Comparator.java revision 6073:cea72c2bf071 
1/*
2 * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24/*
25 * @test
26 * @bug 5037004
27 * @run main/othervm Comparator
28 * @summary Frivolous ClassCastExceptions thrown by SubjectCodeSource.implies
29 *
30 * Note:  if you want to see the java.security.debug output,
31 *        you can not simply set the system property.
32 *        you must run this test by hand and pass -Djava.security.debug=...
33 */
34
35import java.io.*;
36import java.security.*;
37import java.util.PropertyPermission;
38import javax.security.auth.Subject;
39import javax.security.auth.x500.X500Principal;
40
41import sun.security.provider.PolicyFile;
42import com.sun.security.auth.PrincipalComparator;
43import com.sun.security.auth.UnixPrincipal;
44import com.sun.security.auth.NTUserPrincipal;
45import com.sun.security.auth.SolarisPrincipal;
46
47public class Comparator {
48
49    private static final PropertyPermission FOO =
50                new PropertyPermission("foo", "read");
51    private static final PropertyPermission BAR =
52                new PropertyPermission("bar", "read");
53    private static final PropertyPermission FOOBAR =
54                new PropertyPermission("foobar", "read");
55    private static final PropertyPermission HELLO =
56                new PropertyPermission("hello", "read");
57    private static final PropertyPermission WORLD =
58                new PropertyPermission("world", "read");
59
60    private static final CodeSource cs =
61                new CodeSource(null, (java.security.cert.Certificate[])null);
62
63    private static final Principal[] p1 = new Principal[] {
64                                new UnixPrincipal("1") };
65
66    private static final Principal[] p2 = new Principal[] {
67                                new X500Principal("cn=2"),
68                                new NTUserPrincipal("2") };
69
70    private static final Principal[] p3 = new Principal[] {
71                                new UnixPrincipal("1"),
72                                new X500Principal("cn=2"),
73                                new NTUserPrincipal("2") };
74
75    private static final Principal[] p4 = new Principal[] {
76                                new UnixPrincipal("1"),
77                                new NTUserPrincipal("4") };
78
79    private static final Principal[] p5 = new Principal[] {
80                                new UnixPrincipal("1"),
81                                new X500Principal("cn=2"),
82                                new NTUserPrincipal("2"),
83                                new X500Principal("cn=x500") };
84
85    private static final Principal[] p6 = new Principal[] {
86                                new UnixPrincipal("1"),
87                                new NTUserPrincipal("4"),
88                                new X500Principal("cn=x500") };
89
90    private static final Principal[] badP = new Principal[] {
91                                new SolarisPrincipal("bad") };
92
93    public static class PCompare1 implements PrincipalComparator {
94
95        private String name;
96
97        public PCompare1(String name) {
98            this.name = name;
99        }
100
101        public boolean implies (Subject subject) {
102            if (subject.getPrincipals().contains(p1[0])) {
103                return true;
104            }
105            return false;
106        }
107    }
108
109    public static class PCompare2 implements PrincipalComparator {
110        private String name;
111
112        public PCompare2(String name) {
113            this.name = name;
114        }
115
116        public boolean implies (Subject subject) {
117            if (subject.getPrincipals().contains(p2[0]) &&
118                subject.getPrincipals().contains(p2[1])) {
119                return true;
120            }
121            return false;
122        }
123    }
124
125    public static class PCompare3 implements PrincipalComparator {
126        private String name;
127
128        public PCompare3(String name) {
129            this.name = name;
130        }
131
132        public boolean implies (Subject subject) {
133            return false;
134        }
135    }
136
137    public static void main(String[] args) throws Exception {
138
139        int testnum = 1;
140
141        // in case we run standalone
142        String policyDir = System.getProperty("test.src");
143        if (policyDir == null) {
144            policyDir = ".";
145        }
146
147        // do principal-only tests
148        System.setProperty("java.security.policy",
149                        "=" +
150                        policyDir +
151                        File.separatorChar +
152                        "Comparator.Principal.Policy");
153        PolicyFile policy = new PolicyFile();
154        testnum = doPrincipalTest(policy, testnum);
155        System.out.println("============ Principal Test Passed ============");
156
157        // do comparator-only tests
158        System.setProperty("java.security.policy",
159                        "=" +
160                        policyDir +
161                        File.separatorChar +
162                        "Comparator.Comparator.Policy");
163        policy = new PolicyFile();
164        testnum = doComparatorTest(policy, testnum);
165        System.out.println("============ Comparator Test Passed ============");
166
167        // combined principal/comparator tests
168        System.setProperty("java.security.policy",
169                        "=" +
170                        policyDir +
171                        File.separatorChar +
172                        "Comparator.Combined.Policy");
173        policy = new PolicyFile();
174        testnum = doCombinedTest(policy, testnum);
175        System.out.println("============ Combined Test Passed ============");
176    }
177
178    private static int doBadTest(PolicyFile policy, int testnum) {
179
180        // this principal is not in policy - should not match any policy grants
181        ProtectionDomain pd = new ProtectionDomain(cs, null, null, badP);
182        if (policy.implies(pd, FOO)) {
183            throw new SecurityException("test." + testnum + " failed");
