001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017:
018: /**
019: * @author Alexey V. Varlamov
020: * @version $Revision$
021: */package javax.security.auth;
022:
023: import java.io.FilePermission;
024: import java.net.URL;
025: import java.security.AllPermission;
026: import java.security.CodeSigner;
027: import java.security.CodeSource;
028: import java.security.Permission;
029: import java.security.PermissionCollection;
030: import java.security.Security;
031: import java.security.cert.Certificate;
032: import java.util.Enumeration;
033: import junit.framework.TestCase;
034: import org.apache.harmony.auth.tests.support.SecurityChecker;
035: import org.apache.harmony.auth.tests.support.TestUtils;
036: import tests.support.resource.Support_Resources;
037:
038: /**
039: * Tests Policy class
040: */
041: @SuppressWarnings("deprecation")
042: public class PolicyTest extends TestCase {
043:
044: /**
045: * Tests that setPolicy() is properly secured via SecurityManager.
046: */
047: public void testSetPolicy() {
048: SecurityManager old = System.getSecurityManager();
049: Policy oldPolicy = null;
050: oldPolicy = Policy.getPolicy();
051:
052: try {
053: SecurityChecker checker = new SecurityChecker(
054: new AuthPermission("setPolicy"), true);
055: System.setSecurityManager(checker);
056: Policy custom = new TestProvider();
057: Policy.setPolicy(custom);
058: assertTrue(checker.checkAsserted);
059: assertSame(custom, Policy.getPolicy());
060:
061: checker.reset();
062: checker.enableAccess = false;
063: try {
064: Policy.setPolicy(new TestProvider());
065: fail("SecurityException is intercepted");
066: } catch (SecurityException ok) {
067: }
068: } finally {
069: System.setSecurityManager(old);
070: Policy.setPolicy(oldPolicy);
071: }
072: }
073:
074: /**
075: * Tests that getPolicy() is properly secured via SecurityManager.
076: */
077: public void testGetPolicy_CheckPermission() {
078: SecurityManager old = System.getSecurityManager();
079: Policy oldPolicy = null;
080: oldPolicy = Policy.getPolicy();
081:
082: try {
083: Policy.setPolicy(new TestProvider());
084: SecurityChecker checker = new SecurityChecker(
085: new AuthPermission("getPolicy"), true);
086: System.setSecurityManager(checker);
087: Policy.getPolicy();
088: assertTrue(checker.checkAsserted);
089:
090: checker.reset();
091: checker.enableAccess = false;
092: try {
093: Policy.getPolicy();
094: fail("SecurityException is intercepted");
095: } catch (SecurityException ok) {
096: }
097: } finally {
098: System.setSecurityManager(old);
099: Policy.setPolicy(oldPolicy);
100: }
101: }
102:
103: public static class TestProvider extends Policy {
104: @Override
105: public PermissionCollection getPermissions(Subject subject,
106: CodeSource cs) {
107: return null;
108: }
109:
110: @Override
111: public void refresh() {
112: }
113: }
114:
115: public static class FakePolicy {
116: // This is not policy class
117: }
118:
119: /**
120: * Tests loading of a default provider, both valid and invalid class
121: * references.
