Tests for PR1592

author: Andrew Azores <[email protected]> 2013-12-03 11:43:04 -0500
committer: Andrew Azores <[email protected]> 2013-12-03 11:43:04 -0500
commit: cbc64258778ec40e63357bbad93ad932eaed5c0d (patch)
tree: 901f43fd9f7b6ee2595c1b79a3b84564a2fbc5a8 /tests/reproducers/signed
parent: 90705ffaa37c62b720865cc8377b2f63f6be92e2 (diff)
2 files changed, 304 insertions, 0 deletions
diff --git a/tests/reproducers/signed/MixedSigningAppletSigned/srcs/MixedSigningAppletSigned.java b/tests/reproducers/signed/MixedSigningAppletSigned/srcs/MixedSigningAppletSigned.java
new file mode 100644
index 0000000..1c55f19
--- /dev/null
+++ b/tests/reproducers/signed/MixedSigningAppletSigned/srcs/MixedSigningAppletSigned.java
@@ -0,0 +1,145 @@
+/* MixedSigningAppletSigned.java
+Copyright (C) 2013 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+package com.redhat.mixedsigning.signed;
+import java.applet.Applet;
+import java.lang.reflect.Method;
+import java.util.Arrays;
+import java.util.ArrayList;
+import java.util.List;
+
+/* See also simple/MixedSigningApplet */
+public class MixedSigningAppletSigned extends Applet {
+
+    @Override
+    public void init() {
+        System.out.println("MixedSigningAppletSigned applet started. testName: " + getParameter("testName"));
+        Method m = null;
+        try {
+            m = this.getClass().getMethod(getParameter("testName"));
+            final String result = (String) m.invoke(this);
+            System.out.println(result);
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            System.out.println("*** APPLET FINISHED ***");
+        }
+    }
+
+    public String testNonPrivilegedAction() {
+        return new HelperMethodCall<String>().method("help").call();
+    }
+
+    // Should succeed
+    public String testSignedReadProperties() {
+        return System.getProperty("user.home");
+    }
+
+    // Should result in AccessControlException
+    public String testUnsignedReadProperties() {
+        return new HelperMethodCall<String>().type(String.class).method("getProperty").arg("user.home").call();
+    }
+
+    // Should result in AccessControlException
+    public String testSignedExportPropertiesToUnsigned() {
+        return new HelperMethodCall<String>().type(String.class).method("getPropertyFromSignedJar").arg("user.home").call();
+    }
+
+    // Should result in AccessControlException
+    public String testUnsignedAttacksSigned() {
+        return new HelperMethodCall<String>().method("attack").call();
+    }
+
+    // Should result in InvocationTargetException (due to AccessControlException)
+    public String testUnsignedReflectionAttack() {
+        return new HelperMethodCall<String>().method("reflectiveAttack").call();
+    }
+
+    public String calledByReflection() {
+        return System.getProperty("user.home");
+    }
+
+    public static String getProperty(String prop) {
+        return System.getProperty(prop);
+    }
+
+    private static class HelperMethodCall<T> {
+
+        private String methodName;
+        private final List<Class<?>> methodSignature;
+        private final List<String> args;
+
+        public HelperMethodCall() {
+            methodSignature = new ArrayList<Class<?>>();
+            args = new ArrayList<String>();
+        }
+
+        public HelperMethodCall<T> method(String methodName) {
+            this.methodName = methodName;
+            return this;
+        }
+
+        public HelperMethodCall<T> type(Class<?> methodSignature) {
+            this.methodSignature.add(methodSignature);
+            return this;
+        }
+
+        public HelperMethodCall<T> arg(String arg) {
+            this.args.add(arg);
+            return this;
+        }
+
+        public T call() {
+            try {
+                Class<?> helper = Class.forName("com.redhat.mixedsigning.helper.MixedSigningAppletHelper");
+                Method m;
+                if (this.methodSignature == null) {
+                    m = helper.getMethod(this.methodName);
+                } else {
+                    m = helper.getMethod(this.methodName, this.methodSignature.toArray(new Class<?>[methodSignature.size()]));
+                }
+                Object[] params = args.toArray(new String[args.size()]);
+                @SuppressWarnings("unchecked")
+                T result = (T) m.invoke(null, params);
+                return result;
+            } catch (Exception e) {
+                e.printStackTrace();
+                return null;
+            }
+        }
+    }
+}
diff --git a/tests/reproducers/signed/MixedSigningAppletSigned/testcases/MixedSigningAppletSignedTests.java b/tests/reproducers/signed/MixedSigningAppletSigned/testcases/MixedSigningAppletSignedTests.java
new file mode 100644
index 0000000..f5c8bf0
--- /dev/null
+++ b/tests/reproducers/signed/MixedSigningAppletSigned/testcases/MixedSigningAppletSignedTests.java
@@ -0,0 +1,159 @@
+/* MixedSigningAppletSignedTests.java
+Copyright (C) 2013 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+ */
+
+import net.sourceforge.jnlp.ProcessResult;
+import net.sourceforge.jnlp.ServerAccess.AutoClose;
+import net.sourceforge.jnlp.annotations.KnownToFail;
+import net.sourceforge.jnlp.annotations.NeedsDisplay;
