aboutsummaryrefslogtreecommitdiffstats
path: root/tests/reproducers/simple/CustomPolicies
diff options
context:
space:
mode:
Diffstat (limited to 'tests/reproducers/simple/CustomPolicies')
-rw-r--r--tests/reproducers/simple/CustomPolicies/resources/CustomPolicies.html48
-rw-r--r--tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesApplet.jnlp53
-rw-r--r--tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesApplication.jnlp53
-rw-r--r--tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesJnlpHref.html45
-rw-r--r--tests/reproducers/simple/CustomPolicies/srcs/CustomPolicies.java23
-rw-r--r--tests/reproducers/simple/CustomPolicies/testcases/CustomPoliciesTest.java227
6 files changed, 449 insertions, 0 deletions
diff --git a/tests/reproducers/simple/CustomPolicies/resources/CustomPolicies.html b/tests/reproducers/simple/CustomPolicies/resources/CustomPolicies.html
new file mode 100644
index 0000000..06d4508
--- /dev/null
+++ b/tests/reproducers/simple/CustomPolicies/resources/CustomPolicies.html
@@ -0,0 +1,48 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<html>
+ <head></head>
+ <body>
+ <applet code="CustomPolicies.class"
+ archive="CustomPolicies.jar"
+ codebase="."
+ width="800"
+ height="600">
+ </applet>
+ </body>
+</html>
diff --git a/tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesApplet.jnlp b/tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesApplet.jnlp
new file mode 100644
index 0000000..00d6a83
--- /dev/null
+++ b/tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesApplet.jnlp
@@ -0,0 +1,53 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="CustomPoliciesApplet.jnlp" codebase=".">
+ <information>
+ <title>CustomPoliciesApplet</title>
+ <vendor>IcedTea</vendor>
+ <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+ <description>Test that unsigned applets can perform privileged actions when granted by custom policies</description>
+ <offline/>
+ </information>
+ <resources>
+ <j2se version="1.4+"/>
+ <jar href="CustomPolicies.jar"/>
+ </resources>
+ <applet-desc main-class="CustomPolicies">
+ </applet-desc>
+</jnlp>
diff --git a/tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesApplication.jnlp b/tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesApplication.jnlp
new file mode 100644
index 0000000..31624e8
--- /dev/null
+++ b/tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesApplication.jnlp
@@ -0,0 +1,53 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="1.0" href="CustomPoliciesApplication.jnlp" codebase=".">
+ <information>
+ <title>CustomPoliciesApplication</title>
+ <vendor>IcedTea</vendor>
+ <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/>
+ <description>Test that unsigned applets can perform privileged actions when granted by custom policies</description>
+ <offline/>
+ </information>
+ <resources>
+ <j2se version="1.4+"/>
+ <jar href="CustomPolicies.jar"/>
+ </resources>
+ <application-desc main-class="CustomPolicies">
+ </application-desc>
+</jnlp>
diff --git a/tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesJnlpHref.html b/tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesJnlpHref.html
new file mode 100644
index 0000000..49727e5
--- /dev/null
+++ b/tests/reproducers/simple/CustomPolicies/resources/CustomPoliciesJnlpHref.html
@@ -0,0 +1,45 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<html>
+ <head></head>
+ <body>
+ <applet width="800" height="600" code="CustomPolicies">
+ <param name="jnlp_href" value="CustomPoliciesApplet.jnlp">
+ </applet>
+ </body>
+</html>
diff --git a/tests/reproducers/simple/CustomPolicies/srcs/CustomPolicies.java b/tests/reproducers/simple/CustomPolicies/srcs/CustomPolicies.java
