java.security.SecurityPermission Java Examples

/**
 * Returns a policy containing all the permissions we ever need.
 */
public static Policy permissivePolicy() {
    return new AdjustablePolicy
        // Permissions j.u.c. needs directly
        (new RuntimePermission("modifyThread"),
         new RuntimePermission("getClassLoader"),
         new RuntimePermission("setContextClassLoader"),
         // Permissions needed to change permissions!
         new SecurityPermission("getPolicy"),
         new SecurityPermission("setPolicy"),
         new RuntimePermission("setSecurityManager"),
         // Permissions needed by the junit test harness
         new RuntimePermission("accessDeclaredMembers"),
         new PropertyPermission("*", "read"),
         new java.io.FilePermission("<<ALL FILES>>", "read"));
}
 

/**
 * Returns a policy containing all the permissions we ever need.
 */
public static Policy permissivePolicy() {
    return new AdjustablePolicy
        // Permissions j.u.c. needs directly
        (new RuntimePermission("modifyThread"),
         new RuntimePermission("getClassLoader"),
         new RuntimePermission("setContextClassLoader"),
         // Permissions needed to change permissions!
         new SecurityPermission("getPolicy"),
         new SecurityPermission("setPolicy"),
         new RuntimePermission("setSecurityManager"),
         // Permissions needed by the junit test harness
         new RuntimePermission("accessDeclaredMembers"),
         new PropertyPermission("*", "read"),
         new java.io.FilePermission("<<ALL FILES>>", "read"));
}
 

public void setBasicPermissions() {
    permissions.add(new SecurityPermission("getPolicy"));
    permissions.add(new SecurityPermission("setPolicy"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("setSecurityManager"));
    permissions.add(new RuntimePermission("createSecurityManager"));
    permissions.add(new PropertyPermission("testng.show.stack.frames",
            "read"));
    permissions.add(new PropertyPermission("user.dir", "read"));
    permissions.add(new PropertyPermission("test.src", "read"));
    permissions.add(new PropertyPermission("file.separator", "read"));
    permissions.add(new PropertyPermission("line.separator", "read"));
    permissions.add(new PropertyPermission("fileStringBuffer", "read"));
    permissions.add(new PropertyPermission("dataproviderthreadcount", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>", "execute"));
}
 

/**
 * Returns a policy containing all the permissions we ever need.
 */
public static Policy permissivePolicy() {
    return new AdjustablePolicy
        // Permissions j.u.c. needs directly
        (new RuntimePermission("modifyThread"),
         new RuntimePermission("getClassLoader"),
         new RuntimePermission("setContextClassLoader"),
         // Permissions needed to change permissions!
         new SecurityPermission("getPolicy"),
         new SecurityPermission("setPolicy"),
         new RuntimePermission("setSecurityManager"),
         // Permissions needed by the junit test harness
         new RuntimePermission("accessDeclaredMembers"),
         new PropertyPermission("*", "read"),
         new java.io.FilePermission("<<ALL FILES>>", "read"));
}
 

/**
 * Returns a policy containing all the permissions we ever need.
 */
public static Policy permissivePolicy() {
    return new AdjustablePolicy
        // Permissions j.u.c. needs directly
        (new RuntimePermission("modifyThread"),
         new RuntimePermission("getClassLoader"),
         new RuntimePermission("setContextClassLoader"),
         // Permissions needed to change permissions!
         new SecurityPermission("getPolicy"),
         new SecurityPermission("setPolicy"),
         new RuntimePermission("setSecurityManager"),
         // Permissions needed by the junit test harness
         new RuntimePermission("accessDeclaredMembers"),
         new PropertyPermission("*", "read"),
         new java.io.FilePermission("<<ALL FILES>>", "read"));
}
 

/**
     * Returns a policy containing all the permissions we ever need.
     */
    public static Policy permissivePolicy() {
        return new AdjustablePolicy
            // Permissions j.u.c. needs directly
            (new RuntimePermission("modifyThread"),
             new RuntimePermission("getClassLoader"),
             new RuntimePermission("setContextClassLoader"),
//             new RuntimePermission("modifyThreadGroup"),
//             new RuntimePermission("enableContextClassLoaderOverride"),
             // Permissions needed to change permissions!
             new SecurityPermission("getPolicy"),
             new SecurityPermission("setPolicy"),
             new RuntimePermission("setSecurityManager"),
             // Permissions needed by the junit test harness
             new RuntimePermission("accessDeclaredMembers"),
             new PropertyPermission("*", "read"),
             new java.io.FilePermission("<<ALL FILES>>", "read"));
    }
 

