Search in sources :

Example 91 with CodeSource

use of java.security.CodeSource in project jdk8u_jdk by JetBrains.

the class Regression method main.

public static void main(String[] args) {
    Set principals = new HashSet();
    principals.add(new com.sun.security.auth.NTUserPrincipal("test1"));
    principals.add(new com.sun.security.auth.NTUserPrincipal("test2"));
    Subject subject = new Subject(false, principals, new HashSet(), new HashSet());
    SubjectDomainCombiner sdc = new SubjectDomainCombiner(subject);
    URL url1;
    URL url2;
    URL url3;
    URL url4;
    try {
        url1 = new URL("http://one");
        url2 = new URL("http://two");
        url3 = new URL("http://three");
        url4 = new URL("http://four");
    } catch (java.net.MalformedURLException mue) {
        mue.printStackTrace();
        throw new SecurityException("Test failed: " + mue.toString());
    }
    ProtectionDomain d1 = new ProtectionDomain(new CodeSource(url1, (java.security.cert.Certificate[]) null), // permissions
    null, // class loader
    null, // principals
    null);
    ProtectionDomain d2 = new ProtectionDomain(new CodeSource(url2, (java.security.cert.Certificate[]) null), // permissions
    null, // class loader
    null, // principals
    null);
    ProtectionDomain d3 = new ProtectionDomain(new CodeSource(url3, (java.security.cert.Certificate[]) null), // permissions
    null, // class loader
    null, // principals
    null);
    ProtectionDomain d4 = new ProtectionDomain(new CodeSource(url4, (java.security.cert.Certificate[]) null), // permissions
    null, // class loader
    null, // principals
    null);
    // test 1
    // -- regular combine, make sure we get a proper combination back
    ProtectionDomain[] currentDomains = { d1, d2, d3 };
    ProtectionDomain[] assignedDomains = { d4 };
    ProtectionDomain[] domains1 = sdc.combine(currentDomains, assignedDomains);
    if (domains1.length != 4 || domains1[0] == d1 || domains1[1] == d2 || domains1[2] == d3 || domains1[3] != d4 || !domains1[0].implies(new RuntimePermission("queuePrintJob"))) {
        throw new SecurityException("Test failed: combine test 1 failed");
    }
    System.out.println("-------- TEST ONE PASSED --------");
    // test 2
    // -- repeat combine, make sure combiner cachine returned the
    //    same PD's back
    ProtectionDomain[] domains2 = sdc.combine(currentDomains, assignedDomains);
    if (domains2.length != 4 || domains2[0] != domains1[0] || domains2[1] != domains1[1] || domains2[2] != domains1[2] || domains2[3] != domains1[3] || !domains2[0].implies(new RuntimePermission("queuePrintJob"))) {
        throw new SecurityException("Test failed: combine test 2 failed");
    }
    System.out.println("-------- TEST TWO PASSED --------");
    // test 3
    // -- mutate the Subject and make sure the combiner cache
    //    got cleared out
    subject.getPrincipals().remove(new com.sun.security.auth.NTUserPrincipal("test2"));
    ProtectionDomain[] domains3 = sdc.combine(currentDomains, assignedDomains);
    if (domains3.length != 4 || domains3[0] == domains1[0] || domains3[1] == domains1[1] || domains3[2] == domains1[2] || domains3[3] != domains1[3] || !domains3[0].implies(new RuntimePermission("createClassLoader")) || domains3[0].implies(new RuntimePermission("queuePrintJob"))) {
        throw new SecurityException("Test failed: combine test 3 failed");
    }
    System.out.println("-------- TEST THREE PASSED --------");
    System.out.println("Test Passed");
}
Also used : ProtectionDomain(java.security.ProtectionDomain) HashSet(java.util.HashSet) Set(java.util.Set) javax.security.auth(javax.security.auth) CodeSource(java.security.CodeSource) URL(java.net.URL) HashSet(java.util.HashSet)

Example 92 with CodeSource

use of java.security.CodeSource in project jdk8u_jdk by JetBrains.

the class JarFile method getCodeSource.

