diff options
9 files changed, 364 insertions, 1 deletions
@@ -1,3 +1,29 @@ +2012-08-01 Saad Mohammad <[email protected]> + + * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (initializeResources): + Removes the display of the security dialog for loaders with only empty jars. + * netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: + (JarCertVerifier): Tracks whether all jars verified are empty jars. + (hasAllEmptyJars): Returns true if all jars verified are empty jars. + (verifyJars): Checks whether signable entries and certificates are found and + decides if all jars are empty jars. + (isFullySignedByASingleCert): If all jars are emptyJars, returns true. + * tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarInLaunchingJnlp.jnlp: + Launching jnlp with the resource of an empty jar and an extension jnlp + containing the main jar. + * tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarInExtensionJnlp.jnlp: + Launching jnlp with the resource of the main jar and an extension jnlp + containing the empty jar. + * tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarExtension.jnlp: + Extension jnlp containing only an empty jar. + * tests/reproducers/signed/EmptySignedJar/srcs/META-INF/empty_file: + Empty file within META-INF; required to create EmptySignedJar.jar + by the test engine. + * tests/reproducers/signed/EmptySignedJar/testcases/EmptySignedJarTest.java: + Testcase that tests jnlp files with empty jars. + * tests/reproducers/signed/SignedJarResource/resources/SignedJarResource.jnlp: + Launches SignedJarResource class directly. + 2012-07-31 Danesh Dadachanji <[email protected]> Minor fix to overly restrictive unit test. diff --git a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java index 86eda20..c0c3762 100644 --- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java +++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java @@ -650,7 +650,7 @@ public class JNLPClassLoader extends URLClassLoader { file.setSignedJNLPAsMissing(); //user does not trust this publisher - if (!jcv.getAlreadyTrustPublisher()) { + if (!jcv.getAlreadyTrustPublisher() && !jcv.isTriviallySigned()) { checkTrustWithUser(jcv); } else { /** diff --git a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java index 4e9757d..e9ba2fb 100644 --- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java +++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java @@ -103,6 +103,16 @@ public class JarCertVerifier implements CertVerifier { private int totalSignableEntries = 0; + /** Whether a signable entry was found within jars (jars with content more than just META-INF/*) */ + private boolean triviallySigned = false; + + /** + * Return true if there are signable entries in the jars, otherwise false + */ + public boolean isTriviallySigned() { + return triviallySigned; + } + /* (non-Javadoc) * @see net.sourceforge.jnlp.tools.CertVerifier2#getAlreadyTrustPublisher() */ @@ -167,6 +177,9 @@ public class JarCertVerifier implements CertVerifier { */ public boolean isFullySignedByASingleCert() { + if (triviallySigned) + return true; + for (CertPath cPath : certs.keySet()) { // If this cert has signed everything, return true if (certs.get(cPath) == totalSignableEntries) @@ -197,6 +210,7 @@ public class JarCertVerifier implements CertVerifier { String localFile = jarFile.getAbsolutePath(); verifyResult result = verifyJar(localFile); + triviallySigned = false; if (result == verifyResult.UNSIGNED) { unverifiedJars.add(localFile); @@ -205,6 +219,7 @@ public class JarCertVerifier implements CertVerifier { verifiedJars.add(localFile); } else if (result == verifyResult.SIGNED_OK) { verifiedJars.add(localFile); + triviallySigned = totalSignableEntries <= 0 && certs.size() <= 0; } } catch (Exception e) { // We may catch exceptions from using verifyJar() diff --git a/tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarExtension.jnlp b/tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarExtension.jnlp new file mode 100644 index 0000000..184f073 --- /dev/null +++ b/tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarExtension.jnlp @@ -0,0 +1,58 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + +*********************************************************************** +This file is used as an extension jnlp for the launching jnlp's resource - contains +only an empty jar +*********************************************************************** + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="EmptySignedJarExtension.jnlp" codebase="."> + <information> + <title>EmptySignedJarExtension</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>EmptySignedJarExtension</description> + <offline/> + </information> + + <resources> + <j2se version="1.6+"/> + <jar href="EmptySignedJar.jar"/> + </resources> + + <component-desc /> +</jnlp> diff --git a/tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarInExtensionJnlp.jnlp b/tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarInExtensionJnlp.jnlp new file mode 100644 index 0000000..ac9ce6d --- /dev/null +++ b/tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarInExtensionJnlp.jnlp @@ -0,0 +1,64 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + +*********************************************************************** +This file contains the main jar and an extension jnlp for its resources - the extension jnlp +contains a empty jar +*********************************************************************** + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="EmptySignedJarInExtensionJnlp.jnlp" codebase="."