New test/javax/xml/jaxp/unittest/validation/Bug6925531Test.java

   1 /*
   2  * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 package validation;
  25 
  26 import java.io.ByteArrayInputStream;
  27 import java.io.IOException;
  28 import java.io.InputStreamReader;
  29 import java.security.AccessController;
  30 import java.security.AllPermission;
  31 import java.security.Permission;
  32 import java.security.Permissions;
  33 import java.security.PrivilegedAction;
  34 
  35 import javax.xml.XMLConstants;
  36 import javax.xml.transform.sax.SAXSource;
  37 import javax.xml.transform.stream.StreamSource;
  38 import javax.xml.validation.Schema;
  39 import javax.xml.validation.SchemaFactory;
  40 import javax.xml.validation.Validator;
  41 
  42 import org.testng.Assert;
  43 import org.testng.annotations.Listeners;
  44 import org.testng.annotations.Test;
  45 import org.xml.sax.InputSource;
  46 import org.xml.sax.SAXException;
  47 import org.xml.sax.SAXNotRecognizedException;
  48 import org.xml.sax.SAXNotSupportedException;
  49 
  50 /*
  51  * @bug 6925531
  52  * @summary Test Validator can validate SAXSource when SecurityManager is set or FEATURE_SECURE_PROCESSING is on.
  53  */
  54 @Listeners({jaxp.library.BasePolicy.class})
  55 public class Bug6925531Test {
  56     static final String SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
  57     static final String SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource";
  58     String xsd = "<?xml version='1.0'?>\n" + "<schema xmlns='http://www.w3.org/2001/XMLSchema'\n" + "        xmlns:test='jaxp13_test'\n"
  59             + "        targetNamespace='jaxp13_test'\n" + "        elementFormDefault='qualified'>\n" + "    <element name='test' type='string'/>\n"
  60             + "</schema>\n";
  61 
  62     String xml = "<?xml version='1.0'?>\n" + "<ns:test xmlns:ns='jaxp13_test'>\n" + "    abc\n" + "</ns:test>\n";
  63 
  64     StreamSource xsdSource;
  65     SAXSource xmlSource;
  66 
  67     public void init() {
  68         InputStreamReader reader = new InputStreamReader(new ByteArrayInputStream(xsd.getBytes()));
  69         xsdSource = new StreamSource(reader);
  70         reader = new InputStreamReader(new ByteArrayInputStream(xml.getBytes()));
  71         InputSource inSource = new InputSource(reader);
  72         xmlSource = new SAXSource(inSource);
  73     }
  74 
  75     /**
  76      * when security manager is present, secure feature is on automatically
  77      */
  78     @Test
  79     public void test_SM() {
  80         init();
  81         Permissions granted = new java.security.Permissions();
  82         granted.add(new AllPermission());
  83 
  84         System.setSecurityManager(new MySM(granted));
  85 
  86         SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
  87 
  88         Schema schema = null;
  89         try {
  90             schema = schemaFactory.newSchema(xsdSource);
  91         } catch (SAXException e) {
  92             Assert.fail(e.toString());
  93         }
  94 
  95         Validator validator = schema.newValidator();
  96 
  97         try {
  98             validator.validate(xmlSource, null);
  99         } catch (SAXException e) {
 100             Assert.fail(e.toString());
 101         } catch (IOException e) {
 102             Assert.fail(e.toString());
 103         } finally {
 104             System.setSecurityManager(null);
 105         }
 106 
 107         System.out.println("OK");
 108     }
 109 
 110     /**
 111      * set secure feature on SchemaFactory
 112      */
 113     @Test
 114     public void test_SF() {
 115         init();
 116         AccessController.doPrivileged(new PrivilegedAction() {
 117             public Object run() {
 118                 System.setSecurityManager(null);
 119                 return null; // nothing to return
 120             }
 121         });
 122 
 123         SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
 124         try {
 125             schemaFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
 126         } catch (SAXNotRecognizedException ex) {
 127             System.out.println(ex.getMessage());
 128         } catch (SAXNotSupportedException ex) {
 129             System.out.println(ex.getMessage());
 130         }
 131 
 132         Schema schema = null;
 133         try {
 134             schema = schemaFactory.newSchema(xsdSource);
 135         } catch (SAXException e) {
 136             Assert.fail(e.toString());
 137         }
 138 
 139         Validator validator = schema.newValidator();
 140 
 141         try {
 142             validator.validate(xmlSource, null);
 143         } catch (SAXException e) {
 144             Assert.fail(e.toString());
 145         } catch (IOException e) {
 146             Assert.fail(e.toString());
 147         }
 148         System.out.println("OK");
 149     }
 150 
 151     /**
 152      * set secure feature on the Validator
 153      */
 154     @Test
 155     public void test_Val() {
 156         init();
 157         System.setSecurityManager(null);
 158         SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
 159 
 160         Schema schema = null;
 161         try {
 162             schema = schemaFactory.newSchema(xsdSource);
 163         } catch (SAXException e) {
 164             Assert.fail(e.toString());
 165         }
 166 
 167         Validator validator = schema.newValidator();
 168         try {
 169             validator.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
 170         } catch (SAXNotRecognizedException ex) {
 171             System.out.println(ex.getMessage());
 172         } catch (SAXNotSupportedException ex) {
 173             System.out.println(ex.getMessage());
 174         }
 175 
 176         try {
 177             validator.validate(xmlSource, null);
 178         } catch (SAXException e) {
 179             Assert.fail(e.toString());
 180         } catch (IOException e) {
 181             Assert.fail(e.toString());
 182         }
 183         System.out.println("OK");
 184     }
 185 
 186     class MySM extends SecurityManager {
 187         Permissions granted;
 188 
 189         public MySM(Permissions perms) {
 190             granted = perms;
 191         }
 192 
 193         /**
 194          * The central point in checking permissions. Overridden from
 195          * java.lang.SecurityManager
 196          *
 197          * @param perm The permission requested.
 198          */
 199         @Override
 200         public void checkPermission(Permission perm) {
 201             if (granted.implies(perm)) {
 202                 return;
 203             }
 204             super.checkPermission(perm);
 205         }
 206 
 207     }
 208 }