1 /*
 2  * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
 3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 4  *
 5  * This code is free software; you can redistribute it and/or modify it
 6  * under the terms of the GNU General Public License version 2 only, as
 7  * published by the Free Software Foundation.
 8  *
 9  * This code is distributed in the hope that it will be useful, but WITHOUT
10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12  * version 2 for more details (a copy is included in the LICENSE file that
13  * accompanied this code).
14  *
15  * You should have received a copy of the GNU General Public License version
16  * 2 along with this work; if not, write to the Free Software Foundation,
17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20  * or visit www.oracle.com if you need additional information or have any
21  * questions.
22  */
23 
24 import java.net.InetAddress;
25 import java.net.SocketPermission;
26 import java.net.UnknownHostException;
27 import java.security.Permission;
28 import java.util.logging.Logger;
29 
30 import org.testng.Assert;
31 import org.testng.annotations.Test;
32 
33 /*
34  * @test
35  * @summary Test that resolution of host name requires SocketPermission("resolve", <host name>)
36  * permission when running with security manager and custom resolver provider installed.
37  * @library lib providers/simple
38  * @build test.library/testlib.ResolutionRegistry simple.provider/impl.SimpleResolverProviderImpl
39  *        ResolvePermissionTest
40  * @run testng/othervm -Dtest.dataFileName=nonExistentFile -Djava.security.manager=allow
41  *                      ResolvePermissionTest
42  */
43 
44 public class ResolvePermissionTest {
45 
46     @Test
47     public void withResolvePermission() throws Exception {
48         testResolvePermission(true);
49     }
50 
51     @Test
52     public void noResolvePermission() throws Exception {
53         testResolvePermission(false);
54     }
55 
56     @SuppressWarnings("removal")
57     private void testResolvePermission(boolean grantResolvePermission) throws Exception {
58         // Set security manager which grants or denies permission to resolve 'javaTest.org' host
59         var securityManager = new ResolvePermissionTest.TestSecurityManager(grantResolvePermission);
60         try {
61             System.setSecurityManager(securityManager);
62             Class expectedExceptionClass = grantResolvePermission ?
63                     UnknownHostException.class : SecurityException.class;
64             var exception = Assert.expectThrows(expectedExceptionClass, () -> InetAddress.getByName("javaTest.org"));
65             LOGGER.info("Got expected exception: " + exception);
66         } finally {
67             System.setSecurityManager(null);
68         }
69     }
70 
71     static class TestSecurityManager extends SecurityManager {
72         final boolean allowJavaTestOrgResolve;
73 
74         public TestSecurityManager(boolean allowJavaTestOrgResolve) {
75             this.allowJavaTestOrgResolve = allowJavaTestOrgResolve;
76         }
77 
78         @Override
79         public void checkPermission(Permission permission) {
80             if (permission instanceof java.net.SocketPermission) {
81                 SocketPermission sockPerm = (SocketPermission) permission;
82                 if ("resolve".equals(sockPerm.getActions())) {
83                     String host = sockPerm.getName();
84                     LOGGER.info("Checking 'resolve' SocketPermission: " + permission);
85                     if ("javaTest.org".equals(host) && !allowJavaTestOrgResolve) {
86                         LOGGER.info("Denying 'resolve' permission for 'javaTest.org'");
87                         throw new SecurityException("Access Denied");
88                     }
89                 }
90             }
91         }
92     }
93 
94     private static final Logger LOGGER = Logger.getLogger(ResolvePermissionTest.class.getName());
95 }