infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-01-28 12:09:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

8235459: HttpRequest.BodyPublishers::ofFile assumes the default file system

Browse Source 
Add support for non-default file systems to HttpRequest.BodyPublishers::ofFile

Reviewed-by: chegar, dfuchs, amlu
This commit is contained in:
Julia Boes 2020-03-26 11:52:15 +00:00
parent f930d4661a
commit d882d528bb
9 changed files with 1488 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/java.net.http/share/classes/java/net/http/HttpRequest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,6 +31,8 @@ import java.net.URI;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.time.Duration;
import java.util.Iterator;
@ -614,12 +616,16 @@ public abstract class HttpRequest {
* method, when the {@code BodyPublisher} is created. Care must be taken
* that the {@code BodyPublisher} is not shared with untrusted code.
*
* @param path the path to the file containing the body
* @param path the path to the file containing the body
* @return a BodyPublisher
* @throws java.io.FileNotFoundException if the path is not found
* @throws SecurityException if a security manager has been installed
* and it denies {@link SecurityManager#checkRead(String)
* read access} to the given file
* @throws SecurityException if
* {@linkplain Files#newInputStream(Path, OpenOption...)
* opening the file for reading} is denied:
* in the case of the system-default file system provider,
* and a security manager is installed,
* {@link SecurityManager#checkRead(String) checkRead}
* is invoked to check read access to the given file
*/
public static BodyPublisher ofFile(Path path) throws FileNotFoundException {
Objects.requireNonNull(path);

148
src/java.net.http/share/classes/jdk/internal/net/http/RequestPublishers.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,20 +25,20 @@
package jdk.internal.net.http;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FilePermission;
import java.io.IOException;
import java.io.InputStream;
import java.io.UncheckedIOException;
import java.lang.reflect.UndeclaredThrowableException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.Permission;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
@ -50,6 +50,7 @@ import java.util.Objects;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.Flow;
import java.util.concurrent.Flow.Publisher;
import java.util.function.Function;
import java.util.function.Supplier;
import java.net.http.HttpRequest.BodyPublisher;
import jdk.internal.net.http.common.Utils;
@ -220,17 +221,17 @@ public final class RequestPublishers {
/**
* Publishes the content of a given file.
*
* <p>
* Privileged actions are performed within a limited doPrivileged that only
* asserts the specific, read, file permission that was checked during the
* construction of this FilePublisher.
* construction of this FilePublisher. This only applies if the file system
* that created the file provides interoperability with {@code java.io.File}.
*/
public static class FilePublisher implements BodyPublisher {
public static class FilePublisher implements BodyPublisher {
private static final FilePermission[] EMPTY_FILE_PERMISSIONS = new FilePermission[0];
private final File file;
private final FilePermission[] filePermissions;
private final Path path;
private final long length;
private final Function<Path, InputStream> inputStreamSupplier;
private static String pathForSecurityCheck(Path path) {
return path.toFile().getPath();
@ -243,48 +244,112 @@ public final class RequestPublishers {
* FilePublisher. Permission checking and construction are deliberately
* and tightly co-located.
*/
public static FilePublisher create(Path path) throws FileNotFoundException {
FilePermission filePermission = null;
public static FilePublisher create(Path path)
throws FileNotFoundException {
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
FilePermission filePermission = null;
boolean defaultFS = true;
try {
String fn = pathForSecurityCheck(path);
FilePermission readPermission = new FilePermission(fn, "read");
sm.checkPermission(readPermission);
filePermission = readPermission;
if (sm != null) {
FilePermission readPermission = new FilePermission(fn, "read");
sm.checkPermission(readPermission);
filePermission = readPermission;
}
} catch (UnsupportedOperationException uoe) {
defaultFS = false;
// Path not associated with the default file system
// Test early if an input stream can still be obtained
try {
if (sm != null) {
Files.newInputStream(path).close();
}
} catch (IOException ioe) {
if (ioe instanceof FileNotFoundException) {
throw (FileNotFoundException) ioe;
} else {
var ex = new FileNotFoundException(ioe.getMessage());
ex.initCause(ioe);
throw ex;
}
}
}
// existence check must be after permission checks
if (Files.notExists(path))
throw new FileNotFoundException(path + " not found");
return new FilePublisher(path, filePermission);
Permission perm = filePermission;
assert perm == null || perm.getActions().equals("read");
AccessControlContext acc = sm != null ?
AccessController.getContext() : null;
boolean finalDefaultFS = defaultFS;
Function<Path, InputStream> inputStreamSupplier = (p) ->
createInputStream(p, acc, perm, finalDefaultFS);
long length;
try {
length = Files.size(path);
} catch (IOException ioe) {
length = -1;
}
return new FilePublisher(path, length, inputStreamSupplier);
}
private FilePublisher(Path name, FilePermission filePermission) {
assert filePermission != null ? filePermission.getActions().equals("read") : true;
file = name.toFile();
this.filePermissions = filePermission == null ? EMPTY_FILE_PERMISSIONS
: new FilePermission[] { filePermission };
private static InputStream createInputStream(Path path,
AccessControlContext acc,
Permission perm,
boolean defaultFS) {
try {
if (acc != null) {
PrivilegedExceptionAction<InputStream> pa = defaultFS
? () -> new FileInputStream(path.toFile())
: () -> Files.newInputStream(path);
return perm != null
? AccessController.doPrivileged(pa, acc, perm)
: AccessController.doPrivileged(pa, acc);
} else {
return defaultFS
? new FileInputStream(path.toFile())
: Files.newInputStream(path);
}
} catch (PrivilegedActionException pae) {
throw toUncheckedException(pae.getCause());
} catch (IOException io) {
throw new UncheckedIOException(io);
}
}
private static RuntimeException toUncheckedException(Throwable t) {
if (t instanceof RuntimeException)
throw (RuntimeException) t;
if (t instanceof Error)
throw (Error) t;
if (t instanceof IOException)
throw new UncheckedIOException((IOException) t);
throw new UndeclaredThrowableException(t);
}
private FilePublisher(Path name,
long length,
Function<Path, InputStream> inputStreamSupplier) {
path = name;
this.length = length;
this.inputStreamSupplier = inputStreamSupplier;
}
@Override
public void subscribe(Flow.Subscriber<? super ByteBuffer> subscriber) {
InputStream is = null;
Throwable t = null;
if (System.getSecurityManager() == null) {
try {
is = new FileInputStream(file);
} catch (IOException ioe) {
t = ioe;
}
} else {
try {
PrivilegedExceptionAction<FileInputStream> pa =
() -> new FileInputStream(file);
is = AccessController.doPrivileged(pa, null, filePermissions);
} catch (PrivilegedActionException pae) {
t = pae.getCause();
}
try {
is = inputStreamSupplier.apply(path);
} catch (UncheckedIOException | UndeclaredThrowableException ue) {
t = ue.getCause();
} catch (Throwable th) {
t = th;
}
final InputStream fis = is;
PullPublisher<ByteBuffer> publisher;
@ -298,12 +363,7 @@ public final class RequestPublishers {
@Override
public long contentLength() {
if (System.getSecurityManager() == null) {
return file.length();
} else {
PrivilegedAction<Long> pa = () -> file.length();
return AccessController.doPrivileged(pa, null, filePermissions);
}
return length;
}
}
@ -313,6 +373,7 @@ public final class RequestPublishers {
public static class StreamIterator implements Iterator<ByteBuffer> {
final InputStream is;
final Supplier<? extends ByteBuffer> bufSupplier;
private volatile boolean eof;
volatile ByteBuffer nextBuffer;
volatile boolean need2Read = true;
volatile boolean haveNext;
@ -331,6 +392,8 @@ public final class RequestPublishers {
// }
private int read() {
if (eof)
return -1;
nextBuffer = bufSupplier.get();
nextBuffer.clear();
byte[] buf = nextBuffer.array();
@ -339,6 +402,7 @@ public final class RequestPublishers {
try {
int n = is.read(buf, offset, cap);
if (n == -1) {
eof = true;
is.close();
return -1;
}

