java.security.SecurityPermission Java Examples

The following examples show how to use java.security.SecurityPermission. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: JSR166TestCase.java    From j2objc with Apache License 2.0 7 votes vote down vote up
/**
 * Returns a policy containing all the permissions we ever need.
 */
public static Policy permissivePolicy() {
    return new AdjustablePolicy
        // Permissions j.u.c. needs directly
        (new RuntimePermission("modifyThread"),
         new RuntimePermission("getClassLoader"),
         new RuntimePermission("setContextClassLoader"),
         // Permissions needed to change permissions!
         new SecurityPermission("getPolicy"),
         new SecurityPermission("setPolicy"),
         new RuntimePermission("setSecurityManager"),
         // Permissions needed by the junit test harness
         new RuntimePermission("accessDeclaredMembers"),
         new PropertyPermission("*", "read"),
         new java.io.FilePermission("<<ALL FILES>>", "read"));
}
 
Example #2
Source File: JSR166TestCase.java    From caffeine with Apache License 2.0 6 votes vote down vote up
/**
 * Returns a policy containing all the permissions we ever need.
 */
public static Policy permissivePolicy() {
    return new AdjustablePolicy
        // Permissions j.u.c. needs directly
        (new RuntimePermission("modifyThread"),
         new RuntimePermission("getClassLoader"),
         new RuntimePermission("setContextClassLoader"),
         // Permissions needed to change permissions!
         new SecurityPermission("getPolicy"),
         new SecurityPermission("setPolicy"),
         new RuntimePermission("setSecurityManager"),
         // Permissions needed by the junit test harness
         new RuntimePermission("accessDeclaredMembers"),
         new PropertyPermission("*", "read"),
         new java.io.FilePermission("<<ALL FILES>>", "read"));
}
 
Example #3
Source File: PermissionTest.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
public void setBasicPermissions() {
    permissions.add(new SecurityPermission("getPolicy"));
    permissions.add(new SecurityPermission("setPolicy"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("setSecurityManager"));
    permissions.add(new RuntimePermission("createSecurityManager"));
    permissions.add(new PropertyPermission("testng.show.stack.frames",
            "read"));
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("test.src", "read"));
    permissions.add(new PropertyPermission("file.separator", "read"));
    permissions.add(new PropertyPermission("line.separator", "read"));
    permissions.add(new PropertyPermission("fileStringBuffer", "read"));
    permissions.add(new PropertyPermission("dataproviderthreadcount", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "execute"));
}
 
Example #4
Source File: JSR166TestCase.java    From database with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Returns a policy containing all the permissions we ever need.
 */
public static Policy permissivePolicy() {
    return new AdjustablePolicy
        // Permissions j.u.c. needs directly
        (new RuntimePermission("modifyThread"),
         new RuntimePermission("getClassLoader"),
         new RuntimePermission("setContextClassLoader"),
         // Permissions needed to change permissions!
         new SecurityPermission("getPolicy"),
         new SecurityPermission("setPolicy"),
         new RuntimePermission("setSecurityManager"),
         // Permissions needed by the junit test harness
         new RuntimePermission("accessDeclaredMembers"),
         new PropertyPermission("*", "read"),
         new java.io.FilePermission("<<ALL FILES>>", "read"));
}
 
Example #5
Source File: JSR166TestCase.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Returns a policy containing all the permissions we ever need.
 */
public static Policy permissivePolicy() {
    return new AdjustablePolicy
        // Permissions j.u.c. needs directly
        (new RuntimePermission("modifyThread"),
         new RuntimePermission("getClassLoader"),
         new RuntimePermission("setContextClassLoader"),
         // Permissions needed to change permissions!
         new SecurityPermission("getPolicy"),
         new SecurityPermission("setPolicy"),
         new RuntimePermission("setSecurityManager"),
         // Permissions needed by the junit test harness
         new RuntimePermission("accessDeclaredMembers"),
         new PropertyPermission("*", "read"),
         new java.io.FilePermission("<<ALL FILES>>", "read"));
}
 
Example #6
Source File: JSR166TestCase.java    From streamsupport with GNU General Public License v2.0 6 votes vote down vote up
/**
     * Returns a policy containing all the permissions we ever need.
     */
    public static Policy permissivePolicy() {
        return new AdjustablePolicy
            // Permissions j.u.c. needs directly
            (new RuntimePermission("modifyThread"),
             new RuntimePermission("getClassLoader"),
             new RuntimePermission("setContextClassLoader"),
//             new RuntimePermission("modifyThreadGroup"),
//             new RuntimePermission("enableContextClassLoaderOverride"),
             // Permissions needed to change permissions!
             new SecurityPermission("getPolicy"),
             new SecurityPermission("setPolicy"),
             new RuntimePermission("setSecurityManager"),
             // Permissions needed by the junit test harness
             new RuntimePermission("accessDeclaredMembers"),
             new PropertyPermission("*", "read"),
             new java.io.FilePermission("<<ALL FILES>>", "read"));
    }
 
