infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-10 02:18:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

8156802: Better constraint checking

Browse Source 
Reviewed-by: dfuchs
This commit is contained in:
Roger Riggs 2016-10-12 12:56:35 -04:00
parent 90e6cda73c
commit e68ae2ec8e
9 changed files with 610 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
jdk/src/java.base/share/conf/security/java.security
View File

@ -658,6 +658,36 @@ krb5.kdc.bad.policy = tryLast
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & denyAfter 2017-01-01, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
#
# RMI Registry Serial Filter
#
# The filter pattern uses the same format as jdk.serialFilter.
# This filter can override the builtin filter if additional types need to be
# allowed or rejected from the RMI Registry.
#
# Note: This property is currently used by the JDK Reference implementation.
# It is not guaranteed to be examined and used by other implementations.
#
#sun.rmi.registry.registryFilter=pattern;pattern
#
# RMI Distributed Garbage Collector (DGC) Serial Filter
#
# The filter pattern uses the same format as jdk.serialFilter.
# This filter can override the builtin filter if additional types need to be
# allowed or rejected from the RMI DGC.
#
# Note: This property is currently used by the JDK Reference implementation.
# It is not guaranteed to be examined and used by other implementations.
#
# The builtin DGC filter can approximately be represented as the filter pattern:
#
#sun.rmi.transport.dgcFilter=\
# java.rmi.server.ObjID;\
# java.rmi.server.UID;\
# java.rmi.dgc.VMID;\
# java.rmi.dgc.Lease;\
# maxdepth=5;maxarray=10000
# Algorithm restrictions for signed JAR files
#
# In some environments, certain algorithms or key lengths may be undesirable

39
jdk/src/java.rmi/share/classes/java/rmi/MarshalledObject.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -29,11 +29,15 @@ import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputFilter;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectStreamConstants;
import java.io.OutputStream;
import java.io.Serializable;
import java.security.AccessController;
import java.security.PrivilegedAction;
import sun.rmi.server.MarshalInputStream;
import sun.rmi.server.MarshalOutputStream;
@ -90,6 +94,9 @@ public final class MarshalledObject<T> implements Serializable {
*/
private int hash;
/** Filter used when creating the instance from a stream; may be null. */
private transient ObjectInputFilter objectInputFilter = null;
/** Indicate compatibility with 1.2 version of class. */
private static final long serialVersionUID = 8988374069173025854L;
@ -132,10 +139,26 @@ public final class MarshalledObject<T> implements Serializable {
hash = h;
}
/**
* Reads in the state of the object and saves the stream's
* serialization filter to be used when the object is deserialized.
*
* @param stream the stream
* @throws IOException if an I/O error occurs
* @throws ClassNotFoundException if a class cannot be found
*/
private void readObject(ObjectInputStream stream)
throws IOException, ClassNotFoundException {
stream.defaultReadObject(); // read in all fields
objectInputFilter = stream.getObjectInputFilter();
}
/**
* Returns a new copy of the contained marshalledobject. The internal
* representation is deserialized with the semantics used for
* unmarshaling parameters for RMI calls.
* If the MarshalledObject was read from an ObjectInputStream,
* the filter from that stream is used to deserialize the object.
*
* @return a copy of the contained object
* @exception IOException if an <code>IOException</code> occurs while
@ -155,7 +178,7 @@ public final class MarshalledObject<T> implements Serializable {
ByteArrayInputStream lin =
(locBytes == null ? null : new ByteArrayInputStream(locBytes));
MarshalledObjectInputStream in =
new MarshalledObjectInputStream(bin, lin);
new MarshalledObjectInputStream(bin, lin, objectInputFilter);
@SuppressWarnings("unchecked")
T obj = (T) in.readObject();
in.close();
@ -295,11 +318,21 @@ public final class MarshalledObject<T> implements Serializable {
* <code>null</code>, then all annotations will be
* <code>null</code>.
*/
MarshalledObjectInputStream(InputStream objIn, InputStream locIn)
MarshalledObjectInputStream(InputStream objIn, InputStream locIn,
ObjectInputFilter filter)
throws IOException
{
super(objIn);
this.locIn = (locIn == null ? null : new ObjectInputStream(locIn));
if (filter != null) {
AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
MarshalledObjectInputStream.this.setObjectInputFilter(filter);
if (MarshalledObjectInputStream.this.locIn != null) {
MarshalledObjectInputStream.this.locIn.setObjectInputFilter(filter);
}
return null;
});
}
}
/**

