1 /*
2 * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 package common;
25
26 import java.security.AllPermission;
27 import java.security.Permission;
28 import java.security.Permissions;
29
30 import javax.xml.XMLConstants;
31 import javax.xml.transform.TransformerFactory;
32 import javax.xml.validation.SchemaFactory;
33 import javax.xml.xpath.XPathFactory;
34
35 import jaxp.library.JAXPTestUtilities;
36
37 import org.testng.Assert;
38 import org.testng.annotations.Listeners;
39 import org.testng.annotations.Test;
40
41 /*
42 * @bug 7143711
43 * @summary Test set use-service-mechanism shall not override what's set by the constructor in secure mode.
44 */
45 @Listeners({jaxp.library.BasePolicy.class})
46 public class Bug7143711Test {
47 static final String SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
48 static final String SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource";
49
50 private static final String DOM_FACTORY_ID = "javax.xml.parsers.DocumentBuilderFactory";
51 private static final String SAX_FACTORY_ID = "javax.xml.parsers.SAXParserFactory";
52
53 // impl specific feature
54 final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism";
55
56 @Test
57 public void testValidation_SAX_withSM() {
58 System.out.println("Validation using SAX Source with security manager:");
59 System.setProperty(SAX_FACTORY_ID, "MySAXFactoryImpl");
60 Permissions granted = new java.security.Permissions();
61 granted.add(new AllPermission());
62 System.setSecurityManager(new MySM(granted));
63
64 try {
65 SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
66 // should not allow
67 factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true);
68 if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) {
69 Assert.fail("should not override in secure mode");
70 }
71 } catch (Exception e) {
72 Assert.fail(e.getMessage());
73
74 } finally {
75 System.clearProperty(SAX_FACTORY_ID);
76 System.setSecurityManager(null);
77 }
78
79 System.setSecurityManager(null);
80
81 }
82
83 @Test(enabled=false) //skipped due to bug JDK-8080097
84 public void testTransform_DOM_withSM() {
85 System.out.println("Transform using DOM Source; Security Manager is set:");
86
87 Permissions granted = new java.security.Permissions();
88 granted.add(new AllPermission());
89 System.setSecurityManager(new MySM(granted));
90 System.setProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl");
91
92 try {
93 TransformerFactory factory = TransformerFactory.newInstance("com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl",
94 TransformerFactory.class.getClassLoader());
95 factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true);
96 if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) {
97 Assert.fail("should not override in secure mode");
98 }
99
100 } catch (Exception e) {
101 Assert.fail(e.getMessage());
102 } finally {
103 System.clearProperty(DOM_FACTORY_ID);
104 System.setSecurityManager(null);
105 }
106
107 System.clearProperty(DOM_FACTORY_ID);
108 }
109
110 @Test
111 public void testXPath_DOM_withSM() {
112 System.out.println("Evaluate DOM Source; Security Manager is set:");
113 Permissions granted = new java.security.Permissions();
114 granted.add(new AllPermission());
115 System.setSecurityManager(new MySM(granted));
116 System.setProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl");
117
118 try {
119 XPathFactory xPathFactory = XPathFactory.newInstance("http://java.sun.com/jaxp/xpath/dom",
120 "com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl", null);
121 xPathFactory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true);
122 if ((boolean) xPathFactory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) {
123 Assert.fail("should not override in secure mode");
124 }
125
126 } catch (Exception e) {
127 Assert.fail(e.getMessage());
128 } finally {
129 System.clearProperty(DOM_FACTORY_ID);
130 System.setSecurityManager(null);
131 }
132
133 System.clearProperty(DOM_FACTORY_ID);
134 }
135
136 @Test
137 public void testSM() {
138 SecurityManager sm = System.getSecurityManager();
139 if (System.getSecurityManager() != null) {
140 System.out.println("Security manager not cleared: " + sm.toString());
141 } else {
142 System.out.println("Security manager cleared: ");
143 }
144 }
145
146 class MySM extends SecurityManager {
147 Permissions granted;
148
149 public MySM(Permissions perms) {
150 granted = perms;
151 }
152
153 @Override
154 public void checkPermission(Permission perm) {
155 if (granted.implies(perm)) {
156 return;
157 }
158 super.checkPermission(perm);
159 }
160
161 }
162
163 }