| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| /** |
| * @author Alexey V. Varlamov |
| */ |
| |
| package javax.security.auth; |
| |
| import java.io.FilePermission; |
| import java.net.URL; |
| import java.security.AllPermission; |
| import java.security.CodeSigner; |
| import java.security.CodeSource; |
| import java.security.Permission; |
| import java.security.PermissionCollection; |
| import java.security.Security; |
| import java.security.cert.Certificate; |
| import java.util.Enumeration; |
| import junit.framework.TestCase; |
| import org.apache.harmony.auth.tests.support.TestUtils; |
| import tests.support.resource.Support_Resources; |
| |
| /** |
| * Tests Policy class |
| */ |
| @SuppressWarnings("deprecation") |
| public class PolicyTest extends TestCase { |
| |
| public static class TestProvider extends Policy { |
| @Override |
| public PermissionCollection getPermissions(Subject subject, CodeSource cs) { |
| return null; |
| } |
| |
| @Override |
| public void refresh() { |
| } |
| } |
| |
| public static class FakePolicy { |
| // This is not policy class |
| } |
| /** |
| * Tests loading of a default provider, both valid and invalid class |
| * references. |
| */ |
| public void testGetPolicy_LoadDefaultProvider() { |
| Policy oldPolicy = null; |
| try { |
| oldPolicy = Policy.getPolicy(); |
| } catch (Throwable ignore) { |
| } |
| String POLICY_PROVIDER = "auth.policy.provider"; |
| String oldProvider = Security.getProperty(POLICY_PROVIDER); |
| try { |
| Security.setProperty(POLICY_PROVIDER, TestProvider.class.getName()); |
| Policy.setPolicy(null); |
| Policy p = Policy.getPolicy(); |
| assertNotNull(p); |
| assertEquals(TestProvider.class.getName(), p.getClass().getName()); |
| |
| // absent class |
| Security.setProperty(POLICY_PROVIDER, "a.b.c.D"); |
| Policy.setPolicy(null); |
| try { |
| p = Policy.getPolicy(); |
| fail("No SecurityException on failed provider"); |
| } catch (SecurityException ok) { |
| } |
| |
| // not a policy class |
| Security.setProperty(POLICY_PROVIDER, FakePolicy.class.getName()); |
| Policy.setPolicy(null); |
| try { |
| p = Policy.getPolicy(); |
| fail("No expected SecurityException"); |
| } catch (SecurityException ok) { |
| } |
| } finally { |
| TestUtils.setSystemProperty(POLICY_PROVIDER, oldProvider); |
| Policy.setPolicy(oldPolicy); |
| } |
| } |
| |
| // |
| // |
| // |
| // |
| // |
| |
| static String inputFile1 = Support_Resources |
| .getAbsoluteResourcePath("auth_policy1.txt"); |
| |
| static String inputFile2 = Support_Resources |
| .getAbsoluteResourcePath("auth_policy2.txt"); |
| |
| private static final String POLICY_PROP = "java.security.auth.policy"; |
| |
| public void test_GetPermissions() throws Exception { |
| |
| PermissionCollection c; |
| Permission per; |
| Subject subject; |
| |
| CodeSource source; |
| |
| String oldProp = System.getProperty(POLICY_PROP); |
| try { |
| System.setProperty(POLICY_PROP, inputFile1); |
| |
| Policy p = Policy.getPolicy(); |
| p.refresh(); |
| |
| // |
| // Both parameters are null |
| // |
| |
| c = p.getPermissions(null, null); |
| assertFalse("Read only for empty", c.isReadOnly()); |
| assertFalse("Elements for empty", c.elements().hasMoreElements()); |
| |
| // |
| // Subject parameter is provided (CodeBase is not important) |
| // |
| // Principal javax.security.auth.MyPrincipal "duke" |
| // |
| |
| // no principals at all |
| subject = new Subject(); |
| c = p.getPermissions(subject, null); |
| assertFalse("Elements: ", c.elements().hasMoreElements()); |
| |
| // different name "kuke" not "duke" |
| subject.getPrincipals().add(new MyPrincipal("kuke")); |
| c = p.getPermissions(subject, null); |
| assertFalse("Elements: ", c.elements().hasMoreElements()); |
| |
| // different class with required principal's name |
| subject.getPrincipals().add(new OtherPrincipal("duke")); |
| c = p.getPermissions(subject, null); |
| assertFalse("Elements: ", c.elements().hasMoreElements()); |
| |
| // subclass with required principal's name |
| subject.getPrincipals().add(new FakePrincipal("duke")); |
| c = p.getPermissions(subject, null); |
| assertFalse("Elements: ", c.elements().hasMoreElements()); |
| |
| // add required principal's name |
| subject.getPrincipals().add(new MyPrincipal("duke")); |
| |
| Enumeration<Permission> e = p.getPermissions(subject, null).elements(); |