357
test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest.java Normal file
View File

@ -0,0 +1,357 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8235459
* @summary Confirm that HttpRequest.BodyPublishers#ofFile(Path)
* works with changing permissions
* policy 1: no custom permission
* policy 2: custom permission for test classes
* policy 3: custom permission for test classes and httpclient
* @modules java.base/sun.net.www.http
* java.net.http/jdk.internal.net.http.common
* java.net.http/jdk.internal.net.http.frame
* java.net.http/jdk.internal.net.http.hpack
* jdk.httpserver
* @library /test/lib ../http2/server
* @compile ../HttpServerAdapters.java
* @build jdk.test.lib.net.SimpleSSLContext SecureZipFSProvider
* @run testng/othervm/policy=FilePublisherPermsTest1.policy FilePublisherPermsTest
* @run testng/othervm/policy=FilePublisherPermsTest2.policy FilePublisherPermsTest
* @run testng/othervm/policy=FilePublisherPermsTest3.policy FilePublisherPermsTest
*/
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsServer;
import jdk.test.lib.net.SimpleSSLContext;
import org.testng.annotations.AfterTest;
import org.testng.annotations.BeforeTest;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import javax.net.ssl.SSLContext;
import java.io.FileNotFoundException;
import java.io.FilePermission;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpRequest.BodyPublisher;
import java.net.http.HttpRequest.BodyPublishers;
import java.net.http.HttpResponse;
import java.nio.file.FileSystem;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.*;
import java.util.Map;
import static java.lang.System.out;
import static java.net.http.HttpClient.Builder.NO_PROXY;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.fail;
public class FilePublisherPermsTest implements HttpServerAdapters {
SSLContext sslContext;
HttpServerAdapters.HttpTestServer httpTestServer; // HTTP/1.1 [ 4 servers ]
HttpServerAdapters.HttpTestServer httpsTestServer; // HTTPS/1.1
HttpServerAdapters.HttpTestServer http2TestServer; // HTTP/2 ( h2c )
HttpServerAdapters.HttpTestServer https2TestServer; // HTTP/2 ( h2 )
String httpURI;
String httpsURI;
String http2URI;
String https2URI;
FileSystem zipFs;
static Path zipFsPath;
static Path defaultFsPath;
String policyFile;
// Default file system set up
static final String DEFAULT_FS_MSG = "default fs";
private Path defaultFsFile() throws Exception {
var file = Path.of("defaultFile.txt");
if (Files.notExists(file)) {
Files.createFile(file);
Files.writeString(file, DEFAULT_FS_MSG);
}
assertEquals(Files.readString(file), DEFAULT_FS_MSG);
return file;
}
@DataProvider(name = "defaultFsData")
public Object[][] defaultFsData() {
return new Object[][]{
{ httpURI, defaultFsPath },
{ httpsURI, defaultFsPath },
{ http2URI, defaultFsPath },
{ https2URI, defaultFsPath },
{ httpURI, defaultFsPath },
{ httpsURI, defaultFsPath },
{ http2URI, defaultFsPath },
{ https2URI, defaultFsPath },
};
}
@Test(dataProvider = "defaultFsData")
public void testDefaultFs(String uriString, Path path)
throws Exception {
out.printf("\n\n--- testDefaultFs(%s, %s): starting\n",
uriString, path);
if (System.getSecurityManager() != null) {
changePerms(path.toString(), "read,write,delete");
// Should not throw
BodyPublisher bodyPublisher = BodyPublishers.ofFile(path);
// Restrict permissions
changePerms(path.toString(), "delete");
try {
BodyPublishers.ofFile(path);
fail();
} catch (SecurityException e) {
out.println("Caught expected: " + e);
}
try {
send(uriString, bodyPublisher);
fail();
} catch (SecurityException e) {
out.println("Caught expected: " + e);
}
}
}
// Zip File system set up
static final String ZIP_FS_MSG = "zip fs";
static FileSystem newZipFs(Path zipFile) throws Exception {
return FileSystems.newFileSystem(zipFile, Map.of("create", "true"));
}
static FileSystem newSecureZipFs(Path zipFile) throws Exception {
FileSystem fs = newZipFs(zipFile);
return new SecureZipFSProvider(fs.provider()).newFileSystem(fs);
}
static Path zipFsFile(FileSystem fs) throws Exception {
var file = fs.getPath("fileInZip.txt");
if (Files.notExists(file)) {
Files.createFile(file);
Files.writeString(file, ZIP_FS_MSG);
}
assertEquals(Files.readString(file), ZIP_FS_MSG);
return file;
}
@DataProvider(name = "zipFsData")
public Object[][] zipFsData() {
return new Object[][]{
{ httpURI, zipFsPath },
{ httpsURI, zipFsPath },
{ http2URI, zipFsPath },
{ https2URI, zipFsPath },
{ httpURI, zipFsPath },
{ httpsURI, zipFsPath },
{ http2URI, zipFsPath },
{ https2URI, zipFsPath },
};
}
@Test(dataProvider = "zipFsData")
public void testZipFs(String uriString, Path path) throws Exception {
out.printf("\n\n--- testZipFsCustomPerm(%s, %s): starting\n", uriString, path);
if (System.getSecurityManager() != null) {
