Google Git
Sign in
eclipse / equinox / rt.equinox.framework / refs/tags/v20090209-1900 / . / bundles / org.eclipse.osgi.tests / src / org / eclipse / osgi / tests / securityadmin / SecurityAdminUnitTests.java
blob: e39864c8fd82b562fab5e22d1cd547db7a487f14 [file] [log] [blame]
/*******************************************************************************
* Copyright (c) 2008 IBM Corporation and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* IBM Corporation - initial API and implementation
*******************************************************************************/
package org.eclipse.osgi.tests.securityadmin;
import ext.framework.b.TestCondition;
import java.io.FilePermission;
import java.io.IOException;
import java.net.SocketPermission;
import java.security.*;
import java.util.List;
import junit.framework.Test;
import junit.framework.TestSuite;
import org.eclipse.osgi.framework.internal.core.AbstractBundle;
import org.eclipse.osgi.internal.permadmin.EquinoxSecurityManager;
import org.eclipse.osgi.internal.permadmin.SecurityAdmin;
import org.eclipse.osgi.tests.bundles.AbstractBundleTests;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleException;
import org.osgi.service.condpermadmin.*;
import org.osgi.service.permissionadmin.PermissionInfo;
public class SecurityAdminUnitTests extends AbstractBundleTests {
private static final PermissionInfo[] SOCKET_INFOS = new PermissionInfo[] {new PermissionInfo("java.net.SocketPermission", "localhost", "accept")}; //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
private static final PermissionInfo[] READONLY_INFOS = new PermissionInfo[] {new PermissionInfo("java.io.FilePermission", "<<ALL FILES>>", "read")}; //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
private static final PermissionInfo[] READWRITE_INFOS = new PermissionInfo[] {
// multiple permission infos
new PermissionInfo("java.io.FilePermission", "<<ALL FILES>>", "read"), //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
new PermissionInfo("java.io.FilePermission", "<<ALL FILES>>", "write") //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
};
private static final PermissionInfo[] RUNTIME_INFOS = new PermissionInfo[] {new PermissionInfo("java.lang.RuntimePermission", "exitVM", null)}; //$NON-NLS-1$ //$NON-NLS-2$
private static final ConditionInfo[] ALLLOCATION_CONDS = new ConditionInfo[] {new ConditionInfo("org.osgi.service.condpermadmin.BundleLocationCondition", new String[] {"*"})}; //$NON-NLS-1$ //$NON-NLS-2$
private static final ConditionInfo POST_MUT_SAT = new ConditionInfo("ext.framework.b.TestCondition", new String[] {"POST_MUT_SAT", "true", "true", "true"}); //$NON-NLS-1$//$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ //$NON-NLS-5$
private static final ConditionInfo POST_MUT_UNSAT = new ConditionInfo("ext.framework.b.TestCondition", new String[] {"POST_MUT_UNSAT", "true", "true", "false"}); //$NON-NLS-1$//$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ //$NON-NLS-5$
private static final ConditionInfo SIGNER_CONDITION1 = new ConditionInfo("org.osgi.service.condpermadmin.BundleSignerCondition", new String[] {"*;cn=test1,c=US"}); //$NON-NLS-1$//$NON-NLS-2$
private static final ConditionInfo SIGNER_CONDITION2 = new ConditionInfo("org.osgi.service.condpermadmin.BundleSignerCondition", new String[] {"*;cn=test2,c=US"}); //$NON-NLS-1$//$NON-NLS-2$
private static final ConditionInfo NOT_SIGNER_CONDITION1 = new ConditionInfo("org.osgi.service.condpermadmin.BundleSignerCondition", new String[] {"*;cn=test1,c=US", "!"}); //$NON-NLS-1$//$NON-NLS-2$ //$NON-NLS-3$
//private static final ConditionInfo POST_MUT_NOTSAT = new ConditionInfo("ext.framework.b.TestCondition", new String[] {"POST_MUT_NOTSAT", "true", "true", "false"}); //$NON-NLS-1$//$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ //$NON-NLS-5$
//private static final ConditionInfo POST_NOTMUT_SAT = new ConditionInfo("ext.framework.b.TestCondition", new String[] {"POST_NOTMUT_SAT", "true", "false", "true"}); //$NON-NLS-1$//$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ //$NON-NLS-5$