CodeSource getCodeSource(URL url, String name) {
    ensureInitialization();
    if (jv != null) {
        if (jv.eagerValidation) {
            CodeSource cs = null;
            JarEntry je = getJarEntry(name);
            if (je != null) {
                cs = jv.getCodeSource(url, this, je);
            } else {
                cs = jv.getCodeSource(url, name);
            }
            return cs;
        } else {
            return jv.getCodeSource(url, name);
        }
    }
    return JarVerifier.getUnsignedCS(url);
}
Also used : CodeSource(java.security.CodeSource)

Example 93 with CodeSource

use of java.security.CodeSource in project flink by apache.

the class SerializedThrowableTest method testSerialization.

@Test
public void testSerialization() {
    try {
        // We need an exception whose class is not in the core class loader
        // we solve that by defining an exception class dynamically
        // an exception class, as bytes 
        final byte[] classData = { -54, -2, -70, -66, 0, 0, 0, 51, 0, 21, 10, 0, 3, 0, 18, 7, 0, 19, 7, 0, 20, 1, 0, 16, 115, 101, 114, 105, 97, 108, 86, 101, 114, 115, 105, 111, 110, 85, 73, 68, 1, 0, 1, 74, 1, 0, 13, 67, 111, 110, 115, 116, 97, 110, 116, 86, 97, 108, 117, 101, 5, -103, -52, 22, -41, -23, -36, -25, 47, 1, 0, 6, 60, 105, 110, 105, 116, 62, 1, 0, 3, 40, 41, 86, 1, 0, 4, 67, 111, 100, 101, 1, 0, 15, 76, 105, 110, 101, 78, 117, 109, 98, 101, 114, 84, 97, 98, 108, 101, 1, 0, 18, 76, 111, 99, 97, 108, 86, 97, 114, 105, 97, 98, 108, 101, 84, 97, 98, 108, 101, 1, 0, 4, 116, 104, 105, 115, 1, 0, 61, 76, 111, 114, 103, 47, 97, 112, 97, 99, 104, 101, 47, 102, 108, 105, 110, 107, 47, 114, 117, 110, 116, 105, 109, 101, 47, 117, 116, 105, 108, 47, 84, 101, 115, 116, 69, 120, 99, 101, 112, 116, 105, 111, 110, 70, 111, 114, 83, 101, 114, 105, 97, 108, 105, 122, 97, 116, 105, 111, 110, 59, 1, 0, 10, 83, 111, 117, 114, 99, 101, 70, 105, 108, 101, 1, 0, 34, 84, 101, 115, 116, 69, 120, 99, 101, 112, 116, 105, 111, 110, 70, 111, 114, 83, 101, 114, 105, 97, 108, 105, 122, 97, 116, 105, 111, 110, 46, 106, 97, 118, 97, 12, 0, 9, 0, 10, 1, 0, 59, 111, 114, 103, 47, 97, 112, 97, 99, 104, 101, 47, 102, 108, 105, 110, 107, 47, 114, 117, 110, 116, 105, 109, 101, 47, 117, 116, 105, 108, 47, 84, 101, 115, 116, 69, 120, 99, 101, 112, 116, 105, 111, 110, 70, 111, 114, 83, 101, 114, 105, 97, 108, 105, 122, 97, 116, 105, 111, 110, 1, 0, 19, 106, 97, 118, 97, 47, 108, 97, 110, 103, 47, 69, 120, 99, 101, 112, 116, 105, 111, 110, 0, 33, 0, 2, 0, 3, 0, 0, 0, 1, 0, 26, 0, 4, 0, 5, 0, 1, 0, 6, 0, 0, 0, 2, 0, 7, 0, 1, 0, 1, 0, 9, 0, 10, 0, 1, 0, 11, 0, 0, 0, 47, 0, 1, 0, 1, 0, 0, 0, 5, 42, -73, 0, 1, -79, 0, 0, 0, 2, 0, 12, 0, 0, 0, 6, 0, 1, 0, 0, 0, 21, 0, 13, 0, 0, 0, 12, 0, 1, 0, 0, 0, 5, 0, 14, 0, 15, 0, 0, 0, 1, 0, 16, 0, 0, 0, 2, 0, 17 };
        // dummy class loader that has no access to any classes
        ClassLoader loader = new URLClassLoader(new URL[0]);
        // define a class into the classloader
        Class<?> clazz = MemoryUtils.UNSAFE.defineClass("org.apache.flink.runtime.util.TestExceptionForSerialization", classData, 0, classData.length, loader, new ProtectionDomain(new CodeSource(null, (Certificate[]) null), new Permissions()));
        // create an instance of the exception (no message, no cause)
        Exception userException = clazz.asSubclass(Exception.class).newInstance();
        // check that we cannot simply copy the exception
        try {
            byte[] serialized = InstantiationUtil.serializeObject(userException);
            InstantiationUtil.deserializeObject(serialized, getClass().getClassLoader());
            fail("should fail with a class not found exception");
        } catch (ClassNotFoundException e) {
        // as we want it
        }
        // validate that the SerializedThrowable mimics the original exception
        SerializedThrowable serialized = new SerializedThrowable(userException);
        assertEquals(userException.getMessage(), serialized.getMessage());
        assertEquals(userException.toString(), serialized.toString());
        assertEquals(ExceptionUtils.stringifyException(userException), ExceptionUtils.stringifyException(serialized));
        assertArrayEquals(userException.getStackTrace(), serialized.getStackTrace());
        // copy the serialized throwable and make sure everything still works
        SerializedThrowable copy = CommonTestUtils.createCopySerializable(serialized);
        assertEquals(userException.getMessage(), copy.getMessage());
        assertEquals(userException.toString(), copy.toString());
        assertEquals(ExceptionUtils.stringifyException(userException), ExceptionUtils.stringifyException(copy));
        assertArrayEquals(userException.getStackTrace(), copy.getStackTrace());
        // deserialize the proper exception
        Throwable deserialized = copy.deserializeError(loader);
        assertEquals(clazz, deserialized.getClass());
        // deserialization with the wrong classloader does not lead to a failure
        Throwable wronglyDeserialized = copy.deserializeError(getClass().getClassLoader());
        assertEquals(ExceptionUtils.stringifyException(userException), ExceptionUtils.stringifyException(wronglyDeserialized));
    } catch (Exception e) {
        e.printStackTrace();
        fail(e.getMessage());
    }
}
Also used : ProtectionDomain(java.security.ProtectionDomain) URLClassLoader(java.net.URLClassLoader) Permissions(java.security.Permissions) URLClassLoader(java.net.URLClassLoader) CodeSource(java.security.CodeSource) Certificate(java.security.cert.Certificate) Test(org.junit.Test)