122: */
123: public void testGetPolicy_LoadDefaultProvider() {
124: Policy oldPolicy = null;
125: try {
126: oldPolicy = Policy.getPolicy();
127: } catch (Throwable ignore) {
128: }
129: String POLICY_PROVIDER = "auth.policy.provider";
130: String oldProvider = Security.getProperty(POLICY_PROVIDER);
131: try {
132: Security.setProperty(POLICY_PROVIDER, TestProvider.class
133: .getName());
134: Policy.setPolicy(null);
135: Policy p = Policy.getPolicy();
136: assertNotNull(p);
137: assertEquals(TestProvider.class.getName(), p.getClass()
138: .getName());
139:
140: // absent class
141: Security.setProperty(POLICY_PROVIDER, "a.b.c.D");
142: Policy.setPolicy(null);
143: try {
144: p = Policy.getPolicy();
145: fail("No SecurityException on failed provider");
146: } catch (SecurityException ok) {
147: }
148:
149: // not a policy class
150: Security.setProperty(POLICY_PROVIDER, FakePolicy.class
151: .getName());
152: Policy.setPolicy(null);
153: try {
154: p = Policy.getPolicy();
155: fail("No expected SecurityException");
156: } catch (SecurityException ok) {
157: }
158: } finally {
159: TestUtils.setSystemProperty(POLICY_PROVIDER, oldProvider);
160: Policy.setPolicy(oldPolicy);
161: }
162: }
163:
164: //
165: //
166: //
167: //
168: //
169:
170: static String inputFile1 = Support_Resources
171: .getAbsoluteResourcePath("auth_policy1.txt");
172:
173: static String inputFile2 = Support_Resources
174: .getAbsoluteResourcePath("auth_policy2.txt");
175:
176: private static final String POLICY_PROP = "java.security.auth.policy";
177:
178: public void test_GetPermissions() throws Exception {
179:
180: PermissionCollection c;
181: Permission per;
182: Subject subject;
183:
184: CodeSource source;
185:
186: String oldProp = System.getProperty(POLICY_PROP);
187: try {
188: System.setProperty(POLICY_PROP, inputFile1);
189:
190: Policy p = Policy.getPolicy();
191: p.refresh();
192:
193: //
194: // Both parameters are null
195: //
196:
197: c = p.getPermissions(null, null);
198: assertFalse("Read only for empty", c.isReadOnly());
199: assertFalse("Elements for empty", c.elements()
200: .hasMoreElements());
201:
202: //
203: // Subject parameter is provided (CodeBase is not important)
204: //
205: // Principal javax.security.auth.MyPrincipal "duke"
206: //
207:
208: // no principals at all
209: subject = new Subject();
210: c = p.getPermissions(subject, null);
211: assertFalse("Elements: ", c.elements().hasMoreElements());
212:
213: // different name "kuke" not "duke"
214: subject.getPrincipals().add(new MyPrincipal("kuke"));
215: c = p.getPermissions(subject, null);
216: assertFalse("Elements: ", c.elements().hasMoreElements());
217:
218: // different class with required principal's name
219: subject.getPrincipals().add(new OtherPrincipal("duke"));
220: c = p.getPermissions(subject, null);
221: assertFalse("Elements: ", c.elements().hasMoreElements());
222:
223: // subclass with required principal's name
224: subject.getPrincipals().add(new FakePrincipal("duke"));
225: c = p.getPermissions(subject, null);
226: assertFalse("Elements: ", c.elements().hasMoreElements());
227:
228: // add required principal's name
229: subject.getPrincipals().add(new MyPrincipal("duke"));
230:
231: Enumeration<Permission> e = p.getPermissions(subject, null)
232: .elements();
233:
234: per = e.nextElement();
235: assertFalse("Elements: ", e.hasMoreElements());
236: assertEquals("Permission: ", per, new FilePermission(
237: "/home/duke", "read, write"));
238:
239: // check: CodeBase is not important
240: source = new CodeSource(new URL("http://dummy.xxx"),
241: (Certificate[]) null);
242: c = p.getPermissions(subject, source);
243: assertTrue("Elements: ", c.elements().hasMoreElements());
244:
245: source = new CodeSource(new URL("http://dummy.xxx"),
246: (CodeSigner[]) null);
247: c = p.getPermissions(subject, source);