changePerms(path.toString(), "read,write,delete");
// Custom permission not sufficiently granted, expected to fail
if (!policyFile.contains("FilePublisherPermsTest3")) {
try {
BodyPublishers.ofFile(path);
fail();
} catch (SecurityException e) {
out.println("Caught expected: " + e);
return;
}
} else {
BodyPublisher bodyPublisher = BodyPublishers.ofFile(path);
send(uriString, bodyPublisher);
// Restrict permissions
changePerms(path.toString(), "delete");
try {
BodyPublishers.ofFile(path);
fail();
} catch (SecurityException e) {
out.println("Caught expected: " + e);
}
try {
send(uriString, bodyPublisher);
fail();
} catch (SecurityException e) {
out.println("Caught expected: " + e);
}
}
}
}
@Test
public void testFileNotFound() throws Exception {
out.printf("\n\n--- testFileNotFound(): starting\n");
var zipPath = Path.of("fileNotFound.zip");
changePerms(zipPath.toString(), "read,write,delete");
try (FileSystem fs = newZipFs(zipPath)) {
Path fileInZip = zipFsFile(fs);
Files.deleteIfExists(fileInZip);
BodyPublishers.ofFile(fileInZip);
fail();
} catch (FileNotFoundException e) {
out.println("Caught expected: " + e);
}
var path = Path.of("fileNotFound.txt");
changePerms(path.toString(), "read,write,delete");
try {
Files.deleteIfExists(path);
BodyPublishers.ofFile(path);
fail();
} catch (FileNotFoundException e) {
out.println("Caught expected: " + e);
}
}
private void send(String uriString, BodyPublisher bodyPublisher)
throws Exception {
HttpClient client = HttpClient.newBuilder()
.proxy(NO_PROXY)
.sslContext(sslContext)
.build();
var req = HttpRequest.newBuilder(URI.create(uriString))
.POST(bodyPublisher)
.build();
client.send(req, HttpResponse.BodyHandlers.discarding());
}
private void changePerms(String path, String actions) {
Policy.setPolicy(new CustomPolicy(
new FilePermission(path, actions)
));
}
static class CustomPolicy extends Policy {
static final Policy DEFAULT_POLICY = Policy.getPolicy();
final PermissionCollection perms = new Permissions();
CustomPolicy(Permission... permissions) {
java.util.Arrays.stream(permissions).forEach(perms::add);
}
public PermissionCollection getPermissions(ProtectionDomain domain) {
return perms;
}
public PermissionCollection getPermissions(CodeSource codesource) {
return perms;
}
public boolean implies(ProtectionDomain domain, Permission perm) {
// Ignore any existing permissions for test files
return perm.getName().equals(defaultFsPath.toString())
|| perm.getName().equals(zipFsPath.toString())
? perms.implies(perm)
: perms.implies(perm) || DEFAULT_POLICY.implies(domain, perm);
}
}
static class HttpEchoHandler implements HttpServerAdapters.HttpTestHandler {
@Override
public void handle(HttpServerAdapters.HttpTestExchange t) throws IOException {
try (InputStream is = t.getRequestBody();
OutputStream os = t.getResponseBody()) {
byte[] bytes = is.readAllBytes();
t.sendResponseHeaders(200, bytes.length);
os.write(bytes);
}
}
}
@BeforeTest
public void setup() throws Exception {
policyFile = System.getProperty("java.security.policy");
out.println(policyFile);
sslContext = new SimpleSSLContext().get();
if (sslContext == null)
throw new AssertionError("Unexpected null sslContext");
zipFs = newSecureZipFs(Path.of("file.zip"));
zipFsPath = zipFsFile(zipFs);
defaultFsPath = defaultFsFile();
InetSocketAddress sa =
new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);
httpTestServer = HttpServerAdapters.HttpTestServer.of(HttpServer.create(sa, 0));
httpTestServer.addHandler(
new FilePublisherPermsTest.HttpEchoHandler(), "/http1/echo");
httpURI = "http://" + httpTestServer.serverAuthority() + "/http1/echo";
HttpsServer httpsServer = HttpsServer.create(sa, 0);
httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext));
httpsTestServer = HttpServerAdapters.HttpTestServer.of(httpsServer);
httpsTestServer.addHandler(
new FilePublisherPermsTest.HttpEchoHandler(), "/https1/echo");
httpsURI = "https://" + httpsTestServer.serverAuthority() + "/https1/echo";
http2TestServer = HttpServerAdapters.HttpTestServer.of(
new Http2TestServer("localhost", false, 0));
http2TestServer.addHandler(
new FilePublisherPermsTest.HttpEchoHandler(), "/http2/echo");
http2URI = "http://" + http2TestServer.serverAuthority() + "/http2/echo";
https2TestServer = HttpServerAdapters.HttpTestServer.of(
new Http2TestServer("localhost", true, sslContext));
https2TestServer.addHandler(
new FilePublisherPermsTest.HttpEchoHandler(), "/https2/echo");
https2URI = "https://" + https2TestServer.serverAuthority() + "/https2/echo";
httpTestServer.start();
httpsTestServer.start();
http2TestServer.start();
https2TestServer.start();
}
@AfterTest
public void teardown() throws Exception {
httpTestServer.stop();
httpsTestServer.stop();
http2TestServer.stop();
https2TestServer.stop();
zipFs.close();
}
}

