476 lines
19 KiB
Java
476 lines
19 KiB
Java
|
/*
|
||
|
* Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
|
||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||
|
*
|
||
|
* This code is free software; you can redistribute it and/or modify it
|
||
|
* under the terms of the GNU General Public License version 2 only, as
|
||
|
* published by the Free Software Foundation. Oracle designates this
|
||
|
* particular file as subject to the "Classpath" exception as provided
|
||
|
* by Oracle in the LICENSE file that accompanied this code.
|
||
|
*
|
||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||
|
* accompanied this code).
|
||
|
*
|
||
|
* You should have received a copy of the GNU General Public License version
|
||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||
|
*
|
||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||
|
* or visit www.oracle.com if you need additional information or have any
|
||
|
*/
|
||
|
|
||
|
/**
|
||
|
* @test
|
||
|
* @bug 8087112
|
||
|
* @library /lib/testlibrary/
|
||
|
* @build jdk.testlibrary.SimpleSSLContext
|
||
|
* @compile ../../../../com/sun/net/httpserver/LogFilter.java
|
||
|
* @compile ../../../../com/sun/net/httpserver/FileServerHandler.java
|
||
|
* @compile ../ProxyServer.java
|
||
|
*
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=0.policy Security 0
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=1.policy Security 1
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=2.policy Security 2
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=3.policy Security 3
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=4.policy Security 4
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=5.policy Security 5
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=6.policy Security 6
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=7.policy Security 7
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=8.policy Security 8
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=9.policy Security 9
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=10.policy Security 10
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=11.policy Security 11
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=12.policy Security 12
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=0.policy Security 13
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=1.policy Security 14
|
||
|
* @run main/othervm/secure=java.lang.SecurityManager/policy=15.policy Security 15
|
||
|
*/
|
||
|
|
||
|
import com.sun.net.httpserver.*;
|
||
|
import java.io.IOException;
|
||
|
import java.io.InputStream;
|
||
|
import java.io.File;
|
||
|
import java.io.OutputStream;
|
||
|
import java.lang.reflect.Constructor;
|
||
|
import java.net.*;
|
||
|
import java.net.http.*;
|
||
|
import java.nio.charset.StandardCharsets;
|
||
|
import java.nio.file.Files;
|
||
|
import java.nio.file.Path;
|
||
|
import java.nio.ByteBuffer;
|
||
|
import java.nio.file.Paths;
|
||
|
import java.nio.file.StandardCopyOption;
|
||
|
import java.util.LinkedList;
|
||
|
import java.util.List;
|
||
|
import java.util.concurrent.*;
|
||
|
import java.util.function.*;
|
||
|
import java.util.logging.ConsoleHandler;
|
||
|
import java.util.logging.Level;
|
||
|
import java.util.logging.Logger;
|
||
|
|
||
|
/**
|
||
|
* Security checks test
|
||
|
*/
|
||
|
public class Security {
|
||
|
|
||
|
static HttpServer s1 = null;
|
||
|
static ExecutorService executor=null;
|
||
|
static int port;
|
||
|
static HttpClient client;
|
||
|
static String httproot, fileuri, fileroot, redirectroot;
|
||
|
static List<HttpClient> clients = new LinkedList<>();
|
||
|
static URI uri;
|
||
|
|
||
|
interface Test {
|
||
|
public void execute() throws IOException, InterruptedException;
|
||
|
}
|
||
|
|
||
|
static class TestAndResult {
|
||
|
Test test;
|
||
|
boolean result;
|
||
|
|
||
|
TestAndResult (Test t, boolean result) {
|
||
|
this.test = t;
|
||
|
this.result = result;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
static TestAndResult test(boolean result, Test t) {
|
||
|
return new TestAndResult(t, result);
|
||
|
}
|
||
|
|
||
|
static TestAndResult[] tests;
|
||
|
static String testclasses;
|
||
|
static File subdir;
|
||
|
|
||
|
/**
|
||
|
* The ProxyServer class is compiled by jtreg, but we want to
|
||
|
* move it so it is not on the application claspath. We want to
|
||
|
* load it through a separate classloader so that it has a separate
|
||
|
* protection domain and security permissions.
