1 /*
2 * Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 5037004
27 * @run main/othervm Comparator
28 * @summary Frivolous ClassCastExceptions thrown by SubjectCodeSource.implies
29 *
30 * Note: if you want to see the java.security.debug output,
31 * you can not simply set the system property.
32 * you must run this test by hand and pass -Djava.security.debug=...
33 */
34
35 import java.io.*;
36 import java.security.*;
37 import java.util.PropertyPermission;
38 import javax.security.auth.Subject;
39 import javax.security.auth.x500.X500Principal;
40
41 import sun.security.provider.PolicyFile;
42 import com.sun.security.auth.UnixPrincipal;
43 import com.sun.security.auth.NTUserPrincipal;
44 import com.sun.security.auth.SolarisPrincipal;
45
46 public class Comparator {
47
48 private static final PropertyPermission FOO =
49 new PropertyPermission("foo", "read");
50 private static final PropertyPermission BAR =
51 new PropertyPermission("bar", "read");
52 private static final PropertyPermission FOOBAR =
53 new PropertyPermission("foobar", "read");
54 private static final PropertyPermission HELLO =
55 new PropertyPermission("hello", "read");
56 private static final PropertyPermission WORLD =
57 new PropertyPermission("world", "read");
58
59 private static final CodeSource cs =
60 new CodeSource(null, (java.security.cert.Certificate[])null);
61
62 private static final Principal[] p1 = new Principal[] {
63 new UnixPrincipal("1") };
64
65 private static final Principal[] p2 = new Principal[] {
66 new X500Principal("cn=2"),
67 new NTUserPrincipal("2") };
68
69 private static final Principal[] p3 = new Principal[] {
70 new UnixPrincipal("1"),
71 new X500Principal("cn=2"),
72 new NTUserPrincipal("2") };
73
74 private static final Principal[] p4 = new Principal[] {
75 new UnixPrincipal("1"),
76 new NTUserPrincipal("4") };
77
78 private static final Principal[] p5 = new Principal[] {
79 new UnixPrincipal("1"),
80 new X500Principal("cn=2"),
81 new NTUserPrincipal("2"),
82 new X500Principal("cn=x500") };
83
84 private static final Principal[] p6 = new Principal[] {
85 new UnixPrincipal("1"),
86 new NTUserPrincipal("4"),
87 new X500Principal("cn=x500") };
88
89 private static final Principal[] badP = new Principal[] {
90 new SolarisPrincipal("bad") };
91
92 public static class PCompare1 implements Principal {
93
94 private String name;
95
96 public PCompare1(String name) {
97 this.name = name;
98 }
99
100 @Override
101 public String getName() {
102 return name;
103 }
104
105 @Override
106 public boolean implies (Subject subject) {
107 if (subject.getPrincipals().contains(p1[0])) {
108 return true;
109 }
110 return false;
111 }
112 }
113
114 public static class PCompare2 implements Principal {
115 private String name;
116
117 public PCompare2(String name) {
118 this.name = name;
119 }
120
121 @Override
122 public String getName() {
123 return name;
124 }
125
126 @Override
127 public boolean implies (Subject subject) {
128 if (subject.getPrincipals().contains(p2[0]) &&
129 subject.getPrincipals().contains(p2[1])) {
130 return true;
131 }
132 return false;
133 }
134 }
135
136 public static class PCompare3 implements Principal {
137 private String name;
138
139 public PCompare3(String name) {
140 this.name = name;
141 }
142
143 @Override
144 public String getName() {
145 return name;
146 }
147
148 @Override
149 public boolean implies (Subject subject) {
150 return false;
151 }
152 }
153
154 public static void main(String[] args) throws Exception {
155
156 int testnum = 1;
157
158 // in case we run standalone
159 String policyDir = System.getProperty("test.src");
160 if (policyDir == null) {
161 policyDir = ".";
162 }
163
164 // do principal-only tests
165 System.setProperty("java.security.policy",
166 "=" +
167 policyDir +
168 File.separatorChar +
169 "Comparator.Principal.Policy");
170 PolicyFile policy = new PolicyFile();
171 testnum = doPrincipalTest(policy, testnum);
172 System.out.println("============ Principal Test Passed ============");
173
174 // do comparator-only tests
175 System.setProperty("java.security.policy",
176 "=" +
177 policyDir +
178 File.separatorChar +
179 "Comparator.Comparator.Policy");
180 policy = new PolicyFile();
181 testnum = doComparatorTest(policy, testnum);
182 System.out.println("============ Comparator Test Passed ============");
183
184 // combined principal/comparator tests
185 System.setProperty("java.security.policy",
186 "=" +
187 policyDir +
188 File.separatorChar +
189 "Comparator.Combined.Policy");
190 policy = new PolicyFile();
191 testnum = doCombinedTest(policy, testnum);
192 System.out.println("============ Combined Test Passed ============");
193 }
194
195 private static int doBadTest(PolicyFile policy, int testnum) {
196
197 // this principal is not in policy - should not match any policy grants
198 ProtectionDomain pd = new ProtectionDomain(cs, null, null, badP);
199 if (policy.implies(pd, FOO)) {
200 throw new SecurityException("test." + testnum + " failed");
201 }
202 testnum++;
203
204 // this principal is not in policy - should not match any policy grants
