Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/test/java/net/SocketPermission/SocketPermissionTest.java
38813 views
/*1* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation.7*8* This code is distributed in the hope that it will be useful, but WITHOUT9* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or10* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License11* version 2 for more details (a copy is included in the LICENSE file that12* accompanied this code).13*14* You should have received a copy of the GNU General Public License version15* 2 along with this work; if not, write to the Free Software Foundation,16* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.17*18* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA19* or visit www.oracle.com if you need additional information or have any20* questions.21*/2223/*24* @test25* @bug 804703126* @summary SocketPermission tests for legacy socket types27* @run testng/othervm SocketPermissionTest28*/29import java.io.IOException;30import java.net.DatagramPacket;31import java.net.DatagramSocket;32import java.net.InetAddress;33import java.net.MulticastSocket;34import java.net.ServerSocket;35import java.net.Socket;36import java.net.SocketPermission;37import java.security.AccessControlContext;38import java.security.AccessController;39import java.security.CodeSource;40import java.security.Permission;41import java.security.PermissionCollection;42import java.security.Permissions;43import java.security.Policy;44import java.security.PrivilegedExceptionAction;45import java.security.ProtectionDomain;4647import org.testng.annotations.BeforeMethod;48import org.testng.annotations.Test;49import static org.testng.Assert.*;5051import static java.nio.charset.StandardCharsets.UTF_8;5253public class SocketPermissionTest {5455@BeforeMethod56public void setupSecurityManager() throws Exception {57// All permissions, a specific ACC will be used to when testing58// with a reduced permission set.59Policy.setPolicy(new Policy() {60final PermissionCollection perms = new Permissions();61{ perms.add(new java.security.AllPermission()); }62public PermissionCollection getPermissions(ProtectionDomain domain) {63return perms;64}65public PermissionCollection getPermissions(CodeSource codesource) {66return perms;67}68public boolean implies(ProtectionDomain domain, Permission perm) {69return perms.implies(perm);70}71} );72System.setSecurityManager(new SecurityManager());73}7475static final AccessControlContext RESTRICTED_ACC = getAccessControlContext();7677@Test78public void connectSocketTest() throws Exception {79try (ServerSocket ss = new ServerSocket(0)) {80int port = ss.getLocalPort();8182String addr = "localhost:" + port;83AccessControlContext acc = getAccessControlContext(84new SocketPermission(addr, "listen,connect,resolve"));8586// Positive87AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {88try (Socket client = new Socket(InetAddress.getLocalHost(), port)) {89}90return null;91}, acc);9293//Negative94try {95AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {96Socket client = new Socket(InetAddress.getLocalHost(), port);97fail("Expected SecurityException");98return null;99}, RESTRICTED_ACC);100} catch (SecurityException expected) { }101}102}103104@Test105public void connectDatagramSocketTest() throws Exception {106byte[] msg = "Hello".getBytes(UTF_8);107InetAddress lh = InetAddress.getLocalHost();108109try (DatagramSocket ds = new DatagramSocket(0)) {110int port = ds.getLocalPort();111112String addr = lh.getHostAddress() + ":" + port;113AccessControlContext acc = getAccessControlContext(114new SocketPermission(addr, "connect,resolve"));115116// Positive117AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {118DatagramPacket dp = new DatagramPacket(msg, msg.length, lh, port);119ds.send(dp);120return null;121}, acc);122123// Negative124try {125AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {126DatagramPacket dp = new DatagramPacket(msg, msg.length, lh, port);127ds.send(dp);128fail("Expected SecurityException");129return null;130}, RESTRICTED_ACC);131} catch (SecurityException expected) { }132}133}134135@Test136public void acceptServerSocketTest() throws Exception {137try (ServerSocket ss = new ServerSocket(0)) {138int port = ss.getLocalPort();139140String addr = "localhost:" + port;141AccessControlContext acc = getAccessControlContext(142new SocketPermission(addr, "listen,connect,resolve"),143new SocketPermission("localhost:1024-", "accept"));144145// Positive146AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {147InetAddress me = InetAddress.getLocalHost();148try (Socket client = new Socket(me, port)) {149ss.accept();150}151return null;152}, acc);153154// Negative155try {156AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {157InetAddress me = InetAddress.getLocalHost();158try (Socket client = new Socket(me, port)) {159ss.accept();160}161fail("Expected SecurityException");162return null;163}, RESTRICTED_ACC);164} catch (SecurityException expected) { }165}166}167168@Test169public void sendDatagramPacketTest() throws Exception {170byte[] msg = "Hello".getBytes(UTF_8);171InetAddress group = InetAddress.getByName("229.227.226.221");172173try (DatagramSocket ds = new