//private static final ConditionInfo POST_NOTMUT_NOTSAT = new ConditionInfo("ext.framework.b.TestCondition", new String[] {"POST_NOTMUT_NOTSAT", "true", "false", "false"}); //$NON-NLS-1$//$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ //$NON-NLS-5$
public static Test suite() {
return new TestSuite(SecurityAdminUnitTests.class);
}
private SecurityAdmin createSecurityAdmin(EquinoxSecurityManager sm) {
try {
return new SecurityAdmin(sm, null, new TestPermissionStorage());
} catch (IOException e) {
fail("unexpected exception creating SecuirtyAdmin", e); //$NON-NLS-1$;
}
return null;
}
public void testCreateSecurityAdmin() {
createSecurityAdmin(null);
}
public void testCreateDomain() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
if (!pd.implies(new AllPermission()))
fail("test bundle should have AllPermission"); //$NON-NLS-1$
}
public void testLocationPermission01() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
securityAdmin.setPermissions(test.getLocation(), READONLY_INFOS);
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), false);
securityAdmin.setPermissions(test.getLocation(), null);
testPermission(pd, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), true);
}
public void testLocationPermission02() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
securityAdmin.setPermissions(test.getLocation(), READWRITE_INFOS);
testPermission(pd, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), false);
securityAdmin.setPermissions(test.getLocation(), null);
testPermission(pd, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), true);
}
public void testLocationPermission03() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
securityAdmin.setDefaultPermissions(READONLY_INFOS);
securityAdmin.setPermissions(test.getLocation(), READWRITE_INFOS);
ConditionalPermissionInfo condPermInfo = securityAdmin.addConditionalPermissionInfo(ALLLOCATION_CONDS, SOCKET_INFOS);
testPermission(pd, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), false);
testPermission(pd, new SocketPermission("localhost", "accept"), false); //$NON-NLS-1$ //$NON-NLS-2$
securityAdmin.setPermissions(test.getLocation(), null);
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), false);
testPermission(pd, new SocketPermission("localhost", "accept"), true); //$NON-NLS-1$ //$NON-NLS-2$
condPermInfo.delete();
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), false);
testPermission(pd, new SocketPermission("localhost", "accept"), false); //$NON-NLS-1$ //$NON-NLS-2$
securityAdmin.setDefaultPermissions(null);
testPermission(pd, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), true);
testPermission(pd, new SocketPermission("localhost", "accept"), true); //$NON-NLS-1$ //$NON-NLS-2$
}
public void testDefaultPermissions01() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
securityAdmin.setDefaultPermissions(READONLY_INFOS);
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), false);
securityAdmin.setDefaultPermissions(null);
testPermission(pd, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), true);
}
public void testDefaultPermissions02() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
securityAdmin.setDefaultPermissions(READONLY_INFOS);
securityAdmin.setPermissions(test.getLocation(), SOCKET_INFOS);
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), false);
testPermission(pd, new SocketPermission("localhost", "accept"), true); //$NON-NLS-1$ //$NON-NLS-2$
securityAdmin.setPermissions(test.getLocation(), null);
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), false);
testPermission(pd, new SocketPermission("localhost", "accept"), false); //$NON-NLS-1$ //$NON-NLS-2$
securityAdmin.setDefaultPermissions(null);
testPermission(pd, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), true);
}
public void testNotLocationCondition01() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
ConditionalPermissionInfo condPermInfo = securityAdmin.addConditionalPermissionInfo(getLocationConditions("xxx", true), SOCKET_INFOS); //$NON-NLS-1$
testPermission(pd, new AllPermission(), false);
testPermission(pd, new SocketPermission("localhost", "accept"), true); //$NON-NLS-1$ //$NON-NLS-2$
condPermInfo.delete();
testPermission(pd, new AllPermission(), true);
testPermission(pd, new SocketPermission("localhost", "accept"), true); //$NON-NLS-1$ //$NON-NLS-2$
