1 /* 2 * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 /* 25 * @test 26 * @bug 4919147 27 * @summary Support for token-based KeyStores 28 */ 29 30 import java.io.*; 31 import java.util.*; 32 import sun.security.provider.*; 33 34 public class TokenStore { 35 36 private static final String POLICY_NO_STORE = 37 "grant { permission java.security.AllPermission; };"; 38 39 private static final String POLICY_URL = 40 "keystore \"file:${test.src}${/}TokenStore.keystore\";" + 41 "grant signedby \"POLICY_URL\" {" + 42 " permission java.security.AllPermission;" + 43 "};" ; 44 45 private static final String POLICY_URL_T = 46 "keystore \"file:${test.src}${/}TokenStore.keystore\", \"JKS\";"+ 47 "grant signedby \"POLICY_URL_T\" {" + 48 " permission java.security.AllPermission;" + 49 "};" ; 50 51 private static final String POLICY_URL_T_P = 52 "keystore \"file:${test.src}${/}TokenStore.keystore\"," + 53 " \"JKS\", \"SUN\";" + 54 "grant signedby \"POLICY_URL_T_P\" {" + 55 " permission java.security.AllPermission;" + 56 "};" ; 57 58 private static final String POLICY_URL_PWD = 59 "keystore \"file:${test.src}${/}TokenStore.keystore\";" + 60 "keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" + 61 "grant signedby \"POLICY_URL\" {" + 62 " permission java.security.AllPermission;" + 63 "};" ; 64 65 private static final String POLICY_URL_T_P_PWD = 66 "keystore \"file:${test.src}${/}TokenStore.keystore\"," + 67 " \"JKS\", \"SUN\";" + 68 "keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" + 69 "grant signedby \"POLICY_URL_T_P\" {" + 70 " permission java.security.AllPermission;" + 71 "};" ; 72 73 private static final String POLICY_PASS_NO_STORE = 74 "keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" + 75 "grant signedby \"POLICY_URL_T_P\" {" + 76 " permission java.security.AllPermission;" + 77 "};" ; 78 79 public static void main(String[] args) throws Exception { 80 81 // test no key store in policy 82 83 PolicyParser p = new PolicyParser(); 84 p.read(new StringReader(POLICY_NO_STORE)); 85 doNoStore(p); 86 StringWriter sw = new StringWriter(); 87 p.write(sw); 88 PolicyParser newP = new PolicyParser(); 89 newP.read(new StringReader(sw.toString())); 90 doNoStore(p); 91 92 // test policy keystore + URL 93 94 p = new PolicyParser(); 95 p.read(new StringReader(POLICY_URL)); 96 doURL(p, true); 97 sw = new StringWriter(); 98 p.write(sw); 99 newP = new PolicyParser(); 100 newP.read(new StringReader(sw.toString())); 101 doURL(p, true); 102 103 // test policy keystore + URL + type 104 105 p = new PolicyParser(); 106 p.read(new StringReader(POLICY_URL_T)); 107 doURL_T(p, true); 108 sw = new StringWriter(); 109 p.write(sw); 110 newP = new PolicyParser(); 111 newP.read(new StringReader(sw.toString())); 112 doURL_T(p, true); 113 114 // test policy keystore + URL + type + provider 115 116 p = new PolicyParser(); 117 p.read(new StringReader(POLICY_URL_T_P)); 118 doURL_T_P(p, true); 119 sw = new StringWriter(); 120 p.write(sw); 121 newP = new PolicyParser(); 122 newP.read(new StringReader(sw.toString())); 123 doURL_T_P(p, true); 124 125 // test policy keystore + URL + password 126 127 p = new PolicyParser(); 128 p.read(new StringReader(POLICY_URL_PWD)); 129 doURL(p, false); 130 doPwd(p); 131 sw = new StringWriter(); 132 p.write(sw); 133 newP = new PolicyParser(); 134 newP.read(new