|
||
|
*
|
||
|
* Its permissions are in the second grant block in each policy file
|
||
|
*/
|
||
|
static void setupProxy() throws IOException, ClassNotFoundException, NoSuchMethodException {
|
||
|
testclasses = System.getProperty("test.classes");
|
||
|
subdir = new File (testclasses, "proxydir");
|
||
|
subdir.mkdir();
|
||
|
|
||
|
movefile("ProxyServer.class");
|
||
|
movefile("ProxyServer$Connection.class");
|
||
|
movefile("ProxyServer$1.class");
|
||
|
|
||
|
URL url = subdir.toURL();
|
||
|
System.out.println("URL for class loader = " + url);
|
||
|
URLClassLoader urlc = new URLClassLoader(new URL[] {url});
|
||
|
proxyClass = Class.forName("ProxyServer", true, urlc);
|
||
|
proxyConstructor = proxyClass.getConstructor(Integer.class, Boolean.class);
|
||
|
}
|
||
|
|
||
|
static void movefile(String f) throws IOException {
|
||
|
Path src = Paths.get(testclasses, f);
|
||
|
Path dest = subdir.toPath().resolve(f);
|
||
|
if (!dest.toFile().exists()) {
|
||
|
System.out.printf("moving %s to %s\n", src.toString(), dest.toString());
|
||
|
Files.move(src, dest, StandardCopyOption.REPLACE_EXISTING);
|
||
|
} else {
|
||
|
System.out.printf("NOT moving %s to %s\n", src.toString(), dest.toString());
|
||
|
}
|
||
|
}
|
||
|
|
||
|
static Object getProxy(int port, boolean b) throws Exception {
|
||
|
return proxyConstructor.newInstance(port, b);
|
||
|
}
|
||
|
|
||
|
static Class<?> proxyClass;
|
||
|
static Constructor<?> proxyConstructor;
|
||
|
|
||
|
static void setupTests() {
|
||
|
tests = new TestAndResult[]{
|
||
|
// (0) policy does not have permission for file. Should fail
|
||
|
test(false, () -> { // Policy 0
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.GET();
|
||
|
HttpResponse response = request.response();
|
||
|
}),
|
||
|
// (1) policy has permission for file URL
|
||
|
test(true, () -> { //Policy 1
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.GET();
|
||
|
HttpResponse response = request.response();
|
||
|
}),
|
||
|
// (2) policy has permission for all file URLs under /files
|
||
|
test(true, () -> { // Policy 2
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.GET();
|
||
|
HttpResponse response = request.response();
|
||
|
}),
|
||
|
// (3) policy has permission for first URL but not redirected URL
|
||
|
test(false, () -> { // Policy 3
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/redirect/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.GET();
|
||
|
HttpResponse response = request.response();
|
||
|
}),
|
||
|
// (4) policy has permission for both first URL and redirected URL
|
||
|
test(true, () -> { // Policy 4
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/redirect/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.GET();
|
||
|
HttpResponse response = request.response();
|
||
|
}),
|
||
|
// (5) policy has permission for redirected but not first URL
|
||
|
test(false, () -> { // Policy 5
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/redirect/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.GET();
|
||
|
HttpResponse response = request.response();
|
||
|
}),
|
||
|
// (6) policy has permission for file URL, but not method
|
||
|
test(false, () -> { //Policy 6
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.GET();
|
||
|
HttpResponse response = request.response();
|
||
|
}),
|
||
|
// (7) policy has permission for file URL, method, but not header
|
||
|
test(false, () -> { //Policy 7
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.header("X-Foo", "bar")
|
||
|
.GET();
|
||
|
HttpResponse response = request.response();
|
||
|
}),
|
||
|
// (8) policy has permission for file URL, method and header
|
||
|
test(true, () -> { //Policy 8
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.header("X-Foo", "bar")
|
||
|
.GET();
|
||
|
HttpResponse response = request.response();
|
||
|
}),
|
||
|
// (9) policy has permission for file URL, method and header
|
||
|
test(true, () -> { //Policy 9
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.headers("X-Foo", "bar", "X-Bar", "foo")
|
||
|
.GET();
|
||
|
HttpResponse response = request.response();
|
||
|
}),
|
||
|
// (10) policy has permission for destination URL but not for proxy
|
||
|
test(false, () -> { //Policy 10
|
||
|
directProxyTest(27208, true);
|
||
|
}),
|
||
|
// (11) policy has permission for both destination URL and proxy
|
||
|
test(true, () -> { //Policy 11
|
||
|
directProxyTest(27301, true);
|
||
|
}),
|
||
|
// (12) policy has permission for both destination URL and proxy
|
||
|
test(false, () -> { //Policy 11
|
||
|
directProxyTest(28301, false);
|
||
|
}),
|
||
|
// (13) async version of test 0
|
||
|
test(false, () -> { // Policy 0
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.GET();
|
||
|
try {
|
||
|
HttpResponse response = request.responseAsync().get();
|
||
|
} catch (ExecutionException e) {
|
||
|
if (e.getCause() instanceof SecurityException) {
|
||
|
throw (SecurityException)e.getCause();
|
||
|
} else {
|
||
|
throw new RuntimeException(e);
|
||
|
}
|
||
|
}
|
||
|
}),
|
||
|
// (14) async version of test 1
|
||
|
test(true, () -> { //Policy 1
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.GET();
|
||
|
try {
|
||
|
HttpResponse response = request.responseAsync().get();
|
||
|
} catch (ExecutionException e) {
|
||
|
if (e.getCause() instanceof SecurityException) {
|
||
|
throw (SecurityException)e.getCause();
|
||
|
} else {
|
||
|
throw new RuntimeException(e);
|
||
|
}
|
||
|
}
|
||
|
}),
|
||
|
// (15) check that user provided unprivileged code running on a worker
|
||
|
// thread does not gain ungranted privileges.