}
public void testNotLocationCondition02() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
ConditionalPermissionInfo condPermInfo = securityAdmin.addConditionalPermissionInfo(getLocationConditions(test.getLocation(), true), SOCKET_INFOS);
testPermission(pd, new AllPermission(), false);
testPermission(pd, new SocketPermission("localhost", "accept"), false); //$NON-NLS-1$ //$NON-NLS-2$
condPermInfo.delete();
testPermission(pd, new AllPermission(), true);
testPermission(pd, new SocketPermission("localhost", "accept"), true); //$NON-NLS-1$ //$NON-NLS-2$
}
public void testMultipleLocationConditions01() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
ConditionalPermissionInfo condPermInfo1 = securityAdmin.addConditionalPermissionInfo(getLocationConditions("xxx", false), SOCKET_INFOS); //$NON-NLS-1$
ConditionalPermissionInfo condPermInfo2 = securityAdmin.addConditionalPermissionInfo(ALLLOCATION_CONDS, READONLY_INFOS);
testPermission(pd, new SocketPermission("localhost", "accept"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
condPermInfo1.delete();
testPermission(pd, new SocketPermission("localhost", "accept"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
condPermInfo2.delete();
testPermission(pd, new SocketPermission("localhost", "accept"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
}
public void testMultipleLocationConditions02() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
ConditionalPermissionInfo condPermInfo1 = securityAdmin.addConditionalPermissionInfo(getLocationConditions("xxx", false), SOCKET_INFOS); //$NON-NLS-1$
ConditionalPermissionInfo condPermInfo2 = securityAdmin.addConditionalPermissionInfo(ALLLOCATION_CONDS, READONLY_INFOS);
ConditionalPermissionInfo condPermInfo3 = securityAdmin.addConditionalPermissionInfo(getLocationConditions(test.getLocation(), false), RUNTIME_INFOS);
testPermission(pd, new SocketPermission("localhost", "accept"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new RuntimePermission("exitVM", null), true); //$NON-NLS-1$
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
condPermInfo1.delete();
testPermission(pd, new SocketPermission("localhost", "accept"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new RuntimePermission("exitVM", null), true); //$NON-NLS-1$
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
condPermInfo2.delete();
testPermission(pd, new SocketPermission("localhost", "accept"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new RuntimePermission("exitVM", null), true); //$NON-NLS-1$
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), false); //$NON-NLS-1$ //$NON-NLS-2$
condPermInfo3.delete();
testPermission(pd, new SocketPermission("localhost", "accept"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new RuntimePermission("exitVM", null), true); //$NON-NLS-1$
testPermission(pd, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
}
public void testUpdate01() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
assertTrue("table is not empty", rows.isEmpty()); //$NON-NLS-1$
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
}
public void testUpdate02() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
ConditionalPermissionInfo info = securityAdmin.newConditionalPermissionInfo(null, ALLLOCATION_CONDS, READONLY_INFOS, ConditionalPermissionInfo.ALLOW);
rows.add(info);
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), false);
update = securityAdmin.newConditionalPermissionUpdate();
rows = update.getConditionalPermissionInfos();
rows.clear();
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
testPermission(pd, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), true);
}
public void testUpdate03() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
ConditionalPermissionInfo info1 = securityAdmin.newConditionalPermissionInfo(null, ALLLOCATION_CONDS, READWRITE_INFOS, ConditionalPermissionInfo.DENY);
ConditionalPermissionInfo info2 = securityAdmin.newConditionalPermissionInfo(null, ALLLOCATION_CONDS, READONLY_INFOS, ConditionalPermissionInfo.ALLOW);
rows.add(info1);
rows.add(info2);
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), false);
update = securityAdmin.newConditionalPermissionUpdate();
