Java Source Code: org.apache.batik.bridge.JarCheckPermissionsGranted


   1: /*
   2: 
   3:    Copyright 2002-2003  The Apache Software Foundation 
   4: 
   5:    Licensed under the Apache License, Version 2.0 (the "License");
   6:    you may not use this file except in compliance with the License.
   7:    You may obtain a copy of the License at
   8: 
   9:        http://www.apache.org/licenses/LICENSE-2.0
  10: 
  11:    Unless required by applicable law or agreed to in writing, software
  12:    distributed under the License is distributed on an "AS IS" BASIS,
  13:    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14:    See the License for the specific language governing permissions and
  15:    limitations under the License.
  16: 
  17:  */
  18: package org.apache.batik.bridge;
  19: 
  20: import java.awt.AWTPermission;
  21: import java.io.FilePermission;
  22: import java.io.SerializablePermission;
  23: import java.lang.reflect.ReflectPermission;
  24: import java.net.NetPermission;
  25: import java.net.SocketPermission;
  26: import java.net.URL;
  27: import java.security.AllPermission;
  28: import java.security.Permission;
  29: import java.sql.SQLPermission;
  30: import java.util.PropertyPermission;
  31: import java.util.Vector;
  32: 
  33: import javax.sound.sampled.AudioPermission;
  34: 
  35: import org.w3c.dom.Document;
  36: import org.w3c.dom.Element;
  37: import org.w3c.dom.events.Event;
  38: import org.w3c.dom.events.EventListener;
  39: import org.w3c.dom.events.EventTarget;
  40: 
  41: import org.apache.batik.dom.svg.SVGOMDocument;
  42: import org.apache.batik.script.ScriptHandler;
  43: import org.apache.batik.script.Window;
  44: 
  45: /**
  46:  * @author <a href="mailto:vhardy@apache.org">Vincent Hardy</a>
  47:  * @version $Id: JarCheckPermissionsGranted.java,v 1.4 2004/08/18 07:16:02 vhardy Exp $
  48:  */
  49:	  public class JarCheckPermissionsGranted implements ScriptHandler {
  50:    public static final String svgNS = "http://www.w3.org/2000/svg";
  51:    public static final String testNS = "http://xml.apache.org/batik/test";
  52:
  53:    /**
  54:     * Path for the file tested with FilePermission
  55:     */
  56:    public static final String testedPath = "build.sh";
  57:
  58:    /**
  59:     * Host which is used for testing
  60:     */
  61:    public static final String testedHost = "nagoya.apache.org:8080";
  62:
  63:    /**
  64:     * Table of Permissions which will be tested.
  65:     */
  66:	      protected static Object[][] basePermissions = {
  67:        {"AllPermission", new AllPermission()}, 
  68:        {"FilePermission read", new FilePermission(testedPath, "read")}, 
  69:        {"FilePermission write", new FilePermission(testedPath, "write")}, 
  70:        {"FilePermission execute", new FilePermission(testedPath, "execute")}, 
  71:        {"FilePermission delete", new FilePermission(testedPath, "delete")}, 
  72:        // 1.4 {"ServicePermission", new ServicePermission("krbtgt/EXAMPLE.COM@EXAMPLE.COM", "initiate")}, 
  73:        {"SocketPermission accept", new SocketPermission(testedHost, "accept")}, 
  74:        {"SocketPermission connect", new SocketPermission(testedHost, "connect")}, 
  75:        {"SocketPermission listen", new SocketPermission(testedHost, "listen")}, 
  76:        {"SocketPermission resolve", new SocketPermission(testedHost, "resolve")}, 
  77:        {"AudioPermission play", new AudioPermission("play")}, 
  78:        {"AudioPermission record", new AudioPermission("record")}, 
  79:        {"AWTPermission accessClipboard", new AWTPermission("accessClipboard")}, 
  80:        {"AWTPermission accessEventQueue", new AWTPermission("accessEventQueue")}, 
  81:        {"AWTPermission listenToAllAWTEvents", new AWTPermission("listenToAllAWTEvents")}, 
  82:        {"AWTPermission showWindowWithoutWarningBanner", new AWTPermission("showWindowWithoutWarningBanner")}, 
  83:        {"AWTPermission readDisplayPixels", new AWTPermission("readDisplayPixels")}, 
  84:        {"AWTPermission createRobot", new AWTPermission("createRobot")}, 
  85:        {"AWTPermission fullScreenExclusive", new AWTPermission("fullScreenExclusive")}, 
  86:        // 1.4 {"DelegationPermission", new DelegationPermission()}, 
  87:        // 1.4 {"LoggingPermission", new LoggingPermission("control")}, 
  88:        {"NetPermission setDefaultAuthenticator", new NetPermission("setDefaultAuthenticator")}, 
  89:        {"NetPermission requestPasswordAuthentication", new NetPermission("requestPasswordAuthentication")}, 
