1 /* 2 * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 */ 23 24 import java.net.URLPermission; 25 /* 26 * Run the tests once without security manager and once with 27 * 28 * @test 29 * @bug 8010464 30 * @compile ../../../com/sun/net/httpserver/SimpleSSLContext.java 31 * @run main/othervm/policy=policy.1 URLTest one 32 * @run main/othervm URLTest one 33 * @run main/othervm/policy=policy.2 URLTest two 34 * @run main/othervm URLTest two 35 * @run main/othervm/policy=policy.3 URLTest three 36 * @run main/othervm URLTest three 37 */ 38 39 import java.net.*; 40 import java.io.*; 41 import java.util.*; 42 import java.util.concurrent.*; 43 import java.util.logging.*; 44 import com.sun.net.httpserver.*; 45 import javax.net.ssl.*; 46 47 public class URLTest { 48 static boolean failed = false; 49 main(String[] args)50 public static void main (String[] args) throws Exception { 51 boolean no = false, yes = true; 52 53 if (System.getSecurityManager() == null) { 54 yes = false; 55 } 56 createServers(); 57 InetSocketAddress addr1 = httpServer.getAddress(); 58 int port1 = addr1.getPort(); 59 InetSocketAddress addr2 = httpsServer.getAddress(); 60 int port2 = addr2.getPort(); 61 62 // each of the following cases is run with a different policy file 63 64 switch (args[0]) { 65 case "one": 66 String url1 = "http://127.0.0.1:"+ port1 + "/foo.html"; 67 String url2 = "https://127.0.0.1:"+ port2 + "/foo.html"; 68 String url3 = "http://127.0.0.1:"+ port1 + "/bar.html"; 69 String url4 = "https://127.0.0.1:"+ port2 + "/bar.html"; 70 71 // simple positive test. Should succceed 72 test(url1, "GET", "X-Foo", no); 73 test(url1, "GET", "Z-Bar", "X-Foo", no); 74 test(url1, "GET", "X-Foo", "Z-Bar", no); 75 test(url1, "GET", "Z-Bar", no); 76 test(url2, "POST", "X-Fob", no); 77 78 // reverse the methods, should fail 79 test(url1, "POST", "X-Foo", yes); 80 test(url2, "GET", "X-Fob", yes); 81 82 // different URLs, should fail 83 test(url3, "GET", "X-Foo", yes); 84 test(url4, "POST", "X-Fob", yes); 85 break; 86 87 case "two": 88 url1 = "http://127.0.0.1:"+ port1 + "/foo.html"; 89 url2 = "https://127.0.0.1:"+ port2 + "/foo.html"; 90 url3 = "http://127.0.0.1:"+ port1 + "/bar.html"; 91 url4 = "https://127.0.0.1:"+ port2 + "/bar.html"; 92 93 // simple positive test. Should succceed 94 test(url1, "GET", "X-Foo", no); 95 test(url2, "POST", "X-Fob", no); 96 test(url3, "GET", "X-Foo", no); 97 test(url4, "POST", "X-Fob", no); 98 break; 99 100 case "three": 101 url1 = "http://127.0.0.1:"+ port1 + "/foo.html"; 102 url2 = "https://127.0.0.1:"+ port2 + "/a/c/d/e/foo.html"; 103 url3 = "http://127.0.0.1:"+ port1 + "/a/b/c"; 104 url4 = "https://127.0.0.1:"+ port2 + "/a/b/c"; 105 106 test(url1, "GET", "X-Foo", yes); 107 test(url2, "POST", "X-Zxc", no); 108 test(url3, "DELETE", "Y-Foo", no); 109 test(url4, "POST", "Y-Foo", yes); 110 break; 111 } 112 shutdown(); 113 if (failed) { 114 throw new RuntimeException("Test failed"); 115 } 116 } 117 test( String u, String method, String header, boolean exceptionExpected )118 public static void test ( 119 String u, String method, 120 String header, boolean exceptionExpected 121 ) 122 throws Exception 123 { 124 test(u, method, header, null, exceptionExpected); 125 } 126 test( String u, String method, String header1, String header2, boolean