mirror of
https://github.com/openjdk/jdk.git
synced 2026-05-24 20:38:14 +00:00
8065076: java/net/SocketPermission/SocketPermissionTest.java fails intermittently
Reviewed-by: coffeys, xiaofeya
This commit is contained in:
Chris Hegarty
parent
595f5a808e
commit
b9687e112e
@ -25,8 +25,7 @@
|
||||
* @test
|
||||
* @bug 8047031
|
||||
* @summary SocketPermission tests for legacy socket types
|
||||
* @library ../../../lib/testlibrary
|
||||
* @run testng/othervm/policy=policy SocketPermissionTest
|
||||
* @run testng/othervm SocketPermissionTest
|
||||
* @key intermittent
|
||||
*/
|
||||
import java.io.IOException;
|
||||
@ -39,186 +38,279 @@ import java.net.Socket;
|
||||
import java.net.SocketPermission;
|
||||
import java.security.AccessControlContext;
|
||||
import java.security.AccessController;
|
||||
import java.security.CodeSource;
|
||||
import java.security.Permission;
|
||||
import java.security.PermissionCollection;
|
||||
import java.security.Permissions;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.security.Policy;
|
||||
import java.security.PrivilegedExceptionAction;
|
||||
import java.security.ProtectionDomain;
|
||||
import java.util.Arrays;
|
||||
import java.util.function.Function;
|
||||
import java.util.function.IntConsumer;
|
||||
import static jdk.testlibrary.Utils.getFreePort;
|
||||
|
||||
import org.testng.annotations.BeforeMethod;
|
||||
import org.testng.annotations.DataProvider;
|
||||
import org.testng.annotations.Test;
|
||||
import static org.testng.Assert.*;
|
||||
|
||||
import static java.nio.charset.StandardCharsets.UTF_8;
|
||||
|
||||
public class SocketPermissionTest {
|
||||
private int freePort = -1;
|
||||
|
||||
//positive tests
|
||||
@Test(dataProvider = "positiveProvider")
|
||||
public void testPositive(Function<String, AccessControlContext> genAcc, IntConsumer func) {
|
||||
String addr = "localhost:" + freePort;
|
||||
AccessControlContext acc = genAcc.apply(addr);
|
||||
AccessController.doPrivileged((PrivilegedAction) () -> {
|
||||
func.accept(freePort);
|
||||
return null;
|
||||
}, acc);
|
||||
}
|
||||
|
||||
//negative tests
|
||||
@Test(dataProvider = "negativeProvider", expectedExceptions = SecurityException.class)
|
||||
public void testNegative(AccessControlContext acc, IntConsumer func) {
|
||||
AccessController.doPrivileged((PrivilegedAction) () -> {
|
||||
func.accept(freePort);
|
||||
return null;
|
||||
}, acc);
|
||||
}
|
||||
|
||||
@BeforeMethod
|
||||
public void setFreePort() throws Exception {
|
||||
freePort = getFreePort();
|
||||
public void setupSecurityManager() throws Exception {
|
||||
// All permissions, a specific ACC will be used to when testing
|
||||
// with a reduced permission set.
|
||||
Policy.setPolicy(new Policy() {
|
||||
final PermissionCollection perms = new Permissions();
|
||||
{ perms.add(new java.security.AllPermission()); }
|
||||
public PermissionCollection getPermissions(ProtectionDomain domain) {
|
||||
return perms;
|
||||
}
|
||||
public PermissionCollection getPermissions(CodeSource codesource) {
|
||||
return perms;
|
||||
}
|
||||
public boolean implies(ProtectionDomain domain, Permission perm) {
|
||||
return perms.implies(perm);
|
||||
}
|
||||
} );
|
||||
System.setSecurityManager(new SecurityManager());
|
||||
}
|
||||
|
||||
@DataProvider
|
||||
public Object[][] positiveProvider() {
|
||||
//test for SocketPermission "host:port","connect,resolve";
|
||||
Function<String, AccessControlContext> generateAcc1 = (addr) -> getAccessControlContext(
|
||||
new SocketPermission(addr, "listen, connect,resolve"));
|
||||
IntConsumer func1 = (i) -> connectSocketTest(i);
|
||||
IntConsumer func2 = (i) -> connectDatagramSocketTest(i);
|
||||
static final AccessControlContext RESTRICTED_ACC = getAccessControlContext();
|
||||
|
||||
//test for SocketPermission "localhost:1024-","accept";
|
||||
Function<String, AccessControlContext> generateAcc2 = (addr) -> getAccessControlContext(
|
||||
new SocketPermission(addr, "listen,connect,resolve"),
|
||||
new SocketPermission("localhost:1024-", "accept"));
|
||||
IntConsumer func3 = (i) -> acceptServerSocketTest(i);
|
||||
@Test
|
||||
public void connectSocketTest() throws Exception {
|
||||
try (ServerSocket ss = new ServerSocket(0)) {
|
||||
int port = ss.getLocalPort();
|
||||
|
||||
//test for SocketPermission "229.227.226.221", "connect,accept"
