auth/Subject/Serial.java

0N/A/*
2362N/A * Copyright (c) 2000, 2002, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A/*
0N/A * @test
0N/A * @bug 4364826
0N/A * @summary     Subject serialized principal set is
0N/A *              implementation-dependent class
0N/A * @run main/othervm/policy=Serial.policy Serial
0N/A */
0N/A
0N/Aimport javax.security.auth.*;
0N/Aimport java.io.*;
0N/Aimport java.util.*;
0N/A
0N/Apublic class Serial implements java.io.Serializable {
0N/A
0N/A    public static void main(String[] args) {
0N/A
0N/A        try {
0N/A            FileOutputStream fos = new FileOutputStream("serial.tmp");
0N/A            ObjectOutputStream oos = new ObjectOutputStream(fos);
0N/A
0N/A            HashSet principals = new HashSet();
0N/A            principals.add
0N/A                (new com.sun.security.auth.NTUserPrincipal("test"));
0N/A            principals.add
0N/A                (new com.sun.security.auth.NTDomainPrincipal("test2"));
0N/A
0N/A            Subject s = new Subject
0N/A                                (false,
0N/A                                principals,
0N/A                                new HashSet(),
0N/A                                new HashSet());
0N/A            oos.writeObject(s);
0N/A            oos.flush();
0N/A            fos.close();
0N/A
0N/A            FileInputStream fis = new FileInputStream("serial.tmp");
0N/A            ObjectInputStream ois = new ObjectInputStream(fis);
0N/A
0N/A            Subject s2 = (Subject)ois.readObject();
0N/A            fis.close();
0N/A
0N/A            System.out.println("s2 = " + s2.toString());
0N/A            System.out.println("s2.getPrincipals().size() = " +
0N/A                                s2.getPrincipals().size());
0N/A            if (!s.equals(s2) || !s2.equals(s)) {
0N/A                throw new SecurityException("Serial test failed: " +
0N/A                                        "EQUALS TEST FAILED");
0N/A            }
0N/A
0N/A            // make sure private credentials are not serializable
0N/A            // without permissions
0N/A
0N/A            Set privateCredentials = s.getPrivateCredentials();
0N/A            privateCredentials.add(new Serial());
0N/A
0N/A            fos = new FileOutputStream("serial2.tmp");
0N/A            oos = new ObjectOutputStream(fos);
0N/A            try {
0N/A                oos.writeObject(privateCredentials);
0N/A                oos.flush();
0N/A                fos.close();
0N/A                throw new RuntimeException("Serial test failed: " +
0N/A                        "allowed to serialize private credential set");
0N/A            } catch (SecurityException se) {
0N/A                // good
0N/A                se.printStackTrace();
0N/A            }
0N/A
0N/A            System.out.println("Serial test succeeded");
0N/A        } catch (Exception e) {
0N/A            e.printStackTrace();
0N/A            throw new SecurityException("Serial test failed");
0N/A        }
0N/A    }
0N/A}