exceptionExpected )127 public static void test ( 128 String u, String method, 129 String header1, String header2, boolean exceptionExpected 130 ) 131 throws Exception 132 { 133 URL url = new URL(u); 134 System.out.println ("url=" + u + " method="+method + " header1="+header1 135 +" header2 = " + header2 136 +" exceptionExpected="+exceptionExpected); 137 HttpURLConnection urlc = (HttpURLConnection)url.openConnection(); 138 if (urlc instanceof HttpsURLConnection) { 139 HttpsURLConnection ssl = (HttpsURLConnection)urlc; 140 ssl.setHostnameVerifier(new HostnameVerifier() { 141 public boolean verify(String host, SSLSession sess) { 142 return true; 143 } 144 }); 145 ssl.setSSLSocketFactory (ctx.getSocketFactory()); 146 } 147 urlc.setRequestMethod(method); 148 if (header1 != null) { 149 urlc.addRequestProperty(header1, "foo"); 150 } 151 if (header2 != null) { 152 urlc.addRequestProperty(header2, "bar"); 153 } 154 try { 155 int g = urlc.getResponseCode(); 156 if (exceptionExpected) { 157 failed = true; 158 System.out.println ("FAIL"); 159 return; 160 } 161 if (g != 200) { 162 String s = Integer.toString(g); 163 throw new RuntimeException("unexpected response "+ s); 164 } 165 InputStream is = urlc.getInputStream(); 166 int c,count=0; 167 byte[] buf = new byte[1024]; 168 while ((c=is.read(buf)) != -1) { 169 count += c; 170 } 171 is.close(); 172 } catch (RuntimeException e) { 173 if (! (e instanceof SecurityException) && 174 !(e.getCause() instanceof SecurityException) || 175 !exceptionExpected) 176 { 177 System.out.println ("FAIL"); 178 //e.printStackTrace(); 179 failed = true; 180 } 181 } 182 System.out.println ("OK"); 183 } 184 185 static HttpServer httpServer; 186 static HttpsServer httpsServer; 187 static HttpContext c, cs; 188 static ExecutorService e, es; 189 static SSLContext ctx; 190 191 // These ports need to be hard-coded until we support port number 192 // ranges in the permission class 193 194 static final int PORT1 = 12567; 195 static final int PORT2 = 12568; 196 createServers()197 static void createServers() throws Exception { 198 InetSocketAddress addr1 = new InetSocketAddress (PORT1); 199 InetSocketAddress addr2 = new InetSocketAddress (PORT2); 200 httpServer = HttpServer.create (addr1, 0); 201 httpsServer = HttpsServer.create (addr2, 0); 202 203 MyHandler h = new MyHandler(); 204 205 c = httpServer.createContext ("/", h); 206 cs = httpsServer.createContext ("/", h); 207 e = Executors.newCachedThreadPool(); 208 es = Executors.newCachedThreadPool(); 209 httpServer.setExecutor (e); 210 httpsServer.setExecutor (es); 211 212 // take the keystore from elsewhere in test hierarchy 213 String keysdir = System.getProperty("test.src") 214 + "/../../../com/sun/net/httpserver/"; 215 ctx = new SimpleSSLContext(keysdir).get(); 216 httpsServer.setHttpsConfigurator(new HttpsConfigurator (ctx)); 217 218 httpServer.start(); 219 httpsServer.start(); 220 } 221 shutdown()222 static void shutdown() { 223 httpServer.stop(1); 224 httpsServer.stop(1); 225 e.shutdown(); 226 es.shutdown(); 227 } 228 229 static class MyHandler implements HttpHandler { 230 MyHandler()231 MyHandler() { 232 } 233 handle(HttpExchange x)234 public void handle(HttpExchange x) throws IOException { 235 x.sendResponseHeaders(200, -1); 236 x.close(); 237 } 238 } 239 240 } 241