提交 52e3c281 编写于 作者: A alanb

8004502: Compact Profiles contents

Reviewed-by: dholmes, mchung
上级 69cbbd16
此差异已折叠。
此差异已折叠。
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* @test
* @bug 8004502
* @summary Sanity check that SecurityManager methods that check AWTPermission
* behave as expected when AWT is not present
*/
public class NoAWT {
public static void main(String[] args) {
SecurityManager sm = new SecurityManager();
try {
sm.checkAwtEventQueueAccess();
throw new RuntimeException("SecurityException expected");
} catch (SecurityException expected) { }
try {
sm.checkSystemClipboardAccess();
throw new RuntimeException("SecurityException expected");
} catch (SecurityException expected) { }
try {
sm.checkTopLevelWindow(null);
throw new RuntimeException("NullPointException expected");
} catch (NullPointerException expected) { }
if (sm.checkTopLevelWindow(new Object())) {
throw new RuntimeException("checkTopLevelWindow expected to return false");
}
}
}
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* @test
* @bug 8004502
* @summary Sanity check that NoSuchAlgorithmException is thrown when requesting
* a CertStore of type "LDAP" and LDAP is not available.
*/
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertStore;
import java.security.cert.LDAPCertStoreParameters;
public class NoLDAP {
public static void main(String[] args) throws Exception {
try {
Class.forName("javax.naming.ldap.LdapName");
System.out.println("LDAP is present, test skipped");
return;
} catch (ClassNotFoundException ignore) { }
try {
CertStore.getInstance("LDAP", new LDAPCertStoreParameters());
throw new RuntimeException("NoSuchAlgorithmException expected");
} catch (NoSuchAlgorithmException x) {
System.out.println("NoSuchAlgorithmException thrown as expected");
}
}
}
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* @test
* @bug 8004502
* @summary Sanity check that attempts to use the IIOP transport or
* RMIIIOPServerImpl when RMI/IIOP not present throws the expected exceptions
*/
import javax.management.MBeanServer;
import javax.management.MBeanServerFactory;
import javax.management.remote.*;
import javax.management.remote.rmi.*;
import java.net.MalformedURLException;
import java.io.IOException;
import javax.security.auth.Subject;
import java.rmi.NoSuchObjectException;
import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXConnectorServerFactory;
public class NoIIOP {
/**
* RMIIIOPServerImpl implementation for testing purposes (methods are
* overridden to be public to allow for testing)
*/
static class MyRMIIIOPServerImpl extends RMIIIOPServerImpl {
MyRMIIIOPServerImpl() throws IOException {
super(null);
}
@Override
public void export() throws IOException {
super.export();
}
@Override
public String getProtocol() {
return super.getProtocol();
}
@Override
public RMIConnection makeClient(String connectionId, Subject subject)
throws IOException
{
return super.makeClient(connectionId, subject);
}
@Override
public void closeClient(RMIConnection client) throws IOException {
super.closeClient(client);
}
@Override
public void closeServer() throws IOException {
super.closeServer();
}
}
public static void main(String[] args) throws Exception {
try {
Class.forName("javax.management.remote.rmi._RMIConnectionImpl_Tie");
System.out.println("RMI/IIOP appears to be supported, test skipped");
return;
} catch (ClassNotFoundException okay) { }
JMXServiceURL url = new JMXServiceURL("service:jmx:iiop://");
MBeanServer mbs = MBeanServerFactory.createMBeanServer();
// test JMXConnectorFactory/JMXConnectorServerFactory
try {
JMXConnectorFactory.connect(url);
throw new RuntimeException("connect did not throw MalformedURLException");
} catch (MalformedURLException expected) { }
try {
JMXConnectorServerFactory.newJMXConnectorServer(url, null, null);
throw new RuntimeException("newJMXConnectorServer did not throw MalformedURLException");
} catch (MalformedURLException expected) { }
// test RMIConnector/RMIConnectorServer
RMIConnector connector = new RMIConnector(url, null);
try {
connector.connect();
throw new RuntimeException("connect did not throw IOException");
} catch (IOException expected) { }
RMIConnectorServer server = new RMIConnectorServer(url, null, mbs);
try {
server.start();
throw new RuntimeException("start did not throw IOException");
} catch (IOException expected) { }
// test RMIIIOPServerImpl
MyRMIIIOPServerImpl impl = new MyRMIIIOPServerImpl();
impl.setMBeanServer(mbs);
System.out.println(impl.getProtocol());
try {
impl.export();
throw new RuntimeException("export did not throw IOException");