248: assertTrue("Elements: ", c.elements().hasMoreElements());
249:
250: //
251: // Subject and CodeBase parameter are provided
252: //
253: // Principal javax.security.auth.MyPrincipal "dummy"
254: // CodeBase "http://dummy.xxx"
255: //
256: source = new CodeSource(new URL("http://dummy.xxx"),
257: (Certificate[]) null);
258: subject = new Subject();
259: subject.getPrincipals().add(new MyPrincipal("dummy"));
260:
261: e = p.getPermissions(subject, source).elements();
262: per = e.nextElement();
263: assertFalse("Elements: ", e.hasMoreElements());
264: assertEquals("Permission: ", per, new RuntimePermission(
265: "createClassLoader"));
266:
267: // reset subject : no principals at all
268: subject = new Subject();
269: c = p.getPermissions(subject, source);
270: assertFalse("Elements: ", c.elements().hasMoreElements());
271:
272: // different name "kuke" not "dummy"
273: subject.getPrincipals().add(new MyPrincipal("kuke"));
274: c = p.getPermissions(subject, null);
275: assertFalse("Elements: ", c.elements().hasMoreElements());
276:
277: // different class with required principal's name
278: subject.getPrincipals().add(new OtherPrincipal("dummy"));
279: c = p.getPermissions(subject, null);
280: assertFalse("Elements: ", c.elements().hasMoreElements());
281:
282: //
283: // Principal javax.security.auth.MyPrincipal "my"
284: // Principal javax.security.auth.OtherPrincipal "other"
285: //
286: subject = new Subject();
287: subject.getPrincipals().add(new MyPrincipal("my"));
288: c = p.getPermissions(subject, null);
289: assertFalse("Elements: ", c.elements().hasMoreElements());
290:
291: subject.getPrincipals().add(new OtherPrincipal("other"));
292: e = p.getPermissions(subject, null).elements();
293: per = e.nextElement();
294: assertFalse("Elements: ", e.hasMoreElements());
295: assertEquals("Permission: ", per, new AllPermission());
296:
297: //
298: // Principal javax.security.auth.MyPrincipal "bunny"
299: //
300: subject = new Subject();
301: subject.getPrincipals().add(new MyPrincipal("bunny"));
302:
303: e = p.getPermissions(subject, null).elements();
304:
305: Permission[] get = new Permission[2];
306: get[0] = e.nextElement();
307: get[1] = e.nextElement();
308: assertFalse("Elements: ", e.hasMoreElements());
309:
310: Permission[] set = new Permission[2];
311: set[0] = new FilePermission("/home/bunny", "read, write");
312: set[1] = new RuntimePermission("stopThread");
313:
314: if (get[0].equals(set[0])) {
315: assertEquals("Permission: ", set[1], get[1]);
316: } else {
317: assertEquals("Permission: ", set[0], get[1]);
318: assertEquals("Permission: ", set[1], get[0]);
319: }
320:
321: } finally {
322: TestUtils.setSystemProperty(POLICY_PROP, oldProp);
323: }
324: }
325:
326: public void test_Refresh() {
327:
328: Permission per;
329: Subject subject;
330: Enumeration<?> e;
331:
332: String oldProp = System.getProperty(POLICY_PROP);
333: try {
334: //
335: // first policy file to be read
336: //
337: System.setProperty(POLICY_PROP, inputFile1);
338:
339: Policy p = Policy.getPolicy();
340: p.refresh();
341:
342: subject = new Subject();
343: subject.getPrincipals().add(new MyPrincipal("duke"));
344:
345: e = p.getPermissions(subject, null).elements();
346:
347: per = (Permission) e.nextElement();
348: assertFalse("Elements: ", e.hasMoreElements());
349: assertEquals("Permission: ", per, new FilePermission(
350: "/home/duke", "read, write"));
351:
352: //
353: // second policy file to be read
354: //
355: System.setProperty(POLICY_PROP, inputFile2);
356:
357: p.refresh();
358:
359: e = p.getPermissions(subject, null).elements();
360:
361: per = (Permission) e.nextElement();
362: assertFalse("Elements: ", e.hasMoreElements());
363: assertEquals("Permission: ", per, new RuntimePermission(
364: "createClassLoader"));
365: } finally {
366: TestUtils.setSystemProperty(POLICY_PROP, oldProp);
367: }
368: }
369: }
|