/** Returns a policy containing all the permissions we ever need. */
public static Policy permissivePolicy() {
  return new AdjustablePolicy
  // Permissions j.u.c. needs directly
  (
      new RuntimePermission("modifyThread"),
      new RuntimePermission("getClassLoader"),
      new RuntimePermission("setContextClassLoader"),
      // Permissions needed to change permissions!
      new SecurityPermission("getPolicy"),
      new SecurityPermission("setPolicy"),
      new RuntimePermission("setSecurityManager"),
      // Permissions needed by the junit test harness
      new RuntimePermission("accessDeclaredMembers"),
      new PropertyPermission("*", "read"),
      new java.io.FilePermission("<<ALL FILES>>", "read"));
}
 

/** 
 * Runs a code part with restricted permissions (be sure to add all required permissions,
 * because it would start with empty permissions). You cannot grant more permissions than
 * our policy file allows, but you may restrict writing to several dirs...
 * <p><em>Note:</em> This assumes a {@link SecurityManager} enabled, otherwise it
 * stops test execution. If enabled, it needs the following {@link SecurityPermission}:
 * {@code "createAccessControlContext"}
 */
public static <T> T runWithRestrictedPermissions(PrivilegedExceptionAction<T> action, Permission... permissions) throws Exception {
  assumeTrue("runWithRestrictedPermissions requires a SecurityManager enabled", System.getSecurityManager() != null);
  // be sure to have required permission, otherwise doPrivileged runs with *no* permissions:
  AccessController.checkPermission(new SecurityPermission("createAccessControlContext"));
  final PermissionCollection perms = new Permissions();
  Arrays.stream(permissions).forEach(perms::add);
  final AccessControlContext ctx = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, perms) });
  try {
    return AccessController.doPrivileged(action, ctx);
  } catch (PrivilegedActionException e) {
    throw e.getException();
  }
}
 

NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 

NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 

/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName(), entries);

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}
 

private void setMinimalPermissions() {
    permissions.add(new SecurityPermission("getPolicy"));
    permissions.add(new SecurityPermission("setPolicy"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("setSecurityManager"));
    permissions.add(new RuntimePermission("createSecurityManager"));
    permissions.add(new PropertyPermission("testng.show.stack.frames",
            "read"));
    permissions.add(new PropertyPermission("line.separator", "read"));
    permissions.add(new PropertyPermission("fileStringBuffer", "read"));
    permissions.add(new PropertyPermission("dataproviderthreadcount", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>",
            "read, write, delete"));
}
 

NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 

/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName());

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}
 

private void setMinimalPermissions() {
    permissions.add(new SecurityPermission("getPolicy"));
    permissions.add(new SecurityPermission("setPolicy"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("setSecurityManager"));
    permissions.add(new RuntimePermission("createSecurityManager"));
    permissions.add(new PropertyPermission("testng.show.stack.frames",
            "read"));
    permissions.add(new PropertyPermission("line.separator", "read"));
    permissions.add(new PropertyPermission("fileStringBuffer", "read"));
    permissions.add(new PropertyPermission("dataproviderthreadcount", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>",
            "read, write, delete"));
}
 

NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 

/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName());

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}
 

/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName(), entries);

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}
 

NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 

/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
        throws IOException, NoSuchAlgorithmException, CertificateException {
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName());

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }

    if (debug != null) {
        debug.println("MSCAPI keystore load: entry count: " +
                entries.size());
    }
}
 

NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 

private void setMinimalPermissions() {
    permissions.add(new SecurityPermission("getPolicy"));
    permissions.add(new SecurityPermission("setPolicy"));
    permissions.add(new RuntimePermission("getClassLoader"));
    permissions.add(new RuntimePermission("setSecurityManager"));
    permissions.add(new RuntimePermission("createSecurityManager"));
    permissions.add(new PropertyPermission("testng.show.stack.frames",
            "read"));
    permissions.add(new PropertyPermission("line.separator", "read"));
    permissions.add(new PropertyPermission("fileStringBuffer", "read"));
    permissions.add(new PropertyPermission("dataproviderthreadcount", "read"));
    permissions.add(new PropertyPermission("java.io.tmpdir", "read"));
    permissions.add(new FilePermission("<<ALL FILES>>",
            "read, write, delete"));
}
 

/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName(), entries);

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}
 

NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 

/** {@inheritDoc} */
@Override protected void beforeTestsStarted() throws Exception {
    if (System.getSecurityManager() == null) {
        Policy.setPolicy(new Policy() {
            @Override public PermissionCollection getPermissions(CodeSource cs) {
                Permissions res = new Permissions();

                res.add(new RuntimePermission("*"));
                res.add(new MBeanServerPermission("*"));
                res.add(new MBeanPermission("*", "*"));
                res.add(new MBeanTrustPermission("*"));
                res.add(new ReflectPermission("*"));
                res.add(new SSLPermission("*"));
                res.add(new ManagementPermission("monitor"));
                res.add(new ManagementPermission("control"));
                res.add(new SerializablePermission("*"));
                res.add(new SecurityPermission("*"));
                res.add(new SocketPermission("*", "connect,accept,listen,resolve"));
                res.add(new FilePermission("<<ALL FILES>>", "read,write,delete,execute,readlink"));
                res.add(new PropertyPermission("*", "read,write"));

                res.add(new TestPermission("common"));

                return res;
            }
        });

