Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

8319673: Few security tests ignore VM flags #830

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
+36 −37
Draft

8319673: Few security tests ignore VM flags #830

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 6 additions & 18 deletions test/jdk/com/sun/crypto/provider/KeyProtector/IterationCount.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,6 @@

public class IterationCount {
private static final String clientStr = "CLIENT";
private static final String javaBinPath =
System.getProperty("java.home", ".") + File.separator + "bin" +
File.separator + "java";

public static void main(String[] args) throws Throwable {
if (args[0].equals("HOST")) {
Expand All @@ -78,22 +75,14 @@ public static void main(String[] args) throws Throwable {
System.out.println("TEST PASS - OK");
}

private static List<String> getBasicCommand() {
List<String> cmd = new ArrayList<>();
cmd.add(javaBinPath);
cmd.add("-cp");
cmd.add(System.getProperty("test.classes", "."));
return cmd;
}

private static void executeCommand(List<String> cmd, String expectedCount)
throws Throwable {
cmd.add("--add-opens=java.base/com.sun.crypto.provider=ALL-UNNAMED");
cmd.add(IterationCount.class.getName());
cmd.add(clientStr);
cmd.add(expectedCount);
OutputAnalyzer out = ProcessTools.executeCommand(
cmd.toArray(new String[cmd.size()]));
ProcessBuilder pb = ProcessTools.createTestJavaProcessBuilder(cmd);
OutputAnalyzer out = ProcessTools.executeCommand(pb);
out.shouldHaveExitValue(0);
}

Expand All @@ -102,7 +91,7 @@ private static void testSystem(String expectedCount, String setValue)
System.out.println("Test setting " +
(setValue != null ? setValue : "nothing") +
" as a System property");
List<String> cmd = getBasicCommand();
List<String> cmd = new ArrayList<>();
if (setValue != null) {
cmd.add("-Djdk.jceks.iterationCount=" + setValue);
}
Expand All @@ -112,7 +101,7 @@ private static void testSystem(String expectedCount, String setValue)

private static void testSecurity(String expectedCount, String setValue)
throws Throwable {
testSecurity(expectedCount, setValue, getBasicCommand());
testSecurity(expectedCount, setValue, new ArrayList<>());
}

private static void testSecurity(String expectedCount, String setValue,
Expand Down Expand Up @@ -140,15 +129,14 @@ private static void testSystemOverridesSecurity() throws Throwable {
" the Security one");
String systemValue = Integer.toString(30000);
System.out.println("System value: " + systemValue);
List<String> cmd = getBasicCommand();
List<String> cmd = new ArrayList<>();
cmd.add("-Djdk.jceks.iterationCount=" + systemValue);
testSecurity(systemValue, Integer.toString(40000), cmd);
}

private static void writeJavaSecurityProp(String javaSecurityPath,
String setValue) throws IOException {
try (FileOutputStream fos = new FileOutputStream(
new File(javaSecurityPath))) {
try (FileOutputStream fos = new FileOutputStream(javaSecurityPath)) {
fos.write(("jdk.jceks.iterationCount=" + setValue).getBytes());
}
}
Expand Down
45 changes: 28 additions & 17 deletions test/jdk/java/security/Security/ConfigFileTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2022, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2022, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand All @@ -21,6 +21,7 @@
* questions.
*/

import jdk.test.lib.Utils;
import jdk.test.lib.process.OutputAnalyzer;
import jdk.test.lib.process.ProcessTools;

Expand All @@ -30,7 +31,9 @@

import java.security.Provider;
import java.security.Security;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Optional;

/*
Expand All @@ -50,6 +53,9 @@ public class ConfigFileTest {

private static boolean overrideDetected = false;

private static Path COPY_JDK_DIR = Path.of("./jdk-8155246-tmpdir");
private static Path COPIED_JAVA = COPY_JDK_DIR.resolve("bin", "java");

public static void main(String[] args) throws Exception {
Path copyJdkDir = Path.of("./jdk-8155246-tmpdir");
Path copiedJava = Optional.of(
Expand All @@ -72,55 +78,61 @@ public static void main(String[] args) throws Exception {
String extraPropsFile = Path.of(System.getProperty("test.src"), "override.props").toString();

// sanity test -XshowSettings:security option
exerciseShowSettingsSecurity(copiedJava.toString(), "-cp", System.getProperty("test.classes"),
"-Djava.security.debug=all", "-XshowSettings:security", "ConfigFileTest", "runner");
exerciseShowSettingsSecurity(buildCommand("-cp", System.getProperty("test.classes"),
"-Djava.security.debug=all", "-XshowSettings:security", "ConfigFileTest", "runner"));

