| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| /** |
| * @author Alexey V. Varlamov |
| * @version $Revision$ |
| */ |
| |
| package org.apache.harmony.security.tests.java.security; |
| |
| import dalvik.annotation.TestLevel; |
| import dalvik.annotation.TestTargetClass; |
| import dalvik.annotation.TestTargetNew; |
| import dalvik.annotation.TestTargets; |
| |
| import junit.framework.TestCase; |
| |
| import org.apache.harmony.security.tests.support.SecurityChecker; |
| import org.apache.harmony.security.tests.support.TestUtils; |
| import tests.util.TestEnvironment; |
| |
| import java.io.File; |
| import java.io.FilePermission; |
| import java.net.MalformedURLException; |
| import java.net.URL; |
| import java.security.CodeSource; |
| import java.security.Permission; |
| import java.security.PermissionCollection; |
| import java.security.Permissions; |
| import java.security.Policy; |
| import java.security.ProtectionDomain; |
| import java.security.Security; |
| import java.security.SecurityPermission; |
| import java.security.cert.Certificate; |
| import java.util.Collection; |
| import java.util.Enumeration; |
| import java.util.HashSet; |
| @TestTargetClass(Policy.class) |
| /** |
| * Tests for <code>Policy</code> |
| */ |
| public class PolicyTest extends TestCase { |
| |
| public static final String JAVA_SECURITY_POLICY = "java.security.policy"; |
| |
| public static void main(String[] args) { |
| junit.textui.TestRunner.run(PolicyTest.class); |
| } |
| |
| @Override protected void tearDown() throws Exception { |
| TestEnvironment.reset(); |
| super.tearDown(); |
| } |
| |
| /** |
| * @tests constructor Policy() |
| */ |
| @SuppressWarnings("cast") |
| @TestTargets({ |
| @TestTargetNew( |
| level = TestLevel.COMPLETE, |
| notes = "", |
| method = "Policy", |
| args = {} |
| ), |
| @TestTargetNew( |
| level = TestLevel.COMPLETE, |
| notes = "", |
| method = "getPermissions", |
| args = {java.security.CodeSource.class} |
| ), |
| @TestTargetNew( |
| level = TestLevel.COMPLETE, |
| notes = "", |
| method = "refresh", |
| args = {} |
| ) |
| }) |
| public void test_constructor() { |
| TestProvider tp; |
| CodeSource cs = new CodeSource(null, (Certificate[]) null); |
| try { |
| tp = new TestProvider(); |
| assertTrue(tp instanceof Policy); |
| } catch (Exception e) { |
| fail("Unexpected exception " + e.getMessage()); |
| } |
| |
| try { |
| tp = new TestProvider(); |
| |
| tp.getPermissions(cs); |
| tp.refresh(); |
| } catch (Exception e) { |
| fail("Unexpected exception was thrown for abstract methods"); |
| } |
| } |
| |
| /** |
| * @tests java.security.Policy#setPolicy(java.security.Policy) |
| */ |
| @TestTargets({ |
| @TestTargetNew( |
| level = TestLevel.PARTIAL_COMPLETE, |
| notes = "", |
| method = "setPolicy", |
| args = {java.security.Policy.class} |
| ), |
| @TestTargetNew( |
| level = TestLevel.PARTIAL_COMPLETE, |
| notes = "", |
| method = "getPolicy", |
| args = {} |
| ) |
| }) |
| public void test_setPolicyLjava_security_Policy() { |
| SecurityManager old = System.getSecurityManager(); |
| Policy oldPolicy = Policy.getPolicy(); |
| try { |
| SecurityChecker checker = new SecurityChecker( |
| new SecurityPermission("setPolicy"), true); |
| System.setSecurityManager(checker); |
| Policy custom = new TestProvider(); |
| Policy.setPolicy(custom); |
