1 /* 2 * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 package validation; 25 26 import java.io.ByteArrayInputStream; 27 import java.io.IOException; 28 import java.io.InputStreamReader; 29 import java.security.AccessController; 30 import java.security.AllPermission; 31 import java.security.Permission; 32 import java.security.Permissions; 33 import java.security.PrivilegedAction; 34 35 import javax.xml.XMLConstants; 36 import javax.xml.transform.sax.SAXSource; 37 import javax.xml.transform.stream.StreamSource; 38 import javax.xml.validation.Schema; 39 import javax.xml.validation.SchemaFactory; 40 import javax.xml.validation.Validator; 41 42 import org.testng.Assert; 43 import org.testng.annotations.Listeners; 44 import org.testng.annotations.Test; 45 import org.xml.sax.InputSource; 46 import org.xml.sax.SAXException; 47 import org.xml.sax.SAXNotRecognizedException; 48 import org.xml.sax.SAXNotSupportedException; 49 50 /* 51 * @test 52 * @bug 6925531 53 * @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest 54 * @run testng/othervm -DrunSecMngr=true validation.Bug6925531Test 55 * @run testng/othervm validation.Bug6925531Test 56 * @summary Test Validator can validate SAXSource when SecurityManager is set or FEATURE_SECURE_PROCESSING is on. 57 */ 58 @Listeners({jaxp.library.BasePolicy.class}) 59 public class Bug6925531Test { 60 static final String SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage"; 61 static final String SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource"; 62 String xsd = "<?xml version='1.0'?>\n" + "<schema xmlns='http://www.w3.org/2001/XMLSchema'\n" + " xmlns:test='jaxp13_test'\n" 63 + " targetNamespace='jaxp13_test'\n" + " elementFormDefault='qualified'>\n" + " <element name='test' type='string'/>\n" 64 + "</schema>\n"; 65 66 String xml = "<?xml version='1.0'?>\n" + "<ns:test xmlns:ns='jaxp13_test'>\n" + " abc\n" + "</ns:test>\n"; 67 68 StreamSource xsdSource; 69 SAXSource xmlSource; 70 71 public void init() { 72 InputStreamReader reader = new InputStreamReader(new ByteArrayInputStream(xsd.getBytes())); 73 xsdSource = new StreamSource(reader); 74 reader = new InputStreamReader(new ByteArrayInputStream(xml.getBytes())); 75 InputSource inSource = new InputSource(reader); 76 xmlSource = new SAXSource(inSource); 77 } 78 79 /** 80 * when security manager is present, secure feature is on automatically 81 */ 82 @Test 83 public void test_SM() { 84 init(); 85 Permissions granted = new java.security.Permissions(); 86 granted.add(new AllPermission()); 87 88 System.setSecurityManager(new MySM(granted)); 89 90 SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); 91 92 Schema schema = null; 93 try { 94 schema = schemaFactory.newSchema(xsdSource); 95 } catch (SAXException e) { 96 Assert.fail(e.toString()); 97 } 98 99 Validator validator = schema.newValidator(); 100 101 try { 102 validator.validate(xmlSource, null); 103 } catch (SAXException e) { 104 Assert.fail(e.toString()); 105 } catch (IOException e) { 106 Assert.fail(e.toString()); 107 } finally { 108 System.setSecurityManager(null); 109 } 110 111 System.out.println("OK"); 112 } 113 114 /** 115 * set secure feature on SchemaFactory 116 */ 117 @Test 118 public void test_SF() { 119 init(); 120 AccessController.doPrivileged(new PrivilegedAction() { 121 public Object run() { 122 System.setSecurityManager(null); 123 return null; // nothing to return 124 } 125 }); 126 127 SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); 128 try { 129 schemaFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); 130 } catch (SAXNotRecognizedException ex) { 131 System.out.println(ex.getMessage()); 132 } catch (SAXNotSupportedException ex) { 133 System.out.println(ex.getMessage()); 134 } 135 136 Schema schema = null; 137 try { 138 schema = schemaFactory.newSchema(xsdSource); 139 } catch (SAXException e) { 140 Assert.fail(e.toString()); 141 } 142 143 Validator validator = schema.newValidator(); 144 145 try { 146 validator.validate(xmlSource, null); 147 } catch (SAXException e) { 148 Assert.fail(e.toString()); 149 } catch (IOException e) { 150 Assert.fail(e.toString()); 151 } 152 System.out.println("OK"); 153 } 154 155 /** 156 * set secure feature on the Validator 157 */ 158 @Test 159 public void test_Val() { 160 init(); 161 System.setSecurityManager(null); 162 SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema"); 163 164 Schema schema = null; 165 try { 166 schema = schemaFactory.newSchema(xsdSource); 167 } catch (SAXException e) { 168 Assert.fail(e.toString()); 169 } 170 171 Validator validator = schema.newValidator(); 172 try { 173 validator.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); 174 } catch (SAXNotRecognizedException ex) { 175 System.out.println(ex.getMessage()); 176 } catch (SAXNotSupportedException ex) { 177 System.out.println(ex.getMessage()); 178 } 179 180 try { 181 validator.validate(xmlSource, null); 182 } catch (SAXException e) { 183 Assert.fail(e.toString()); 184 } catch (IOException e) { 185 Assert.fail(e.toString()); 186 } 187 System.out.println("OK"); 188 } 189 190 class MySM extends SecurityManager { 191 Permissions granted; 192 193 public MySM(Permissions perms) { 194 granted = perms; 195 } 196 197 /** 198 * The central point in checking permissions. Overridden from 199 * java.lang.SecurityManager 200 * 201 * @param perm The permission requested. 202 */ 203 @Override 204 public void checkPermission(Permission perm) { 205 if (granted.implies(perm)) { 206 return; 207 } 208 super.checkPermission(perm); 209 } 210 211 } 212 } 213