| /* |
| * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| /* |
| * @test |
| * @author Ram Marti |
| * @bug 4326852 |
| * @modules jdk.security.auth |
| * @summary Retrive a subset of private credentials can be accessed |
| * @run main/othervm/policy=Subset.policy Subset |
| */ |
| |
| import java.util.Collections; |
| import java.util.HashSet; |
| import java.util.Iterator; |
| import java.util.Set; |
| import com.sun.security.auth.SolarisPrincipal; |
| import javax.security.auth.Subject; |
| |
| /* |
| * Author : Ram Marti |
| * This is a test program to verify the fix for Bug 4326852 |
| * (impossible to extract a subset of private credentials) |
| * The policy file used allows read access only to String classes. |
| * grant { |
| * permission javax.security.auth.AuthPermission \ |
| * "modifyPrivateCredentials"; |
| * permission javax.security.auth.PrivateCredentialPermission \ |
| * "java.lang.String com.sun.security.auth.SolarisPrincipal \"user"", "read"; |
| * }; |
| |
| * The test verifies the following: |
| * - String class creds can be retrieved by using |
| * getPrivateCredentials(String.class) |
| * - The above set is not backed internally |
| * - getPrivateCredentials(Boolean or Integer) returns an empty set |
| * - Set is returned by getPrivateCredentials() throws |
| * security exception when trying to access non-String |
| * class credentials |
| * - The above set is internally backed up and any changes in |
| * internal private creds are reflected in the set returned |
| * - When the above set throws security exception the iterator |
| * - is advanced to the next item in the list of creds. |
| * - equals,contains,containsAll,add,remove operations work correctly |
| */ |
| |
| public class Subset { |
| public static void main(String[] args) throws Exception { |
| int exceptionCounter =0; |
| Iterator iter1; |
| HashSet creds = new HashSet(); |
| Subject emptys = |
| new Subject(false, //readOnly |
| Collections.singleton(new SolarisPrincipal("user")), |
| Collections.EMPTY_SET, |
| creds); |
| /* Test principals */ |
| |
| Set princ= emptys.getPrincipals(); |
| HashSet collp= new HashSet(); |
| collp.add(new String("abc")); |
| collp.add(new String("def")); |
| collp.add(new String("Exists")); |
| collp.add(new String("Does not Exist")); |
| try { |
| if (princ.containsAll(collp)) { |
| throw new Exception ("Error: Contains the collection"); |
| } else |
| System.out.println ("Does not Contain the collection"); |
| } catch (SecurityException e) { |
| throw new Exception ("Error: Exception in containsAll (string coll)!!"); |
| } |
| |
| |
| Set p1 = emptys.getPrivateCredentials(); |
| |
| if (p1.size() != 0) { |
| throw new Exception("Error:p1 size should have been 6 and was " + |
| p1.size()); |
| } |
| |
| creds.add("abc"); |
| creds.add(new Integer(3)); |
| creds.add(Boolean.TRUE); |
| Subject sremove = |
| new Subject(false, //readOnly |
| Collections.singleton(new SolarisPrincipal("user")), |
| Collections.EMPTY_SET, |
| creds); |
| Set p2 = sremove.getPrivateCredentials(); |
| |
| if (p2.size() !=3){ |
| throw new Exception("Error: p2 size should have been 3 and was " + |
| p2.size()); |
| } |
| iter1 = p2.iterator(); |
| exceptionCounter=0; |
| while (iter1.hasNext()) { |
| try { |
| Object o = iter1.next(); |
| System.out.println(" private creds of class " + |
| o.getClass() + "value is " + o.toString()); |
| } catch (SecurityException e) { |
| System.out.println("Expected Exception occured"); |
| exceptionCounter++; |
| } |
| } |
| if (exceptionCounter != 2) { |
| throw new Exception("Expected number of exceptions was 2 " + |
| "The actual number was " + exceptionCounter); |
| } |
| |
