1 /* 2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.net.URLPermission; 25 import java.io.*; 26 27 /** 28 * @test 29 * @bug 8010464 8027570 8027687 8029354 30 */ 31 32 public class URLPermissionTest { 33 34 // super class for all test types 35 abstract static class Test { 36 boolean expected; execute()37 abstract boolean execute(); 38 }; 39 40 // Instantiation: should succeed 41 static class CreateTest extends Test { 42 String arg; CreateTest(String arg)43 CreateTest(String arg) { 44 this.arg = arg; 45 } 46 47 @Override execute()48 boolean execute() { 49 try { 50 URLPermission p = new URLPermission(arg); 51 return true; 52 } catch (Exception e) { 53 return false; 54 } 55 } 56 }; 57 createtest(String arg)58 static CreateTest createtest(String arg) { 59 return new CreateTest(arg); 60 } 61 62 // Should throw an IAE on construction 63 64 static class ExTest extends Test { 65 String arg; ExTest(String arg)66 ExTest(String arg) { 67 this.arg = arg; 68 } 69 70 @Override execute()71 boolean execute() { 72 try { 73 URLPermission p = new URLPermission(arg); 74 return false; 75 } catch (IllegalArgumentException e) { 76 return true; 77 } 78 } 79 }; 80 extest(String arg)81 static ExTest extest(String arg) { 82 return new ExTest(arg); 83 } 84 85 // Tests URL part of implies() method. This is the main test. 86 static class URLImpliesTest extends Test { 87 String arg1, arg2; 88 URLImpliesTest(String arg1, String arg2, boolean expected)89 URLImpliesTest(String arg1, String arg2, boolean expected) { 90 this.arg1 = arg1; 91 this.arg2 = arg2; 92 this.expected = expected; 93 } 94 execute()95 boolean execute() { 96 URLPermission p1 = new URLPermission (arg1, "GET:*"); 97 URLPermission p2 = new URLPermission (arg2, "GET:*"); 98 boolean result = p1.implies(p2); 99 if (result != expected) { 100 System.out.println("p1 = " + p1); 101 System.out.println("p2 = " + p2); 102 } 103 return result == expected; 104 } 105 }; 106 imtest(String arg1, String arg2, boolean expected)107 static URLImpliesTest imtest(String arg1, String arg2, boolean expected) { 108 return new URLImpliesTest(arg1, arg2, expected); 109 } 110 111 static class ActionImpliesTest extends Test { 112 String arg1, arg2; 113 ActionImpliesTest(String arg1, String arg2, boolean expected)114 ActionImpliesTest(String arg1, String arg2, boolean expected) { 115 this.arg1 = arg1; 116 this.arg2 = arg2; 117 this.expected = expected; 118 } 119 120 @Override execute()121 boolean execute() { 122 String url1 = "http://www.foo.com/-"; 123 String url2 = "http://www.foo.com/a/b"; 124 URLPermission p1 = new URLPermission(url1, arg1); 125 URLPermission p2 = new URLPermission(url2, arg2); 126 boolean result = p1.implies(p2); 127 128 return result == expected; 129 } 130 } 131 actest(String arg1, String arg2, boolean expected)132 static ActionImpliesTest actest(String arg1, String arg2, boolean expected) { 133 return new ActionImpliesTest(arg1, arg2, expected); 134 } 135 136 static class HashCodeTest extends Test { 137 String arg1, arg2; 138 int hash; 139 HashCodeTest(String arg1, String arg2, int hash)140 HashCodeTest(String arg1, String arg2, int hash) { 141 this.arg1 = arg1; 142 this.arg2 = arg2; 143 this.hash = hash; 144 } 145 146 @Override execute()147 boolean execute() { 148 URLPermission p = new URLPermission(arg1, arg2); 149 