Example #7
Source File: JSR166TestCase.java    From extension-kafka with Apache License 2.0 6 votes vote down vote up
/** Returns a policy containing all the permissions we ever need. */
public static Policy permissivePolicy() {
  return new AdjustablePolicy
  // Permissions j.u.c. needs directly
  (
      new RuntimePermission("modifyThread"),
      new RuntimePermission("getClassLoader"),
      new RuntimePermission("setContextClassLoader"),
      // Permissions needed to change permissions!
      new SecurityPermission("getPolicy"),
      new SecurityPermission("setPolicy"),
      new RuntimePermission("setSecurityManager"),
      // Permissions needed by the junit test harness
      new RuntimePermission("accessDeclaredMembers"),
      new PropertyPermission("*", "read"),
      new java.io.FilePermission("<<ALL FILES>>", "read"));
}
 
Example #8
Source File: LuceneTestCase.java    From lucene-solr with Apache License 2.0 5 votes vote down vote up
/** 
 * Runs a code part with restricted permissions (be sure to add all required permissions,
 * because it would start with empty permissions). You cannot grant more permissions than
 * our policy file allows, but you may restrict writing to several dirs...
 * <p><em>Note:</em> This assumes a {@link SecurityManager} enabled, otherwise it
 * stops test execution. If enabled, it needs the following {@link SecurityPermission}:
 * {@code "createAccessControlContext"}
 */
public static <T> T runWithRestrictedPermissions(PrivilegedExceptionAction<T> action, Permission... permissions) throws Exception {
  assumeTrue("runWithRestrictedPermissions requires a SecurityManager enabled", System.getSecurityManager() != null);
  // be sure to have required permission, otherwise doPrivileged runs with *no* permissions:
  AccessController.checkPermission(new SecurityPermission("createAccessControlContext"));
  final PermissionCollection perms = new Permissions();
  Arrays.stream(permissions).forEach(perms::add);
  final AccessControlContext ctx = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
  try {
    return AccessController.doPrivileged(action, ctx);
  } catch (PrivilegedActionException e) {
    throw e.getException();
  }
}
 
Example #9
Source File: NonPublicProxyClass.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 
Example #10
Source File: NonPublicProxyClass.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 
Example #11
Source File: KeyStore.java    From openjdk-8-source with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName(), entries);

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}
 
Example #12
Source File: TestPolicy.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
private void setMinimalPermissions() {
    permissions.add(new SecurityPermission("getPolicy"));
    permissions.add(new SecurityPermission("setPolicy"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("setSecurityManager"));
    permissions.add(new RuntimePermission("createSecurityManager"));
    permissions.add(new PropertyPermission("testng.show.stack.frames",
            "read"));
    permissions.add(new PropertyPermission("line.separator", "read"));
    permissions.add(new PropertyPermission("fileStringBuffer", "read"));
    permissions.add(new PropertyPermission("dataproviderthreadcount", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>",
            "read, write, delete"));
}
 
Example #13
Source File: NonPublicProxyClass.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 
Example #14
Source File: KeyStore.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName());

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}
 
Example #15
Source File: TestPolicy.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
private void setMinimalPermissions() {
    permissions.add(new SecurityPermission("getPolicy"));
    permissions.add(new SecurityPermission("setPolicy"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("setSecurityManager"));
    permissions.add(new RuntimePermission("createSecurityManager"));
    permissions.add(new PropertyPermission("testng.show.stack.frames",
            "read"));
    permissions.add(new PropertyPermission("line.separator", "read"));
    permissions.add(new PropertyPermission("fileStringBuffer", "read"));
    permissions.add(new PropertyPermission("dataproviderthreadcount", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>",
            "read, write, delete"));
}
 
Example #16
Source File: NonPublicProxyClass.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 
Example #17
Source File: KeyStore.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName());

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}
 
Example #18
Source File: KeyStore.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName(), entries);

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}
 
Example #19
Source File: NonPublicProxyClass.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 
Example #20
Source File: CKeyStore.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
        throws IOException, NoSuchAlgorithmException, CertificateException {
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName());

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }

    if (debug != null) {
        debug.println("MSCAPI keystore load: entry count: " +
                entries.size());
    }
}
 
