New jdk/test/java/io/Serializable/auditStreamSubclass/AuditStreamSubclass.java

   1 /*
   2  * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 /* @test
  25  * @bug 4311940
  26  * @summary Verify that unauthorized ObjectOutputStream and ObjectInputStream
  27  *          cannot be constructed if they override security-sensitive non-final
  28  *          methods.
  29  * @build AuditStreamSubclass
  30  * @run main/othervm AuditStreamSubclass
  31  */
  32 import java.io.*;
  33 
  34 class GoodOOS1 extends ObjectOutputStream {
  35     GoodOOS1(OutputStream out) throws IOException { super(out); }
  36 }
  37 
  38 class GoodOOS2 extends GoodOOS1 {
  39     GoodOOS2(OutputStream out) throws IOException { super(out); }
  40 }
  41 
  42 class BadOOS1 extends ObjectOutputStream {
  43     BadOOS1(OutputStream out) throws IOException { super(out); }
  44     public PutField putFields() throws IOException { return null; }
  45 }
  46 
  47 class BadOOS2 extends ObjectOutputStream {
  48     BadOOS2(OutputStream out) throws IOException { super(out); }
  49     public void writeUnshared(Object obj) throws IOException {}
  50 }
  51 
  52 class BadOOS3 extends GoodOOS1 {
  53     BadOOS3(OutputStream out) throws IOException { super(out); }
  54     public void writeUnshared(Object obj) throws IOException {}
  55 }
  56 
  57 
  58 class GoodOIS1 extends ObjectInputStream {
  59     GoodOIS1(InputStream in) throws IOException { super(in); }
  60 }
  61 
  62 class GoodOIS2 extends GoodOIS1 {
  63     GoodOIS2(InputStream in) throws IOException { super(in); }
  64 }
  65 
  66 class BadOIS1 extends ObjectInputStream {
  67     BadOIS1(InputStream in) throws IOException { super(in); }
  68     public GetField readFields() throws IOException, ClassNotFoundException {
  69         return null;
  70     }
  71 }
  72 
  73 class BadOIS2 extends ObjectInputStream {
  74     BadOIS2(InputStream in) throws IOException { super(in); }
  75     public Object readUnshared() throws IOException, ClassNotFoundException {
  76         return null;
  77     }
  78 }
  79 
  80 class BadOIS3 extends GoodOIS1 {
  81     BadOIS3(InputStream in) throws IOException { super(in); }
  82     public Object readUnshared() throws IOException, ClassNotFoundException {
  83         return null;
  84     }
  85 }
  86 
  87 public class AuditStreamSubclass {
  88     public static void main(String[] args) throws Exception {
  89         if (System.getSecurityManager() == null) {
  90             System.setSecurityManager(new SecurityManager());
  91         }
  92         ByteArrayOutputStream bout = new ByteArrayOutputStream();
  93         ObjectOutputStream oout = new ObjectOutputStream(bout);
  94         oout.flush();
  95         byte[] buf = bout.toByteArray();
  96 
  97         new GoodOOS1(bout);
  98         new GoodOOS2(bout);
  99         new GoodOIS1(new ByteArrayInputStream(buf));
 100         new GoodOIS2(new ByteArrayInputStream(buf));
 101 
 102         try {
 103             new BadOOS1(bout);
 104             throw new Error();
 105         } catch (SecurityException ex) {
 106         }
 107 
 108         try {
 109             new BadOOS2(bout);
 110             throw new Error();
 111         } catch (SecurityException ex) {
 112         }
 113 
 114         try {
 115             new BadOOS3(bout);
 116             throw new Error();
 117         } catch (SecurityException ex) {
 118         }
 119 
 120         try {
 121             new BadOIS1(new ByteArrayInputStream(buf));
 122             throw new Error();
 123         } catch (SecurityException ex) {
 124         }
 125 
 126         try {
 127             new BadOIS2(new ByteArrayInputStream(buf));
 128             throw new Error();
 129         } catch (SecurityException ex) {
 130         }
 131 
 132         try {
 133             new BadOIS3(new ByteArrayInputStream(buf));
 134             throw new Error();
 135         } catch (SecurityException ex) {
 136         }
 137     }
 138 }