} catch (IOException expected) { }
try {
impl.newClient(null);
throw new RuntimeException("newClient did not throw IOException");
} catch (IOException expected) { }
try {
impl.toStub();
throw new RuntimeException("toStub did not throw NoSuchObjectException");
} catch (NoSuchObjectException expected) { }
try {
impl.closeServer();
throw new RuntimeException("closeServer did not throw NoSuchObjectException");
} catch (NoSuchObjectException expected) { }
}
}
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* @test
* @bug 8004502
* @summary Sanity check that specifying the APPLET property when creating an
* InitialContext behaves as expected when java.awt.Applet is not present
*/
import javax.naming.*;
import java.util.Hashtable;
public class NoApplet {
public static void main(String[] args) throws NamingException {
Hashtable<Object,Object> env = new Hashtable<>();
env.put(Context.APPLET, new Object());
try {
Context ctxt = new InitialContext(env);
throw new RuntimeException("ClassCastException expected");
} catch (ClassCastException expected) { }
}
}
/*
* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* @test
* @bug 8004502
* @summary Sanity check that NTLM will not be selected by the http protocol
* handler when running on a profile that does not support NTLM
* @run main/othervm NoNTLM
*/
import java.net.*;
import java.io.*;
import sun.net.www.MessageHeader;
public class NoNTLM {
static final String CRLF = "\r\n";
static final String OKAY =
"HTTP/1.1 200" + CRLF +
"Content-Length: 0" + CRLF +
"Connection: close" + CRLF +
CRLF;
static class Client implements Runnable {
private final URL url;
private volatile IOException ioe;
private volatile int respCode;
Client(int port) throws IOException {
this.url = new URL("http://127.0.0.1:" + port + "/foo.html");
}
public void run() {
try {
HttpURLConnection uc =
(HttpURLConnection)url.openConnection(Proxy.NO_PROXY);
try {
uc.getInputStream();
} catch (IOException x) {
respCode = uc.getResponseCode();
throw x;
}
uc.disconnect();
} catch (IOException x) {
if (respCode == 0)
respCode = -1;
ioe = x;
}
}
IOException ioException() {
return ioe;
}
int respCode() {
return respCode;
}
static void start(int port) throws IOException {
Client client = new Client(port);
new Thread(client).start();
}
}
/**
* Return the http response with WWW-Authenticate headers for the given
* authentication schemes.
*/
static String authReplyFor(String... schemes) {
// construct the server reply
String reply = "HTTP/1.1 401 Unauthorized" + CRLF +
"Content-Length: 0"+ CRLF +
"Connection: close" + CRLF;
for (String s: schemes) {
switch (s) {
case "Basic" :
reply += "WWW-Authenticate: Basic realm=\"wallyworld\"" + CRLF;
break;
case "Digest" :
reply += "WWW-Authenticate: Digest" +
" realm=\"wallyworld\"" +
" domain=/" +
" nonce=\"abcdefghijklmnopqrstuvwxyz\"" +
" qop=\"auth\"" + CRLF;
break;
case "NTLM" :
reply += "WWW-Authenticate: NTLM" + CRLF;
break;
default :
throw new RuntimeException("Should not get here");
}
}
reply += CRLF;
return reply;
}
/**
* Test the http protocol handler with the given authentication schemes
* in the WWW-Authenticate header.
*/
static void test(String... schemes) throws IOException {
// the authentication scheme that the client is expected to choose
String expected = null;
for (String s: schemes) {
if (expected == null) {
expected = s;
} else if (s.equals("Digest")) {
expected = s;
}
}
// server reply
String reply = authReplyFor(schemes);
System.out.println("====================================");
System.out.println("Expect client to choose: " + expected);
System.out.println(reply);
try (ServerSocket ss = new ServerSocket(0)) {
Client.start(ss.getLocalPort());
// client ---- GET ---> server
// client <--- 401 ---- server
try (Socket s = ss.accept()) {
new MessageHeader().parseHeader(s.getInputStream());
s.getOutputStream().write(reply.getBytes("US-ASCII"));
}
// client ---- GET ---> server
// client <--- 200 ---- server
String auth;
try (Socket s = ss.accept()) {
MessageHeader mh = new MessageHeader();
mh.parseHeader(s.getInputStream());
s.getOutputStream().write(OKAY.getBytes("US-ASCII"));
auth = mh.findValue("Authorization");
}
// check Authorization header
if (auth == null)
throw new RuntimeException("Authorization header not found");
System.out.println("Server received Authorization header: " + auth);
String[] values = auth.split(" ");
if (!values[0].equals(expected))
throw new RuntimeException("Unexpected value");
}
}
/**
* Test the http protocol handler with one WWW-Authenticate header with
* the value "NTLM".
