1 /*
2 * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 4919147
27 * @summary Support for token-based KeyStores
28 */
29
30 import java.io.*;
31 import java.util.*;
32 import sun.security.provider.*;
33
34 public class TokenStore {
35
36 private static final String POLICY_NO_STORE =
37 "grant { permission java.security.AllPermission; };";
38
39 private static final String POLICY_URL =
40 "keystore \"file:${test.src}${/}TokenStore.keystore\";" +
41 "grant signedby \"POLICY_URL\" {" +
42 " permission java.security.AllPermission;" +
43 "};" ;
44
45 private static final String POLICY_URL_T =
46 "keystore \"file:${test.src}${/}TokenStore.keystore\", \"JKS\";"+
47 "grant signedby \"POLICY_URL_T\" {" +
48 " permission java.security.AllPermission;" +
49 "};" ;
50
51 private static final String POLICY_URL_T_P =
52 "keystore \"file:${test.src}${/}TokenStore.keystore\"," +
53 " \"JKS\", \"SUN\";" +
54 "grant signedby \"POLICY_URL_T_P\" {" +
55 " permission java.security.AllPermission;" +
56 "};" ;
57
58 private static final String POLICY_URL_PWD =
59 "keystore \"file:${test.src}${/}TokenStore.keystore\";" +
60 "keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" +
61 "grant signedby \"POLICY_URL\" {" +
62 " permission java.security.AllPermission;" +
63 "};" ;
64
65 private static final String POLICY_URL_T_P_PWD =
66 "keystore \"file:${test.src}${/}TokenStore.keystore\"," +
67 " \"JKS\", \"SUN\";" +
68 "keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" +
69 "grant signedby \"POLICY_URL_T_P\" {" +
70 " permission java.security.AllPermission;" +
71 "};" ;
72
73 private static final String POLICY_PASS_NO_STORE =
74 "keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" +
75 "grant signedby \"POLICY_URL_T_P\" {" +
76 " permission java.security.AllPermission;" +
77 "};" ;
78
79 public static void main(String[] args) throws Exception {
80
81 // test no key store in policy
82
83 PolicyParser p = new PolicyParser();
84 p.read(new StringReader(POLICY_NO_STORE));
85 doNoStore(p);
86 StringWriter sw = new StringWriter();
87 p.write(sw);
88 PolicyParser newP = new PolicyParser();
89 newP.read(new StringReader(sw.toString()));
90 doNoStore(p);
91
92 // test policy keystore + URL
93
94 p = new PolicyParser();
95 p.read(new StringReader(POLICY_URL));
96 doURL(p, true);
97 sw = new StringWriter();
98 p.write(sw);
99 newP = new PolicyParser();
100 newP.read(new StringReader(sw.toString()));
101 doURL(p, true);
102
103 // test policy keystore + URL + type
104
105 p = new PolicyParser();
106 p.read(new StringReader(POLICY_URL_T));
107 doURL_T(p, true);
108 sw = new StringWriter();
109 p.write(sw);
110 newP = new PolicyParser();
111 newP.read(new StringReader(sw.toString()));
112 doURL_T(p, true);
113
114 // test policy keystore + URL + type + provider
115
116 p = new PolicyParser();
117 p.read(new StringReader(POLICY_URL_T_P));
118 doURL_T_P(p, true);
119 sw = new StringWriter();
120 p.write(sw);
121 newP = new PolicyParser();
122 newP.read(new StringReader(sw.toString()));
123 doURL_T_P(p, true);
124
125 // test policy keystore + URL + password
126
127 p = new PolicyParser();
128 p.read(new StringReader(POLICY_URL_PWD));
129 doURL(p, false);
130 doPwd(p);
131 sw = new StringWriter();
132 p.write(sw);
133 newP = new PolicyParser();
134 newP.read(new StringReader(sw.toString()));
