From f8658c0b09d463989dc95b9873146296f2bc0d6b Mon Sep 17 00:00:00 2001
From: Adam Domurad <adomurad@redhat.com>
Date: Mon, 22 Oct 2012 11:44:07 -0400
Subject: Revise MultipleSignaturesTest to demonstrate PR822

---
 ChangeLog                                          | 27 ++++++++++++++
 netx-dist-tests-whitelist                          |  2 +-
 .../resources/MultipleSignaturesTest.html          |  3 +-
 .../resources/MultipleSignaturesTest1.jnlp         |  1 +
 .../MultipleSignaturesTest1_requesting.jnlp        |  1 +
 .../resources/MultipleSignaturesTest2.jnlp         |  1 +
 .../MultipleSignaturesTestUsesPermissions.html     | 43 ++++++++++++++++++++++
 .../MultipleSignaturesTest.java                    | 18 +++++----
 .../testcases/MultipleSignaturesTestTests.java     | 35 ++++++++++++------
 .../MultipleSignaturesTestTestsSamePackage.java    | 14 ++-----
 10 files changed, 113 insertions(+), 32 deletions(-)
 create mode 100644 tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTestUsesPermissions.html

diff --git a/ChangeLog b/ChangeLog
index e7253fc..adca5b3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,33 @@
 	* tests/reproducers/custom/AppletFolderInArchiveTag/srcs/Makefile: and
 	* tests/reproducers/custom/UnsignedContentInMETAINF/srcs/Makefile: following above renaming
 
+2012-10-19  Adam Domurad  <adomurad@redhat.com>
+
+	Revised multiple signatures test to check for new message. Added more 
+	accurate reproducer for PR822.
+	* tests/reproducers/signed2/MultipleSignaturesTest/srcs/somecrazytestpackage/MultipleSignaturesTest.java:
+	Made class take a classname parameter so different out-of-package
+	classes could be executed.
+	* tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest.html: 
+	Added main-class parameter.
+	* tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1.jnlp:
+	Same.
+	* tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1_requesting.jnlp:
+	Same.
+	* tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest2.jnlp:
+	Same.
+	* tests/reproducers/signed2/MultipleSignaturesTest/testcases/MultipleSignaturesTestTests.java
+	(multipleSignaturesTestHtmlAppletUsesPermissions): New, tests if fully 
+	signed HTML applets with varied signers can (as they should) execute 
+	with full permissions. Reproduces PR822.
+	(multipleSignaturesTestJnlpApplicationRequesting): Check for 
+	mismatching signers JNLP failure message. Remove known-to-fail & 
+	inaccurate bug annotation.
+	* tests/reproducers/signed2/MultipleSignaturesTestSamePackage/testcases/MultipleSignaturesTestTestsSamePackage.java
+	(multipleSignaturesTestSamePackageJnlpApplicationRequesting): Check for 
+	mismatching signers JNLP failure message. Remove known-to-fail & 
+	inaccurate bug annotation.
+
 2012-10-19  Adam Domurad  <adomurad@redhat.com>
 