Example 94 with CodeSource

use of java.security.CodeSource in project qi4j-sdk by Qi4j.

the class ClassScanner method findClasses.

/**
     * Get all classes from the same package of the given class, and recursively in all subpackages.
     * <p>
     * This only works if the seed class is loaded from a file: URL. Jar files are possible as well. Abstract classes
     * are not included in the results. For further filtering use e.g. Iterables.filter.
     * </p>
     * @param seedClass starting point for classpath scanning
     *
     * @return iterable of all concrete classes in the same package as the seedclass, and also all classes in subpackages.
     */
public static Iterable<Class<?>> findClasses(final Class<?> seedClass) {
    CodeSource codeSource = seedClass.getProtectionDomain().getCodeSource();
    if (codeSource == null) {
        return Iterables.empty();
    }
    URL location = codeSource.getLocation();
    if (!location.getProtocol().equals("file")) {
        throw new IllegalArgumentException("Can only enumerate classes from file system locations. URL is:" + location);
    }
    final File file;
    try {
        file = new File(location.toURI().getPath());
    } catch (URISyntaxException e) {
        throw new IllegalArgumentException("The file location of codebase is invalid. Can not convert to URI. URL is:" + location);
    }
    if (file.getName().endsWith(".jar")) {
        try {
            final String packageName = seedClass.getPackage().getName().replace('.', '/');
            JarFile jarFile = new JarFile(file);
            Iterable<JarEntry> entries = Iterables.iterable(jarFile.entries());
            try {
                return Iterables.toList(filter(new ValidClass(), map(new Function<JarEntry, Class<?>>() {

