test/java/net/SocketPermission/SocketPermissionTest.java
Print this page
@@ -23,12 +23,11 @@
/*
* @test
* @bug 8047031
* @summary SocketPermission tests for legacy socket types
- * @library ../../../lib/testlibrary
- * @run testng/othervm/policy=policy SocketPermissionTest
+ * @run testng SocketPermissionTest
* @key intermittent
*/
import java.io.IOException;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
@@ -37,190 +36,283 @@
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketPermission;
import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.CodeSource;
import java.security.Permission;
+import java.security.PermissionCollection;
import java.security.Permissions;
-import java.security.PrivilegedAction;
+import java.security.Policy;
+import java.security.PrivilegedExceptionAction;
import java.security.ProtectionDomain;
-import java.util.Arrays;
-import java.util.function.Function;
-import java.util.function.IntConsumer;
-import static jdk.testlibrary.Utils.getFreePort;
+
import org.testng.annotations.BeforeMethod;
-import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
+import static org.testng.Assert.*;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
public class SocketPermissionTest {
- private int freePort = -1;
- //positive tests
- @Test(dataProvider = "positiveProvider")
- public void testPositive(Function<String, AccessControlContext> genAcc, IntConsumer func) {
- String addr = "localhost:" + freePort;
- AccessControlContext acc = genAcc.apply(addr);
- AccessController.doPrivileged((PrivilegedAction) () -> {
- func.accept(freePort);
- return null;
- }, acc);
+ @BeforeMethod
+ public void setupSecurityManager() throws Exception {
+ // All permissions, a specific ACC will be used to when testing
+ // with a reduced permission set.
+ Policy.setPolicy(new Policy() {
+ final PermissionCollection perms = new Permissions();
+ { perms.add(new java.security.AllPermission()); }
+ public PermissionCollection getPermissions(ProtectionDomain domain) {
+ return perms;
+ }
+ public PermissionCollection getPermissions(CodeSource codesource) {
+ return perms;
+ }
+ public boolean implies(ProtectionDomain domain, Permission perm) {
+ return perms.implies(perm);
}
+ } );
+ System.setSecurityManager(new SecurityManager());
+ }
+
+ static final AccessControlContext RESTRICTED_ACC = getAccessControlContext();
+
+ @Test
+ public void connectSocketTest() throws Exception {
+ try (ServerSocket ss = new ServerSocket(0)) {
+ int port = ss.getLocalPort();
- //negative tests
- @Test(dataProvider = "negativeProvider", expectedExceptions = SecurityException.class)
- public void testNegative(AccessControlContext acc, IntConsumer func) {
- AccessController.doPrivileged((PrivilegedAction) () -> {
- func.accept(freePort);
+ String addr = "localhost:" + port;
+ AccessControlContext acc = getAccessControlContext(
+ new SocketPermission(addr, "listen,connect,resolve"));
+
+ // Positive
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ try (Socket client = new Socket(InetAddress.getLocalHost(), port)) {
+ }
return null;
}, acc);
- }
- @BeforeMethod
- public void setFreePort() throws Exception {
- freePort = getFreePort();
+ //Negative
+ try {
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ Socket client = new Socket(InetAddress.getLocalHost(), port);
+ fail("Expected SecurityException");
+ return null;
+ }, RESTRICTED_ACC);
+ } catch (SecurityException expected) { }
+ }
}
- @DataProvider
- public Object[][] positiveProvider() {
- //test for SocketPermission "host:port","connect,resolve";
- Function<String, AccessControlContext> generateAcc1 = (addr) -> getAccessControlContext(
- new SocketPermission(addr, "listen, connect,resolve"));
- IntConsumer func1 = (i) -> connectSocketTest(i);
- IntConsumer func2 = (i) -> connectDatagramSocketTest(i);