new file mode 100644
index 0000000..2446f55
--- /dev/null
+++ b/tests/reproducers/simple/CustomPolicies/srcs/CustomPolicies.java
@@ -0,0 +1,23 @@
+import java.applet.Applet;
+import java.security.AccessControlException;
+
+public class CustomPolicies extends Applet {
+
+ @Override
+ public void start() {
+ System.out.println("CustomPolicies applet read: " + read("user.home"));
+ System.exit(0);
+ }
+
+ private String read(String key) {
+ try {
+ return System.getProperty(key);
+ } catch (AccessControlException ace) {
+ return ace.toString();
+ }
+ }
+
+ public static void main(String[] args) {
+ new CustomPolicies().start();
+ }
+}
diff --git a/tests/reproducers/simple/CustomPolicies/testcases/CustomPoliciesTest.java b/tests/reproducers/simple/CustomPolicies/testcases/CustomPoliciesTest.java
new file mode 100644
index 0000000..24bdc4c
--- /dev/null
+++ b/tests/reproducers/simple/CustomPolicies/testcases/CustomPoliciesTest.java
@@ -0,0 +1,227 @@
+/* CustomPoliciesTest.java
+Copyright (C) 2014 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.io.FilenameFilter;
+import java.io.IOException;
+import java.net.URL;
+
+import net.sourceforge.jnlp.ProcessResult;
+import net.sourceforge.jnlp.ServerAccess;
+import net.sourceforge.jnlp.annotations.NeedsDisplay;
+import net.sourceforge.jnlp.annotations.TestInBrowsers;
+import net.sourceforge.jnlp.browsertesting.BrowserTest;
+import net.sourceforge.jnlp.browsertesting.Browsers;
+import net.sourceforge.jnlp.closinglisteners.RulesFolowingClosingListener;
+import net.sourceforge.jnlp.config.DeploymentConfiguration;
+import net.sourceforge.jnlp.runtime.JNLPRuntime;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/* Test that adding permission for all codesources to read the user.home property
+ * results in an unsigned applet being able to perform this action
+ */
+public class CustomPoliciesTest extends BrowserTest {
+
+ private static DeploymentConfiguration config = JNLPRuntime.getConfiguration();
+ private static File policy, policyBackup;
+
+ @BeforeClass
+ public static void setPolicyLocation() throws Exception {
+ policy = new File(new URL(config.getProperty(DeploymentConfiguration.KEY_USER_SECURITY_POLICY)).getPath());
+ File securityDir = policy.getParentFile();
+ File[] previousBackups = securityDir.listFiles(new FilenameFilter() {
+ @Override
+ public boolean accept(File dir, String name) {
+ return name.startsWith("java.policy.bak");
+ }
+ });
+ for (File backup : previousBackups) {
+ ServerAccess.logErrorReprint("Warning: found previous policy file backup at " + backup);
+ }
+ }
+
+ @Before
+ public void backupPolicy() throws Exception {
+ if (policy.isFile()) {
+ policyBackup = File.createTempFile("java.policy.bak", null, policy.getParentFile());
+ if (!policy.renameTo(policyBackup)) {
+ ServerAccess.logErrorReprint("Could not back up existing policy file");
+ throw new RuntimeException("Could not back up existing policy file");
+ }
+ }
+
+ }
+
+ @After
+ public void restorePolicy() {
+ policy.delete();
+ if (policyBackup != null && policyBackup.isFile()) {
+ policyBackup.renameTo(policy);
+ }
+ }
+
+ private void writePolicy() throws IOException {
+ FileWriter out = new FileWriter(policy);
+ try {
+ String policyText="grant {\n permission java.util.PropertyPermission \"user.home\", \"read\";\n};\n";
+ out.write(policyText, 0, policyText.length());
+ } finally {
+ out.close();
+ }
+ }
+
+ @NeedsDisplay
+ @Test
+ @TestInBrowsers(testIn={Browsers.one})
+ public void testHtmlLaunchWithPolicy() throws Exception {
+ writePolicy();
+ assertPolicyExists();
