aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ChangeLog12
-rw-r--r--tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp18
-rw-r--r--tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java63
-rw-r--r--tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java69
-rw-r--r--tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned1.jnlp14
-rw-r--r--tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned2.jnlp17
-rw-r--r--tests/jnlp_tests/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java45
-rw-r--r--tests/jnlp_tests/signed/ReadPropertiesSigned/testcases/ReadPropertiesSignedTest.java104
8 files changed, 342 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 273e83f..7b7b8e3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2011-10-03 Jiri Vanek <[email protected]>
+
+ * tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp
+ * tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java
+ * tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java
+ * tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned1.jnlp
+ * tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned2.jnlp
+ * tests/jnlp_tests/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java
+ * tests/jnlp_tests/signed/ReadPropertiesSigned/testcases/ReadPropertiesSignedTest.java
+ Direcory signed was somehow missing from my commit from 2011-09-22.
+ Now it have been added with all its original files
+
2011-09-29 Omair Majid <[email protected]>
PR618: Can't install OpenDJ, JavaWebStart fails with Input stream is null
diff --git a/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp
new file mode 100644
index 0000000..31cd312
--- /dev/null
+++ b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/resources/ReadPropertiesBySignedHack.jnlp
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0"
+ codebase="./"
+ href="ReadPropertiesBySignedHack.jnlp">
+ <information>
+ <title>read properties using System.getenv()</title>
+ </information>
+ <resources>
+ <jar href="ReadPropertiesBySignedHack.jar" main="true"/>
+ <jar href="ReadProperties.jar" main="false" download="lazy"/>
+ </resources>
+ <application-desc main-class="ReadPropertiesBySignedHack">
+ <argument>user.name</argument>
+ </application-desc>
+ <security>
+ <all-permissions/>
+ </security>
+</jnlp>
diff --git a/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java
new file mode 100644
index 0000000..cea64af
--- /dev/null
+++ b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/srcs/ReadPropertiesBySignedHack.java
@@ -0,0 +1,63 @@
+/* ReadPropertiesSigned.java
+Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+import java.lang.reflect.*;
+
+public class ReadPropertiesBySignedHack {
+
+ /**
+ *some system property is expected as arg[0], eg user.name or user.home
+ */
+ public static void main(String[] args) throws Throwable {
+ //security manager is not protecting us from accessing classes from
+ //net.sourceforge.jnlp.runtime via reflection
+ Class c2= Class.forName("net.sourceforge.jnlp.runtime.JNLPRuntime");
+ Field f2 = c2.getDeclaredField("trustAll");
+ f2.setAccessible(true);
+ f2.setBoolean(null, true);
+ Method m2=c2.getDeclaredMethod("setTrustAll",Boolean.TYPE);
+ m2.setAccessible(true);
+ m2.invoke((Object) null, true );
+ //but security manager is guarding us against lunching unsigned code
+ //from signed archvive even if Xtrustall is on.
+ Class c1= Class.forName("ReadProperties");
+ Method m1=c1.getDeclaredMethod("main",args.getClass());
+ m1.invoke((Object) null, (Object)args);
+ }
+
+
+
+}
diff --git a/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java
new file mode 100644
index 0000000..9fbd62e
--- /dev/null
+++ b/tests/jnlp_tests/signed/ReadPropertiesBySignedHack/testcases/ReadPropertiesBySignedHackTest.java
@@ -0,0 +1,69 @@
+/* ReadPropertiesSignedTest.java
+Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import net.sourceforge.jnlp.ServerAccess;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class ReadPropertiesBySignedHackTest {
+
+ private static ServerAccess server = new ServerAccess();
+ private final List<String> l=Collections.unmodifiableList(Arrays.asList(new String[] {"-Xtrustall"}));
+
+
+ @Test
+ public void ReadPropertiesBySignedHackWithjoutXtrustAll() throws Exception {
+ //no request for permissions
+ System.out.println("connecting ReadPropertiesBySignedHack request");
+ System.err.println("connecting ReadPropertiesBySignedHack request");
+ ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadPropertiesBySignedHack.jnlp");
+ System.out.println(pr.stdout);
+ System.err.println(pr.stderr);
+ String s="java.lang.SecurityException: class \"ReadProperties\"'s signer information does not match signer information of other classes in the same package";
+ Assert.assertTrue("Stderr should contains "+s+" but did not",pr.stderr.contains(s));
+ String ss="ClassNotFoundException";
+ Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss));
+ Assert.assertTrue("stdout lenght should be <2 but was "+pr.stdout.length(),pr.stdout.length()<2); // /home/user or /root or eanything else :(
+ Assert.assertFalse("should not be terminated but was",pr.wasTerminated);
+ Assert.assertEquals((Integer)0, pr.returnValue);
+ }
+
+ }
diff --git a/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned1.jnlp b/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned1.jnlp
new file mode 100644
index 0000000..a3e71af
--- /dev/null
+++ b/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned1.jnlp
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0"