+ @Test
+ public void connectDatagramSocketTest() throws Exception {
+ byte[] msg = "Hello".getBytes(UTF_8);
+ InetAddress lh = InetAddress.getLocalHost();
- //test for SocketPermission "localhost:1024-","accept";
- Function<String, AccessControlContext> generateAcc2 = (addr) -> getAccessControlContext(
- new SocketPermission(addr, "listen,connect,resolve"),
- new SocketPermission("localhost:1024-", "accept"));
- IntConsumer func3 = (i) -> acceptServerSocketTest(i);
+ try (DatagramSocket ds = new DatagramSocket(0)) {
+ int port = ds.getLocalPort();
- //test for SocketPermission "229.227.226.221", "connect,accept"
- Function<String, AccessControlContext> generateAcc3 = (addr) -> getAccessControlContext(
- new SocketPermission(addr, "listen,resolve"),
- new SocketPermission("229.227.226.221", "connect,accept"));
- IntConsumer func4 = (i) -> sendDatagramPacketTest(i);
- IntConsumer func5 = (i) -> joinGroupMulticastTest(i);
+ String addr = lh.getHostAddress() + ":" + port;
+ AccessControlContext acc = getAccessControlContext(
+ new SocketPermission(addr, "connect,resolve"));
- //test for SocketPermission "host:port", "listen"
- Function<String, AccessControlContext> generateAcc4 = (addr) -> getAccessControlContext(
- new SocketPermission(addr, "listen"));
- IntConsumer func6 = (i) -> listenDatagramSocketTest(i);
- IntConsumer func7 = (i) -> listenMulticastSocketTest(i);
- IntConsumer func8 = (i) -> listenServerSocketTest(i);
-
- return new Object[][]{
- {generateAcc1, func1},
- {generateAcc1, func2},
- {generateAcc2, func3},
- {generateAcc3, func4},
- {generateAcc3, func5},
- {generateAcc4, func6},
- {generateAcc4, func7},
- {generateAcc4, func8}
- };
- }
-
- @DataProvider
- public Object[][] negativeProvider() {
- IntConsumer[] funcs = {i -> connectSocketTest(i),
- i -> connectDatagramSocketTest(i), i -> acceptServerSocketTest(i),
- i -> sendDatagramPacketTest(i), i -> joinGroupMulticastTest(i),
- i -> listenDatagramSocketTest(i), i -> listenMulticastSocketTest(i),
- i -> listenServerSocketTest(i)};
- return Arrays.stream(funcs).map(f -> {
- //Construct an AccessControlContext without SocketPermission
- AccessControlContext acc = getAccessControlContext(
- new java.io.FilePermission("<<ALL FILES>>", "read,write,execute,delete"),
- new java.net.NetPermission("*"),
- new java.util.PropertyPermission("*", "read,write"),
- new java.lang.reflect.ReflectPermission("*"),
- new java.lang.RuntimePermission("*"),
- new java.security.SecurityPermission("*"),
- new java.io.SerializablePermission("*"));
- return new Object[]{acc, f};
- }).toArray(Object[][]::new);
- }
-
- public void connectSocketTest(int port) {
- try (ServerSocket server = new ServerSocket(port);
- Socket client = new Socket(InetAddress.getLocalHost(), port);) {
- } catch (IOException ex) {
- throw new RuntimeException(ex);
- }
- }
+ // Positive
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ DatagramPacket dp = new DatagramPacket(msg, msg.length, lh, port);
+ ds.send(dp);
+ return null;
+ }, acc);
- public void connectDatagramSocketTest(int port) {
- String msg = "Hello";
+ // Negative
try {
- InetAddress me = InetAddress.getLocalHost();
- try (DatagramSocket ds = new DatagramSocket(port, me)) {
- DatagramPacket dp = new DatagramPacket(msg.getBytes(),
- msg.length(), me, port);
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ DatagramPacket dp = new DatagramPacket(msg, msg.length, lh, port);
ds.send(dp);
+ fail("Expected SecurityException");
+ return null;
+ }, RESTRICTED_ACC);
+ } catch (SecurityException expected) { }
}
- } catch (IOException ex) {
- throw new RuntimeException(ex);
}
+
+ @Test
+ public void acceptServerSocketTest() throws Exception {
+ try (ServerSocket ss = new ServerSocket(0)) {
+ int port = ss.getLocalPort();
