/* * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @author Ram Marti * @bug 4326852 * @modules jdk.security.auth * @summary Retrive a subset of private credentials can be accessed * @run main/othervm/policy=Subset.policy Subset */ import java.util.Collections; import java.util.HashSet; import java.util.Iterator; import java.util.Set; import com.sun.security.auth.UnixPrincipal; import javax.security.auth.Subject; /* * Author : Ram Marti * This is a test program to verify the fix for Bug 4326852 * (impossible to extract a subset of private credentials) * The policy file used allows read access only to String classes. * grant { * permission javax.security.auth.AuthPermission \ * "modifyPrivateCredentials"; * permission javax.security.auth.PrivateCredentialPermission \ * "java.lang.String com.sun.security.auth.UnixPrincipal \"user"", "read"; * }; * The test verifies the following: * - String class creds can be retrieved by using * getPrivateCredentials(String.class) * - The above set is not backed internally * - getPrivateCredentials(Boolean or Integer) returns an empty set * - Set is returned by getPrivateCredentials() throws * security exception when trying to access non-String * class credentials * - The above set is internally backed up and any changes in * internal private creds are reflected in the set returned * - When the above set throws security exception the iterator * - is advanced to the next item in the list of creds. * - equals,contains,containsAll,add,remove operations work correctly */ public class Subset { public static void main(String[] args) throws Exception { int exceptionCounter =0; Iterator iter1; HashSet creds = new HashSet(); Subject emptys = new Subject(false, //readOnly Collections.singleton(new UnixPrincipal("user")), Collections.EMPTY_SET, creds); /* Test principals */ Set princ= emptys.getPrincipals(); HashSet collp= new HashSet(); collp.add(new String("abc")); collp.add(new String("def")); collp.add(new String("Exists")); collp.add(new String("Does not Exist")); try { if (princ.containsAll(collp)) { throw new Exception ("Error: Contains the collection"); } else System.out.println ("Does not Contain the collection"); } catch (SecurityException e) { throw new Exception ("Error: Exception in containsAll (string coll)!!"); } Set p1 = emptys.getPrivateCredentials(); if (p1.size() != 0) { throw new Exception("Error:p1 size should have been 6 and was " + p1.size()); } creds.add("abc"); creds.add(new Integer(3)); creds.add(Boolean.TRUE); Subject sremove = new Subject(false, //readOnly Collections.singleton(new UnixPrincipal("user")), Collections.EMPTY_SET, creds); Set p2 = sremove.getPrivateCredentials(); if (p2.size() !=3){ throw new Exception("Error: p2 size should have been 3 and was " + p2.size()); } iter1 = p2.iterator(); exceptionCounter=0; while (iter1.hasNext()) { try { Object o = iter1.next(); System.out.println(" private creds of class " + o.getClass() + "value is " + o.toString()); } catch (SecurityException e) { System.out.println("Expected Exception occured"); exceptionCounter++; } } if (exceptionCounter != 2) { throw new Exception("Expected number of exceptions was 2 " + "The actual number was " + exceptionCounter); } // Verify that remove op was successful iter1.remove(); if (p2.size() !=2) { throw new RuntimeException("Error: p2 size should have been 2 and was " + p2.size()); } System.out.println ("Checking the value after removal"); p2 = sremove.getPrivateCredentials(); try { if (!p2.add(new String("XYZ"))) { throw new RuntimeException("Error in adding string"); } if (!p2.add(new Integer(99))) { throw new RuntimeException("Error in adding Integer"); } HashSet coll1 = new HashSet(); coll1.add(new String("RST")); coll1.add(new Integer(1)); if (!p2.addAll(coll1)) { throw new RuntimeException("Error in addAll"); } } catch (Exception e){ e.printStackTrace(); throw new RuntimeException("Unexpected exception in add"); } iter1 = p2.iterator(); while (iter1.hasNext()) { try { Object o = iter1.next(); System.out.println(" private creds of class " + o.getClass() + "value is " + o.toString()); } catch (SecurityException e) { // System.out.println("Exception!!"); } } iter1 = p2.iterator(); System.out.println ("Checked the value after removal"); HashSet creds1 = new HashSet(); creds1.add("abc"); creds1.add("def"); creds1.add(Boolean.TRUE); creds1.add(new Integer(1)); creds1.add(new String("Exists")); Subject scontain = new Subject(false, //readOnly Collections.singleton(new UnixPrincipal("user")), Collections.EMPTY_SET, creds1); p2 = scontain.getPrivateCredentials(); try { Object ObjAr = p2.toArray(); } catch (SecurityException e) { System.out.println("Should get an Exception in toArray()"); } HashSet creds3 = new HashSet(); creds3.add (new String("abc")); p2 = scontain.getPrivateCredentials(); try { Object ObjCred = (Object)creds3.clone(); System.out.println ("Size of p2 is " + p2.size() + "Size of ObjCred is " + ((HashSet)ObjCred).size() ); if (p2.equals(ObjCred)) throw new RuntimeException("Error:Equals ObjCred *** "); else System.out.println ("Does not Equal Objcred"); } catch (SecurityException e) { throw new RuntimeException("Error:Should not get an Exception in equals of creds3"); } try { Object ObjCred = (Object)creds1.clone(); System.out.println ("Size of p2 is " + p2.size() + "Size of ObjCred is " + ((HashSet)ObjCred).size() ); if (p2.equals(ObjCred)) throw new RuntimeException ("Error: Equals ObjCred"); else throw new RuntimeException ("Error: Does not Equal Objcred"); } catch (SecurityException e) { System.out.println("Should get an Exception in equals of creds1"); } /* We can store only string types of creds * Let us create a subject with only string type of creds */ HashSet creds2 = new HashSet(); creds2.add("abc"); creds2.add("def"); creds2.add("ghi"); Subject sstring = new Subject(false, //readOnly Collections.singleton(new UnixPrincipal("user")), Collections.EMPTY_SET, creds2); p2 = sstring.getPrivateCredentials(); try { String[] selectArray = { "exits", "Does not exist"}; Object ObjAr = p2.toArray(selectArray); System.out.println(" No Exception in ObjAr- String"); } catch (SecurityException e) { throw new RuntimeException(" Error: Exception in ObjAr- String!!"); } /* * New subject scontain1, set p3, creds4 */ HashSet creds4 = new HashSet(); creds4.add("abc"); creds4.add("def"); creds4.add("ghi"); creds4.add(new Integer(1)); creds4.add("Exists"); Subject scontain1 = new Subject(false, //readOnly Collections.singleton(new UnixPrincipal("user")), Collections.EMPTY_SET, creds4); Set p3 = scontain1.getPrivateCredentials(); try { Object Obj = new String("Exists"); if (p3.contains(Obj)) System.out.println ("Contains String cred"); else throw new RuntimeException ("Error Does not Contain the stringcred exists"); } catch (SecurityException e) { throw new RuntimeException("Error:Exception!!"); } try { Object ObjCred = (Object)creds4.clone(); if (p3.equals(ObjCred)) throw new RuntimeException ("Error:Equals ObjCred"); else throw new RuntimeException ("Error:Does not Equal Objcred"); } catch (SecurityException e) { System.out.println("Should get an Exception in equals"); } try { Object Obj = new Integer(1); if (p3.contains(Obj)) throw new RuntimeException ("Error:Contains integer cred"); else throw new RuntimeException ("Error:Does not Contain integer cred"); } catch (SecurityException e) { System.out.println("Should get an Exception in contains Integer cred"); } HashSet coll = new HashSet(); coll.add(new String("abc")); coll.add(new String("def")); coll.add(new String("Exists")); coll.add(new String("Does not Exist")); try { if (p3.containsAll(coll)) throw new RuntimeException ("Error: Contains the collection"); else System.out.println ("Does not Contain the collection"); } catch (SecurityException e) { throw new RuntimeException("Error: Exception in containsAll (string coll)!!"); } coll.remove(new String("Exists")); coll.remove(new String("Does not Exist")); try { if (p3.containsAll(coll)) System.out.println ("Contains