 	Reproduces PR822: Applets fail to load if jars have different signers.
diff --git a/netx-dist-tests-whitelist b/netx-dist-tests-whitelist
index 8d98f9d..109655e 100644
--- a/netx-dist-tests-whitelist
+++ b/netx-dist-tests-whitelist
@@ -1 +1 @@
-.*
+MultipleSignaturesTest
diff --git a/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest.html b/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest.html
index 8cae7a2..3539aef 100644
--- a/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest.html
+++ b/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest.html
@@ -37,6 +37,7 @@ exception statement from your version.
  -->
 <html><head></head><body bgcolor="red">
 <p><applet code="somecrazytestpackage.MultipleSignaturesTest" archive="MultipleSignaturesTest.jar,SimpletestSigned1.jar" codebase="." width="800" height="600">
+    <param name="mainclass" value="SimpletestSigned1">
 </applet></p>
 </body>
-</html>
+</html>
\ No newline at end of file
diff --git a/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1.jnlp b/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1.jnlp
index e8b2792..c806140 100644
--- a/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1.jnlp
+++ b/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1.jnlp
@@ -50,5 +50,6 @@ exception statement from your version.
     <jar href="SimpletestSigned1.jar"/>
   </resources>
   <application-desc main-class="somecrazytestpackage.MultipleSignaturesTest">
+    <argument>SimpletestSigned1</argument> 
   </application-desc>
 </jnlp>
diff --git a/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1_requesting.jnlp b/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1_requesting.jnlp
index b6fd0be..8edc8c1 100644
--- a/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1_requesting.jnlp
+++ b/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest1_requesting.jnlp
@@ -50,6 +50,7 @@ exception statement from your version.
     <jar href="SimpletestSigned1.jar"/>
   </resources>
   <application-desc main-class="somecrazytestpackage.MultipleSignaturesTest">
+    <argument>SimpletestSigned1</argument> 
   </application-desc>
   <security>
     <all-permissions/>
diff --git a/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest2.jnlp b/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest2.jnlp
index b9910dc..f9f65cf 100644
--- a/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest2.jnlp
+++ b/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTest2.jnlp
@@ -55,5 +55,6 @@ exception statement from your version.
       main-class="somecrazytestpackage.MultipleSignaturesTest"
       width="100"
       height="100">
+ 	 <param name="mainclass" value="SimpletestSigned1" />
     </applet-desc>
 </jnlp>
diff --git a/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTestUsesPermissions.html b/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTestUsesPermissions.html
new file mode 100644
index 0000000..759bd35
--- /dev/null
+++ b/tests/reproducers/signed2/MultipleSignaturesTest/resources/MultipleSignaturesTestUsesPermissions.html
@@ -0,0 +1,43 @@
+<!--
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+IcedTea is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING.  If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library.  Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module.  An independent module is a module which is not derived from
+or based on this library.  If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so.  If you do not wish to do so, delete this
+exception statement from your version.
+
+ -->
+<html><head></head><body bgcolor="red">
+<p><applet code="somecrazytestpackage.MultipleSignaturesTest" archive="MultipleSignaturesTest.jar,ReadPropertiesSigned.jar" codebase="." width="800" height="600">
+    <param name="mainclass" value="ReadPropertiesSigned">
+</applet></p>
+</body>
+</html>
\ No newline at end of file
diff --git a/tests/reproducers/signed2/MultipleSignaturesTest/srcs/somecrazytestpackage/MultipleSignaturesTest.java b/tests/reproducers/signed2/MultipleSignaturesTest/srcs/somecrazytestpackage/MultipleSignaturesTest.java
index 9dd203e..8e03323 100644
--- a/tests/reproducers/signed2/MultipleSignaturesTest/srcs/somecrazytestpackage/MultipleSignaturesTest.java
+++ b/tests/reproducers/signed2/MultipleSignaturesTest/srcs/somecrazytestpackage/MultipleSignaturesTest.java
@@ -42,22 +42,25 @@ exception statement from your version.
  */
 public class MultipleSignaturesTest extends Applet {
 
+	//Ignored when class being called is SimpletestSigned1, used with ReadPropertiesSigned
+	private static final String SYSTEM_PROPERTY = "user.home";
+
     public static void main(String[] args) {
-        executeForeignMethodCaught();
+        executeForeignMethodCaught(args[0]);
     }
 
-    public static void executeForeignMethodCaught() {
+    public static void executeForeignMethodCaught(String classname) {
         try {
-            executeForeignMethod();
+            executeForeignMethod(classname);
         } catch (Exception ex) {
             throw new RuntimeException(ex);
         }
     }
 
-    public static void executeForeignMethod() throws ClassNotFoundException, NoSuchMethodException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, InstantiationException {
-        Class clazz = Class.forName("SimpletestSigned1");
+    public static void executeForeignMethod(String classname) throws ClassNotFoundException, NoSuchMethodException, IllegalAccessException, IllegalArgumentException, InvocationTargetException, InstantiationException {
+        Class<?> clazz = Class.forName(classname);
         Method mainMethod = clazz.getDeclaredMethod("main", String[].class);
-        mainMethod.invoke(clazz.newInstance(), (Object) null);
+        mainMethod.invoke(clazz.newInstance(), (Object) new String[] {SYSTEM_PROPERTY});
     }
 