115
jdk/src/java.rmi/share/classes/sun/rmi/registry/RegistryImpl.java
View File

@ -25,8 +25,12 @@
package sun.rmi.registry;
import java.io.ObjectInputFilter;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.rmi.server.LogStream;
import java.security.PrivilegedAction;
import java.security.Security;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
@ -39,7 +43,6 @@ import java.io.IOException;
import java.net.*;
import java.rmi.*;
import java.rmi.server.ObjID;
import java.rmi.server.RemoteServer;
import java.rmi.server.ServerNotActiveException;
import java.rmi.registry.Registry;
import java.rmi.server.RMIClientSocketFactory;
@ -54,12 +57,12 @@ import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.ProtectionDomain;
import java.text.MessageFormat;
import sun.rmi.server.LoaderHandler;
import sun.rmi.runtime.Log;
import sun.rmi.server.UnicastRef;
import sun.rmi.server.UnicastServerRef;
import sun.rmi.server.UnicastServerRef2;
import sun.rmi.transport.LiveRef;
import sun.rmi.transport.ObjectTable;
import sun.rmi.transport.Target;
/**
* A "registry" exists on every node that allows RMI connections to
@ -90,6 +93,48 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
private static ResourceBundle resources = null;
/**
* Property name of the RMI Registry serial filter to augment
* the built-in list of allowed types.
* Setting the property in the {@code conf/security/java.security} file
* will enable the augmented filter.
*/
private static final String REGISTRY_FILTER_PROPNAME = "sun.rmi.registry.registryFilter";
/** Registry max depth of remote invocations. **/
private static int REGISTRY_MAX_DEPTH = 5;
/** Registry maximum array size in remote invocations. **/
private static int REGISTRY_MAX_ARRAY_SIZE = 10000;
/**
* The registryFilter created from the value of the {@code "sun.rmi.registry.registryFilter"}
* property.
*/
private static final ObjectInputFilter registryFilter =
AccessController.doPrivileged((PrivilegedAction<ObjectInputFilter>)RegistryImpl::initRegistryFilter);
/**
* Initialize the registryFilter from the security properties or system property; if any
* @return an ObjectInputFilter, or null
*/
@SuppressWarnings("deprecation")
private static ObjectInputFilter initRegistryFilter() {
ObjectInputFilter filter = null;
String props = System.getProperty(REGISTRY_FILTER_PROPNAME);
if (props == null) {
props = Security.getProperty(REGISTRY_FILTER_PROPNAME);
}
if (props != null) {
filter = ObjectInputFilter.Config.createFilter(props);
Log regLog = Log.getLog("sun.rmi.registry", "registry", -1);
if (regLog.isLoggable(Log.BRIEF)) {
regLog.log(Log.BRIEF, "registryFilter = " + filter);
}
}
return filter;
}
/**
* Construct a new RegistryImpl on the specified port with the
* given custom socket factory pair.
@ -105,7 +150,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
public Void run() throws RemoteException {
LiveRef lref = new LiveRef(id, port, csf, ssf);
setup(new UnicastServerRef2(lref));
setup(new UnicastServerRef2(lref, RegistryImpl::registryFilter));
