test/java/net/SocketPermission/SocketPermissionTest.java
Print this page
*** 23,34 ****
/*
* @test
* @bug 8047031
* @summary SocketPermission tests for legacy socket types
! * @library ../../../lib/testlibrary
! * @run testng/othervm/policy=policy SocketPermissionTest
* @key intermittent
*/
import java.io.IOException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
--- 23,33 ----
/*
* @test
* @bug 8047031
* @summary SocketPermission tests for legacy socket types
! * @run testng SocketPermissionTest
* @key intermittent
*/
import java.io.IOException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
*** 37,226 ****
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketPermission;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permission;
import java.security.Permissions;
! import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
! import java.util.Arrays;
! import java.util.function.Function;
! import java.util.function.IntConsumer;
! import static jdk.testlibrary.Utils.getFreePort;
import org.testng.annotations.BeforeMethod;
- import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
public class SocketPermissionTest {
- private int freePort = -1;
! //positive tests
! @Test(dataProvider = "positiveProvider")
! public void testPositive(Function<String, AccessControlContext> genAcc, IntConsumer func) {
! String addr = "localhost:" + freePort;
! AccessControlContext acc = genAcc.apply(addr);
! AccessController.doPrivileged((PrivilegedAction) () -> {
! func.accept(freePort);
! return null;
! }, acc);
}
! //negative tests
! @Test(dataProvider = "negativeProvider", expectedExceptions = SecurityException.class)
! public void testNegative(AccessControlContext acc, IntConsumer func) {
! AccessController.doPrivileged((PrivilegedAction) () -> {
! func.accept(freePort);
return null;
}, acc);
- }
! @BeforeMethod
! public void setFreePort() throws Exception {
! freePort = getFreePort();
}
! @DataProvider
! public Object[][] positiveProvider() {
! //test for SocketPermission "host:port","connect,resolve";
! Function<String, AccessControlContext> generateAcc1 = (addr) -> getAccessControlContext(
! new SocketPermission(addr, "listen, connect,resolve"));
! IntConsumer func1 = (i) -> connectSocketTest(i);
! IntConsumer func2 = (i) -> connectDatagramSocketTest(i);
! //test for SocketPermission "localhost:1024-","accept";
! Function<String, AccessControlContext> generateAcc2 = (addr) -> getAccessControlContext(
! new SocketPermission(addr, "listen,connect,resolve"),
! new SocketPermission("localhost:1024-", "accept"));
! IntConsumer func3 = (i) -> acceptServerSocketTest(i);
! //test for SocketPermission "229.227.226.221", "connect,accept"
! Function<String, AccessControlContext> generateAcc3 = (addr) -> getAccessControlContext(
! new SocketPermission(addr, "listen,resolve"),
! new SocketPermission("229.227.226.221", "connect,accept"));
! IntConsumer func4 = (i) -> sendDatagramPacketTest(i);
! IntConsumer func5 = (i) -> joinGroupMulticastTest(i);
! //test for SocketPermission "host:port", "listen"
! Function<String, AccessControlContext> generateAcc4 = (addr) -> getAccessControlContext(
! new SocketPermission(addr, "listen"));
! IntConsumer func6 = (i) -> listenDatagramSocketTest(i);
! IntConsumer func7 = (i) -> listenMulticastSocketTest(i);
! IntConsumer func8 = (i) -> listenServerSocketTest(i);
!
! return new Object[][]{
! {generateAcc1, func1},
! {generateAcc1, func2},
! {generateAcc2, func3},
! {generateAcc3, func4},
! {generateAcc3, func5},
! {generateAcc4, func6},
! {generateAcc4, func7},
! {generateAcc4, func8}
! };
! }
!
