1 /* 2 * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 /* @test 27 * @summary test access checking by java.lang.invoke.MethodHandles.Lookup 28 * @library ../../../.. 29 * @build test.java.lang.invoke.AccessControlTest 30 * @build test.java.lang.invoke.AccessControlTest_subpkg.Acquaintance_remote 31 * @run testng/othervm test.java.lang.invoke.AccessControlTest 32 */ 33 34 package test.java.lang.invoke; 35 36 import java.lang.invoke.*; 37 import java.lang.reflect.*; 38 import java.util.*; 39 import org.testng.*; 40 import org.testng.annotations.*; 41 42 import static java.lang.invoke.MethodHandles.*; 43 import static java.lang.invoke.MethodHandles.Lookup.*; 44 import static java.lang.invoke.MethodType.*; 45 import static org.testng.Assert.*; 46 47 import test.java.lang.invoke.AccessControlTest_subpkg.Acquaintance_remote; 48 49 50 /** 51 * Test many combinations of Lookup access and cross-class lookupStatic. 52 * @author jrose 53 */ 54 public class AccessControlTest { 55 static final Class<?> THIS_CLASS = AccessControlTest.class; 56 // How much output? 57 static int verbosity = 0; 58 static { 59 String vstr = System.getProperty(THIS_CLASS.getSimpleName()+".verbosity"); 60 if (vstr == null) 61 vstr = System.getProperty(THIS_CLASS.getName()+".verbosity"); 62 if (vstr != null) verbosity = Integer.parseInt(vstr); 63 } 64 65 private class LookupCase implements Comparable<LookupCase> { 66 final Lookup lookup; 67 final Class<?> lookupClass; 68 final int lookupModes; 69 public LookupCase(Lookup lookup) { 70 this.lookup = lookup; 71 this.lookupClass = lookup.lookupClass(); 72 this.lookupModes = lookup.lookupModes(); 73 assert(lookupString().equals(lookup.toString())); 74 numberOf(lookupClass().getClassLoader()); // assign CL# 75 } 76 public LookupCase(Class<?> lookupClass, int lookupModes) { 77 this.lookup = null; 78 this.lookupClass = lookupClass; 79 this.lookupModes = lookupModes; 80 numberOf(lookupClass().getClassLoader()); // assign CL# 81 } 82 83 public final Class<?> lookupClass() { return lookupClass; } 84 public final int lookupModes() { return lookupModes; } 85 86 public Lookup lookup() { lookup.getClass(); return lookup; } 87 88 @Override 89 public int compareTo(LookupCase that) { 90 Class<?> c1 = this.lookupClass(); 91 Class<?> c2 = that.lookupClass(); 92 if (c1 != c2) { 93 int cmp = c1.getName().compareTo(c2.getName()); 94 if (cmp != 0) return cmp; 95 cmp = numberOf(c1.getClassLoader()) - numberOf(c2.getClassLoader()); 96 assert(cmp != 0); 97 return cmp; 98 } 99 return -(this.lookupModes() - that.lookupModes()); 100 } 101 102 @Override 103 public boolean equals(Object that) { 104 return (that instanceof LookupCase && equals((LookupCase)that)); 105 } 106 public boolean equals(LookupCase that) { 107 return (this.lookupClass() == that.lookupClass() && 108 this.lookupModes() == that.lookupModes()); 109 } 110 111 @Override 112 public int hashCode() { 113 return lookupClass().hashCode() + (lookupModes() * 31); 114 } 115 116 /** Simulate all assertions in the spec. for Lookup.toString. */ 117 private String lookupString() { 118 String name = lookupClass.getName(); 119 String suffix = ""; 120 if (lookupModes == 0) 121 suffix = "/noaccess"; 122 else if (lookupModes == PUBLIC) 123 suffix = "/public"; 124 else if (lookupModes == (PUBLIC|PACKAGE)) 125 suffix = "/package"; 126 else if (lookupModes == (PUBLIC|PACKAGE|PRIVATE)) 127 suffix = "/private"; 128 else if (lookupModes == (PUBLIC|PACKAGE|PRIVATE|PROTECTED)) 129 suffix = ""; 130 else 131 suffix = "/#"+Integer.toHexString(lookupModes); 132 return name+suffix; 133 } 134 135 /** Simulate all assertions from the spec. for Lookup.in: 136 * <hr> 137 * Creates a lookup on the specified new lookup class. 