8025734: Use literal IP address where possible in SocketPermission generated by HttpURLPermission

Reviewed-by: chegar

jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java

@@ -903,6 +903,18 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
 
     private String getHostAndPort(URL url) {
         String host = url.getHost();
+        final String hostarg = host;
+        try {
+            // lookup hostname and use IP address if available
+            host = AccessController.doPrivileged(
+                new PrivilegedExceptionAction<String>() {
+                    public String run() throws IOException {
+                            InetAddress addr = InetAddress.getByName(hostarg);
+                            return addr.getHostAddress();
+                    }
+                }
+            );
+        } catch (PrivilegedActionException e) {}
         int port = url.getPort();
         if (port == -1) {
             String scheme = url.getProtocol();

jdk/test/java/net/URLPermission/nstest/LookupTest.java

@@ -0,0 +1,122 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+ * @compile -XDignore.symbol.file=true SimpleNameService.java
+ *                                     SimpleNameServiceDescriptor.java
+ * @run main/othervm/timeout=200 -Dsun.net.spi.nameservice.provider.1=simple,sun LookupTest
+ */
+
+/**
+ * This is a simple smoke test of the HttpURLPermission mechanism, which
+ * checks for either IOException (due to unknown host) or SecurityException
+ * due to lack of permission to connect
+ */
+
+import java.net.*;
+import java.io.*;
+
+public class LookupTest {
+
+    static void test(
+        String url, boolean throwsSecException, boolean throwsIOException)
+    {
+        try {
+            URL u = new URL(url);
+            System.err.println ("Connecting to " + u);
+            URLConnection urlc = u.openConnection();
+            InputStream is = urlc.getInputStream();
+        } catch (SecurityException e) {
+            if (!throwsSecException) {
+                throw new RuntimeException ("(1) was not expecting " + e);
+            }
+            return;
+        } catch (IOException ioe) {
+            if (!throwsIOException) {
+                throw new RuntimeException ("(2) was not expecting " + ioe);
+            }
+            return;
+        }
+        if (throwsSecException || throwsIOException) {
+            System.err.printf ("was expecting a %s\n", throwsSecException ?
+                "security exception" : "IOException");
+            throw new RuntimeException("was expecting an exception");
+        }
+    }
+
+    public static void main(String args[]) throws Exception {
+        SimpleNameService.put("allowedAndFound.com", "127.0.0.1");
+        SimpleNameService.put("notAllowedButFound.com", "99.99.99.99");
+        // name "notAllowedAndNotFound.com" is not in map
+        // name "allowedButNotfound.com" is not in map
+        startServer();
+
+        String policyFileName = "file://" + System.getProperty("test.src", ".") + "/policy";
+        System.err.println ("policy = " + policyFileName);
+
+        System.setProperty("java.security.policy", policyFileName);
+
+        System.setSecurityManager(new SecurityManager());
+
+        test("http://allowedAndFound.com:50100/foo", false, false);
+
+        test("http://notAllowedButFound.com:50100/foo", true, false);
+
+        test("http://allowedButNotfound.com:50100/foo", false, true);
+
+        test("http://notAllowedAndNotFound.com:50100/foo", true, false);
+    }
+
+    static Thread server;
+    static ServerSocket serverSocket;
+
+    static class Server extends Thread {
+        public void run() {
+            byte[] buf = new byte[1000];
+            try {
+                while (true) {
+                    Socket s = serverSocket.accept();
+                    InputStream i = s.getInputStream();
+                    i.read(buf);
+                    OutputStream o = s.getOutputStream();
+                    String rsp = "HTTP/1.1 200 Ok\r\n" +
+                        "Connection: close\r\nContent-length: 0\r\n\r\n";
+                    o.write(rsp.getBytes());
+                    o.close();
+                }
+            } catch (IOException e) {
+                return;
+            }
+            }
+    }
+
+    static void startServer() {
+        try {
+            serverSocket = new ServerSocket(50100);
+            server = new Server();
+            server.start();
+        } catch (Exception e) {
+            throw new RuntimeException ("Test failed to initialize");
+        }
+    }
+}

jdk/test/java/net/URLPermission/nstest/META-INF/services/sun.net.spi.nameservice.NameServiceDescriptor