int h = p.hashCode(); 150 return h == hash; 151 } 152 } 153 hashtest(String arg1, String arg2, int expected)154 static HashCodeTest hashtest(String arg1, String arg2, int expected) { 155 return new HashCodeTest(arg1, arg2, expected); 156 } 157 158 static class URLEqualityTest extends Test { 159 String arg1, arg2; 160 URLEqualityTest(String arg1, String arg2, boolean expected)161 URLEqualityTest(String arg1, String arg2, boolean expected) { 162 this.arg1 = arg1; 163 this.arg2 = arg2; 164 this.expected = expected; 165 } 166 167 @Override execute()168 boolean execute() { 169 URLPermission p1 = new URLPermission(arg1); 170 URLPermission p2 = new URLPermission(arg2); 171 boolean result = p1.equals(p2); 172 173 return result == expected; 174 } 175 } 176 eqtest(String arg1, String arg2, boolean expected)177 static URLEqualityTest eqtest(String arg1, String arg2, boolean expected) { 178 return new URLEqualityTest(arg1, arg2, expected); 179 } 180 181 static Test[] pathImplies = { 182 // single 183 imtest("http://www.foo.com/", "http://www.foo.com/", true), 184 imtest("http://www.bar.com/", "http://www.foo.com/", false), 185 imtest("http://www.foo.com/a/b", "http://www.foo.com/", false), 186 imtest("http://www.foo.com/a/b", "http://www.foo.com/a/b/c", false), 187 // wildcard 188 imtest("http://www.foo.com/a/b/*", "http://www.foo.com/a/b/c", true), 189 imtest("http://www.foo.com/a/b/*", "http://www.foo.com/a/b/*", true), 190 imtest("http://www.foo.com/a/b/*", "http://www.foo.com/a/b/c#frag", true), 191 imtest("http://www.foo.com/a/b/*", "http://www.foo.com/a/b/c#frag?foo=foo", true), 192 imtest("http://www.foo.com/a/b/*", "http://www.foo.com/b/b/c", false), 193 imtest("http://www.foo.com/a/b/*", "http://www.foo.com/a/b/c.html", true), 194 imtest("http://www.foo.com/a/b/*", "http://www.foo.com/a/b/c.html", true), 195 imtest("http://www.foo.com/a/b/*", "https://www.foo.com/a/b/c", false), 196 // recursive 197 imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/-", true), 198 imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c", true), 199 imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c#frag", true), 200 imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c#frag?foo=foo", true), 201 imtest("http://www.foo.com/a/b/-", "http://www.foo.com/b/b/c", false), 202 imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c.html", true), 203 imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c.html", true), 204 imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c/d/e.html", true), 205 imtest("https://www.foo.com/a/b/-", "http://www.foo.com/a/b/c/d/e.html", false), 206 imtest("http://www.foo.com/a/b/-", "http://www.foo.com/a/b/c/d/e#frag", true), 207 imtest("http://www.foo.com/a/b/-", "https://www.foo.com/a/b/c", false), 208 // special cases 209 imtest("http:*", "https://www.foo.com/a/b/c", false), 210 imtest("http:*", "http://www.foo.com/a/b/c", true), 211 imtest("http:*", "http://foo/bar", true), 212 imtest("http://WWW.foO.cOM/a/b/*", "http://wwW.foo.com/a/b/c", true), 213 imtest("http://wWw.fOo.cOm/a/b/*", "http://Www.foo.com/a/b/*", true), 214 imtest("http://www.FOO.com/", "http://www.foo.COM/", true), 215 imtest("http://66ww-w.F-O012O.com/", "http://66ww-w.f-o012o.COM/",true), 216 imtest("http://xn--ire-9la.com/", "http://xn--ire-9la.COM/", true), 217 imtest("http://x/", "http://X/", true), 218 imtest("http://x/", "http://x/", true), 219 imtest("http://X/", "http://X/", true), 220 imtest("http://foo/bar", "https://foo/bar", false) 221 }; 222 223 // new functionality 224 225 static Test[] exceptionTests = { 226 extest("http://1.2.3.4.5/a/b/c"), 227 extest("http://www.