1/*
2 * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24import java.net.InetAddress;
25import java.rmi.AccessException;
26import java.rmi.NotBoundException;
27import java.rmi.registry.LocateRegistry;
28import java.rmi.registry.Registry;
29import java.util.Set;
30
31/* @test
32 * @bug 8174770
33 * @summary Verify that JMX Registry rejects non-local access for bind, unbind, rebind.
34 *    The test is manual because the (non-local) host and port running JMX must be supplied as properties.
35 * @run main/othervm/manual -Djmx-registry.host=jmx-registry-host -Djmx-registry.port=jmx-registry-port NonLocalJMXRemoteTest
36 */
37
38/**
39 * Verify that access checks for the Registry exported by JMX Registry.bind(),
40 * .rebind(), and .unbind() are prevented on remote access to the registry.
41 * The test verifies that the access check is performed *before* the object to be
42 * bound or rebound is deserialized.
43 * This tests the SingleEntryRegistry implemented by JMX.
44 * This test is a manual test and uses JMX running on a *different* host.
45 * JMX can be enabled in any Java runtime; for example:
46 * login or ssh to the different host and invoke rmiregistry with arguments below.
47 * It will not show any output.
48 * {@code $JDK_HOME/bin/rmiregistry \
49 *         -J-Dcom.sun.management.jmxremote.port=8888 \
50 *         -J-Dcom.sun.management.jmxremote.local.only=false \
51 *         -J-Dcom.sun.management.jmxremote.ssl=false \
52 *         -J-Dcom.sun.management.jmxremote.authenticate=false
53 * }
54 * On the first host modify the @run command above to replace "jmx-registry-host"
55 * with the hostname or IP address of the different host and run the test with jtreg.
56 */
57public class NonLocalJMXRemoteTest {
58
59    public static void main(String[] args) throws Exception {
60
61        String host = System.getProperty("jmx-registry.host");
62        if (host == null || host.isEmpty()) {
63            throw new RuntimeException("Specify host with system property: -Djmx-registry.host=<host>");
64        }
65        int port = Integer.getInteger("jmx-registry.port", -1);
66        if (port <= 0) {
67            throw new RuntimeException("Specify port with system property: -Djmx-registry.port=<port>");
68        }
69
70        // Check if running the test on a local system; it only applies to remote
71        String myHostName = InetAddress.getLocalHost().getHostName();
72        Set<InetAddress> myAddrs = Set.of(InetAddress.getAllByName(myHostName));
73        Set<InetAddress> hostAddrs = Set.of(InetAddress.getAllByName(host));
74        if (hostAddrs.stream().anyMatch(i -> myAddrs.contains(i))
75                || hostAddrs.stream().anyMatch(h -> h.isLoopbackAddress())) {
76            throw new RuntimeException("Error: property 'jmx-registry.host' must not be the local host%n");
77        }
78
79        Registry registry = LocateRegistry.getRegistry(host, port);
80        try {
81            // Verify it is a JMX Registry
82            registry.lookup("jmxrmi");
83        } catch (NotBoundException nf) {
84            throw new RuntimeException("Not a JMX registry, jmxrmi is not bound", nf);
85        }
86
87        try {
88            registry.bind("foo", null);
89            throw new RuntimeException("Remote access should not succeed for method: bind");
90        } catch (Exception e) {
91            assertIsAccessException(e);
92        }
93
94        try {
95            registry.rebind("foo", null);
96            throw new RuntimeException("Remote access should not succeed for method: rebind");
97        } catch (Exception e) {
98            assertIsAccessException(e);
99        }
100
101        try {
102            registry.unbind("foo");
103            throw new RuntimeException("Remote access should not succeed for method: unbind");
104        } catch (Exception e) {
105            assertIsAccessException(e);
106        }
107    }
108
109    /**
110     * Check the exception chain for the expected AccessException and message.
111     * @param ex the exception from the remote invocation.
112     */
113    private static void assertIsAccessException(Throwable ex) {
114        Throwable t = ex;
115        while (!(t instanceof AccessException) && t.getCause() != null) {
116            t = t.getCause();
117        }
118        if (t instanceof AccessException) {
119            String msg = t.getMessage();
120            int asIndex = msg.indexOf("Registry");
121            int disallowIndex = msg.indexOf("disallowed");
122            int nonLocalHostIndex = msg.indexOf("non-local host");
123            if (asIndex < 0 ||
124                    disallowIndex < 0 ||
125                    nonLocalHostIndex < 0 ) {
126                throw new RuntimeException("exception message is malformed", t);
127            }
128            System.out.printf("Found expected AccessException: %s%n%n", t);
129        } else {
130            throw new RuntimeException("AccessException did not occur when expected", ex);
131        }
132    }
133}
134