     private class Killer extends Thread {
@@ -85,6 +88,7 @@ public class MultipleSignaturesTest extends Applet {
     public void start() {
         killer.start();
         System.out.println("killer was started");
-        main(null);
+        main(new String[]{getParameter("mainclass")});
+        System.out.println("*** APPLET FINISHED ***");
     }
 }
diff --git a/tests/reproducers/signed2/MultipleSignaturesTest/testcases/MultipleSignaturesTestTests.java b/tests/reproducers/signed2/MultipleSignaturesTest/testcases/MultipleSignaturesTestTests.java
index 732eb9d..4adcea3 100644
--- a/tests/reproducers/signed2/MultipleSignaturesTest/testcases/MultipleSignaturesTestTests.java
+++ b/tests/reproducers/signed2/MultipleSignaturesTest/testcases/MultipleSignaturesTestTests.java
@@ -36,8 +36,8 @@ exception statement from your version.
  */
 
 import net.sourceforge.jnlp.ProcessResult;
+import net.sourceforge.jnlp.ServerAccess.AutoClose;
 import net.sourceforge.jnlp.annotations.Bug;
-import net.sourceforge.jnlp.annotations.KnownToFail;
 import net.sourceforge.jnlp.annotations.NeedsDisplay;
 import net.sourceforge.jnlp.annotations.TestInBrowsers;
 import net.sourceforge.jnlp.browsertesting.BrowserTest;
@@ -50,6 +50,8 @@ import org.junit.Test;
 public class MultipleSignaturesTestTests  extends BrowserTest{
 
     public static final String GSJE = "Good simple javaws exapmle";
+    public static final String launchExcDiffCerts =  "Fatal: Application Error: The JNLP application is not fully signed by a single cert.";
+    public static final String accExcString = "java.security.AccessControlException: access denied";
 
     @Test
     @NeedsDisplay
@@ -65,16 +67,28 @@ public class MultipleSignaturesTestTests  extends BrowserTest{
     @NeedsDisplay
     @TestInBrowsers(testIn=Browsers.one)
     public void multipleSignaturesTestHtmlApplet() throws Exception {
-        ProcessResult pr = server.executeBrowser("/MultipleSignaturesTest.html");
+        ProcessResult pr = server.executeBrowser("/MultipleSignaturesTest.html", AutoClose.CLOSE_ON_CORRECT_END);
         String s = GSJE;
         Assert.assertTrue("stdout should contains `" + s + "`, but did not", pr.stdout.contains(s));
-        String cc = "xception";
-        Assert.assertFalse("stderr should NOT contains `" + cc + "`, but did", pr.stderr.contains(cc));
+        Assert.assertFalse("stderr should NOT contains `" + accExcString + "`, but did", pr.stderr.contains(accExcString));
     }
 
+    @Test
+    @NeedsDisplay
+    @TestInBrowsers(testIn=Browsers.one)
+    @Bug(id={"PR822"})
+    public void multipleSignaturesTestHtmlAppletUsesPermissions() throws Exception {
+        ProcessResult pr = server.executeBrowser("/MultipleSignaturesTestUsesPermissions.html", AutoClose.CLOSE_ON_CORRECT_END);
+        // This calls ReadPropertiesSigned with user.home, it is not easy to think of a pattern to match this
+        // Instead we make sure _something_ was printed
+        Assert.assertFalse("stdout should NOT be empty, but was", pr.stdout.isEmpty());
+        Assert.assertFalse("stderr should NOT contains `" + accExcString + "`, but did", pr.stderr.contains(accExcString));
+    }
+
+
     @Test
     public void multipleSignaturesTestJnlpApplication() throws Exception {
-        ProcessResult pr = server.executeJavawsHeadless(null, "/MultipleSignaturesTest1.jnlp");
+        ProcessResult pr = server.executeJavawsHeadless("/MultipleSignaturesTest1.jnlp");
         //well this is questionable - application is signed but is not requesting
         // permissions, but still usage of foreign code is allowed.
         String s = GSJE;
@@ -85,14 +99,11 @@ public class MultipleSignaturesTestTests  extends BrowserTest{
     }
 