*.com"), 228 extest("http://[foo.com]:99"), 229 extest("http://[fec0::X]:99"), 230 extest("http:\\www.foo.com"), 231 extest("http://w_09ww.foo.com"), 232 extest("http://w&09ww.foo.com/p"), 233 extest("http://www+foo.com"), 234 extest("http:") 235 }; 236 237 static Test[] hashTests = { 238 hashtest("http://www.foo.com/path", "GET:X-Foo", 388644203), 239 hashtest("http:*", "*:*", 3255810) 240 }; 241 242 static Test[] pathImplies2 = { 243 imtest("http://[FE80::]:99", "http://[fe80:0::]:99", true), 244 245 // hostnames 246 imtest("http://*.foo.com/a/b/-", "http://www.foo.com/a/b/c/d", true), 247 imtest("http://*.foo.com/a/b/-", "http://www.bar.com/a/b/c/d", false), 248 imtest("http://*.foo.com/a/b/-", "http://www.biz.bar.foo.com/a/b/c/d", true), 249 imtest("http://*.foo.com/a/b/-", "http://www.biz.bar.foo.como/a/b/c/d", false), 250 imtest("http://*/a/b/-", "http://www.biz.bar.foo.fuzz/a/b/c/d", true), 251 imtest("http://*/a/b/-", "http://*/a/b/c/d", true), 252 imtest("http://*.foo.com/a/b/-", "http://*/a/b/c/d", false), 253 imtest("http:*", "http://*/a/b/c/d", true), 254 255 // literal IPv4 addresses 256 imtest("http://1.2.3.4/a/b/-", "http://www.biz.bar.foo.com/a/b/c/d", false), 257 imtest("http://1.2.3.4/a/b/-", "http://1.2.3.4/a/b/c/d", true), 258 imtest("http://1.2.3.4/a/b/-", "http://1.2.88.4/a/b/c/d", false), 259 imtest("http:*", "http://1.2.88.4/a/b/c/d", true), 260 261 // literal IPv6 addresses 262 imtest("http://[fe80::]/a/b/-", "http://[fe80::0]/a/b/c", true), 263 imtest("http://[fe80::]/a/b/-", "http://[fe80::3]/a/b/c", false), 264 imtest("http://[1:2:3:4:5:6:7:8]/a/b/-","http://[1:002:03:4:0005:6:07:8]/a/b/c", true), 265 imtest("http://[1:2:3:4:5:6:7:8]/a/b/-","http://[1:002:03:4:0033:6:07:8]/a/b/c", false), 266 imtest("http://[1::2]/a/b/-", "http://[1:0:0:0::2]/a/b/c", true), 267 imtest("http://[1::2]/a/b/-", "http://[1:0:0:0::3]/a/b/c", false), 268 imtest("http://[FE80::]:99", "http://[fe80:0::]:99", true), 269 imtest("http:*", "http://[fe80:0::]:99", true), 270 271 // portranges 272 imtest("http://*.foo.com:1-2/a/b/-", "http://www.foo.com:1/a/b/c/d", true), 273 imtest("http://*.foo.com:1-2/a/b/-", "http://www.foo.com:3/a/b/c/d", false), 274 imtest("http://*.foo.com:3-/a/b/-", "http://www.foo.com:1/a/b/c/d", false), 275 imtest("http://*.foo.com:3-/a/b/-", "http://www.foo.com:4-5/a/b/c/d", true), 276 imtest("http://*.foo.com:3-/a/b/-", "http://www.foo.com:3-3/a/b/c/d", true), 277 imtest("http://*.foo.com:3-99/a/b/-", "http://www.foo.com:55-100/a/b/c/d", false), 278 imtest("http://*.foo.com:-44/a/b/-", "http://www.foo.com:1/a/b/c/d", true), 279 imtest("http://*.foo.com:-44/a/b/-", "http://www.foo.com:1-10/a/b/c/d", true), 280 imtest("http://*.foo.com:-44/a/b/-", "http://www.foo.com:44/a/b/c/d", true), 281 imtest("http://*.foo.com:-44/a/b/-", "http://www.foo.com:45/a/b/c/d", false), 282 imtest("http://www.foo.com:70-90/a/b", "http://www.foo.com/a/b", true), 283 imtest("https://www.foo.com/a/b", "https://www.foo.com:80/a/b", false), 