Using Keywords to Mark Security Tests | Sun Microsystems 1.2

Trusted Tests

Trusted tests verify API implementation behavior for signed MIDlet suites. In most cases, these tests verify that specification assertions related to signed MIDlet suites are properly implemented.

Trusted MIDlet suites can be permitted to access APIs that are considered sensitive or to which access is restricted without any user action. The required permissions are granted without any explicit user action. Trusted tests must not be run in untrusted security mode. See “Marking Trusted Tests” on page 62 for a description of how to use keywords to mark trusted tests.

Double-duty Tests

Double-duty tests verify API implementation behavior that depends on security factors. For example, tests for a security sensitive API that require specific permissions to be granted or denied. Double-duty tests must be run in both the trusted and untrusted security mode. See “Using an Attribute to Mark Double-Duty Tests” on page 63 for a description of how to use the DoubleDutySecurity attribute to mark double-duty tests.

Using Keywords to Mark Security Tests

When developing security tests, tests writer should use an appropriate keyword in the test description to mark the type of test. The keyword enables users to select or exclude tests from a test run based on the security mode.

Marking Untrusted Tests

When developing untrusted tests, the test writers should include the untrusted keyword in the test description. With the untrusted keyword included in the test description, the untrusted test is selected and executed during a test run in untrusted security mode. Tests marked with the trusted keyword are not selected and executed in the untrusted security mode.

The following is an example of an untrusted keyword entry added to a test description file.

CODE EXAMPLE 4-13untrusted Keyword Entry in the Test Description

<TR>

<TD SCOPE="row"> <B>keywords</B> </TD> <TD>untrusted</TD>

</TR>

Chapter 4 Writing Tests 61

Image 81

Sun Microsystems 1.2 Using Keywords to Mark Security Tests, Trusted Tests, Double-duty Tests, Marking Untrusted Tests

Contents

Java ME TCK Framework Developers Guide Test suite developer’s guide for the Java ME TCK Framework Contents Writing Tests Test Suite Construction Remote Attribute Framework Bundle 81 lib Directory Test API Glossary Index Test Description Fields and Keywords Viii Java ME TCK Framework Developer’s Guide July Figures Java ME TCK Framework Developer’s Guide July Tables Xii Java ME TCK Framework Developer’s Guide July Code Examples Resources Attribute in the Test Description Before You Read This Book Preface How This Book Is Organized Intended Audience Examples Platform Commands Related Documentation Typographic Conventions Sun Welcomes Your Comments Accessing Sun Documentation Online Xx Java ME TCK Framework Developer’s Guide July Getting Started Introduction Java ME TCK Framework Developer’s Guide July Use of the Framework Development EnvironmentTarget Environment Connectivity Requirements Cldc Target Device Resource Limitations Framework Components Framework Bundle Framework Components on the Device Side Framework Components on the Harness Side Test Types 1Configurations and Supported Test Types Automated Tests Distributed Tests 1Framework Configuration for Standard Automated Tests PC or Workstation Interactive Tests OTA Tests 3Framework Configuration for Interactive Tests OTA Writing an Automated Test Writing a Simple Automated Test To Create a Simple Automated Test Body Save this file in the Simple Test Suite source as SimpleTestSuite/tests/pkg3/index.html To Build an Updated Test Suite Building an Updated Simple Test Suite Testing an Updated Simple Test Suite To Test an Updated Test SuiteEnter the ant command to invoke the ant build script Writing a Simple Automated Test Java ME TCK Framework Developer’s Guide July Test Suite Structure Test Suite Construction Code Example 3-1Simple Test Suite testsuite.jtt File Testsuite.jtt File Tests Directory Lib Directory Test Case Test Class Classes Directory Test Description fileCode Example 3-2Simple Test Class Doc Directory Creating a Test Suite Configuration Interview TestHost=129.42.1.50 TestPort=8080 Define the environment variable required by the test Write the configuration interview class Following code creates the SampleInterview class Specify the question type Implement error checking for the question answer Question qXXX = Question getNext Return qNextQuestion SimpleTestSuite/src/sample/suite Set up the More Info system Update the interview .properties resource file Create a default directory under the help directory MapID target=name url=location/filename.html Create the More Info topic files Create a JAR file containing the configuration interview Building a Test Suite Writing Tests Testing Devices With Automated Tests 1Automated Test Execution Automated Test Execution Client Test Component Testing Communications or Networking With Distributed Tests Test Description for Distributed Tests Remote Test ComponentRequired Distributed Test Keyword Remote Attribute RemoteSource Attribute Distributed Test Execution 2Distributed Test Execution Testing User Interfaces With Interactive Tests Test Description for Interactive Tests Interactive Test Execution Required Interactive Test KeywordsCode Example 4-5Required Interactive Test Keywords 3Interactive Test Execution Example of an Interactive Test Testing Application Provisioning With OTA Tests Server Component of an OTA TestClient Test Component of an OTA Test Test Description for OTA Tests Required OTA Test KeywordCode Example 4-6Required OTA Test Keyword OTA Test Description Examples Code Example 4-9remote Attribute Entry for Trusted MIDletCode Example 4-10OTA Test Description File Code Example 4-11Trusted OTA Test Description File OTA Test Execution 4OTA Test Execution Code Example 4-12Server Test Component Example Example of OTA Test Untrusted Tests Types of Security Tests Trusted Tests Using Keywords to Mark Security TestsDouble-duty Tests Marking Untrusted Tests Code Example 4-14Test Description for an untrusted Test Marking Trusted Tests Code Example 4-17Test Description for a Double Duty Test Using an Attribute to Mark Double-Duty Tests Granting Security Permissions Granting or Denying Security Permissions Body Code Example 4-20deny Attribute in the Test Description Denying Security Permissions Adding Resource Files in Tests Code Example 4-23resources Attribute in the Test Description Code Example 4-22Test That Requires an Image Resource Code Example 4-24Test Description That Includes Resources Factors and Mechanisms for Test Selection Enabling Test Selection SelectIf Test Selection To Enable Test Selection with the selectIF Expression TD SCOPE=row BselectIf/B /TD TD isFeatureSupported /TD Body Html Java ME TCK Framework Developer’s Guide July Writing Tests Update the map file Create a More Info topic file for the questionCreate the JAR file Test API Code Example A-2Definition of main Test must also define main as follows J2MEDistributedTest OTATest Lib Directory Framework Bundle DTF Core Cldc and Midp ExecutionCldc and Midp Agents and Clients CommService Plug-insCommClients CDC Agents Test Export Support LibrariesCommServers Messaging Framework Server Classes and Interfaces Src Directory Digital Signer Agent ClassesPreverification Script Java ME Technology Version of Harness Classes Communication Channel Doc Directory Java ME TCK Framework Developer’s Guide July Test Description Fields Test Description Fields Keywords Table C-1Framework Test Description Fields Appendix C Test Description Fields and Keywords Table C-2Framework Keywords Keywords Identifies tests used with runtime products Java ME TCK Framework Developer’s Guide July Glossary Application IDentifier Boundary value Graphical User Java Archive JAR Maintenance Lead Program Management Structure-based Test command Java ME TCK Framework Developer’s Guide July Index Symbols Java ME TCK Framework Developer’s Guide July Work directory Java ME TCK Framework Developer’s Guide July