0N/A/*
2362N/A * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
0N/A * published by the Free Software Foundation.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A/*
0N/A * @test
0N/A * @bug 4919147
0N/A * @summary Support for token-based KeyStores
0N/A */
0N/A
0N/Aimport java.io.*;
0N/Aimport java.util.*;
0N/Aimport sun.security.provider.*;
0N/A
0N/Apublic class TokenStore {
0N/A
0N/A private static final String POLICY_NO_STORE =
0N/A "grant { permission java.security.AllPermission; };";
0N/A
0N/A private static final String POLICY_URL =
0N/A "keystore \"file:${test.src}${/}TokenStore.keystore\";" +
0N/A "grant signedby \"POLICY_URL\" {" +
0N/A " permission java.security.AllPermission;" +
0N/A "};" ;
0N/A
0N/A private static final String POLICY_URL_T =
0N/A "keystore \"file:${test.src}${/}TokenStore.keystore\", \"JKS\";"+
0N/A "grant signedby \"POLICY_URL_T\" {" +
0N/A " permission java.security.AllPermission;" +
0N/A "};" ;
0N/A
0N/A private static final String POLICY_URL_T_P =
0N/A "keystore \"file:${test.src}${/}TokenStore.keystore\"," +
0N/A " \"JKS\", \"SUN\";" +
0N/A "grant signedby \"POLICY_URL_T_P\" {" +
0N/A " permission java.security.AllPermission;" +
0N/A "};" ;
0N/A
0N/A private static final String POLICY_URL_PWD =
0N/A "keystore \"file:${test.src}${/}TokenStore.keystore\";" +
0N/A "keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" +
0N/A "grant signedby \"POLICY_URL\" {" +
0N/A " permission java.security.AllPermission;" +
0N/A "};" ;
0N/A
0N/A private static final String POLICY_URL_T_P_PWD =
0N/A "keystore \"file:${test.src}${/}TokenStore.keystore\"," +
0N/A " \"JKS\", \"SUN\";" +
0N/A "keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" +
0N/A "grant signedby \"POLICY_URL_T_P\" {" +
0N/A " permission java.security.AllPermission;" +
0N/A "};" ;
0N/A
0N/A private static final String POLICY_PASS_NO_STORE =
0N/A "keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" +
0N/A "grant signedby \"POLICY_URL_T_P\" {" +
0N/A " permission java.security.AllPermission;" +
0N/A "};" ;
0N/A
0N/A public static void main(String[] args) throws Exception {
0N/A
0N/A // test no key store in policy
0N/A
0N/A PolicyParser p = new PolicyParser();
0N/A p.read(new StringReader(POLICY_NO_STORE));
0N/A doNoStore(p);
0N/A StringWriter sw = new StringWriter();
0N/A p.write(sw);
0N/A PolicyParser newP = new PolicyParser();
0N/A newP.read(new StringReader(sw.toString()));
0N/A doNoStore(p);
0N/A
0N/A // test policy keystore + URL
0N/A
0N/A p = new PolicyParser();
0N/A p.read(new StringReader(POLICY_URL));
0N/A doURL(p, true);
0N/A sw = new StringWriter();
0N/A p.write(sw);
0N/A newP = new PolicyParser();
0N/A newP.read(new StringReader(sw.toString()));
0N/A doURL(p, true);
0N/A
0N/A // test policy keystore + URL + type
0N/A
0N/A p = new PolicyParser();
0N/A p.read(new StringReader(POLICY_URL_T));
0N/A doURL_T(p, true);
0N/A sw = new StringWriter();
0N/A p.write(sw);
0N/A newP = new PolicyParser();
0N/A newP.read(new StringReader(sw.toString()));
0N/A doURL_T(p, true);
0N/A
0N/A // test policy keystore + URL + type + provider
0N/A
0N/A p = new PolicyParser();
0N/A p.read(new StringReader(POLICY_URL_T_P));
0N/A doURL_T_P(p, true);
0N/A sw = new StringWriter();
0N/A p.write(sw);
0N/A newP = new PolicyParser();
0N/A newP.read(new StringReader(sw.toString()));
0N/A doURL_T_P(p, true);
0N/A
0N/A // test policy keystore + URL + password
0N/A
0N/A p = new PolicyParser();
0N/A p.read(new StringReader(POLICY_URL_PWD));
0N/A doURL(p, false);
0N/A doPwd(p);
0N/A sw = new StringWriter();
