1 /*
2 * Copyright (c) 2012, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 6741606 7146431 8000450 8019830 8022945 8027144 8041633 8078427 8055206
27 * @summary Check that various restricted packages that are supposed to be
28 * restricted by default or are listed in the package.access
29 * property in the java.security file are blocked
30 * @modules java.xml.ws java.corba
31 * @run main/othervm CheckPackageAccess
32 */
33
34 import java.lang.module.ModuleFinder;
35 import java.lang.module.ModuleReference;
36 import java.lang.reflect.Layer;
37 import java.util.Arrays;
38 import java.util.List;
39 import java.util.Optional;
40
41 public class CheckPackageAccess {
42
43 private static final SecurityManager sm = new SecurityManager();
44 private static final ModuleFinder mf = ModuleFinder.ofSystem();
45 private static final String MODULE_TEXT = "Testing module: %1$s. Module is%2$s present.";
46
47 /*
48 * The expected list of restricted packages of the package.access property.
49 *
50 * This array should be updated whenever new packages are added to the
51 * package.access property in the java.security file
52 * NOTE: it should be in the same order as the java.security file
53 */
54 private static final String[] EXPECTED = {
55 "sun.misc.",
56 "sun.reflect.",
57 };
58
59 /**
60 * Tests access to various packages of a module.
61 */
62 private static class Test {
63 String moduleName; // name of module
64 ModuleReference moduleRef; // module reference
65 String exports; // exported pkg
66 Optional<String> opens; // opened pkg
67 String conceals; // concealed pkg
68 Optional<String> qualExports; // qualified export pkg
69 Optional<String> qualOpens; // qualified open pkg
70 // qual open and non-qualified export pkg
71 Optional<String> qualOpensAndExports;
72 Test(String module, String exports, String opens, String conceals,
73 String qualExports, String qualOpens, String qualOpensAndExports) {
74 this.moduleName = module;
75 this.moduleRef = mf.find(moduleName).get();
76 this.exports = exports;
77 this.opens = Optional.ofNullable(opens);
78 this.conceals = conceals;
79 this.qualExports = Optional.ofNullable(qualExports);
80 this.qualOpens = Optional.ofNullable(qualOpens);
81 this.qualOpensAndExports = Optional.ofNullable(qualOpensAndExports);
82 }
83
84 void test() {
85 final boolean isModulePresent = Layer.boot().findModule(moduleName).isPresent();
86 System.out.println(String.format(MODULE_TEXT, moduleName, isModulePresent ? "" : " NOT"));
87
88 if (isModulePresent) {
89
90 // access to exported pkg should pass
91 testNonRestricted(exports);
92
93 // access to opened pkg should pass
94 opens.ifPresent(Test::testNonRestricted);
95
96 // access to concealed pkg should fail
97 testRestricted(conceals);
98
99 // access to qualified export pkg should fail
100 qualExports.ifPresent(Test::testRestricted);
101
102 // access to qualified open pkg should fail
103 qualOpens.ifPresent(Test::testRestricted);
104
105 // access to qualified opened pkg that is also exported should pass
106 qualOpensAndExports.ifPresent(Test::testNonRestricted);
107 } else {
108 System.out.println("Skipping tests for module.");
109 }
110 }
111
112 private static void testRestricted(String pkg) {
113 try {
114 sm.checkPackageAccess(pkg);
115 throw new RuntimeException("Able to access restricted package: "
116 + pkg);
117 } catch (SecurityException se) {}
118 try {
119 sm.checkPackageDefinition(pkg);
120 throw new RuntimeException("Able to access restricted package: "
121 + pkg);
122 } catch (SecurityException se) {}
123 }
124
125 private static void testNonRestricted(String pkg) {
126 try {
127 sm.checkPackageAccess(pkg);
128 } catch (SecurityException se) {
129 throw new RuntimeException("Unable to access exported package: "
130 + pkg, se);
131 }
132 try {
133 sm.checkPackageDefinition(pkg);
134 } catch (SecurityException se) {
135 throw new RuntimeException("Unable to access exported package: "
136 + pkg, se);
137 }
138 }
139 }
140
141 private static final Test[] tests = new Test[] {
142 // java.base module loaded by boot loader
143 new Test("java.base", "java.security", null, "jdk.internal.jrtfs",
144 "jdk.internal.loader", null, null),
145 // java.desktop module loaded by boot loader and has an openQual pkg
146 // that is exported
147 new Test("java.desktop", "java.applet", null, "sun.applet",
148 "sun.awt", null, "javax.swing.plaf.basic"),
149 // java.security.jgss module loaded by platform loader
150 new Test("java.security.jgss", "org.ietf.jgss", null,
151 "sun.security.krb5.internal.crypto", "sun.security.krb5",
152 null, null),
153 // java.xml.ws module loaded by platform loader but needs to be added
154 // and has an openQual pkg that is exported
155 new Test("java.xml.ws", "javax.xml.soap", null,
156 "com.sun.xml.internal.stream.buffer",
157 "com.sun.xml.internal.ws.api", null,
158 "javax.xml.ws.wsaddressing"),
159 // java.xml.ws module loaded by platform loader but needs to be added
160 // and has an openQual pkg
161 new Test("java.corba", "javax.rmi", null, "sun.corba",
162 "com.sun.corba.se.impl.util", "com.sun.jndi.cosnaming", null),
163 };
164
165 public static void main(String[] args) throws Exception {
166
167 // check expected list of restricted packages in java.security file
168 checkPackages(Arrays.asList(EXPECTED));
169
170 // check access to each module's packages
171 for (Test test : tests) {
172 test.test();
173 }
174
175 System.out.println("Test passed");
176 }
177
178 private static void checkPackages(List<String> pkgs) {
179 for (String pkg : pkgs) {
180 try {
181 sm.checkPackageAccess(pkg);
182 throw new RuntimeException("Able to access " + pkg +
183 " package");
184 } catch (SecurityException se) { }
185 try {
186 sm.checkPackageDefinition(pkg);
187 throw new RuntimeException("Able to define class in " + pkg +
188 " package");
189 } catch (SecurityException se) { }
190 String subpkg = pkg + "foo";
191 try {
192 sm.checkPackageAccess(subpkg);
193 throw new RuntimeException("Able to access " + subpkg +
194 " package");
195 } catch (SecurityException se) { }
196 try {
197 sm.checkPackageDefinition(subpkg);
198 throw new RuntimeException("Able to define class in " +
199 subpkg + " package");
200 } catch (SecurityException se) { }
201 }
202 }
203 }