/*
 * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

/*
 * @test
 * @bug 8050281
 * @summary Test limited doprivileged action with trhead calls.
 * @run main/othervm/policy=policy LimitedDoPrivilegedWithThread
 */
import java.io.FilePermission;
import java.security.AccessControlContext;
import java.security.AccessControlException;
import java.security.AccessController;
import java.security.Permission;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.util.PropertyPermission;

public class LimitedDoPrivilegedWithThread {

    private static final Permission PROPERTYPERM
            = new PropertyPermission("user.name", "read");
    private static final Permission FILEPERM
            = new FilePermission("*", "read");
    private static final AccessControlContext ACC
            = new AccessControlContext(
                    new ProtectionDomain[]{new ProtectionDomain(null, null)});

    public static void main(String args[]) {
        //parent thread without any permission
        AccessController.doPrivileged(
                (PrivilegedAction) () -> {
                    Thread ct = new Thread(
                            new ChildThread(PROPERTYPERM, FILEPERM));
                    ct.start();
                    try {
                        ct.join();
                    } catch (InterruptedException ie) {
                        Thread.currentThread().interrupt();
                        ie.printStackTrace();
                        throw new RuntimeException("Unexpected InterruptedException");
                    }
                    return null;
                }, ACC);
    }
}

class ChildThread implements Runnable {

    private final Permission P1;
    private final Permission P2;
    private boolean catchACE = false;

    public ChildThread(Permission p1, Permission p2) {
        this.P1 = p1;
        this.P2 = p2;
    }

    @Override
    public void run() {
        //Verified that child thread has permission p1,
        runTest(null, P1, false, 1);
        //Verified that child thread inherits parent thread's access control context
        AccessControlContext childAcc = AccessController.getContext();
        runTest(childAcc, P1, true, 2);
        //Verified that we can give permision p2 to limit the "privilege" of the
        //class calling doprivileged action, stack walk will continue
        runTest(null, P2, true, 3);

    }

    public void runTest(AccessControlContext acc, Permission perm,
            boolean expectACE, int id) {

        AccessController.doPrivileged(
                (PrivilegedAction) () -> {
                    try {
                        AccessController.getContext().checkPermission(P1);
                    } catch (AccessControlException ace) {
                        catchACE = true;
                    }
                    if (catchACE ^ expectACE) {
                        throw new RuntimeException("test" + id + " failed");
                    }
                    return null;
                }, acc, perm);
    }
}