@@ -0,0 +1,22 @@
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+
+SimpleNameServiceDescriptor    # name service provider descriptor

jdk/test/java/net/URLPermission/nstest/SimpleNameService.java

@@ -0,0 +1,102 @@
+/*
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * A simple name service based on an in-memory HashMap.
+ */
+import java.net.UnknownHostException;
+import java.net.InetAddress;
+import sun.net.spi.nameservice.*;
+import java.util.*;
+
+public final class SimpleNameService implements NameService {
+
+    private static LinkedHashMap hosts = new LinkedHashMap();
+
+    private static String addrToString(byte addr[]) {
+        return Byte.toString(addr[0]) + "." +
+               Byte.toString(addr[1]) + "." +
+               Byte.toString(addr[2]) + "." +
+               Byte.toString(addr[3]);
+    }
+
+    // ------------
+
+    public static void put(String host, String addr) {
+        hosts.put(host, addr);
+    }
+
+    public static void put(String host, byte addr[]) {
+        hosts.put(host, addrToString(addr));
+    }
+
+    public static void remove(String host) {
+        hosts.remove(host);
+    }
+
+    public static int entries () {
+        return hosts.size();
+    }
+
+    public static int lookupCalls() {
+        return lookupCalls;
+    }
+
+    static int lookupCalls = 0;
+
+    // ------------
+
+    public SimpleNameService() throws Exception {
+    }
+
+    public InetAddress[] lookupAllHostAddr(String host) throws UnknownHostException {
+
+        lookupCalls ++;
+
+        String value = (String)hosts.get(host);
+        if (value == null) {
+            throw new UnknownHostException(host);
+        }
+        StringTokenizer st = new StringTokenizer(value, ".");
+        byte addr[] = new byte[4];
+        for (int i=0; i<4; i++) {
+            addr[i] = (byte)Integer.parseInt(st.nextToken());
+        }
+        InetAddress[] res = new InetAddress[1];
+        res[0] = InetAddress.getByAddress(host, addr);
+        return res;
+    }
+
+    public String getHostByAddr(byte[] addr) throws UnknownHostException {
+        String addrString = addrToString(addr);
+        Iterator i = hosts.keySet().iterator();
+        while (i.hasNext()) {
+            String host = (String)i.next();
+            String value = (String)hosts.get(host);
+            if (value.equals(addrString)) {
+                return host;
+            }
+        }
+        throw new UnknownHostException();
+    }
+}

jdk/test/java/net/URLPermission/nstest/SimpleNameServiceDescriptor.java

@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * Descriptor for the simple name service
+ */
+import sun.net.spi.nameservice.*;
+
+public final class SimpleNameServiceDescriptor implements NameServiceDescriptor {
+    /**
+     * Create a new instance of the corresponding name service.
+     */
+    public NameService createNameService() throws Exception {
+        return new SimpleNameService();
+    }
+
+    /**
+     * Returns this service provider's name
+     *
+     */
+    public String getProviderName() {
+        return "sun";
+    }
+
+    /**
+     * Returns this name service type
+     * "dns" "nis" etc
+     */
+    public String getType() {
+        return "simple";
+    }
+}

jdk/test/java/net/URLPermission/nstest/policy

@@ -0,0 +1,41 @@
+//
+// Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+//
+// This code is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License version 2 only, as
+// published by the Free Software Foundation.
+//
+// This code is distributed in the hope that it will be useful, but WITHOUT
+// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+// FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+// version 2 for more details (a copy is included in the LICENSE file that
+// accompanied this code).
+//
+// You should have received a copy of the GNU General Public License version
+// 2 along with this work; if not, write to the Free Software Foundation,
+// Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+// or visit www.oracle.com if you need additional information or have any
+// questions.
+//
+
+grant {
+    permission java.net.URLPermission "http://allowedAndFound.com:50100/-", "*:*";
+    permission java.net.URLPermission "http://allowedButNotfound.com:50100/-", "*:*";
+
+    // needed for HttpServer
+    permission "java.net.SocketPermission" "localhost:1024-", "resolve,accept";
+};
+
+// Normal permissions that aren't granted when run under jtreg
+
+grant codeBase "file:${{java.ext.dirs}}/*" {
+        permission java.security.AllPermission;
+};
+
+grant codeBase "file:${{java.home}}/jre/lib/rt.jar" {
+        permission java.security.AllPermission;
+};
+