Bug 235526 [security] No prompt for installing unsigned content

author: John Arthorne 2009-08-12 19:40:40 +0000
committer: John Arthorne 2009-08-12 19:40:40 +0000
commit: 8132e43c4cb2b9a72066cb13c0caf23ea5cae627 (patch)
tree: 5983eb16db757cd2cf43f1126f5fc3a497e15007 /bundles/org.eclipse.equinox.p2.tests/src/org
parent: 2a6150cecdf3bf6ce86eb638a7a72804c8fdd1b3 (diff)
download: rt.equinox.p2-8132e43c4cb2b9a72066cb13c0caf23ea5cae627.tar.gz
rt.equinox.p2-8132e43c4cb2b9a72066cb13c0caf23ea5cae627.tar.xz
rt.equinox.p2-8132e43c4cb2b9a72066cb13c0caf23ea5cae627.zip
2 files changed, 150 insertions, 0 deletions
diff --git a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/AllTests.java b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/AllTests.java
index c3fe46150..de18d1ac1 100644
--- a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/AllTests.java
+++ b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/AllTests.java
@@ -19,6 +19,7 @@ public class AllTests extends TestCase {
 
 	public static Test suite() {
 		TestSuite suite = new TestSuite(AllTests.class.getName());
+		suite.addTestSuite(CertificateCheckerTest.class);
 		suite.addTestSuite(DownloadManagerTest.class);
 		suite.addTestSuite(InstructionParserTest.class);
 		suite.addTestSuite(EngineTest.class);
diff --git a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/CertificateCheckerTest.java b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/CertificateCheckerTest.java
new file mode 100644
index 000000000..d743d22ee
--- /dev/null
+++ b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/engine/CertificateCheckerTest.java
@@ -0,0 +1,149 @@
+/*******************************************************************************
+ * Copyright (c) 2009 IBM Corporation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ * 
+ * Contributors:
+ *     IBM Corporation - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.equinox.p2.tests.engine;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.cert.Certificate;
+import org.eclipse.core.runtime.IStatus;
+import org.eclipse.equinox.internal.p2.engine.EngineActivator;
+import org.eclipse.equinox.internal.provisional.p2.core.IServiceUI;
+import org.eclipse.equinox.internal.provisional.p2.core.IServiceUICheckUnsigned;
+import org.eclipse.equinox.internal.provisional.p2.engine.CertificateChecker;
+import org.eclipse.equinox.p2.tests.AbstractProvisioningTest;
+import org.eclipse.equinox.p2.tests.TestData;
+import org.osgi.framework.ServiceRegistration;
+
+/**
+ * Tests for {@link CertificateChecker}.
+ */
+public class CertificateCheckerTest extends AbstractProvisioningTest {
+	class CertificateTestService implements IServiceUI, IServiceUICheckUnsigned {
+		public boolean unsignedReturnValue = true;
+		public boolean wasPrompted = false;
+
+		public AuthenticationInfo getUsernamePassword(String location) {
+			return null;
+		}
+
+		public AuthenticationInfo getUsernamePassword(String location, AuthenticationInfo previousInfo) {
+			return null;
+		}
+
+		public boolean promptForUnsignedContent(String[] details) {
+			wasPrompted = true;
+			return unsignedReturnValue;
+		}
+
+		public Certificate[] showCertificates(Certificate[][] certificates) {
+			return null;
+		}
+
+	}
+
+	CertificateChecker checker;
+	ServiceRegistration serviceReg;
+	CertificateTestService serviceUI;
+	File unsigned;
+
+	protected void setUp() throws Exception {
+		checker = new CertificateChecker();
+		try {
+			unsigned = TestData.getFile("CertificateChecker", "unsigned.jar");
+		} catch (IOException e) {
+			fail("0.99", e);
+		}
+		assertTrue("1.0", unsigned != null);
+		assertTrue("1.0", unsigned.exists());
+		serviceUI = new CertificateTestService();
+		serviceReg = EngineActivator.getContext().registerService(IServiceUI.class.getName(), serviceUI, null);
+	}
+
+	protected void tearDown() throws Exception {
+		if (serviceReg != null)
+			serviceReg.unregister();
+	}
+
+	/**
+	 * Tests that installing unsigned content is not allowed when the policy says it must fail.