                    @Override
                    public Class map(JarEntry jarEntry) {
                        String name = jarEntry.getName();
                        name = name.substring(0, name.length() - 6);
                        name = name.replace('/', '.');
                        try {
                            return seedClass.getClassLoader().loadClass(name);
                        } catch (ClassNotFoundException e) {
                            return null;
                        }
                    }
                }, filter(new Specification<JarEntry>() {

                    @Override
                    public boolean satisfiedBy(JarEntry jarEntry) {
                        return jarEntry.getName().startsWith(packageName) && jarEntry.getName().endsWith(".class");
                    }
                }, entries))));
            } finally {
                jarFile.close();
            }
        } catch (IOException e) {
            throw new IllegalArgumentException("Could not open jar file " + file, e);
        }
    } else {
        final File path = new File(file, seedClass.getPackage().getName().replace('.', File.separatorChar));
        Iterable<File> files = findFiles(path, new Specification<File>() {

            @Override
            public boolean satisfiedBy(File file) {
                return file.getName().endsWith(".class");
            }
        });
        return filter(new ValidClass(), map(new Function<File, Class<?>>() {

            @Override
            public Class<?> map(File f) {
                String fileName = f.getAbsolutePath().substring(file.toString().length() + 1);
                fileName = fileName.replace(File.separatorChar, '.').substring(0, fileName.length() - 6);
                try {
                    return seedClass.getClassLoader().loadClass(fileName);
                } catch (ClassNotFoundException e) {
                    return null;
                }
            }
        }, files));
    }
}
Also used : Specification(org.qi4j.functional.Specification) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) CodeSource(java.security.CodeSource) JarFile(java.util.jar.JarFile) JarEntry(java.util.jar.JarEntry) URL(java.net.URL) Function(org.qi4j.functional.Function) JarFile(java.util.jar.JarFile) File(java.io.File)

Example 95 with CodeSource

use of java.security.CodeSource in project jdk8u_jdk by JetBrains.

the class SystemClassLoaderAction method defineClassSourceLocation.

private String defineClassSourceLocation(ProtectionDomain pd) {
    CodeSource cs = pd.getCodeSource();
    String source = null;
    if (cs != null && cs.getLocation() != null) {
        source = cs.getLocation().toString();
    }
    return source;
}
Also used : CodeSource(java.security.CodeSource)

Aggregations

CodeSource (java.security.CodeSource)104 URL (java.net.URL)49 ProtectionDomain (java.security.ProtectionDomain)39 File (java.io.File)30 IOException (java.io.IOException)20 Certificate (java.security.cert.Certificate)17 JarFile (java.util.jar.JarFile)13 PermissionCollection (java.security.PermissionCollection)12 URI (java.net.URI)11 URISyntaxException (java.net.URISyntaxException)11 Permissions (java.security.Permissions)11 Policy (java.security.Policy)10 FilePermission (java.io.FilePermission)7 InputStream (java.io.InputStream)6 AccessControlContext (java.security.AccessControlContext)6 MalformedURLException (java.net.MalformedURLException)5 Permission (java.security.Permission)4 JarEntry (java.util.jar.JarEntry)4 GroovyClassLoader (groovy.lang.GroovyClassLoader)3 URLClassLoader (java.net.URLClassLoader)3