1 /* 2 * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 package validation; 25 26 import java.io.ByteArrayInputStream; 27 import java.io.IOException; 28 import java.io.InputStreamReader; 29 import java.security.AccessController; 30 import java.security.AllPermission; 31 import java.security.Permission; 32 import java.security.Permissions; 33 import java.security.PrivilegedAction; 34 35 import javax.xml.XMLConstants; 36 import javax.xml.transform.sax.SAXSource; 37 import javax.xml.transform.stream.StreamSource; 38 import javax.xml.validation.Schema; 39 import javax.xml.validation.SchemaFactory; 40 import javax.xml.validation.Validator; 41 42 import org.testng.Assert; 43 import org.testng.annotations.Test; 44 import org.xml.sax.InputSource; 45 import org.xml.sax.SAXException; 46 import org.xml.sax.SAXNotRecognizedException; 47 import org.xml.sax.SAXNotSupportedException; 48 49 /* 50 * @bug 6925531 51 * @summary Test Validator can validate SAXSource when SecurityManager is set or FEATURE_SECURE_PROCESSING is on. 52 */ 53 public class Bug6925531Test { 54 static final String SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage"; 55 static final String SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource"; 56 String xsd = "<?xml version='1.0'?>\n" + "<schema xmlns='http://www.w3.org/2001/XMLSchema'\n" + " xmlns:test='jaxp13_test'\n" 57 + " targetNamespace='jaxp13_test'\n" + " elementFormDefault='qualified'>\n" + " <element name='test' type='string'/>\n" 58 + "</schema>\n"; 59 60 String xml = "<?xml version='1.0'?>\n" + "<ns:test xmlns:ns='jaxp13_test'>\n" + " abc\n" + "</ns:test>\n"; 61 62 StreamSource xsdSource; 63 SAXSource xmlSource; 64 65 public void init() { 66 InputStreamReader reader = new InputStreamReader(new ByteArrayInputStream(xsd.getBytes())); 67 xsdSource = new StreamSource(reader); 68 reader = new InputStreamReader(new ByteArrayInputStream(xml.getBytes())); 69 InputSource inSource = new InputSource(reader); 70 xmlSource = new SAXSource(inSource); 71 } 72 73 /** 74 * when security manager is present, secure feature is on automatically 75 */ 76 @Test 77 public void test_SM() { 78 init(); 79 Permissions granted = new java.security.Permissions(); 80 granted.add(new AllPermission()); 81 82 System.setSecurityManager(new MySM(granted)); 83 84 SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); 85 86 Schema schema = null; 87 try { 88 schema = schemaFactory.newSchema(xsdSource); 89 } catch (SAXException e) { 90 Assert.fail(e.toString()); 91 } 92 93 Validator validator = schema.newValidator(); 94 95 try { 96 validator.validate(xmlSource, null); 97 } catch (SAXException e) { 98 Assert.fail(e.toString()); 99 } catch (IOException e) { 100 Assert.fail(e.toString()); 101 } finally { 102 System.setSecurityManager(null); 103 } 104 105 System.out.println("OK"); 106 } 107 108 /** 109 * set secure feature on SchemaFactory 110 */ 111 @Test 112 public void test_SF() { 113 init(); 114 AccessController.doPrivileged(new PrivilegedAction() { 115 public Object run() { 116 System.setSecurityManager(null); 117 return null; // nothing to return 118 } 119 }); 120 121 SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); 122 try { 123 schemaFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); 124 } catch (SAXNotRecognizedException ex) { 125 System.out.println(ex.getMessage()); 126 } catch (SAXNotSupportedException ex) { 127 System.out.println(ex.getMessage()); 128 } 129 130 Schema schema = null; 131 try { 132 schema = schemaFactory.newSchema(xsdSource); 133 } catch (SAXException e) { 134 Assert.fail(e.toString()); 135 } 136 137 Validator validator = schema.newValidator(); 138 139 try { 140 validator.validate(xmlSource, null); 141 } catch (SAXException e) { 142 Assert.fail(e.toString()); 143 } catch (IOException e) { 144 Assert.fail(e.toString()); 145 } 146 System.out.println("OK"); 147 } 148 149 /** 150 * set secure feature on the Validator 151 */ 152 @Test 153 public void test_Val() { 154 init(); 155 System.setSecurityManager(null); 156 SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); 157 158 Schema schema = null; 159 try { 160 schema = schemaFactory.newSchema(xsdSource); 161 } catch (SAXException e) { 162 Assert.fail(e.toString()); 163 } 164 165 Validator validator = schema.newValidator(); 166 try { 167 validator.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); 168 } catch (SAXNotRecognizedException ex) { 169 System.out.println(ex.getMessage()); 170 } catch (SAXNotSupportedException ex) { 171 System.out.println(ex.getMessage()); 172 } 173 174 try { 175 validator.validate(xmlSource, null); 176 } catch (SAXException e) { 177 Assert.fail(e.toString()); 178 } catch (IOException e) { 179 Assert.fail(e.toString()); 180 } 181 System.out.println("OK"); 182 } 183 184 class MySM extends SecurityManager { 185 Permissions granted; 186 187 public MySM(Permissions perms) { 188 granted = perms; 189 } 190 191 /** 192 * The central point in checking permissions. Overridden from 193 * java.lang.SecurityManager 194 * 195 * @param perm The permission requested. 196 */ 197 @Override 198 public void checkPermission(Permission perm) { 199 if (granted.implies(perm)) { 200 return; 201 } 202 super.checkPermission(perm); 203 } 204 205 } 206 }