Serializable/auditStreamSubclass/AuditStreamSubclass.java

	AuditStreamSubclass.java revision 0
0N/A/*
0N/A * Copyright 2000 Sun Microsystems, Inc.  All Rights Reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
0N/A * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
0N/A * CA 95054 USA or visit www.sun.com if you need additional information or
0N/A * have any questions.
0N/A */
0N/A
0N/A/* @test
0N/A * @bug 4311940
0N/A * @summary Verify that unauthorized ObjectOutputStream and ObjectInputStream
0N/A *          cannot be constructed if they override security-sensitive non-final
0N/A *          methods.
0N/A */
0N/Aimport java.io.*;
0N/A
0N/Aclass GoodOOS1 extends ObjectOutputStream {
0N/A    GoodOOS1(OutputStream out) throws IOException { super(out); }
0N/A}
0N/A
0N/Aclass GoodOOS2 extends GoodOOS1 {
0N/A    GoodOOS2(OutputStream out) throws IOException { super(out); }
0N/A}
0N/A
0N/Aclass BadOOS1 extends ObjectOutputStream {
0N/A    BadOOS1(OutputStream out) throws IOException { super(out); }
0N/A    public PutField putFields() throws IOException { return null; }
0N/A}
0N/A
0N/Aclass BadOOS2 extends ObjectOutputStream {
0N/A    BadOOS2(OutputStream out) throws IOException { super(out); }
0N/A    public void writeUnshared(Object obj) throws IOException {}
0N/A}
0N/A
0N/Aclass BadOOS3 extends GoodOOS1 {
0N/A    BadOOS3(OutputStream out) throws IOException { super(out); }
0N/A    public void writeUnshared(Object obj) throws IOException {}
0N/A}
0N/A
0N/A
0N/Aclass GoodOIS1 extends ObjectInputStream {
0N/A    GoodOIS1(InputStream in) throws IOException { super(in); }
0N/A}
0N/A
0N/Aclass GoodOIS2 extends GoodOIS1 {
0N/A    GoodOIS2(InputStream in) throws IOException { super(in); }
0N/A}
0N/A
0N/Aclass BadOIS1 extends ObjectInputStream {
0N/A    BadOIS1(InputStream in) throws IOException { super(in); }
0N/A    public GetField readFields() throws IOException, ClassNotFoundException {
0N/A        return null;
0N/A    }
0N/A}
0N/A
0N/Aclass BadOIS2 extends ObjectInputStream {
0N/A    BadOIS2(InputStream in) throws IOException { super(in); }
0N/A    public Object readUnshared() throws IOException, ClassNotFoundException {
0N/A        return null;
0N/A    }
0N/A}
0N/A
0N/Aclass BadOIS3 extends GoodOIS1 {
0N/A    BadOIS3(InputStream in) throws IOException { super(in); }
0N/A    public Object readUnshared() throws IOException, ClassNotFoundException {
0N/A        return null;
0N/A    }
0N/A}
0N/A
0N/Apublic class AuditStreamSubclass {
0N/A    public static void main(String[] args) throws Exception {
0N/A        if (System.getSecurityManager() == null) {
0N/A            System.setSecurityManager(new SecurityManager());
0N/A        }
0N/A        ByteArrayOutputStream bout = new ByteArrayOutputStream();
0N/A        ObjectOutputStream oout = new ObjectOutputStream(bout);
0N/A        oout.flush();
0N/A        byte[] buf = bout.toByteArray();
0N/A
0N/A        new GoodOOS1(bout);
0N/A        new GoodOOS2(bout);
0N/A        new GoodOIS1(new ByteArrayInputStream(buf));
0N/A        new GoodOIS2(new ByteArrayInputStream(buf));
0N/A
0N/A        try {
0N/A            new BadOOS1(bout);
0N/A            throw new Error();
0N/A        } catch (SecurityException ex) {
0N/A        }
0N/A
0N/A        try {
0N/A            new BadOOS2(bout);
0N/A            throw new Error();
0N/A        } catch (SecurityException ex) {
0N/A        }
0N/A
0N/A        try {
0N/A            new BadOOS3(bout);
0N/A            throw new Error();
0N/A        } catch (SecurityException ex) {
0N/A        }
0N/A
0N/A        try {
0N/A            new BadOIS1(new ByteArrayInputStream(buf));
0N/A            throw new Error();
0N/A        } catch (SecurityException ex) {
0N/A        }
0N/A
0N/A        try {
0N/A            new BadOIS2(new ByteArrayInputStream(buf));
0N/A            throw new Error();
0N/A        } catch (SecurityException ex) {
0N/A        }
0N/A
0N/A        try {
0N/A            new BadOIS3(new ByteArrayInputStream(buf));
0N/A            throw new Error();
0N/A        } catch (SecurityException ex) {
0N/A        }
0N/A    }
0N/A}