Java Code Examples for java.security.ProtectionDomain

public ProtectionDomain[] combine(ProtectionDomain[] current,
                                  ProtectionDomain[] assigned) {
    // Add a new ProtectionDomain with the null codesource/signers, and
    // the empty permission set, to the end of the array containing the
    // 'current' protections domains, i.e. the ones that will be augmented
    // with the permissions granted to the set of principals present in
    // the supplied subject.
    //
    ProtectionDomain[] newCurrent;
    if (current == null || current.length == 0) {
        newCurrent = new ProtectionDomain[1];
        newCurrent[0] = pdNoPerms;
    } else {
        newCurrent = new ProtectionDomain[current.length + 1];
        for (int i = 0; i < current.length; i++) {
            newCurrent[i] = current[i];
        }
        newCurrent[current.length] = pdNoPerms;
    }
    return super.combine(newCurrent, assigned);
}
 

public byte[] transform(ClassLoader loader, String className, Class classBeingRedefined,
                        ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {

    byte[] byteCode = classfileBuffer;

    if (className.equals("beans/Sleeping")) {

        try {
            ClassPool cp = ClassPool.getDefault();
            CtClass cc = cp.get("beans.Sleeping");
            CtMethod m = cc.getDeclaredMethod("sleepNow");
            m.addLocalVariable("elapsedTime", CtClass.longType);
            m.insertBefore("elapsedTime = System.currentTimeMillis();");
            m.insertAfter("{elapsedTime = System.currentTimeMillis() - elapsedTime;"
                    + "System.out.println(\"Method Executed in ms: \" + elapsedTime);}");
            byteCode = cc.toBytecode();
            cc.detach();
        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }

    return byteCode;
}
 

@Override
    public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {

        if(className.startsWith(TransformConfig.getInstance().getPackageScan())) {
            logger.log(Level.INFO, "-------------------CLASS---------------------");
            logger.log(Level.INFO, "className: " + className);
            ClassReader cr = new ClassReader(classfileBuffer);
            ClassWriter cw = new ClassWriter(ClassWriter.COMPUTE_FRAMES | ClassWriter.COMPUTE_MAXS);

            ClassVisitor classVisitor = new HookClassAdapter(Opcodes.ASM5, cw);
            cr.accept(classVisitor, ClassReader.SKIP_FRAMES);
//            try {
//                FileOutputStream fos = new FileOutputStream(new File("classMod.class"));
//                fos.write(cw.toByteArray());
//                fos.close();
//            } catch (IOException e) {
//                e.printStackTrace();
//            }

            return cw.toByteArray();
        }
        return null;

    }
 

private static void checkPerm(PolicyFile p, ProtectionDomain pd)
            throws Exception {
    boolean foundIt = false;
    Enumeration perms = p.getPermissions(pd).elements();
    while (perms.hasMoreElements()) {
        Permission perm = (Permission)perms.nextElement();
        if (!(perm instanceof AllPermission)) {
            throw new SecurityException("expected AllPermission");
        } else {
            foundIt = true;
        }
    }
    if (!foundIt) {
        throw new SecurityException("expected AllPermission");
    }
}
 

final void checkPackageAccess(Class<?> cls, ProtectionDomain pd) {
    final SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        if (ReflectUtil.isNonPublicProxyClass(cls)) {
            for (Class<?> intf: cls.getInterfaces()) {
                checkPackageAccess(intf, pd);
            }
            return;
        }

        final String name = cls.getName();
        final int i = name.lastIndexOf('.');
        if (i != -1) {
            AccessController.doPrivileged(new PrivilegedAction<Void>() {
                public Void run() {
                    sm.checkPackageAccess(name.substring(0, i));
                    return null;
                }
            }, new AccessControlContext(new ProtectionDomain[] {pd}));
        }
    }
    domains.add(pd);
}
 

