--- old/test/java/net/SocketPermission/SocketPermissionTest.java 2016-01-20 20:39:28.000000000 +0000 +++ new/test/java/net/SocketPermission/SocketPermissionTest.java 2016-01-20 20:39:27.000000000 +0000 @@ -25,8 +25,7 @@ * @test * @bug 8047031 * @summary SocketPermission tests for legacy socket types - * @library ../../../lib/testlibrary - * @run testng/othervm/policy=policy SocketPermissionTest + * @run testng SocketPermissionTest * @key intermittent */ import java.io.IOException; @@ -39,186 +38,279 @@ import java.net.SocketPermission; import java.security.AccessControlContext; import java.security.AccessController; +import java.security.CodeSource; import java.security.Permission; +import java.security.PermissionCollection; import java.security.Permissions; -import java.security.PrivilegedAction; +import java.security.Policy; +import java.security.PrivilegedExceptionAction; import java.security.ProtectionDomain; -import java.util.Arrays; -import java.util.function.Function; -import java.util.function.IntConsumer; -import static jdk.testlibrary.Utils.getFreePort; + import org.testng.annotations.BeforeMethod; -import org.testng.annotations.DataProvider; import org.testng.annotations.Test; +import static org.testng.Assert.*; + +import static java.nio.charset.StandardCharsets.UTF_8; public class SocketPermissionTest { - private int freePort = -1; - //positive tests - @Test(dataProvider = "positiveProvider") - public void testPositive(Function genAcc, IntConsumer func) { - String addr = "localhost:" + freePort; - AccessControlContext acc = genAcc.apply(addr); - AccessController.doPrivileged((PrivilegedAction) () -> { - func.accept(freePort); - return null; - }, acc); - } + @BeforeMethod + public void setupSecurityManager() throws Exception { + // All permissions, a specific ACC will be used to when testing + // with a reduced permission set. + Policy.setPolicy(new Policy() { + final PermissionCollection perms = new Permissions(); + { perms.add(new java.security.AllPermission()); } + public PermissionCollection getPermissions(ProtectionDomain domain) { + return perms; + } + public PermissionCollection getPermissions(CodeSource codesource) { + return perms; + } + public boolean implies(ProtectionDomain domain, Permission perm) { + return perms.implies(perm); + } + } ); + System.setSecurityManager(new SecurityManager()); + } + + static final AccessControlContext RESTRICTED_ACC = getAccessControlContext(); + + @Test + public void connectSocketTest() throws Exception { + try (ServerSocket ss = new ServerSocket(0)) { + int port = ss.getLocalPort(); - //negative tests - @Test(dataProvider = "negativeProvider", expectedExceptions = SecurityException.class) - public void testNegative(AccessControlContext acc, IntConsumer func) { - AccessController.doPrivileged((PrivilegedAction) () -> { - func.accept(freePort); - return null; - }, acc); - } + String addr = "localhost:" + port; + AccessControlContext acc = getAccessControlContext( + new SocketPermission(addr, "listen,connect,resolve")); - @BeforeMethod - public void setFreePort() throws Exception { - freePort = getFreePort(); + // Positive + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + try (Socket client = new Socket(InetAddress.getLocalHost(), port)) { + } + return null; + }, acc); + + //Negative + try { + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + Socket client = new Socket(InetAddress.getLocalHost(), port); + fail("Expected SecurityException"); + return null; + }, RESTRICTED_ACC); + } catch (SecurityException expected) { } + } } - @DataProvider - public Object[][] positiveProvider() { - //test for SocketPermission "host:port","connect,resolve"; - Function generateAcc1 = (addr) -> getAccessControlContext( - new SocketPermission(addr, "listen, connect,resolve")); - IntConsumer func1 = (i) -> connectSocketTest(i); - IntConsumer func2 = (i) -> connectDatagramSocketTest(i); - - //test for SocketPermission "localhost:1024-","accept"; - Function generateAcc2 = (addr) -> getAccessControlContext( - new SocketPermission(addr, "listen,connect,resolve"), - new SocketPermission("localhost:1024-", "accept")); - IntConsumer func3 = (i) -> acceptServerSocketTest(i); - - //test for SocketPermission "229.227.226.221", "connect,accept" - Function generateAcc3 = (addr) -> getAccessControlContext( - new SocketPermission(addr, "listen,resolve"), - new SocketPermission("229.227.226.221", "connect,accept")); - IntConsumer func4 = (i) -> sendDatagramPacketTest(i); - IntConsumer func5 = (i) -> joinGroupMulticastTest(i); + @Test + public void connectDatagramSocketTest() throws Exception { + byte[] msg = "Hello".getBytes(UTF_8); + InetAddress lh = InetAddress.getLocalHost(); - //test for SocketPermission "host:port", "listen" - Function generateAcc4 = (addr) -> getAccessControlContext( - new SocketPermission(addr, "listen")); - IntConsumer func6 = (i) -> listenDatagramSocketTest(i); - IntConsumer func7 = (i) -> listenMulticastSocketTest(i); - IntConsumer func8 = (i) -> listenServerSocketTest(i); - - return new Object[][]{ - {generateAcc1, func1}, - {generateAcc1, func2}, - {generateAcc2, func3}, - {generateAcc3, func4}, - {generateAcc3, func5}, - {generateAcc4, func6}, - {generateAcc4, func7}, - {generateAcc4, func8} - }; - } - - @DataProvider - public Object[][] negativeProvider() { - IntConsumer[] funcs = {i -> connectSocketTest(i), - i -> connectDatagramSocketTest(i), i -> acceptServerSocketTest(i), - i -> sendDatagramPacketTest(i), i -> joinGroupMulticastTest(i), - i -> listenDatagramSocketTest(i), i -> listenMulticastSocketTest(i), - i -> listenServerSocketTest(i)}; - return Arrays.stream(funcs).map(f -> { - //Construct an AccessControlContext without SocketPermission + try (DatagramSocket ds = new DatagramSocket(0)) { + int port = ds.getLocalPort(); + + String addr = lh.getHostAddress() + ":" + port; AccessControlContext acc = getAccessControlContext( - new java.io.FilePermission("<>", "read,write,execute,delete"), - new java.net.NetPermission("*"), - new java.util.PropertyPermission("*", "read,write"), - new java.lang.reflect.ReflectPermission("*"), - new java.lang.RuntimePermission("*"), - new java.security.SecurityPermission("*"), - new java.io.SerializablePermission("*")); - return new Object[]{acc, f}; - }).toArray(Object[][]::new); - } - - public void connectSocketTest(int port) { - try (ServerSocket server = new ServerSocket(port); - Socket client = new Socket(InetAddress.getLocalHost(), port);) { - } catch (IOException ex) { - throw new RuntimeException(ex); - } - } + new SocketPermission(addr, "connect,resolve")); - public void connectDatagramSocketTest(int port) { - String msg = "Hello"; - try { - InetAddress me = InetAddress.getLocalHost(); - try (DatagramSocket ds = new DatagramSocket(port, me)) { - DatagramPacket dp = new DatagramPacket(msg.getBytes(), - msg.length(), me, port); + // Positive + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + DatagramPacket dp = new DatagramPacket(msg, msg.length, lh, port); ds.send(dp); - } - } catch (IOException ex) { - throw new RuntimeException(ex); + return null; + }, acc); + + // Negative + try { + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + DatagramPacket dp = new DatagramPacket(msg, msg.length, lh, port); + ds.send(dp); + fail("Expected SecurityException"); + return null; + }, RESTRICTED_ACC); + } catch (SecurityException expected) { } } } - public void acceptServerSocketTest(int port) { - try { - InetAddress me = InetAddress.getLocalHost(); - try (ServerSocket server = new ServerSocket(port)) { - Socket client = new Socket(me, port); - server.accept(); - } - } catch (IOException ex) { - throw new RuntimeException(ex); + @Test + public void acceptServerSocketTest() throws Exception { + try (ServerSocket ss = new ServerSocket(0)) { + int port = ss.getLocalPort(); + + String addr = "localhost:" + port; + AccessControlContext acc = getAccessControlContext( + new SocketPermission(addr, "listen,connect,resolve"), + new SocketPermission("localhost:1024-", "accept")); + + // Positive + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + InetAddress me = InetAddress.getLocalHost(); + try (Socket client = new Socket(me, port)) { + ss.accept(); + } + return null; + }, acc); + + // Negative + try { + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + InetAddress me = InetAddress.getLocalHost(); + try (Socket client = new Socket(me, port)) { + ss.accept(); + } + fail("Expected SecurityException"); + return null; + }, RESTRICTED_ACC); + } catch (SecurityException expected) { } } } - public static void sendDatagramPacketTest(int port) { - String msg = "Hello"; - try { - InetAddress group = InetAddress.getByName("229.227.226.221"); - try (DatagramSocket s = new DatagramSocket(port)) { - DatagramPacket hi = new DatagramPacket(msg.getBytes(), - msg.length(), group, port); - s.send(hi); - } - } catch (IOException ex) { - throw new RuntimeException(ex); + @Test + public void sendDatagramPacketTest() throws Exception { + byte[] msg = "Hello".getBytes(UTF_8); + InetAddress group = InetAddress.getByName("229.227.226.221"); + + try (DatagramSocket ds = new DatagramSocket(0)) { + int port = ds.getLocalPort(); + + String addr = "localhost:" + port; + //test for SocketPermission "229.227.226.221", "connect,accept" + AccessControlContext acc = getAccessControlContext( + new SocketPermission(addr, "listen,resolve"), + new SocketPermission("229.227.226.221", "connect,accept")); + + // Positive + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + DatagramPacket hi = new DatagramPacket(msg, msg.length, group, port); + ds.send(hi); + return null; + }, acc); + + // Negative + try { + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + DatagramPacket hi = new DatagramPacket(msg, msg.length, group, port); + ds.send(hi); + fail("Expected SecurityException"); + return