#!/bin/sh # # Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # # This code is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License version 2 only, as # published by the Free Software Foundation. # # This code is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # version 2 for more details (a copy is included in the LICENSE file that # accompanied this code). # # You should have received a copy of the GNU General Public License version # 2 along with this work; if not, write to the Free Software Foundation, # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. # # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA # or visit www.oracle.com if you need additional information or have any # questions. # # @test # @bug 6557093 # @summary Check SSL config file permission for out-of-the-box management # # @run shell SSLConfigFilePermissionTest.sh createJavaFile() { cat << EOF > $1/$2.java class $2 { public static void main(String[] args) { System.out.println("Inside main method..."); } } EOF } createManagementConfigFile() { cat << EOF > $1 # management.properties com.sun.management.jmxremote.authenticate=false com.sun.management.jmxremote.ssl.config.file=$2 EOF } createSSLConfigFile() { if [ -f "$1" ] ; then rm -f $1 || echo WARNING: $1 already exists - unable to remove old copy fi cat << EOF > $1 javax.net.ssl.keyStore=$2 javax.net.ssl.keyStorePassword=password EOF } # Check we are run from jtreg if [ -z "${TESTCLASSES}" ]; then echo "Test is designed to be run from jtreg only" exit 0 fi # Test not suitable for Windows as chmod may not be able to # security the password file. os=`uname -s` if [ "$os" != "Linux" -a "$os" != "SunOS" ]; then echo "Test not designed to run on this operating system, skipping..." exit 0 fi # Create management and SSL configuration files LIBDIR=${TESTCLASSES}/lib MGMT=${LIBDIR}/management.properties SSL=${LIBDIR}/jmxremote.ssl.config rm -f ${MGMT} rm -f ${SSL} mkdir ${LIBDIR} 2>&1 createJavaFile ${TESTCLASSES} Dummy createManagementConfigFile ${MGMT} ${SSL} createSSLConfigFile ${SSL} ${TESTSRC}/ssl/keystore # Compile test ${COMPILEJAVA}/bin/javac ${TESTJAVACOPTS} ${TESTTOOLVMOPTS} -d ${TESTCLASSES} ${TESTCLASSES}/Dummy.java JAVA=${TESTJAVA}/bin/java CLASSPATH=${TESTCLASSES} export CLASSPATH failures=0 mp=-Dcom.sun.management.config.file=${MGMT} pp=-Dcom.sun.management.jmxremote.port=4999 go() { echo '' sh -xc "$JAVA ${TESTVMOPTS} $1 $2 $3 $4 $5 $6 $7 $8" 2>&1 if [ $? != 0 ]; then failures=`expr $failures + 1`; fi } # Test 1 - SSL config file is secure - VM should start chmod 700 ${SSL} sh -xc "$JAVA ${TESTVMOPTS} $mp $pp Dummy" 2>&1 if [ $? != 0 ]; then failures=`expr $failures + 1`; fi # Test 2 - SSL config file is not secure - VM should fail to start chmod o+rx ${SSL} sh -xc "$JAVA ${TESTVMOPTS} $mp $pp Dummy" 2>&1 if [ $? = 0 ]; then failures=`expr $failures + 1`; fi # Reset the file permissions on the generated SSL config file chmod 777 ${SSL} # # Results # echo '' if [ $failures -gt 0 ]; then echo "$failures test(s) failed"; else echo "All test(s) passed"; fi exit $failures