public ProtectionDomain[] combine(ProtectionDomain[] current,
                                  ProtectionDomain[] assigned) {
    // Add a new ProtectionDomain with the null codesource/signers, and
    // the empty permission set, to the end of the array containing the
    // 'current' protections domains, i.e. the ones that will be augmented
    // with the permissions granted to the set of principals present in
    // the supplied subject.
    //
    ProtectionDomain[] newCurrent;
    if (current == null || current.length == 0) {
        newCurrent = new ProtectionDomain[1];
        newCurrent[0] = pdNoPerms;
    } else {
        newCurrent = new ProtectionDomain[current.length + 1];
        for (int i = 0; i < current.length; i++) {
            newCurrent[i] = current[i];
        }
        newCurrent[current.length] = pdNoPerms;
    }
    return super.combine(newCurrent, assigned);
}
 

public static void main(String[]args) throws Exception {
    final DomainCombiner dc = new DomainCombiner() {
        @Override
        public ProtectionDomain[] combine(ProtectionDomain[] currentDomains, ProtectionDomain[] assignedDomains) {
            return currentDomains; // basically a no-op
        }
    };

    // Get an instance of the saved ACC
    AccessControlContext saved = AccessController.getContext();
    // Simulate the stack ACC with a DomainCombiner attached
    AccessControlContext stack = new AccessControlContext(AccessController.getContext(), dc);

    // Now try to run JavaSecurityAccess.doIntersectionPrivilege() and assert
    // whether the DomainCombiner from the stack ACC is preserved
    boolean ret = SharedSecrets.getJavaSecurityAccess().doIntersectionPrivilege(new PrivilegedAction<Boolean>() {
        @Override
        public Boolean run() {
            return dc == AccessController.getContext().getDomainCombiner();
        }
    }, stack, saved);

    if (!ret) {
        System.exit(1);
    }
}
 

@Override
public byte[] transform(ClassLoader loader, String internalClassName, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {
	if (internalClassName != null && classfileBuffer != null) {
		try {
			String className = internalClassName.replace('/', '.');
			for (String prefix : ignores)
				if (className.startsWith(prefix)) return null;

			TransformHandle handle = new TransformHandle(className, classfileBuffer);
			units.forEach(handle::accept);
			if (handle.getResult().isPresent()) {
				byte[] classBuffer = handle.getResult().get();
				if (debug) {
					saveClassFile(className, classBuffer);
				}
				return classBuffer;
			} else {
				return null;
			}
		} catch (Throwable e) {
			log("unable to transform {0}: {1}", internalClassName, e);
			e.printStackTrace();
		}
	}
	return null;
}
 

@Override
public boolean implies(ProtectionDomain pd, Permission perm) {
    System.out.println("CustomPolicy.implies");

    // If the protection domain is the same as CustomPolicy, then
    // we return true. This is to prevent recursive permission checks
    // that lead to StackOverflow errors when the policy implementation
    // performs a sensitive operation that triggers a permission check,
    // for example, as below.
    if (pd == policyPd) {
        return true;
    }

    // Do something that triggers a permission check to make sure that
    // we don't cause a StackOverflow error.
    String home = AccessController.doPrivileged(
        (PrivilegedAction<String>) () -> System.getProperty("user.home"));

    return true;
}
 

private ClassLoader getClassLoader(final ObjectName name) {
    if(clr == null){
        return null;
    }
    // Restrict to getClassLoader permission only
    Permissions permissions = new Permissions();
    permissions.add(new MBeanPermission("*", null, name, "getClassLoader"));
    ProtectionDomain protectionDomain = new ProtectionDomain(null, permissions);
    ProtectionDomain[] domains = {protectionDomain};
    AccessControlContext ctx = new AccessControlContext(domains);
    ClassLoader loader = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
        public ClassLoader run() {
            return clr.getClassLoader(name);
        }
    }, ctx);
    return loader;
}
 

/**
 * create a context that can read any directories (recursively)
 * mentioned in the class path. In the case of a jar, it has to
 * be the directory containing the jar, not just the jar, as jar
 * files might refer to other jar files.
 */

private static AccessControlContext getContext(File[] cp)
    throws java.net.MalformedURLException
{
    PathPermissions perms =
        new PathPermissions(cp);