|
||||
Function<String, AccessControlContext> generateAcc3 = (addr) -> getAccessControlContext(
|
||||
new SocketPermission(addr, "listen,resolve"),
|
||||
new SocketPermission("229.227.226.221", "connect,accept"));
|
||||
IntConsumer func4 = (i) -> sendDatagramPacketTest(i);
|
||||
IntConsumer func5 = (i) -> joinGroupMulticastTest(i);
|
||||
|
||||
//test for SocketPermission "host:port", "listen"
|
||||
Function<String, AccessControlContext> generateAcc4 = (addr) -> getAccessControlContext(
|
||||
new SocketPermission(addr, "listen"));
|
||||
IntConsumer func6 = (i) -> listenDatagramSocketTest(i);
|
||||
IntConsumer func7 = (i) -> listenMulticastSocketTest(i);
|
||||
IntConsumer func8 = (i) -> listenServerSocketTest(i);
|
||||
|
||||
return new Object[][]{
|
||||
{generateAcc1, func1},
|
||||
{generateAcc1, func2},
|
||||
{generateAcc2, func3},
|
||||
{generateAcc3, func4},
|
||||
{generateAcc3, func5},
|
||||
{generateAcc4, func6},
|
||||
{generateAcc4, func7},
|
||||
{generateAcc4, func8}
|
||||
};
|
||||
}
|
||||
|
||||
@DataProvider
|
||||
public Object[][] negativeProvider() {
|
||||
IntConsumer[] funcs = {i -> connectSocketTest(i),
|
||||
i -> connectDatagramSocketTest(i), i -> acceptServerSocketTest(i),
|
||||
i -> sendDatagramPacketTest(i), i -> joinGroupMulticastTest(i),
|
||||
i -> listenDatagramSocketTest(i), i -> listenMulticastSocketTest(i),
|
||||
i -> listenServerSocketTest(i)};
|
||||
return Arrays.stream(funcs).map(f -> {
|
||||
//Construct an AccessControlContext without SocketPermission
|
||||
String addr = "localhost:" + port;
|
||||
AccessControlContext acc = getAccessControlContext(
|
||||
new java.io.FilePermission("<<ALL FILES>>", "read,write,execute,delete"),
|
||||
new java.net.NetPermission("*"),
|
||||
new java.util.PropertyPermission("*", "read,write"),
|
||||
new java.lang.reflect.ReflectPermission("*"),
|
||||
new java.lang.RuntimePermission("*"),
|
||||
new java.security.SecurityPermission("*"),
|
||||
new java.io.SerializablePermission("*"));
|
||||
return new Object[]{acc, f};
|
||||
}).toArray(Object[][]::new);
|
||||
}
|
||||
new SocketPermission(addr, "listen,connect,resolve"));
|
||||
|
||||
public void connectSocketTest(int port) {
|
||||
try (ServerSocket server = new ServerSocket(port);
|
||||
Socket client = new Socket(InetAddress.getLocalHost(), port);) {
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
// Positive
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
try (Socket client = new Socket(InetAddress.getLocalHost(), port)) {
|
||||
}
|
||||
return null;
|
||||
}, acc);
|
||||
|
||||
//Negative
|
||||
try {
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
Socket client = new Socket(InetAddress.getLocalHost(), port);
|
||||
fail("Expected SecurityException");
|
||||
return null;
|
||||
}, RESTRICTED_ACC);
|
||||
} catch (SecurityException expected) { }
|
||||
}
|
||||
}
|
||||
|
||||
public void connectDatagramSocketTest(int port) {
|
||||
String msg = "Hello";
|
||||
try {
|
||||
InetAddress me = InetAddress.getLocalHost();
|
||||
try (DatagramSocket ds = new DatagramSocket(port, me)) {
|
||||
DatagramPacket dp = new DatagramPacket(msg.getBytes(),
|
||||
msg.length(), me, port);
|
||||
@Test
|
||||
public void connectDatagramSocketTest() throws Exception {
|
||||
byte[] msg = "Hello".getBytes(UTF_8);
|
||||
InetAddress lh = InetAddress.getLocalHost();
|
||||
|
||||
try (DatagramSocket ds = new DatagramSocket(0)) {
|
||||
int port = ds.getLocalPort();
|
||||
|
||||
String addr = lh.getHostAddress() + ":" + port;
|
||||
AccessControlContext acc = getAccessControlContext(
|
||||
new SocketPermission(addr, "connect,resolve"));
|
||||
|
||||
// Positive
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
DatagramPacket dp = new DatagramPacket(msg, msg.length, lh, port);
|
||||
ds.send(dp);
|
||||
}
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
return null;
|
||||
}, acc);
|
||||
|
||||
// Negative
|
||||
try {
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
DatagramPacket dp = new DatagramPacket(msg, msg.length, lh, port);
|
||||
ds.send(dp);
|
||||
fail("Expected SecurityException");
|
||||
return null;
|
||||
}, RESTRICTED_ACC);
|
||||
} catch (SecurityException expected) { }
|
||||
}
|
||||
}
|
||||
|
||||
public void acceptServerSocketTest(int port) {
|
||||
try {
|
||||
InetAddress me = InetAddress.getLocalHost();