        System.setSecurityManager(new SecurityManager());

        setupSM = true;
    }
}
 

/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName(), entries);

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}
 

NewInstancePolicy(boolean grant) {
    this.grant = grant;
    permissions.add(new SecurityPermission("getPolicy"));
    if (grant) {
        permissions.add(new RuntimePermission("getClassLoader"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "p"));
        permissions.add(new ReflectPermission(NEW_PROXY_IN_PKG + "java.util.zip"));
    }
}
 

/**
 * Test that a warning is logged if the DNS lifetime cannot be checked because of security
 * permissions.
 *
 * @throws Exception
 */
@Test
public void dnsWarningPermissionDenied(@Mocked final SecurityManager mockSecurityManager)
        throws Exception {

    // Record the mock expectations
    new Expectations() {
        {
            mockSecurityManager.checkPermission(new SecurityPermission("getProperty" +
                    ".networkaddress.cache.ttl"));
            result = new SecurityException("Test exception to deny property access.");
            times = 1;
        }
    };
    logger = setupLogger(ClientBuilder.class, Level.WARNING);
    try {
        System.setSecurityManager(mockSecurityManager);
        CloudantClientHelper.getClientBuilder().build();
    } finally {
        // Unset the mock security manager
        System.setSecurityManager(null);
    }
    // Assert a warning was received
    assertEquals(1, handler.logEntries.size(), "There should be 1 log entry");
    // Assert that it matches the expected pattern
    assertLogMessage("Permission denied to check Java DNS cache TTL\\. .*", 0);
}
 

/**
 * Test that a warning is logged if a security manager is in use and the DNS cache lifetime
 * property is unset.
 *
 * @throws Exception
 */
@Test
public void dnsWarningDefaultWithSecurityManager(@Mocked final SecurityManager
                                                         mockSecurityManager) throws Exception {
    // Record the mock expectations
    new Expectations() {
        {
            mockSecurityManager.checkPermission(new SecurityPermission("getProperty" +
                    ".networkaddress.cache.ttl"));
            minTimes = 2; // Once to set, once to get, and once to reset
            maxTimes = 3; // Possible third call to reset the value, depending on test ordering
        }
    };
    try {
        System.setSecurityManager(mockSecurityManager);
        // We can't set null as a value and there are no APIs for clearing a value. Another test
        // may already have changed the value so we just set it to something invalid "a" to get
        // a default value.
        basicDnsLogTest("a");
    } finally {
        // Unset the mock security manager
        System.setSecurityManager(null);
    }
    // Assert a warning was received
    assertEquals(1, handler.logEntries.size(), "There should be 1 log entry");
    // Assert that it matches the expected pattern
    assertLogMessage("DNS cache lifetime may be too long\\. .*", 0);
}
 

/**
 * Loads the keystore.
 *
 * A compatibility mode is supported for applications that assume
 * keystores are stream-based. It permits (but ignores) a non-null
 * <code>stream</code> or <code>password</code>.
 * The mode is enabled by default.
 * Set the
 * <code>sun.security.mscapi.keyStoreCompatibilityMode</code>
 * system property to <code>false</code> to disable compatibility mode
 * and reject a non-null <code>stream</code> or <code>password</code>.
 *
 * @param stream the input stream, which should be <code>null</code>.
 * @param password the password, which should be <code>null</code>.
 *
 * @exception IOException if there is an I/O or format problem with the
 * keystore data. Or if compatibility mode is disabled and either
 * parameter is non-null.
 * @exception NoSuchAlgorithmException if the algorithm used to check
 * the integrity of the keystore cannot be found
 * @exception CertificateException if any of the certificates in the
 * keystore could not be loaded
 * @exception SecurityException if the security check for
 *  <code>SecurityPermission("authProvider.<i>name</i>")</code> does not
 *  pass, where <i>name</i> is the value returned by
 *  this provider's <code>getName</code> method.
 */
public void engineLoad(InputStream stream, char[] password)
    throws IOException, NoSuchAlgorithmException, CertificateException
{
    if (stream != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore input stream must be null");
    }

    if (password != null && !keyStoreCompatibilityMode) {
        throw new IOException("Keystore password must be null");
    }

    /*
     * Use the same security check as AuthProvider.login
     */
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
        sm.checkPermission(new SecurityPermission(
            "authProvider.SunMSCAPI"));
    }

    // Clear all key entries
    entries.clear();

    try {

        // Load keys and/or certificate chains
        loadKeysOrCertificateChains(getName());

    } catch (KeyStoreException e) {
        throw new IOException(e);
    }
}