ReadPropertiesSigned1 request"); + System.err.println("connecting ReadPropertiesSigned1 request"); + ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadPropertiesSigned1.jnlp"); + System.out.println(pr.stdout); + System.err.println(pr.stderr); + String s="java.security.AccessControlException: access denied (java.util.PropertyPermission user.name read)"; + Assert.assertTrue("Stderr should contains "+s+" but did not",pr.stderr.contains(s)); + String ss="ClassNotFoundException"; + Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss)); + Assert.assertTrue("stdout lenght should be <2 but was "+pr.stdout.length(),pr.stdout.length()<2); // /home/user or /root or eanything else :( + Assert.assertFalse("should not be terminated but was",pr.wasTerminated); + Assert.assertEquals((Integer)0, pr.returnValue); + } + + @Test + public void ReadSignedPropertiesWithPermissionsWithXtrustAll() throws Exception { + //request for allpermissions + System.out.println("connecting ReadPropertiesSigned2 request"); + System.err.println("connecting ReadPropertiesSigned2 request"); + ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadPropertiesSigned2.jnlp"); + System.out.println(pr.stdout); + System.err.println(pr.stderr); + String s="java.security.AccessControlException: access denied (java.util.PropertyPermission user.name read)"; + Assert.assertFalse("Stderr should NOT contains "+s+" but did",pr.stderr.contains(s)); + String ss="ClassNotFoundException"; + Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss)); + Assert.assertTrue("stdout lenght should be >= but was "+pr.stdout.length(),pr.stdout.length()>=4); // /home/user or /root or eanything else :( + Assert.assertFalse("should not be terminated but was",pr.wasTerminated); + Assert.assertEquals((Integer)0, pr.returnValue); + } + + @Test + public void EnsureXtrustallNotAffectingUnsignedBehaviour() throws Exception { + System.err.println("connecting ReadPropertiesSigned3 request"); + System.out.println("connecting ReadPropertiesSigned3 request"); + ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadProperties1.jnlp"); + System.out.println(pr.stdout); + System.err.println(pr.stderr); + String s="java.security.AccessControlException: access denied (java.util.PropertyPermission user.name read)"; + Assert.assertTrue(pr.stderr.contains(s)); + String ss="ClassNotFoundException"; + Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss)); + Assert.assertFalse("stdout lenght should not be >2 but was "+pr.stdout.length(),pr.stdout.length()>2); + Assert.assertFalse("should not be terminated but was",pr.wasTerminated); + Assert.assertEquals((Integer)0, pr.returnValue); + ServerAccess.ProcessResult pr2=server.executeJavawsHeadless(null,"/ReadProperties1.jnlp"); + Assert.assertEquals(pr.stderr, pr2.stderr); + Assert.assertEquals(pr.stdout, pr2.stdout); + + } + } |