0N/A/*
2362N/A * Copyright (c) 2002, 2003, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A/*
0N/A * @test
0N/A * @bug 4702543
0N/A * @summary X500Principal encodes EmailAddress incorrectly -
0N/A *
0N/A * fix has compatibility ramifications for policy.
0N/A *
0N/A * this test is related to the Alias.java test in the same directory.
0N/A * the email address encoding in EmailAddress.policy is the one
0N/A * taken from the persistent certificate stored in Alias.keystore,
0N/A * and which has the incorrect encoding. the alias is 'duke',
0N/A * and the DN is: "emailaddress=duke@sun". the cert was generated
0N/A * by a 1.4 JDK, so it has the wrong encoding for "duke@sun"
0N/A * (UTF-8 string instead of IA5String, i believe).
0N/A *
0N/A * administrators would have placed an incorrectly encoded DN entry
0N/A * like this in their policies. the fix for the above bug
0N/A * would have broken their policy because the incorrect
0N/A * encoding would be compared to a properly encoded DN from
0N/A * the current call thread. if you run this test without
0N/A * a fix for the compatibility issue, the debug output will
0N/A * show the differences in the encodings.
0N/A *
0N/A * so in addition to fixing the encoding,
0N/A * the policy implementation was updated to read the
0N/A * incorrectly encoded DN strings, generate new X500Principals,
0N/A * and dump out new DN strings that had the correct encoding.
0N/A * thus access control checks would no longer fail.
0N/A *
0N/A * @run main/othervm/policy=EmailAddress.policy -Djava.security.debug=policy EmailAddress
0N/A */
0N/A
0N/Aimport java.security.*;
0N/Aimport java.util.*;
0N/A
0N/Apublic class EmailAddress {
0N/A
0N/A public static void main(String[] args) {
0N/A
0N/A Principal[] principals = new Principal[1];
0N/A principals[0] = new javax.security.auth.x500.X500Principal
0N/A ("emailaddress=duke@sun");
0N/A
0N/A java.net.URL url = null;
0N/A try {
0N/A url = new java.net.URL("http://emailaddress");
0N/A } catch (java.net.MalformedURLException mue) {
0N/A System.out.println("test 1 failed");
0N/A throw new SecurityException(mue.getMessage());
0N/A }
0N/A CodeSource cs =
0N/A new CodeSource(url, (java.security.cert.Certificate[]) null);
0N/A
0N/A ProtectionDomain pd = new ProtectionDomain
0N/A (cs,
0N/A null,
0N/A null,
0N/A principals);
0N/A
0N/A PermissionCollection perms = Policy.getPolicy().getPermissions(pd);
0N/A
0N/A if (perms.implies(new SecurityPermission("EMAILADDRESS"))) {
0N/A System.out.println("test succeeded");
0N/A } else {
0N/A System.out.println("test 2 failed");
0N/A throw new SecurityException("test failed");
0N/A }
0N/A }
0N/A}