| assertTrue(checker.checkAsserted); |
| assertSame(custom, Policy.getPolicy()); |
| |
| checker.reset(); |
| checker.enableAccess = false; |
| try { |
| Policy.setPolicy(new TestProvider()); |
| fail("SecurityException is intercepted"); |
| } catch (SecurityException ok) { |
| } |
| } finally { |
| System.setSecurityManager(old); |
| Policy.setPolicy(oldPolicy); |
| } |
| } |
| |
| /** |
| * @tests java.security.Policy#getPolicy() |
| */ |
| @TestTargets({ |
| @TestTargetNew( |
| level = TestLevel.PARTIAL_COMPLETE, |
| notes = "", |
| method = "getPolicy", |
| args = {} |
| ), |
| @TestTargetNew( |
| level = TestLevel.PARTIAL_COMPLETE, |
| notes = "", |
| method = "setPolicy", |
| args = {java.security.Policy.class} |
| ) |
| }) |
| public void test_getPolicy() { |
| SecurityManager old = System.getSecurityManager(); |
| Policy oldPolicy = Policy.getPolicy(); |
| try { |
| Policy.setPolicy(new TestProvider()); |
| SecurityChecker checker = new SecurityChecker( |
| new SecurityPermission("getPolicy"), true); |
| System.setSecurityManager(checker); |
| Policy.getPolicy(); |
| assertTrue(checker.checkAsserted); |
| |
| checker.reset(); |
| checker.enableAccess = false; |
| try { |
| Policy.getPolicy(); |
| fail("SecurityException is intercepted"); |
| } catch (SecurityException ok) { |
| } |
| } finally { |
| System.setSecurityManager(old); |
| Policy.setPolicy(oldPolicy); |
| } |
| } |
| |
| public static class TestProvider extends Policy { |
| |
| PermissionCollection pc; |
| |
| public PermissionCollection getPermissions(CodeSource cs) { |
| return pc; |
| } |
| |
| public void refresh() { |
| } |
| } |
| |
| /** |
| * Tests that getPermissions() does proper permission evaluation. |
| */ |
| @TestTargetNew( |
| level = TestLevel.COMPLETE, |
| notes = "", |
| method = "getPermissions", |
| args = {java.security.ProtectionDomain.class} |
| ) |
| public void testGetPermissions() { |
| SecurityPermission sp = new SecurityPermission("abc"); |
| SecurityPermission sp2 = new SecurityPermission("fbdf"); |
| PermissionCollection spc = sp.newPermissionCollection(); |
| spc.add(sp2); |
| ProtectionDomain pd = new ProtectionDomain(null, null); |
| ProtectionDomain pd2 = new ProtectionDomain(null, spc); |
| TestProvider policy = new TestProvider(); |
| policy.pc = sp.newPermissionCollection(); |
| |
| // case1: empty policy, no static permissions in PD |
| PermissionCollection pc4pd = policy.getPermissions(pd); |
| assertNotNull(pc4pd); |
| Enumeration<Permission> en = pc4pd.elements(); |
| assertFalse(en.hasMoreElements()); |
| |
| // case2: empty policy, some static permissions in PD |
| pc4pd = policy.getPermissions(pd2); |
| assertNotNull(pc4pd); |
| // no check for static permissions |
| |
| // case3: non-empty policy, no static permissions in PD |
| policy.pc.add(sp); |
| pc4pd = policy.getPermissions(pd); |
| assertNotNull(pc4pd); |
| Collection<Permission> c = new HashSet<Permission>(); |
| for (en = pc4pd.elements(); en.hasMoreElements(); c.add(en |
| .nextElement())) { |
| } |
| |
| assertTrue(c.contains(sp)); |
| |
| // case4: non-empty policy, some static permissions in PD |
| pc4pd = policy.getPermissions(pd2); |
| assertNotNull(pc4pd); |
| c = new HashSet<Permission>(); |
| for (en = pc4pd.elements(); en.hasMoreElements(); c.add(en |
| .nextElement())) { |
| } |
