/* * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /** * @test * @summary A simple smoke test of the HttpURLPermission mechanism, which checks * for either IOException (due to unknown host) or SecurityException * due to lack of permission to connect * @run main/othervm LookupTest */ import java.io.BufferedWriter; import java.io.FilePermission; import java.io.FileWriter; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.PrintWriter; import java.net.NetPermission; import java.net.ProxySelector; import java.net.ServerSocket; import java.net.Socket; import java.net.SocketPermission; import java.net.URL; import java.net.URLConnection; import java.net.URLPermission; import java.security.CodeSource; import java.security.Permission; import java.security.PermissionCollection; import java.security.Permissions; import java.security.Policy; import java.security.ProtectionDomain; import static java.nio.charset.StandardCharsets.US_ASCII; public class LookupTest { static final Policy DEFAULT_POLICY = Policy.getPolicy(); static int port; static volatile ServerSocket serverSocket; static void test(String url, boolean throwsSecException, boolean throwsIOException) { ProxySelector.setDefault(null); URL u; InputStream is = null; try { u = new URL(url); System.err.println("Connecting to " + u); URLConnection urlc = u.openConnection(); is = urlc.getInputStream(); } catch (SecurityException e) { if (!throwsSecException) { throw new RuntimeException("Unexpected SecurityException:", e); } return; } catch (IOException e) { if (!throwsIOException) { System.err.println("Unexpected IOException:" + e.getMessage()); throw new RuntimeException(e); } return; } finally { if (is != null) { try { is.close(); } catch (IOException e) { System.err.println("Unexpected IOException:" + e.getMessage()); throw new RuntimeException(e); } } } if (throwsSecException || throwsIOException) { System.err.printf("was expecting a %s\n", throwsSecException ? "security exception" : "IOException"); throw new RuntimeException("was expecting an exception"); } } static final String CWD = System.getProperty("user.dir", "."); public static void main(String args[]) throws Exception { String hostsFileName = CWD + "/LookupTestHosts"; System.setProperty("jdk.net.hosts.file", hostsFileName); addMappingToHostsFile("allowedAndFound.com", "127.0.0.1", hostsFileName, false); addMappingToHostsFile("notAllowedButFound.com", "99.99.99.99", hostsFileName, true); // name "notAllowedAndNotFound.com" is not in map // name "allowedButNotfound.com" is not in map Server server = new Server(); try { Policy.setPolicy(new LookupTestPolicy()); System.setSecurityManager(new SecurityManager()); server.start(); test("http://allowedAndFound.com:" + port + "/foo", false, false); test("http://notAllowedButFound.com:" + port + "/foo", true, false); test("http://allowedButNotfound.com:" + port + "/foo", false, true); test("http://notAllowedAndNotFound.com:" + port + "/foo", true, false); } finally { server.terminate(); } } static class Server extends Thread { private volatile boolean done; public Server() throws IOException { serverSocket = new ServerSocket(0); port = serverSocket.getLocalPort(); } public void run() { try { while (!done) { try (Socket s = serverSocket.accept()) { readOneRequest(s.getInputStream()); OutputStream o = s.getOutputStream(); String rsp = "HTTP/1.1 200 Ok\r\n" + "Connection: close\r\n" + "Content-length: 0\r\n\r\n"; o.write(rsp.getBytes(US_ASCII)); } } } catch (IOException e) { if (!done) e.printStackTrace(); } } void terminate() { done = true; try { serverSocket.close(); } catch (IOException unexpected) { unexpected.printStackTrace(); } } static final byte[] requestEnd = new byte[] {'\r', '\n', '\r', '\n' }; // Read until the end of a HTTP request void readOneRequest(InputStream is) throws IOException { int requestEndCount = 0, r; while ((r = is.read()) != -1) { if (r == requestEnd[requestEndCount]) { requestEndCount++; if (requestEndCount == 4) { break; } } else { requestEndCount = 0; } } } } private static void addMappingToHostsFile(String host, String addr, String hostsFileName, boolean append) throws IOException { String mapping = addr + " " + host; try (FileWriter fr = new FileWriter(hostsFileName, append); PrintWriter hfPWriter = new PrintWriter(new BufferedWriter(fr))) { hfPWriter.println(mapping); } } static class LookupTestPolicy extends Policy { final PermissionCollection perms = new Permissions(); LookupTestPolicy() throws Exception { perms.add(new NetPermission("setProxySelector")); perms.add(new SocketPermission("localhost:1024-", "resolve,accept")); perms.add(new URLPermission("http://allowedAndFound.com:" + port + "/-", "*:*")); perms.add(new URLPermission("http://allowedButNotfound.com:" + port + "/-", "*:*")); perms.add(new FilePermission("<>", "read,write,delete")); //perms.add(new PropertyPermission("java.io.tmpdir", "read")); } public PermissionCollection getPermissions(ProtectionDomain domain) { return perms; } public PermissionCollection getPermissions(CodeSource codesource) { return perms; } public boolean implies(ProtectionDomain domain, Permission perm) { return perms.implies(perm) || DEFAULT_POLICY.implies(domain, perm); } } }