205 if (policy.implies(pd, BAR)) {
206 throw new SecurityException("test." + testnum + " failed");
207 }
208 testnum++;
209
210 // this principal is not in policy - should not match any policy grants
211 if (policy.implies(pd, FOOBAR)) {
212 throw new SecurityException("test." + testnum + " failed");
213 }
214 testnum++;
215
216 return testnum;
217 }
218
219 private static int doPrincipalTest(PolicyFile policy, int testnum) {
220
221 // security check against one principal should pass
222 ProtectionDomain pd = new ProtectionDomain(cs, null, null, p1);
223 if (!policy.implies(pd, FOO)) {
224 throw new SecurityException("test." + testnum + " failed");
225 }
226 testnum++;
227
228 // should not match BAR grant entry in policy
229 pd = new ProtectionDomain(cs, null, null, p1);
230 if (policy.implies(pd, BAR)) {
231 throw new SecurityException("test." + testnum + " failed");
232 }
233 testnum++;
234
235 // security check against two principals should pass
236 pd = new ProtectionDomain(cs, null, null, p2);
237 if (!policy.implies(pd, BAR)) {
238 throw new SecurityException("test." + testnum + " failed");
239 }
240 testnum++;
241
242 // should not match FOOBAR grant entry in policy
243 pd = new ProtectionDomain(cs, null, null, p1);
244 if (policy.implies(pd, FOOBAR)) {
245 throw new SecurityException("test." + testnum + " failed");
246 }
247 testnum++;
248
249 // should not match FOOBAR grant entry in policy
250 pd = new ProtectionDomain(cs, null, null, p2);
251 if (policy.implies(pd, FOOBAR)) {
252 throw new SecurityException("test." + testnum + " failed");
253 }
254 testnum++;
255
256 testnum = doBadTest(policy, testnum);
257
258 return testnum;
259 }
260
261 private static int doComparatorTest(PolicyFile policy, int testnum) {
262
263 // security check against one comparator should pass
264 ProtectionDomain pd = new ProtectionDomain(cs, null, null, p1);
265 if (!policy.implies(pd, FOO)) {
266 throw new SecurityException("test." + testnum + " failed");
267 }
268 testnum++;
269
270 // should not match BAR grant entry in policy
271 pd = new ProtectionDomain(cs, null, null, p1);
272 if (policy.implies(pd, BAR)) {
273 throw new SecurityException("test." + testnum + " failed");
274 }
275 testnum++;
276
277 // security check against two comparators should pass for FOO
278 pd = new ProtectionDomain(cs, null, null, p3);
279 if (!policy.implies(pd, FOO)) {
280 throw new SecurityException("test." + testnum + " failed");
281 }
282 testnum++;
283
284 // security check against two comparators should pass for BAR
285 pd = new ProtectionDomain(cs, null, null, p3);
286 if (!policy.implies(pd, BAR)) {
287 throw new SecurityException("test." + testnum + " failed");
288 }
289 testnum++;
290
291 // security check should fail against FOOBAR
292 pd = new ProtectionDomain(cs, null, null, p3);
293 if (policy.implies(pd, FOOBAR)) {
294 throw new SecurityException("test." + testnum + " failed");
295 }
296 testnum++;
297
298 testnum = doBadTest(policy, testnum);
299
300 return testnum;
301 }
302
303 private static int doCombinedTest(PolicyFile policy, int testnum) {
304
305 // security check against principal followed by comparator should pass
306 ProtectionDomain pd = new ProtectionDomain(cs, null, null, p3);
307 if (!policy.implies(pd, FOO)) {
308 throw new SecurityException("test." + testnum + " failed");
309 }
310 testnum++;
311
312 // should not match BAR grant entry in policy
313 pd = new ProtectionDomain(cs, null, null, p3);
314 if (policy.implies(pd, BAR)) {
315 throw new SecurityException("test." + testnum + " failed");
316 }
317 testnum++;
318
319 // security check against comparator followed by principal should pass
320 pd = new ProtectionDomain(cs, null, null, p4);
321 if (!policy.implies(pd, BAR)) {
322 throw new SecurityException("test." + testnum + " failed");
323 }
324 testnum++;
325
326 // should not match FOO grant entry in policy
327 pd = new ProtectionDomain(cs, null, null, p4);
328 if (policy.implies(pd, FOO)) {
329 throw new SecurityException("test." + testnum + " failed");
330 }
331 testnum++;
332
333 // security check against principal-principal-comparator should pass
334 pd = new ProtectionDomain(cs, null, null, p5);
335 if (!policy.implies(pd, HELLO)) {
336 throw new SecurityException("test." + testnum + " failed");
337 }
338 testnum++;
339
340 // should not match WORLD grant entry in policy
341 pd = new ProtectionDomain(cs, null, null, p5);
342 if (policy.implies(pd, WORLD)) {
343 throw new SecurityException("test." + testnum + " failed");
344 }
345 testnum++;
346
347 // security check against principal-principal-comparator should pass
348 pd = new ProtectionDomain(cs, null, null, p6);
349 if (!policy.implies(pd, WORLD)) {
350 throw new SecurityException("test." + testnum + " failed");
351 }
352 testnum++;
353
354 // should not match HELLO grant entry in policy
355 pd = new ProtectionDomain(cs, null, null, p6);
356 if (policy.implies(pd, HELLO)) {
357 throw new SecurityException("test." + testnum + " failed");
358 }
359 testnum++;
360
361 testnum = doBadTest(policy, testnum);
362
363 return testnum;
364 }
365 }