// exercise some debug flags while we're here
// regular JDK install - should expect success
exerciseSecurity(0, "java",
copiedJava.toString(), "-cp", System.getProperty("test.classes"),
"-Djava.security.debug=all", "-Djavax.net.debug=all", "ConfigFileTest", "runner");
buildCommand("-cp", System.getProperty("test.classes"),
"-Djava.security.debug=all", "-Djavax.net.debug=all", "ConfigFileTest", "runner"));

// given an overriding security conf file that doesn't exist, we shouldn't
// overwrite the properties from original/master security conf file
exerciseSecurity(0, "SUN version",
copiedJava.toString(), "-cp", System.getProperty("test.classes"),
buildCommand("-cp", System.getProperty("test.classes"),
"-Djava.security.debug=all", "-Djavax.net.debug=all",
"-Djava.security.properties==file:///" + extraPropsFile + "badFileName",
"ConfigFileTest", "runner");
"ConfigFileTest", "runner"));

// test JDK launch with customized properties file
exerciseSecurity(0, "NumProviders: 6",
copiedJava.toString(), "-cp", System.getProperty("test.classes"),
buildCommand("-cp", System.getProperty("test.classes"),
"-Djava.security.debug=all", "-Djavax.net.debug=all",
"-Djava.security.properties==file:///" + extraPropsFile,
"ConfigFileTest", "runner");
"ConfigFileTest", "runner"));

// delete the master conf file
Files.delete(Path.of(copyJdkDir.toString(), "conf",
"security","java.security"));

// launch JDK without java.security file being present or specified
exerciseSecurity(1, "Error loading java.security file",
copiedJava.toString(), "-cp", System.getProperty("test.classes"),
buildCommand("-cp", System.getProperty("test.classes"),
"-Djava.security.debug=all", "-Djavax.net.debug=all",
"ConfigFileTest", "runner");
"ConfigFileTest", "runner"));

// test the override functionality also. Should not be allowed since
// "security.overridePropertiesFile=true" Security property is missing.
exerciseSecurity(1, "Error loading java.security file",
copiedJava.toString(), "-cp", System.getProperty("test.classes"),
buildCommand("-cp", System.getProperty("test.classes"),
"-Djava.security.debug=all", "-Djavax.net.debug=all",
"-Djava.security.properties==file:///" + extraPropsFile, "ConfigFileTest", "runner");
"-Djava.security.properties==file:///" + extraPropsFile, "ConfigFileTest", "runner"));

if (!overrideDetected) {
throw new RuntimeException("Override scenario not seen");
}
}
}

private static void exerciseSecurity(int exitCode, String output, String... args) throws Exception {
ProcessBuilder process = new ProcessBuilder(args);
private static ProcessBuilder buildCommand(String... command) {
ArrayList<String> args = new ArrayList<>();
args.add(COPIED_JAVA.toString());
Collections.addAll(args, Utils.prependTestJavaOpts(command));
return new ProcessBuilder(args);
}

private static void exerciseSecurity(int exitCode, String output, ProcessBuilder process) throws Exception {
OutputAnalyzer oa = ProcessTools.executeProcess(process);
oa.shouldHaveExitValue(exitCode)
.shouldContain(output);
Expand All @@ -141,8 +153,7 @@ private static void exerciseSecurity(int exitCode, String output, String... args
}

// exercise the -XshowSettings:security launcher
private static void exerciseShowSettingsSecurity(String... args) throws Exception {
ProcessBuilder process = new ProcessBuilder(args);
private static void exerciseShowSettingsSecurity(ProcessBuilder process) throws Exception {
OutputAnalyzer oa = ProcessTools.executeProcess(process);
oa.shouldHaveExitValue(0)
.shouldContain("Security properties:")
Expand Down
4 changes: 2 additions & 2 deletions test/jdk/sun/security/provider/KeyStore/DKSTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -80,7 +80,7 @@ public class DKSTest {
public static void main(String[] args) throws Exception {
if (args.length == 0) {
// Environment variable and system properties referred in domains.cfg used by this Test.
ProcessBuilder pb = ProcessTools.createLimitedTestJavaProcessBuilder(List.of(
ProcessBuilder pb = ProcessTools.createTestJavaProcessBuilder(List.of(
"-Dtest.src=" + TEST_SRC , "-Duser.dir=" + USER_DIR, "DKSTest", "run"));
pb.environment().putAll(System.getenv());
pb.environment().put("KEYSTORE_PWD", "test12");
Expand Down