76
test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest1.policy Normal file
View File

@ -0,0 +1,76 @@
//
// Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License version 2 only, as
// published by the Free Software Foundation.
//
// This code is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
// version 2 for more details (a copy is included in the LICENSE file that
// accompanied this code).
//
// You should have received a copy of the GNU General Public License version
// 2 along with this work; if not, write to the Free Software Foundation,
// Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
// or visit www.oracle.com if you need additional information or have any
// questions.
//
// for JTwork/classes/0/test/lib/jdk/test/lib/net/SimpleSSLContext.class
grant codeBase "file:${test.classes}/../../../../../test/lib/-" {
permission java.util.PropertyPermission "test.src.path", "read";
permission java.io.FilePermission "${test.src}/../../../../../lib/jdk/test/lib/net/testkeys", "read";
};
// for JTwork/classes/0/java/net/httpclient/http2/server/*
grant codeBase "file:${test.classes}/../../../../../java/net/httpclient/http2/server/*" {
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.common";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.frame";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack";
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http";
permission java.net.SocketPermission "localhost:*", "accept,resolve";
permission java.lang.RuntimePermission "modifyThread";
};
grant codeBase "file:${test.classes}/*" {
permission java.net.URLPermission "http://localhost:*/http1/echo", "POST";
permission java.net.URLPermission "https://localhost:*/https1/echo", "POST";
permission java.net.URLPermission "http://localhost:*/http2/echo", "POST";
permission java.net.URLPermission "https://localhost:*/https2/echo", "POST";
permission java.net.URLPermission "https://localhost:*/http1/echo", "GET";
permission java.net.URLPermission "https://localhost:*/https1/echo", "GET";
permission java.net.URLPermission "http://localhost:*/http2/echo", "GET";
permission java.net.URLPermission "https://localhost:*/https2/echo", "GET";
// file permissions
permission java.io.FilePermission "${user.dir}${/}defaultFile.txt", "read,write,delete";
permission java.io.FilePermission "${user.dir}${/}file.zip", "read,write,delete";
// needed to access FileSystemProvider
permission java.lang.RuntimePermission "fileSystemProvider";
// for permission changes
permission java.security.SecurityPermission "getPolicy";
permission java.security.SecurityPermission "setPolicy";
// needed to grant permission to the HTTP/2 server
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.common";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.frame";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack";
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http";
// for HTTP/1.1 server logging
permission java.util.logging.LoggingPermission "control";
// needed to grant the HTTP servers
permission java.net.SocketPermission "localhost:*", "accept,resolve";
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "modifyThread";
};

81
test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest2.policy Normal file
View File

@ -0,0 +1,81 @@
//
// Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License version 2 only, as
// published by the Free Software Foundation.
//
// This code is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
// version 2 for more details (a copy is included in the LICENSE file that
// accompanied this code).
//
// You should have received a copy of the GNU General Public License version
// 2 along with this work; if not, write to the Free Software Foundation,
// Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
// or visit www.oracle.com if you need additional information or have any
// questions.
//
// same as FilePublisherPermsTest1.policy with custom permission for test classes
// for JTwork/classes/0/test/lib/jdk/test/lib/net/SimpleSSLContext.class
grant codeBase "file:${test.classes}/../../../../../test/lib/-" {
permission java.util.PropertyPermission "test.src.path", "read";
permission java.io.FilePermission "${test.src}/../../../../../lib/jdk/test/lib/net/testkeys", "read";
};
// for JTwork/classes/0/java/net/httpclient/http2/server/*
grant codeBase "file:${test.classes}/../../../../../java/net/httpclient/http2/server/*" {
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.common";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.frame";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack";
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http";
permission java.net.SocketPermission "localhost:*", "accept,resolve";
permission java.lang.RuntimePermission "modifyThread";
};
grant codeBase "file:${test.classes}/*" {
permission java.net.URLPermission "http://localhost:*/http1/echo", "POST";
permission java.net.URLPermission "https://localhost:*/https1/echo", "POST";
permission java.net.URLPermission "http://localhost:*/http2/echo", "POST";
permission java.net.URLPermission "https://localhost:*/https2/echo", "POST";
permission java.net.URLPermission "https://localhost:*/http1/echo", "GET";
permission java.net.URLPermission "https://localhost:*/https1/echo", "GET";
permission java.net.URLPermission "http://localhost:*/http2/echo", "GET";
permission java.net.URLPermission "https://localhost:*/https2/echo", "GET";
// file permissions
permission java.io.FilePermission "${user.dir}${/}defaultFile.txt", "read,write,delete";
permission java.io.FilePermission "${user.dir}${/}file.zip", "read,write,delete";
// custom permission for testing
permission java.lang.RuntimePermission "customPermission";
// needed to access FileSystemProvider
permission java.lang.RuntimePermission "fileSystemProvider";
// for permission changes
permission java.security.SecurityPermission "getPolicy";
permission java.security.SecurityPermission "setPolicy";
// needed to grant permission to the HTTP/2 server
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.common";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.frame";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack";
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http";
// for HTTP/1.1 server logging
permission java.util.logging.LoggingPermission "control";
// needed to grant the HTTP servers
permission java.net.SocketPermission "localhost:*", "accept,resolve";
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "modifyThread";
};