rows = update.getConditionalPermissionInfos();
rows.remove(0);
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), false);
update = securityAdmin.newConditionalPermissionUpdate();
rows = update.getConditionalPermissionInfos();
rows.remove(0);
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
testPermission(pd, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), true);
}
public void testUpdate04() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
ConditionalPermissionInfo info1 = securityAdmin.newConditionalPermissionInfo(null, ALLLOCATION_CONDS, READWRITE_INFOS, ConditionalPermissionInfo.DENY);
ConditionalPermissionInfo info2 = securityAdmin.newConditionalPermissionInfo(null, ALLLOCATION_CONDS, READONLY_INFOS, ConditionalPermissionInfo.ALLOW);
rows.add(info1);
rows.add(info2);
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
ConditionalPermissionUpdate update1 = securityAdmin.newConditionalPermissionUpdate();
List rows1 = update1.getConditionalPermissionInfos();
rows1.remove(0);
ConditionalPermissionUpdate update2 = securityAdmin.newConditionalPermissionUpdate();
List rows2 = update2.getConditionalPermissionInfos();
rows2.remove(0);
assertTrue("failed to commit", update2.commit()); //$NON-NLS-1$
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
testPermission(pd, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), false);
assertFalse("succeeded commit", update1.commit()); //$NON-NLS-1$
update = securityAdmin.newConditionalPermissionUpdate();
rows = update.getConditionalPermissionInfos();
rows.remove(0);
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
testPermission(pd, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testPermission(pd, new AllPermission(), true);
}
public void testSecurityManager01() {
SecurityAdmin securityAdmin = createSecurityAdmin(null);
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
ConditionalPermissionInfo info = securityAdmin.newConditionalPermissionInfo(null, ALLLOCATION_CONDS, READONLY_INFOS, ConditionalPermissionInfo.ALLOW);
rows.add(info);
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
EquinoxSecurityManager sm = new EquinoxSecurityManager();
Bundle test = installTestBundle();
ProtectionDomain pd = securityAdmin.createProtectionDomain((AbstractBundle) test);
ProtectionDomain[] pds = new ProtectionDomain[] {pd};
testSMPermission(sm, pds, new FilePermission("test", "write"), false); //$NON-NLS-1$ //$NON-NLS-2$
testSMPermission(sm, pds, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testSMPermission(sm, pds, new AllPermission(), false);
update = securityAdmin.newConditionalPermissionUpdate();
rows = update.getConditionalPermissionInfos();
rows.clear();
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
testSMPermission(sm, pds, new FilePermission("test", "write"), true); //$NON-NLS-1$ //$NON-NLS-2$
testSMPermission(sm, pds, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
testSMPermission(sm, pds, new AllPermission(), true);
}
public void testPostponedConditions01() {
installConditionBundle();
TestCondition.clearConditions();
EquinoxSecurityManager sm = new EquinoxSecurityManager();
SecurityAdmin securityAdmin = createSecurityAdmin(sm);
Bundle test1 = installTestBundle();
Bundle test2 = installTest2Bundle();
ProtectionDomain pd1 = securityAdmin.createProtectionDomain((AbstractBundle) test1);
ProtectionDomain pd2 = securityAdmin.createProtectionDomain((AbstractBundle) test2);
ProtectionDomain[] pds = new ProtectionDomain[] {pd1, pd2};
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_SAT}, READONLY_INFOS, ConditionalPermissionInfo.DENY));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_UNSAT}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
rows.add(securityAdmin.newConditionalPermissionInfo(null, ALLLOCATION_CONDS, READONLY_INFOS, ConditionalPermissionInfo.DENY));
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$);
testSMPermission(sm, pds, new FilePermission("test", "read"), false); //$NON-NLS-1$ //$NON-NLS-2$
TestCondition tc1sat = TestCondition.getTestCondition("POST_MUT_SAT_" + test1.getBundleId()); //$NON-NLS-1$
TestCondition tc2sat = TestCondition.getTestCondition("POST_MUT_SAT_" + test2.getBundleId()); //$NON-NLS-1$
