/*

 * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

/*

 * @test

 * @bug 8087112

 * @modules jdk.incubator.httpclient

 *          java.logging

 *          jdk.httpserver

 * @library /lib/testlibrary/

 * @build jdk.testlibrary.SimpleSSLContext

 * @compile ../../../../com/sun/net/httpserver/LogFilter.java

 * @compile ../../../../com/sun/net/httpserver/FileServerHandler.java

 * @compile ../ProxyServer.java

 *

 * @run main/othervm/secure=java.lang.SecurityManager/policy=0.policy Security 0

 * @run main/othervm/secure=java.lang.SecurityManager/policy=2.policy Security 2

 * @run main/othervm/secure=java.lang.SecurityManager/policy=3.policy Security 3

 * @run main/othervm/secure=java.lang.SecurityManager/policy=4.policy Security 4

 * @run main/othervm/secure=java.lang.SecurityManager/policy=5.policy Security 5

 * @run main/othervm/secure=java.lang.SecurityManager/policy=6.policy Security 6

 * @run main/othervm/secure=java.lang.SecurityManager/policy=7.policy Security 7

 * @run main/othervm/secure=java.lang.SecurityManager/policy=8.policy Security 8

 * @run main/othervm/secure=java.lang.SecurityManager/policy=9.policy Security 9

 * @run main/othervm/secure=java.lang.SecurityManager/policy=0.policy Security 13

 * @run main/othervm/secure=java.lang.SecurityManager/policy=14.policy Security 14

 * @run main/othervm/secure=java.lang.SecurityManager/policy=15.policy -Djava.security.debug=access:domain,failure Security 15

 */

// Tests 1, 10, 11 and 12 executed from Driver

import com.sun.net.httpserver.Headers;

import com.sun.net.httpserver.HttpContext;

import com.sun.net.httpserver.HttpExchange;

import com.sun.net.httpserver.HttpHandler;

import com.sun.net.httpserver.HttpServer;

import com.sun.net.httpserver.HttpsServer;

import java.io.IOException;

import java.io.InputStream;

import java.io.File;

import java.io.OutputStream;

import java.lang.reflect.Constructor;

import java.net.BindException;

import java.net.InetSocketAddress;

import java.net.ProxySelector;

import java.net.URI;

import java.net.URLClassLoader;

import java.net.URL;

import jdk.incubator.http.HttpHeaders;

import jdk.incubator.http.HttpClient;

import jdk.incubator.http.HttpRequest;

import jdk.incubator.http.HttpResponse;

import java.nio.charset.StandardCharsets;

import java.nio.file.Files;

import java.nio.file.Path;

import java.nio.ByteBuffer;

import java.nio.file.Paths;

import java.nio.file.StandardCopyOption;

import java.util.LinkedList;

import java.util.List;

import java.util.concurrent.CompletableFuture;

import java.util.concurrent.CompletionException;

import java.util.concurrent.CompletionStage;

import java.util.concurrent.ExecutionException;

import java.util.concurrent.Executors;

import java.util.concurrent.ExecutorService;

import java.util.concurrent.Flow;

import java.util.logging.ConsoleHandler;

import java.util.logging.Level;

import java.util.logging.Logger;

import java.lang.reflect.InvocationTargetException;

import static jdk.incubator.http.HttpResponse.BodyHandler.asString;

/**

 * Security checks test

 */

public class Security {

    static HttpServer s1 = null;

    static ExecutorService executor=null;

    static int port, proxyPort;

    static HttpClient client;

    static String httproot, fileuri, fileroot, redirectroot;

    static List<HttpClient> clients = new LinkedList<>();

    static URI uri;

    interface Test {

        void execute() throws IOException, InterruptedException;

    }

    static class TestAndResult {

        Test test;

        boolean result;

        TestAndResult (Test t, boolean result) {

            this.test = t;

            this.result = result;

        }

    }

    static TestAndResult test(boolean result, Test t) {

        return new TestAndResult(t, result);

    }

    static TestAndResult[] tests;

    static String testclasses;

    static File subdir;

    /**

     * The ProxyServer class is compiled by jtreg, but we want to

     * move it so it is not on the application claspath. We want to

     * load it through a separate classloader so that it has a separate

     * protection domain and security permissions.

