1/* 2 * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24import java.io.ByteArrayInputStream; 25import java.io.File; 26import java.io.InputStream; 27import java.io.IOException; 28import java.io.OutputStream; 29import java.net.URL; 30import java.security.CodeSource; 31import java.security.Key; 32import java.security.KeyStoreException; 33import java.security.KeyStoreSpi; 34import java.security.NoSuchAlgorithmException; 35import java.security.Permission; 36import java.security.Policy; 37import java.security.ProtectionDomain; 38import java.security.Provider; 39import java.security.SecureClassLoader; 40import java.security.Security; 41import java.security.UnrecoverableKeyException; 42import java.security.URIParameter; 43import java.security.cert.Certificate; 44import java.security.cert.CertificateException; 45import java.security.cert.CertificateFactory; 46import java.util.ArrayList; 47import java.util.Arrays; 48import java.util.Base64; 49import java.util.Collections; 50import java.util.Date; 51import java.util.Enumeration; 52import java.util.List; 53import java.util.PropertyPermission; 54 55/* 56 * @test 57 * @bug 6826789 8131486 8130181 58 * @summary Make sure equivalent ProtectionDomains are granted the same 59 * permissions when the CodeSource URLs are different but resolve 60 * to the same ip address after name service resolution. 61 * @run main/othervm DefineClass 62 */ 63 64public class DefineClass { 65 66 // permissions that are expected to be granted by the policy file 67 private final static Permission[] GRANTED_PERMS = new Permission[] { 68 new PropertyPermission("user.home", "read"), 69 new PropertyPermission("user.name", "read") 70 }; 71 72 // Base64 encoded bytes of simple class: "package foo; public class Foo {}" 73 private final static String FOO_CLASS = 74 "yv66vgAAADMADQoAAwAKBwALBwAMAQAGPGluaXQ+AQADKClWAQAEQ29kZQEA" + 75 "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhGb28uamF2YQwABAAF" + 76 "AQAHZm9vL0ZvbwEAEGphdmEvbGFuZy9PYmplY3QAIQACAAMAAAAAAAEAAQAE" + 77 "AAUAAQAGAAAAHQABAAEAAAAFKrcAAbEAAAABAAcAAAAGAAEAAAABAAEACAAA" + 78 "AAIACQ=="; 79 80 // Base64 encoded bytes of simple class: "package bar; public class Bar {}" 81 private final static String BAR_CLASS = 82 "yv66vgAAADMADQoAAwAKBwALBwAMAQAGPGluaXQ+AQADKClWAQAEQ29kZQEA" + 83 "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhCYXIuamF2YQwABAAF" + 84 "AQAHYmFyL0JhcgEAEGphdmEvbGFuZy9PYmplY3QAIQACAAMAAAAAAAEAAQAE" + 85 "AAUAAQAGAAAAHQABAAEAAAAFKrcAAbEAAAABAAcAAAAGAAEAAAABAAEACAAA" + 86 "AAIACQ=="; 87 88 // Base64 encoded bytes of simple class: "package baz; public class Baz {}" 89 private final static String BAZ_CLASS = 90 "yv66vgAAADQADQoAAwAKBwALBwAMAQAGPGluaXQ+AQADKClWAQAEQ29kZQEA" + 91 "D0xpbmVOdW1iZXJUYWJsZQEAClNvdXJjZUZpbGUBAAhCYXouamF2YQwABAAF" + 92 "AQAHYmF6L0JhegEAEGphdmEvbGFuZy9PYmplY3QAIQACAAMAAAAAAAEAAQAE" + 93 "AAUAAQAGAAAAHQABAAEAAAAFKrcAAbEAAAABAAcAAAAGAAEAAAABAAEACAAA" + 94 "AAIACQ=="; 95 96 private final static String BAZ_CERT = 97 "-----BEGIN CERTIFICATE-----\n" + 98 "MIIEFzCCA8OgAwIBAgIESpPf8TANBglghkgBZQMEAwIFADAOMQwwCgYDVQQDEwNG\n" + 99 "b28wHhcNMTUwNzE1MTY1ODM5WhcNMTUxMDEzMTY1ODM5WjAOMQwwCgYDVQQDEwNG\n" + 100 "b28wggNCMIICNQYHKoZIzjgEATCCAigCggEBAI95Ndm5qum/q+2Ies9JUbbzLsWe\n" + 101 "O683GOjqxJYfPv02BudDUanEGDM5uAnnwq4cU5unR1uF0BGtuLR5h3VJhGlcrA6P\n" + 102 "FLM2CCiiL/onEQo9YqmTRTQJoP5pbEZY+EvdIIGcNwmgEFexla3NACM9ulSEtikf\n" + 103 "nWSO+INEhneXnOwEtDSmrC516Zhd4j2wKS/BEYyf+p2BgeczjbeStzDXueNJWS9o\n" + 104 "CZhyFTkV6j1ri0ZTxjNFj4A7MqTC4PJykCVuTj+KOwg4ocRQ5OGMGimjfd9eoUPe\n" + 105 "S2b/BJA+1c8WI+FY1IfGCOl/IRzYHcojy244B2X4IuNCvkhMBXY5OWAc1mcCHQC6\n" + 106 "9pamhXj3397n+mfJd8eF7zKyM7rlgMC81WldAoIBABamXFggSFBwTnUCo5dXBA00\n" + 107 "2jo0eMFU1OSlwC0kLuBPluYeS9CQSr2sjzfuseCfMYLSPJBDy2QviABBYO35ygmz\n" + 108 "IHannDKmJ/JHPpGHm6LE50S9IIFUTLVbgCw2jR+oPtSJ6U4PoGiOMkKKXHjEeMaN\n" + 109 "BSe3HJo6uwsL4SxEaJY559POdNsQGmWqK4f2TGgm2z7HL0tVmYNLtO2wL3yQ6aSW\n" + 110 "06VdU1vr/EXU9hn2Pz3tu4c5JcLyJOB3MSltqIfsHkdI+H77X963VIQxayIy3uVT\n" + 111 "3a8CESsNHwLaMJcyJP4nrtqLnUspItm6i+Oe2eEDpjxSgQvGiLfi7UMW4e8X294D\n" + 112 "ggEFAAKCAQBsGeU8/STExzQsJ8kFM9xarA/2VAFMzyUpd3IQ2UGHQC5rEnGh/RiU\n" + 113 "T20y7a2hCpQ1f/qgLnY8hku9GRVY3z8WamBzWLzCAEAx67EsS58mf4o8R3sUbkH5\n" + 114 "/mRaZoNVSPUy+tXoLmTzIetU4W+JT8Rq4OcXXU9uo9TreeBehhVexS3vpVgQeUIn\n" + 115 "MmMma8WHpovIJQQlp4cyjalX7Beda/tqX/HPLkAS4TRqQAz7hFr3FqFrVMKFSGo4\n" + 116 "fTS06GGdQ4tw9c6NQLuQ9WF9BxYSwSk9yENQvKDZaBNarqPMnsh1Gi/QcKMRBVhM\n" + 117 "RT/9vb4QUi/pOowhhKCDBLgjY60QgX3HoyEwHzAdBgNVHQ4EFgQUa787CE+3ZNAb\n" + 118 "g1ql9yJVVrRCdx0wDQYJYIZIAWUDBAMCBQADPwAwPAIcCUkZIRrBlKdTzhKYBEOm\n" + 119 "E1i45MMum1RuHc28agIcfHQkkjBA4FfH5UMRgKpIyRR8V/dVboxDj4hKOA==\n" + 120 "-----END CERTIFICATE-----"; 121 122 public static void main(String[] args) throws Exception { 123 124 Security.addProvider(new TestProvider()); 125 126 MySecureClassLoader scl = new MySecureClassLoader(); 127 128 File policyFile = new File(System.getProperty("test.src", "."), 129 "DefineClass.policy"); 130 Policy p = Policy.getInstance("JavaPolicy", 131 new URIParameter(policyFile.toURI())); 132 Policy.setPolicy(p); 133 134 System.setSecurityManager(new SecurityManager()); 135 ArrayList<Permission> perms1 = getPermissions(scl, p, 136 "http://localhost/", 137 "foo.Foo", FOO_CLASS, 138 null); 139 checkPerms(perms1, GRANTED_PERMS); 140 ArrayList<Permission> perms2 = getPermissions(scl, p, 141 "http://127.0.0.1/", 142 "bar.Bar", BAR_CLASS, 143 null); 144 checkPerms(perms2, GRANTED_PERMS); 145 assert(perms1.equals(perms2)); 146 147 // check that class signed by baz is granted an additional permission 148 Certificate[] chain = new Certificate[] {getCert(BAZ_CERT)}; 149 ArrayList<Permission> perms3 = getPermissions(scl, p, 150 "http://localhost/", 151 "baz.Baz", BAZ_CLASS, 152 chain); 153 List<Permission> perms = new ArrayList<>(Arrays.asList(GRANTED_PERMS)); 154 perms.add(new PropertyPermission("user.dir", "read")); 155 checkPerms(perms3, perms.toArray(new Permission[0])); 156 } 157 158 // returns the permissions granted to the codebase URL 159 private static ArrayList<Permission> getPermissions(MySecureClassLoader scl, 160 Policy p, String url, 161 String className, 162 String classBytes, 163 Certificate[] chain) 164 throws IOException { 165 CodeSource cs = new CodeSource(new URL(url), chain); 166 Base64.Decoder bd = Base64.getDecoder(); 167 byte[] bytes = bd.decode(classBytes); 168 Class<?> c = scl.defineMyClass(className, bytes, cs); 169 ProtectionDomain pd = c.getProtectionDomain(); 170 return Collections.list(p.getPermissions(pd).elements()); 171 } 172 173 private static void checkPerms(List<Permission> perms, 174 Permission... grantedPerms) 175 throws Exception 176 { 177 if (!perms.containsAll(Arrays.asList(grantedPerms))) { 178 throw new Exception("Granted permissions not correct"); 179 } 180 } 181 182 private static Certificate getCert(String base64Cert) throws Exception { 183 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 184 InputStream is = new ByteArrayInputStream(base64Cert.getBytes("UTF-8")); 185 return cf.generateCertificate(is); 186 } 187 188 // A SecureClassLoader that allows the test to define its own classes 189 private static class MySecureClassLoader extends SecureClassLoader { 190 Class<?