     @Test
-    @Bug(id={"PR822"})
-    @KnownToFail
     public void multipleSignaturesTestJnlpApplicationRequesting() throws Exception {
-        ProcessResult pr = server.executeJavawsHeadless(null, "/MultipleSignaturesTest1_requesting.jnlp");
-        //This is buggy - application is signed, but requesting for permissions fails
+        // This jar is fully signed - however a JNLP application requires that one of the signers signs everything
+        ProcessResult pr = server.executeJavawsHeadless("/MultipleSignaturesTest1_requesting.jnlp");
         String s = GSJE;
-        Assert.assertTrue("stdout should contains `" + s + "`, but did not", pr.stdout.contains(s));
-        String cc = "xception";
-        Assert.assertFalse("stderr should NOT contains `" + cc + "`, but did", pr.stderr.contains(cc));
+        Assert.assertFalse("stdout should NOT contain `" + s + "`, but did", pr.stdout.contains(s));
+        Assert.assertTrue("stderr should contain `" + launchExcDiffCerts + "`, but did not", pr.stderr.contains(launchExcDiffCerts));
     }
 }
diff --git a/tests/reproducers/signed2/MultipleSignaturesTestSamePackage/testcases/MultipleSignaturesTestTestsSamePackage.java b/tests/reproducers/signed2/MultipleSignaturesTestSamePackage/testcases/MultipleSignaturesTestTestsSamePackage.java
index fa579ef..b30725e 100644
--- a/tests/reproducers/signed2/MultipleSignaturesTestSamePackage/testcases/MultipleSignaturesTestTestsSamePackage.java
+++ b/tests/reproducers/signed2/MultipleSignaturesTestSamePackage/testcases/MultipleSignaturesTestTestsSamePackage.java
@@ -40,7 +40,6 @@ import java.util.List;
 import net.sourceforge.jnlp.ProcessResult;
 import net.sourceforge.jnlp.ServerAccess;
 import net.sourceforge.jnlp.annotations.Bug;
-import net.sourceforge.jnlp.annotations.KnownToFail;
 import net.sourceforge.jnlp.annotations.NeedsDisplay;
 import net.sourceforge.jnlp.annotations.TestInBrowsers;
 import net.sourceforge.jnlp.browsertesting.BrowserTest;
@@ -49,10 +48,10 @@ import org.junit.Assert;
 
 import org.junit.Test;
 
-@Bug(id={"PR822"})
 public class MultipleSignaturesTestTestsSamePackage  extends BrowserTest{
 
     public static final String secExcRegex =  "(?s).*java.lang.SecurityException: .* signer information does not match signer information of other classes in the same package.*";
+    public static final String launchExcDiffCerts =  "Fatal: Application Error: The JNLP application is not fully signed by a single cert.";
     public static final List<String> v = Arrays.asList(new String[] {ServerAccess.VERBOSE_OPTION});
     private static final String GSJE= "Good simple javaws exapmle";
 
@@ -100,18 +99,11 @@ public class MultipleSignaturesTestTestsSamePackage  extends BrowserTest{
     }
 
     @Test
-    @Bug(id={"PR822"})
-    @KnownToFail
     public void multipleSignaturesTestSamePackageJnlpApplicationRequesting() throws Exception {
         ProcessResult pr = server.executeJavawsHeadless(null, "/MultipleSignaturesTest1_SamePackage_requesting.jnlp");
         String s = GSJE;
-        Assert.assertFalse("stdout should NOT contains `"+s+"`, but did",pr.stdout.contains(s));
-        String cc = "xception";
-        Assert.assertTrue("stderr should contains `" + cc + "`, but did not", pr.stderr.contains(cc));
-        //this is really wrong. Aplication shoud die with secExcRegex exception
-        //but not with Application Error: Cannot grant permissions to unsigned jars. Application requested security permissions, but jars are not signed.
-        //as it is now
-        Assert.assertTrue("stderr should match " + secExcRegex + "`, but did not", pr.stderr.matches(secExcRegex));
+        Assert.assertFalse("stdout should NOT contain `"+s+"`, but did", pr.stdout.contains(s));
+        Assert.assertTrue("stderr should contain `" + launchExcDiffCerts + "`, but did not", pr.stderr.contains(launchExcDiffCerts));
     }
    
 }
-- 
cgit v1.2.3