1 /*
2  * Copyright (c) 2014, 2021, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.
8  *
9  * This code is distributed in the hope that it will be useful, but WITHOUT
10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12  * version 2 for more details (a copy is included in the LICENSE file that
13  * accompanied this code).
14  *
15  * You should have received a copy of the GNU General Public License version
16  * 2 along with this work; if not, write to the Free Software Foundation,
17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18  *
19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20  * or visit www.oracle.com if you need additional information or have any
21  * questions.
22  */
23 
24 package common;
25 
26 import javax.xml.XMLConstants;
27 import javax.xml.transform.TransformerFactory;
28 import javax.xml.validation.SchemaFactory;
29 import javax.xml.xpath.XPathFactory;
30 
31 import static jaxp.library.JAXPTestUtilities.clearSystemProperty;
32 import static jaxp.library.JAXPTestUtilities.setSystemProperty;
33 import org.testng.Assert;
34 import org.testng.annotations.Listeners;
35 import org.testng.annotations.Test;
36 
37 /*
38  * @test
39  * @bug 7143711
40  * @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest
41  * @run testng/othervm -DrunSecMngr=true -Djava.security.manager=allow common.Bug7143711Test
42  * @summary Test set use-service-mechanism shall not override what's set by the constructor in secure mode.
43  */
44 @Listeners({ jaxp.library.BasePolicy.class })
45 @Test(singleThreaded = true)
46 public class Bug7143711Test {
47     private static final String SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
48     private static final String SCHEMA_SOURCE = "http://java.sun.com/xml/jaxp/properties/schemaSource";
49 
50     private static final String DOM_FACTORY_ID = "javax.xml.parsers.DocumentBuilderFactory";
51     private static final String SAX_FACTORY_ID = "javax.xml.parsers.SAXParserFactory";
52 
53     // impl specific feature
54     private static final String ORACLE_FEATURE_SERVICE_MECHANISM = "http://www.oracle.com/feature/use-service-mechanism";
55 
56     @Test
testValidation_SAX_withSM()57     public void testValidation_SAX_withSM() {
58         System.out.println("Validation using SAX Source with security manager:");
59         setSystemProperty(SAX_FACTORY_ID, "MySAXFactoryImpl");
60 
61         try {
62             SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
63             // should not allow
64             factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true);
65             if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) {
66                 Assert.fail("should not override in secure mode");
67             }
68         } catch (Exception e) {
69             Assert.fail(e.getMessage());
70 
71         } finally {
72             clearSystemProperty(SAX_FACTORY_ID);
73         }
74     }
75 
76     @Test(enabled=false) //skipped due to bug JDK-8080097
testTransform_DOM_withSM()77     public void testTransform_DOM_withSM() {
78         System.out.println("Transform using DOM Source;  Security Manager is set:");
79         setSystemProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl");
80 
81         try {
82             TransformerFactory factory = TransformerFactory.newInstance("com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl",
83                     TransformerFactory.class.getClassLoader());
84             factory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true);
85             if ((boolean) factory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) {
86                 Assert.fail("should not override in secure mode");
87             }
88 
89         } catch (Exception e) {
90             Assert.fail(e.getMessage());
91         } finally {
92             clearSystemProperty(DOM_FACTORY_ID);
93         }
94     }
95 
96     @Test
testXPath_DOM_withSM()97     public void testXPath_DOM_withSM() {
98         System.out.println("Evaluate DOM Source;  Security Manager is set:");
99         setSystemProperty(DOM_FACTORY_ID, "MyDOMFactoryImpl");
100 
101         try {
102             XPathFactory xPathFactory = XPathFactory.newInstance("http://java.sun.com/jaxp/xpath/dom",
103                     "com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl", null);
104             xPathFactory.setFeature(ORACLE_FEATURE_SERVICE_MECHANISM, true);
105             if ((boolean) xPathFactory.getFeature(ORACLE_FEATURE_SERVICE_MECHANISM)) {
106                 Assert.fail("should not override in secure mode");
107             }
108 
109         } catch (Exception e) {
110             Assert.fail(e.getMessage());
111         } finally {
112             clearSystemProperty(DOM_FACTORY_ID);
113         }
114     }
115 }
116