| |
| assertTrue(c.contains(sp)); |
| // no check for static permissions |
| } |
| |
| /** |
| * @tests java.security.Policy#getPolicy() |
| * @tests java.security.Policy#setPolicy() |
| */ |
| @TestTargets({ |
| @TestTargetNew( |
| level = TestLevel.PARTIAL_COMPLETE, |
| notes = "", |
| method = "setPolicy", |
| args = {java.security.Policy.class} |
| ), |
| @TestTargetNew( |
| level = TestLevel.PARTIAL_COMPLETE, |
| notes = "", |
| method = "getPolicy", |
| args = {} |
| ) |
| }) |
| public void testResetingPolicyToDefault() { |
| |
| Policy oldPolicy = Policy.getPolicy(); |
| assertNotNull("Got a null system security policy", oldPolicy); |
| |
| try { |
| |
| Policy.setPolicy(null); // passing null resets policy |
| Policy newPolicy = Policy.getPolicy(); |
| |
| assertNotNull(newPolicy); |
| assertNotSame(oldPolicy, newPolicy); |
| |
| assertEquals("Policy class name", Security |
| .getProperty("policy.provider"), newPolicy.getClass() |
| .getName()); |
| } finally { |
| Policy.setPolicy(oldPolicy); |
| } |
| } |
| |
| /** |
| * @tests java.security.Policy#implies(ProtectionDomain, Permission) |
| */ |
| @TestTargetNew( |
| level = TestLevel.COMPLETE, |
| notes = "", |
| method = "implies", |
| args = {java.security.ProtectionDomain.class, java.security.Permission.class} |
| ) |
| public void test_implies() { |
| Policy policy = Policy.getPolicy(); |
| char s = File.separatorChar; |
| |
| URL url = null; |
| try { |
| url = new URL("http://localhost"); |
| } catch (MalformedURLException ex) { |
| throw new Error(ex); |
| } |
| CodeSource cs = new CodeSource(url, |
| (java.security.cert.Certificate[]) null); |
| |
| FilePermission perm[] = new FilePermission[7]; |
| perm[0] = new FilePermission("test1.file", "write"); |
| perm[1] = new FilePermission("test1.file", |
| "read, write, execute,delete"); |
| perm[2] = new FilePermission(s + "tmp" + s + "test" + s + "*", |
| "read,write"); |
| perm[3] = new FilePermission(s + "tmp" + s + "test" + s |
| + "collection.file", "read"); |
| perm[4] = new FilePermission(s + "windows" + "*", "delete"); |
| perm[5] = new FilePermission("aFile.file", "read"); |
| perm[6] = new FilePermission("hello.file", "write"); |
| Permissions perms = new Permissions(); |
| for (int i = 0; i < perm.length; i++) { |
| perms.add(perm[i]); |
| } |
| ProtectionDomain pd = new ProtectionDomain(cs, perms); |
| |
| assertTrue(policy.implies(pd, perm[0])); |
| assertTrue(policy.implies(pd, perm[1])); |
| assertTrue(policy.implies(pd, perm[2])); |
| assertTrue(policy.implies(pd, perm[3])); |
| assertTrue(policy.implies(pd, perm[4])); |
| assertTrue(policy.implies(pd, perm[5])); |
| assertTrue(policy.implies(pd, perm[6])); |
| assertTrue(policy.implies(pd, |
| new FilePermission("test1.file", "delete"))); |
| assertTrue(policy.implies(pd, |
| new FilePermission(s + "tmp" + s + "test" + s + "test1.file", "read"))); |
| |
| assertFalse(policy.implies(pd, new FilePermission("aFile.file", |
| "delete"))); |
| assertFalse(policy.implies(pd, new FilePermission("hello.file", |
| "delete"))); |
| assertFalse(policy.implies(pd, new FilePermission(s + "tmp" + s |
| + "test" + s + "collection.file", "delete"))); |
| assertFalse(policy.implies(pd, new FilePermission(s + "tmp" + s |
| + "test" + s + "*", "delete"))); |
| assertFalse(policy.implies(pd, new FilePermission("hello.file", |
