1 /*
 2  * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
 3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 4  *
 5  * This code is free software; you can redistribute it and/or modify it
 6  * under the terms of the GNU General Public License version 2 only, as
 7  * published by the Free Software Foundation.
 8  *
 9  * This code is distributed in the hope that it will be useful, but WITHOUT
10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12  * version 2 for more details (a copy is included in the LICENSE file that
13  * accompanied this code).
14  *
15  * You should have received a copy of the GNU General Public License version
16  * 2 along with this work; if not, write to the Free Software Foundation,
17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20  * or visit www.oracle.com if you need additional information or have any
21  * questions.
22  */
23 
24 import java.net.InetAddress;
25 import java.net.SocketPermission;
26 import java.net.UnknownHostException;
27 import java.security.Permission;
28 import java.util.logging.Logger;
29 
30 import org.testng.Assert;
31 import org.testng.annotations.Test;
32 
33 /*
34  * @test
35  * @summary Test that resolution of host name requires SocketPermission("resolve", <host name>)
36  * permission when running with security manager and custom resolver provider installed.
37  * @library lib providers/simple
38  * @build test.library/testlib.ResolutionRegistry simple.provider/impl.SimpleResolverProviderImpl
39  *        ResolvePermissionTest
40  * @run testng/othervm -Dtest.dataFileName=nonExistentFile ResolvePermissionTest
41  */
42 
43 public class ResolvePermissionTest {
44 
45     @Test
46     public void withResolvePermission() throws Exception {
47         testResolvePermission(true);
48     }
49 
50     @Test
51     public void noResolvePermission() throws Exception {
52         testResolvePermission(false);
53     }
54 
55     @SuppressWarnings("removal")
56     private void testResolvePermission(boolean grantResolvePermission) throws Exception {
57         // Set security manager which grants or denies permission to resolve 'javaTest.org' host
58         var securityManager = new ResolvePermissionTest.TestSecurityManager(grantResolvePermission);
59         try {
60             System.setSecurityManager(securityManager);
61             Class expectedExceptionClass = grantResolvePermission ?
62                     UnknownHostException.class : SecurityException.class;
63             var exception = Assert.expectThrows(expectedExceptionClass, () -> InetAddress.getByName("javaTest.org"));
64             LOGGER.info("Got expected exception: " + exception);
65         } finally {
66             System.setSecurityManager(null);
67         }
68     }
69 
70     static class TestSecurityManager extends SecurityManager {
71         final boolean allowJavaTestOrgResolve;
72 
73         public TestSecurityManager(boolean allowJavaTestOrgResolve) {
74             this.allowJavaTestOrgResolve = allowJavaTestOrgResolve;
75         }
76 
77         @Override
78         public void checkPermission(Permission permission) {
79             if (permission instanceof java.net.SocketPermission) {
80                 SocketPermission sockPerm = (SocketPermission) permission;
81                 if ("resolve".equals(sockPerm.getActions())) {
82                     String host = sockPerm.getName();
83                     LOGGER.info("Checking 'resolve' SocketPermission: " + permission);
84                     if ("javaTest.org".equals(host) && !allowJavaTestOrgResolve) {
85                         LOGGER.info("Denying 'resolve' permission for 'javaTest.org'");
86                         throw new SecurityException("Access Denied");
87                     }
88                 }
89             }
90         }
91     }
92 
93     private static final Logger LOGGER = Logger.getLogger(ResolvePermissionTest.class.getName());
94 }