> defineMyClass(String name, byte[] b, CodeSource cs) { 191 return super.defineClass(name, b, 0, b.length, cs); 192 } 193 } 194 195 private static class TestProvider extends Provider { 196 TestProvider() { 197 super("Test8131486", "0.0", "For testing only"); 198 putService(new Provider.Service(this, "KeyStore", "Test8131486", 199 "DefineClass$TestKeyStore", null, null)); 200 } 201 } 202 203 /** 204 * A KeyStore containing a single certificate entry named "baz". 205 */ 206 public static class TestKeyStore extends KeyStoreSpi { 207 private final String baz = "baz"; 208 private final List<String> aliases = Collections.singletonList(baz); 209 private final Certificate bazCert; 210 211 public TestKeyStore() { 212 try { 213 this.bazCert = getCert(BAZ_CERT); 214 } catch (Exception e) { 215 throw new Error(); 216 } 217 } 218 219 @Override 220 public Enumeration<String> engineAliases() { 221 return Collections.enumeration(aliases); 222 } 223 224 @Override 225 public boolean engineContainsAlias(String alias) { 226 return alias.equals(baz); 227 } 228 229 @Override 230 public void engineDeleteEntry(String alias) throws KeyStoreException { 231 throw new KeyStoreException(); 232 } 233 234 @Override 235 public Certificate engineGetCertificate(String alias) { 236 return alias.equals(baz) ? bazCert : null; 237 } 238 239 @Override 240 public String engineGetCertificateAlias(Certificate cert) { 241 return cert.equals(bazCert) ? baz : null; 242 } 243 244 @Override 245 public Certificate[] engineGetCertificateChain(String alias) { 246 return alias.equals(baz) ? new Certificate[] {bazCert} : null; 247 } 248 249 @Override 250 public Date engineGetCreationDate(String alias) { 251 return alias.equals(baz) ? new Date() : null; 252 } 253 254 @Override 255 public Key engineGetKey(String alias, char[] password) 256 throws NoSuchAlgorithmException, UnrecoverableKeyException { 257 return null; 258 } 259 260 @Override 261 public boolean engineIsCertificateEntry(String alias) { 262 return alias.equals(baz); 263 } 264 265 @Override 266 public boolean engineIsKeyEntry(String alias) { 267 return false; 268 } 269 270 @Override 271 public void engineLoad(InputStream stream, char[] password) 272 throws IOException, NoSuchAlgorithmException, CertificateException { 273 } 274 275 @Override 276 public void engineSetCertificateEntry(String alias, Certificate cert) 277 throws KeyStoreException { 278 throw new KeyStoreException(); 279 } 280 281 @Override 282 public void engineSetKeyEntry(String alias, byte[] key, 283 Certificate[] chain) 284 throws KeyStoreException { 285 throw new KeyStoreException(); 286 } 287 288 @Override 289 public void engineSetKeyEntry(String alias, Key key, char[] password, 290 Certificate[] chain) 291 throws KeyStoreException { 292 throw new KeyStoreException(); 293 } 294 295 @Override 296 public int engineSize() { return 1; } 297 298 @Override 299 public void engineStore(OutputStream stream, char[] password) 300 throws IOException, NoSuchAlgorithmException, CertificateException { 301 } 302 } 303} 304