| // Verify that remove op was successful |
| |
| iter1.remove(); |
| if (p2.size() !=2) { |
| throw new RuntimeException("Error: p2 size should have been 2 and was " + |
| p2.size()); |
| } |
| System.out.println ("Checking the value after removal"); |
| p2 = sremove.getPrivateCredentials(); |
| try { |
| if (!p2.add(new String("XYZ"))) { |
| |
| throw new RuntimeException("Error in adding string"); |
| } |
| if (!p2.add(new Integer(99))) { |
| |
| throw new RuntimeException("Error in adding Integer"); |
| } |
| HashSet coll1 = new HashSet(); |
| coll1.add(new String("RST")); |
| coll1.add(new Integer(1)); |
| if (!p2.addAll(coll1)) { |
| |
| throw new RuntimeException("Error in addAll"); |
| } |
| |
| } catch (Exception e){ |
| e.printStackTrace(); |
| throw new RuntimeException("Unexpected exception in add"); |
| |
| } |
| iter1 = p2.iterator(); |
| |
| while (iter1.hasNext()) { |
| try { |
| Object o = iter1.next(); |
| System.out.println(" private creds of class " + |
| o.getClass() + "value is " + o.toString()); |
| } catch (SecurityException e) { |
| // System.out.println("Exception!!"); |
| } |
| } |
| iter1 = p2.iterator(); |
| |
| System.out.println ("Checked the value after removal"); |
| |
| HashSet creds1 = new HashSet(); |
| creds1.add("abc"); |
| creds1.add("def"); |
| creds1.add(Boolean.TRUE); |
| creds1.add(new Integer(1)); |
| creds1.add(new String("Exists")); |
| Subject scontain = |
| new Subject(false, //readOnly |
| Collections.singleton(new SolarisPrincipal("user")), |
| Collections.EMPTY_SET, |
| creds1); |
| p2 = scontain.getPrivateCredentials(); |
| try { |
| Object ObjAr = p2.toArray(); |
| } catch (SecurityException e) { |
| System.out.println("Should get an Exception in toArray()"); |
| } |
| |
| HashSet creds3 = new HashSet(); |
| creds3.add (new String("abc")); |
| p2 = scontain.getPrivateCredentials(); |
| |
| try { |
| Object ObjCred = (Object)creds3.clone(); |
| System.out.println ("Size of p2 is " + p2.size() + |
| "Size of ObjCred is " + |
| ((HashSet)ObjCred).size() |
| ); |
| if (p2.equals(ObjCred)) |
| throw new RuntimeException("Error:Equals ObjCred *** "); |
| else |
| System.out.println ("Does not Equal Objcred"); |
| } catch (SecurityException e) { |
| throw new RuntimeException("Error:Should not get an Exception in equals of creds3"); |
| |
| |
| } |
| |
| try { |
| Object ObjCred = (Object)creds1.clone(); |
| System.out.println ("Size of p2 is " + p2.size() + |
| "Size of ObjCred is " + |
| ((HashSet)ObjCred).size() |
| ); |
| if (p2.equals(ObjCred)) |
| throw new RuntimeException ("Error: Equals ObjCred"); |
| else |
| throw new RuntimeException ("Error: Does not Equal Objcred"); |
| } catch (SecurityException e) { |
| System.out.println("Should get an Exception in equals of creds1"); |
| } |
| /* We can store only string types of creds |
| * Let us create a subject with only string type of creds |
| */ |
| |
| HashSet creds2 = new HashSet(); |
| creds2.add("abc"); |
| creds2.add("def"); |
| creds2.add("ghi"); |
| Subject sstring = |
| new Subject(false, //readOnly |
| Collections.singleton(new SolarisPrincipal("user")), |
| Collections.EMPTY_SET, |
| creds2); |
| p2 = sstring.getPrivateCredentials(); |
| try { |
| String[] selectArray = { "exits", "Does not exist"}; |
| Object ObjAr = p2.toArray(selectArray); |
| System.out.println(" No Exception in ObjAr- String"); |
| |
| } catch (SecurityException e) { |
| throw new RuntimeException(" Error: Exception in ObjAr- String!!"); |
| } |
| /* |
| * New subject scontain1, set p3, creds4 |
| */ |
| |
| |
| HashSet creds4 = new HashSet(); |
| creds4.add("abc"); |
| creds4.add("def"); |
| creds4.add("ghi"); |
| creds4.add(new Integer(1)); |