> + <information> + <title>EmptySignedJar</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>EmptySignedJar</description> + <offline/> + </information> + + <security> + <all-permissions/> + </security> + + <resources> + <j2se version="1.6+"/> + <jar href="SignedJarResource.jar"/> + <extension name="EmptySignedJarExtension" href="./EmptySignedJarExtension.jnlp"/> + </resources> + + <application-desc main-class="SignedJarResource"> + </application-desc> +</jnlp> diff --git a/tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarInLaunchingJnlp.jnlp b/tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarInLaunchingJnlp.jnlp new file mode 100644 index 0000000..1d72eca --- /dev/null +++ b/tests/reproducers/signed/EmptySignedJar/resources/EmptySignedJarInLaunchingJnlp.jnlp @@ -0,0 +1,64 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + +*********************************************************************** +This file contains an empty jar and an extension jnlp for its resources - the extension jnlp +contains the main jar +*********************************************************************** + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="EmptySignedJarInLaunchingJnlp.jnlp" codebase="."> + <information> + <title>EmptySignedJar</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>EmptySignedJar</description> + <offline/> + </information> + + <security> + <all-permissions/> + </security> + + <resources> + <j2se version="1.6+"/> + <jar href="EmptySignedJar.jar"/> + <extension name="SignedJarExtension" href="./SignedJarExtension.jnlp"/> + </resources> + + <application-desc main-class="SignedJarResource"> + </application-desc> +</jnlp> diff --git a/tests/reproducers/signed/EmptySignedJar/srcs/META-INF/empty_file b/tests/reproducers/signed/EmptySignedJar/srcs/META-INF/empty_file new file mode 100644 index 0000000..7c6f2d8 --- /dev/null +++ b/tests/reproducers/signed/EmptySignedJar/srcs/META-INF/empty_file @@ -0,0 +1 @@ +This is an empty file. diff --git a/tests/reproducers/signed/EmptySignedJar/testcases/EmptySignedJarTest.java b/tests/reproducers/signed/EmptySignedJar/testcases/EmptySignedJarTest.java new file mode 100644 index 0000000..c2fda0a --- /dev/null +++ b/tests/reproducers/signed/EmptySignedJar/testcases/EmptySignedJarTest.java @@ -0,0 +1,73 @@ +/* EmptySignedJar.java +Copyright (C) 2012 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import net.sourceforge.jnlp.ServerAccess; +import net.sourceforge.jnlp.annotations.Bug; + +import org.junit.Assert; +import org.junit.Test; + +public class EmptySignedJarTest { + + private static ServerAccess server = new ServerAccess(); + private final List<String> l = Collections.unmodifiableList(Arrays.asList(new String[] { "-Xtrustall" })); + private final String jarOutput = "Running SignedJarResource.."; + + @Test + public void checkingForRequiredResources() throws Exception { + String s = "Running SignedJarResource.."; + ServerAccess.ProcessResult pr = server.executeJavawsHeadless(l, "/SignedJarResource.jnlp"); + Assert.assertTrue("Could not locate SignedJarResource class within SignedJarResource jar", pr.stdout.contains(s)); + } + + @Bug(id = "PR1049") + @Test + public void usingExtensionWithEmptyJar() throws Exception { + ServerAccess.ProcessResult pr = server.executeJavawsHeadless(l, "/EmptySignedJarInExtensionJnlp.jnlp"); + Assert.assertTrue("Stdout should contain " + jarOutput + " but did not", pr.stdout.contains(jarOutput)); + } + + @Bug(id = "PR1049") + @Test + public void usingLauncherWithEmptyJar() throws Exception { + ServerAccess.ProcessResult pr = server.executeJavawsHeadless(l, "/EmptySignedJarInLaunchingJnlp.jnlp"); + Assert.assertTrue("Stdout should contain " + jarOutput + " but did not", pr.stdout.contains(jarOutput)); + } +} diff --git a/tests/reproducers/signed/SignedJarResource/resources/SignedJarResource.jnlp b/tests/reproducers/signed/SignedJarResource/resources/SignedJarResource.jnlp new file mode 100644 index 0000000..c7c95be --- /dev/null +++ b/tests/reproducers/signed/SignedJarResource/resources/SignedJarResource.jnlp @@ -0,0 +1,62 @@ +<!-- + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +IcedTea is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + +*********************************************************************** +Launches SignedJarResource directly +*********************************************************************** + --> +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="1.0" href="SignedJarResource.jnlp" codebase="."> + <information> + <title>SignedJarResource</title> + <vendor>IcedTea</vendor> + <homepage href="http://icedtea.classpath.org/wiki/IcedTea-Web#Testing_IcedTea-Web"/> + <description>SignedJarResource</description> + <offline/> + </information> + + <security> + <all-permissions/> + </security> + + <resources> + <j2se version="1.6+"/> + <jar href="SignedJarResource.jar" main="true"/> + </resources> + + <application-desc main-class="SignedJarResource"> + </application-desc> +</jnlp> |