0N/A/*
2362N/A * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A/*
0N/A * @test
0N/A * @bug 4919147
0N/A * @summary Support for token-based KeyStores
0N/A *
0N/A * TokenStore.keystore password is "TokenStore"
0N/A */
0N/A
0N/Aimport java.io.*;
0N/Aimport java.util.*;
0N/Aimport java.net.*;
0N/Aimport java.security.AllPermission;
0N/Aimport java.security.CodeSource;
0N/Aimport java.security.ProtectionDomain;
0N/Aimport java.security.Permission;
0N/Aimport java.security.KeyStore;
0N/Aimport java.security.cert.*;
0N/Aimport sun.security.provider.*;
0N/A
0N/Apublic class TokenStore {
0N/A
0N/A private static String DIR =
0N/A System.getProperty("test.classes", ".") + File.separatorChar;
0N/A private static final char[] storePassword = new char[]
0N/A { 'T', 'o', 'k', 'e', 'n', 'S', 't', 'o', 'r', 'e' };
0N/A
0N/A
0N/A // policy files that will get written
0N/A private static String NO_STORE_FILE = DIR + "TokenStore.NoStore";
0N/A private static String URL_FILE = DIR + "TokenStore.Url";
0N/A private static String URL_T_FILE = DIR + "TokenStore.UrlT";
0N/A private static String URL_T_P_FILE = DIR + "TokenStore.UrlTP";
0N/A private static String URL_PWD_FILE = DIR + "TokenStore.UrlPwd";
0N/A private static String URL_T_P_PWD_FILE = DIR + "TokenStore.UrlTPPwd";
0N/A private static String BADPASS_FILE = DIR + "TokenStore.BadPass";
0N/A
0N/A private static String RELPASS_FILE =
0N/A System.getProperty("test.src", ".") + File.separatorChar +
0N/A "TokenStore.RelPassPolicy";
0N/A
0N/A // protection domains
0N/A private static ProtectionDomain NO_STORE_DOMAIN;
0N/A private static ProtectionDomain URL_DOMAIN;
0N/A private static ProtectionDomain URL_T_DOMAIN;
0N/A private static ProtectionDomain URL_T_P_DOMAIN;
0N/A
0N/A // policy contents written to files
0N/A private static final String POLICY_NO_STORE =
0N/A "grant { permission java.security.AllPermission; };";
0N/A
0N/A private static final String POLICY_URL =
0N/A "keystore \"file:${test.src}${/}TokenStore.keystore\";" +
0N/A "grant signedby \"POLICY_URL\" {" +
0N/A " permission java.security.AllPermission;" +
0N/A "};" ;
0N/A
0N/A private static final String POLICY_URL_T =
0N/A "keystore \"file:${test.src}${/}TokenStore.keystore\", \"JKS\";"+
0N/A "grant signedby \"POLICY_URL_T\" {" +
0N/A " permission java.security.AllPermission;" +
0N/A "};" ;
0N/A
0N/A private static final String POLICY_URL_T_P =
0N/A "keystore \"file:${test.src}${/}TokenStore.keystore\"," +
0N/A " \"JKS\", \"SUN\";" +
0N/A "grant signedby \"POLICY_URL_T_P\" {" +
0N/A " permission java.security.AllPermission;" +
0N/A "};" ;
0N/A
0N/A private static final String POLICY_URL_PWD =
0N/A "keystore \"file:${test.src}${/}TokenStore.keystore\";" +
0N/A "keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" +
0N/A "grant signedby \"POLICY_URL\" {" +
0N/A " permission java.security.AllPermission;" +
0N/A "};" ;
0N/A
0N/A private static final String POLICY_URL_T_P_PWD =
0N/A "keystore \"file:${test.src}${/}TokenStore.keystore\"," +
0N/A " \"JKS\", \"SUN\";" +
0N/A "keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" +
0N/A "grant signedby \"POLICY_URL_T_P\" {" +
0N/A " permission java.security.AllPermission;" +
0N/A "};" ;
0N/A
0N/A private static final String POLICY_BADPASS =
0N/A "keystore \"file:${test.src}${/}TokenStore.keystore\"," +
0N/A " \"JKS\", \"SUN\";" +
0N/A "keystorePasswordURL \"file:${test.src}${/}TokenStore.java\";" +
0N/A "grant signedby \"POLICY_URL_T_P\" {" +
0N/A " permission java.security.AllPermission;" +
0N/A "};" ;
0N/A
0N/A private static void init() throws Exception {
0N/A
0N/A // first write policy files
0N/A
0N/A PolicyParser pp = new PolicyParser();
0N/A pp.read(new StringReader(POLICY_NO_STORE));
0N/A pp.write(new FileWriter(NO_STORE_FILE, false));
0N/A
0N/A pp = new PolicyParser();
0N/A pp.read(new StringReader(POLICY_URL));
0N/A pp.write(new FileWriter(URL_FILE, false));
0N/A
0N/A pp = new PolicyParser();
0N/A pp.read(new StringReader(POLICY_URL_T));
0N/A pp.write(new FileWriter(URL_T_FILE, false));
0N/A
0N/A pp = new PolicyParser();
