Java Source Code: org.apache.batik.bridge.JarCheckPermissionsDenied


   1: /*
   2: 
   3:    Copyright 2002-2004  The Apache Software Foundation 
   4: 
   5:    Licensed under the Apache License, Version 2.0 (the "License");
   6:    you may not use this file except in compliance with the License.
   7:    You may obtain a copy of the License at
   8: 
   9:        http://www.apache.org/licenses/LICENSE-2.0
  10: 
  11:    Unless required by applicable law or agreed to in writing, software
  12:    distributed under the License is distributed on an "AS IS" BASIS,
  13:    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14:    See the License for the specific language governing permissions and
  15:    limitations under the License.
  16: 
  17:  */
  18: package org.apache.batik.bridge;
  19: 
  20: import java.awt.AWTPermission;
  21: import java.io.FilePermission;
  22: import java.io.SerializablePermission;
  23: import java.lang.reflect.ReflectPermission;
  24: import java.net.NetPermission;
  25: import java.net.SocketPermission;
  26: import java.net.URL;
  27: import java.security.AllPermission;
  28: import java.security.Permission;
  29: import java.sql.SQLPermission;
  30: import java.util.PropertyPermission;
  31: import java.util.Vector;
  32: 
  33: import javax.sound.sampled.AudioPermission;
  34: 
  35: import org.w3c.dom.Document;
  36: import org.w3c.dom.Element;
  37: import org.w3c.dom.events.Event;
  38: import org.w3c.dom.events.EventListener;
  39: import org.w3c.dom.events.EventTarget;
  40: 
  41: import org.apache.batik.dom.svg.SVGOMDocument;
  42: import org.apache.batik.script.ScriptHandler;
  43: import org.apache.batik.script.Window;
  44: 
  45: /**
  46:  * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
  47:  * @version $Id: JarCheckPermissionsDenied.java,v 1.5 2004/08/18 07:16:02 vhardy Exp $
  48:  */
  49:	  public class JarCheckPermissionsDenied implements ScriptHandler {
  50:    public static final String svgNS = "http://www.w3.org/2000/svg";
  51:    public static final String testNS = "http://xml.apache.org/batik/test";
  52:
  53:    /**
  54:     * Path for the file tested with FilePermission
  55:     */
  56:    public static final String testedPath = "build.sh";
  57:
  58:    /**
  59:     * Host which is used for testing
  60:     */
  61:    public static final String testedHost = "nagoya.apache.org:8080";
  62:
  63:    /**
  64:     * Table of Permissions which will be tested.
  65:     */
  66:	      protected static Object[][] basePermissions = {
  67:        {"AllPermission", new AllPermission()}, 
  68:        {"FilePermission read", new FilePermission(testedPath, "read")}, 
  69:        {"FilePermission write", new FilePermission(testedPath, "write")}, 
  70:        {"FilePermission execute", new FilePermission(testedPath, "execute")}, 
  71:        {"FilePermission delete", new FilePermission(testedPath, "delete")}, 
  72:        // 1.4 {"ServicePermission", new ServicePermission("krbtgt/EXAMPLE.COM@EXAMPLE.COM", "initiate")}, 
  73:        {"SocketPermission accept", new SocketPermission(testedHost, "accept")}, 
  74:        {"SocketPermission connect", new SocketPermission(testedHost, "connect")}, 
  75:        {"SocketPermission listen", new SocketPermission(testedHost, "listen")}, 
  76:        {"SocketPermission resolve", new SocketPermission(testedHost, "resolve")}, 
  77:        {"AudioPermission play", new AudioPermission("play")}, 
  78:        {"AudioPermission record", new AudioPermission("record")}, 
  79:        {"AWTPermission accessClipboard", new AWTPermission("accessClipboard")}, 
  80:        {"AWTPermission accessEventQueue", new AWTPermission("accessEventQueue")}, 
  81:        {"AWTPermission listenToAllAWTEvents", new AWTPermission("listenToAllAWTEvents")}, 
  82:        {"AWTPermission showWindowWithoutWarningBanner", new AWTPermission("showWindowWithoutWarningBanner")}, 
  83:        {"AWTPermission readDisplayPixels", new AWTPermission("readDisplayPixels")}, 
  84:        {"AWTPermission createRobot", new AWTPermission("createRobot")}, 