return null;
}
}, null, new SocketPermission("localhost:"+port, "listen,accept"));
@ -114,7 +159,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
}
} else {
LiveRef lref = new LiveRef(id, port, csf, ssf);
setup(new UnicastServerRef2(lref));
setup(new UnicastServerRef2(lref, RegistryImpl::registryFilter));
}
}
@ -130,7 +175,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
public Void run() throws RemoteException {
LiveRef lref = new LiveRef(id, port);
setup(new UnicastServerRef(lref));
setup(new UnicastServerRef(lref, RegistryImpl::registryFilter));
return null;
}
}, null, new SocketPermission("localhost:"+port, "listen,accept"));
@ -139,7 +184,7 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
}
} else {
LiveRef lref = new LiveRef(id, port);
setup(new UnicastServerRef(lref));
setup(new UnicastServerRef(lref, RegistryImpl::registryFilter));
}
}
@ -361,6 +406,60 @@ public class RegistryImpl extends java.rmi.server.RemoteServer
return paths.toArray(new URL[0]);
}
/**
* ObjectInputFilter to filter Registry input objects.
* The list of acceptable classes is limited to classes normally
* stored in a registry.
*
* @param filterInfo access to the class, array length, etc.
* @return {@link ObjectInputFilter.Status#ALLOWED} if allowed,
* {@link ObjectInputFilter.Status#REJECTED} if rejected,
* otherwise {@link ObjectInputFilter.Status#UNDECIDED}
*/
private static ObjectInputFilter.Status registryFilter(ObjectInputFilter.FilterInfo filterInfo) {
if (registryFilter != null) {
ObjectInputFilter.Status status = registryFilter.checkInput(filterInfo);
if (status != ObjectInputFilter.Status.UNDECIDED) {
// The Registry filter can override the built-in white-list
return status;
}
}
if (filterInfo.depth() > REGISTRY_MAX_DEPTH) {
return ObjectInputFilter.Status.REJECTED;
}
Class<?> clazz = filterInfo.serialClass();
if (clazz != null) {
if (clazz.isArray()) {
if (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > REGISTRY_MAX_ARRAY_SIZE) {
return ObjectInputFilter.Status.REJECTED;
}
do {
// Arrays are allowed depending on the component type
clazz = clazz.getComponentType();
} while (clazz.isArray());
}
if (clazz.isPrimitive()) {
// Arrays of primitives are allowed
return ObjectInputFilter.Status.ALLOWED;
}
if (String.class == clazz
|| java.lang.Number.class.isAssignableFrom(clazz)
|| Remote.class.isAssignableFrom(clazz)
|| java.lang.reflect.Proxy.class.isAssignableFrom(clazz)
|| UnicastRef.class.isAssignableFrom(clazz)
|| RMIClientSocketFactory.class.isAssignableFrom(clazz)
|| RMIServerSocketFactory.class.isAssignableFrom(clazz)
|| java.rmi.activation.ActivationID.class.isAssignableFrom(clazz)
|| java.rmi.server.UID.class.isAssignableFrom(clazz)) {
return ObjectInputFilter.Status.ALLOWED;
} else {
return ObjectInputFilter.Status.REJECTED;
}
}
return ObjectInputFilter.Status.UNDECIDED;
}
/**
* Return a new RegistryImpl on the requested port and export it to serve
* registry requests. A classloader is initialized from the system property

