1 /*
   2  * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  */
  23 
  24 package common;
  25 
  26 import static jaxp.library.JAXPTestUtilities.clearSystemProperty;
  27 import static jaxp.library.JAXPTestUtilities.setSystemProperty;
  28 
  29 import javax.xml.XMLConstants;
  30 import javax.xml.transform.TransformerFactory;
  31 import javax.xml.validation.SchemaFactory;
  32 import javax.xml.xpath.XPathFactory;
  33 
  34 import org.testng.Assert;
  35 import org.testng.annotations.Listeners;
  36 import org.testng.annotations.Test;
  37 
  38 /*
  39  * @test
  40  * @bug 7143711
  41  * @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest
  42  * @run testng/othervm -DrunSecMngr=true common.Bug7143711Test
  43  * @summary Test set use-service-mechanism shall not override what's set by the constructor in secure mode.
  44  */
  45 @Listeners({ jaxp.library.BasePolicy.class })
  46 @Test(singleThreaded = true)
  47 public class Bug7143711Test {
  48     static final String SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
  49     static final String SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource";
  50 
  51     private static final String DOM_FACTORY_ID = "javax.xml.parsers.DocumentBuilderFactory";
  52     private static final String SAX_FACTORY_ID = "javax.xml.parsers.SAXParserFactory";
  53 
  54     // impl specific feature
  55     final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism";
  56 
  57     @Test
  58     public void testValidation_SAX_withSM() {
  59         System.out.println("Validation using SAX Source with security manager:");
  60         setSystemProperty(SAX_FACTORY_ID, "MySAXFactoryImpl");
  61 
  62         try {
  63             SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
  64             // should not allow
  65             factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true);
  66             if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) {
  67                 Assert.fail("should not override in secure mode");
  68             }
  69         } catch (Exception e) {
  70             Assert.fail(e.getMessage());
  71 
  72         } finally {
  73             clearSystemProperty(SAX_FACTORY_ID);
  74         }
  75     }
  76 
  77     @Test(enabled=false) //skipped due to bug JDK-8080097
  78     public void testTransform_DOM_withSM() {
  79         System.out.println("Transform using DOM Source;  Security Manager is set:");
  80         setSystemProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl");
  81 
  82         try {
  83             TransformerFactory factory = TransformerFactory.newInstance("com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl",
  84                     TransformerFactory.class.getClassLoader());
  85             factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true);
  86             if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) {
  87                 Assert.fail("should not override in secure mode");
  88             }
  89 
  90         } catch (Exception e) {
  91             Assert.fail(e.getMessage());
  92         } finally {
  93             clearSystemProperty(DOM_FACTORY_ID);
  94         }
  95     }
  96 
  97     @Test
  98     public void testXPath_DOM_withSM() {
  99         System.out.println("Evaluate DOM Source;  Security Manager is set:");
 100         setSystemProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl");
 101 
 102         try {
 103             XPathFactory xPathFactory = XPathFactory.newInstance("http://java.sun.com/jaxp/xpath/dom",
 104                     "com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl", null);
 105             xPathFactory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true);
 106             if ((boolean) xPathFactory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) {
 107                 Assert.fail("should not override in secure mode");
 108             }
 109 
 110         } catch (Exception e) {
 111             Assert.fail(e.getMessage());
 112         } finally {
 113             clearSystemProperty(DOM_FACTORY_ID);
 114         }
 115     }
 116 }
 117