    ProtectionDomain domain =
        new ProtectionDomain(new CodeSource(perms.getCodeBase(),
            (java.security.cert.Certificate[]) null),
        perms);

    AccessControlContext acc =
        new AccessControlContext(new ProtectionDomain[] { domain });

    return acc;
}
 

private ClassLoader(Void unused, ClassLoader parent) {
    this.parent = parent;
    if (ParallelLoaders.isRegistered(this.getClass())) {
        parallelLockMap = new ConcurrentHashMap<>();
        package2certs = new ConcurrentHashMap<>();
        domains =
            Collections.synchronizedSet(new HashSet<ProtectionDomain>());
        assertionLock = new Object();
    } else {
        // no finer-grained lock; lock on the classloader instance
        parallelLockMap = null;
        package2certs = new Hashtable<>();
        domains = new HashSet<>();
        assertionLock = this;
    }
}
 

private void attemptSetNullSecurityManager()
{
	final Permissions permissions = new Permissions();
	permissions.add(new RuntimePermission("setSecurityManager"));
	final AccessControlContext context = new AccessControlContext(new ProtectionDomain[]{new ProtectionDomain(null,
		permissions)});
	AccessController.doPrivileged(new PrivilegedAction<Object>()
	{
		@Override
		public Object run()
		{
			LOGGER.info("About to call System.setSecurityManager(null)");
			System.setSecurityManager(null);
			LOGGER.info("Progressed beyond call to System.setSecurityManager(null)");
			return null;
		}
	}, context);
}
 

@Override
public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
	String name = method.getName();
	if ("equals".equals(name)) {
		return proxy == args[0];
	}
	else if ("hashCode".equals(name)) {
		return hashCode();
	}
	else if ("toString".equals(name)) {
		return toString();
	}
	else if ("transform".equals(name)) {
		return transform((ClassLoader) args[0], (String) args[1], (Class<?>) args[2],
				(ProtectionDomain) args[3], (byte[]) args[4]);
	}
	else if ("unregisterClassLoader".equals(name)) {
		unregisterClassLoader((ClassLoader) args[0]);
		return null;
	}
	else {
		throw new IllegalArgumentException("Unknown method: " + method);
	}
}
 

@Override public byte[] transform(ClassLoader loader, String className,
        Class<?> classBeingRedefined,
        ProtectionDomain protectionDomain, byte[] classfileBuffer)
    throws IllegalClassFormatException {

    if (className.contains("TypeAnnotatedTestClass")) {
        try {
            // Here we remove and re-add the dummy fields. This shuffles the constant pool
            return asm(loader, className, classBeingRedefined, protectionDomain, classfileBuffer);
        } catch (Throwable e) {
            // The retransform native code that called this method does not propagate
            // exceptions. Instead of getting an uninformative generic error, catch
            // problems here and print it, then exit.
            e.printStackTrace();
            System.exit(1);
        }
    }
    return null;
}
 

private void postDefineClass(Class<?> c, ProtectionDomain pd)
{
    if (pd.getCodeSource() != null) {
        Certificate certs[] = pd.getCodeSource().getCertificates();
        if (certs != null)
            setSigners(c, certs);
    }
}
 

Class defineClass(String name,
                  byte[] b,
                  int off,
                  int len,
                  ClassLoader loader,
                  ProtectionDomain protectionDomain) {
    return unsafe.defineClass(name, b, off, len, loader, protectionDomain);
}
 