+ RulesFolowingClosingListener listener = new RulesFolowingClosingListener();
+ listener.addContainsRule("CustomPolicies applet read:");
+ ProcessResult pr = server.executeBrowser("CustomPolicies.html", listener, null);
+ assertInit(pr);
+ assertReadProps(pr);
+ assertNoAccessControlException(pr);
+ }
+
+ @NeedsDisplay
+ @Test
+ @TestInBrowsers(testIn={Browsers.one})
+ public void testHtmlJnlpHrefLaunchWithPolicy() throws Exception {
+ writePolicy();
+ assertPolicyExists();
+ RulesFolowingClosingListener listener = new RulesFolowingClosingListener();
+ listener.addContainsRule("CustomPolicies applet read:");
+ ProcessResult pr = server.executeBrowser("CustomPoliciesJnlpHref.html", listener, null);
+ assertInit(pr);
+ assertReadProps(pr);
+ assertNoAccessControlException(pr);
+ }
+
+ @Test
+ public void testJnlpAppletLaunchWithPolicy() throws Exception {
+ writePolicy();
+ assertPolicyExists();
+ ProcessResult pr = server.executeJavawsHeadless("CustomPoliciesApplet.jnlp");
+ assertInit(pr);
+ assertReadProps(pr);
+ assertNoAccessControlException(pr);
+ }
+
+ @Test
+ public void testJnlpApplicationLaunchWithPolicy() throws Exception {
+ writePolicy();
+ assertPolicyExists();
+ ProcessResult pr = server.executeJavawsHeadless("CustomPoliciesApplication.jnlp");
+ assertInit(pr);
+ assertReadProps(pr);
+ assertNoAccessControlException(pr);
+ }
+
+ @NeedsDisplay
+ @Test
+ @TestInBrowsers(testIn = { Browsers.one })
+ public void testHtmlLaunch() throws Exception {
+ assertNoPolicyExists();
+ RulesFolowingClosingListener listener = new RulesFolowingClosingListener();
+ listener.addContainsRule("CustomPolicies applet read:");
+ ProcessResult pr = server.executeBrowser("CustomPolicies.html", listener, null);
+ assertInit(pr);
+ assertAccessControlException(pr);
+ }
+
+ @NeedsDisplay
+ @Test
+ @TestInBrowsers(testIn = { Browsers.one })
+ public void testHtmlJnlpHrefLaunch() throws Exception {
+ assertNoPolicyExists();
+ RulesFolowingClosingListener listener = new RulesFolowingClosingListener();
+ listener.addContainsRule("CustomPolicies applet read:");
+ ProcessResult pr = server.executeBrowser("CustomPoliciesJnlpHref.html", listener, null);
+ assertInit(pr);
+ assertAccessControlException(pr);
+ }
+
+ @Test
+ public void testJnlpAppletLaunch() throws Exception {
+ assertNoPolicyExists();
+ ProcessResult pr = server.executeJavawsHeadless("CustomPoliciesApplet.jnlp");
+ assertInit(pr);
+ assertAccessControlException(pr);
+ }
+
+ @Test
+ public void testJnlpApplicationLaunch() throws Exception {
+ assertNoPolicyExists();
+ ProcessResult pr = server.executeJavawsHeadless("CustomPoliciesApplication.jnlp");
+ assertInit(pr);
+ assertAccessControlException(pr);
+ }
+
+ private void assertAccessControlException(ProcessResult pr) {
+ assertTrue("Applet should not have been able to read user.home", pr.stdout.contains("AccessControlException: access denied"));
+ }
+
+ private void assertPolicyExists() {
+ assertTrue("A user policy file should be installed", policy.isFile());
+ }
+
+ private void assertNoPolicyExists() {
+ assertFalse("A user policy file should not be installed", policy.isFile());
+ }
+
+ private void assertInit(ProcessResult pr) {
+ assertTrue("Applet should have initialized", pr.stdout.contains("CustomPolicies applet read:"));
+ }
+
+ private void assertReadProps(ProcessResult pr) {
+ assertTrue("stdout should contain user.home", pr.stdout.contains(System.getProperty("user.home")));
+ }
+
+ private void assertNoAccessControlException(ProcessResult pr) {
+ assertFalse("Applet should have been able to read user.home", pr.stdout.contains("AccessControlException: access denied"));
+ }
+
+}