     *

     * Its permissions are in the second grant block in each policy file

     */

    static void setupProxy() throws IOException, ClassNotFoundException, NoSuchMethodException {

        testclasses = System.getProperty("test.classes");

        subdir = new File (testclasses, "proxydir");

        subdir.mkdir();

        movefile("ProxyServer.class");

        movefile("ProxyServer$Connection.class");

        movefile("ProxyServer$1.class");

        URL url = subdir.toURL();

        System.out.println("URL for class loader = " + url);

        URLClassLoader urlc = new URLClassLoader(new URL[] {url});

        proxyClass = Class.forName("ProxyServer", true, urlc);

        proxyConstructor = proxyClass.getConstructor(Integer.class, Boolean.class);

    }

    static void movefile(String f) throws IOException {

        Path src = Paths.get(testclasses, f);

        Path dest = subdir.toPath().resolve(f);

        if (!dest.toFile().exists()) {

            System.out.printf("moving %s to %s\n", src.toString(), dest.toString());

            Files.move(src, dest,  StandardCopyOption.REPLACE_EXISTING);

        } else if (src.toFile().exists()) {

            System.out.printf("%s exists, deleting %s\n", dest.toString(), src.toString());

            Files.delete(src);

        } else {

            System.out.printf("NOT moving %s to %s\n", src.toString(), dest.toString());

        }

    }

    static Object getProxy(int port, boolean b) throws Throwable {

        try {

            return proxyConstructor.newInstance(port, b);

        } catch (InvocationTargetException e) {

            throw e.getTargetException();

        }

    }

    static Class<?> proxyClass;

    static Constructor<?> proxyConstructor;

    static void setupTests() {

        tests = new TestAndResult[]{

            // (0) policy does not have permission for file. Should fail

            test(false, () -> { // Policy 0

                URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u).GET().build();

                HttpResponse<?> response = client.send(request, asString());

            }),

            // (1) policy has permission for file URL

            test(true, () -> { //Policy 1

                URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u).GET().build();

                HttpResponse<?> response = client.send(request, asString());

            }),

            // (2) policy has permission for all file URLs under /files

            test(true, () -> { // Policy 2

                URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u).GET().build();

                HttpResponse<?> response = client.send(request, asString());

            }),

            // (3) policy has permission for first URL but not redirected URL

            test(false, () -> { // Policy 3

                URI u = URI.create("http://127.0.0.1:" + port + "/redirect/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u).GET().build();

                HttpResponse<?> response = client.send(request, asString());

            }),

            // (4) policy has permission for both first URL and redirected URL

            test(true, () -> { // Policy 4

                URI u = URI.create("http://127.0.0.1:" + port + "/redirect/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u).GET().build();

                HttpResponse<?> response = client.send(request, asString());

            }),

            // (5) policy has permission for redirected but not first URL

            test(false, () -> { // Policy 5

                URI u = URI.create("http://127.0.0.1:" + port + "/redirect/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u).GET().build();

                HttpResponse<?> response = client.send(request, asString());

            }),

            // (6) policy has permission for file URL, but not method

            test(false, () -> { //Policy 6

                URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u).GET().build();

                HttpResponse<?> response = client.send(request, asString());

            }),

            // (7) policy has permission for file URL, method, but not header

            test(false, () -> { //Policy 7

                URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u)

                                                 .header("X-Foo", "bar")

                                                 .GET()

                                                 .build();

                HttpResponse<?> response = client.send(request, asString());

            }),

            // (8) policy has permission for file URL, method and header

            test(true, () -> { //Policy 8

                URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u)

                                                 .header("X-Foo", "bar")

                                                 .GET()

                                                 .build();

                HttpResponse<?> response = client.send(request, asString());

            }),

            // (9) policy has permission for file URL, method and header

            test(true, () -> { //Policy 9

                URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u)

                                                 .headers("X-Foo", "bar", "X-Bar", "foo")

                                                 .GET()

                                                 .build();

                HttpResponse<?> response = client.send(request, asString());