5
jdk/src/java.rmi/share/classes/sun/rmi/runtime/Log.java
View File

@ -232,6 +232,11 @@ public abstract class Log {
}
}
public String toString() {
return logger.toString() + ", level: " + logger.getLevel() +
", name: " + logger.getName();
}
/**
* Set the output stream associated with the RMI server call
* logger.

95
jdk/src/java.rmi/share/classes/sun/rmi/transport/DGCImpl.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -24,6 +24,7 @@
*/
package sun.rmi.transport;
import java.io.ObjectInputFilter;
import java.net.SocketPermission;
import java.rmi.Remote;
import java.rmi.RemoteException;
@ -34,11 +35,13 @@ import java.rmi.server.LogStream;
import java.rmi.server.ObjID;
import java.rmi.server.RemoteServer;
import java.rmi.server.ServerNotActiveException;
import java.rmi.server.UID;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.ProtectionDomain;
import java.security.Security;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.HashMap;
@ -99,6 +102,46 @@ final class DGCImpl implements DGC {
return dgc;
}
/**
* Property name of the DGC serial filter to augment
* the built-in list of allowed types.
* Setting the property in the {@code conf/security/java.security} file
* or system property will enable the augmented filter.
*/
private static final String DGC_FILTER_PROPNAME = "sun.rmi.transport.dgcFilter";
/** Registry max depth of remote invocations. **/
private static int DGC_MAX_DEPTH = 5;
/** Registry maximum array size in remote invocations. **/
private static int DGC_MAX_ARRAY_SIZE = 10000;
/**
* The dgcFilter created from the value of the {@code "sun.rmi.transport.dgcFilter"}
* property.
*/
private static final ObjectInputFilter dgcFilter =
AccessController.doPrivileged((PrivilegedAction<ObjectInputFilter>)DGCImpl::initDgcFilter);
/**
* Initialize the dgcFilter from the security properties or system property; if any
* @return an ObjectInputFilter, or null
*/
private static ObjectInputFilter initDgcFilter() {
ObjectInputFilter filter = null;
String props = System.getProperty(DGC_FILTER_PROPNAME);
if (props == null) {
props = Security.getProperty(DGC_FILTER_PROPNAME);
}
if (props != null) {
filter = ObjectInputFilter.Config.createFilter(props);
if (dgcLog.isLoggable(Log.BRIEF)) {
dgcLog.log(Log.BRIEF, "dgcFilter = " + filter);
}
}
return filter;
}
/**
* Construct a new server-side remote object collector at
* a particular port. Disallow construction from outside.
@ -293,7 +336,8 @@ final class DGCImpl implements DGC {
dgc = new DGCImpl();
ObjID dgcID = new ObjID(ObjID.DGC_ID);
LiveRef ref = new LiveRef(dgcID, 0);
UnicastServerRef disp = new UnicastServerRef(ref);
UnicastServerRef disp = new UnicastServerRef(ref,
DGCImpl::checkInput);
Remote stub =
Util.createProxy(DGCImpl.class,
new UnicastRef(ref), true);
@ -324,6 +368,53 @@ final class DGCImpl implements DGC {
});
}
/**
* ObjectInputFilter to filter DGC input objects.
* The list of acceptable classes is very short and explicit.
* The depth and array sizes are limited.
*
* @param filterInfo access to class, arrayLength, etc.
* @return {@link ObjectInputFilter.Status#ALLOWED} if allowed,
* {@link ObjectInputFilter.Status#REJECTED} if rejected,
* otherwise {@link ObjectInputFilter.Status#UNDECIDED}
*/
private static ObjectInputFilter.Status checkInput(ObjectInputFilter.FilterInfo filterInfo) {
if (dgcFilter != null) {
ObjectInputFilter.Status status = dgcFilter.checkInput(filterInfo);
if (status != ObjectInputFilter.Status.UNDECIDED) {
// The DGC filter can override the built-in white-list
return status;
}
}
if (filterInfo.depth() > DGC_MAX_DEPTH) {
return ObjectInputFilter.Status.REJECTED;
}
Class<?> clazz = filterInfo.serialClass();
if (clazz != null) {
while (clazz.isArray()) {
if (filterInfo.arrayLength() >= 0 && filterInfo.arrayLength() > DGC_MAX_ARRAY_SIZE) {
return ObjectInputFilter.Status.REJECTED;
}
// Arrays are allowed depending on the component type
clazz = clazz.getComponentType();
}
if (clazz.isPrimitive()) {
// Arrays of primitives are allowed
return ObjectInputFilter.Status.ALLOWED;
}
return (clazz == ObjID.class ||
clazz == UID.class ||
clazz == VMID.class ||
clazz == Lease.class)
? ObjectInputFilter.Status.ALLOWED
: ObjectInputFilter.Status.REJECTED;
}
// Not a class, not size limited
return ObjectInputFilter.Status.UNDECIDED;
}
private static class LeaseInfo {
VMID vmid;
long expiration;