| creds4.add("Exists"); |
| Subject scontain1 = |
| new Subject(false, //readOnly |
| Collections.singleton(new SolarisPrincipal("user")), |
| Collections.EMPTY_SET, |
| creds4); |
| Set p3 = scontain1.getPrivateCredentials(); |
| try { |
| Object Obj = new String("Exists"); |
| if (p3.contains(Obj)) |
| System.out.println ("Contains String cred"); |
| else |
| throw new RuntimeException ("Error Does not Contain the stringcred exists"); |
| } catch (SecurityException e) { |
| throw new RuntimeException("Error:Exception!!"); |
| |
| } |
| try { |
| Object ObjCred = (Object)creds4.clone(); |
| if (p3.equals(ObjCred)) |
| throw new RuntimeException ("Error:Equals ObjCred"); |
| else |
| throw new RuntimeException ("Error:Does not Equal Objcred"); |
| } catch (SecurityException e) { |
| System.out.println("Should get an Exception in equals"); |
| } |
| |
| try { |
| Object Obj = new Integer(1); |
| if (p3.contains(Obj)) |
| throw new RuntimeException ("Error:Contains integer cred"); |
| else |
| throw new RuntimeException ("Error:Does not Contain integer cred"); |
| } catch (SecurityException e) { |
| System.out.println("Should get an Exception in contains Integer cred"); |
| } |
| |
| |
| |
| HashSet coll = new HashSet(); |
| coll.add(new String("abc")); |
| coll.add(new String("def")); |
| coll.add(new String("Exists")); |
| coll.add(new String("Does not Exist")); |
| try { |
| if (p3.containsAll(coll)) |
| throw new RuntimeException ("Error: Contains the collection"); |
| else |
| System.out.println ("Does not Contain the collection"); |
| } catch (SecurityException e) { |
| throw new RuntimeException("Error: Exception in containsAll (string coll)!!"); |
| |
| } |
| coll.remove(new String("Exists")); |
| coll.remove(new String("Does not Exist")); |
| try { |
| if (p3.containsAll(coll)) |
| System.out.println ("Contains the collection"); |
| else |
| throw new RuntimeException ("Error:Does not Contain the collection"); |
| } catch (SecurityException e) { |
| throw new RuntimeException("Error: Exception in containsAll (string coll)!!"); |
| } |
| |
| Object Obj = new String("Exists"); |
| try { |
| if (p3.contains(Obj)) |
| System.out.println ("Contains String cred exists"); |
| else |
| System.out.println ("Does not Contain String cred exists"); |
| } catch (SecurityException e) { |
| System.out.println("Exception in String cred!!"); |
| } |
| |
| Obj = new String("Does not exist"); |
| try { |
| if (p3.contains(Obj)) |
| throw new RuntimeException ("Error: Contains the String does not exist"); |
| else |
| System.out.println ("Does not Contain the String cred Does not exist"); |
| } catch (SecurityException e) { |
| throw new RuntimeException("Error: Exception in Contains!!"); |
| } |
| p3.add(new Integer(2)); |
| coll.add(new Integer(2)); |
| p3.add("XYZ"); |
| |
| System.out.println ("Testing Retainall "); |
| exceptionCounter =0; |
| iter1 = p3.iterator(); |
| while (iter1.hasNext()) |
| { |
| try { |
| Object o = iter1.next(); |
| System.out.println(" private creds of class " + |
| o.getClass() + "value is " + o.toString()); |
| } catch (SecurityException e) { |
| System.out.println(" We should get exception"); |
| System.out.println("Exception!!"); |
| exceptionCounter++; |
| } |
| } |
| System.out.println(" After the retainall Operation"); |
| try { |
| if (p3.retainAll(coll)) |
| System.out.println ("Retained the collection"); |
| else |
| throw new RuntimeException ("Error: RetainAll did not succeed"); |
| } catch (SecurityException e) { |
| e.printStackTrace(); |
| throw new RuntimeException("Error: Unexpected Exception in retainAll!"); |
| } |
| iter1 = p3.iterator(); |
| while (iter1.hasNext()) |