null; + }, RESTRICTED_ACC); + } catch (SecurityException expected) { } } } - public void joinGroupMulticastTest(int port) { - try { - InetAddress group = InetAddress.getByName("229.227.226.221"); - try (MulticastSocket s = new MulticastSocket(port)) { + @Test + public void joinGroupMulticastTest() throws Exception { + InetAddress group = InetAddress.getByName("229.227.226.221"); + try (MulticastSocket s = new MulticastSocket(0)) { + int port = s.getLocalPort(); + + String addr = "localhost:" + port; + AccessControlContext acc = getAccessControlContext( + new SocketPermission(addr, "listen,resolve"), + new SocketPermission("229.227.226.221", "connect,accept")); + + // Positive + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { s.joinGroup(group); s.leaveGroup(group); - } - } catch (IOException ex) { - throw new RuntimeException(ex); - } - } + return null; + }, acc); - public void listenDatagramSocketTest(int port) { - try (DatagramSocket ds = new DatagramSocket(port)) { - } catch (IOException ex) { - throw new RuntimeException(ex); + // Negative + try { + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + s.joinGroup(group); + s.leaveGroup(group); + fail("Expected SecurityException"); + return null; + }, RESTRICTED_ACC); + } catch (SecurityException expected) { } } - } - public void listenMulticastSocketTest(int port) { - try (MulticastSocket ms = new MulticastSocket(port)) { - } catch (IOException ex) { - throw new RuntimeException(ex); - } } - public void listenServerSocketTest(int port) { - try (ServerSocket ms = new ServerSocket(port)) { - } catch (IOException ex) { - throw new RuntimeException(ex); - } + @Test + public void listenDatagramSocketTest() throws Exception { + // the hardcoded port number doesn't really matter since we expect the + // security permission to be checked before the underlying operation. + int port = 8899; + String addr = "localhost:" + port; + AccessControlContext acc = getAccessControlContext( + new SocketPermission(addr, "listen")); + + // Positive + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + try (DatagramSocket ds = new DatagramSocket(port)) { } + catch (IOException intermittentlyExpected) { /* ignore */ } + return null; + }, acc); + + // Negative + try { + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + try (DatagramSocket ds = new DatagramSocket(port)) { } + catch (IOException intermittentlyExpected) { /* ignore */ } + fail("Expected SecurityException"); + return null; + }, RESTRICTED_ACC); + } catch (SecurityException expected) { } + } + + @Test + public void listenMulticastSocketTest() throws Exception { + // the hardcoded port number doesn't really matter since we expect the + // security permission to be checked before the underlying operation. + int port = 8899; + String addr = "localhost:" + port; + AccessControlContext acc = getAccessControlContext( + new SocketPermission(addr, "listen")); + + // Positive + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + try (MulticastSocket ms = new MulticastSocket(port)) { } + catch (IOException intermittentlyExpected) { /* ignore */ } + return null; + }, acc); + + // Negative + try { + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + try (MulticastSocket ms = new MulticastSocket(port)) { } + catch (IOException intermittentlyExpected) { /* ignore */ } + fail("Expected SecurityException"); + return null; + }, RESTRICTED_ACC); + } catch (SecurityException expected) { } + } + + @Test + public void listenServerSocketTest() throws Exception { + // the hardcoded port number doesn't really matter since we expect the + // security permission to be checked before the underlying operation. + int port = 8899; + String addr = "localhost:" + port; + AccessControlContext acc = getAccessControlContext( + new SocketPermission(addr, "listen")); + + // Positive + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + try (ServerSocket ss = new ServerSocket(port)) { } + catch (IOException intermittentlyExpected) { /* ignore */ } + return null; + }, acc); + + // Negative + try { + AccessController.doPrivileged((PrivilegedExceptionAction) () -> { + try (ServerSocket ss = new ServerSocket(port)) { } + catch (IOException intermittentlyExpected) { /* ignore */ } + fail("Expected SecurityException"); + return null; + }, RESTRICTED_ACC); + } catch (SecurityException expected) { } + } private static AccessControlContext getAccessControlContext(Permission... ps) { @@ -234,4 +326,15 @@ return new AccessControlContext(new ProtectionDomain[]{pd}); } + // Standalone entry point for running with, possibly older, JDKs. + public static void main(String[] args) throws Throwable { + SocketPermissionTest test = new SocketPermissionTest(); + test.setupSecurityManager(); + for (java.lang.reflect.Method m : SocketPermissionTest.class.getDeclaredMethods()) { + if (m.getAnnotation(Test.class) != null) { + System.out.println("Invoking " + m.getName()); + m.invoke(test); + } + } + } }