  85:        {"AWTPermission fullScreenExclusive", new AWTPermission("fullScreenExclusive")}, 
  86:        // 1.4 {"DelegationPermission", new DelegationPermission()}, 
  87:        // 1.4 {"LoggingPermission", new LoggingPermission("control")}, 
  88:        {"NetPermission setDefaultAuthenticator", new NetPermission("setDefaultAuthenticator")}, 
  89:        {"NetPermission requestPasswordAuthentication", new NetPermission("requestPasswordAuthentication")}, 
  90:        {"NetPermission specifyStreamHandler", new NetPermission("specifyStreamHandler")}, 
  91:        {"PropertyPermission java.home read", new PropertyPermission("java.home", "read")}, 
  92:        {"PropertyPermission java.home write", new PropertyPermission("java.home", "write")}, 
  93:        {"ReflectPermission", new ReflectPermission("suppressAccessChecks")}, 
  94:        {"RuntimePermission createClassLoader", new RuntimePermission("createClassLoader")}, 
  95:        {"RuntimePermission getClassLoader", new RuntimePermission("getClassLoader")}, 
  96:        {"RuntimePermission setContextClassLoader", new RuntimePermission("setContextClassLoader")}, 
  97:        {"RuntimePermission setSecurityManager", new RuntimePermission("setSecurityManager")}, 
  98:        {"RuntimePermission createSecurityManager", new RuntimePermission("createSecurityManager")}, 
  99:        {"RuntimePermission exitVM", new RuntimePermission("exitVM")}, 
 100:        {"RuntimePermission shutdownHooks", new RuntimePermission("shutdownHooks")}, 
 101:        {"RuntimePermission setFactory", new RuntimePermission("setFactory")}, 
 102:        {"RuntimePermission setIO", new RuntimePermission("setIO")}, 
 103:        {"RuntimePermission modifyThread", new RuntimePermission("modifyThread")}, 
 104:        {"RuntimePermission modifyThreadGroup", new RuntimePermission("modifyThreadGroup")}, 
 105:        {"RuntimePermission getProtectionDomain", new RuntimePermission("getProtectionDomain")}, 
 106:        {"RuntimePermission readFileDescriptor", new RuntimePermission("readFileDescriptor")}, 
 107:        {"RuntimePermission writeFileDescriptor", new RuntimePermission("writeFileDescriptor")}, 
 108:        {"RuntimePermission loadLibrary.{library name}", new RuntimePermission("loadLibrary.{library name}")}, 
 109:        {"RuntimePermission accessClassInPackage.java.security", new RuntimePermission("accessClassInPackage.java.security")}, 
 110:        {"RuntimePermission defineClassInPackage.java.lang", new RuntimePermission("defineClassInPackage.java.lang")}, 
 111:        {"RuntimePermission accessDeclaredMembers", new RuntimePermission("accessDeclaredMembers")}, 
 112:        {"RuntimePermission queuePrintJob", new RuntimePermission("queuePrintJob")}, 
 113:
 114:        {"SecurityPermission createAccessControlContext", new SerializablePermission("createAccessControlContext")}, 
 115:        {"SecurityPermission getDomainCombiner", new SerializablePermission("getDomainCombiner")}, 
 116:        {"SecurityPermission getPolicy", new SerializablePermission("getPolicy")}, 
 117:        {"SecurityPermission setPolicy", new SerializablePermission("setPolicy")}, 
 118:        {"SecurityPermission setSystemScope", new SerializablePermission("setSystemScope")}, 
 119:        {"SecurityPermission setIdentityPublicKey", new SerializablePermission("setIdentityPublicKey")}, 
 120:        {"SecurityPermission setIdentityInfo", new SerializablePermission("setIdentityInfo")}, 
 121:        {"SecurityPermission addIdentityCertificate", new SerializablePermission("addIdentityCertificate")}, 
 122:        {"SecurityPermission removeIdentityCertificate", new SerializablePermission("removeIdentityCertificate")}, 
 123:        {"SecurityPermission printIdentity", new SerializablePermission("printIdentity")}, 
 124:        {"SecurityPermission getSignerPrivateKey", new SerializablePermission("getSignerPrivateKey")}, 
 125:        {"SecurityPermission setSignerKeyPair", new SerializablePermission("setSignerKeyPair")}, 
 126:
 127:        {"SerializablePermission enableSubclassImplementation", new SerializablePermission("enableSubclassImplementation")},
