53a97cbeb3
Co-authored-by: Alexander Kulyakthin <alexander.kulyakhtin@oracle.com> Co-authored-by: Alan Bateman <alan.bateman@oracle.com> Reviewed-by: alanb, joehw, lancea
264 lines
10 KiB
Java
264 lines
10 KiB
Java
/*
|
|
* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
/*
|
|
* @test
|
|
* @bug 4919147
|
|
* @summary Support for token-based KeyStores
|
|
* @modules java.base/sun.security.provider
|
|
*/
|
|
|
|
import java.io.*;
|
|
import java.util.*;
|
|
import java.net.*;
|
|
import java.security.AllPermission;
|
|
import java.security.CodeSource;
|
|
import java.security.ProtectionDomain;
|
|
import java.security.Permission;
|
|
import java.security.KeyStore;
|
|
import java.security.cert.*;
|
|
import sun.security.provider.*;
|
|
|
|
public class TokenStore {
|
|
|
|
private static String DIR =
|
|
System.getProperty("test.classes", ".") + File.separatorChar;
|
|
private static final char[] storePassword = new char[]
|
|
{ 'T', 'o', 'k', 'e', 'n', 'S', 't', 'o', 'r', 'e' };
|
|
|
|
|
|
// policy files that will get written
|
|
private static String NO_STORE_FILE = DIR + "TokenStore.NoStore";
|
|
private static String URL_FILE = DIR + "TokenStore.Url";
|
|
private static String URL_T_FILE = DIR + "TokenStore.UrlT";
|
|
private static String URL_T_P_FILE = DIR + "TokenStore.UrlTP";
|
|
private static String URL_PWD_FILE = DIR + "TokenStore.UrlPwd";
|
|
private static String URL_T_P_PWD_FILE = DIR + "TokenStore.UrlTPPwd";
|
|
private static String BADPASS_FILE = DIR + "TokenStore.BadPass";
|
|
|
|
private static String RELPASS_FILE =
|
|
System.getProperty("test.src", ".") + File.separatorChar +
|
|
"TokenStore.RelPassPolicy";
|
|
|
|
// protection domains
|
|
private static ProtectionDomain NO_STORE_DOMAIN;
|
|
private static ProtectionDomain URL_DOMAIN;
|
|
private static ProtectionDomain URL_T_DOMAIN;
|
|
private static ProtectionDomain URL_T_P_DOMAIN;
|
|
|
|
// policy contents written to files
|
|
private static final String POLICY_NO_STORE =
|
|
"grant { permission java.security.AllPermission; };";
|
|
|
|
private static final String POLICY_URL =
|
|
"keystore \"file:${test.src}${/}TokenStore.keystore\";" +
|
|
"grant signedby \"POLICY_URL\" {" +
|
|
" permission java.security.AllPermission;" +
|
|
"};" ;
|
|
|
|
private static final String POLICY_URL_T =
|
|
"keystore \"file:${test.src}${/}TokenStore.keystore\", \"JKS\";"+
|
|
"grant signedby \"POLICY_URL_T\" {" +
|
|
" permission java.security.AllPermission;" +
|
|
"};" ;
|
|
|
|
private static final String POLICY_URL_T_P =
|
|
"keystore \"file:${test.src}${/}TokenStore.keystore\"," +
|
|
" \"JKS\", \"SUN\";" +
|
|
"grant signedby \"POLICY_URL_T_P\" {" +
|
|
" permission java.security.AllPermission;" +
|
|
"};" ;
|
|
|
|
private static final String POLICY_URL_PWD =
|
|
"keystore \"file:${test.src}${/}TokenStore.keystore\";" +
|
|
"keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" +
|
|
"grant signedby \"POLICY_URL\" {" +
|
|
" permission java.security.AllPermission;" +
|
|
"};" ;
|
|
|
|
private static final String POLICY_URL_T_P_PWD =
|
|
"keystore \"file:${test.src}${/}TokenStore.keystore\"," +
|
|
" \"JKS\", \"SUN\";" +
|
|
"keystorePasswordURL \"file:${test.src}${/}TokenStore.pwd\";" +
|
|
"grant signedby \"POLICY_URL_T_P\" {" +
|
|
" permission java.security.AllPermission;" +
|
|
"};" ;
|
|
|
|
private static final String POLICY_BADPASS =
|
|
"keystore \"file:${test.src}${/}TokenStore.keystore\"," +
|
|
" \"JKS\", \"SUN\";" +
|
|
"keystorePasswordURL \"file:${test.src}${/}TokenStore.java\";" +
|
|
"grant signedby \"POLICY_URL_T_P\" {" +
|
|
" permission java.security.AllPermission;" +
|
|
"};" ;
|
|
|
|
private static void init() throws Exception {
|
|
|
|
// first write policy files
|
|
|
|
PolicyParser pp = new PolicyParser();
|
|
pp.read(new StringReader(POLICY_NO_STORE));
|
|
pp.write(new FileWriter(NO_STORE_FILE, false));
|
|
|
|
pp = new PolicyParser();
|
|
pp.read(new StringReader(POLICY_URL));
|
|
pp.write(new FileWriter(URL_FILE, false));
|
|
|
|
pp = new PolicyParser();
|
|