Example #21
Source File: NonPublicProxyClass.java    From dragonwell8_jdk with GNU General Public License v2.0 5 votes vote down vote up
NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 
Example #22
Source File: TestPolicy.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
private void setMinimalPermissions() {
    permissions.add(new SecurityPermission("getPolicy"));
    permissions.add(new SecurityPermission("setPolicy"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("setSecurityManager"));
    permissions.add(new RuntimePermission("createSecurityManager"));
    permissions.add(new PropertyPermission("testng.show.stack.frames",
            "read"));
    permissions.add(new PropertyPermission("line.separator", "read"));
    permissions.add(new PropertyPermission("fileStringBuffer", "read"));
    permissions.add(new PropertyPermission("dataproviderthreadcount", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>",
            "read, write, delete"));
}
 
Example #23
Source File: KeyStore.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName(), entries);

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}
 
Example #24
Source File: NonPublicProxyClass.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 
Example #25
Source File: SecuritySubjectPermissionsTest.java    From ignite with Apache License 2.0 5 votes vote down vote up
/** {@inheritDoc} */
@Override protected void beforeTestsStarted() throws Exception {
    if (System.getSecurityManager() == null) {
        Policy.setPolicy(new Policy() {
            @Override public PermissionCollection getPermissions(CodeSource cs) {
                Permissions res = new Permissions();

                res.add(new RuntimePermission("*"));
                res.add(new MBeanServerPermission("*"));
                res.add(new MBeanPermission("*", "*"));
                res.add(new MBeanTrustPermission("*"));
                res.add(new ReflectPermission("*"));
                res.add(new SSLPermission("*"));
                res.add(new ManagementPermission("monitor"));
                res.add(new ManagementPermission("control"));
                res.add(new SerializablePermission("*"));
                res.add(new SecurityPermission("*"));
                res.add(new SocketPermission("*", "connect,accept,listen,resolve"));
                res.add(new FilePermission("<<ALL FILES>>", "read,write,delete,execute,readlink"));
                res.add(new PropertyPermission("*", "read,write"));

                res.add(new TestPermission("common"));

                return res;
            }
        });

        System.setSecurityManager(new SecurityManager());

        setupSM = true;
    }
}
 
Example #26
Source File: KeyStore.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName(), entries);

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}
 
Example #27
Source File: NonPublicProxyClass.java    From jdk8u-dev-jdk with GNU General Public License v2.0 5 votes vote down vote up
NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 
Example #28
Source File: LoggingTest.java    From java-cloudant with Apache License 2.0 5 votes vote down vote up
/**
 * Test that a warning is logged if the DNS lifetime cannot be checked because of security
 * permissions.
 *
 * @throws Exception
 */
@Test
public void dnsWarningPermissionDenied(@Mocked final SecurityManager mockSecurityManager)
        throws Exception {

    // Record the mock expectations
    new Expectations() {
        {
            mockSecurityManager.checkPermission(new SecurityPermission("getProperty" +
                    ".networkaddress.cache.ttl"));
            result = new SecurityException("Test exception to deny property access.");
            times = 1;
        }
    };
    logger = setupLogger(ClientBuilder.class, Level.WARNING);
    try {
        System.setSecurityManager(mockSecurityManager);
        CloudantClientHelper.getClientBuilder().build();
    } finally {
        // Unset the mock security manager
        System.setSecurityManager(null);
    }
    // Assert a warning was received
    assertEquals(1, handler.logEntries.size(), "There should be 1 log entry");
    // Assert that it matches the expected pattern
    assertLogMessage("Permission denied to check Java DNS cache TTL\\. .*", 0);
}
 
Example #29
Source File: LoggingTest.java    From java-cloudant with Apache License 2.0 5 votes vote down vote up
/**
 * Test that a warning is logged if a security manager is in use and the DNS cache lifetime
 * property is unset.
 *
 * @throws Exception
 */
@Test
public void dnsWarningDefaultWithSecurityManager(@Mocked final SecurityManager
                                                         mockSecurityManager) throws Exception {
    // Record the mock expectations
    new Expectations() {
        {
            mockSecurityManager.checkPermission(new SecurityPermission("getProperty" +
                    ".networkaddress.cache.ttl"));
            minTimes = 2; // Once to set, once to get, and once to reset
            maxTimes = 3; // Possible third call to reset the value, depending on test ordering
        }
    };
    try {
        System.setSecurityManager(mockSecurityManager);
        // We can't set null as a value and there are no APIs for clearing a value. Another test
        // may already have changed the value so we just set it to something invalid "a" to get
        // a default value.
        basicDnsLogTest("a");
    } finally {
        // Unset the mock security manager
        System.setSecurityManager(null);
    }
    // Assert a warning was received
    assertEquals(1, handler.logEntries.size(), "There should be 1 log entry");
    // Assert that it matches the expected pattern
    assertLogMessage("DNS cache lifetime may be too long\\. .*", 0);
}
 
Example #30
Source File: KeyStore.java    From openjdk-jdk8u-backup with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName());

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}