 128:        {"SerializablePermission enableSubstitution", new SerializablePermission("enableSubstitution")},
 129:
 130:        {"SQLPermission", new SQLPermission("setLog")}, 
 131:
 132:        // 1.4 {"SSLPermission setHostnameVerifier", new SSLPermission("setHostnameVerifier")}
 133:        // 1.4{"SSLPermission getSSLSessionContext", new SSLPermission("getSSLSessionContext")}
 134:    };
 135:    
 136:    /**
 137:     * Set of Permissions to test. One is added if the Document is loaded from a host
 138:     */
 139:    private Object[][] permissions;
 140:
 141:    /**
 142:     * Reference to the rectangles which show the test status
 143:     */
 144:    private Element[] statusRects;
 145:
 146:    /**
 147:     * Runs this handler.  
 148:     * @param doc The current document.
 149:     * @param win An object which represents the current viewer.
 150:     */
 151:	      public void run(final Document document, final Window win){
 152:        int nGrantedTmp = 0;
 153:
 154:        //
 155:        // If the document is loaded over the network, check that the
 156:        // class has permission to access the server
 157:        //
 158:        URL docURL = ((SVGOMDocument)document).getURLObject();
 159:        if ((docURL != null) && 
 160:            (docURL.getHost() != null) && 
 161:	              (!"".equals(docURL.getHost()))) {
 162:
 163:            permissions = new Object[basePermissions.length + 4][2];
 164:
 165:            String docHost = docURL.getHost();
 166:	              if (docURL.getPort() != -1) {
 167:                docHost += ":" + docURL.getPort();
 168:            }
 169:
 170:            int i=0;
 171:            permissions[i][0] = "SocketPermission accept " + docHost;
 172:            permissions[i][1] = new SocketPermission(docHost, "accept");
 173:            i++;
 174:
 175:            permissions[i][0] = "SocketPermission connect " + docHost;
 176:            permissions[i][1] = new SocketPermission(docHost, "connect");
 177:            i++;
 178:
 179:            permissions[i][0] = "SocketPermission resolve " + docHost;
 180:            permissions[i][1] = new SocketPermission(docHost, "resolve");
 181:            i++;
 182:            
 183:            permissions[i][0] = "RuntimePermission stopThread";
 184:            permissions[i][1] = new RuntimePermission("stopThread");
 185:            i++;
 186:
 187:            nGrantedTmp = i;
 188:
 189:            System.arraycopy(basePermissions, 0, permissions, i, 
 190:                             basePermissions.length);
 191:        } else {
 192:            permissions = basePermissions;
 193:        }
 194:
 195:        final int nGranted = nGrantedTmp;
 196:
 197:        EventTarget root = (EventTarget)document.getDocumentElement();
 198:	          root.addEventListener("SVGLoad", new EventListener() {
 199:	                  public void handleEvent(Event evt){
 200:                    SecurityManager sm = System.getSecurityManager();
 201:                    int successCnt = 0;
 202:                    Vector unexpectedGrants = new Vector();
 203:                    Vector unexpectedDenial = new Vector();
 204:                    int unexpectedDenialCnt = 0;
 205:                    int unexpectedGrantsCnt = 0;
 206:                    
 207:	                      if (sm == null){
 208:	                          for (int i=0; i<nGranted; i++) {
 209:                            successCnt++;
 210:                        }
 211:	                          for (int i=nGranted; i<permissions.length; i++) {
 212:                            unexpectedGrants.add(permissions[i][0]);
 213:                            unexpectedGrantsCnt++;
 214:                        }
 215:                    }
 216:	                      else {
 217:	                          for (int i=0; i<nGranted; i++) {
 218:                            Permission p = (Permission)permissions[i][1];
 219:	                              try {
 220:                                sm.checkPermission(p);
 221:                                System.out.println(">>>> Permision : " + p + " was granted");
