1/*
2 * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24package validation;
25
26import java.io.ByteArrayInputStream;
27import java.io.IOException;
28import java.io.InputStreamReader;
29import java.security.AccessController;
30import java.security.AllPermission;
31import java.security.Permission;
32import java.security.Permissions;
33import java.security.PrivilegedAction;
34
35import javax.xml.XMLConstants;
36import javax.xml.transform.sax.SAXSource;
37import javax.xml.transform.stream.StreamSource;
38import javax.xml.validation.Schema;
39import javax.xml.validation.SchemaFactory;
40import javax.xml.validation.Validator;
41
42import org.testng.Assert;
43import org.testng.annotations.Listeners;
44import org.testng.annotations.Test;
45import org.xml.sax.InputSource;
46import org.xml.sax.SAXException;
47import org.xml.sax.SAXNotRecognizedException;
48import org.xml.sax.SAXNotSupportedException;
49
50/*
51 * @test
52 * @bug 6925531
53 * @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest
54 * @run testng/othervm -DrunSecMngr=true validation.Bug6925531Test
55 * @run testng/othervm validation.Bug6925531Test
56 * @summary Test Validator can validate SAXSource when SecurityManager is set or FEATURE_SECURE_PROCESSING is on.
57 */
58@Listeners({jaxp.library.BasePolicy.class})
59public class Bug6925531Test {
60    static final String SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
61    static final String SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource";
62    String xsd = "<?xml version='1.0'?>\n" + "<schema xmlns='http://www.w3.org/2001/XMLSchema'\n" + "        xmlns:test='jaxp13_test'\n"
63            + "        targetNamespace='jaxp13_test'\n" + "        elementFormDefault='qualified'>\n" + "    <element name='test' type='string'/>\n"
64            + "</schema>\n";
65
66    String xml = "<?xml version='1.0'?>\n" + "<ns:test xmlns:ns='jaxp13_test'>\n" + "    abc\n" + "</ns:test>\n";
67
68    StreamSource xsdSource;
69    SAXSource xmlSource;
70
71    public void init() {
72        InputStreamReader reader = new InputStreamReader(new ByteArrayInputStream(xsd.getBytes()));
73        xsdSource = new StreamSource(reader);
74        reader = new InputStreamReader(new ByteArrayInputStream(xml.getBytes()));
75        InputSource inSource = new InputSource(reader);
76        xmlSource = new SAXSource(inSource);
77    }
78
79    /**
80     * when security manager is present, secure feature is on automatically
81     */
82    @Test
83    public void test_SM() {
84        init();
85        Permissions granted = new java.security.Permissions();
86        granted.add(new AllPermission());
87
88        System.setSecurityManager(new MySM(granted));
89
90        SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
91
92        Schema schema = null;
93        try {
94            schema = schemaFactory.newSchema(xsdSource);
95        } catch (SAXException e) {
96            Assert.fail(e.toString());
97        }
98
99        Validator validator = schema.newValidator();
100
101        try {
102            validator.validate(xmlSource, null);
103        } catch (SAXException e) {
104            Assert.fail(e.toString());
105        } catch (IOException e) {
106            Assert.fail(e.toString());
107        } finally {
108            System.setSecurityManager(null);
109        }
110
111        System.out.println("OK");
112    }
113
114    /**
115     * set secure feature on SchemaFactory
116     */
117    @Test
118    public void test_SF() {
119        init();
120        AccessController.doPrivileged(new PrivilegedAction() {
121            public Object run() {
122                System.setSecurityManager(null);
123                return null; // nothing to return
124            }
125        });
126
127        SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
128        try {
129            schemaFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
130        } catch (SAXNotRecognizedException ex) {
131            System.out.println(ex.getMessage());
132        } catch (SAXNotSupportedException ex) {
133            System.out.println(ex.getMessage());
134        }
135
136        Schema schema = null;
137        try {
138            schema = schemaFactory.newSchema(xsdSource);
139        } catch (SAXException e) {
140            Assert.fail(e.toString());
141        }
142
143        Validator validator = schema.newValidator();
144
145        try {
146            validator.validate(xmlSource, null);
147        } catch (SAXException e) {
148            Assert.fail(e.toString());
149        } catch (IOException e) {
150            Assert.fail(e.toString());
151        }
152        System.out.println("OK");
153    }
154
155    /**
156     * set secure feature on the Validator
157     */
158    @Test
159    public void test_Val() {
160        init();
161        System.setSecurityManager(null);
162        SchemaFactory schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
163
164        Schema schema = null;
165        try {
166            schema = schemaFactory.newSchema(xsdSource);
167        } catch (SAXException e) {
168            Assert.fail(e.toString());
169        }
170
171        Validator validator = schema.newValidator();
172        try {
173            validator.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
174        } catch (SAXNotRecognizedException ex) {
175            System.out.println(ex.getMessage());
176        } catch (SAXNotSupportedException ex) {
177            System.out.println(ex.getMessage());
178        }
179
180        try {
181            validator.validate(xmlSource, null);
182        } catch (SAXException e) {
183            Assert.fail(e.toString());
184        } catch (IOException e) {
185            Assert.fail(e.toString());
186        }
187        System.out.println("OK");
188    }
189
190    class MySM extends SecurityManager {
191        Permissions granted;
192
193        public MySM(Permissions perms) {
194            granted = perms;
195        }
196
197        /**
198         * The central point in checking permissions. Overridden from
199         * java.lang.SecurityManager
200         *
201         * @param perm The permission requested.
202         */
203        @Override
204        public void checkPermission(Permission perm) {
205            if (granted.implies(perm)) {
206                return;
207            }
208            super.checkPermission(perm);
209        }
210
211    }
212}
213