1 /* 2 * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 package validation; 25 26 import java.io.ByteArrayInputStream; 27 import java.io.IOException; 28 import java.io.InputStreamReader; 29 import java.security.AccessController; 30 import java.security.AllPermission; 31 import java.security.Permission; 32 import java.security.Permissions; 33 import java.security.PrivilegedAction; 34 35 import javax.xml.XMLConstants; 36 import javax.xml.transform.sax.SAXSource; 37 import javax.xml.transform.stream.StreamSource; 38 import javax.xml.validation.Schema; 39 import javax.xml.validation.SchemaFactory; 40 import javax.xml.validation.Validator; 41 42 import org.testng.Assert; 43 import org.testng.annotations.Listeners; 44 import org.testng.annotations.Test; 45 import org.xml.sax.InputSource; 46 import org.xml.sax.SAXException; 47 import org.xml.sax.SAXNotRecognizedException; 48 import org.xml.sax.SAXNotSupportedException; 49 50 /* 51 * @bug 6925531 52 * @summary Test Validator can validate SAXSource when SecurityManager is set or FEATURE_SECURE_PROCESSING is on. 53 */ 54 @Listeners({jaxp.library.BasePolicy.class}) 55 public class Bug6925531Test { 56 static final String SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage"; 57 static final String SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource"; 58 String xsd = "<?xml version='1.0'?>\n" + "<schema xmlns='http://www.w3.org/2001/XMLSchema'\n" + " xmlns:test='jaxp13_test'\n" 59 + " targetNamespace='jaxp13_test'\n" + " elementFormDefault='qualified'>\n" + " <element name='test' type='string'/>\n" 60 + "</schema>\n"; 61 62 String xml = "<?xml version='1.0'?>\n" + "<ns:test xmlns:ns='jaxp13_test'>\n" + " abc\n" + "</ns:test>\n"; 63 64 StreamSource xsdSource; 65 SAXSource xmlSource; 66 67 public void init() { 68 InputStreamReader reader = new InputStreamReader(new ByteArrayInputStream(xsd.getBytes())); 69 xsdSource = new StreamSource(reader); 70 reader = new InputStreamReader(new ByteArrayInputStream(xml.getBytes())); 71 InputSource inSource = new InputSource(reader); 72 xmlSource = new SAXSource(inSource); 73 } 74 75 /** 76 * when security manager is present, secure feature is on automatically 77 */ 78 @Test 79 public void test_SM() { 80 init(); 81 Permissions granted = new java.security.Permissions(); 82 granted.add(new AllPermission()); 83 84 System.setSecurityManager(new MySM(granted)); 85 86 SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); 87 88 Schema schema = null; 89 try { 90 schema = schemaFactory.newSchema(xsdSource); 91 } catch (SAXException e) { 92 Assert.fail(e.toString()); 93 } 94 95 Validator validator = schema.newValidator(); 96 97 try { 98 validator.validate(xmlSource, null); 99 } catch (SAXException e) { 100 Assert.fail(e.toString()); 101 } catch (IOException e) { 102 Assert.fail(e.toString()); 103 } finally { 104 System.setSecurityManager(null); 105 } 106 107 System.out.println("OK"); 108 } 109 110 /** 111 * set secure feature on SchemaFactory 112 */ 113 @Test 114 public void test_SF() { 115 init(); 116 AccessController.doPrivileged(new PrivilegedAction() { 117 public Object run() { 118 System.setSecurityManager(null); 119 return null; // nothing to return 120 } 121 }); 122 123 SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); 124 try { 125 schemaFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); 126 } catch (SAXNotRecognizedException ex) { 127 System.out.println(ex.getMessage()); 128 } catch (SAXNotSupportedException ex) { 129 System.out.println(ex.getMessage()); 130 } 131 132 Schema schema = null; 133 try { 134 schema = schemaFactory.newSchema(xsdSource); 135 } catch (SAXException e) { 136 Assert.fail(e.toString()); 137 } 138 139 Validator validator = schema.newValidator(); 140 141 try { 142 validator.validate(xmlSource, null); 143 } catch (SAXException e) { 144 Assert.fail(e.toString()); 145 } catch (IOException e) { 146 Assert.fail(e.toString()); 147 } 148 System.out.println("OK"); 149 } 150 151 /** 152 * set secure feature on the Validator 153 */ 154 @Test 155 public void test_Val() { 156 init(); 157 System.setSecurityManager(null); 158 SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); 159 160 Schema schema = null; 161 try { 162 schema = schemaFactory.newSchema(xsdSource); 163 } catch (SAXException e) { 164 Assert.fail(e.toString()); 165 } 166 167 Validator validator = schema.newValidator(); 168 try { 169 validator.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); 170 } catch (SAXNotRecognizedException ex) { 171 System.out.println(ex.getMessage()); 172 } catch (SAXNotSupportedException ex) { 173 System.out.println(ex.getMessage()); 174 } 175 176 try { 177 validator.validate(xmlSource, null); 178 } catch (SAXException e) { 179 Assert.fail(e.toString()); 180 } catch (IOException e) { 181 Assert.fail(e.toString()); 182 } 183 System.out.println("OK"); 184 } 185 186 class MySM extends SecurityManager { 187 Permissions granted; 188 189 public MySM(Permissions perms) { 190 granted = perms; 191 } 192 193 /** 194 * The central point in checking permissions. Overridden from 195 * java.lang.SecurityManager 196 * 197 * @param perm The permission requested. 198 */ 199 @Override 200 public void checkPermission(Permission perm) { 201 if (granted.implies(perm)) { 202 return; 203 } 204 super.checkPermission(perm); 205 } 206 207 } 208 }