138 * [A1] The resulting object will report the specified 139 * class as its own {@link #lookupClass lookupClass}. 140 * <p> 141 * [A2] However, the resulting {@code Lookup} object is guaranteed 142 * to have no more access capabilities than the original. 143 * In particular, access capabilities can be lost as follows:<ul> 144 * <li>[A3] If the new lookup class differs from the old one, 145 * protected members will not be accessible by virtue of inheritance. 146 * (Protected members may continue to be accessible because of package sharing.) 147 * <li>[A4] If the new lookup class is in a different package 148 * than the old one, protected and default (package) members will not be accessible. 149 * <li>[A5] If the new lookup class is not within the same package member 150 * as the old one, private members will not be accessible. 151 * <li>[A6] If the new lookup class is not accessible to the old lookup class, 152 * using the original access modes, 153 * then no members, not even public members, will be accessible. 154 * [A7] (In all other cases, public members will continue to be accessible.) 155 * </ul> 156 * Other than the above cases, the new lookup will have the same 157 * access capabilities as the original. [A8] 158 * <hr> 159 */ 160 public LookupCase in(Class<?> c2) { 161 Class<?> c1 = lookupClass(); 162 int m1 = lookupModes(); 163 int changed = 0; 164 boolean samePackage = (c1.getClassLoader() == c2.getClassLoader() && 165 packagePrefix(c1).equals(packagePrefix(c2))); 166 boolean sameTopLevel = (topLevelClass(c1) == topLevelClass(c2)); 167 boolean sameClass = (c1 == c2); 168 assert(samePackage || !sameTopLevel); 169 assert(sameTopLevel || !sameClass); 170 boolean accessible = sameClass; // [A6] 171 if ((m1 & PACKAGE) != 0) accessible |= samePackage; 172 if ((m1 & PUBLIC ) != 0) accessible |= (c2.getModifiers() & PUBLIC) != 0; 173 if (!accessible) { 174 // Different package and no access to c2; lose all access. 175 changed |= (PUBLIC|PACKAGE|PRIVATE|PROTECTED); // [A6] 176 } 177 if (!samePackage) { 178 // Different package; lose PACKAGE and lower access. 179 changed |= (PACKAGE|PRIVATE|PROTECTED); // [A4] 180 } 181 if (!sameTopLevel) { 182 // Different top-level class. Lose PRIVATE and lower access. 183 changed |= (PRIVATE|PROTECTED); // [A5] 184 } 185 if (!sameClass) { 186 changed |= (PROTECTED); // [A3] 187 } else { 188 assert(changed == 0); // [A8] (no deprivation if same class) 189 } 190 if (accessible) assert((changed & PUBLIC) == 0); // [A7] 191 int m2 = m1 & ~changed; 192 LookupCase l2 = new LookupCase(c2, m2); 193 assert(l2.lookupClass() == c2); // [A1] 194 assert((m1 | m2) == m1); // [A2] (no elevation of access) 195 return l2; 196 } 197 198 @Override 199 public String toString() { 200 String s = lookupClass().getSimpleName(); 201 String lstr = lookupString(); 202 int sl = lstr.indexOf('/'); 203 if (sl >= 0) s += lstr.substring(sl); 204 ClassLoader cld = lookupClass().getClassLoader(); 205 if (cld != THIS_LOADER) s += "/loader#"+numberOf(cld); 206 return s; 207 } 208 209 /** Predict the success or failure of accessing this method. */ 210 public boolean willAccess(Method m) { 211 Class<?