|
||||
try (ServerSocket server = new ServerSocket(port)) {
|
||||
Socket client = new Socket(me, port);
|
||||
server.accept();
|
||||
}
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
@Test
|
||||
public void acceptServerSocketTest() throws Exception {
|
||||
try (ServerSocket ss = new ServerSocket(0)) {
|
||||
int port = ss.getLocalPort();
|
||||
|
||||
String addr = "localhost:" + port;
|
||||
AccessControlContext acc = getAccessControlContext(
|
||||
new SocketPermission(addr, "listen,connect,resolve"),
|
||||
new SocketPermission("localhost:1024-", "accept"));
|
||||
|
||||
// Positive
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
InetAddress me = InetAddress.getLocalHost();
|
||||
try (Socket client = new Socket(me, port)) {
|
||||
ss.accept();
|
||||
}
|
||||
return null;
|
||||
}, acc);
|
||||
|
||||
// Negative
|
||||
try {
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
InetAddress me = InetAddress.getLocalHost();
|
||||
try (Socket client = new Socket(me, port)) {
|
||||
ss.accept();
|
||||
}
|
||||
fail("Expected SecurityException");
|
||||
return null;
|
||||
}, RESTRICTED_ACC);
|
||||
} catch (SecurityException expected) { }
|
||||
}
|
||||
}
|
||||
|
||||
public static void sendDatagramPacketTest(int port) {
|
||||
String msg = "Hello";
|
||||
try {
|
||||
InetAddress group = InetAddress.getByName("229.227.226.221");
|
||||
try (DatagramSocket s = new DatagramSocket(port)) {
|
||||
DatagramPacket hi = new DatagramPacket(msg.getBytes(),
|
||||
msg.length(), group, port);
|
||||
s.send(hi);
|
||||
}
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
@Test
|
||||
public void sendDatagramPacketTest() throws Exception {
|
||||
byte[] msg = "Hello".getBytes(UTF_8);
|
||||
InetAddress group = InetAddress.getByName("229.227.226.221");
|
||||
|
||||
try (DatagramSocket ds = new DatagramSocket(0)) {
|
||||
int port = ds.getLocalPort();
|
||||
|
||||
String addr = "localhost:" + port;
|
||||
//test for SocketPermission "229.227.226.221", "connect,accept"
|
||||
AccessControlContext acc = getAccessControlContext(
|
||||
new SocketPermission(addr, "listen,resolve"),
|
||||
new SocketPermission("229.227.226.221", "connect,accept"));
|
||||
|
||||
// Positive
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
DatagramPacket hi = new DatagramPacket(msg, msg.length, group, port);
|
||||
ds.send(hi);
|
||||
return null;
|
||||
}, acc);
|
||||
|
||||
// Negative
|
||||
try {
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
DatagramPacket hi = new DatagramPacket(msg, msg.length, group, port);
|
||||
ds.send(hi);
|
||||
fail("Expected SecurityException");
|
||||
return null;
|
||||
}, RESTRICTED_ACC);
|
||||
} catch (SecurityException expected) { }
|
||||
}
|
||||
}
|
||||
|
||||
public void joinGroupMulticastTest(int port) {
|
||||
try {
|
||||
InetAddress group = InetAddress.getByName("229.227.226.221");
|
||||
try (MulticastSocket s = new MulticastSocket(port)) {
|
||||
@Test
|
||||
public void joinGroupMulticastTest() throws Exception {
|
||||
InetAddress group = InetAddress.getByName("229.227.226.221");
|
||||
try (MulticastSocket s = new MulticastSocket(0)) {
|
||||
int port = s.getLocalPort();
|
||||
|
||||
String addr = "localhost:" + port;
|
||||
AccessControlContext acc = getAccessControlContext(
|
||||
new SocketPermission(addr, "listen,resolve"),
|
||||
new SocketPermission("229.227.226.221", "connect,accept"));
|
||||
|
||||
// Positive
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
s.joinGroup(group);
|
||||
s.leaveGroup(group);
|
||||
}
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
return null;
|
||||
}, acc);
|
||||
|
||||
// Negative
|
||||
try {
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
s.joinGroup(group);
|
||||
s.leaveGroup(group);
|
||||
fail("Expected SecurityException");
|
||||
return null;
|
||||
}, RESTRICTED_ACC);
|
||||
} catch (SecurityException expected) { }
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public void listenDatagramSocketTest(int port) {
|
||||
try (DatagramSocket ds = new DatagramSocket(port)) {
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
}
|
||||
@Test
|
||||
public void listenDatagramSocketTest() throws Exception {
|
||||
// the hardcoded port number doesn't really matter since we expect the
|
||||
// security permission to be checked before the underlying operation.