|
||
|
test(false, () -> { //Policy 12
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
|
||
|
HttpRequest request = client.request(u)
|
||
|
.GET();
|
||
|
HttpResponse response = request.response();
|
||
|
HttpResponse.BodyProcessor<String> stproc = HttpResponse.asString();
|
||
|
|
||
|
CompletableFuture<String> cf;
|
||
|
cf = response.bodyAsync(new HttpResponse.BodyProcessor<String>() {
|
||
|
public void onResponseBodyChunk(ByteBuffer b) throws IOException {
|
||
|
// do some mischief here
|
||
|
SecurityManager sm = System.getSecurityManager();
|
||
|
System.setSecurityManager(null);
|
||
|
System.setSecurityManager(sm);
|
||
|
// problem if we get this far
|
||
|
stproc.onResponseBodyChunk(b);
|
||
|
}
|
||
|
public String onResponseBodyStart(long contentLength,
|
||
|
HttpHeaders responseHeaders,
|
||
|
LongConsumer fc) throws IOException {
|
||
|
|
||
|
SecurityManager sm = System.getSecurityManager();
|
||
|
// should succeed.
|
||
|
sm.checkPermission(new RuntimePermission("foobar"));
|
||
|
return stproc.onResponseBodyStart(contentLength,responseHeaders, fc);
|
||
|
}
|
||
|
public String onResponseComplete() throws IOException {
|
||
|
return stproc.onResponseComplete();
|
||
|
}
|
||
|
public void onResponseError(Throwable t) {
|
||
|
stproc.onResponseError(t);
|
||
|
}
|
||
|
}
|
||
|
);
|
||
|
try {
|
||
|
System.out.println("Body = " + cf.get());// should not reach here
|
||
|
} catch (ExecutionException e) {
|
||
|
if (e.getCause() instanceof SecurityException) {
|
||
|
throw (SecurityException)e.getCause();
|
||
|
} else {
|
||
|
throw new RuntimeException(e);
|
||
|
}
|
||
|
}
|
||
|
})
|
||
|
};
|
||
|
}
|
||
|
|
||
|
private static void directProxyTest(int proxyPort, boolean samePort) throws IOException, InterruptedException {
|
||
|
Object proxy = null;
|
||
|
try {
|
||
|
proxy = getProxy(proxyPort, true);
|
||
|
} catch (IOException e) {
|
||
|
System.out.println("Cannot bind. Not running test");
|
||
|
throw new SecurityException("test not run");
|
||
|
} catch (Exception ee) {
|
||
|
throw new RuntimeException(ee);
|
||
|
}
|
||
|
System.out.println("Proxy port = " + proxyPort);
|
||
|
if (!samePort)
|
||
|
proxyPort++;
|
||
|
|
||
|
HttpClient cl = HttpClient.create()
|
||
|
.proxy(ProxySelector.of(
|
||
|
new InetSocketAddress("127.0.0.1", proxyPort)))
|
||
|
.build();
|
||
|
clients.add(cl);
|
||
|
|
||
|
URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");
|
||
|
HttpRequest request = cl.request(u)
|
||
|
.headers("X-Foo", "bar", "X-Bar", "foo")
|
||
|
.GET();
|
||
|
HttpResponse response = request.response();
|
||
|
}
|
||
|
|
||
|
static void runtest(Test r, String policy, boolean succeeds) {
|
||
|
System.out.println("Using policy file: " + policy);
|
||
|
try {
|
||
|
r.execute();
|
||
|
if (!succeeds) {
|
||
|
System.out.println("FAILED: expected security exception");
|
||
|
throw new RuntimeException("Failed");
|
||
|
}
|
||
|
System.out.println (policy + " succeeded as expected");
|
||
|
} catch (SecurityException e) {
|
||
|
if (succeeds) {
|
||
|
System.out.println("FAILED");
|
||
|
throw new RuntimeException(e);
|
||
|
}
|
||
|
System.out.println (policy + " threw exception as expected");
|
||
|
} catch (IOException | InterruptedException ee) {
|
||
|
throw new RuntimeException(ee);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
public static void main(String[] args) throws Exception {
|
||
|
initServer();