184        }
185        testnum++;
186
187        // this principal is not in policy - should not match any policy grants
188        if (policy.implies(pd, BAR)) {
189            throw new SecurityException("test." + testnum + " failed");
190        }
191        testnum++;
192
193        // this principal is not in policy - should not match any policy grants
194        if (policy.implies(pd, FOOBAR)) {
195            throw new SecurityException("test." + testnum + " failed");
196        }
197        testnum++;
198
199        return testnum;
200    }
201
202    private static int doPrincipalTest(PolicyFile policy, int testnum) {
203
204        // security check against one principal should pass
205        ProtectionDomain pd = new ProtectionDomain(cs, null, null, p1);
206        if (!policy.implies(pd, FOO)) {
207            throw new SecurityException("test." + testnum + " failed");
208        }
209        testnum++;
210
211        // should not match BAR grant entry in policy
212        pd = new ProtectionDomain(cs, null, null, p1);
213        if (policy.implies(pd, BAR)) {
214            throw new SecurityException("test." + testnum + " failed");
215        }
216        testnum++;
217
218        // security check against two principals should pass
219        pd = new ProtectionDomain(cs, null, null, p2);
220        if (!policy.implies(pd, BAR)) {
221            throw new SecurityException("test." + testnum + " failed");
222        }
223        testnum++;
224
225        // should not match FOOBAR grant entry in policy
226        pd = new ProtectionDomain(cs, null, null, p1);
227        if (policy.implies(pd, FOOBAR)) {
228            throw new SecurityException("test." + testnum + " failed");
229        }
230        testnum++;
231
232        // should not match FOOBAR grant entry in policy
233        pd = new ProtectionDomain(cs, null, null, p2);
234        if (policy.implies(pd, FOOBAR)) {
235            throw new SecurityException("test." + testnum + " failed");
236        }
237        testnum++;
238
239        testnum = doBadTest(policy, testnum);
240
241        return testnum;
242    }
243
244    private static int doComparatorTest(PolicyFile policy, int testnum) {
245
246        // security check against one comparator should pass
247        ProtectionDomain pd = new ProtectionDomain(cs, null, null, p1);
248        if (!policy.implies(pd, FOO)) {
249            throw new SecurityException("test." + testnum + " failed");
250        }
251        testnum++;
252
253        // should not match BAR grant entry in policy
254        pd = new ProtectionDomain(cs, null, null, p1);
255        if (policy.implies(pd, BAR)) {
256            throw new SecurityException("test." + testnum + " failed");
257        }
258        testnum++;
259
260        // security check against two comparators should pass for FOO
261        pd = new ProtectionDomain(cs, null, null, p3);
262        if (!policy.implies(pd, FOO)) {
263            throw new SecurityException("test." + testnum + " failed");
264        }
265        testnum++;
266
267        // security check against two comparators should pass for BAR
268        pd = new ProtectionDomain(cs, null, null, p3);
269        if (!policy.implies(pd, BAR)) {
270            throw new SecurityException("test." + testnum + " failed");
271        }
272        testnum++;
273
274        // security check should fail against FOOBAR
275        pd = new ProtectionDomain(cs, null, null, p3);
276        if (policy.implies(pd, FOOBAR)) {
277            throw new SecurityException("test." + testnum + " failed");
278        }
279        testnum++;
280
281        testnum = doBadTest(policy, testnum);
282
283        return testnum;
284    }
285
286    private static int doCombinedTest(PolicyFile policy, int testnum) {
287
288        // security check against principal followed by comparator should pass
289        ProtectionDomain pd = new ProtectionDomain(cs, null, null, p3);
290        if (!policy.implies(pd, FOO)) {
291            throw new SecurityException("test." + testnum + " failed");
292        }
293        testnum++;
294
295        // should not match BAR grant entry in policy
296        pd = new ProtectionDomain(cs, null, null, p3);
297        if (policy.implies(pd, BAR)) {
298            throw new SecurityException("test." + testnum + " failed");
299        }
300        testnum++;
301
302        // security check against comparator followed by principal should pass
303        pd = new ProtectionDomain(cs, null, null, p4);
304        if (!policy.implies(pd, BAR)) {
305            throw new SecurityException("test." + testnum + " failed");
306        }
307        testnum++;
308
309        // should not match FOO grant entry in policy
310        pd = new ProtectionDomain(cs, null, null, p4);
311        if (policy.implies(pd, FOO)) {
312            throw new SecurityException("test." + testnum + " failed");
313        }
314        testnum++;
315
316        // security check against principal-principal-comparator should pass
317        pd = new ProtectionDomain(cs, null, null, p5);
318        if (!policy.implies(pd, HELLO)) {
319            throw new SecurityException("test." + testnum + " failed");
320        }
321        testnum++;
322
323        // should not match WORLD grant entry in policy
324        pd = new ProtectionDomain(cs, null, null, p5);
325        if (policy.implies(pd, WORLD)) {
326            throw new SecurityException("test." + testnum + " failed");
327        }
328        testnum++;
329
330        // security check against principal-principal-comparator should pass
331        pd = new ProtectionDomain(cs, null, null, p6);
332        if (!policy.implies(pd, WORLD)) {
333            throw new SecurityException("test." + testnum + " failed");
334        }
335        testnum++;
336
337        // should not match HELLO grant entry in policy
338        pd = new ProtectionDomain(cs, null, null, p6);
339        if (policy.implies(pd, HELLO)) {
340            throw new SecurityException("test." + testnum + " failed");
341        }
342        testnum++;
343
344        testnum = doBadTest(policy, testnum);
345
346        return testnum;
347    }
348}
349