284 imtest("https://www.foo.com:70-90/a/b", "https://www.foo.com/a/b", false), 285 imtest("https://www.foo.com/a/b", "https://www.foo.com:443/a/b", true), 286 imtest("https://www.foo.com:200-500/a/b", "https://www.foo.com/a/b", true), 287 imtest("http://www.foo.com:*/a/b", "http://www.foo.com:1-12345/a/b", true), 288 imtest("http://host/a/b", "http://HOST/a/b", true), 289 290 // misc 291 imtest("https:*", "http://www.foo.com", false), 292 imtest("https:*", "http:*", false) 293 }; 294 295 static Test[] actionImplies = { 296 actest("GET", "GET", true), 297 actest("GET", "POST", false), 298 actest("GET:", "PUT", false), 299 actest("GET:", "GET", true), 300 actest("GET,POST", "GET", true), 301 actest("GET,POST:", "GET", true), 302 actest("GET:X-Foo", "GET:x-foo", true), 303 actest("GET:X-Foo,X-bar", "GET:x-foo", true), 304 actest("GET:X-Foo", "GET:x-boo", false), 305 actest("GET:X-Foo,X-Bar", "GET:x-bar,x-foo", true), 306 actest("GET:X-Bar,X-Foo,X-Bar,Y-Foo", "GET:x-bar,x-foo", true), 307 actest("GET:*", "GET:x-bar,x-foo", true), 308 actest("*:*", "GET:x-bar,x-foo", true) 309 }; 310 311 static Test[] equalityTests = { 312 eqtest("http://www.foo.com", "http://www.FOO.CoM", true), 313 eqtest("http://[fe80:0:0::]:1-2", "HTTP://[FE80::]:1-2", true), 314 eqtest("HTTP://1.2.3.5/A/B/C", "http://1.2.3.5/A/b/C", false), 315 eqtest("HTTP://1.2.3.5/A/B/C", "HTTP://1.2.3.5/A/b/C", false), 316 eqtest("http:*", "http:*", true), 317 eqtest("http://www.foo.com/a/b", "https://www.foo.com/a/b", false), 318 eqtest("http://w.foo.com", "http://w.foo.com/", false), 319 eqtest("http://*.foo.com", "http://*.foo.com", true), 320 eqtest("http://www.foo.com/a/b", "http://www.foo.com:80/a/b", true), 321 eqtest("http://www.foo.com/a/b", "http://www.foo.com:82/a/b", false), 322 eqtest("https://www.foo.com/a/b", "https://www.foo.com:443/a/b", true), 323 eqtest("https://www.foo.com/a/b", "https://www.foo.com:444/a/b", false), 324 eqtest("http://michael@foo.com/bar","http://michael@foo.com/bar", true), 325 eqtest("http://Michael@foo.com/bar","http://michael@goo.com/bar",false), 326 eqtest("http://michael@foo.com/bar","http://george@foo.com/bar", true), 327 eqtest("http://@foo.com/bar","http://foo.com/bar", true) 328 }; 329 330 static Test[] createTests = { 331 createtest("http://user@foo.com/a/b/c"), 332 createtest("http://user:pass@foo.com/a/b/c"), 333 createtest("http://user:@foo.com/a/b/c") 334 }; 335 336 static boolean failed = false; 337 main(String args[])338 public static void main(String args[]) throws Exception { 339 for (int i=0; i<pathImplies.length ; i++) { 340 URLImpliesTest test = (URLImpliesTest)pathImplies[i]; 341 Exception caught = null; 342 boolean result = false; 343 try { 344 result = test.execute(); 345 } catch (Exception e) { 346 caught = e; 347 e.printStackTrace(); 348 } 349 if (!result) { 350 failed = true; 351 System.out.printf("path test %d failed: %s : %s\n", i, test.arg1, 352 test.arg2); 353 } else { 354 System.out.println ("path test " + i + " OK"); 355 } 356 357 } 358 359 // new tests for functionality added in revision of API 360 361 for (int i=0; i<pathImplies2.length ; i++) { 362 URLImpliesTest test = (URLImpliesTest)pathImplies2[i]; 363 Exception caught = null; 364 boolean result = false; 365 try { 366 result = test.execute(); 367 } catch (Exception