> c1 = lookupClass(); 212 Class<?> c2 = m.getDeclaringClass(); 213 LookupCase lc = this.in(c2); 214 int m1 = lc.lookupModes(); 215 int m2 = fixMods(m.getModifiers()); 216 // privacy is strictly enforced on lookups 217 if (c1 != c2) m1 &= ~PRIVATE; 218 // protected access is sometimes allowed 219 if ((m2 & PROTECTED) != 0) { 220 int prev = m2; 221 m2 |= PACKAGE; // it acts like a package method also 222 if ((lookupModes() & PROTECTED) != 0 && 223 c2.isAssignableFrom(c1)) 224 m2 |= PUBLIC; // from a subclass, it acts like a public method also 225 } 226 if (verbosity >= 2) 227 System.out.println(this+" willAccess "+lc+" m1="+m1+" m2="+m2+" => "+((m2 & m1) != 0)); 228 return (m2 & m1) != 0; 229 } 230 } 231 232 private static Class<?> topLevelClass(Class<?> cls) { 233 Class<?> c = cls; 234 for (Class<?> ec; (ec = c.getEnclosingClass()) != null; ) 235 c = ec; 236 assert(c.getEnclosingClass() == null); 237 assert(c == cls || cls.getEnclosingClass() != null); 238 return c; 239 } 240 241 private static String packagePrefix(Class<?> c) { 242 while (c.isArray()) c = c.getComponentType(); 243 String s = c.getName(); 244 assert(s.indexOf('/') < 0); 245 return s.substring(0, s.lastIndexOf('.')+1); 246 } 247 248 249 private final TreeSet<LookupCase> CASES = new TreeSet<>(); 250 private final TreeMap<LookupCase,TreeSet<LookupCase>> CASE_EDGES = new TreeMap<>(); 251 private final ArrayList<ClassLoader> LOADERS = new ArrayList<>(); 252 private final ClassLoader THIS_LOADER = this.getClass().getClassLoader(); 253 { if (THIS_LOADER != null) LOADERS.add(THIS_LOADER); } // #1 254 255 private LookupCase lookupCase(String name) { 256 for (LookupCase lc : CASES) { 257 if (lc.toString().equals(name)) 258 return lc; 259 } 260 throw new AssertionError(name); 261 } 262 263 private int numberOf(ClassLoader cl) { 264 if (cl == null) return 0; 265 int i = LOADERS.indexOf(cl); 266 if (i < 0) { 267 i = LOADERS.size(); 268 LOADERS.add(cl); 269 } 270 return i+1; 271 } 272 273 private void addLookupEdge(LookupCase l1, Class<?> c2, LookupCase l2) { 274 TreeSet<LookupCase> edges = CASE_EDGES.get(l2); 275 if (edges == null) CASE_EDGES.put(l2, edges = new TreeSet<>()); 276 if (edges.add(l1)) { 277 Class<?> c1 = l1.lookupClass(); 278 assert(l2.lookupClass() == c2); // [A1] 279 int m1 = l1.lookupModes(); 280 int m2 = l2.lookupModes(); 281 assert((m1 | m2) == m1); // [A2] (no elevation of access) 282 LookupCase expect = l1.in(c2); 283 if (!expect.equals(l2)) 284 System.out.println("*** expect "+l1+" => "+expect+" but got "+l2); 285 assertEquals(expect, l2); 286 } 287 } 288 289 private void makeCases(Lookup[] originalLookups) { 290 // make initial set of lookup test cases 291 CASES.clear(); LOADERS.clear(); CASE_EDGES.clear(); 292 ArrayList<Class<?>> classes = new ArrayList<>(); 293 for (Lookup l : originalLookups) { 294 CASES.add(new LookupCase(l)); 295 classes.remove(l.lookupClass()); // no dups please 296 classes.add(l.lookupClass()); 297 } 298 System.out.println("loaders = "+LOADERS); 299 int rounds = 0; 300 for (int lastCount = -1; lastCount != CASES.size(); ) { 301 lastCount = CASES.size(); // if CASES grow in the loop we go round again 302 for (LookupCase lc1 : CASES.toArray(new LookupCase[0])) { 303 for (Class<?