84
test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest3.policy Normal file
View File

@ -0,0 +1,84 @@
//
// Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License version 2 only, as
// published by the Free Software Foundation.
//
// This code is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
// version 2 for more details (a copy is included in the LICENSE file that
// accompanied this code).
//
// You should have received a copy of the GNU General Public License version
// 2 along with this work; if not, write to the Free Software Foundation,
// Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
// or visit www.oracle.com if you need additional information or have any
// questions.
//
// same as FilePublisherPermsTest1.policy with additional custom permission
// for test classes and HttpClient (in java.net.http)
grant codeBase "jrt:/java.net.http" {
permission java.lang.RuntimePermission "customPermission";
};
// for JTwork/classes/0/test/lib/jdk/test/lib/net/SimpleSSLContext.class
grant codeBase "file:${test.classes}/../../../../../test/lib/-" {
permission java.util.PropertyPermission "test.src.path", "read";
permission java.io.FilePermission "${test.src}/../../../../../lib/jdk/test/lib/net/testkeys", "read";
};
// for JTwork/classes/0/java/net/httpclient/http2/server/*
grant codeBase "file:${test.classes}/../../../../../java/net/httpclient/http2/server/*" {
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.common";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.frame";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack";
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http";
permission java.net.SocketPermission "localhost:*", "accept,resolve";
permission java.lang.RuntimePermission "modifyThread";
};
grant codeBase "file:${test.classes}/*" {
permission java.net.URLPermission "http://localhost:*/http1/echo", "POST";
permission java.net.URLPermission "https://localhost:*/https1/echo", "POST";
permission java.net.URLPermission "http://localhost:*/http2/echo", "POST";
permission java.net.URLPermission "https://localhost:*/https2/echo", "POST";
permission java.net.URLPermission "https://localhost:*/http1/echo", "GET";
permission java.net.URLPermission "https://localhost:*/https1/echo", "GET";
permission java.net.URLPermission "http://localhost:*/http2/echo", "GET";
permission java.net.URLPermission "https://localhost:*/https2/echo", "GET";
// file permissions
permission java.io.FilePermission "${user.dir}${/}defaultFile.txt", "read,write,delete";
permission java.io.FilePermission "${user.dir}${/}file.zip", "read,write,delete";
permission java.lang.RuntimePermission "customPermission";
// needed to access FileSystemProvider
permission java.lang.RuntimePermission "fileSystemProvider";
// for permission changes
permission java.security.SecurityPermission "getPolicy";
permission java.security.SecurityPermission "setPolicy";
// needed to grant permission to the HTTP/2 server
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.common";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.frame";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack";
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http";
// for HTTP/1.1 server logging
permission java.util.logging.LoggingPermission "control";
// needed to grant the HTTP servers
permission java.net.SocketPermission "localhost:*", "accept,resolve";
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "modifyThread";
};

251
test/jdk/java/net/httpclient/FilePublisher/FilePublisherTest.java Normal file
View File