140
jdk/test/java/rmi/MarshalledObject/MOFilterTest.java Normal file
View File

@ -0,0 +1,140 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InvalidClassException;
import java.io.ObjectInput;
import java.io.ObjectInputStream;
import java.io.ObjectInputFilter;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.rmi.MarshalledObject;
import java.util.Objects;
import org.testng.Assert;
import org.testng.annotations.Test;
import org.testng.annotations.DataProvider;
/* @test
* @run testng/othervm MOFilterTest
*
* @summary Test MarshalledObject applies ObjectInputFilter
*/
@Test
public class MOFilterTest {
/**
* Two cases are tested.
* The filter = null and a filter set to verify the calls to the filter.
* @return array objects with test parameters for each test case
*/
@DataProvider(name = "FilterCases")
public static Object[][] filterCases() {
return new Object[][] {
{true}, // run the test with the filter
{false}, // run the test without the filter
};
}
/**
* Test that MarshalledObject inherits the ObjectInputFilter from
* the stream it was deserialized from.
*/
@Test(dataProvider="FilterCases")
static void delegatesToMO(boolean withFilter) {
try {
Serializable testobj = Integer.valueOf(5);
MarshalledObject<Serializable> mo = new MarshalledObject<>(testobj);
Assert.assertEquals(mo.get(), testobj, "MarshalledObject.get returned a non-equals test object");
byte[] bytes = writeObjects(mo);
try (ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
ObjectInputStream ois = new ObjectInputStream(bais)) {
CountingFilter filter1 = new CountingFilter();
ois.setObjectInputFilter(withFilter ? filter1 : null);
MarshalledObject<?> actualMO = (MarshalledObject<?>)ois.readObject();
int count = filter1.getCount();
actualMO.get();
int expectedCount = withFilter ? count + 2 : count;
int actualCount = filter1.getCount();
Assert.assertEquals(actualCount, expectedCount, "filter called wrong number of times during get()");
}
} catch (IOException ioe) {
Assert.fail("Unexpected IOException", ioe);
} catch (ClassNotFoundException cnf) {
Assert.fail("Deserializing", cnf);
}
}
/**
* Write objects and return a byte array with the bytes.
*
* @param objects zero or more objects to serialize
* @return the byte array of the serialized objects
* @throws IOException if an exception occurs
*/
static byte[] writeObjects(Object... objects) throws IOException {
byte[] bytes;
try (ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(baos)) {
for (Object o : objects) {
oos.writeObject(o);
}
bytes = baos.toByteArray();
}
return bytes;
}
static class CountingFilter implements ObjectInputFilter {
private int count; // count of calls to the filter
CountingFilter() {
count = 0;
}
int getCount() {
return count;
}
/**
* Filter that rejects class Integer and allows others
*
* @param filterInfo access to the class, arrayLength, etc.
* @return {@code STATUS.REJECTED}
*/
public ObjectInputFilter.Status checkInput(FilterInfo filterInfo) {
count++;
return ObjectInputFilter.Status.ALLOWED;
}
}
}

186
jdk/test/java/rmi/registry/serialFilter/RegistryFilterTest.java Normal file
View File

