1 #!/bin/sh 2 3 # 4 # Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved. 5 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 6 # 7 # This code is free software; you can redistribute it and/or modify it 8 # under the terms of the GNU General Public License version 2 only, as 9 # published by the Free Software Foundation. 10 # 11 # This code is distributed in the hope that it will be useful, but WITHOUT 12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 # version 2 for more details (a copy is included in the LICENSE file that 15 # accompanied this code). 16 # 17 # You should have received a copy of the GNU General Public License version 18 # 2 along with this work; if not, write to the Free Software Foundation, 19 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 # 21 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 # or visit www.oracle.com if you need additional information or have any 23 # questions. 24 # 25 26 27 # @test 28 # @bug 6557093 29 # @summary Check SSL config file permission for out-of-the-box management 30 # 31 # @run shell SSLConfigFilePermissionTest.sh 32 33 createJavaFile() 34 { 35 cat << EOF > $1/$2.java 36 class $2 { 37 public static void main(String[] args) { 38 System.out.println("Inside main method..."); 39 } 40 } 41 EOF 42 } 43 44 createManagementConfigFile() { 45 cat << EOF > $1 46 # management.properties 47 com.sun.management.jmxremote.authenticate=false 48 com.sun.management.jmxremote.ssl.config.file=$2 49 EOF 50 } 51 52 createSSLConfigFile() { 53 if [ -f "$1" ] ; then 54 rm -f $1 || echo WARNING: $1 already exists - unable to remove old copy 55 fi 56 cat << EOF > $1 57 javax.net.ssl.keyStore=$2 58 javax.net.ssl.keyStorePassword=password 59 EOF 60 } 61 62 # Check we are run from jtreg 63 if [ -z "${TESTCLASSES}" ]; then 64 echo "Test is designed to be run from jtreg only" 65 exit 0 66 fi 67 68 # Test not suitable for Windows as chmod may not be able to 69 # security the password file. 70 71 os=`uname -s` 72 if [ "$os" != "Linux" -a "$os" != "SunOS" ]; then 73 echo "Test not designed to run on this operating system, skipping..." 74 exit 0 75 fi 76 77 # Create management and SSL configuration files 78 79 LIBDIR=${TESTCLASSES}/lib 80 MGMT=${LIBDIR}/management.properties 81 SSL=${LIBDIR}/jmxremote.ssl.config 82 rm -f ${MGMT} 83 rm -f ${SSL} 84 mkdir ${LIBDIR} 2>&1 85 createJavaFile ${TESTCLASSES} Dummy 86 createManagementConfigFile ${MGMT} ${SSL} 87 createSSLConfigFile ${SSL} ${TESTSRC}/ssl/keystore 88 89 # Compile test 90 91 ${TESTJAVA}/bin/javac -d ${TESTCLASSES} ${TESTCLASSES}/Dummy.java 92 93 JAVA=${TESTJAVA}/bin/java 94 CLASSPATH=${TESTCLASSES} 95 export CLASSPATH 96 97 failures=0 98 99 mp=-Dcom.sun.management.config.file=${MGMT} 100 pp=-Dcom.sun.management.jmxremote.port=4999 101 102 go() { 103 echo '' 104 sh -xc "$JAVA ${TESTVMOPTS} $1 $2 $3 $4 $5 $6 $7 $8" 2>&1 105 if [ $? != 0 ]; then failures=`expr $failures + 1`; fi 106 } 107 108 # Test 1 - SSL config file is secure - VM should start 109 chmod 700 ${SSL} 110 sh -xc "$JAVA ${TESTVMOPTS} $mp $pp Dummy" 2>&1 111 if [ $? != 0 ]; then failures=`expr $failures + 1`; fi 112 113 # Test 2 - SSL config file is not secure - VM should fail to start 114 chmod o+rx ${SSL} 115 sh -xc "$JAVA ${TESTVMOPTS} $mp $pp Dummy" 2>&1 116 if [ $? = 0 ]; then failures=`expr $failures + 1`; fi 117 118 # Reset the file permissions on the generated SSL config file 119 chmod 777 ${SSL} 120 121 # 122 # Results 123 # 124 echo '' 125 if [ $failures -gt 0 ]; 126 then echo "$failures test(s) failed"; 127 else echo "All test(s) passed"; fi 128 exit $failures