|
||||
int port = 8899;
|
||||
String addr = "localhost:" + port;
|
||||
AccessControlContext acc = getAccessControlContext(
|
||||
new SocketPermission(addr, "listen"));
|
||||
|
||||
// Positive
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
try (DatagramSocket ds = new DatagramSocket(port)) { }
|
||||
catch (IOException intermittentlyExpected) { /* ignore */ }
|
||||
return null;
|
||||
}, acc);
|
||||
|
||||
// Negative
|
||||
try {
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
try (DatagramSocket ds = new DatagramSocket(port)) { }
|
||||
catch (IOException intermittentlyExpected) { /* ignore */ }
|
||||
fail("Expected SecurityException");
|
||||
return null;
|
||||
}, RESTRICTED_ACC);
|
||||
} catch (SecurityException expected) { }
|
||||
}
|
||||
|
||||
public void listenMulticastSocketTest(int port) {
|
||||
try (MulticastSocket ms = new MulticastSocket(port)) {
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
}
|
||||
@Test
|
||||
public void listenMulticastSocketTest() throws Exception {
|
||||
// the hardcoded port number doesn't really matter since we expect the
|
||||
// security permission to be checked before the underlying operation.
|
||||
int port = 8899;
|
||||
String addr = "localhost:" + port;
|
||||
AccessControlContext acc = getAccessControlContext(
|
||||
new SocketPermission(addr, "listen"));
|
||||
|
||||
// Positive
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
try (MulticastSocket ms = new MulticastSocket(port)) { }
|
||||
catch (IOException intermittentlyExpected) { /* ignore */ }
|
||||
return null;
|
||||
}, acc);
|
||||
|
||||
// Negative
|
||||
try {
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
try (MulticastSocket ms = new MulticastSocket(port)) { }
|
||||
catch (IOException intermittentlyExpected) { /* ignore */ }
|
||||
fail("Expected SecurityException");
|
||||
return null;
|
||||
}, RESTRICTED_ACC);
|
||||
} catch (SecurityException expected) { }
|
||||
}
|
||||
|
||||
public void listenServerSocketTest(int port) {
|
||||
try (ServerSocket ms = new ServerSocket(port)) {
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
}
|
||||
@Test
|
||||
public void listenServerSocketTest() throws Exception {
|
||||
// the hardcoded port number doesn't really matter since we expect the
|
||||
// security permission to be checked before the underlying operation.
|
||||
int port = 8899;
|
||||
String addr = "localhost:" + port;
|
||||
AccessControlContext acc = getAccessControlContext(
|
||||
new SocketPermission(addr, "listen"));
|
||||
|
||||
// Positive
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
try (ServerSocket ss = new ServerSocket(port)) { }
|
||||
catch (IOException intermittentlyExpected) { /* ignore */ }
|
||||
return null;
|
||||
}, acc);
|
||||
|
||||
// Negative
|
||||
try {
|
||||
AccessController.doPrivileged((PrivilegedExceptionAction<Void>) () -> {
|
||||
try (ServerSocket ss = new ServerSocket(port)) { }
|
||||
catch (IOException intermittentlyExpected) { /* ignore */ }
|
||||
fail("Expected SecurityException");
|
||||
return null;
|
||||
}, RESTRICTED_ACC);
|
||||
} catch (SecurityException expected) { }
|
||||
|
||||
}
|
||||
|
||||
private static AccessControlContext getAccessControlContext(Permission... ps) {
|
||||
@ -234,4 +326,15 @@ public class SocketPermissionTest {
|
||||
return new AccessControlContext(new ProtectionDomain[]{pd});
|
||||
}
|
||||
|
||||
// Standalone entry point for running with, possibly older, JDKs.
|
||||
public static void main(String[] args) throws Throwable {
|
||||
SocketPermissionTest test = new SocketPermissionTest();
|
||||
test.setupSecurityManager();
|
||||
for (java.lang.reflect.Method m : SocketPermissionTest.class.getDeclaredMethods()) {
|
||||
if (m.getAnnotation(Test.class) != null) {
|
||||
System.out.println("Invoking " + m.getName());
|
||||
m.invoke(test);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
grant {
|
||||
permission java.security.AllPermission;
|
||||
};
|
||||
Loading…
x
Reference in New Issue
Block a user