|
||
|
setupProxy();
|
||
|
fileroot = System.getProperty ("test.src")+ "/docs";
|
||
|
int testnum = Integer.parseInt(args[0]);
|
||
|
String policy = args[0];
|
||
|
|
||
|
client = HttpClient
|
||
|
.create()
|
||
|
.followRedirects(HttpClient.Redirect.ALWAYS)
|
||
|
.build();
|
||
|
|
||
|
clients.add(HttpClient.getDefault());
|
||
|
clients.add(client);
|
||
|
|
||
|
try {
|
||
|
setupTests();
|
||
|
TestAndResult tr = tests[testnum];
|
||
|
runtest(tr.test, policy, tr.result);
|
||
|
} finally {
|
||
|
s1.stop(0);
|
||
|
//executor.shutdownNow();
|
||
|
for (HttpClient client : clients)
|
||
|
client.executorService().shutdownNow();
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// create Http Server on port range below. So, we can
|
||
|
HttpServer createServer() {
|
||
|
HttpServer server;
|
||
|
for (int i=25800; i<26800; i++) {
|
||
|
InetSocketAddress a = new InetSocketAddress(i);
|
||
|
try {
|
||
|
server = HttpServer.create(a, 0);
|
||
|
return server;
|
||
|
} catch (IOException e) {}
|
||
|
}
|
||
|
return null;
|
||
|
}
|
||
|
|
||
|
public static void initServer() throws Exception {
|
||
|
Logger logger = Logger.getLogger("com.sun.net.httpserver");
|
||
|
ConsoleHandler ch = new ConsoleHandler();
|
||
|
logger.setLevel(Level.ALL);
|
||
|
ch.setLevel(Level.ALL);
|
||
|
logger.addHandler(ch);
|
||
|
String root = System.getProperty ("test.src")+ "/docs";
|
||
|
InetSocketAddress addr = new InetSocketAddress (0);
|
||
|
s1 = HttpServer.create (addr, 0);
|
||
|
if (s1 instanceof HttpsServer) {
|
||
|
throw new RuntimeException ("should not be httpsserver");
|
||
|
}
|
||
|
HttpHandler h = new FileServerHandler (root);
|
||
|
HttpContext c = s1.createContext ("/files", h);
|
||
|
|
||
|
HttpHandler h1 = new RedirectHandler ("/redirect");
|
||
|
HttpContext c1 = s1.createContext ("/redirect", h1);
|
||
|
|
||
|
executor = Executors.newCachedThreadPool();
|
||
|
s1.setExecutor (executor);
|
||
|
s1.start();
|
||
|
|
||
|
port = s1.getAddress().getPort();
|
||
|
System.out.println("HTTP server port = " + port);
|
||
|
httproot = "http://127.0.0.1:" + port + "/files/";
|
||
|
redirectroot = "http://127.0.0.1:" + port + "/redirect/";
|
||
|
uri = new URI(httproot);
|
||
|
fileuri = httproot + "foo.txt";
|
||
|
}
|
||
|
|
||
|
static class RedirectHandler implements HttpHandler {
|
||
|
|
||
|
String root;
|
||
|
int count = 0;
|
||
|
|
||
|
RedirectHandler(String root) {
|
||
|
this.root = root;
|
||
|
}
|
||
|
|
||
|
synchronized int count() {
|
||
|
return count;
|
||
|
}
|
||
|
|
||
|
synchronized void increment() {
|
||
|
count++;
|
||
|
}
|
||
|
|
||
|
@Override
|
||
|
public synchronized void handle(HttpExchange t)
|
||
|
throws IOException {
|
||
|
byte[] buf = new byte[2048];
|
||
|
System.out.println("Server: " + t.getRequestURI());
|
||
|
try (InputStream is = t.getRequestBody()) {
|
||
|
while (is.read(buf) != -1) ;
|
||
|
}
|
||
|
increment();
|
||
|
if (count() == 1) {
|
||
|
Headers map = t.getResponseHeaders();
|
||
|
String redirect = "/redirect/bar.txt";
|
||
|
map.add("Location", redirect);
|
||
|
t.sendResponseHeaders(301, -1);
|
||
|
t.close();
|
||
|
} else {
|
||
|
String response = "Hello world";
|
||
|
t.sendResponseHeaders(200, response.length());
|
||
|
OutputStream os = t.getResponseBody();
|
||
|
os.write(response.getBytes(StandardCharsets.ISO_8859_1));
|
||
|
t.close();
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|