! @DataProvider
! public Object[][] negativeProvider() {
! IntConsumer[] funcs = {i -> connectSocketTest(i),
! i -> connectDatagramSocketTest(i), i -> acceptServerSocketTest(i),
! i -> sendDatagramPacketTest(i), i -> joinGroupMulticastTest(i),
! i -> listenDatagramSocketTest(i), i -> listenMulticastSocketTest(i),
! i -> listenServerSocketTest(i)};
! return Arrays.stream(funcs).map(f -> {
! //Construct an AccessControlContext without SocketPermission
! AccessControlContext acc = getAccessControlContext(
! new java.io.FilePermission("<<ALL FILES>>", "read,write,execute,delete"),
! new java.net.NetPermission("*"),
! new java.util.PropertyPermission("*", "read,write"),
! new java.lang.reflect.ReflectPermission("*"),
! new java.lang.RuntimePermission("*"),
! new java.security.SecurityPermission("*"),
! new java.io.SerializablePermission("*"));
! return new Object[]{acc, f};
! }).toArray(Object[][]::new);
! }
!
! public void connectSocketTest(int port) {
! try (ServerSocket server = new ServerSocket(port);
! Socket client = new Socket(InetAddress.getLocalHost(), port);) {
! } catch (IOException ex) {
! throw new RuntimeException(ex);
! }
! }
! public void connectDatagramSocketTest(int port) {
! String msg = "Hello";
try {
! InetAddress me = InetAddress.getLocalHost();
! try (DatagramSocket ds = new DatagramSocket(port, me)) {
! DatagramPacket dp = new DatagramPacket(msg.getBytes(),
! msg.length(), me, port);
ds.send(dp);
}
- } catch (IOException ex) {
- throw new RuntimeException(ex);
}
}
! public void acceptServerSocketTest(int port) {
try {
InetAddress me = InetAddress.getLocalHost();
! try (ServerSocket server = new ServerSocket(port)) {
! Socket client = new Socket(me, port);
! server.accept();
}
! } catch (IOException ex) {
! throw new RuntimeException(ex);
}
}
! public static void sendDatagramPacketTest(int port) {
! String msg = "Hello";
! try {
InetAddress group = InetAddress.getByName("229.227.226.221");
! try (DatagramSocket s = new DatagramSocket(port)) {
! DatagramPacket hi = new DatagramPacket(msg.getBytes(),
! msg.length(), group, port);
! s.send(hi);
! }
! } catch (IOException ex) {
! throw new RuntimeException(ex);
}
}
! public void joinGroupMulticastTest(int port) {
! try {
InetAddress group = InetAddress.getByName("229.227.226.221");
! try (MulticastSocket s = new MulticastSocket(port)) {
s.joinGroup(group);
s.leaveGroup(group);
! }
! } catch (IOException ex) {
! throw new RuntimeException(ex);
! }
! }
! public void listenDatagramSocketTest(int port) {
! try (DatagramSocket ds = new DatagramSocket(port)) {
! } catch (IOException ex) {
! throw new RuntimeException(ex);
! }
}
- public void listenMulticastSocketTest(int port) {
- try (MulticastSocket ms = new MulticastSocket(port)) {
- } catch (IOException ex) {
- throw new RuntimeException(ex);
}
}
! public void listenServerSocketTest(int port) {
! try (ServerSocket ms = new ServerSocket(port)) {
! } catch (IOException ex) {
! throw new RuntimeException(ex);
}
}
private static AccessControlContext getAccessControlContext(Permission... ps) {
Permissions perms = new Permissions();
for (Permission p : ps) {
--- 36,318 ----
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketPermission;
import java.security.AccessControlContext;
import java.security.AccessController;
+ import java.security.CodeSource;
import java.security.Permission;
+ import java.security.PermissionCollection;
import java.security.Permissions;
! import java.security.Policy;
! import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
!
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
+ import static org.testng.Assert.*;
+
+ import static java.nio.charset.StandardCharsets.UTF_8;
public class SocketPermissionTest {
! @BeforeMethod
! public void setupSecurityManager() throws Exception {
! // All permissions, a specific ACC will be used to when testing
! // with a reduced permission set.
