8154113: java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI")
authorvaleriep
Fri, 12 Aug 2016 00:47:06 +0000
changeset 40268 5d2c9cf567a7
parent 40267 5936f75b27c1
child 40269 edab53bd500e
8154113: java.security.AccessControlException: access denied ("java.security.SecurityPermission" "authProvider.SunMSCAPI") Summary: Granted security permission "authProvider.SunMSCAPI" to SunMSCAPI provider Reviewed-by: mullan
jdk/src/java.base/windows/lib/security/default.policy
jdk/test/sun/security/mscapi/AccessKeyStore.java
jdk/test/sun/security/mscapi/AccessKeyStore.sh
jdk/test/sun/security/mscapi/access.policy
jdk/test/sun/security/mscapi/noaccess.policy
--- a/jdk/src/java.base/windows/lib/security/default.policy	Fri Aug 12 00:39:34 2016 +0000
+++ b/jdk/src/java.base/windows/lib/security/default.policy	Fri Aug 12 00:47:06 2016 +0000
@@ -11,5 +11,6 @@
                    "clearProviderProperties.SunMSCAPI";
     permission java.security.SecurityPermission
                    "removeProviderProperty.SunMSCAPI";
+    permission java.security.SecurityPermission "authProvider.SunMSCAPI";
     permission java.util.PropertyPermission "*", "read";
 };
--- a/jdk/test/sun/security/mscapi/AccessKeyStore.java	Fri Aug 12 00:39:34 2016 +0000
+++ b/jdk/test/sun/security/mscapi/AccessKeyStore.java	Fri Aug 12 00:47:06 2016 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -22,7 +22,12 @@
  */
 
 /**
- * @see AccessKeyStore.sh
+ * @test
+ * @bug 6324295 6931562 8154113
+ * @modules jdk.crypto.mscapi
+ * @run main/othervm/java.security.policy==access.policy AccessKeyStore pass
+ * @run main/othervm/java.security.policy==noaccess.policy AccessKeyStore fail
+ * @summary Confirm that right permissions are granted to access keystores.
  */
 
 import java.security.Provider;
@@ -36,13 +41,16 @@
 
     public static void main(String[] args) throws Exception {
 
-        // Check that a security manager has been installed
+        // Check for security manager and required arg(s)
         if (System.getSecurityManager() == null) {
-            throw new Exception("A security manager has not been installed");
+            throw new Exception("Missing security manager");
         }
+        if (args.length <= 0) {
+            throw new Exception("Missing expected test status");
+        }
+        boolean shouldPass = args[0].equalsIgnoreCase("pass");
 
         Provider p = Security.getProvider("SunMSCAPI");
-
         System.out.println("SunMSCAPI provider classname is " +
             p.getClass().getName());
 
@@ -56,18 +64,14 @@
          *     SecurityPermission("authProvider.SunMSCAPI")
          */
         try {
-
             keyStore.load(null, null);
-
-            if (args.length > 0 && "-deny".equals(args[0])) {
+            if (!shouldPass) {
                 throw new Exception(
                     "Expected KeyStore.load to throw a SecurityException");
             }
-
         } catch (SecurityException se) {
-
-            if (args.length > 0 && "-deny".equals(args[0])) {
-                System.out.println("Caught the expected exception: " + se);
+            if (!shouldPass) {
+                System.out.println("Expected exception thrown: " + se);
                 return;
             } else {
                 throw se;
--- a/jdk/test/sun/security/mscapi/AccessKeyStore.sh	Fri Aug 12 00:39:34 2016 +0000
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,65 +0,0 @@
-#!/bin/sh
-
-#
-# Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-
-# @test
-# @bug 6324295 6931562
-# @requires os.family == "windows"
-# @run shell AccessKeyStore.sh
-# @summary Confirm that permission must be granted to access keystores.
-
-OS=`uname -s`
-case "$OS" in
-    Windows* | CYGWIN* )
-
-    # 'uname -m' does not give us enough information -
-    #  should rely on $PROCESSOR_IDENTIFIER (as is done in Defs-windows.gmk),
-    #  but JTREG does not pass this env variable when executing a shell script.
-    #
-    #  execute test program - rely on it to exit if platform unsupported
-
-	${TESTJAVA}/bin/javac -d . ${TESTSRC}\\AccessKeyStore.java
-
-	echo "Using access.policy..."
-	${TESTJAVA}/bin/java ${TESTVMOPTS} \
-	    -Djava.security.manager \
-	    -Djava.security.policy==${TESTSRC}\\access.policy \
-	    AccessKeyStore
-
-	echo "Using noaccess.policy..."
-	${TESTJAVA}/bin/java ${TESTVMOPTS} \
-	    -Djava.security.manager \
-	    -Djava.security.policy==${TESTSRC}\\noaccess.policy \
-	    AccessKeyStore -deny
-
-	exit
-	;;
-
-    * )
-        echo "This test is not intended for '$OS' - passing test"
-        exit 0
-        ;;
-esac
-
--- a/jdk/test/sun/security/mscapi/access.policy	Fri Aug 12 00:39:34 2016 +0000
+++ b/jdk/test/sun/security/mscapi/access.policy	Fri Aug 12 00:47:06 2016 +0000
@@ -1,19 +1,4 @@
 grant {
-    // These permissions are required for the test to start
-    permission java.lang.RuntimePermission 
-			"accessClassInPackage.sun.*";
-
-    permission java.lang.RuntimePermission "loadLibrary.*";
-
-    permission java.util.PropertyPermission "os.arch", "read";
-
-    permission java.util.PropertyPermission 
-			"sun.security.mscapi.keyStoreCompatibilityMode", "read";
-
-    permission java.io.FilePermission "<<ALL FILES>>", "read";
-
-    permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
-
     // This permission is required for the test to run to completion
     permission java.security.SecurityPermission "authProvider.SunMSCAPI";
 };
--- a/jdk/test/sun/security/mscapi/noaccess.policy	Fri Aug 12 00:39:34 2016 +0000
+++ b/jdk/test/sun/security/mscapi/noaccess.policy	Fri Aug 12 00:47:06 2016 +0000
@@ -1,19 +1,4 @@
 grant {
-    // These permissions are required for the test to start
-    permission java.lang.RuntimePermission 
-			"accessClassInPackage.sun.*";
-
-    permission java.lang.RuntimePermission "loadLibrary.*";
-
-    permission java.util.PropertyPermission "os.arch", "read";
-
-    permission java.util.PropertyPermission 
-			"sun.security.mscapi.keyStoreCompatibilityMode", "read";
-
-    permission java.io.FilePermission "<<ALL FILES>>", "read";
-
-    permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
-
     // This permission is required for the test to run to completion
     //permission java.security.SecurityPermission "authProvider.SunMSCAPI";
 };