TestCondition tc1unsat = TestCondition.getTestCondition("POST_MUT_UNSAT_" + test1.getBundleId()); //$NON-NLS-1$
TestCondition tc2unsat = TestCondition.getTestCondition("POST_MUT_UNSAT_" + test2.getBundleId()); //$NON-NLS-1$
assertNotNull("tc1sat", tc1sat); //$NON-NLS-1$
assertNotNull("tc2sat", tc2sat); //$NON-NLS-1$
assertNotNull("tc1unsat", tc1unsat); //$NON-NLS-1$
assertNotNull("tc2unsat", tc2unsat); //$NON-NLS-1$
tc1sat.setSatisfied(false);
tc2sat.setSatisfied(false);
tc1unsat.setSatisfied(true);
tc2unsat.setSatisfied(true);
testSMPermission(sm, pds, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
tc1sat.setSatisfied(true);
tc2sat.setSatisfied(true);
update = securityAdmin.newConditionalPermissionUpdate();
rows = update.getConditionalPermissionInfos();
rows.remove(0);
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$);
testSMPermission(sm, pds, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
tc1unsat.setSatisfied(false);
tc2unsat.setSatisfied(false);
testSMPermission(sm, pds, new FilePermission("test", "read"), false); //$NON-NLS-1$ //$NON-NLS-2$
update = securityAdmin.newConditionalPermissionUpdate();
rows = update.getConditionalPermissionInfos();
rows.remove(0);
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$);
testSMPermission(sm, pds, new FilePermission("test", "read"), false); //$NON-NLS-1$ //$NON-NLS-2$
}
public void testPostponedConditions02() {
installConditionBundle();
TestCondition.clearConditions();
EquinoxSecurityManager sm = new EquinoxSecurityManager();
SecurityAdmin securityAdmin = createSecurityAdmin(sm);
Bundle test1 = installTestBundle();
Bundle test2 = installTest2Bundle();
ProtectionDomain pd1 = securityAdmin.createProtectionDomain((AbstractBundle) test1);
ProtectionDomain pd2 = securityAdmin.createProtectionDomain((AbstractBundle) test2);
ProtectionDomain[] pds = new ProtectionDomain[] {pd1, pd2};
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_SAT}, READONLY_INFOS, ConditionalPermissionInfo.DENY));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_SAT}, READONLY_INFOS, ConditionalPermissionInfo.DENY));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_UNSAT}, READONLY_INFOS, ConditionalPermissionInfo.DENY));
rows.add(securityAdmin.newConditionalPermissionInfo(null, ALLLOCATION_CONDS, READONLY_INFOS, ConditionalPermissionInfo.DENY));
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$);
testSMPermission(sm, pds, new FilePermission("test", "read"), false); //$NON-NLS-1$ //$NON-NLS-2$
TestCondition tc1sat = TestCondition.getTestCondition("POST_MUT_SAT_" + test1.getBundleId()); //$NON-NLS-1$
TestCondition tc2sat = TestCondition.getTestCondition("POST_MUT_SAT_" + test2.getBundleId()); //$NON-NLS-1$
TestCondition tc1unsat = TestCondition.getTestCondition("POST_MUT_UNSAT_" + test1.getBundleId()); //$NON-NLS-1$
TestCondition tc2unsat = TestCondition.getTestCondition("POST_MUT_UNSAT_" + test2.getBundleId()); //$NON-NLS-1$
assertNotNull("tc1sat", tc1sat); //$NON-NLS-1$
assertNull("tc2sat", tc2sat); //$NON-NLS-1$
assertNotNull("tc1unsat", tc1unsat); //$NON-NLS-1$
assertNull("tc2unsat", tc2unsat); //$NON-NLS-1$
tc1sat.setSatisfied(false);
tc1unsat.setSatisfied(true);
testSMPermission(sm, pds, new FilePermission("test", "read"), false); //$NON-NLS-1$ //$NON-NLS-2$
}
public void testPostponedConditions03() {
installConditionBundle();
TestCondition.clearConditions();
EquinoxSecurityManager sm = new EquinoxSecurityManager();
SecurityAdmin securityAdmin = createSecurityAdmin(sm);
Bundle test1 = installTestBundle();
Bundle test2 = installTest2Bundle();
ProtectionDomain pd1 = securityAdmin.createProtectionDomain((AbstractBundle) test1);
ProtectionDomain pd2 = securityAdmin.createProtectionDomain((AbstractBundle) test2);
ProtectionDomain[] pds = new ProtectionDomain[] {pd1, pd2};
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_SAT}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_SAT}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_UNSAT}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
rows.add(securityAdmin.newConditionalPermissionInfo(null, ALLLOCATION_CONDS, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$);
testSMPermission(sm, pds, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