+ codebase="./"
+ href="ReadPropertiesSigned1.jnlp">
+ <information>
+ <title>read properties using System.getenv()</title>
+ </information>
+ <resources>
+ <jar href="ReadPropertiesSigned.jar" main="true"/>
+ </resources>
+ <application-desc main-class="ReadPropertiesSigned">
+ <argument>user.name</argument>
+ </application-desc>
+</jnlp>
diff --git a/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned2.jnlp b/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned2.jnlp
new file mode 100644
index 0000000..a34eaa6
--- /dev/null
+++ b/tests/jnlp_tests/signed/ReadPropertiesSigned/resources/ReadPropertiesSigned2.jnlp
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0"
+ codebase="./"
+ href="ReadPropertiesSigned2.jnlp">
+ <information>
+ <title>read properties using System.getenv()</title>
+ </information>
+ <resources>
+ <jar href="ReadPropertiesSigned.jar" main="true"/>
+ </resources>
+ <application-desc main-class="ReadPropertiesSigned">
+ <argument>user.name</argument>
+ </application-desc>
+ <security>
+ <all-permissions/>
+ </security>
+</jnlp>
diff --git a/tests/jnlp_tests/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java b/tests/jnlp_tests/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java
new file mode 100644
index 0000000..60f53cb
--- /dev/null
+++ b/tests/jnlp_tests/signed/ReadPropertiesSigned/srcs/ReadPropertiesSigned.java
@@ -0,0 +1,45 @@
+/* ReadPropertiesSigned.java
+Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+public class ReadPropertiesSigned {
+
+ /**
+ *some system property is expected as arg[0], eg user.name or user.home
+ */
+ public static void main(String[] args) {
+ System.out.println(System.getProperty(args[0]));
+ }
+}
diff --git a/tests/jnlp_tests/signed/ReadPropertiesSigned/testcases/ReadPropertiesSignedTest.java b/tests/jnlp_tests/signed/ReadPropertiesSigned/testcases/ReadPropertiesSignedTest.java
new file mode 100644
index 0000000..40d64c1
--- /dev/null
+++ b/tests/jnlp_tests/signed/ReadPropertiesSigned/testcases/ReadPropertiesSignedTest.java
@@ -0,0 +1,104 @@
+/* ReadPropertiesSignedTest.java
+Copyright (C) 2011 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import net.sourceforge.jnlp.ServerAccess;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class ReadPropertiesSignedTest {
+
+ private static ServerAccess server = new ServerAccess();
+ private final List<String> l=Collections.unmodifiableList(Arrays.asList(new String[] {"-Xtrustall"}));
+
+ @Test
+ public void ReadSignedPropertiesWithoutPermissionsWithXtrustAll() throws Exception {
+ //no request for permissions
+ System.out.println("connecting ReadPropertiesSigned1 request");
+ System.err.println("connecting ReadPropertiesSigned1 request");
+ ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadPropertiesSigned1.jnlp");
+ System.out.println(pr.stdout);
+ System.err.println(pr.stderr);
+ String s="java.security.AccessControlException: access denied (java.util.PropertyPermission user.name read)";
+ Assert.assertTrue("Stderr should contains "+s+" but did not",pr.stderr.contains(s));
+ String ss="ClassNotFoundException";
+ Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss));
+ Assert.assertTrue("stdout lenght should be <2 but was "+pr.stdout.length(),pr.stdout.length()<2); // /home/user or /root or eanything else :(
+ Assert.assertFalse("should not be terminated but was",pr.wasTerminated);
+ Assert.assertEquals((Integer)0, pr.returnValue);
+ }
+
+ @Test
+ public void ReadSignedPropertiesWithPermissionsWithXtrustAll() throws Exception {
+ //request for allpermissions
+ System.out.println("connecting ReadPropertiesSigned2 request");
+ System.err.println("connecting ReadPropertiesSigned2 request");
+ ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadPropertiesSigned2.jnlp");
+ System.out.println(pr.stdout);
+ System.err.println(pr.stderr);
+ String s="java.security.AccessControlException: access denied (java.util.PropertyPermission user.name read)";
+ Assert.assertFalse("Stderr should NOT contains "+s+" but did",pr.stderr.contains(s));
+ String ss="ClassNotFoundException";
+ Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss));
+ Assert.assertTrue("stdout lenght should be >= but was "+pr.stdout.length(),pr.stdout.length()>=4); // /home/user or /root or eanything else :(
+ Assert.assertFalse("should not be terminated but was",pr.wasTerminated);
+ Assert.assertEquals((Integer)0, pr.returnValue);
+ }
+
+ @Test
+ public void EnsureXtrustallNotAffectingUnsignedBehaviour() throws Exception {
+ System.err.println("connecting ReadPropertiesSigned3 request");
+ System.out.println("connecting ReadPropertiesSigned3 request");
+ ServerAccess.ProcessResult pr=server.executeJavawsHeadless(l,"/ReadProperties1.jnlp");
+ System.out.println(pr.stdout);
+ System.err.println(pr.stderr);
+ String s="java.security.AccessControlException: access denied (java.util.PropertyPermission user.name read)";
+ Assert.assertTrue(pr.stderr.contains(s));
+ String ss="ClassNotFoundException";
+ Assert.assertFalse("Stderr should not contains "+ss+" but did",pr.stderr.contains(ss));
+ Assert.assertFalse("stdout lenght should not be >2 but was "+pr.stdout.length(),pr.stdout.length()>2);
+ Assert.assertFalse("should not be terminated but was",pr.wasTerminated);
+ Assert.assertEquals((Integer)0, pr.returnValue);
+ ServerAccess.ProcessResult pr2=server.executeJavawsHeadless(null,"/ReadProperties1.jnlp");
+ Assert.assertEquals(pr.stderr, pr2.stderr);
+ Assert.assertEquals(pr.stdout, pr2.stdout);
+
+ }
+ }