@ -0,0 +1,251 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8235459
* @summary Confirm that HttpRequest.BodyPublishers#ofFile(Path)
* assumes the default file system
* @modules java.base/sun.net.www.http
* java.net.http/jdk.internal.net.http.common
* java.net.http/jdk.internal.net.http.frame
* java.net.http/jdk.internal.net.http.hpack
* jdk.httpserver
* @library /test/lib ../http2/server
* @compile ../HttpServerAdapters.java
* @build jdk.test.lib.net.SimpleSSLContext
* @run testng/othervm FilePublisherTest
* @run testng/othervm/java.security.policy=FilePublisherTest.policy FilePublisherTest
*/
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsServer;
import jdk.test.lib.net.SimpleSSLContext;
import org.testng.annotations.AfterTest;
import org.testng.annotations.BeforeTest;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import javax.net.ssl.SSLContext;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpRequest.BodyPublishers;
import java.net.http.HttpResponse;
import java.nio.file.FileSystem;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Map;
import static java.lang.System.out;
import static java.net.http.HttpClient.Builder.NO_PROXY;
import static org.testng.Assert.assertEquals;
public class FilePublisherTest implements HttpServerAdapters {
SSLContext sslContext;
HttpServerAdapters.HttpTestServer httpTestServer; // HTTP/1.1 [ 4 servers ]
HttpServerAdapters.HttpTestServer httpsTestServer; // HTTPS/1.1
HttpServerAdapters.HttpTestServer http2TestServer; // HTTP/2 ( h2c )
HttpServerAdapters.HttpTestServer https2TestServer; // HTTP/2 ( h2 )
String httpURI;
String httpsURI;
String http2URI;
String https2URI;
FileSystem zipFs;
Path defaultFsPath;
Path zipFsPath;
// Default file system set up
static final String DEFAULT_FS_MSG = "default fs";
static Path defaultFsFile() throws Exception {
var file = Path.of("defaultFile.txt");
if (Files.notExists(file)) {
Files.createFile(file);
Files.writeString(file, DEFAULT_FS_MSG);
}
assertEquals(Files.readString(file), DEFAULT_FS_MSG);
return file;
}
@DataProvider(name = "defaultFsData")
public Object[][] defaultFsData() {
return new Object[][]{
{ httpURI, defaultFsPath, DEFAULT_FS_MSG, true },
{ httpsURI, defaultFsPath, DEFAULT_FS_MSG, true },
{ http2URI, defaultFsPath, DEFAULT_FS_MSG, true },
{ https2URI, defaultFsPath, DEFAULT_FS_MSG, true },
{ httpURI, defaultFsPath, DEFAULT_FS_MSG, false },
{ httpsURI, defaultFsPath, DEFAULT_FS_MSG, false },
{ http2URI, defaultFsPath, DEFAULT_FS_MSG, false },
{ https2URI, defaultFsPath, DEFAULT_FS_MSG, false },
};
}
@Test(dataProvider = "defaultFsData")
public void testDefaultFs(String uriString,
Path path,
String expectedMsg,
boolean sameClient) throws Exception {
out.printf("\n\n--- testDefaultFs(%s, %s, \"%s\", %b): starting\n",
uriString, path, expectedMsg, sameClient);
send(uriString, path, expectedMsg, sameClient);
}
// Zip file system set up
static final String ZIP_FS_MSG = "zip fs";
static FileSystem newZipFs() throws Exception {
Path zipFile = Path.of("file.zip");
return FileSystems.newFileSystem(zipFile, Map.of("create", "true"));
}
static Path zipFsFile(FileSystem fs) throws Exception {
var file = fs.getPath("fileInZip.txt");
if (Files.notExists(file)) {
Files.createFile(file);
Files.writeString(file, ZIP_FS_MSG);
}
assertEquals(Files.readString(file), ZIP_FS_MSG);
return file;
}
@DataProvider(name = "zipFsData")
public Object[][] zipFsData() {
return new Object[][]{
{ httpURI, zipFsPath, ZIP_FS_MSG, true },
{ httpsURI, zipFsPath, ZIP_FS_MSG, true },
{ http2URI, zipFsPath, ZIP_FS_MSG, true },
{ https2URI, zipFsPath, ZIP_FS_MSG, true },
{ httpURI, zipFsPath, ZIP_FS_MSG, false },
{ httpsURI, zipFsPath, ZIP_FS_MSG, false },
{ http2URI, zipFsPath, ZIP_FS_MSG, false },
{ https2URI, zipFsPath, ZIP_FS_MSG, false },
};
}
@Test(dataProvider = "zipFsData")
public void testZipFs(String uriString,
Path path,
String expectedMsg,
boolean sameClient) throws Exception {
out.printf("\n\n--- testZipFs(%s, %s, \"%s\", %b): starting\n",
uriString, path, expectedMsg, sameClient);
send(uriString, path, expectedMsg, sameClient);
}
private static final int ITERATION_COUNT = 3;
private void send(String uriString,
Path path,
String expectedMsg,
boolean sameClient)
throws Exception {
HttpClient client = null;
for (int i = 0; i < ITERATION_COUNT; i++) {
if (!sameClient || client == null) {
client = HttpClient.newBuilder()
.proxy(NO_PROXY)
.sslContext(sslContext)
.build();
}
var req = HttpRequest.newBuilder(URI.create(uriString))
.POST(BodyPublishers.ofFile(path))
.build();
var resp = client.send(req, HttpResponse.BodyHandlers.ofString());
out.println("Got response: " + resp);
out.println("Got body: " + resp.body());
assertEquals(resp.statusCode(), 200);
assertEquals(resp.body(), expectedMsg);
}
}
@BeforeTest
public void setup() throws Exception {
sslContext = new SimpleSSLContext().get();
if (sslContext == null)
throw new AssertionError("Unexpected null sslContext");
defaultFsPath = defaultFsFile();
zipFs = newZipFs();
zipFsPath = zipFsFile(zipFs);
InetSocketAddress sa =
new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);
httpTestServer = HttpServerAdapters.HttpTestServer.of(HttpServer.create(sa, 0));
httpTestServer.addHandler(new HttpEchoHandler(), "/http1/echo");
httpURI = "http://" + httpTestServer.serverAuthority() + "/http1/echo";
HttpsServer httpsServer = HttpsServer.create(sa, 0);
httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext));
httpsTestServer = HttpServerAdapters.HttpTestServer.of(httpsServer);
httpsTestServer.addHandler(new HttpEchoHandler(), "/https1/echo");
httpsURI = "https://" + httpsTestServer.serverAuthority() + "/https1/echo";
http2TestServer = HttpServerAdapters.HttpTestServer.of(
new Http2TestServer("localhost", false, 0));
http2TestServer.addHandler(new HttpEchoHandler(), "/http2/echo");
http2URI = "http://" + http2TestServer.serverAuthority() + "/http2/echo";
https2TestServer = HttpServerAdapters.HttpTestServer.of(
new Http2TestServer("localhost", true, sslContext));
https2TestServer.addHandler(new HttpEchoHandler(), "/https2/echo");
https2URI = "https://" + https2TestServer.serverAuthority() + "/https2/echo";
httpTestServer.start();
httpsTestServer.start();
http2TestServer.start();
https2TestServer.start();
}
@AfterTest
public void teardown() throws Exception {
httpTestServer.stop();
httpsTestServer.stop();
http2TestServer.stop();
https2TestServer.stop();
zipFs.close();
}
static class HttpEchoHandler implements HttpServerAdapters.HttpTestHandler {
@Override
public void handle(HttpServerAdapters.HttpTestExchange t) throws IOException {
try (InputStream is = t.getRequestBody();
OutputStream os = t.getResponseBody()) {
byte[] bytes = is.readAllBytes();
t.sendResponseHeaders(200, bytes.length);
os.write(bytes);
}
}
}
}

69
test/jdk/java/net/httpclient/FilePublisher/FilePublisherTest.policy Normal file
View File