the collection"); else throw new RuntimeException ("Error:Does not Contain the collection"); } catch (SecurityException e) { throw new RuntimeException("Error: Exception in containsAll (string coll)!!"); } Object Obj = new String("Exists"); try { if (p3.contains(Obj)) System.out.println ("Contains String cred exists"); else System.out.println ("Does not Contain String cred exists"); } catch (SecurityException e) { System.out.println("Exception in String cred!!"); } Obj = new String("Does not exist"); try { if (p3.contains(Obj)) throw new RuntimeException ("Error: Contains the String does not exist"); else System.out.println ("Does not Contain the String cred Does not exist"); } catch (SecurityException e) { throw new RuntimeException("Error: Exception in Contains!!"); } p3.add(new Integer(2)); coll.add(new Integer(2)); p3.add("XYZ"); System.out.println ("Testing Retainall "); exceptionCounter =0; iter1 = p3.iterator(); while (iter1.hasNext()) { try { Object o = iter1.next(); System.out.println(" private creds of class " + o.getClass() + "value is " + o.toString()); } catch (SecurityException e) { System.out.println(" We should get exception"); System.out.println("Exception!!"); exceptionCounter++; } } System.out.println(" After the retainall Operation"); try { if (p3.retainAll(coll)) System.out.println ("Retained the collection"); else throw new RuntimeException ("Error: RetainAll did not succeed"); } catch (SecurityException e) { e.printStackTrace(); throw new RuntimeException("Error: Unexpected Exception in retainAll!"); } iter1 = p3.iterator(); while (iter1.hasNext()) { try { Object o = iter1.next(); System.out.println(" private creds of class " + o.getClass() + "value is " + o.toString()); } catch (SecurityException e) { exceptionCounter++; } } System.out.println ("Retainall collection"); p3.add(new Integer (3)); iter1 = p3.iterator(); while (iter1.hasNext()) { try { Object o = iter1.next(); System.out.println(" private creds of class " + o.getClass() + "value is " + o.toString()); } catch (SecurityException e) { System.out.println("Should get Exception "); } } exceptionCounter=0; HashSet coll2 = new HashSet(); coll2.add(new String("abc")); coll2.add(new Integer (3)); System.out.println(" before removeall"); iter1 = p3.iterator(); exceptionCounter =0; while (iter1.hasNext()) { try { Object o = iter1.next(); System.out.println(" private creds of class " + o.getClass() + "value is " + o.toString()); } catch (SecurityException e) { System.out.println("Expected Exception thrown "); exceptionCounter++; } } // We added two integer creds so there must be two exceptions only if (exceptionCounter != 2) { throw new RuntimeException("Expected 2 Exceptions; received " + exceptionCounter + "exceptions "); } try { p3.removeAll(coll2); System.out.println(" removeall successful! "); } catch (SecurityException e) { throw new RuntimeException(" Error: removeAll Security Exception!!"); } iter1 = p3.iterator(); System.out.println(" After removeall"); exceptionCounter = 0; while (iter1.hasNext()) { try { Object o = iter1.next(); System.out.println (" private creds of class " + o.getClass() + "value is " + o.toString()); } catch (SecurityException e) { System.out.println("Expected Exception thrown "); exceptionCounter++; } } // We had two integer creds; removed one as a part of coll2; so // only one exception must have been thrown if (exceptionCounter != 1) { throw new RuntimeException("Expected 1 Exceptions; received " + exceptionCounter + "exceptions "); } try { p3.clear(); System.out.println(" Clear() successful! "); } catch (SecurityException e) { throw new RuntimeException(" Error: Clear Security Exception!!"); } /* New subject s with creds and privCredSet * */ creds.clear(); creds.add("abc"); creds.add("def"); creds.add("ghi"); creds.add(new Integer(1)); Subject s = new Subject(false, //readOnly Collections.singleton(new UnixPrincipal("user")), Collections.EMPTY_SET, creds); try { Set privCredSet = s.getPrivateCredentials(char.class); if (privCredSet.size() != 0) { throw new RuntimeException("Error:String Privcred size should have been 0 and was " + privCredSet.size()); } } catch (Exception e) { throw new RuntimeException ("Error " + e.toString()); } try { Set privCredSet = s.getPrivateCredentials(String.class); if (privCredSet.size() != 3) { throw new RuntimeException("Error:String Privcred size should have been 2 and was " + privCredSet.size()); } s.getPrivateCredentials().add("XYZ"); /* * Since the privCredSet is not backed by internal private * creds adding to it should not make any difference to * privCredSet and theize should still be 3 */ if (privCredSet.size() != 3) { throw new RuntimeException("Error:String Privcred size should have been 2 and was " + privCredSet.size()); } s.getPrivateCredentials().remove("XYZ"); /* * Let us try to get the elements * No exception should occur */ Iterator iter = privCredSet.iterator(); while (iter.hasNext()) { try { Object o = iter.next(); System.out.println(" private creds of class " + o.getClass() + "value is " + o.toString()); } catch (SecurityException e) { } } } catch (Exception e) { e.printStackTrace(); throw new RuntimeException("Unexcpected Exception"); } /* * Can we add and remove the creds */ s.getPrivateCredentials().add("XYZ"); s.getPrivateCredentials().remove("XYZ"); s.getPrivateCredentials().add(new Integer(2)); s.getPrivateCredentials().remove(new Integer(2)); // We don't have permission to read Boolean creds // SInce the creds have no boolean creds we should get an empty // set try { Set privCredSet1 = s.getPrivateCredentials(Boolean.class); if (privCredSet1.size() != 0){ throw new RuntimeException("Error:String PrivcredSet1 of Boolean size should have been 0 and was " + privCredSet1.size()); } } catch (SecurityException e) { e.printStackTrace(); throw new RuntimeException("Unexcpected Exception"); } System.out.println ("Checked Boolean Creds "); /* * We don't have permission to read Integer creds * We should get an empty set even though the private creds * has an integer cred. No security exception either ! */ try { Set privCredSet1 = s.getPrivateCredentials(Integer.class); if (privCredSet1.size() != 0){ throw new RuntimeException("Error:String PrivcredSet1 of Integer size should have been 0 and was " + privCredSet1.size()); } } catch (SecurityException e) { System.out.println ("Expected exception"); } System.out.println ("Checked Integer Creds "); Set privCredSet2 = s.getPrivateCredentials(); if (privCredSet2.size() != 4){ throw new RuntimeException("Error:String PrivcredSet1 size should have been 4 and was " + privCredSet2.size()); } /* * Since the returned privCredSet2 is internally backed by the * private creds, any additions to it should be reflected in * privcredSet2 */ s.getPrivateCredentials().add("XYZ"); if (privCredSet2.size() != 5) { throw new RuntimeException("Error:String PrivcredSet1 size should have been 5 and was " + privCredSet2.size()); } s.getPrivateCredentials().remove("XYZ"); if (privCredSet2.size() != 4) { throw new RuntimeException("String privCredSet2 size should have been 5 and was " + privCredSet2.size()); } System.out.println("Checked remove(String) operation"); /* Let us add a couple of Boolean creds */ s.getPrivateCredentials().add(Boolean.TRUE); s.getPrivateCredentials().add(new Integer(2)); exceptionCounter =0; iter1 = privCredSet2.iterator(); while (iter1.hasNext()) { try { Object o = iter1.next(); System.out.println(" private creds of class " + o.getClass() + "value is " + o.toString()); } catch (SecurityException e) { System.out.println(" We should get exception"); System.out.println("Exception!!"); exceptionCounter++; } } if (exceptionCounter != 3) { throw new RuntimeException("Expected number of exception was 3 " + "The actual number was " + exceptionCounter); } privCredSet2.add (new Integer(3)); try { int hashCode = privCredSet2.hashCode(); } catch (SecurityException e) { System.out.println ("hashCode Expected exception"); } System.out.println ("Tests completed"); } }