Path: blob/master/test/jdk/java/net/SocketPermission/SocketPermissionTest.java
41149 views
/*1* Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 804703126* @key intermittent27* @summary SocketPermission tests for legacy socket types.28* This test needs to bind its servers to the wildcard29* address and as such may fail intermittently.30* @library /test/lib31* @build jdk.test.lib.NetworkConfiguration32* jdk.test.lib.Platform33* @run testng/othervm -Djava.security.manager=allow SocketPermissionTest34*/3536import java.io.IOException;37import java.net.DatagramPacket;38import java.net.DatagramSocket;39import java.net.InetAddress;40import java.net.MulticastSocket;41import java.net.NetworkInterface;42import java.net.ServerSocket;43import java.net.Socket;44import java.net.SocketPermission;45import java.security.AccessControlContext;46import java.security.AccessController;47import java.security.CodeSource;48import java.security.Permission;49import java.security.PermissionCollection;50import java.security.Permissions;51import java.security.Policy;52import java.security.PrivilegedExceptionAction;53import java.security.ProtectionDomain;54import java.util.Optional;5556import org.testng.annotations.BeforeMethod;57import org.testng.annotations.Test;5859import static org.testng.Assert.*;6061import static jdk.test.lib.NetworkConfiguration.probe;62import static java.nio.charset.StandardCharsets.UTF_8;6364public class SocketPermissionTest {6566@BeforeMethod67public void setupSecurityManager() throws Exception {68// All permissions, a specific ACC will be used to when testing69// with a reduced permission set.70Policy.setPolicy(new Policy() {71final PermissionCollection perms = new Permissions();72{ perms.add(new java.security.AllPermission()); }73public PermissionCollection getPermissions(ProtectionDomain domain) {74return perms;75}76public PermissionCollection getPermissions(CodeSource codesource) {77return perms;78}79public boolean implies(ProtectionDomain domain, Permission perm) {80return perms.implies(perm);81}82} );83System.setSecurityManager(new SecurityManager());84}8586static final AccessControlContext RESTRICTED_ACC = getAccessControlContext();8788@Test89public void connectSocketTest() throws Exception {90try (ServerSocket ss = new ServerSocket(0)) {91int port = ss.getLocalPort();9293String addr = "localhost:" + port;94AccessControlContext acc = getAccessControlContext(95new SocketPermission(addr, "listen,connect,resolve"));9697// Positive98AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {99try (Socket client = new Socket(InetAddress.getLocalHost(), port)) {100}101return null;102}, acc);103104//Negative105try {106AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {107Socket client = new Socket(InetAddress.getLocalHost(), port);108fail("Expected SecurityException");109return null;110}, RESTRICTED_ACC);111} catch (SecurityException expected) { }112}113}114115@Test116public void connectDatagramSocketTest() throws Exception {117byte[] msg = "Hello".getBytes(UTF_8);118InetAddress lh = InetAddress.getLocalHost();119120try (DatagramSocket ds = new DatagramSocket(0)) {121int port = ds.getLocalPort();122123String addr = lh.getHostAddress() + ":" + port;124AccessControlContext acc = getAccessControlContext(125new SocketPermission(addr, "connect,resolve"));126127// Positive128AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {129DatagramPacket dp = new DatagramPacket(msg, msg.length, lh, port);130ds.send(dp);131return null;132}, acc);133134// Negative135try {136AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {137DatagramPacket dp = new DatagramPacket(msg, msg.length, lh, port);138ds.send(dp);139fail("Expected SecurityException");140return null;141}, RESTRICTED_ACC);142} catch (SecurityException expected) { }143}144}145146@Test147public void acceptServerSocketTest() throws Exception {148try (ServerSocket ss = new ServerSocket(0)) {149int port = ss.getLocalPort();150151String addr = "localhost:" + port;152AccessControlContext acc = getAccessControlContext(153new SocketPermission(addr, "listen,connect,resolve"),154new SocketPermission("localhost:1024-", "accept"));155156// Positive157AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {158InetAddress me = InetAddress.getLocalHost();159try (Socket client = new Socket(me, port)) {160ss.accept();161}162return null;163}, acc);164165// Negative166try {167AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {168InetAddress me = InetAddress.getLocalHost();169try (Socket client = new Socket(me, port)) {170ss.accept();171}172fail("Expected SecurityException");173return null;174}, RESTRICTED_ACC);175} catch (SecurityException expected) { }176}177}178179@Test180public void sendDatagramPacketTest() throws Exception {181byte[] msg = "Hello".getBytes(UTF_8);182InetAddress group = InetAddress.getByName("229.227.226.221");183184try (DatagramSocket ds = new DatagramSocket(0)) {185int port = ds.getLocalPort();186187String addr = "localhost:" + port;188//test for SocketPermission "229.227.226.221", "connect,accept"189AccessControlContext acc = getAccessControlContext(190new SocketPermission(addr, "listen,resolve"),191new