+
+ String addr = "localhost:" + port;
+ AccessControlContext acc = getAccessControlContext(
+ new SocketPermission(addr, "listen,connect,resolve"),
+ new SocketPermission("localhost:1024-", "accept"));
+
+ // Positive
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ InetAddress me = InetAddress.getLocalHost();
+ try (Socket client = new Socket(me, port)) {
+ ss.accept();
}
+ return null;
+ }, acc);
- public void acceptServerSocketTest(int port) {
+ // Negative
try {
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
InetAddress me = InetAddress.getLocalHost();
- try (ServerSocket server = new ServerSocket(port)) {
- Socket client = new Socket(me, port);
- server.accept();
+ try (Socket client = new Socket(me, port)) {
+ ss.accept();
}
- } catch (IOException ex) {
- throw new RuntimeException(ex);
+ fail("Expected SecurityException");
+ return null;
+ }, RESTRICTED_ACC);
+ } catch (SecurityException expected) { }
}
}
- public static void sendDatagramPacketTest(int port) {
- String msg = "Hello";
- try {
+ @Test
+ public void sendDatagramPacketTest() throws Exception {
+ byte[] msg = "Hello".getBytes(UTF_8);
InetAddress group = InetAddress.getByName("229.227.226.221");
- try (DatagramSocket s = new DatagramSocket(port)) {
- DatagramPacket hi = new DatagramPacket(msg.getBytes(),
- msg.length(), group, port);
- s.send(hi);
- }
- } catch (IOException ex) {
- throw new RuntimeException(ex);
+
+ try (DatagramSocket ds = new DatagramSocket(0)) {
+ int port = ds.getLocalPort();
+
+ String addr = "localhost:" + port;
+ //test for SocketPermission "229.227.226.221", "connect,accept"
+ AccessControlContext acc = getAccessControlContext(
+ new SocketPermission(addr, "listen,resolve"),
+ new SocketPermission("229.227.226.221", "connect,accept"));
+
+ // Positive
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ DatagramPacket hi = new DatagramPacket(msg, msg.length, group, port);
+ ds.send(hi);
+ return null;
+ }, acc);
+
+ // Negative
+ try {
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ DatagramPacket hi = new DatagramPacket(msg, msg.length, group, port);
+ ds.send(hi);
+ fail("Expected SecurityException");
+ return null;
+ }, RESTRICTED_ACC);
+ } catch (SecurityException expected) { }
}
}
- public void joinGroupMulticastTest(int port) {
- try {
+ @Test
+ public void joinGroupMulticastTest() throws Exception {
InetAddress group = InetAddress.getByName("229.227.226.221");
- try (MulticastSocket s = new MulticastSocket(port)) {
+ try (MulticastSocket s = new MulticastSocket(0)) {
+ int port = s.getLocalPort();
+
+ String addr = "localhost:" + port;
+ AccessControlContext acc = getAccessControlContext(
+ new SocketPermission(addr, "listen,resolve"),
+ new SocketPermission("229.227.226.221", "connect,accept"));
+
+ // Positive
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
s.joinGroup(group);
s.leaveGroup(group);
- }
- } catch (IOException ex) {
- throw new RuntimeException(ex);
- }
- }
+ return null;
+ }, acc);
- public void listenDatagramSocketTest(int port) {
- try (DatagramSocket ds = new DatagramSocket(port)) {
- } catch (IOException ex) {
- throw new RuntimeException(ex);
- }
+ // Negative
+ try {
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ s.joinGroup(group);
+ s.leaveGroup(group);
+ fail("Expected SecurityException");
+ return null;
+ }, RESTRICTED_ACC);
+ } catch (SecurityException expected) { }
}
- public void listenMulticastSocketTest(int port) {
- try (MulticastSocket ms = new MulticastSocket(port)) {
- } catch (IOException ex) {
- throw new RuntimeException(ex);
}
+
+ @Test
+ public void listenDatagramSocketTest() throws Exception {
+ // the hardcoded port number doesn't really matter since we expect the
+ // security permission to be checked before the underlying operation.
