1 #!/bin/sh
2
3 #
4 # Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved.
5 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6 #
7 # This code is free software; you can redistribute it and/or modify it
8 # under the terms of the GNU General Public License version 2 only, as
9 # published by the Free Software Foundation.
10 #
11 # This code is distributed in the hope that it will be useful, but WITHOUT
12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 # version 2 for more details (a copy is included in the LICENSE file that
15 # accompanied this code).
16 #
17 # You should have received a copy of the GNU General Public License version
18 # 2 along with this work; if not, write to the Free Software Foundation,
19 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 #
21 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 # or visit www.oracle.com if you need additional information or have any
23 # questions.
24 #
25
26
27 # @test
28 # @bug 6557093
29 # @summary Check SSL config file permission for out-of-the-box management
30 #
31 # @run shell SSLConfigFilePermissionTest.sh
32
33 createJavaFile()
34 {
35 cat << EOF > $1/$2.java
36 class $2 {
37 public static void main(String[] args) {
38 System.out.println("Inside main method...");
39 }
40 }
41 EOF
42 }
43
44 createManagementConfigFile() {
45 cat << EOF > $1
46 # management.properties
47 com.sun.management.jmxremote.authenticate=false
48 com.sun.management.jmxremote.ssl.config.file=$2
49 EOF
50 }
51
52 createSSLConfigFile() {
53 if [ -f "$1" ] ; then
54 rm -f $1 || echo WARNING: $1 already exists - unable to remove old copy
55 fi
56 cat << EOF > $1
57 javax.net.ssl.keyStore=$2
58 javax.net.ssl.keyStorePassword=password
59 EOF
60 }
61
62 # Check we are run from jtreg
63 if [ -z "${TESTCLASSES}" ]; then
64 echo "Test is designed to be run from jtreg only"
65 exit 0
66 fi
67
68 # Test not suitable for Windows as chmod may not be able to
69 # security the password file.
70
71 os=`uname -s`
72 if [ "$os" != "Linux" -a "$os" != "SunOS" ]; then
73 echo "Test not designed to run on this operating system, skipping..."
74 exit 0
75 fi
76
77 # Create management and SSL configuration files
78
79 LIBDIR=${TESTCLASSES}/lib
80 MGMT=${LIBDIR}/management.properties
81 SSL=${LIBDIR}/jmxremote.ssl.config
82 rm -f ${MGMT}
83 rm -f ${SSL}
84 mkdir ${LIBDIR} 2>&1
85 createJavaFile ${TESTCLASSES} Dummy
86 createManagementConfigFile ${MGMT} ${SSL}
87 createSSLConfigFile ${SSL} ${TESTSRC}/ssl/keystore
88
89 # Compile test
90
91 ${TESTJAVA}/bin/javac -d ${TESTCLASSES} ${TESTCLASSES}/Dummy.java
92
93 JAVA=${TESTJAVA}/bin/java
94 CLASSPATH=${TESTCLASSES}
95 export CLASSPATH
96
97 failures=0
98
99 mp=-Dcom.sun.management.config.file=${MGMT}
100 pp=-Dcom.sun.management.jmxremote.port=4999
101
102 go() {
103 echo ''
104 sh -xc "$JAVA ${TESTVMOPTS} $1 $2 $3 $4 $5 $6 $7 $8" 2>&1
105 if [ $? != 0 ]; then failures=`expr $failures + 1`; fi
106 }
107
108 # Test 1 - SSL config file is secure - VM should start
109 chmod 700 ${SSL}
110 sh -xc "$JAVA ${TESTVMOPTS} $mp $pp Dummy" 2>&1
111 if [ $? != 0 ]; then failures=`expr $failures + 1`; fi
112
113 # Test 2 - SSL config file is not secure - VM should fail to start
114 chmod o+rx ${SSL}
115 sh -xc "$JAVA ${TESTVMOPTS} $mp $pp Dummy" 2>&1
116 if [ $? = 0 ]; then failures=`expr $failures + 1`; fi
117
118 # Reset the file permissions on the generated SSL config file
119 chmod 777 ${SSL}
120
121 #
122 # Results
123 #
124 echo ''
125 if [ $failures -gt 0 ];
126 then echo "$failures test(s) failed";
127 else echo "All test(s) passed"; fi
128 exit $failures