pp.read(new StringReader(POLICY_URL_T));
|
|
pp.write(new FileWriter(URL_T_FILE, false));
|
|
|
|
pp = new PolicyParser();
|
|
pp.read(new StringReader(POLICY_URL_T_P));
|
|
pp.write(new FileWriter(URL_T_P_FILE, false));
|
|
|
|
pp = new PolicyParser();
|
|
pp.read(new StringReader(POLICY_URL_PWD));
|
|
pp.write(new FileWriter(URL_PWD_FILE, false));
|
|
|
|
pp = new PolicyParser();
|
|
pp.read(new StringReader(POLICY_URL_T_P_PWD));
|
|
pp.write(new FileWriter(URL_T_P_PWD_FILE, false));
|
|
|
|
pp = new PolicyParser();
|
|
pp.read(new StringReader(POLICY_BADPASS));
|
|
pp.write(new FileWriter(BADPASS_FILE, false));
|
|
|
|
// next load keystore data to build PD's
|
|
|
|
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
|
|
ks.load(new FileInputStream
|
|
(System.getProperty("test.src", ".") +
|
|
File.separatorChar +
|
|
"TokenStore.keystore"),
|
|
storePassword);
|
|
|
|
NO_STORE_DOMAIN = new ProtectionDomain
|
|
(new CodeSource(new URL("file:/foo"),
|
|
(java.security.cert.Certificate[]) null),
|
|
null, // perms
|
|
null, // class loader
|
|
null); // principals
|
|
|
|
Certificate[] chain = (Certificate[])
|
|
ks.getCertificateChain("POLICY_URL");
|
|
URL_DOMAIN = new ProtectionDomain
|
|
(new CodeSource(new URL("file:/foo"), chain),
|
|
null, // perms
|
|
null, // class loader
|
|
null); // principals
|
|
|
|
chain = (Certificate[])
|
|
ks.getCertificateChain("POLICY_URL_T");
|
|
URL_T_DOMAIN = new ProtectionDomain
|
|
(new CodeSource(new URL("file:/foo"), chain),
|
|
null, // perms
|
|
null, // class loader
|
|
null); // principals
|
|
|
|
chain = (Certificate[])
|
|
ks.getCertificateChain("POLICY_URL_T_P");
|
|
URL_T_P_DOMAIN = new ProtectionDomain
|
|
(new CodeSource(new URL("file:/foo"), chain),
|
|
null, // perms
|
|
null, // class loader
|
|
null); // principals
|
|
}
|
|
|
|
public static void main(String[] args) throws Exception {
|
|
|
|
init();
|
|
|
|
// test no key store in policy
|
|
|
|
System.setProperty("java.security.policy", "=" + NO_STORE_FILE);
|
|
PolicyFile p = new PolicyFile();
|
|
checkPerm(p, NO_STORE_DOMAIN);
|
|
|
|
// test policy keystore + URL
|
|
|
|
System.setProperty("java.security.policy", "=" + URL_FILE);
|
|
p = new PolicyFile();
|
|
checkPerm(p, URL_DOMAIN);
|
|
|
|
// test policy keystore + URL + type
|
|
|
|
System.setProperty("java.security.policy", "=" + URL_T_FILE);
|
|
p = new PolicyFile();
|
|
checkPerm(p, URL_T_DOMAIN);
|
|
|
|
// test policy keystore + URL + type + provider
|
|
|
|
System.setProperty("java.security.policy", "=" + URL_T_P_FILE);
|
|
p = new PolicyFile();
|
|
checkPerm(p, URL_T_P_DOMAIN);
|
|
|
|
// test policy keystore + URL + password
|
|
|
|
System.setProperty("java.security.policy", "=" + URL_FILE);
|
|
p = new PolicyFile();
|
|
checkPerm(p, URL_DOMAIN);
|
|
|
|
// test policy keystore + URL + type + provider + password
|
|
|
|
System.setProperty("java.security.policy", "=" + URL_T_P_FILE);
|
|
p = new PolicyFile();
|
|
checkPerm(p, URL_T_P_DOMAIN);
|
|
|
|
// test policy keystore + URL + type + provider + BAD password
|
|
|
|
System.setProperty("java.security.policy", "=" + BADPASS_FILE);
|
|
p = new PolicyFile();
|
|
try {
|
|
checkPerm(p, URL_T_P_DOMAIN);
|
|
throw new RuntimeException("expected SecurityException");
|
|
} catch (SecurityException se) {
|
|
// good
|
|
//se.printStackTrace();
|
|
}
|
|
|
|
// test policy keystore + URL + type + provider + RELATIVE password
|
|
|
|
System.setProperty("java.security.policy", "=" + RELPASS_FILE);
|
|
p = new PolicyFile();
|
|
checkPerm(p, URL_T_P_DOMAIN);
|
|
}
|
|
|
|
private static void checkPerm(PolicyFile p, ProtectionDomain pd)
|
|
throws Exception {
|
|
boolean foundIt = false;
|
|
Enumeration perms = p.getPermissions(pd).elements();
|
|
while (perms.hasMoreElements()) {
|
|
Permission perm = (Permission)perms.nextElement();
|
|
if (!(perm instanceof AllPermission)) {
|
|
throw new SecurityException("expected AllPermission");
|
|
} else {
|
|
foundIt = true;
|
|
}
|
|
}
|
|
if (!foundIt) {
|
|
throw new SecurityException("expected AllPermission");
|
|
}
|
|
}
|
|
}
|