! Policy.setPolicy(new Policy() {
! final PermissionCollection perms = new Permissions();
! { perms.add(new java.security.AllPermission()); }
! public PermissionCollection getPermissions(ProtectionDomain domain) {
! return perms;
! }
! public PermissionCollection getPermissions(CodeSource codesource) {
! return perms;
! }
! public boolean implies(ProtectionDomain domain, Permission perm) {
! return perms.implies(perm);
}
+ } );
+ System.setSecurityManager(new SecurityManager());
+ }
+
+ static final AccessControlContext RESTRICTED_ACC = getAccessControlContext();
+
+ @Test
+ public void connectSocketTest() throws Exception {
+ try (ServerSocket ss = new ServerSocket(0)) {
+ int port = ss.getLocalPort();
! String addr = "localhost:" + port;
! AccessControlContext acc = getAccessControlContext(
! new SocketPermission(addr, "listen,connect,resolve"));
!
! // Positive
! AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
! try (Socket client = new Socket(InetAddress.getLocalHost(), port)) {
! }
return null;
}, acc);
! //Negative
! try {
! AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
! Socket client = new Socket(InetAddress.getLocalHost(), port);
! fail("Expected SecurityException");
! return null;
! }, RESTRICTED_ACC);
! } catch (SecurityException expected) { }
! }
}
! @Test
! public void connectDatagramSocketTest() throws Exception {
! byte[] msg = "Hello".getBytes(UTF_8);
! InetAddress lh = InetAddress.getLocalHost();
! try (DatagramSocket ds = new DatagramSocket(0)) {
! int port = ds.getLocalPort();
! String addr = lh.getHostAddress() + ":" + port;
! AccessControlContext acc = getAccessControlContext(
! new SocketPermission(addr, "connect,resolve"));
! // Positive
! AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
! DatagramPacket dp = new DatagramPacket(msg, msg.length, lh, port);
! ds.send(dp);
! return null;
! }, acc);
! // Negative
try {
! AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
! DatagramPacket dp = new DatagramPacket(msg, msg.length, lh, port);
ds.send(dp);
+ fail("Expected SecurityException");
+ return null;
+ }, RESTRICTED_ACC);
+ } catch (SecurityException expected) { }
}
}
+
+ @Test
+ public void acceptServerSocketTest() throws Exception {
+ try (ServerSocket ss = new ServerSocket(0)) {
+ int port = ss.getLocalPort();
+
+ String addr = "localhost:" + port;
+ AccessControlContext acc = getAccessControlContext(
+ new SocketPermission(addr, "listen,connect,resolve"),
+ new SocketPermission("localhost:1024-", "accept"));
+
+ // Positive
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ InetAddress me = InetAddress.getLocalHost();
+ try (Socket client = new Socket(me, port)) {
+ ss.accept();
}
+ return null;
+ }, acc);
! // Negative
try {
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
InetAddress me = InetAddress.getLocalHost();
! try (Socket client = new Socket(me, port)) {
! ss.accept();
}
! fail("Expected SecurityException");
! return null;
! }, RESTRICTED_ACC);
! } catch (SecurityException expected) { }
}
}
! @Test
! public void sendDatagramPacketTest() throws Exception {
! byte[] msg = "Hello".getBytes(UTF_8);
InetAddress group = InetAddress.getByName("229.227.226.221");
!
! try (DatagramSocket ds = new DatagramSocket(0)) {
! int port = ds.getLocalPort();
!
! String addr = "localhost:" + port;
! //test for SocketPermission "229.227.226.221", "connect,accept"
! AccessControlContext acc = getAccessControlContext(
! new SocketPermission(addr, "listen,resolve"),
! new SocketPermission("229.227.226.221", "connect,accept"));
!
! // Positive
! AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
! DatagramPacket hi = new DatagramPacket(msg, msg.length, group, port);
! ds.send(hi);
! return null;
! }, acc);
!
! // Negative
! try {
! AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
! DatagramPacket hi = new DatagramPacket(msg, msg.length, group, port);
! ds.send(hi);
! fail("Expected SecurityException");
! return null;
! }, RESTRICTED_ACC);
! } catch (SecurityException expected) { }
}
}
! @Test
! public void joinGroupMulticastTest() throws Exception {
InetAddress group = InetAddress.getByName("229.227.226.221");
! try (MulticastSocket s = new MulticastSocket(0)) {
! int port = s.getLocalPort();
!