/**
 * This test will run both with and without a security manager.
 *
 * The test starts a number of threads that will call
 *     LogManager.readConfiguration() concurrently (ReadConf), then starts
 *     a number of threads that will create new loggers concurrently
 *     (AddLogger), and then two additional threads: one (Stopper) that
 *     will stop the test after 4secs (TIME ms), and one DeadlockDetector
 *     that will attempt to detect deadlocks.
 * If after 4secs no deadlock was detected and no exception was thrown
 * then the test is considered a success and passes.
 *
 * This procedure is done twice: once without a security manager and once
 * again with a security manager - which means the test takes ~8secs to
 * run.
 *
 * Note that 8sec may not be enough to detect issues if there are some.
 * This is a best effort test.
 *
 * @param args the command line arguments
 * @throws java.lang.Exception if the test fails.
 */
public static void main(String[] args) throws Exception {
    File config =  new File(System.getProperty("test.src", "."),
                    "deadlockconf.properties");
    if (!config.canRead()) {
        System.err.println("Can't read config file: test cannot execute.");
        System.err.println("Please check your test environment: ");
        System.err.println("\t -Dtest.src=" + System.getProperty("test.src", "."));
        System.err.println("\t config file is: " + config.getAbsolutePath());
        throw new RuntimeException("Can't read config file: "
            + config.getAbsolutePath());
    }

    System.setProperty("java.util.logging.config.file",
           config.getAbsolutePath());

    // test without security
    System.out.println("No security");
    test();

    // test with security
    System.out.println("\nWith security");
    Policy.setPolicy(new Policy() {
        @Override
        public boolean implies(ProtectionDomain domain, Permission permission) {
            if (super.implies(domain, permission)) return true;
            // System.out.println("Granting " + permission);
            return true; // all permissions
        }
    });
    System.setSecurityManager(new SecurityManager());
    test();
}
 

public byte[]
transform(
    ClassLoader loader,
    String className,
    Class<?> classBeingRedefined,
    ProtectionDomain    protectionDomain,
    byte[] classfileBuffer) {
    boolean redef = classBeingRedefined != null;
    System.out.println(trname + ": " +
                       (redef? "Retransforming " : "Loading ") + className);
    if (className != null) {
        Options opt = new Options();
        opt.shouldInstrumentNativeMethods = true;
        opt.trackerClassName = "bootreporter/StringIdCallbackReporter";
        opt.wrappedTrackerMethodName = "tracker";
        opt.fixedIndex = transformId;
        opt.wrappedPrefix = "wrapped_" + trname + "_";
        try {
            byte[] newcf =  Inject.instrumentation(opt, loader, className, classfileBuffer);
            return redef? null : newcf;
        } catch (Throwable ex) {
            System.err.println("ERROR: Injection failure: " + ex);
            ex.printStackTrace();
            System.err.println("Returning bad class file, to cause test failure");
            return new byte[0];
        }
    }
    return null;
}
 

/**
 * Get the AccessControlContext of the domain combiner created with
 * the supplied subject, i.e. an AccessControlContext with the domain
 * combiner created with the supplied subject and where the caller's
 * context has been removed.
 */
public static AccessControlContext
    getDomainCombinerContext(Subject subject) {
    return new AccessControlContext(
        new AccessControlContext(new ProtectionDomain[0]),
        new JMXSubjectDomainCombiner(subject));
}
 

/**
 * Loads specified JAR.
 *
 * @param jarFileInfo
 * @throws IOException
 */
private void loadJar(JarFileInfo jarFileInfo) throws IOException {
    lstJarFile.add(jarFileInfo);
    try {
        Enumeration<JarEntry> en = jarFileInfo.jarFile.entries();
        final String EXT_JAR = ".jar";
        while (en.hasMoreElements()) {
            JarEntry je = en.nextElement();
            if (je.isDirectory()) {
                continue;
            }
            String s = je.getName().toLowerCase(); // JarEntry name
            if (s.lastIndexOf(EXT_JAR) == s.length() - EXT_JAR.length()) {
                JarEntryInfo inf = new JarEntryInfo(jarFileInfo, je);
                File fileTemp = createTempFile(inf);
                logInfo(LogArea.JAR, "Loading inner JAR %s from temp file %s",
                        inf.jarEntry, getFilename4Log(fileTemp));
                // Construct ProtectionDomain for this inner JAR:
                URL url = fileTemp.toURI().toURL();
                ProtectionDomain pdParent = jarFileInfo.pd;
                // 'csParent' is never null: top JAR has it, JCL creates it for child JAR:
                CodeSource csParent = pdParent.getCodeSource();
                Certificate[] certParent = csParent.getCertificates();
                CodeSource csChild = (certParent == null ? new CodeSource(url, csParent.getCodeSigners())
                                                         : new CodeSource(url, certParent));
                ProtectionDomain pdChild = new ProtectionDomain(csChild,
                        pdParent.getPermissions(), pdParent.getClassLoader(), pdParent.getPrincipals());
                loadJar(new JarFileInfo(
                        new JarFile(fileTemp), inf.getName(), jarFileInfo, pdChild, fileTemp));
            }
        }
    } catch (JarClassLoaderException e) {
        throw new RuntimeException(
                "ERROR on loading inner JAR: " + e.getMessageAll());
    }
}
 

