1/* 2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24import java.lang.reflect.Constructor; 25import java.lang.reflect.InvocationHandler; 26import java.lang.reflect.Method; 27import java.lang.reflect.Modifier; 28import java.lang.reflect.Proxy; 29import java.lang.reflect.ReflectPermission; 30import java.security.AccessControlException; 31import java.security.CodeSource; 32import java.security.Permission; 33import java.security.PermissionCollection; 34import java.security.Permissions; 35import java.security.Policy; 36import java.security.ProtectionDomain; 37import java.security.SecurityPermission; 38import java.util.*; 39 40/* 41 * @test 42 * @bug 8004260 43 * @summary Test proxy classes that implement non-public interface 44 * 45 * @build p.Foo 46 * @run main/othervm NonPublicProxyClass grant 47 * @run main/othervm NonPublicProxyClass deny 48 * @run main/othervm NonPublicProxyClass 49 */ 50public class NonPublicProxyClass { 51 public interface PublicInterface { 52 void foo(); 53 } 54 interface NonPublicInterface { 55 void bar(); 56 } 57 58 public static void main(String[] args) throws Exception { 59 ClassLoader loader = ClassLoader.getSystemClassLoader(); 60 Class<?> zipConstantsClass = Class.forName("java.util.zip.ZipConstants", false, null); 61 Class<?> fooClass = Class.forName("p.Foo"); 62 63 NonPublicProxyClass test1 = 64 new NonPublicProxyClass(loader, PublicInterface.class, NonPublicInterface.class); 65 NonPublicProxyClass test2 = 66 new NonPublicProxyClass(loader, fooClass, PublicInterface.class); 67 NonPublicProxyClass test3 = 68 new NonPublicProxyClass(null, zipConstantsClass); 69 70 if (args.length == 1) { 71 switch (args[0]) { 72 case "grant": Policy.setPolicy(new NewInstancePolicy(true)); 73 break; 74 case "deny" : Policy.setPolicy(new NewInstancePolicy(false)); 75 break; 76 default: throw new IllegalArgumentException(args[0]); 77 } 78 System.setSecurityManager(new SecurityManager()); 79 } 80 81 test1.run(); 82 test2.run(); 83 test3.run(); 84 System.out.format("Test passed: security %s%n", 85 (args.length == 0 ? "manager not installed" : Policy.getPolicy())); 86 } 87 88 private final ClassLoader loader; 89 private final Class<?>[] interfaces; 90 private final InvocationHandler handler = newInvocationHandler(); 91 private Class<?> proxyClass; 92 public NonPublicProxyClass(ClassLoader loader, Class<?> ... intfs) { 93 this.loader = loader; 94 this.interfaces = intfs; 95 } 96 97 public void run() throws Exception { 98 boolean hasAccess = loader != null || hasAccess(); 99 try { 100 proxyClass = Proxy.getProxyClass(loader, interfaces); 101 if (!hasAccess) { 102 throw new RuntimeException("should have no permission to create proxy class"); 103 } 104 } catch (AccessControlException e) { 105 if (hasAccess) { 106 throw e; 107 } 108 if (e.getPermission().getClass() != RuntimePermission.class || 109 !e.getPermission().getName().equals("getClassLoader")) { 110 throw e; 111 } 112 return; 113 } 114 115 if (Modifier.isPublic(proxyClass.getModifiers())) { 116 throw new RuntimeException(proxyClass + " must be non-public"); 117 } 118 newProxyInstance(); 119 newInstanceFromConstructor(proxyClass); 120 } 121 122 private boolean hasAccess() { 123 if (System.getSecurityManager() == null) { 124 return true; 125 } 126 NewInstancePolicy policy = NewInstancePolicy.class.cast(Policy.getPolicy()); 127 return policy.grant; 128 } 129 130 private static final String NEW_PROXY_IN_PKG = "newProxyInPackage."; 131 private void newProxyInstance() { 132 // expect newProxyInstance to succeed if it's in the same runtime package 133 int i = proxyClass.getName().lastIndexOf('.'); 134 String pkg = (i != -1) ? proxyClass.getName().substring(0, i) : ""; 135 boolean hasAccess = pkg.isEmpty() || hasAccess(); 136 try { 137 Proxy.newProxyInstance(loader, interfaces, handler); 138 if (!hasAccess) { 139 throw new RuntimeException("ERROR: Proxy.newProxyInstance should fail " + proxyClass); 140 } 141 } catch (AccessControlException e) { 142 if (hasAccess) { 143 throw e; 144 } 145 if (e.getPermission().getClass() != ReflectPermission.class || 146 !e.getPermission().getName().equals(NEW_PROXY_IN_PKG + pkg)) { 147 throw e; 148 } 149 } 150 } 151 152 private void newInstanceFromConstructor(Class<?> proxyClass) 153 throws Exception 154 { 155 // expect newInstance to succeed if it's in the same runtime package 156 boolean isSamePackage = proxyClass.getName().lastIndexOf('.') == -1; 157 try { 158 Constructor cons = proxyClass.getConstructor(InvocationHandler.class); 159 cons.newInstance(newInvocationHandler()); 160 if (!isSamePackage) { 161 throw new RuntimeException("ERROR: Constructor.newInstance should not succeed"); 162 } 163 } catch (IllegalAccessException e) { 164 if (isSamePackage) { 165 throw e; 166 } 167 } 168 } 169 170 private static InvocationHandler newInvocationHandler() { 171 return new InvocationHandler() { 172 public Object invoke(Object proxy, Method method, Object[] args) 173 throws Throwable { 174 Class<?>[] intfs = proxy.getClass().getInterfaces(); 175 System.out.println("Proxy for " + Arrays.toString(intfs) 176 + " " + method.getName() + " is being invoked"); 177 return null; 178 } 179 }; 180 } 181 182 static class NewInstancePolicy extends Policy { 183 final PermissionCollection permissions = new Permissions(); 184 final boolean grant; 185 NewInstancePolicy(boolean grant) { 186 this.grant = grant; 187 permissions.add(new SecurityPermission("getPolicy")); 188 if (grant) { 189 permissions.add(new RuntimePermission("getClassLoader")); 190 permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p")); 191 permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip")); 192 } 193 } 194 public PermissionCollection getPermissions(ProtectionDomain domain) { 195 return permissions; 196 } 197 198 public PermissionCollection getPermissions(CodeSource codesource) { 199 return permissions; 200 } 201 202 public boolean implies(ProtectionDomain domain, Permission perm) { 203 return permissions.implies(perm); 204 } 205 206 public String toString() { 207 StringBuilder sb = new StringBuilder("policy: "); 208 Enumeration<Permission> perms = permissions.elements(); 209 while (perms.hasMoreElements()) { 210 sb.append("\n").append(perms.nextElement().toString()); 211 } 212 return sb.toString(); 213 } 214 } 215} 216