@ -0,0 +1,69 @@
//
// Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
// DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
//
// This code is free software; you can redistribute it and/or modify it
// under the terms of the GNU General Public License version 2 only, as
// published by the Free Software Foundation.
//
// This code is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
// FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
// version 2 for more details (a copy is included in the LICENSE file that
// accompanied this code).
//
// You should have received a copy of the GNU General Public License version
// 2 along with this work; if not, write to the Free Software Foundation,
// Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
//
// Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
// or visit www.oracle.com if you need additional information or have any
// questions.
//
// for JTwork/classes/0/test/lib/jdk/test/lib/net/SimpleSSLContext.class
grant codeBase "file:${test.classes}/../../../../../test/lib/-" {
permission java.util.PropertyPermission "test.src.path", "read";
permission java.io.FilePermission "${test.src}/../../../../../lib/jdk/test/lib/net/testkeys", "read";
};
// for JTwork/classes/0/java/net/httpclient/http2/server/*
grant codeBase "file:${test.classes}/../../../../../java/net/httpclient/http2/server/*" {
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.common";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.frame";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack";
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http";
permission java.net.SocketPermission "localhost:*", "accept,resolve";
permission java.lang.RuntimePermission "modifyThread";
};
grant codeBase "file:${test.classes}/*" {
permission java.net.URLPermission "http://localhost:*/http1/echo", "POST";
permission java.net.URLPermission "https://localhost:*/https1/echo", "POST";
permission java.net.URLPermission "http://localhost:*/http2/echo", "POST";
permission java.net.URLPermission "https://localhost:*/https2/echo", "POST";
permission java.net.URLPermission "https://localhost:*/http1/echo", "GET";
permission java.net.URLPermission "https://localhost:*/https1/echo", "GET";
permission java.net.URLPermission "http://localhost:*/http2/echo", "GET";
permission java.net.URLPermission "https://localhost:*/https2/echo", "GET";
// file permissions
permission java.io.FilePermission "${user.dir}${/}defaultFile.txt", "read,write,delete";
permission java.io.FilePermission "${user.dir}${/}file.zip", "read,write,delete";
// needed to grant permission to the HTTP/2 server
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.common";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.frame";
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack";
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http";
// for HTTP/1.1 server logging
permission java.util.logging.LoggingPermission "control";
// needed to grant the HTTP servers
permission java.net.SocketPermission "localhost:*", "accept,resolve";
permission java.util.PropertyPermission "*", "read";
permission java.lang.RuntimePermission "modifyThread";
};

453
test/jdk/java/net/httpclient/FilePublisher/SecureZipFSProvider.java Normal file
View File