+ int port = 8899;
+ String addr = "localhost:" + port;
+ AccessControlContext acc = getAccessControlContext(
+ new SocketPermission(addr, "listen"));
+
+ // Positive
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ try (DatagramSocket ds = new DatagramSocket(port)) { }
+ catch (IOException intermittentlyExpected) { /* ignore */ }
+ return null;
+ }, acc);
+
+ // Negative
+ try {
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ try (DatagramSocket ds = new DatagramSocket(port)) { }
+ catch (IOException intermittentlyExpected) { /* ignore */ }
+ fail("Expected SecurityException");
+ return null;
+ }, RESTRICTED_ACC);
+ } catch (SecurityException expected) { }
}
- public void listenServerSocketTest(int port) {
- try (ServerSocket ms = new ServerSocket(port)) {
- } catch (IOException ex) {
- throw new RuntimeException(ex);
+ @Test
+ public void listenMulticastSocketTest() throws Exception {
+ // the hardcoded port number doesn't really matter since we expect the
+ // security permission to be checked before the underlying operation.
+ int port = 8899;
+ String addr = "localhost:" + port;
+ AccessControlContext acc = getAccessControlContext(
+ new SocketPermission(addr, "listen"));
+
+ // Positive
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ try (MulticastSocket ms = new MulticastSocket(port)) { }
+ catch (IOException intermittentlyExpected) { /* ignore */ }
+ return null;
+ }, acc);
+
+ // Negative
+ try {
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ try (MulticastSocket ms = new MulticastSocket(port)) { }
+ catch (IOException intermittentlyExpected) { /* ignore */ }
+ fail("Expected SecurityException");
+ return null;
+ }, RESTRICTED_ACC);
+ } catch (SecurityException expected) { }
}
+
+ @Test
+ public void listenServerSocketTest() throws Exception {
+ // the hardcoded port number doesn't really matter since we expect the
+ // security permission to be checked before the underlying operation.
+ int port = 8899;
+ String addr = "localhost:" + port;
+ AccessControlContext acc = getAccessControlContext(
+ new SocketPermission(addr, "listen"));
+
+ // Positive
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ try (ServerSocket ss = new ServerSocket(port)) { }
+ catch (IOException intermittentlyExpected) { /* ignore */ }
+ return null;
+ }, acc);
+
+ // Negative
+ try {
+ AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
+ try (ServerSocket ss = new ServerSocket(port)) { }
+ catch (IOException intermittentlyExpected) { /* ignore */ }
+ fail("Expected SecurityException");
+ return null;
+ }, RESTRICTED_ACC);
+ } catch (SecurityException expected) { }
+
}
private static AccessControlContext getAccessControlContext(Permission... ps) {
Permissions perms = new Permissions();
for (Permission p : ps) {
@@ -232,6 +324,17 @@
*/
ProtectionDomain pd = new ProtectionDomain(null, perms);
return new AccessControlContext(new ProtectionDomain[]{pd});
}
+ // Standalone entry point for running with, possibly older, JDKs.
+ public static void main(String[] args) throws Throwable {
+ SocketPermissionTest test = new SocketPermissionTest();
+ test.setupSecurityManager();
+ for (java.lang.reflect.Method m : SocketPermissionTest.class.getDeclaredMethods()) {
+ if (m.getAnnotation(Test.class) != null) {
+ System.out.println("Invoking " + m.getName());
+ m.invoke(test);
+ }
+ }
+ }
}