| "execute"))); |
| |
| try { |
| assertFalse(policy.implies(pd, null)); |
| } catch (NullPointerException e) { |
| // expected |
| } |
| |
| try { |
| assertFalse(policy.implies(null, new FilePermission("test1.file", "delete"))); |
| } catch (NullPointerException e) { |
| fail("Unexpected NullPointerException"); |
| } |
| |
| try { |
| assertFalse(policy.implies(null, null)); |
| } catch (NullPointerException e) { |
| // ok |
| } |
| } |
| |
| /** |
| * Test property expansion in policy files |
| */ |
| @TestTargets({ |
| @TestTargetNew( |
| level = TestLevel.PARTIAL_COMPLETE, |
| notes = "", |
| method = "setPolicy", |
| args = {java.security.Policy.class} |
| ), |
| @TestTargetNew( |
| level = TestLevel.PARTIAL_COMPLETE, |
| notes = "", |
| method = "getPolicy", |
| args = {} |
| ) |
| }) |
| public void testPropertyExpansion() throws Exception { |
| |
| // Regression for HARMONY-1963 and HARMONY-2910 |
| |
| String policyFile = getClass().getClassLoader().getResource( |
| "PolicyTest.txt").toString(); |
| String oldJavaPolicy = System.getProperty(JAVA_SECURITY_POLICY); |
| Policy oldPolicy = Policy.getPolicy(); |
| |
| try { |
| System.setProperty(JAVA_SECURITY_POLICY, policyFile); |
| |
| // test: absolute paths |
| assertCodeBasePropertyExpansion("/11111/*", "/11111/-"); |
| assertCodeBasePropertyExpansion("/22222/../22222/*", "/22222/-"); |
| assertCodeBasePropertyExpansion("/33333/*", "/33333/../33333/-"); |
| assertCodeBasePropertyExpansion("/44444/../44444/-", "/44444/*"); |
| assertCodeBasePropertyExpansion("/55555/../55555/-", "/55555/../55555/-"); |
| assertCodeBasePropertyExpansion("/666 66 66/-", "/666 66 66/-"); |
| |
| // test: relative paths |
| assertCodeBasePropertyExpansion("11111/*", "11111/-"); |
| assertCodeBasePropertyExpansion("22222/../22222/*", "22222/-"); |
| assertCodeBasePropertyExpansion("33333/*", "33333/../33333/-"); |
| assertCodeBasePropertyExpansion("44444/../44444/-", "44444/*"); |
| assertCodeBasePropertyExpansion("55555/../55555/-", "55555/../55555/-"); |
| assertCodeBasePropertyExpansion("666 66 66/-", "666 66 66/-"); |
| } finally { |
| TestUtils.setSystemProperty(JAVA_SECURITY_POLICY, oldJavaPolicy); |
| Policy.setPolicy(oldPolicy); |
| } |
| } |
| |
| /** |
| * Asserts codeBase property expansion in policy file |
| * |
| * @param codeSourceURL - |
| * code source for policy object |
| * @param codeBaseURL - |
| * system propery value for expansion in policy file |
| */ |
| private void assertCodeBasePropertyExpansion(String codeSourceURL, |
| String codeBaseURL) throws Exception { |
| |
| Policy.setPolicy(null); // reset policy |
| System.setProperty("test.bin.dir", codeBaseURL); |
| |
| Policy p = Policy.getPolicy(); |
| CodeSource codeSource = new CodeSource( |
| new URL("file:" + codeSourceURL), |
| (java.security.cert.Certificate[]) null); |
| |
| PermissionCollection pCollection = p.getPermissions(codeSource); |
| Enumeration<Permission> elements = pCollection.elements(); |
| |
| SecurityPermission perm = new SecurityPermission( |
| "codeBaseForPolicyTest"); |
| |
| while (elements.hasMoreElements()) { |
| if (elements.nextElement().equals(perm)) { |
| return; // passed |
| } |
| } |
| fail("Failed to find SecurityPermission for codeSource=" |
| + codeSourceURL + ", codeBase=" + codeBaseURL); |
| } |
| } |