            }),

            // (10) policy has permission for destination URL but not for proxy

            test(false, () -> { //Policy 10

                directProxyTest(proxyPort, true);

            }),

            // (11) policy has permission for both destination URL and proxy

            test(true, () -> { //Policy 11

                directProxyTest(proxyPort, true);

            }),

            // (12) policy has permission for both destination URL and proxy

            test(false, () -> { //Policy 11

                directProxyTest(proxyPort, false);

            }),

            // (13) async version of test 0

            test(false, () -> { // Policy 0

                URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u).GET().build();

                try {

                    HttpResponse<?> response = client.sendAsync(request, asString()).get();

                } catch (ExecutionException e) {

                    if (e.getCause() instanceof SecurityException) {

                        throw (SecurityException)e.getCause();

                    } else {

                        throw new RuntimeException(e);

                    }

                }

            }),

            // (14) async version of test 1

            test(true, () -> { //Policy 1

                URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u).GET().build();

                try {

                    HttpResponse<?> response = client.sendAsync(request, asString()).get();

                } catch (ExecutionException e) {

                    if (e.getCause() instanceof SecurityException) {

                        throw (SecurityException)e.getCause();

                    } else {

                        throw new RuntimeException(e);

                    }

                }

            }),

            // (15) check that user provided unprivileged code running on a worker

            //      thread does not gain ungranted privileges.

            test(false, () -> { //Policy 12

                URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");

                HttpRequest request = HttpRequest.newBuilder(u).GET().build();

                HttpResponse.BodyHandler<String> sth = asString();

                CompletableFuture<HttpResponse<String>> cf =

                    client.sendAsync(request, new HttpResponse.BodyHandler<String>() {

                        @Override

                        public HttpResponse.BodySubscriber<String> apply(int status, HttpHeaders responseHeaders)  {

                            final HttpResponse.BodySubscriber<String> stproc = sth.apply(status, responseHeaders);

                            return new HttpResponse.BodySubscriber<String>() {

                                @Override

                                public CompletionStage<String> getBody() {

                                    return stproc.getBody();

                                }

                                @Override

                                public void onNext(List<ByteBuffer> item) {

                                    SecurityManager sm = System.getSecurityManager();

                                    // should succeed.

                                    sm.checkPermission(new RuntimePermission("foobar"));

                                    // do some mischief here

                                    System.setSecurityManager(null);

                                    System.setSecurityManager(sm);

                                    // problem if we get this far

                                    stproc.onNext(item);

                                }

                                @Override

                                public void onSubscribe(Flow.Subscription subscription) {

                                    stproc.onSubscribe(subscription);

                                }

                                @Override

                                public void onError(Throwable throwable) {

                                    stproc.onError(throwable);

                                }

                                @Override

                                public void onComplete() {

                                    stproc.onComplete();

                                }

                            };

                        }

                    }

                );

                try {

                    cf.join();

                } catch (CompletionException e) {

                    Throwable t = e.getCause();

                    if (t instanceof SecurityException)

                        throw (SecurityException)t;

                    else if ((t instanceof IOException)

                              && (t.getCause() instanceof SecurityException))

                        throw ((SecurityException)t.getCause());

                    else

                        throw new RuntimeException(t);

                }

            })

        };

    }

    private static void directProxyTest(int proxyPort, boolean samePort)

        throws IOException, InterruptedException

    {

        Object proxy = null;

        try {

            proxy = getProxy(proxyPort, true);

        } catch (BindException e) {

            System.out.println("Bind failed");

            throw e;

        } catch (Throwable ee) {

            throw new RuntimeException(ee);

        }

        System.out.println("Proxy port = " + proxyPort);

        if (!samePort)

            proxyPort++;

        InetSocketAddress addr = new InetSocketAddress("127.0.0.1", proxyPort);

        HttpClient cl = HttpClient.newBuilder()

                                    .proxy(ProxySelector.of(addr))

                                    .build();

        clients.add(cl);

        URI u = URI.create("http://127.0.0.1:" + port + "/files/foo.txt");

        HttpRequest request = HttpRequest.newBuilder(u)

