1 /*
2 * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 package validation;
25
26 import java.io.ByteArrayInputStream;
27 import java.io.IOException;
28 import java.io.InputStreamReader;
29 import java.security.AccessController;
30 import java.security.AllPermission;
31 import java.security.Permission;
32 import java.security.Permissions;
33 import java.security.PrivilegedAction;
34
35 import javax.xml.XMLConstants;
36 import javax.xml.transform.sax.SAXSource;
37 import javax.xml.transform.stream.StreamSource;
38 import javax.xml.validation.Schema;
39 import javax.xml.validation.SchemaFactory;
40 import javax.xml.validation.Validator;
41
42 import org.testng.Assert;
43 import org.testng.annotations.Listeners;
44 import org.testng.annotations.Test;
45 import org.xml.sax.InputSource;
46 import org.xml.sax.SAXException;
47 import org.xml.sax.SAXNotRecognizedException;
48 import org.xml.sax.SAXNotSupportedException;
49
50 /*
51 * @test
52 * @bug 6925531
53 * @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest
54 * @run testng/othervm -DrunSecMngr=true validation.Bug6925531Test
55 * @run testng/othervm validation.Bug6925531Test
56 * @summary Test Validator can validate SAXSource when SecurityManager is set or FEATURE_SECURE_PROCESSING is on.
57 */
58 @Listeners({jaxp.library.BasePolicy.class})
59 public class Bug6925531Test {
60 static final String SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
61 static final String SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource";
62 String xsd = "<?xml version='1.0'?>\n" + "<schema xmlns='http://www.w3.org/2001/XMLSchema'\n" + " xmlns:test='jaxp13_test'\n"
63 + " targetNamespace='jaxp13_test'\n" + " elementFormDefault='qualified'>\n" + " <element name='test' type='string'/>\n"
64 + "</schema>\n";
65
66 String xml = "<?xml version='1.0'?>\n" + "<ns:test xmlns:ns='jaxp13_test'>\n" + " abc\n" + "</ns:test>\n";
67
68 StreamSource xsdSource;
69 SAXSource xmlSource;
70
71 public void init() {
72 InputStreamReader reader = new InputStreamReader(new ByteArrayInputStream(xsd.getBytes()));
73 xsdSource = new StreamSource(reader);
74 reader = new InputStreamReader(new ByteArrayInputStream(xml.getBytes()));
75 InputSource inSource = new InputSource(reader);
76 xmlSource = new SAXSource(inSource);
77 }
78
79 /**
80 * when security manager is present, secure feature is on automatically
81 */
82 @Test
83 public void test_SM() {
84 init();
85 Permissions granted = new java.security.Permissions();
86 granted.add(new AllPermission());
87
88 System.setSecurityManager(new MySM(granted));
89
90 SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
91
92 Schema schema = null;
93 try {
94 schema = schemaFactory.newSchema(xsdSource);
95 } catch (SAXException e) {
96 Assert.fail(e.toString());
97 }
98
99 Validator validator = schema.newValidator();
100
101 try {
102 validator.validate(xmlSource, null);
103 } catch (SAXException e) {
104 Assert.fail(e.toString());
105 } catch (IOException e) {
106 Assert.fail(e.toString());
107 } finally {
108 System.setSecurityManager(null);
109 }
110
111 System.out.println("OK");
112 }
113
114 /**
115 * set secure feature on SchemaFactory
116 */
117 @Test
118 public void test_SF() {
119 init();
120 AccessController.doPrivileged(new PrivilegedAction() {
121 public Object run() {
122 System.setSecurityManager(null);
123 return null; // nothing to return
124 }
125 });
126
127 SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
128 try {
129 schemaFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
130 } catch (SAXNotRecognizedException ex) {
131 System.out.println(ex.getMessage());
132 } catch (SAXNotSupportedException ex) {
133 System.out.println(ex.getMessage());
134 }
135
136 Schema schema = null;
137 try {
138 schema = schemaFactory.newSchema(xsdSource);
139 } catch (SAXException e) {
140 Assert.fail(e.toString());
141 }
142
143 Validator validator = schema.newValidator();
144
145 try {
146 validator.validate(xmlSource, null);
147 } catch (SAXException e) {
148 Assert.fail(e.toString());
149 } catch (IOException e) {
150 Assert.fail(e.toString());
151 }
152 System.out.println("OK");
153 }
154
155 /**
156 * set secure feature on the Validator
157 */
158 @Test
159 public void test_Val() {
160 init();
161 System.setSecurityManager(null);
162 SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
163
164 Schema schema = null;
165 try {
166 schema = schemaFactory.newSchema(xsdSource);
167 } catch (SAXException e) {
168 Assert.fail(e.toString());
169 }
170
171 Validator validator = schema.newValidator();
172 try {
173 validator.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
174 } catch (SAXNotRecognizedException ex) {
175 System.out.println(ex.getMessage());
176 } catch (SAXNotSupportedException ex) {
177 System.out.println(ex.getMessage());
178 }
179
180 try {
181 validator.validate(xmlSource, null);
182 } catch (SAXException e) {
183 Assert.fail(e.toString());
184 } catch (IOException e) {
185 Assert.fail(e.toString());
186 }
187 System.out.println("OK");
188 }
189
190 class MySM extends SecurityManager {
191 Permissions granted;
192
193 public MySM(Permissions perms) {
194 granted = perms;
195 }
196
197 /**
198 * The central point in checking permissions. Overridden from
199 * java.lang.SecurityManager
200 *
201 * @param perm The permission requested.
202 */
203 @Override
204 public void checkPermission(Permission perm) {
205 if (granted.implies(perm)) {
206 return;
207 }
208 super.checkPermission(perm);
209 }
210
211 }
212 }
213