  90:        {"NetPermission specifyStreamHandler", new NetPermission("specifyStreamHandler")}, 
  91:        {"PropertyPermission java.home read", new PropertyPermission("java.home", "read")}, 
  92:        {"PropertyPermission java.home write", new PropertyPermission("java.home", "write")}, 
  93:        {"ReflectPermission", new ReflectPermission("suppressAccessChecks")}, 
  94:        {"RuntimePermission createClassLoader", new RuntimePermission("createClassLoader")}, 
  95:        {"RuntimePermission getClassLoader", new RuntimePermission("getClassLoader")}, 
  96:        {"RuntimePermission setContextClassLoader", new RuntimePermission("setContextClassLoader")}, 
  97:        {"RuntimePermission setSecurityManager", new RuntimePermission("setSecurityManager")}, 
  98:        {"RuntimePermission createSecurityManager", new RuntimePermission("createSecurityManager")}, 
  99:        {"RuntimePermission exitVM", new RuntimePermission("exitVM")}, 
 100:        {"RuntimePermission shutdownHooks", new RuntimePermission("shutdownHooks")}, 
 101:        {"RuntimePermission setFactory", new RuntimePermission("setFactory")}, 
 102:        {"RuntimePermission setIO", new RuntimePermission("setIO")}, 
 103:        {"RuntimePermission modifyThread", new RuntimePermission("modifyThread")}, 
 104:        {"RuntimePermission stopThread", new RuntimePermission("stopThread")}, 
 105:        {"RuntimePermission modifyThreadGroup", new RuntimePermission("modifyThreadGroup")}, 
 106:        {"RuntimePermission getProtectionDomain", new RuntimePermission("getProtectionDomain")}, 
 107:        {"RuntimePermission readFileDescriptor", new RuntimePermission("readFileDescriptor")}, 
 108:        {"RuntimePermission writeFileDescriptor", new RuntimePermission("writeFileDescriptor")}, 
 109:        {"RuntimePermission loadLibrary.{library name}", new RuntimePermission("loadLibrary.{library name}")}, 
 110:        {"RuntimePermission accessClassInPackage.java.security", new RuntimePermission("accessClassInPackage.java.security")}, 
 111:        {"RuntimePermission defineClassInPackage.java.lang", new RuntimePermission("defineClassInPackage.java.lang")}, 
 112:        {"RuntimePermission accessDeclaredMembers", new RuntimePermission("accessDeclaredMembers")}, 
 113:        {"RuntimePermission queuePrintJob", new RuntimePermission("queuePrintJob")}, 
 114:
 115:        {"SecurityPermission createAccessControlContext", new SerializablePermission("createAccessControlContext")}, 
 116:        {"SecurityPermission getDomainCombiner", new SerializablePermission("getDomainCombiner")}, 
 117:        {"SecurityPermission getPolicy", new SerializablePermission("getPolicy")}, 
 118:        {"SecurityPermission setPolicy", new SerializablePermission("setPolicy")}, 
 119:        {"SecurityPermission setSystemScope", new SerializablePermission("setSystemScope")}, 
 120:        {"SecurityPermission setIdentityPublicKey", new SerializablePermission("setIdentityPublicKey")}, 
 121:        {"SecurityPermission setIdentityInfo", new SerializablePermission("setIdentityInfo")}, 
 122:        {"SecurityPermission addIdentityCertificate", new SerializablePermission("addIdentityCertificate")}, 
 123:        {"SecurityPermission removeIdentityCertificate", new SerializablePermission("removeIdentityCertificate")}, 
 124:        {"SecurityPermission printIdentity", new SerializablePermission("printIdentity")}, 
 125:        {"SecurityPermission getSignerPrivateKey", new SerializablePermission("getSignerPrivateKey")}, 
 126:        {"SecurityPermission setSignerKeyPair", new SerializablePermission("setSignerKeyPair")}, 
 127:
 128:        {"SerializablePermission enableSubclassImplementation", new SerializablePermission("enableSubclassImplementation")},
 129:        {"SerializablePermission enableSubstitution", new SerializablePermission("enableSubstitution")},
 130:
 131:        {"SQLPermission", new SQLPermission("setLog")}, 
 132:
 133:        // 1.4 {"SSLPermission setHostnameVerifier", new SSLPermission("setHostnameVerifier")}
 134:        // 1.4{"SSLPermission getSSLSessionContext", new SSLPermission("getSSLSessionContext")}
 135:    };
 136:    
 137:    /**
 138:     * Set of Permissions to test. One is added if the Document is loaded from a host
 139:     */
 140:    private Object[][] permissions;
 141:
 142:    /**
 143:     * Reference to the rectangles which show the test status
 144:     */
 145:    private Element[] statusRects;
 146:
 147:    /**
 148:     * Runs this handler.  
