Path: blob/master/test/jdk/javax/security/auth/PrivateCredentialPermission/Subset.java
41153 views
/*1* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @author Ram Marti26* @bug 432685227* @modules jdk.security.auth28* @summary Retrive a subset of private credentials can be accessed29* @run main/othervm/policy=Subset.policy Subset30*/3132import java.util.Collections;33import java.util.HashSet;34import java.util.Iterator;35import java.util.Set;36import com.sun.security.auth.UnixPrincipal;37import javax.security.auth.Subject;3839/*40* Author : Ram Marti41* This is a test program to verify the fix for Bug 432685242* (impossible to extract a subset of private credentials)43* The policy file used allows read access only to String classes.44* grant {45* permission javax.security.auth.AuthPermission \46* "modifyPrivateCredentials";47* permission javax.security.auth.PrivateCredentialPermission \48* "java.lang.String com.sun.security.auth.UnixPrincipal \"user"", "read";49* };5051* The test verifies the following:52* - String class creds can be retrieved by using53* getPrivateCredentials(String.class)54* - The above set is not backed internally55* - getPrivateCredentials(Boolean or Integer) returns an empty set56* - Set is returned by getPrivateCredentials() throws57* security exception when trying to access non-String58* class credentials59* - The above set is internally backed up and any changes in60* internal private creds are reflected in the set returned61* - When the above set throws security exception the iterator62* - is advanced to the next item in the list of creds.63* - equals,contains,containsAll,add,remove operations work correctly64*/6566public class Subset {67public static void main(String[] args) throws Exception {68int exceptionCounter =0;69Iterator iter1;70HashSet creds = new HashSet();71Subject emptys =72new Subject(false, //readOnly73Collections.singleton(new UnixPrincipal("user")),74Collections.EMPTY_SET,75creds);76/* Test principals */7778Set princ= emptys.getPrincipals();79HashSet collp= new HashSet();80collp.add(new String("abc"));81collp.add(new String("def"));82collp.add(new String("Exists"));83collp.add(new String("Does not Exist"));84try {85if (princ.containsAll(collp)) {86throw new Exception ("Error: Contains the collection");87} else88System.out.println ("Does not Contain the collection");89} catch (SecurityException e) {90throw new Exception ("Error: Exception in containsAll (string coll)!!");91}929394Set p1 = emptys.getPrivateCredentials();9596if (p1.size() != 0) {97throw new Exception("Error:p1 size should have been 6 and was " +98p1.size());99}100101creds.add("abc");102creds.add(new Integer(3));103creds.add(Boolean.TRUE);104Subject sremove =105new Subject(false, //readOnly106Collections.singleton(new UnixPrincipal("user")),107Collections.EMPTY_SET,108creds);109Set p2 = sremove.getPrivateCredentials();110111if (p2.size() !=3){112throw new Exception("Error: p2 size should have been 3 and was " +113p2.size());114}115iter1 = p2.iterator();116exceptionCounter=0;117while (iter1.hasNext()) {118try {119Object o = iter1.next();120System.out.println(" private creds of class " +121o.getClass() + "value is " + o.toString());122} catch (SecurityException e) {123System.out.println("Expected Exception occured");124exceptionCounter++;125}126}127if (exceptionCounter != 2) {128throw new Exception("Expected number of exceptions was 2 " +129"The actual number was " + exceptionCounter);130}131132// Verify that remove op was successful133134iter1.remove();135if (p2.size() !=2) {136throw new RuntimeException("Error: p2 size should have been 2 and was " +137p2.size());138}139System.out.println ("Checking the value after removal");140p2 = sremove.getPrivateCredentials();141try {142if (!p2.add(new String("XYZ"))) {143144throw new RuntimeException("Error in adding string");145}146if (!p2.add(new Integer(99))) {147148throw new RuntimeException("Error in adding Integer");149}150HashSet coll1 = new HashSet();151coll1.add(new String("RST"));152coll1.add(new Integer(1));153if (!p2.addAll(coll1)) {154155throw new RuntimeException("Error in addAll");156}157158} catch (Exception e){159e.printStackTrace();160throw new RuntimeException("Unexpected exception in add");161162}163iter1 = p2.iterator();164165while (iter1.hasNext()) {166try {167Object o = iter1.next();168System.out.println(" private creds of class " +169o.getClass() + "value is " + o.toString());170} catch (SecurityException e) {171// System.out.println("Exception!!");172}173}174iter1 = p2.iterator();175176System.out.println ("Checked the value after removal");177178HashSet creds1 = new HashSet();179creds1.add("abc");180creds1.add("def");181creds1.add(Boolean.TRUE);182creds1.add(new Integer(1));183creds1.add(new String("Exists"));184Subject scontain =185new Subject(false, //readOnly186Collections.singleton(new UnixPrincipal("user")),187Collections.EMPTY_SET,188creds1);189p2 = scontain.getPrivateCredentials();190try {191Object ObjAr = p2.toArray();192} catch (SecurityException e) {193System.out.println("Should get an Exception in toArray()");194}195196HashSet creds3 = new HashSet();197creds3.add (new String("abc"));198p2 = scontain.getPrivateCredentials();199200try {201Object ObjCred = (Object)creds3.clone();202System.out.println ("Size of p2 is " + p2.size() +203"Size of ObjCred is " +204((HashSet)ObjCred).size()205);206if (p2.equals(ObjCred))207throw new RuntimeException("Error:Equals ObjCred *** ");208else209System.out.println ("Does not Equal Objcred");210} catch (SecurityException e) {211throw new RuntimeException("Error:Should not get an Exception in equals of creds3");212213214}215216try {217Object ObjCred = (Object)creds1.clone();218System.out.println ("Size of p2 is " + p2.size() +219"Size of ObjCred is " +220((HashSet)ObjCred).size()221);222if (p2.equals(ObjCred))223throw new RuntimeException ("Error: Equals ObjCred");224else225throw new RuntimeException ("Error: Does not Equal Objcred");226} catch (SecurityException e) {227System.out.println("Should get an Exception in equals of creds1");228}229/* We can store only string types of creds230* Let us create a subject with only string type of creds231*/232233HashSet creds2 = new HashSet();234creds2.add("abc");235creds2.add("def");236creds2.add("ghi");237Subject sstring =238new Subject(false, //readOnly239Collections.singleton(new UnixPrincipal("user")),240Collections.EMPTY_SET,241creds2);242p2 = sstring.getPrivateCredentials();243try {244String[] selectArray = { "exits", "Does not exist"};245Object ObjAr = p2.toArray(selectArray);246System.out.println(" No Exception in ObjAr- String");247248} catch (SecurityException e) {249throw new RuntimeException(" Error: Exception in ObjAr- String!!");250}251/*252* New subject scontain1, set p3, creds4253*/254255256HashSet creds4 = new HashSet();257creds4.add("abc");258creds4.add("def");259creds4.add("ghi");260creds4.add(new Integer(1));261creds4.add("Exists");262Subject scontain1 =263new Subject(false, //readOnly264Collections.singleton(new UnixPrincipal("user")),265Collections.EMPTY_SET,266creds4);267Set p3 = scontain1.getPrivateCredentials();268try {269Object Obj = new String("Exists");270if (p3.contains(Obj))271System.out.println ("Contains String cred");272else273throw new RuntimeException ("Error Does not Contain the stringcred exists");274} catch (SecurityException e) {275throw new RuntimeException("Error:Exception!!");276277}278try {279Object ObjCred = (Object)creds4.clone();280if (p3.equals(ObjCred))281throw new RuntimeException ("Error:Equals ObjCred");282else283throw new RuntimeException ("Error:Does not Equal Objcred");284} catch (SecurityException e) {285System.out.println("Should get an Exception in equals");286}287288try {289Object Obj = new Integer(1);290if (p3.contains(Obj))291throw new RuntimeException ("Error:Contains integer cred");292else293throw new RuntimeException ("Error:Does not Contain integer cred");294} catch (SecurityException e) {295System.out.println("Should get an Exception in contains Integer cred");296}297298299300HashSet coll = new HashSet();301coll.add(new String("abc"));302coll.add(new String("def"));303coll.add(new String("Exists"));304coll.add(new String("Does not Exist"));305try {306if (p3.containsAll(coll))307throw new RuntimeException ("Error: Contains the collection");308else309System.out.println ("Does not Contain the collection");310} catch (SecurityException e) {311throw new RuntimeException("Error: Exception in containsAll (string coll)!!");312313}314coll.remove(new String("Exists"));315coll.remove(new String("Does not Exist"));316try {317if (p3.containsAll(coll))318System.out.println ("Contains the collection");319else320throw new RuntimeException ("Error:Does not Contain the collection");321} catch (SecurityException e) {322throw new RuntimeException("Error: Exception in containsAll (string coll)!!");323}324325Object Obj = new String("Exists");326try {327if (p3.contains(Obj))328System.out.println ("Contains String cred exists");329else330System.out.println ("Does not Contain String cred exists");331} catch (SecurityException e) {332System.out.println("Exception in String cred!!");333}334335Obj = new String("Does not exist");336try {337if (p3.contains(Obj))338throw new RuntimeException ("Error: Contains the String does not exist");339else340System.out.println ("Does not Contain the String cred Does not exist");341} catch (SecurityException e) {342throw new RuntimeException("Error: Exception in Contains!!");343}344p3.add(new Integer(2));345coll.add(new Integer(2));346p3.add("XYZ");347348System.out.println ("Testing Retainall ");349exceptionCounter =0;350iter1 = p3.iterator();351while (iter1.hasNext())352{353try {354Object o = iter1.next();355System.out.println(" private creds of class " +356o.getClass() + "value is " + o.toString());357} catch (SecurityException e) {358System.out.println(" We should get exception");359System.out.println("Exception!!");360exceptionCounter++;361}362}363System.out.println(" After the retainall Operation");364try {365if (p3.retainAll(coll))366System.out.println ("Retained the collection");367else368throw new RuntimeException ("Error: RetainAll did not succeed");369} catch (SecurityException e) {370e.printStackTrace();371throw new RuntimeException("Error: Unexpected Exception in retainAll!");372}373iter1 = p3.iterator();374while (iter1.hasNext())375{376try {377Object o = iter1.next();378System.out.println(" private creds of class " +379o.getClass() + "value is " + o.toString());380} catch (SecurityException e) {381exceptionCounter++;382}383}384System.out.println ("Retainall collection");385p3.add(new Integer (3));386iter1 = p3.iterator();387while (iter1.hasNext()) {388try {389Object o = iter1.next();390System.out.println(" private creds of class " +391o.getClass() + "value is " + o.toString());392} catch (SecurityException e) {393System.out.println("Should get Exception ");394}395}396exceptionCounter=0;397HashSet coll2 = new HashSet();398coll2.add(new String("abc"));399coll2.add(new Integer (3));400System.out.println(" before removeall");401iter1 = p3.iterator();402exceptionCounter =0;403while (iter1.hasNext()) {404try {405Object o = iter1.next();406System.out.println(" private creds of class " +407o.getClass() + "value is " + o.toString());408} catch (SecurityException e) {409System.out.println("Expected Exception thrown ");410exceptionCounter++;411}412}413// We added two integer creds so there must be two exceptions only414415if (exceptionCounter != 2) {416throw new RuntimeException("Expected 2 Exceptions; received " +417exceptionCounter + "exceptions ");418}419420try {421p3.removeAll(coll2);422System.out.println(" removeall successful! ");423} catch (SecurityException e) {424throw new RuntimeException(" Error: removeAll Security Exception!!");425}426427iter1 = p3.iterator();428System.out.println(" After removeall");429exceptionCounter = 0;430while (iter1.hasNext()) {431try {432Object o = iter1.next();433System.out.println (" private creds of class " +434o.getClass() + "value is " + o.toString());435} catch (SecurityException e) {436System.out.println("Expected Exception thrown ");437exceptionCounter++;438}439}440// We had two integer creds; removed one as a part of coll2; so441// only one exception must have been thrown442if (exceptionCounter != 1) {443throw new RuntimeException("Expected 1 Exceptions; received " +444exceptionCounter + "exceptions ");445}446try {447p3.clear();448System.out.println(" Clear() successful! ");449} catch (SecurityException e) {450throw new RuntimeException(" Error: Clear Security Exception!!");451}452453454/* New subject s with creds and privCredSet455*456*/457creds.clear();458creds.add("abc");459creds.add("def");460creds.add("ghi");461creds.add(new Integer(1));462Subject s =463new Subject(false, //readOnly464Collections.singleton(new UnixPrincipal("user")),465Collections.EMPTY_SET,466creds);467try {468Set privCredSet = s.getPrivateCredentials(char.class);469if (privCredSet.size() != 0) {470throw new RuntimeException("Error:String Privcred size should have been 0 and was " +471privCredSet.size());472}473474} catch (Exception e) {475throw new RuntimeException ("Error " + e.toString());476}477478479try {480Set privCredSet = s.getPrivateCredentials(String.class);481if (privCredSet.size() != 3) {482throw new RuntimeException("Error:String Privcred size should have been 2 and was " +483privCredSet.size());484}485s.getPrivateCredentials().add("XYZ");486/*487* Since the privCredSet is not backed by internal private488* creds adding to it should not make any difference to489* privCredSet and theize should still be 3490*/491492if (privCredSet.size() != 3) {493throw new RuntimeException("Error:String Privcred size should have been 2 and was " +494privCredSet.size());495}496s.getPrivateCredentials().remove("XYZ");497/*498* Let us try to get the elements499* No exception should occur500*/501502Iterator iter = privCredSet.iterator();503while (iter.hasNext()) {504try {505Object o = iter.next();506System.out.println(" private creds of class " +507o.getClass() + "value is " + o.toString());508} catch (SecurityException e) {509}510}511} catch (Exception e) {512e.printStackTrace();513throw new RuntimeException("Unexcpected Exception");514}515516/*517* Can we add and remove the creds518*/519s.getPrivateCredentials().add("XYZ");520s.getPrivateCredentials().remove("XYZ");521s.getPrivateCredentials().add(new Integer(2));522s.getPrivateCredentials().remove(new Integer(2));523524525// We don't have permission to read Boolean creds526// SInce the creds have no boolean creds we should get an empty527// set528try {529Set privCredSet1 = s.getPrivateCredentials(Boolean.class);530if (privCredSet1.size() != 0){531throw new RuntimeException("Error:String PrivcredSet1 of Boolean size should have been 0 and was " +532privCredSet1.size());533}534} catch (SecurityException e) {535e.printStackTrace();536throw new RuntimeException("Unexcpected Exception");537}538System.out.println ("Checked Boolean Creds ");539540/*541* We don't have permission to read Integer creds542* We should get an empty set even though the private creds543* has an integer cred. No security exception either !544*/545546try {547Set privCredSet1 = s.getPrivateCredentials(Integer.class);548if (privCredSet1.size() != 0){549throw new RuntimeException("Error:String PrivcredSet1 of Integer size should have been 0 and was " +550privCredSet1.size());551}552} catch (SecurityException e) {553System.out.println ("Expected exception");554}555System.out.println ("Checked Integer Creds ");556557Set privCredSet2 = s.getPrivateCredentials();558559if (privCredSet2.size() != 4){560throw new RuntimeException("Error:String PrivcredSet1 size should have been 4 and was " +561privCredSet2.size());562}563564/*565* Since the returned privCredSet2 is internally backed by the566* private creds, any additions to it should be reflected in567* privcredSet2568*/569s.getPrivateCredentials().add("XYZ");570if (privCredSet2.size() != 5) {571throw new RuntimeException("Error:String PrivcredSet1 size should have been 5 and was " +572privCredSet2.size());573}574s.getPrivateCredentials().remove("XYZ");575if (privCredSet2.size() != 4) {576throw new RuntimeException("String privCredSet2 size should have been 5 and was " +577privCredSet2.size());578}579System.out.println("Checked remove(String) operation");580/* Let us add a couple of Boolean creds */581s.getPrivateCredentials().add(Boolean.TRUE);582s.getPrivateCredentials().add(new Integer(2));583584exceptionCounter =0;585iter1 = privCredSet2.iterator();586while (iter1.hasNext())587{588try {589Object o = iter1.next();590System.out.println(" private creds of class " +591o.getClass() + "value is " + o.toString());592} catch (SecurityException e) {593System.out.println(" We should get exception");594System.out.println("Exception!!");595exceptionCounter++;596}597}598if (exceptionCounter != 3) {599throw new RuntimeException("Expected number of exception was 3 " +600"The actual number was " + exceptionCounter);601}602privCredSet2.add (new Integer(3));603try {604int hashCode = privCredSet2.hashCode();605} catch (SecurityException e) {606System.out.println ("hashCode Expected exception");607}608System.out.println ("Tests completed");609}610611}612613614