@ -0,0 +1,186 @@
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.rmi.MarshalledObject;
import java.rmi.NotBoundException;
import java.rmi.Remote;
import java.rmi.RemoteException;
import java.rmi.AlreadyBoundException;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.util.Objects;
import java.security.Security;
import org.testng.Assert;
import org.testng.TestNG;
import org.testng.annotations.BeforeSuite;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
/*
* @test
* @library /java/rmi/testlibrary
* @modules java.rmi/sun.rmi.registry
* java.rmi/sun.rmi.server
* java.rmi/sun.rmi.transport
* java.rmi/sun.rmi.transport.tcp
* @build TestLibrary
* @summary Test filters for the RMI Registry
* @run testng/othervm RegistryFilterTest
* @run testng/othervm
* -Dsun.rmi.registry.registryFilter=!java.lang.Long;!RegistryFilterTest$RejectableClass
* RegistryFilterTest
* @run testng/othervm/policy=security.policy
* -Djava.security.properties=${test.src}/java.security-extra1
* RegistryFilterTest
*/
public class RegistryFilterTest {
private static Registry impl;
private static int port;
private static Registry registry;
static final int REGISTRY_MAX_ARRAY = 10000;
static final String registryFilter =
System.getProperty("sun.rmi.registry.registryFilter",
Security.getProperty("sun.rmi.registry.registryFilter"));
@DataProvider(name = "bindAllowed")
static Object[][] bindAllowedObjects() {
Object[][] objects = {
};
return objects;
}
/**
* Data RMI Regiry bind test.
* - name
* - Object
* - true/false if object is blacklisted by a filter (implicit or explicit)
* @return array of test data
*/
@DataProvider(name = "bindData")
static Object[][] bindObjects() {
Object[][] data = {
{ "byte[max]", new XX(new byte[REGISTRY_MAX_ARRAY]), false },
{ "String", new XX("now is the time"), false},
{ "String[]", new XX(new String[3]), false},
{ "Long[4]", new XX(new Long[4]), registryFilter != null },
{ "rej-byte[toobig]", new XX(new byte[REGISTRY_MAX_ARRAY + 1]), true },
{ "rej-MarshalledObject", createMarshalledObject(), true },
{ "rej-RejectableClass", new RejectableClass(), registryFilter != null},
};
return data;
}
static XX createMarshalledObject() {
try {
return new XX(new MarshalledObject<>(null));
} catch (IOException ioe) {
return new XX(ioe);
}
}
@BeforeSuite
static void setupRegistry() {
try {
impl = TestLibrary.createRegistryOnEphemeralPort();
port = TestLibrary.getRegistryPort(impl);
registry = LocateRegistry.getRegistry("localhost", port);
} catch (RemoteException ex) {
Assert.fail("initialization of registry", ex);
}
System.out.printf("RMI Registry filter: %s%n", registryFilter);
}
/*
* Test registry rejects an object with the max array size + 1.
*/
@Test(dataProvider="bindData")
public void simpleBind(String name, Remote obj, boolean blacklisted) throws RemoteException, AlreadyBoundException, NotBoundException {
try {
registry.bind(name, obj);
Assert.assertFalse(blacklisted, "Registry filter did not reject (but should have) ");
registry.unbind(name);
} catch (Exception rex) {
Assert.assertTrue(blacklisted, "Registry filter should not have rejected");
}
}
/*
* Test registry rejects an object with a well known class
* if blacklisted in the security properties.
*/
@Test
public void simpleRejectableClass() throws RemoteException, AlreadyBoundException, NotBoundException {
RejectableClass r1 = null;
try {
String name = "reject1";
r1 = new RejectableClass();
registry.bind(name, r1);
registry.unbind(name);
Assert.assertNull(registryFilter, "Registry filter should not have rejected");
} catch (Exception rex) {
Assert.assertNotNull(registryFilter, "Registry filter should have rejected");
}
}
/**
* A simple Serializable Remote object that is passed by value.
* It and its contents are checked by the Registry serial filter.
*/
static class XX implements Serializable, Remote {
private static final long serialVersionUID = 362498820763181265L;
final Object obj;
XX(Object obj) {
this.obj = obj;
}
public String toString() {
return super.toString() + "//" + Objects.toString(obj);
}
}
/**
* A simple Serializable Remote object that is passed by value.
* It and its contents are checked by the Registry serial filter.
*/
static class RejectableClass implements Serializable, Remote {
private static final long serialVersionUID = 362498820763181264L;
RejectableClass() {}
}
}

9
jdk/test/java/rmi/registry/serialFilter/java.security-extra1 Normal file
View File

@ -0,0 +1,9 @@
# RMI Registry Input Serial Filter
#
# The filter pattern uses the same format as java.io.ObjectInputStream.serialFilter.
# This filter can override the builtin filter if additional types need to be
# allowed or rejected from the RMI Registry.
#
#sun.rmi.registry.registryFilter=pattern,pattern
sun.rmi.registry.registryFilter=!java.lang.Long;!RegistryFilterTest$RejectableClass

4
jdk/test/java/rmi/registry/serialFilter/security.policy Normal file
View File

@ -0,0 +1,4 @@
grant {
permission java.security.AllPermission;
};