 149:     * @param doc The current document.
 150:     * @param win An object which represents the current viewer.
 151:     */
 152:	      public void run(final Document document, final Window win){
 153:        //
 154:        // If the document is loaded over the network, check that the
 155:        // class has permission to access the server
 156:        //
 157:        URL docURL = ((SVGOMDocument)document).getURLObject();
 158:	          if (docURL != null && docURL.getHost() != null && !"".equals(docURL.getHost())) {
 159:            permissions = new Object[basePermissions.length + 3][2];
 160:            System.arraycopy(basePermissions, 0, 
 161:                             permissions, 3, basePermissions.length);
 162:
 163:            String docHost = docURL.getHost();
 164:	              if (docURL.getPort() != -1) {
 165:                docHost += ":" + docURL.getPort();
 166:            }
 167:
 168:            permissions[0][0] = "SocketPermission accept " + docHost;
 169:            permissions[0][1] = new SocketPermission(docHost, "accept");
 170:            permissions[1][0] = "SocketPermission connect " + docHost;
 171:            permissions[1][1] = new SocketPermission(docHost, "connect");
 172:            permissions[2][0] = "SocketPermission resolve " + docHost;
 173:            permissions[2][1] = new SocketPermission(docHost, "resolve");
 174:        } else {
 175:            permissions = basePermissions;
 176:        }
 177:
 178:        EventTarget root = (EventTarget)document.getDocumentElement();
 179:	          root.addEventListener("SVGLoad", new EventListener() {
 180:	                  public void handleEvent(Event evt){
 181:                    SecurityManager sm = System.getSecurityManager();
 182:                    int successCnt = 0;
 183:                    Vector unexpectedDenial = new Vector();
 184:                    int unexpectedDenialCnt = 0;
 185:                    int unexpectedGrantsCnt = 0;
 186:                    
 187:	                      if (sm == null){
 188:	                          for (int i=0; i<permissions.length; i++) {
 189:                            successCnt++;
 190:                        }
 191:                    }
 192:	                      else {
 193:	                          for (int i=0; i<permissions.length; i++) {
 194:                            Permission p = (Permission)permissions[i][1];
 195:	                              try {
 196:                                sm.checkPermission(p);
 197:                                successCnt++;
 198:                            } catch (SecurityException se){
 199:                                unexpectedDenial.add(permissions[i][0]);
 200:                                unexpectedDenialCnt++;
 201:                            }
 202:                        }
 203:                    }
 204:                    
 205:                    // Update the test's metadata
 206:                    Element result = document.getElementById("testResult");
 207:	                      if ( successCnt == permissions.length ) {
 208:                        result.setAttributeNS(null, "result", "passed");
 209:                    } else {
 210:                        System.out.println("test failed: " + unexpectedGrantsCnt + " / " + unexpectedDenialCnt);
 211:                        result.setAttributeNS(null, "result", "failed");
 212:                        result.setAttributeNS(null, "errorCode", "unexpected.grants.or.denials");
 213:                        
 214:                        String unexpectedDenialString = "";
 215:                        
 216:	                          for (int i=0; i<unexpectedDenialCnt; i++) {
 217:                            unexpectedDenialString += unexpectedDenial.elementAt(i).toString();
 218:                        }
 219:                        
 220:                        Element entry = null;
 221:                        
 222:                        entry = document.createElementNS(testNS, "errorDescriptiongEntry");
 223:                        entry.setAttributeNS(null, "id", "unexpected.denials.count");
 224:                        entry.setAttributeNS(null, "value", "" + unexpectedDenialCnt);
 225:                        result.appendChild(entry);
 226:                        
 227:                        System.out.println("unexpected.denials : " + unexpectedDenialString);
 228:                        entry = document.createElementNS(testNS, "errorDescriptionEntry");
 229:                        entry.setAttributeNS(null, "id", "unexpected.denials");
 230:                        entry.setAttributeNS(null, "value", unexpectedDenialString);   
 231:                        result.appendChild(entry); 
 232:                    }
 233:                } }, false);        
 234:    }
 235:}