SocketPermission("229.227.226.221", "connect,accept"));192193// Positive194AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {195DatagramPacket hi = new DatagramPacket(msg, msg.length, group, port);196ds.send(hi);197return null;198}, acc);199200// Negative201try {202AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {203DatagramPacket hi = new DatagramPacket(msg, msg.length, group, port);204ds.send(hi);205fail("Expected SecurityException");206return null;207}, RESTRICTED_ACC);208} catch (SecurityException expected) { }209}210}211212@Test213public void joinGroupMulticastTest() throws Exception {214InetAddress group = InetAddress.getByName("229.227.226.221");215try (MulticastSocket s = new MulticastSocket(0)) {216int port = s.getLocalPort();217218String addr = "localhost:" + port;219AccessControlContext acc = getAccessControlContext(220new SocketPermission(addr, "listen,resolve"),221new SocketPermission("229.227.226.221", "connect,accept"));222223// Positive ( requires a functional network interface )224Optional<NetworkInterface> onif = probe().ip4MulticastInterfaces().findFirst();225if (!onif.isPresent()) {226s.setNetworkInterface(onif.get());227228AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {229s.joinGroup(group);230s.leaveGroup(group);231return null;232}, acc);233}234235// Negative236try {237AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {238s.joinGroup(group);239s.leaveGroup(group);240fail("Expected SecurityException");241return null;242}, RESTRICTED_ACC);243} catch (SecurityException expected) { }244}245246}247248@Test249public void listenDatagramSocketTest() throws Exception {250// the hardcoded port number doesn't really matter since we expect the251// security permission to be checked before the underlying operation.252int port = 8899;253String addr = "localhost:" + port;254AccessControlContext acc = getAccessControlContext(255new SocketPermission(addr, "listen"));256257// Positive258AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {259try (DatagramSocket ds = new DatagramSocket(port)) { }260catch (IOException intermittentlyExpected) { /* ignore */ }261return null;262}, acc);263264// Negative265try {266AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {267try (DatagramSocket ds = new DatagramSocket(port)) { }268catch (IOException intermittentlyExpected) { /* ignore */ }269fail("Expected SecurityException");270return null;271}, RESTRICTED_ACC);272} catch (SecurityException expected) { }273}274275@Test276public void listenMulticastSocketTest() throws Exception {277// the hardcoded port number doesn't really matter since we expect the278// security permission to be checked before the underlying operation.279int port = 8899;280String addr = "localhost:" + port;281AccessControlContext acc = getAccessControlContext(282new SocketPermission(addr, "listen"));283284// Positive285AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {286try (MulticastSocket ms = new MulticastSocket(port)) { }287catch (IOException intermittentlyExpected) { /* ignore */ }288return null;289}, acc);290291// Negative292try {293AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {294try (MulticastSocket ms = new MulticastSocket(port)) { }295catch (IOException intermittentlyExpected) { /* ignore */ }296fail("Expected SecurityException");297return null;298}, RESTRICTED_ACC);299} catch (SecurityException expected) { }300}301302@Test303public void listenServerSocketTest() throws Exception {304// the hardcoded port number doesn't really matter since we expect the305// security permission to be checked before the underlying operation.306int port = 8899;307String addr = "localhost:" + port;308AccessControlContext acc = getAccessControlContext(309new SocketPermission(addr, "listen"));310311// Positive312AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {313try (ServerSocket ss = new ServerSocket(port)) { }314catch (IOException intermittentlyExpected) { /* ignore */ }315return null;316}, acc);317318// Negative319try {320AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {321try (ServerSocket ss = new ServerSocket(port)) { }322catch (IOException intermittentlyExpected) { /* ignore */ }323fail("Expected SecurityException");324return null;325}, RESTRICTED_ACC);326} catch (SecurityException expected) { }327328}329330private static AccessControlContext getAccessControlContext(Permission... ps) {331Permissions perms = new Permissions();332for (Permission p : ps) {333perms.add(p);334}335/*336*Create an AccessControlContext that consist a single protection domain337* with only the permissions calculated above338*/339ProtectionDomain pd = new ProtectionDomain(null, perms);340return new AccessControlContext(new ProtectionDomain[]{pd});341}342343// Standalone entry point for running with, possibly older, JDKs.344public static void main(String[] args) throws Throwable {345SocketPermissionTest test = new SocketPermissionTest();346test.setupSecurityManager();347for (java.lang.reflect.Method m : SocketPermissionTest.class.getDeclaredMethods()) {348if (m.getAnnotation(Test.class) != null) {349System.out.println("Invoking " + m.getName());350m.invoke(test);351}352}353}354}355356357