[rfc][icedtea-web] Signed applets with codebase loading

Andrew Azores aazores at redhat.com
Fri Jan 31 08:16:39 PST 2014


This patch adds tests that were originally meant to be included with the 
PR1513 fix (signed applet with external/codebase main-class) but never 
made it in, as well as adding a similar test, where the applet is signed 
and uses codebase-loaded classes, but the main-class is within a signed 
JAR. In both of these cases, the applet is expected to run, and it is 
expected to be done with mixed permissions. The PR1592 tests already 
test the mixed permissions security implementation, so these tests 
simply assert that the applets can be run.

Most notable however is the fact that without the JNLPClassLoader 
changes included in this patch, signed applets which load from the 
codebase are considered as fully signed by the classloader. They should 
really be treated as partially signed and the user prompted to run them. 
This patch makes it so. I do not know of any way to detect that this is 
going to happen beforehand, so this check is performed during 
classloading, which means it is possible for the dialog to appear for 
the first time in the middle of executing an applet, depending on the 
particular applet.

The tests are currently immediately failing on purpose and marked 
KnownToFail. This is because the existing prompt used for Partially 
Signed purposes appears during reproducer runs, which causes the runs to 
be slower, and the tests to fail anyway. Once a NotAllSigned Dialog 
replacement is in place which can be made to not appear during 
reproducer runs (such as the proposed PartiallySigned dialog on this 
list), then these tests can be properly enabled.

Apply the test patch and run them (whitelist SignedApplet.*), and note 
the behaviour regarding when NotAllSigned appears or does not appear. 
Then apply the classloader patch and re-run the tests, noting again the 
security prompt behaviour. I don't know how to programmatically ensure 
that the dialogs have actually appeared, other than putting print 
statements in the dialogs to detect them (which is kind of horrible). 
Any ideas on this?

* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: treat signed 
which load from the codebase as partially signed
new test to ensure that signed applets with codebase loading can run
* tests/reproducers/custom/SignedAppletCodebaseLoading/srcs/Makefile
new test to ensure that signed applets with codebase-loaded main-classes 
can run
* tests/reproducers/custom/SignedAppletExternalMainClass/srcs/Makefile


Andrew A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signed_applet_codebase_loading_classloader.patch
Type: text/x-patch
Size: 5886 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140131/5afd10bb/signed_applet_codebase_loading_classloader-0001.patch 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signed_applet_codebase_loading_tests.patch
Type: text/x-patch
Size: 25154 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20140131/5afd10bb/signed_applet_codebase_loading_tests-0001.patch 

More information about the distro-pkg-dev mailing list