+	 */
+	public void testPolicyAllow() {
+		try {
+			//if the service is consulted it will say no
+			serviceUI.unsignedReturnValue = false;
+			System.getProperties().setProperty(EngineActivator.PROP_UNSIGNED_POLICY, EngineActivator.UNSIGNED_ALLOW);
+			checker.add(unsigned);
+			IStatus result = checker.start();
+			assertEquals("1.0", IStatus.OK, result.getSeverity());
+		} finally {
+			System.getProperties().remove(EngineActivator.PROP_UNSIGNED_POLICY);
+		}
+	}
+
+	/**
+	 * Tests that installing unsigned content is not allowed when the policy says it must fail.
+	 */
+	public void testPolicyFail() {
+		try {
+			System.getProperties().setProperty(EngineActivator.PROP_UNSIGNED_POLICY, EngineActivator.UNSIGNED_FAIL);
+			checker.add(unsigned);
+			IStatus result = checker.start();
+			assertEquals("1.0", IStatus.ERROR, result.getSeverity());
+
+		} finally {
+			System.getProperties().remove(EngineActivator.PROP_UNSIGNED_POLICY);
+		}
+	}
+
+	/**
+	 * Tests that installing unsigned content with the "prompt" policy and the prompt succeeds.
+	 */
+	public void testPolicyPromptSuccess() {
+		try {
+			System.getProperties().setProperty(EngineActivator.PROP_UNSIGNED_POLICY, EngineActivator.UNSIGNED_PROMPT);
+			serviceUI.unsignedReturnValue = true;
+			checker.add(unsigned);
+			IStatus result = checker.start();
+			assertEquals("1.0", IStatus.OK, result.getSeverity());
+			assertTrue("1.1", serviceUI.wasPrompted);
+		} finally {
+			System.getProperties().remove(EngineActivator.PROP_UNSIGNED_POLICY);
+		}
+	}
+
+	/**
+	 * Tests that the default policy for unsigned content is to prompt.
+	 */
+	public void testPolicyDefault() {
+		System.getProperties().remove(EngineActivator.PROP_UNSIGNED_POLICY);
+		serviceUI.unsignedReturnValue = true;
+		checker.add(unsigned);
+		IStatus result = checker.start();
+		assertEquals("1.0", IStatus.OK, result.getSeverity());
+		assertTrue("1.1", serviceUI.wasPrompted);
+	}
+
+	/**
+	 * Tests that installing unsigned content with the "prompt" policy and the prompt says no.
+	 */
+	public void testPolicyPromptCancel() {
+		try {
+			System.getProperties().setProperty(EngineActivator.PROP_UNSIGNED_POLICY, EngineActivator.UNSIGNED_PROMPT);
+			serviceUI.unsignedReturnValue = false;
+			checker.add(unsigned);
+			IStatus result = checker.start();
+			assertEquals("1.0", IStatus.CANCEL, result.getSeverity());
+			assertTrue("1.1", serviceUI.wasPrompted);
+		} finally {
+			System.getProperties().remove(EngineActivator.PROP_UNSIGNED_POLICY);
+		}
+	}
+}
author	John Arthorne	2009-08-12 19:40:40 +0000
committer	John Arthorne	2009-08-12 19:40:40 +0000
commit	8132e43c4cb2b9a72066cb13c0caf23ea5cae627 (patch)
tree	5983eb16db757cd2cf43f1126f5fc3a497e15007 /bundles/org.eclipse.equinox.p2.tests/src/org
parent	2a6150cecdf3bf6ce86eb638a7a72804c8fdd1b3 (diff)
download	rt.equinox.p2-8132e43c4cb2b9a72066cb13c0caf23ea5cae627.tar.gz rt.equinox.p2-8132e43c4cb2b9a72066cb13c0caf23ea5cae627.tar.xz rt.equinox.p2-8132e43c4cb2b9a72066cb13c0caf23ea5cae627.zip