StringReader(sw.toString())); 135 doURL(p, false); 136 doPwd(p); 137 138 // test policy keystore + URL + type + provider + password 139 140 p = new PolicyParser(); 141 p.read(new StringReader(POLICY_URL_T_P_PWD)); 142 doURL_T_P(p, false); 143 doPwd(p); 144 sw = new StringWriter(); 145 p.write(sw); 146 newP = new PolicyParser(); 147 newP.read(new StringReader(sw.toString())); 148 doURL_T_P(p, false); 149 doPwd(p); 150 151 // test policy password with no keystore 152 p = new PolicyParser(); 153 try { 154 p.read(new StringReader(POLICY_PASS_NO_STORE)); 155 throw new SecurityException("expected parsing exception"); 156 } catch (PolicyParser.ParsingException pe) { 157 // good 158 } 159 160 } 161 162 private static void checkPerm(PolicyParser p) throws Exception { 163 Enumeration e = p.grantElements(); 164 boolean foundOne = false; 165 while (e.hasMoreElements()) { 166 PolicyParser.GrantEntry ge = (PolicyParser.GrantEntry) 167 e.nextElement(); 168 if (ge.permissionEntries == null) { 169 throw new SecurityException("expected non-null perms"); 170 } else { 171 foundOne = true; 172 } 173 } 174 if (!foundOne) { 175 throw new SecurityException("expected non-null grant entries"); 176 } 177 } 178 179 private static void doNoStore(PolicyParser p) throws Exception { 180 if (p.getKeyStoreUrl() != null || 181 p.getKeyStoreType() != null || 182 p.getKeyStoreProvider() != null || 183 p.getStorePassURL() != null) { 184 throw new SecurityException("expected null keystore"); 185 } 186 checkPerm(p); 187 } 188 189 private static void doURL(PolicyParser p, boolean checkPwd) 190 throws Exception { 191 if (p.getKeyStoreUrl() == null || 192 !(p.getKeyStoreUrl().endsWith("TokenStore.keystore")) || 193 p.getKeyStoreType() != null || 194 p.getKeyStoreProvider() != null) { 195 throw new SecurityException("invalid keystore values"); 196 } 197 if (checkPwd) { 198 if (p.getStorePassURL() != null) { 199 throw new SecurityException("invalid keystore values"); 200 } 201 } 202 checkPerm(p); 203 } 204 205 private static void doURL_T(PolicyParser p, boolean checkPwd) 206 throws Exception { 207 if (p.getKeyStoreUrl() == null || 208 !(p.getKeyStoreUrl().endsWith("TokenStore.keystore")) || 209 p.getKeyStoreType() == null || 210 !(p.getKeyStoreType().equals("JKS")) || 211 p.getKeyStoreProvider() != null) { 212 throw new SecurityException("invalid keystore values"); 213 } 214 if (checkPwd) { 215 if (p.getStorePassURL() != null) { 216 throw new SecurityException("invalid keystore values"); 217 } 218 } 219 checkPerm(p); 220 } 221 222 private static void doURL_T_P(PolicyParser p, boolean checkPwd) 223 throws Exception { 224 if (p.getKeyStoreUrl() == null || 225 !(p.getKeyStoreUrl().endsWith("TokenStore.keystore")) || 226 p.getKeyStoreType() == null || 227 !(p.getKeyStoreType().equals("JKS")) || 228 p.getKeyStoreProvider() == null || 229 !(p.getKeyStoreProvider().equals("SUN"))) { 230 throw new SecurityException("invalid keystore values"); 231 } 232 if (checkPwd) { 233 if (p.getStorePassURL() != null) { 234 throw new SecurityException("invalid keystore values"); 235 } 236 } 237 checkPerm(p); 238 } 239 240 private static void doPwd(PolicyParser p) throws Exception { 241 if (p.getStorePassURL() == null || 242 !(p.getStorePassURL().endsWith("TokenStore.pwd"))) { 243 throw new SecurityException("invalid password values"); 244 } 245 } 246 }