| |
| per = e.nextElement(); |
| assertFalse("Elements: ", e.hasMoreElements()); |
| assertEquals("Permission: ", per, new FilePermission("/home/duke", |
| "read, write")); |
| |
| // check: CodeBase is not important |
| source = new CodeSource(new URL("http://dummy.xxx"), |
| (Certificate[]) null); |
| c = p.getPermissions(subject, source); |
| assertTrue("Elements: ", c.elements().hasMoreElements()); |
| |
| source = new CodeSource(new URL("http://dummy.xxx"), |
| (CodeSigner[]) null); |
| c = p.getPermissions(subject, source); |
| assertTrue("Elements: ", c.elements().hasMoreElements()); |
| |
| // |
| // Subject and CodeBase parameter are provided |
| // |
| // Principal javax.security.auth.MyPrincipal "dummy" |
| // CodeBase "http://dummy.xxx" |
| // |
| source = new CodeSource(new URL("http://dummy.xxx"), |
| (Certificate[]) null); |
| subject = new Subject(); |
| subject.getPrincipals().add(new MyPrincipal("dummy")); |
| |
| e = p.getPermissions(subject, source).elements(); |
| per = e.nextElement(); |
| assertFalse("Elements: ", e.hasMoreElements()); |
| assertEquals("Permission: ", per, new RuntimePermission( |
| "createClassLoader")); |
| |
| // reset subject : no principals at all |
| subject = new Subject(); |
| c = p.getPermissions(subject, source); |
| assertFalse("Elements: ", c.elements().hasMoreElements()); |
| |
| // different name "kuke" not "dummy" |
| subject.getPrincipals().add(new MyPrincipal("kuke")); |
| c = p.getPermissions(subject, null); |
| assertFalse("Elements: ", c.elements().hasMoreElements()); |
| |
| // different class with required principal's name |
| subject.getPrincipals().add(new OtherPrincipal("dummy")); |
| c = p.getPermissions(subject, null); |
| assertFalse("Elements: ", c.elements().hasMoreElements()); |
| |
| // |
| // Principal javax.security.auth.MyPrincipal "my" |
| // Principal javax.security.auth.OtherPrincipal "other" |
| // |
| subject = new Subject(); |
| subject.getPrincipals().add(new MyPrincipal("my")); |
| c = p.getPermissions(subject, null); |
| assertFalse("Elements: ", c.elements().hasMoreElements()); |
| |
| subject.getPrincipals().add(new OtherPrincipal("other")); |
| e = p.getPermissions(subject, null).elements(); |
| per = e.nextElement(); |
| assertFalse("Elements: ", e.hasMoreElements()); |
| assertEquals("Permission: ", per, new AllPermission()); |
| |
| // |
| // Principal javax.security.auth.MyPrincipal "bunny" |
| // |
| subject = new Subject(); |
| subject.getPrincipals().add(new MyPrincipal("bunny")); |
| |
| e = p.getPermissions(subject, null).elements(); |
| |
| Permission[] get = new Permission[2]; |
| get[0] = e.nextElement(); |
| get[1] = e.nextElement(); |
| assertFalse("Elements: ", e.hasMoreElements()); |
| |
| Permission[] set = new Permission[2]; |
| set[0] = new FilePermission("/home/bunny", "read, write"); |
| set[1] = new RuntimePermission("stopThread"); |
| |
| if (get[0].equals(set[0])) { |
| assertEquals("Permission: ", set[1], get[1]); |
| } else { |
| assertEquals("Permission: ", set[0], get[1]); |
| assertEquals("Permission: ", set[1], get[0]); |
| } |
| |
| } finally { |
| TestUtils.setSystemProperty(POLICY_PROP, oldProp); |
| } |
| } |
| |
| public void test_Refresh() { |
| |
| Permission per; |
| Subject subject; |
| Enumeration<?> e; |
| |
| String oldProp = System.getProperty(POLICY_PROP); |
| try { |
| // |
| // first policy file to be read |
| // |
| System.setProperty(POLICY_PROP, inputFile1); |
| |
| Policy p = Policy.getPolicy(); |
| p.refresh(); |
| |
| subject = new Subject(); |
| subject.getPrincipals().add(new MyPrincipal("duke")); |
| |
| e = p.getPermissions(subject, null).elements(); |
| |
| per = (Permission) e.nextElement(); |
| assertFalse("Elements: ", e.hasMoreElements()); |
| assertEquals("Permission: ", per, new FilePermission("/home/duke", |
| "read, write")); |
| |
| // |
| // second policy file to be read |
| // |
| System.setProperty(POLICY_PROP, inputFile2); |
| |
| p.refresh(); |
| |
| e = p.getPermissions(subject, null).elements(); |
| |
| per = (Permission) e.nextElement(); |
| assertFalse("Elements: ", e.hasMoreElements()); |
| assertEquals("Permission: ", per, new RuntimePermission( |
| "createClassLoader")); |
| } finally { |
| TestUtils.setSystemProperty(POLICY_PROP, oldProp); |
| } |
| } |
| } |