private StaticClass getClassAdapterClass(final ScriptObject classOverrides, final ProtectionDomain protectionDomain) {
    JavaAdapterServices.setClassOverrides(classOverrides);
    try {
        return classAdapterGenerator.generateClass(commonLoader, protectionDomain);
    } finally {
        JavaAdapterServices.setClassOverrides(null);
    }
}
 

private ClasspathEntry createClassPathEntry(BundleFile bundlefile, ProtectionDomain cpDomain, final BaseData data) {
    return new ClasspathEntry(bundlefile, createProtectionDomain(bundlefile, cpDomain)) {
        @Override
        public BaseData getBaseData() {
            return data;
        }
    };
}
 

private static String printDomain(final ProtectionDomain pd) {
    if (pd == null) {
        return "null";
    }
    return AccessController.doPrivileged(new PrivilegedAction<String>() {
        public String run() {
            return pd.toString();
        }
    });
}
 

@Override
public byte[] transform(ClassLoader loader, String className,
                        Class<?> classBeingRedefined, ProtectionDomain protectionDomain,
                        byte[] classfileBuffer) throws IllegalClassFormatException {

    /* The Daemon Thread bug is timing dependent and you want the transform method
     * to return ASAP - so just return the buffer will be fine
     */
    return classfileBuffer;
}
 

/**
 * 
 * @param className
 * @param clsByte
 * @return
 */
public Class<?> findClass(String className, byte[] clsByte, URL url) {
    Class<?> cls = null;
    try {
        CodeSource cs = new CodeSource(url, (java.security.cert.Certificate[]) null);
        ProtectionDomain pd = new ProtectionDomain(cs, null, this, null);
        cls = super.defineClass(className, clsByte, 0, clsByte.length, pd);
        resolveClass(cls);
        classCache.put(className, cls);
    } catch (Exception ex) {
        logger.error("define class error", ex);
    }

    return cls;
}
 

@Override
public boolean implies(ProtectionDomain domain, Permission permission) {
    if (permName.equals(permission.getName())) {
        System.out.println("---MyPolicy-implies checks permission for "
                +permName+" and returns "+allowed);

        return allowed;
    } else {
        return true;
    }
}
 

public static void main(String... args) throws Throwable {
    boolean sm = false;
    if (args.length > 0 && args[0].equals("sm")) {
        sm = true;
        PermissionCollection perms = new Permissions();
        perms.add(new RuntimePermission("getStackWalkerWithClassReference"));
        Policy.setPolicy(new Policy() {
            @Override
            public boolean implies(ProtectionDomain domain, Permission p) {
                return perms.implies(p);
            }
        });
        System.setSecurityManager(new SecurityManager());
    }

    System.err.format("Test %s security manager.%n",
                      sm ? "with" : "without");

    CallerSensitiveTest cstest = new CallerSensitiveTest();
    // test static call to java.util.CSM::caller and CSM::getCallerClass
    cstest.staticMethodCall();
    // test java.lang.reflect.Method call
    cstest.reflectMethodCall();
    // test java.lang.invoke.MethodHandle
    cstest.invokeMethodHandle(Lookup1.lookup);
    cstest.invokeMethodHandle(Lookup2.lookup);
    // test method ref
    cstest.lambda();