0N/A p.write(sw);
0N/A newP = new PolicyParser();
0N/A newP.read(new StringReader(sw.toString()));
0N/A doURL(p, false);
0N/A doPwd(p);
0N/A
0N/A // test policy keystore + URL + type + provider + password
0N/A
0N/A p = new PolicyParser();
0N/A p.read(new StringReader(POLICY_URL_T_P_PWD));
0N/A doURL_T_P(p, false);
0N/A doPwd(p);
0N/A sw = new StringWriter();
0N/A p.write(sw);
0N/A newP = new PolicyParser();
0N/A newP.read(new StringReader(sw.toString()));
0N/A doURL_T_P(p, false);
0N/A doPwd(p);
0N/A
0N/A // test policy password with no keystore
0N/A p = new PolicyParser();
0N/A try {
0N/A p.read(new StringReader(POLICY_PASS_NO_STORE));
0N/A throw new SecurityException("expected parsing exception");
0N/A } catch (PolicyParser.ParsingException pe) {
0N/A // good
0N/A }
0N/A
0N/A }
0N/A
0N/A private static void checkPerm(PolicyParser p) throws Exception {
0N/A Enumeration e = p.grantElements();
0N/A boolean foundOne = false;
0N/A while (e.hasMoreElements()) {
0N/A PolicyParser.GrantEntry ge = (PolicyParser.GrantEntry)
0N/A e.nextElement();
0N/A if (ge.permissionEntries == null) {
0N/A throw new SecurityException("expected non-null perms");
0N/A } else {
0N/A foundOne = true;
0N/A }
0N/A }
0N/A if (!foundOne) {
0N/A throw new SecurityException("expected non-null grant entries");
0N/A }
0N/A }
0N/A
0N/A private static void doNoStore(PolicyParser p) throws Exception {
0N/A if (p.getKeyStoreUrl() != null ||
0N/A p.getKeyStoreType() != null ||
0N/A p.getKeyStoreProvider() != null ||
0N/A p.getStorePassURL() != null) {
0N/A throw new SecurityException("expected null keystore");
0N/A }
0N/A checkPerm(p);
0N/A }
0N/A
0N/A private static void doURL(PolicyParser p, boolean checkPwd)
0N/A throws Exception {
0N/A if (p.getKeyStoreUrl() == null ||
0N/A !(p.getKeyStoreUrl().endsWith("TokenStore.keystore")) ||
0N/A p.getKeyStoreType() != null ||
0N/A p.getKeyStoreProvider() != null) {
0N/A throw new SecurityException("invalid keystore values");
0N/A }
0N/A if (checkPwd) {
0N/A if (p.getStorePassURL() != null) {
0N/A throw new SecurityException("invalid keystore values");
0N/A }
0N/A }
0N/A checkPerm(p);
0N/A }
0N/A
0N/A private static void doURL_T(PolicyParser p, boolean checkPwd)
0N/A throws Exception {
0N/A if (p.getKeyStoreUrl() == null ||
0N/A !(p.getKeyStoreUrl().endsWith("TokenStore.keystore")) ||
0N/A p.getKeyStoreType() == null ||
0N/A !(p.getKeyStoreType().equals("JKS")) ||
0N/A p.getKeyStoreProvider() != null) {
0N/A throw new SecurityException("invalid keystore values");
0N/A }
0N/A if (checkPwd) {
0N/A if (p.getStorePassURL() != null) {
0N/A throw new SecurityException("invalid keystore values");
0N/A }
0N/A }
0N/A checkPerm(p);
0N/A }
0N/A
0N/A private static void doURL_T_P(PolicyParser p, boolean checkPwd)
0N/A throws Exception {
0N/A if (p.getKeyStoreUrl() == null ||
0N/A !(p.getKeyStoreUrl().endsWith("TokenStore.keystore")) ||
0N/A p.getKeyStoreType() == null ||
0N/A !(p.getKeyStoreType().equals("JKS")) ||
0N/A p.getKeyStoreProvider() == null ||
0N/A !(p.getKeyStoreProvider().equals("SUN"))) {
0N/A throw new SecurityException("invalid keystore values");
0N/A }
0N/A if (checkPwd) {
0N/A if (p.getStorePassURL() != null) {
0N/A throw new SecurityException("invalid keystore values");
0N/A }
0N/A }
0N/A checkPerm(p);
0N/A }
0N/A
0N/A private static void doPwd(PolicyParser p) throws Exception {
0N/A if (p.getStorePassURL() == null ||
0N/A !(p.getStorePassURL().endsWith("TokenStore.pwd"))) {
0N/A throw new SecurityException("invalid password values");
0N/A }
0N/A }
0N/A}