*/
static void testNTLM() throws Exception {
// server reply
String reply = authReplyFor("NTLM");
System.out.println("====================================");
System.out.println("Expect client to fail with 401 Unauthorized");
System.out.println(reply);
try (ServerSocket ss = new ServerSocket(0)) {
Client client = new Client(ss.getLocalPort());
Thread thr = new Thread(client);
thr.start();
// client ---- GET ---> server
// client <--- 401 ---- client
try (Socket s = ss.accept()) {
new MessageHeader().parseHeader(s.getInputStream());
s.getOutputStream().write(reply.getBytes("US-ASCII"));
}
// the client should fail with 401
System.out.println("Waiting for client to terminate");
thr.join();
IOException ioe = client.ioException();
if (ioe != null)
System.out.println("Client failed: " + ioe);
int respCode = client.respCode();
if (respCode != 0 && respCode != -1)
System.out.println("Client received HTTP response code: " + respCode);
if (respCode != HttpURLConnection.HTTP_UNAUTHORIZED)
throw new RuntimeException("Unexpected response code");
}
}
public static void main(String[] args) throws Exception {
// assume NTLM is not supported when Kerberos is not available
try {
Class.forName("javax.security.auth.kerberos.KerberosPrincipal");
System.out.println("Kerberos is present, assuming NTLM is supported too");
return;
} catch (ClassNotFoundException okay) { }
// setup Authenticator
Authenticator.setDefault(new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("user", "pass".toCharArray());
}
});
// test combinations of authentication schemes
test("Basic");
test("Digest");
test("Basic", "Digest");
test("Basic", "NTLM");
test("Digest", "NTLM");
test("Basic", "Digest", "NTLM");
// test NTLM only, this should fail with "401 Unauthorized"
testNTLM();
System.out.println();
System.out.println("TEST PASSED");
}
}
/*
* Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/* @test
* @bug 8004502
* @summary Sanity check to ensure that Kerberos cipher suites cannot be
* negotiated when running on a compact profile that does not include Kerberos
*/
import java.net.*;
import java.util.*;
import javax.net.ssl.*;
public class NoKerberos {
static final List<String> KERBEROS_CIPHER_SUITES = Arrays.asList(
"TLS_KRB5_WITH_RC4_128_SHA",
"TLS_KRB5_WITH_RC4_128_MD5",
"TLS_KRB5_WITH_3DES_EDE_CBC_SHA",
"TLS_KRB5_WITH_3DES_EDE_CBC_MD5",
"TLS_KRB5_WITH_DES_CBC_SHA",
"TLS_KRB5_WITH_DES_CBC_MD5",
"TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
"TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA",
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"
);
/**
* Checks that the given array of supported cipher suites does not include
* any Kerberos cipher suites.
*/
static void checkNotSupported(String[] supportedSuites) {
for (String suites: supportedSuites) {
if (KERBEROS_CIPHER_SUITES.contains(suites)) {
throw new RuntimeException("Supported list of cipher suites " +
" should not include Kerberos cipher suites");
}
}
}
public static void main(String[] args) throws Exception {
try {
Class.forName("javax.security.auth.kerberos.KerberosPrincipal");
System.out.println("Kerberos is present, nothing to test");
return;
} catch (ClassNotFoundException okay) { }
// test SSLSocket
try (Socket s = SSLSocketFactory.getDefault().createSocket()) {
SSLSocket sslSocket = (SSLSocket)s;
checkNotSupported(sslSocket.getSupportedCipherSuites());
// attempt to enable each of the Kerberos cipher suites
for (String kcs: KERBEROS_CIPHER_SUITES) {
String[] suites = { kcs };
try {
sslSocket.setEnabledCipherSuites(suites);
throw new RuntimeException("SSLSocket.setEnabledCipherSuitessuites allowed " +
kcs + " but Kerberos not supported");
} catch (IllegalArgumentException expected) { }
}
}
// test SSLServerSocket
try (ServerSocket ss = SSLServerSocketFactory.getDefault().createServerSocket()) {
SSLServerSocket sslSocket = (SSLServerSocket)ss;
checkNotSupported(sslSocket.getSupportedCipherSuites());
// attempt to enable each of the Kerberos cipher suites
for (String kcs: KERBEROS_CIPHER_SUITES) {
String[] suites = { kcs };
try {
sslSocket.setEnabledCipherSuites(suites);
throw new RuntimeException("SSLSocket.setEnabledCipherSuitessuites allowed " +
kcs + " but Kerberos not supported");
} catch (IllegalArgumentException expected) { }
}
}
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册