 222:                                successCnt++;
 223:                            } catch (SecurityException se){
 224:                                unexpectedDenial.add(permissions[i][0]);
 225:                                unexpectedDenialCnt++;
 226:                            }
 227:                        }
 228:	                          for (int i=nGranted; i<permissions.length; i++) {
 229:                            Permission p = (Permission)permissions[i][1];
 230:	                              try {
 231:                                sm.checkPermission(p);
 232:                                System.out.println(">>>> Permision : " + p + " was granted");
 233:                                unexpectedGrants.add(permissions[i][0]);
 234:                                unexpectedGrantsCnt++;
 235:                            } catch (SecurityException se){
 236:                                successCnt++;
 237:                            }
 238:                        }
 239:                    }
 240:                    
 241:                    // Update the test's metadata
 242:                    Element result = document.getElementById("testResult");
 243:	                      if ( successCnt == permissions.length ) {
 244:                        result.setAttributeNS(null, "result", "passed");
 245:                    } else {
 246:                        System.out.println("test failed: " + unexpectedGrantsCnt + " / " + unexpectedDenialCnt);
 247:                        result.setAttributeNS(null, "result", "failed");
 248:                        result.setAttributeNS(null, "errorCode", "unexpected.grants.or.denials");
 249:                        
 250:                        String unexpectedGrantsString = "";
 251:                        String unexpectedDenialString = "";
 252:                        
 253:	                          for (int i=0; i<unexpectedGrantsCnt; i++) {
 254:                            unexpectedGrantsString += unexpectedGrants.elementAt(i).toString();
 255:                        }
 256:                        
 257:	                          for (int i=0; i<unexpectedDenialCnt; i++) {
 258:                            unexpectedDenialString += unexpectedDenial.elementAt(i).toString();
 259:                        }
 260:                        
 261:                        System.out.println("unexpected.grants : " + unexpectedGrantsString);
 262:                        Element entry = null;
 263:                        
 264:                        entry = document.createElementNS(testNS, "errorDescriptiongEntry");
 265:                        entry.setAttributeNS(null, "id", "unexpected.grants.count");
 266:                        entry.setAttributeNS(null, "value", "" + unexpectedGrantsCnt);
 267:                        result.appendChild(entry);
 268:                        
 269:                        entry = document.createElementNS(testNS, "errorDescriptionEntry");
 270:                        entry.setAttributeNS(null, "id", "unexpected.grants");
 271:                        entry.setAttributeNS(null, "value", unexpectedGrantsString);
 272:                        result.appendChild(entry);
 273:                        
 274:                        entry = document.createElementNS(testNS, "errorDescriptiongEntry");
 275:                        entry.setAttributeNS(null, "id", "unexpected.denials.count");
 276:                        entry.setAttributeNS(null, "value", "" + unexpectedDenialCnt);
 277:                        result.appendChild(entry);
 278:                        
 279:                        System.out.println("unexpected.denials : " + unexpectedDenialString);
 280:                        entry = document.createElementNS(testNS, "errorDescriptionEntry");
 281:                        entry.setAttributeNS(null, "id", "unexpected.denials");
 282:                        entry.setAttributeNS(null, "value", unexpectedDenialString);   
 283:                        result.appendChild(entry); 
 284:                    }
 285:                } }, false);        
 286:    }
 287:}