    LambdaTest.lambda();

    if (failed > 0) {
        throw new RuntimeException(failed + " test cases failed.");
    }
}
 

public byte[]
transform(
    ClassLoader loader,
    String className,
    Class<?> classBeingRedefined,
    ProtectionDomain    protectionDomain,
    byte[] classfileBuffer) {
    boolean redef = classBeingRedefined != null;
    System.out.println(trname + ": " +
                       (redef? "Retransforming " : "Loading ") + className);
    if (className != null) {
        try {
            byte[] newcf = Instrumentor.instrFor(classfileBuffer)
                           .addNativeMethodTrackingInjection(
                                "wrapped_" + trname + "_",
                                (h)->{
                                    h.push(h.getName());
                                    h.push(transformId);
                                    h.invokeStatic("bootreporter/StringIdCallbackReporter", "tracker", "(Ljava/lang/String;I)V", false);
                                })
                           .apply();
            /*** debugging ...
            if (newcf != null) {
                String fname = trname + (redef?"_redef" : "") + "/" + className;
                System.err.println("dumping to: " + fname);
                write_buffer(fname + "_before.class", classfileBuffer);
                write_buffer(fname + "_instr.class", newcf);
            }
            ***/

            return redef? null : newcf;
        } catch (Throwable ex) {
            System.err.println("ERROR: Injection failure: " + ex);
            ex.printStackTrace();
            System.err.println("Returning bad class file, to cause test failure");
            return new byte[0];
        }
    }
    return null;
}
 

public void testListen() {
    assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
    final PermissionCollection noPermissions = new Permissions();
    final ESPolicy policy = new ESPolicy(noPermissions, Collections.emptyMap(), true);
    assertFalse(
        policy.implies(
            new ProtectionDomain(ESPolicyUnitTests.class.getProtectionDomain().getCodeSource(), noPermissions),
            new SocketPermission("localhost:" + randomFrom(0, randomIntBetween(49152, 65535)), "listen")));
}
 

private static void checkPerm(PolicyFile p, ProtectionDomain pd)
            throws Exception {
    boolean foundIt = false;
    Enumeration perms = p.getPermissions(pd).elements();
    while (perms.hasMoreElements()) {
        Permission perm = (Permission)perms.nextElement();
        if (perm instanceof AllPermission) {
            foundIt = true;
            break;
        }
    }
    if (!foundIt) {
        throw new SecurityException("expected AllPermission");
    }
}
 

static AccessControlContext createPermAccCtxt(final String... permNames) {
    final Permissions perms = new Permissions();
    for (final String permName : permNames) {
        perms.add(new RuntimePermission(permName));
    }
    return new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
}
 

public byte[] transform(ClassLoader loader, String className, Class<?> classBeingRedefined,
                        ProtectionDomain pd, byte[] classFile) throws IllegalClassFormatException {
    if (isLibraryClass(className)) return null;
    debugMessage("Transforming: " + className + " [loader=" + loader + ']');

    // Save original bytecode.
    if (saveBytecode)
        debugWriteClass(className + ".orig", classFile);

    ClassReader reader = new ClassReader(classFile);
    // If using COMPUTE_FRAMES, also enable the JSRInlinerAdapter
    // in CtxEnhancherAdapter.
    int wFlags = ClassWriter.COMPUTE_MAXS; // | ClassWriter.COMPUTE_FRAMES;
    ClassWriter writer = new ContextClassWriter(loader, wFlags);
    ClassVisitor ctxAdapter = new CtxEnhancherAdapter(writer, className, optInstrumentCGE, loader);
    try {
        ClassNode cn = new ClassNode(Opcodes.ASM5);
        reader.accept(cn, ClassReader.EXPAND_FRAMES);
        cn.accept(ctxAdapter);
    } catch (RuntimeException ex) {
        System.err.println(CTXT_AGENT + "ASM error visiting class " + className);
        ex.printStackTrace();
        System.exit(-1);
    }

    byte[] ret = writer.toByteArray();