@ -0,0 +1,453 @@
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.channels.FileChannel;
import java.nio.channels.SeekableByteChannel;
import java.nio.file.AccessMode;
import java.nio.file.CopyOption;
import java.nio.file.DirectoryStream;
import java.nio.file.FileStore;
import java.nio.file.FileSystem;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.PathMatcher;
import java.nio.file.ProviderMismatchException;
import java.nio.file.WatchEvent;
import java.nio.file.WatchKey;
import java.nio.file.WatchService;
import java.nio.file.attribute.BasicFileAttributes;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.FileAttributeView;
import java.nio.file.attribute.UserPrincipalLookupService;
import java.nio.file.spi.FileSystemProvider;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
public class SecureZipFSProvider extends FileSystemProvider {
private final ConcurrentHashMap<FileSystem, SecureZipFS> map =
new ConcurrentHashMap<>();
private final FileSystemProvider defaultProvider;
public SecureZipFSProvider(FileSystemProvider provider) {
defaultProvider = provider;
}
@Override
public String getScheme() {
return "jar";
}
public FileSystem newFileSystem(FileSystem fs) {
return map.computeIfAbsent(fs, (sfs) ->
new SecureZipFS(this, fs));
}
@Override
public FileSystem newFileSystem(URI uri, Map<String, ?> env)
throws IOException {
FileSystem fs = defaultProvider.newFileSystem(uri, env);
return map.computeIfAbsent(fs, (sfs) ->
new SecureZipFS(this, fs)
);
}
@Override
public FileSystem getFileSystem(URI uri) {
return map.get(defaultProvider.getFileSystem(uri));
}
@Override
public Path getPath(URI uri) {
Path p = defaultProvider.getPath(uri);
return map.get(defaultProvider.getFileSystem(uri)).wrap(p);
}
@Override
public InputStream newInputStream(Path path, OpenOption... options)
throws IOException {
Path p = toTestPath(path).unwrap();
// Added permission checks before opening the file
SecurityManager sm = System.getSecurityManager();
if (sm != null) {
sm.checkPermission(new RuntimePermission("customPermission"));
sm.checkRead(p.toString());
}
return defaultProvider.newInputStream(p, options);
}
@Override
public SeekableByteChannel newByteChannel(Path path,
Set<? extends OpenOption> options,
FileAttribute<?>... attrs)
throws IOException {
Path p = toTestPath(path).unwrap();
return defaultProvider.newByteChannel(p, options, attrs);
}
@Override
public FileChannel newFileChannel(Path path,
Set<? extends OpenOption> options,
FileAttribute<?>... attrs)
throws IOException {
Path p = toTestPath(path).unwrap();
return defaultProvider.newFileChannel(p, options, attrs);
}
@Override
public DirectoryStream<Path> newDirectoryStream(Path dir,
DirectoryStream.Filter<? super Path> filter) {
throw new RuntimeException("not implemented");
}
@Override
public void createDirectory(Path dir, FileAttribute<?>... attrs)
throws IOException {
Path p = toTestPath(dir).unwrap();
defaultProvider.createDirectory(p, attrs);
}
@Override
public void delete(Path path) throws IOException {
Path p = toTestPath(path).unwrap();
defaultProvider.delete(p);
}
@Override
public void copy(Path source, Path target, CopyOption... options)
throws IOException {
Path sp = toTestPath(source).unwrap();
Path tp = toTestPath(target).unwrap();
defaultProvider.copy(sp, tp, options);
}
@Override
public void move(Path source, Path target, CopyOption... options)
throws IOException {
Path sp = toTestPath(source).unwrap();
Path tp = toTestPath(target).unwrap();
defaultProvider.move(sp, tp, options);
}
@Override
public boolean isSameFile(Path path, Path path2)
throws IOException {
Path p = toTestPath(path).unwrap();
Path p2 = toTestPath(path2).unwrap();
return defaultProvider.isSameFile(p, p2);
}
@Override
public boolean isHidden(Path path) throws IOException {
Path p = toTestPath(path).unwrap();
return defaultProvider.isHidden(p);
}
@Override
public FileStore getFileStore(Path path) throws IOException {
Path p = toTestPath(path).unwrap();
return defaultProvider.getFileStore(p);
}
@Override
public void checkAccess(Path path, AccessMode... modes) throws IOException {
Path p = toTestPath(path).unwrap();
defaultProvider.checkAccess(p, modes);
}
@Override
public <V extends FileAttributeView> V getFileAttributeView(Path path,
Class<V> type,
LinkOption... options) {
Path p = toTestPath(path).unwrap();
return defaultProvider.getFileAttributeView(p, type, options);
}
@Override
public <A extends BasicFileAttributes> A readAttributes(Path path,
Class<A> type,
LinkOption... options)
throws IOException {
Path p = toTestPath(path).unwrap();
return defaultProvider.readAttributes(p, type, options);
}
@Override
public Map<String, Object> readAttributes(Path path,
String attributes,
LinkOption... options)
throws IOException {
Path p = toTestPath(path).unwrap();
return defaultProvider.readAttributes(p, attributes, options);
}
@Override
public void setAttribute(Path path, String attribute,
Object value, LinkOption... options)
throws IOException {
Path p = toTestPath(path).unwrap();
defaultProvider.setAttribute(p, attribute, options);
}
// Checks that the given file is a TestPath
static TestPath toTestPath(Path obj) {
if (obj == null)
throw new NullPointerException();
if (!(obj instanceof TestPath))
throw new ProviderMismatchException();
return (TestPath) obj;
}
static class SecureZipFS extends FileSystem {
private final SecureZipFSProvider provider;
private final FileSystem delegate;
public SecureZipFS(SecureZipFSProvider provider, FileSystem delegate) {
this.provider = provider;
this.delegate = delegate;
}
Path wrap(Path path) {
return (path != null) ? new TestPath(this, path) : null;
}
Path unwrap(Path wrapper) {
if (wrapper == null)
throw new NullPointerException();
if (!(wrapper instanceof TestPath))
throw new ProviderMismatchException();
return ((TestPath) wrapper).unwrap();
}
@Override
public FileSystemProvider provider() {
return provider;
}
@Override
public void close() throws IOException {
delegate.close();
}
@Override
public boolean isOpen() {
return delegate.isOpen();
}
@Override
public boolean isReadOnly() {
return delegate.isReadOnly();
}
@Override
public String getSeparator() {
return delegate.getSeparator();
}
@Override
public Iterable<Path> getRootDirectories() {
return delegate.getRootDirectories();
}
@Override
public Iterable<FileStore> getFileStores() {
return delegate.getFileStores();
}
@Override
public Set<String> supportedFileAttributeViews() {
return delegate.supportedFileAttributeViews();
}
@Override
public Path getPath(String first, String... more) {
return wrap(delegate.getPath(first, more));
}
@Override
public PathMatcher getPathMatcher(String syntaxAndPattern) {
return delegate.getPathMatcher(syntaxAndPattern);
}
@Override
public UserPrincipalLookupService getUserPrincipalLookupService() {
return delegate.getUserPrincipalLookupService();
}
@Override
public WatchService newWatchService() throws IOException {
return delegate.newWatchService();
}
}
static class TestPath implements Path {
private final SecureZipFS fs;
private final Path delegate;
TestPath(SecureZipFS fs, Path delegate) {
this.fs = fs;
this.delegate = delegate;
}
Path unwrap() {
return delegate;
}
@Override
public SecureZipFS getFileSystem() {
return fs;
}
@Override
public boolean isAbsolute() {
return delegate.isAbsolute();
}
@Override
public Path getRoot() {
return fs.wrap(delegate.getRoot());
}
@Override
public Path getFileName() {
return fs.wrap(delegate.getFileName());
}
@Override
public Path getParent() {
return fs.wrap(delegate.getParent());
}
@Override
public int getNameCount() {
return delegate.getNameCount();
}
@Override
public Path getName(int index) {
return fs.wrap(delegate.getName(index));
}
@Override
public Path subpath(int beginIndex, int endIndex) {
return fs.wrap(delegate.subpath(beginIndex, endIndex));
}
@Override
public boolean startsWith(Path other) {
return delegate.startsWith(other);
}
@Override
public boolean endsWith(Path other) {
return delegate.endsWith(other);
}
@Override
public Path normalize() {
return fs.wrap(delegate.normalize());
}
@Override
public Path resolve(Path other) {
return fs.wrap(delegate.resolve(fs.wrap(other)));
}
@Override
public Path relativize(Path other) {
return fs.wrap(delegate.relativize(fs.wrap(other)));
}
@Override
public URI toUri() {
String ssp = delegate.toUri().getSchemeSpecificPart();
return URI.create(fs.provider().getScheme() + ":" + ssp);
}
@Override
public Path toAbsolutePath() {
return fs.wrap(delegate.toAbsolutePath());
}
@Override
public Path toRealPath(LinkOption... options) throws IOException {
return fs.wrap(delegate.toRealPath(options));
}
@Override
public WatchKey register(WatchService watcher,
WatchEvent.Kind<?>[] events,
WatchEvent.Modifier... modifiers)
throws IOException {
return delegate.register(watcher, events, modifiers);
}
@Override
public Iterator<Path> iterator() {
final Iterator<Path> itr = delegate.iterator();
return new Iterator<>() {
@Override
public boolean hasNext() {
return itr.hasNext();
}
@Override
public Path next() {
return fs.wrap(itr.next());
}
@Override
public void remove() {
itr.remove();
}
};
}
@Override
public int compareTo(Path other) {
return delegate.compareTo(fs.unwrap(other));
}
@Override
public int hashCode() {
return delegate.hashCode();
}
@Override
public boolean equals(Object other) {
return other instanceof TestPath && delegate.equals(fs.unwrap((TestPath) other));
}
@Override
public String toString() {
return delegate.toString();
}
}
}