0N/A pp.read(new StringReader(POLICY_URL_T_P));
0N/A pp.write(new FileWriter(URL_T_P_FILE, false));
0N/A
0N/A pp = new PolicyParser();
0N/A pp.read(new StringReader(POLICY_URL_PWD));
0N/A pp.write(new FileWriter(URL_PWD_FILE, false));
0N/A
0N/A pp = new PolicyParser();
0N/A pp.read(new StringReader(POLICY_URL_T_P_PWD));
0N/A pp.write(new FileWriter(URL_T_P_PWD_FILE, false));
0N/A
0N/A pp = new PolicyParser();
0N/A pp.read(new StringReader(POLICY_BADPASS));
0N/A pp.write(new FileWriter(BADPASS_FILE, false));
0N/A
0N/A // next load keystore data to build PD's
0N/A
0N/A KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
0N/A ks.load(new FileInputStream
0N/A (System.getProperty("test.src", ".") +
0N/A File.separatorChar +
0N/A "TokenStore.keystore"),
0N/A storePassword);
0N/A
0N/A NO_STORE_DOMAIN = new ProtectionDomain
0N/A (new CodeSource(new URL("file:/foo"),
0N/A (java.security.cert.Certificate[]) null),
0N/A null, // perms
0N/A null, // class loader
0N/A null); // principals
0N/A
0N/A Certificate[] chain = (Certificate[])
0N/A ks.getCertificateChain("POLICY_URL");
0N/A URL_DOMAIN = new ProtectionDomain
0N/A (new CodeSource(new URL("file:/foo"), chain),
0N/A null, // perms
0N/A null, // class loader
0N/A null); // principals
0N/A
0N/A chain = (Certificate[])
0N/A ks.getCertificateChain("POLICY_URL_T");
0N/A URL_T_DOMAIN = new ProtectionDomain
0N/A (new CodeSource(new URL("file:/foo"), chain),
0N/A null, // perms
0N/A null, // class loader
0N/A null); // principals
0N/A
0N/A chain = (Certificate[])
0N/A ks.getCertificateChain("POLICY_URL_T_P");
0N/A URL_T_P_DOMAIN = new ProtectionDomain
0N/A (new CodeSource(new URL("file:/foo"), chain),
0N/A null, // perms
0N/A null, // class loader
0N/A null); // principals
0N/A }
0N/A
0N/A public static void main(String[] args) throws Exception {
0N/A
0N/A init();
0N/A
0N/A // test no key store in policy
0N/A
0N/A System.setProperty("java.security.policy", "=" + NO_STORE_FILE);
0N/A PolicyFile p = new PolicyFile();
0N/A checkPerm(p, NO_STORE_DOMAIN);
0N/A
0N/A // test policy keystore + URL
0N/A
0N/A System.setProperty("java.security.policy", "=" + URL_FILE);
0N/A p = new PolicyFile();
0N/A checkPerm(p, URL_DOMAIN);
0N/A
0N/A // test policy keystore + URL + type
0N/A
0N/A System.setProperty("java.security.policy", "=" + URL_T_FILE);
0N/A p = new PolicyFile();
0N/A checkPerm(p, URL_T_DOMAIN);
0N/A
0N/A // test policy keystore + URL + type + provider
0N/A
0N/A System.setProperty("java.security.policy", "=" + URL_T_P_FILE);
0N/A p = new PolicyFile();
0N/A checkPerm(p, URL_T_P_DOMAIN);
0N/A
0N/A // test policy keystore + URL + password
0N/A
0N/A System.setProperty("java.security.policy", "=" + URL_FILE);
0N/A p = new PolicyFile();
0N/A checkPerm(p, URL_DOMAIN);
0N/A
0N/A // test policy keystore + URL + type + provider + password
0N/A
0N/A System.setProperty("java.security.policy", "=" + URL_T_P_FILE);
0N/A p = new PolicyFile();
0N/A checkPerm(p, URL_T_P_DOMAIN);
0N/A
0N/A // test policy keystore + URL + type + provider + BAD password
0N/A
0N/A System.setProperty("java.security.policy", "=" + BADPASS_FILE);
0N/A p = new PolicyFile();
0N/A try {
0N/A checkPerm(p, URL_T_P_DOMAIN);
0N/A throw new RuntimeException("expected SecurityException");
0N/A } catch (SecurityException se) {
0N/A // good
0N/A //se.printStackTrace();
0N/A }
0N/A
0N/A // test policy keystore + URL + type + provider + RELATIVE password
0N/A
0N/A System.setProperty("java.security.policy", "=" + RELPASS_FILE);
0N/A p = new PolicyFile();
0N/A checkPerm(p, URL_T_P_DOMAIN);
0N/A }
0N/A
0N/A private static void checkPerm(PolicyFile p, ProtectionDomain pd)
0N/A throws Exception {
0N/A boolean foundIt = false;
0N/A Enumeration perms = p.getPermissions(pd).elements();
0N/A while (perms.hasMoreElements()) {
0N/A Permission perm = (Permission)perms.nextElement();
0N/A if (!(perm instanceof AllPermission)) {
0N/A throw new SecurityException("expected AllPermission");
0N/A } else {
0N/A foundIt = true;
0N/A }
0N/A }
0N/A if (!foundIt) {
0N/A throw new SecurityException("expected AllPermission");
0N/A }
0N/A }
0N/A}