> c2 : classes) { 304 LookupCase lc2 = new LookupCase(lc1.lookup().in(c2)); 305 addLookupEdge(lc1, c2, lc2); 306 CASES.add(lc2); 307 } 308 } 309 rounds++; 310 } 311 System.out.println("filled in "+CASES.size()+" cases from "+originalLookups.length+" original cases in "+rounds+" rounds"); 312 if (false) { 313 System.out.println("CASES: {"); 314 for (LookupCase lc : CASES) { 315 System.out.println(lc); 316 Set<LookupCase> edges = CASE_EDGES.get(lc); 317 if (edges != null) 318 for (LookupCase prev : edges) { 319 System.out.println("\t"+prev); 320 } 321 } 322 System.out.println("}"); 323 } 324 } 325 326 @Test public void test() { 327 makeCases(lookups()); 328 if (verbosity > 0) { 329 verbosity += 9; 330 Method pro_in_self = targetMethod(THIS_CLASS, PROTECTED, methodType(void.class)); 331 testOneAccess(lookupCase("AccessControlTest/public"), pro_in_self, "find"); 332 testOneAccess(lookupCase("Remote_subclass/public"), pro_in_self, "find"); 333 testOneAccess(lookupCase("Remote_subclass"), pro_in_self, "find"); 334 verbosity -= 9; 335 } 336 Set<Class<?>> targetClassesDone = new HashSet<>(); 337 for (LookupCase targetCase : CASES) { 338 Class<?> targetClass = targetCase.lookupClass(); 339 if (!targetClassesDone.add(targetClass)) continue; // already saw this one 340 String targetPlace = placeName(targetClass); 341 if (targetPlace == null) continue; // Object, String, not a target 342 for (int targetAccess : ACCESS_CASES) { 343 MethodType methodType = methodType(void.class); 344 Method method = targetMethod(targetClass, targetAccess, methodType); 345 // Try to access target method from various contexts. 346 for (LookupCase sourceCase : CASES) { 347 testOneAccess(sourceCase, method, "find"); 348 testOneAccess(sourceCase, method, "unreflect"); 349 } 350 } 351 } 352 System.out.println("tested "+testCount+" access scenarios; "+testCountFails+" accesses were denied"); 353 } 354 355 private int testCount, testCountFails; 356 357 private void testOneAccess(LookupCase sourceCase, Method method, String kind) { 358 Class<?> targetClass = method.getDeclaringClass(); 359 String methodName = method.getName(); 360 MethodType methodType = methodType(method.getReturnType(), method.getParameterTypes()); 361 boolean willAccess = sourceCase.willAccess(method); 362 boolean didAccess = false; 363 ReflectiveOperationException accessError = null; 364 try { 365 switch (kind) { 366 case "find": 367 if ((method.getModifiers() & Modifier.STATIC) != 0) 368 sourceCase.lookup().findStatic(targetClass, methodName, methodType); 369 else 370 sourceCase.lookup().findVirtual(targetClass, methodName, methodType); 371 break; 372 case "unreflect": 373 sourceCase.lookup().unreflect(method); 374 break; 375 default: 376 throw new AssertionError(kind); 377 } 378 didAccess = true; 379 } catch (ReflectiveOperationException ex) { 380 accessError = ex; 381 } 382 if (willAccess != didAccess) { 383 System.out.println(sourceCase+" => "+targetClass.getSimpleName()+"."+methodName+methodType); 384 System.out.println("fail on "+method+" ex="+accessError); 385 assertEquals(willAccess, didAccess); 386 } 387 testCount++; 388 if (!didAccess) testCountFails++; 389 } 390 391 static Method targetMethod(Class<?> targetClass, int targetAccess, MethodType methodType) { 392 String methodName = accessName(targetAccess)+placeName(targetClass); 393 if (verbosity >= 2) 394 System.out.println(targetClass.getSimpleName()+"."