| { |
| try { |
| Object o = iter1.next(); |
| System.out.println(" private creds of class " + |
| o.getClass() + "value is " + o.toString()); |
| } catch (SecurityException e) { |
| exceptionCounter++; |
| } |
| } |
| System.out.println ("Retainall collection"); |
| p3.add(new Integer (3)); |
| iter1 = p3.iterator(); |
| while (iter1.hasNext()) { |
| try { |
| Object o = iter1.next(); |
| System.out.println(" private creds of class " + |
| o.getClass() + "value is " + o.toString()); |
| } catch (SecurityException e) { |
| System.out.println("Should get Exception "); |
| } |
| } |
| exceptionCounter=0; |
| HashSet coll2 = new HashSet(); |
| coll2.add(new String("abc")); |
| coll2.add(new Integer (3)); |
| System.out.println(" before removeall"); |
| iter1 = p3.iterator(); |
| exceptionCounter =0; |
| while (iter1.hasNext()) { |
| try { |
| Object o = iter1.next(); |
| System.out.println(" private creds of class " + |
| o.getClass() + "value is " + o.toString()); |
| } catch (SecurityException e) { |
| System.out.println("Expected Exception thrown "); |
| exceptionCounter++; |
| } |
| } |
| // We added two integer creds so there must be two exceptions only |
| |
| if (exceptionCounter != 2) { |
| throw new RuntimeException("Expected 2 Exceptions; received " + |
| exceptionCounter + "exceptions "); |
| } |
| |
| try { |
| p3.removeAll(coll2); |
| System.out.println(" removeall successful! "); |
| } catch (SecurityException e) { |
| throw new RuntimeException(" Error: removeAll Security Exception!!"); |
| } |
| |
| iter1 = p3.iterator(); |
| System.out.println(" After removeall"); |
| exceptionCounter = 0; |
| while (iter1.hasNext()) { |
| try { |
| Object o = iter1.next(); |
| System.out.println (" private creds of class " + |
| o.getClass() + "value is " + o.toString()); |
| } catch (SecurityException e) { |
| System.out.println("Expected Exception thrown "); |
| exceptionCounter++; |
| } |
| } |
| // We had two integer creds; removed one as a part of coll2; so |
| // only one exception must have been thrown |
| if (exceptionCounter != 1) { |
| throw new RuntimeException("Expected 1 Exceptions; received " + |
| exceptionCounter + "exceptions "); |
| } |
| try { |
| p3.clear(); |
| System.out.println(" Clear() successful! "); |
| } catch (SecurityException e) { |
| throw new RuntimeException(" Error: Clear Security Exception!!"); |
| } |
| |
| |
| /* New subject s with creds and privCredSet |
| * |
| */ |
| creds.clear(); |
| creds.add("abc"); |
| creds.add("def"); |
| creds.add("ghi"); |
| creds.add(new Integer(1)); |
| Subject s = |
| new Subject(false, //readOnly |
| Collections.singleton(new SolarisPrincipal("user")), |
| Collections.EMPTY_SET, |
| creds); |
| try { |
| Set privCredSet = s.getPrivateCredentials(char.class); |
| if (privCredSet.size() != 0) { |
| throw new RuntimeException("Error:String Privcred size should have been 0 and was " + |
| privCredSet.size()); |
| } |
| |
| } catch (Exception e) { |
| throw new RuntimeException ("Error " + e.toString()); |
| } |
| |
| |
| try { |
| Set privCredSet = s.getPrivateCredentials(String.class); |
| if (privCredSet.size() != 3) { |
| throw new RuntimeException("Error:String Privcred size should have been 2 and was " + |
| privCredSet.size()); |
| } |
| s.getPrivateCredentials().add("XYZ"); |
| /* |
| * Since the privCredSet is not backed by internal private |
| * creds adding to it should not make any difference to |
| * privCredSet and theize should still be 3 |
| */ |
| |
| if (privCredSet.size() != 3) { |
| throw new RuntimeException("Error:String Privcred size should have been 2 and was " + |
| privCredSet.size()); |
| } |
| s.getPrivateCredentials().remove("XYZ"); |