                                         .headers("X-Foo", "bar", "X-Bar", "foo")

                                         .build();

        HttpResponse<?> response = cl.send(request, asString());

    }

    static void runtest(Test r, String policy, boolean succeeds) {

        System.out.println("Using policy file: " + policy);

        try {

            r.execute();

            if (!succeeds) {

                System.out.println("FAILED: expected security exception");

                throw new RuntimeException("FAILED: expected security exception\"");

            }

            System.out.println (policy + " succeeded as expected");

        } catch (BindException e) {

            System.exit(10);

        } catch (SecurityException e) {

            if (succeeds) {

                System.out.println("FAILED");

                throw new RuntimeException(e);

            }

            System.out.println (policy + " threw exception as expected");

        } catch (IOException | InterruptedException ee) {

            throw new RuntimeException(ee);

        }

    }

    public static void main(String[] args) throws Exception {

        try {

            initServer();

            setupProxy();

        } catch (BindException e) {

            System.exit(10);

        }

        fileroot = System.getProperty ("test.src")+ "/docs";

        int testnum = Integer.parseInt(args[0]);

        String policy = args[0];

        client = HttpClient.newBuilder()

                           .followRedirects(HttpClient.Redirect.ALWAYS)

                           .build();

        clients.add(client);

        try {

            setupTests();

            TestAndResult tr = tests[testnum];

            runtest(tr.test, policy, tr.result);

        } finally {

            s1.stop(0);

            executor.shutdownNow();

        }

    }

    public static void initServer() throws Exception {

        String portstring = System.getProperty("port.number");

        port = portstring != null ? Integer.parseInt(portstring) : 0;

        portstring = System.getProperty("port.number1");

        proxyPort = portstring != null ? Integer.parseInt(portstring) : 0;

        Logger logger = Logger.getLogger("com.sun.net.httpserver");

        ConsoleHandler ch = new ConsoleHandler();

        logger.setLevel(Level.ALL);

        ch.setLevel(Level.ALL);

        logger.addHandler(ch);

        String root = System.getProperty ("test.src")+ "/docs";

        InetSocketAddress addr = new InetSocketAddress (port);

        s1 = HttpServer.create (addr, 0);

        if (s1 instanceof HttpsServer) {

            throw new RuntimeException ("should not be httpsserver");

        }

        HttpHandler h = new FileServerHandler (root);

        HttpContext c = s1.createContext ("/files", h);

        HttpHandler h1 = new RedirectHandler ("/redirect");

        HttpContext c1 = s1.createContext ("/redirect", h1);

        executor = Executors.newCachedThreadPool();

        s1.setExecutor (executor);

        s1.start();

        if (port == 0)

            port = s1.getAddress().getPort();

        else {

            if (s1.getAddress().getPort() != port)

                throw new RuntimeException("Error wrong port");

            System.out.println("Port was assigned by Driver");

        }

        System.out.println("HTTP server port = " + port);

        httproot = "http://127.0.0.1:" + port + "/files/";

        redirectroot = "http://127.0.0.1:" + port + "/redirect/";

        uri = new URI(httproot);

        fileuri = httproot + "foo.txt";

    }

    static class RedirectHandler implements HttpHandler {

        String root;

        int count = 0;

        RedirectHandler(String root) {

            this.root = root;

        }

        synchronized int count() {

            return count;

        }

        synchronized void increment() {

            count++;

        }

        @Override

        public synchronized void handle(HttpExchange t)

                throws IOException {

            byte[] buf = new byte[2048];

            System.out.println("Server: " + t.getRequestURI());

            try (InputStream is = t.getRequestBody()) {

                while (is.read(buf) != -1) ;

            }

            increment();

            if (count() == 1) {

                Headers map = t.getResponseHeaders();

                String redirect = "/redirect/bar.txt";

                map.add("Location", redirect);

                t.sendResponseHeaders(301, -1);

                t.close();

            } else {

                String response = "Hello world";

                t.sendResponseHeaders(200, response.length());

                OutputStream os = t.getResponseBody();

                os.write(response.getBytes(StandardCharsets.ISO_8859_1));

                t.close();

            }

        }

    }

}