+methodName+methodType); 395 try { 396 Method method = targetClass.getDeclaredMethod(methodName, methodType.parameterArray()); 397 assertEquals(method.getReturnType(), methodType.returnType()); 398 int haveMods = method.getModifiers(); 399 assert(Modifier.isStatic(haveMods)); 400 assert(targetAccess == fixMods(haveMods)); 401 return method; 402 } catch (NoSuchMethodException ex) { 403 throw new AssertionError(methodName, ex); 404 } 405 } 406 407 static String placeName(Class<?> cls) { 408 // return "self", "sibling", "nestmate", etc. 409 if (cls == AccessControlTest.class) return "self"; 410 String cln = cls.getSimpleName(); 411 int under = cln.lastIndexOf('_'); 412 if (under < 0) return null; 413 return cln.substring(under+1); 414 } 415 static String accessName(int acc) { 416 switch (acc) { 417 case PUBLIC: return "pub_in_"; 418 case PROTECTED: return "pro_in_"; 419 case PACKAGE: return "pkg_in_"; 420 case PRIVATE: return "pri_in_"; 421 } 422 assert(false); 423 return "?"; 424 } 425 private static final int[] ACCESS_CASES = { 426 PUBLIC, PACKAGE, PRIVATE, PROTECTED 427 }; 428 /** Return one of the ACCESS_CASES. */ 429 static int fixMods(int mods) { 430 mods &= (PUBLIC|PRIVATE|PROTECTED); 431 switch (mods) { 432 case PUBLIC: case PRIVATE: case PROTECTED: return mods; 433 case 0: return PACKAGE; 434 } 435 throw new AssertionError(mods); 436 } 437 438 static Lookup[] lookups() { 439 ArrayList<Lookup> tem = new ArrayList<>(); 440 Collections.addAll(tem, 441 AccessControlTest.lookup_in_self(), 442 Inner_nestmate.lookup_in_nestmate(), 443 AccessControlTest_sibling.lookup_in_sibling()); 444 if (true) { 445 Collections.addAll(tem,Acquaintance_remote.lookups()); 446 } else { 447 try { 448 Class<?> remc = Class.forName("test.java.lang.invoke.AccessControlTest_subpkg.Acquaintance_remote"); 449 Lookup[] remls = (Lookup[]) remc.getMethod("lookups").invoke(null); 450 Collections.addAll(tem, remls); 451 } catch (ReflectiveOperationException ex) { 452 throw new LinkageError("reflection failed", ex); 453 } 454 } 455 tem.add(publicLookup()); 456 tem.add(publicLookup().in(String.class)); 457 tem.add(publicLookup().in(List.class)); 458 return tem.toArray(new Lookup[0]); 459 } 460 461 static Lookup lookup_in_self() { 462 return MethodHandles.lookup(); 463 } 464 static public void pub_in_self() { } 465 static protected void pro_in_self() { } 466 static /*package*/ void pkg_in_self() { } 467 static private void pri_in_self() { } 468 469 static class Inner_nestmate { 470 static Lookup lookup_in_nestmate() { 471 return MethodHandles.lookup(); 472 } 473 static public void pub_in_nestmate() { } 474 static protected void pro_in_nestmate() { } 475 static /*package*/ void pkg_in_nestmate() { } 476 static private void pri_in_nestmate() { } 477 } 478 } 479 class AccessControlTest_sibling { 480 static Lookup lookup_in_sibling() { 481 return MethodHandles.lookup(); 482 } 483 static public void pub_in_sibling() { } 484 static protected void pro_in_sibling() { } 485 static /*package*/ void pkg_in_sibling() { } 486 static private void pri_in_sibling() { } 487 } 488 489 // This guy tests access from outside the package: 490 /* 491 package test.java.lang.invoke.AccessControlTest_subpkg; 492 public class Acquaintance_remote { 493 public static Lookup[] lookups() { ... 494 } 495 ... 496 } 497 */