| /* |
| * Let us try to get the elements |
| * No exception should occur |
| */ |
| |
| Iterator iter = privCredSet.iterator(); |
| while (iter.hasNext()) { |
| try { |
| Object o = iter.next(); |
| System.out.println(" private creds of class " + |
| o.getClass() + "value is " + o.toString()); |
| } catch (SecurityException e) { |
| } |
| } |
| } catch (Exception e) { |
| e.printStackTrace(); |
| throw new RuntimeException("Unexcpected Exception"); |
| } |
| |
| /* |
| * Can we add and remove the creds |
| */ |
| s.getPrivateCredentials().add("XYZ"); |
| s.getPrivateCredentials().remove("XYZ"); |
| s.getPrivateCredentials().add(new Integer(2)); |
| s.getPrivateCredentials().remove(new Integer(2)); |
| |
| |
| // We don't have permission to read Boolean creds |
| // SInce the creds have no boolean creds we should get an empty |
| // set |
| try { |
| Set privCredSet1 = s.getPrivateCredentials(Boolean.class); |
| if (privCredSet1.size() != 0){ |
| throw new RuntimeException("Error:String PrivcredSet1 of Boolean size should have been 0 and was " + |
| privCredSet1.size()); |
| } |
| } catch (SecurityException e) { |
| e.printStackTrace(); |
| throw new RuntimeException("Unexcpected Exception"); |
| } |
| System.out.println ("Checked Boolean Creds "); |
| |
| /* |
| * We don't have permission to read Integer creds |
| * We should get an empty set even though the private creds |
| * has an integer cred. No security exception either ! |
| */ |
| |
| try { |
| Set privCredSet1 = s.getPrivateCredentials(Integer.class); |
| if (privCredSet1.size() != 0){ |
| throw new RuntimeException("Error:String PrivcredSet1 of Integer size should have been 0 and was " + |
| privCredSet1.size()); |
| } |
| } catch (SecurityException e) { |
| System.out.println ("Expected exception"); |
| } |
| System.out.println ("Checked Integer Creds "); |
| |
| Set privCredSet2 = s.getPrivateCredentials(); |
| |
| if (privCredSet2.size() != 4){ |
| throw new RuntimeException("Error:String PrivcredSet1 size should have been 4 and was " + |
| privCredSet2.size()); |
| } |
| |
| /* |
| * Since the returned privCredSet2 is internally backed by the |
| * private creds, any additions to it should be reflected in |
| * privcredSet2 |
| */ |
| s.getPrivateCredentials().add("XYZ"); |
| if (privCredSet2.size() != 5) { |
| throw new RuntimeException("Error:String PrivcredSet1 size should have been 5 and was " + |
| privCredSet2.size()); |
| } |
| s.getPrivateCredentials().remove("XYZ"); |
| if (privCredSet2.size() != 4) { |
| throw new RuntimeException("String privCredSet2 size should have been 5 and was " + |
| privCredSet2.size()); |
| } |
| System.out.println("Checked remove(String) operation"); |
| /* Let us add a couple of Boolean creds */ |
| s.getPrivateCredentials().add(Boolean.TRUE); |
| s.getPrivateCredentials().add(new Integer(2)); |
| |
| exceptionCounter =0; |
| iter1 = privCredSet2.iterator(); |
| while (iter1.hasNext()) |
| { |
| try { |
| Object o = iter1.next(); |
| System.out.println(" private creds of class " + |
| o.getClass() + "value is " + o.toString()); |
| } catch (SecurityException e) { |
| System.out.println(" We should get exception"); |
| System.out.println("Exception!!"); |
| exceptionCounter++; |
| } |
| } |
| if (exceptionCounter != 3) { |
| throw new RuntimeException("Expected number of exception was 3 " + |
| "The actual number was " + exceptionCounter); |
| } |
| privCredSet2.add (new Integer(3)); |
| try { |
| int hashCode = privCredSet2.hashCode(); |
| } catch (SecurityException e) { |
| System.out.println ("hashCode Expected exception"); |
| } |
| System.out.println ("Tests completed"); |
| } |
| |
| } |