e) { 368 caught = e; 369 e.printStackTrace(); 370 } 371 if (!result) { 372 failed = true; 373 System.out.printf("path2 test %d failed: %s : %s\n", i, test.arg1, 374 test.arg2); 375 } else { 376 System.out.println ("path2 test " + i + " OK"); 377 } 378 379 } 380 381 for (int i=0; i<equalityTests.length ; i++) { 382 URLEqualityTest test = (URLEqualityTest)equalityTests[i]; 383 Exception caught = null; 384 boolean result = false; 385 try { 386 result = test.execute(); 387 } catch (Exception e) { 388 caught = e; 389 e.printStackTrace(); 390 } 391 if (!result) { 392 failed = true; 393 System.out.printf("equality test %d failed: %s : %s\n", i, test.arg1, 394 test.arg2); 395 } else { 396 System.out.println ("equality test " + i + " OK"); 397 } 398 399 } 400 401 for (int i=0; i<hashTests.length; i++) { 402 HashCodeTest test = (HashCodeTest)hashTests[i]; 403 boolean result = test.execute(); 404 if (!result) { 405 System.out.printf ("test failed: %s %s %d\n", test.arg1, test.arg2, test.hash); 406 failed = true; 407 } else { 408 System.out.println ("hash test " + i + " OK"); 409 } 410 } 411 412 for (int i=0; i<exceptionTests.length; i++) { 413 ExTest test = (ExTest)exceptionTests[i]; 414 boolean result = test.execute(); 415 if (!result) { 416 System.out.println ("test failed: " + test.arg); 417 failed = true; 418 } else { 419 System.out.println ("exception test " + i + " OK"); 420 } 421 } 422 423 for (int i=0; i<createTests.length; i++) { 424 CreateTest test = (CreateTest)createTests[i]; 425 boolean result = test.execute(); 426 if (!result) { 427 System.out.println ("test failed: " + test.arg); 428 failed = true; 429 } else { 430 System.out.println ("create test " + i + " OK"); 431 } 432 } 433 434 for (int i=0; i<actionImplies.length ; i++) { 435 ActionImpliesTest test = (ActionImpliesTest)actionImplies[i]; 436 Exception caught = null; 437 boolean result = false; 438 try { 439 result = test.execute(); 440 } catch (Exception e) { 441 caught = e; 442 e.printStackTrace(); 443 } 444 if (!result) { 445 failed = true; 446 System.out.println ("test failed: " + test.arg1 + ": " + 447 test.arg2 + " Exception: " + caught); 448 } 449 System.out.println ("action test " + i + " OK"); 450 } 451 452 serializationTest("http://www.foo.com/-", "GET,DELETE:*"); 453 serializationTest("https://www.foo.com/-", "POST:X-Foo"); 454 serializationTest("https:*", "*:*"); 455 serializationTest("http://www.foo.com/a/b/s/", "POST:X-Foo"); 456 serializationTest("http://www.foo.com/a/b/s/*", "POST:X-Foo"); 457 458 if (failed) { 459 throw new RuntimeException("some tests failed"); 460 } 461 462 } 463 serializationTest(String name, String actions)464 static void serializationTest(String name, String actions) 465 throws Exception { 466 467 URLPermission out = new URLPermission(name, actions); 468 469 ByteArrayOutputStream baos = new ByteArrayOutputStream(); 470 ObjectOutputStream o = new ObjectOutputStream(baos); 471 o.writeObject(out); 472 ByteArrayInputStream bain = new ByteArrayInputStream(baos.toByteArray()); 473 ObjectInputStream i = new ObjectInputStream(bain); 474 URLPermission in = (URLPermission)i.readObject(); 475 if (!in.equals(out)) { 476 System.out.println ("FAIL"); 477 System.out.println ("in = " + in); 478 System.out.println ("out = " + out); 479 failed = true; 480 } 481 } 482 } 483