1
/*
2
 * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/*
25
 * @test
26
 * @bug 4702543
27
 * @summary X500Principal encodes EmailAddress incorrectly -
28
 *
29
 *      fix has compatibility ramifications for policy.
30
 *
31
 *      this test is related to the Alias.java test in the same directory.
32
 *      the email address encoding in EmailAddress.policy is the one
33
 *      taken from the persistent certificate stored in Alias.keystore,
34
 *      and which has the incorrect encoding.  the alias is 'duke',
35
 *      and the DN is:  "emailaddress=duke@sun".  the cert was generated
36
 *      by a 1.4 JDK, so it has the wrong encoding for "duke@sun"
37
 *      (UTF-8 string instead of IA5String, i believe).
38
 *
39
 *      administrators would have placed an incorrectly encoded DN entry
40
 *      like this in their policies.  the fix for the above bug
41
 *      would have broken their policy because the incorrect
42
 *      encoding would be compared to a properly encoded DN from
43
 *      the current call thread.  if you run this test without
44
 *      a fix for the compatibility issue, the debug output will
45
 *      show the differences in the encodings.
46
 *
47
 *      so in addition to fixing the encoding,
48
 *      the policy implementation was updated to read the
49
 *      incorrectly encoded DN strings, generate new X500Principals,
50
 *      and dump out new DN strings that had the correct encoding.
51
 *      thus access control checks would no longer fail.
52
 *
53
 * @run main/othervm/policy=EmailAddress.policy -Djava.security.debug=policy EmailAddress
54
 */
55

56
import java.security.*;
57
import java.util.*;
58

59
public class EmailAddress {
60

61
    public static void main(String[] args) {
62

63
        Principal[] principals = new Principal[1];
64
        principals[0] = new javax.security.auth.x500.X500Principal
65
                                        ("emailaddress=duke@sun");
66

67
        java.net.URL url = null;
68
        try {
69
            url = new java.net.URL("http://emailaddress");
70
        } catch (java.net.MalformedURLException mue) {
71
            System.out.println("test 1 failed");
72
            throw new SecurityException(mue.getMessage());
73
        }
74
        CodeSource cs =
75
            new CodeSource(url, (java.security.cert.Certificate[]) null);
76

77
        ProtectionDomain pd = new ProtectionDomain
78
                (cs,
79
                null,
80
                null,
81
                principals);
82

83
        PermissionCollection perms = Policy.getPolicy().getPermissions(pd);
84

85
        if (perms.implies(new SecurityPermission("EMAILADDRESS"))) {
86
            System.out.println("test succeeded");
87
        } else {
88
            System.out.println("test 2 failed");
89
            throw new SecurityException("test failed");
90
        }
91
    }
92
}
93

94