135 doURL(p, false);
136 doPwd(p);
137
138 // test policy keystore + URL + type + provider + password
139
140 p = new PolicyParser();
141 p.read(new StringReader(POLICY_URL_T_P_PWD));
142 doURL_T_P(p, false);
143 doPwd(p);
144 sw = new StringWriter();
145 p.write(sw);
146 newP = new PolicyParser();
147 newP.read(new StringReader(sw.toString()));
148 doURL_T_P(p, false);
149 doPwd(p);
150
151 // test policy password with no keystore
152 p = new PolicyParser();
153 try {
154 p.read(new StringReader(POLICY_PASS_NO_STORE));
155 throw new SecurityException("expected parsing exception");
156 } catch (PolicyParser.ParsingException pe) {
157 // good
158 }
159
160 }
161
162 private static void checkPerm(PolicyParser p) throws Exception {
163 Enumeration e = p.grantElements();
164 boolean foundOne = false;
165 while (e.hasMoreElements()) {
166 PolicyParser.GrantEntry ge = (PolicyParser.GrantEntry)
167 e.nextElement();
168 if (ge.permissionEntries == null) {
169 throw new SecurityException("expected non-null perms");
170 } else {
171 foundOne = true;
172 }
173 }
174 if (!foundOne) {
175 throw new SecurityException("expected non-null grant entries");
176 }
177 }
178
179 private static void doNoStore(PolicyParser p) throws Exception {
180 if (p.getKeyStoreUrl() != null ||
181 p.getKeyStoreType() != null ||
182 p.getKeyStoreProvider() != null ||
183 p.getStorePassURL() != null) {
184 throw new SecurityException("expected null keystore");
185 }
186 checkPerm(p);
187 }
188
189 private static void doURL(PolicyParser p, boolean checkPwd)
190 throws Exception {
191 if (p.getKeyStoreUrl() == null ||
192 !(p.getKeyStoreUrl().endsWith("TokenStore.keystore")) ||
193 p.getKeyStoreType() != null ||
194 p.getKeyStoreProvider() != null) {
195 throw new SecurityException("invalid keystore values");
196 }
197 if (checkPwd) {
198 if (p.getStorePassURL() != null) {
199 throw new SecurityException("invalid keystore values");
200 }
201 }
202 checkPerm(p);
203 }
204
205 private static void doURL_T(PolicyParser p, boolean checkPwd)
206 throws Exception {
207 if (p.getKeyStoreUrl() == null ||
208 !(p.getKeyStoreUrl().endsWith("TokenStore.keystore")) ||
209 p.getKeyStoreType() == null ||
210 !(p.getKeyStoreType().equals("JKS")) ||
211 p.getKeyStoreProvider() != null) {
212 throw new SecurityException("invalid keystore values");
213 }
214 if (checkPwd) {
215 if (p.getStorePassURL() != null) {
216 throw new SecurityException("invalid keystore values");
217 }
218 }
219 checkPerm(p);
220 }
221
222 private static void doURL_T_P(PolicyParser p, boolean checkPwd)
223 throws Exception {
224 if (p.getKeyStoreUrl() == null ||
225 !(p.getKeyStoreUrl().endsWith("TokenStore.keystore")) ||
226 p.getKeyStoreType() == null ||
227 !(p.getKeyStoreType().equals("JKS")) ||
228 p.getKeyStoreProvider() == null ||
229 !(p.getKeyStoreProvider().equals("SUN"))) {
230 throw new SecurityException("invalid keystore values");
231 }
232 if (checkPwd) {
233 if (p.getStorePassURL() != null) {
234 throw new SecurityException("invalid keystore values");
235 }
236 }
237 checkPerm(p);
238 }
239
240 private static void doPwd(PolicyParser p) throws Exception {
241 if (p.getStorePassURL() == null ||
242 !(p.getStorePassURL().endsWith("TokenStore.pwd"))) {
243 throw new SecurityException("invalid password values");
244 }
245 }
246 }