8154113: java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
Summary: Granted security permission "authProvider.SunMSCAPI" to SunMSCAPI provider
Reviewed-by: mullan
--- a/jdk/src/java.base/windows/lib/security/default.policy Fri Aug 12 00:39:34 2016 +0000
+++ b/jdk/src/java.base/windows/lib/security/default.policy Fri Aug 12 00:47:06 2016 +0000
@@ -11,5 +11,6 @@
"clearProviderProperties.SunMSCAPI";
permission java.security.SecurityPermission
"removeProviderProperty.SunMSCAPI";
+ permission java.security.SecurityPermission "authProvider.SunMSCAPI";
permission java.util.PropertyPermission "*", "read";
};
--- a/jdk/test/sun/security/mscapi/AccessKeyStore.java Fri Aug 12 00:39:34 2016 +0000
+++ b/jdk/test/sun/security/mscapi/AccessKeyStore.java Fri Aug 12 00:47:06 2016 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,12 @@
*/
/**
- * @see AccessKeyStore.sh
+ * @test
+ * @bug 6324295 6931562 8154113
+ * @modules jdk.crypto.mscapi
+ * @run main/othervm/java.security.policy==access.policy AccessKeyStore pass
+ * @run main/othervm/java.security.policy==noaccess.policy AccessKeyStore fail
+ * @summary Confirm that right permissions are granted to access keystores.
*/
import java.security.Provider;
@@ -36,13 +41,16 @@
public static void main(String[] args) throws Exception {
- // Check that a security manager has been installed
+ // Check for security manager and required arg(s)
if (System.getSecurityManager() == null) {
- throw new Exception("A security manager has not been installed");
+ throw new Exception("Missing security manager");
}
+ if (args.length <= 0) {
+ throw new Exception("Missing expected test status");
+ }
+ boolean shouldPass = args[0].equalsIgnoreCase("pass");
Provider p = Security.getProvider("SunMSCAPI");
-
System.out.println("SunMSCAPI provider classname is " +
p.getClass().getName());
@@ -56,18 +64,14 @@
* SecurityPermission("authProvider.SunMSCAPI")
*/
try {
-
keyStore.load(null, null);
-
- if (args.length > 0 && "-deny".equals(args[0])) {
+ if (!shouldPass) {
throw new Exception(
"Expected KeyStore.load to throw a SecurityException");
}
-
} catch (SecurityException se) {
-
- if (args.length > 0 && "-deny".equals(args[0])) {
- System.out.println("Caught the expected exception: " + se);
+ if (!shouldPass) {
+ System.out.println("Expected exception thrown: " + se);
return;
} else {
throw se;
--- a/jdk/test/sun/security/mscapi/AccessKeyStore.sh Fri Aug 12 00:39:34 2016 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-#
-# Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-
-# @test
-# @bug 6324295 6931562
-# @requires os.family == "windows"
-# @run shell AccessKeyStore.sh
-# @summary Confirm that permission must be granted to access keystores.
-
-OS=`uname -s`
-case "$OS" in
- Windows* | CYGWIN* )
-
- # 'uname -m' does not give us enough information -
- # should rely on $PROCESSOR_IDENTIFIER (as is done in Defs-windows.gmk),
- # but JTREG does not pass this env variable when executing a shell script.
- #
- # execute test program - rely on it to exit if platform unsupported
-
- ${TESTJAVA}/bin/javac -d . ${TESTSRC}\\AccessKeyStore.java
-
- echo "Using access.policy..."
- ${TESTJAVA}/bin/java ${TESTVMOPTS} \
- -Djava.security.manager \
- -Djava.security.policy==${TESTSRC}\\access.policy \
- AccessKeyStore
-
- echo "Using noaccess.policy..."
- ${TESTJAVA}/bin/java ${TESTVMOPTS} \
- -Djava.security.manager \
- -Djava.security.policy==${TESTSRC}\\noaccess.policy \
- AccessKeyStore -deny
-
- exit
- ;;
-
- * )
- echo "This test is not intended for '$OS' - passing test"
- exit 0
- ;;
-esac
-
--- a/jdk/test/sun/security/mscapi/access.policy Fri Aug 12 00:39:34 2016 +0000
+++ b/jdk/test/sun/security/mscapi/access.policy Fri Aug 12 00:47:06 2016 +0000
@@ -1,19 +1,4 @@
grant {
- // These permissions are required for the test to start
- permission java.lang.RuntimePermission
- "accessClassInPackage.sun.*";
-
- permission java.lang.RuntimePermission "loadLibrary.*";
-
- permission java.util.PropertyPermission "os.arch", "read";
-
- permission java.util.PropertyPermission
- "sun.security.mscapi.keyStoreCompatibilityMode", "read";
-
- permission java.io.FilePermission "<<ALL FILES>>", "read";
-
- permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
-
// This permission is required for the test to run to completion
permission java.security.SecurityPermission "authProvider.SunMSCAPI";
};
--- a/jdk/test/sun/security/mscapi/noaccess.policy Fri Aug 12 00:39:34 2016 +0000
+++ b/jdk/test/sun/security/mscapi/noaccess.policy Fri Aug 12 00:47:06 2016 +0000
@@ -1,19 +1,4 @@
grant {
- // These permissions are required for the test to start
- permission java.lang.RuntimePermission
- "accessClassInPackage.sun.*";
-
- permission java.lang.RuntimePermission "loadLibrary.*";
-
- permission java.util.PropertyPermission "os.arch", "read";
-
- permission java.util.PropertyPermission
- "sun.security.mscapi.keyStoreCompatibilityMode", "read";
-
- permission java.io.FilePermission "<<ALL FILES>>", "read";
-
- permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
-
// This permission is required for the test to run to completion
//permission java.security.SecurityPermission "authProvider.SunMSCAPI";
};