+import net.sourceforge.jnlp.annotations.TestInBrowsers;
+import net.sourceforge.jnlp.browsertesting.BrowserTest;
+import net.sourceforge.jnlp.browsertesting.Browsers;
+import net.sourceforge.jnlp.closinglisteners.AutoOkClosingListener;
+
+import static org.junit.Assert.*;
+import org.junit.Test;
+
+/* See also simple/MixedSigningApplet */
+public class MixedSigningAppletSignedTests extends BrowserTest {
+
+    private static final String appletCloseString = AutoOkClosingListener.MAGICAL_OK_CLOSING_STRING;
+    private static final String userHome = System.getProperty("user.home");
+
+    @NeedsDisplay
+    // @Test
+    @TestInBrowsers(testIn={Browsers.one})
+    public void testNonPrivilegedAction() throws Exception {
+        ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testNonPrivilegedAction", AutoClose.CLOSE_ON_CORRECT_END);
+        assertTrue("stdout should contain MixedSigningApplet Applet Running but did not", pr.stdout.contains("MixedSigningApplet Applet Running"));
+        assertCloseString(pr);
+    }
+
+    @NeedsDisplay
+    // @Test
+    @TestInBrowsers(testIn={Browsers.one})
+    public void testUnsignedReadProperties() throws Exception {
+        ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedReadProperties", AutoClose.CLOSE_ON_CORRECT_END);
+        assertAccessControlException(pr);
+        assertCloseString(pr);
+    }
+
+    @NeedsDisplay
+    // @Test
+    @TestInBrowsers(testIn={Browsers.one})
+    public void testSignedReadProperties() throws Exception {
+        ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testSignedReadProperties", AutoClose.CLOSE_ON_CORRECT_END);
+        assertTrue("stdout should contain " + userHome + " but did not", pr.stdout.contains(userHome));
+        assertCloseString(pr);
+    }
+
+    @NeedsDisplay
+    // @Test
+    @TestInBrowsers(testIn={Browsers.one})
+    public void testSignedExportPropertiesToUnsigned() throws Exception {
+        ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testSignedExportPropertiesToUnsigned", AutoClose.CLOSE_ON_CORRECT_END);
+        assertAccessControlException(pr);
+        assertCloseString(pr);
+    }
+
+    @NeedsDisplay
+    // @Test
+    @TestInBrowsers(testIn={Browsers.one})
+    public void testUnsignedAttacksSigned() throws Exception {
+        ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedAttacksSigned", AutoClose.CLOSE_ON_CORRECT_END);
+        assertAccessControlException(pr);
+        assertCloseString(pr);
+    }
+
+    @NeedsDisplay
+    // @Test
+    @TestInBrowsers(testIn={Browsers.one})
+    public void testUnsignedReflectionAttack() throws Exception {
+        ProcessResult pr = server.executeBrowser("MixedSigningApplet.html?testUnsignedReflectionAttack", AutoClose.CLOSE_ON_CORRECT_END);
+        assertAccessControlException(pr);
+        assertCloseString(pr);
+    }
+
+    @Test
+    public void testNonPrivilegedActionJNLP() throws Exception {
+        ProcessResult pr = server.executeJavawsHeadless("MixedSigningApplet-1.jnlp");
+        assertTrue("stdout should contain MixedSigningApplet Applet Running but did not", pr.stdout.contains("MixedSigningApplet Applet Running"));
+        assertCloseString(pr);
+    }
+
+    @Test
+    public void testUnsignedReadPropertiesJNLP() throws Exception {
+        ProcessResult pr = server.executeJavawsHeadless("MixedSigningApplet-2.jnlp");
+        assertAccessControlException(pr);
+        assertCloseString(pr);
+    }
+
+    @Test
+    public void testSignedReadPropertiesJNLP() throws Exception {
+        ProcessResult pr = server.executeJavawsHeadless("MixedSigningApplet-3.jnlp");
+        assertAccessControlException(pr);
+        assertCloseString(pr);
+    }
+
+    @Test
+    public void testSignedExportPropertiesToUnsignedJNLP() throws Exception {
+        ProcessResult pr = server.executeJavawsHeadless("MixedSigningApplet-4.jnlp");
+        assertAccessControlException(pr);
+        assertCloseString(pr);
+    }
+
+    @Test
+    public void testUnsignedAttacksSignedJNLP() throws Exception {
+        ProcessResult pr = server.executeJavawsHeadless("MixedSigningApplet-5.jnlp");
+        assertAccessControlException(pr);
+        assertCloseString(pr);
+    }
+
+    @Test
+    public void testUnsignedReflectionAttackJNLP() throws Exception {
+        ProcessResult pr = server.executeJavawsHeadless("MixedSigningApplet-6.jnlp");
+        assertAccessControlException(pr);
+        assertCloseString(pr);
+    }
+
+    private static void assertAccessControlException(ProcessResult pr) {
+        assertTrue("stderr should contain AccessControlException but did not", pr.stderr.contains("AccessControlException"));
+    }
+
+    private static void assertCloseString(ProcessResult pr) {
+        assertTrue("stdout should contain " + appletCloseString + " but did not", pr.stdout.contains(appletCloseString));
+    }
+}
author	Andrew Azores <[email protected]>	2013-12-03 11:43:04 -0500
committer	Andrew Azores <[email protected]>	2013-12-03 11:43:04 -0500
commit	cbc64258778ec40e63357bbad93ad932eaed5c0d (patch)
tree	901f43fd9f7b6ee2595c1b79a3b84564a2fbc5a8 /tests/reproducers/signed
parent	90705ffaa37c62b720865cc8377b2f63f6be92e2 (diff)