! String addr = "localhost:" + port;
! AccessControlContext acc = getAccessControlContext(
! new SocketPermission(addr, "listen,resolve"),
! new SocketPermission("229.227.226.221", "connect,accept"));
!
! // Positive
! AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
s.joinGroup(group);
s.leaveGroup(group);
! return null;
! }, acc);
! // Negative
! try {
! AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
! s.joinGroup(group);
! s.leaveGroup(group);
! fail("Expected SecurityException");
! return null;
! }, RESTRICTED_ACC);
! } catch (SecurityException expected) { }
}
}
+
+ @Test
+ public void listenDatagramSocketTest() throws Exception {
+ // the hardcoded port number doesn't really matter since we expect the
+ // security permission to be checked before the underlying operation.
+ int port = 8899;
+ String addr = "localhost:" + port;
+ AccessControlContext acc = getAccessControlContext(
+ new SocketPermission(addr, "listen"));
+
+ // Positive
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ try (DatagramSocket ds = new DatagramSocket(port)) { }
+ catch (IOException intermittentlyExpected) { /* ignore */ }
+ return null;
+ }, acc);
+
+ // Negative
+ try {
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ try (DatagramSocket ds = new DatagramSocket(port)) { }
+ catch (IOException intermittentlyExpected) { /* ignore */ }
+ fail("Expected SecurityException");
+ return null;
+ }, RESTRICTED_ACC);
+ } catch (SecurityException expected) { }
}
! @Test
! public void listenMulticastSocketTest() throws Exception {
! // the hardcoded port number doesn't really matter since we expect the
! // security permission to be checked before the underlying operation.
! int port = 8899;
! String addr = "localhost:" + port;
! AccessControlContext acc = getAccessControlContext(
! new SocketPermission(addr, "listen"));
!
! // Positive
! AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
! try (MulticastSocket ms = new MulticastSocket(port)) { }
! catch (IOException intermittentlyExpected) { /* ignore */ }
! return null;
! }, acc);
!
! // Negative
! try {
! AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
! try (MulticastSocket ms = new MulticastSocket(port)) { }
! catch (IOException intermittentlyExpected) { /* ignore */ }
! fail("Expected SecurityException");
! return null;
! }, RESTRICTED_ACC);
! } catch (SecurityException expected) { }
}
+
+ @Test
+ public void listenServerSocketTest() throws Exception {
+ // the hardcoded port number doesn't really matter since we expect the
+ // security permission to be checked before the underlying operation.
+ int port = 8899;
+ String addr = "localhost:" + port;
+ AccessControlContext acc = getAccessControlContext(
+ new SocketPermission(addr, "listen"));
+
+ // Positive
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ try (ServerSocket ss = new ServerSocket(port)) { }
+ catch (IOException intermittentlyExpected) { /* ignore */ }
+ return null;
+ }, acc);
+
+ // Negative
+ try {
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ try (ServerSocket ss = new ServerSocket(port)) { }
+ catch (IOException intermittentlyExpected) { /* ignore */ }
+ fail("Expected SecurityException");
+ return null;
+ }, RESTRICTED_ACC);
+ } catch (SecurityException expected) { }
+
}
private static AccessControlContext getAccessControlContext(Permission... ps) {
Permissions perms = new Permissions();
for (Permission p : ps) {
*** 232,237 ****
--- 324,340 ----
*/
ProtectionDomain pd = new ProtectionDomain(null, perms);
return new AccessControlContext(new ProtectionDomain[]{pd});
}
+ // Standalone entry point for running with, possibly older, JDKs.
+ public static void main(String[] args) throws Throwable {
+ SocketPermissionTest test = new SocketPermissionTest();
+ test.setupSecurityManager();
+ for (java.lang.reflect.Method m : SocketPermissionTest.class.getDeclaredMethods()) {
+ if (m.getAnnotation(Test.class) != null) {
+ System.out.println("Invoking " + m.getName());
+ m.invoke(test);
+ }
+ }
+ }
}