DatagramSocket(0)) {174int port = ds.getLocalPort();175176String addr = "localhost:" + port;177//test for SocketPermission "229.227.226.221", "connect,accept"178AccessControlContext acc = getAccessControlContext(179new SocketPermission(addr, "listen,resolve"),180new SocketPermission("229.227.226.221", "connect,accept"));181182// Positive183AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {184DatagramPacket hi = new DatagramPacket(msg, msg.length, group, port);185ds.send(hi);186return null;187}, acc);188189// Negative190try {191AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {192DatagramPacket hi = new DatagramPacket(msg, msg.length, group, port);193ds.send(hi);194fail("Expected SecurityException");195return null;196}, RESTRICTED_ACC);197} catch (SecurityException expected) { }198}199}200201@Test202public void joinGroupMulticastTest() throws Exception {203InetAddress group = InetAddress.getByName("229.227.226.221");204try (MulticastSocket s = new MulticastSocket(0)) {205int port = s.getLocalPort();206207String addr = "localhost:" + port;208AccessControlContext acc = getAccessControlContext(209new SocketPermission(addr, "listen,resolve"),210new SocketPermission("229.227.226.221", "connect,accept"));211212// Positive213AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {214s.joinGroup(group);215s.leaveGroup(group);216return null;217}, acc);218219// Negative220try {221AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {222s.joinGroup(group);223s.leaveGroup(group);224fail("Expected SecurityException");225return null;226}, RESTRICTED_ACC);227} catch (SecurityException expected) { }228}229230}231232@Test233public void listenDatagramSocketTest() throws Exception {234// the hardcoded port number doesn't really matter since we expect the235// security permission to be checked before the underlying operation.236int port = 8899;237String addr = "localhost:" + port;238AccessControlContext acc = getAccessControlContext(239new SocketPermission(addr, "listen"));240241// Positive242AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {243try (DatagramSocket ds = new DatagramSocket(port)) { }244catch (IOException intermittentlyExpected) { /* ignore */ }245return null;246}, acc);247248// Negative249try {250AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {251try (DatagramSocket ds = new DatagramSocket(port)) { }252catch (IOException intermittentlyExpected) { /* ignore */ }253fail("Expected SecurityException");254return null;255}, RESTRICTED_ACC);256} catch (SecurityException expected) { }257}258259@Test260public void listenMulticastSocketTest() throws Exception {261// the hardcoded port number doesn't really matter since we expect the262// security permission to be checked before the underlying operation.263int port = 8899;264String addr = "localhost:" + port;265AccessControlContext acc = getAccessControlContext(266new SocketPermission(addr, "listen"));267268// Positive269AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {270try (MulticastSocket ms = new MulticastSocket(port)) { }271catch (IOException intermittentlyExpected) { /* ignore */ }272return null;273}, acc);274275// Negative276try {277AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {278try (MulticastSocket ms = new MulticastSocket(port)) { }279catch (IOException intermittentlyExpected) { /* ignore */ }280fail("Expected SecurityException");281return null;282}, RESTRICTED_ACC);283} catch (SecurityException expected) { }284}285286@Test287public void listenServerSocketTest() throws Exception {288// the hardcoded port number doesn't really matter since we expect the289// security permission to be checked before the underlying operation.290int port = 8899;291String addr = "localhost:" + port;292AccessControlContext acc = getAccessControlContext(293new SocketPermission(addr, "listen"));294295// Positive296AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {297try (ServerSocket ss = new ServerSocket(port)) { }298catch (IOException intermittentlyExpected) { /* ignore */ }299return null;300}, acc);301302// Negative303try {304AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {305try (ServerSocket ss = new ServerSocket(port)) { }306catch (IOException intermittentlyExpected) { /* ignore */ }307fail("Expected SecurityException");308return null;309}, RESTRICTED_ACC);310} catch (SecurityException expected) { }311312}313314private static AccessControlContext getAccessControlContext(Permission... ps) {315Permissions perms = new Permissions();316for (Permission p : ps) {317perms.add(p);318}319/*320*Create an AccessControlContext that consist a single protection domain321* with only the permissions calculated above322*/323ProtectionDomain pd = new ProtectionDomain(null, perms);324return new AccessControlContext(new ProtectionDomain[]{pd});325}326327// Standalone entry point for running with, possibly older, JDKs.328public static void main(String[] args) throws Throwable {329SocketPermissionTest test = new SocketPermissionTest();330test.setupSecurityManager();331for (java.lang.reflect.Method m : SocketPermissionTest.class.getDeclaredMethods()) {332if (m.getAnnotation(Test.class) != null) {333System.out.println("Invoking " + m.getName());334m.invoke(test);335}336}337}338}339340341