    // Save transformed bytecode.
    if (saveBytecode)
        debugWriteClass(className, ret);
    // Check bytecode for correctness.
    if (debug)
        checkBytecode(loader, className, ret, wFlags);

    return ret;
}
 

/**
 * Tells the VM to define a class, without security checks.  By default, the
 * class loader and protection domain come from the caller's class.
 */
@ForceInline
public Class<?> defineClass(String name, byte[] b, int off, int len,
                            ClassLoader loader,
                            ProtectionDomain protectionDomain) {
    return theInternalUnsafe.defineClass(name, b, off, len, loader, protectionDomain);
}
 

/**
 * Tells the VM to define a class, without security checks.  By default, the
 * class loader and protection domain come from the caller's class.
 */
public Class<?> defineClass(String name, byte[] b, int off, int len,
                            ClassLoader loader,
                            ProtectionDomain protectionDomain) {
    if (b == null) {
        throw new NullPointerException();
    }
    if (len < 0) {
        throw new ArrayIndexOutOfBoundsException();
    }

    return defineClass0(name, b, off, len, loader, protectionDomain);
}
 

/**
 * Tests loading a class from a jar.
 */
@Test
public void testLoadingFilterPlugin() throws ClassNotFoundException, IllegalAccessException, InstantiationException {
    // Get URL to our jar
    final URL jar = getClass().getClassLoader().getResource("testDeserializer/testPlugins.jar");
    final String classPath = "examples.filter.LowOffsetFilter";

    // Create class loader
    final PluginClassLoader pluginClassLoader = new PluginClassLoader(jar, getClass().getClassLoader());

    final Class<? extends RecordFilter> filterPlugin = (Class<? extends RecordFilter>) pluginClassLoader.loadClass(classPath);
    assertNotNull("Should not be null", filterPlugin);

    // Create an instance of it and validate.
    final RecordFilter filter = filterPlugin.newInstance();
    final String topic = "MyTopic";
    final int partition = 2;
    final long offset = 2423L;
    final Object key = "key";
    final Object value = "{name='Bob', value='value'}";
    filter.includeRecord(topic, partition, offset, key, value);

    // Validate it came from our classloader, more of a sanity test.
    assertTrue("Should have our parent class loader", filter.getClass().getClassLoader() instanceof PluginClassLoader);

    // Validate permission set defined
    final ProtectionDomain protectionDomain = filter.getClass().getProtectionDomain();
    final PermissionCollection permissionCollection = protectionDomain.getPermissions();
    assertTrue("Should have read only permissions", permissionCollection.isReadOnly());
}
 

private static String printDomain(final ProtectionDomain pd) {
    if (pd == null) {
        return "null";
    }
    return AccessController.doPrivileged(new PrivilegedAction<String>() {
        public String run() {
            return pd.toString();
        }
    });
}
 

private static ProtectionDomain createMinimalPermissionDomain() {
    // Generated classes need to have at least the permission to access Nashorn runtime and runtime.linker packages.
    final Permissions permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.objects"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime.linker"));
    return new ProtectionDomain(new CodeSource(null, (CodeSigner[])null), permissions);
}
 

@Override
public PermissionCollection getPermissions(ProtectionDomain domain) {
    return new PermissionsBuilder().addAll(
            allowAll.get().get() ? allPermissions :
            allowControl.get().get()
            ? withControlPermissions : permissions).toPermissions();
}
 

@Override
public byte[] transform(ClassLoader cl, String className, Class<?> classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException {
    if (Intrinsic.class.equals(classBeingRedefined)) {
        String cf = new String(classfileBuffer);
        int i = cf.indexOf("intrinsic");
        Assert.assertTrue("cannot find \"intrinsic\" constant in " + Intrinsic.class.getSimpleName() + "'s class file", i > 0);
        System.arraycopy("redefined".getBytes(), 0, classfileBuffer, i, "redefined".length());
    }
    return classfileBuffer;
}