TestCondition tc1sat = TestCondition.getTestCondition("POST_MUT_SAT_" + test1.getBundleId()); //$NON-NLS-1$
TestCondition tc2sat = TestCondition.getTestCondition("POST_MUT_SAT_" + test2.getBundleId()); //$NON-NLS-1$
TestCondition tc1unsat = TestCondition.getTestCondition("POST_MUT_UNSAT_" + test1.getBundleId()); //$NON-NLS-1$
TestCondition tc2unsat = TestCondition.getTestCondition("POST_MUT_UNSAT_" + test2.getBundleId()); //$NON-NLS-1$
assertNotNull("tc1sat", tc1sat); //$NON-NLS-1$
assertNotNull("tc2sat", tc2sat); //$NON-NLS-1$
assertNotNull("tc1unsat", tc1unsat); //$NON-NLS-1$
assertNotNull("tc2unsat", tc2unsat); //$NON-NLS-1$
tc1sat.setSatisfied(false);
tc2sat.setSatisfied(false);
tc1unsat.setSatisfied(true);
tc2unsat.setSatisfied(true);
testSMPermission(sm, pds, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
}
public void testPostponedConditions04() {
installConditionBundle();
TestCondition.clearConditions();
EquinoxSecurityManager sm = new EquinoxSecurityManager();
SecurityAdmin securityAdmin = createSecurityAdmin(sm);
Bundle test1 = installTestBundle();
Bundle test2 = installTest2Bundle();
ProtectionDomain pd1 = securityAdmin.createProtectionDomain((AbstractBundle) test1);
ProtectionDomain pd2 = securityAdmin.createProtectionDomain((AbstractBundle) test2);
ProtectionDomain[] pds = new ProtectionDomain[] {pd1, pd2};
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_SAT}, READONLY_INFOS, ConditionalPermissionInfo.DENY));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_SAT}, READONLY_INFOS, ConditionalPermissionInfo.DENY));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_UNSAT}, READONLY_INFOS, ConditionalPermissionInfo.DENY));
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$);
testSMPermission(sm, pds, new FilePermission("test", "read"), false); //$NON-NLS-1$ //$NON-NLS-2$
TestCondition tc1sat = TestCondition.getTestCondition("POST_MUT_SAT_" + test1.getBundleId()); //$NON-NLS-1$
TestCondition tc2sat = TestCondition.getTestCondition("POST_MUT_SAT_" + test2.getBundleId()); //$NON-NLS-1$
TestCondition tc1unsat = TestCondition.getTestCondition("POST_MUT_UNSAT_" + test1.getBundleId()); //$NON-NLS-1$
TestCondition tc2unsat = TestCondition.getTestCondition("POST_MUT_UNSAT_" + test2.getBundleId()); //$NON-NLS-1$
assertNotNull("tc1sat", tc1sat); //$NON-NLS-1$
assertNull("tc2sat", tc2sat); //$NON-NLS-1$
assertNotNull("tc1unsat", tc1unsat); //$NON-NLS-1$
assertNull("tc2unsat", tc2unsat); //$NON-NLS-1$
tc1sat.setSatisfied(false);
tc1unsat.setSatisfied(true);
testSMPermission(sm, pds, new FilePermission("test", "read"), false); //$NON-NLS-1$ //$NON-NLS-2$
}
public void testPostponedConditions05() {
installConditionBundle();
TestCondition.clearConditions();
EquinoxSecurityManager sm = new EquinoxSecurityManager();
SecurityAdmin securityAdmin = createSecurityAdmin(sm);
Bundle test1 = installTestBundle();
Bundle test2 = installTest2Bundle();
ProtectionDomain pd1 = securityAdmin.createProtectionDomain((AbstractBundle) test1);
ProtectionDomain pd2 = securityAdmin.createProtectionDomain((AbstractBundle) test2);
ProtectionDomain[] pds = new ProtectionDomain[] {pd1, pd2};
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_SAT}, READONLY_INFOS, ConditionalPermissionInfo.DENY));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_UNSAT}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_SAT}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {POST_MUT_UNSAT}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
rows.add(securityAdmin.newConditionalPermissionInfo(null, ALLLOCATION_CONDS, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$);
testSMPermission(sm, pds, new FilePermission("test", "read"), false); //$NON-NLS-1$ //$NON-NLS-2$
TestCondition tc1sat = TestCondition.getTestCondition("POST_MUT_SAT_" + test1.getBundleId()); //$NON-NLS-1$
TestCondition tc2sat = TestCondition.getTestCondition("POST_MUT_SAT_" + test2.getBundleId()); //$NON-NLS-1$
TestCondition tc1unsat = TestCondition.getTestCondition("POST_MUT_UNSAT_" + test1.getBundleId()); //$NON-NLS-1$
TestCondition tc2unsat = TestCondition.getTestCondition("POST_MUT_UNSAT_" + test2.getBundleId()); //$NON-NLS-1$
assertNotNull("tc1sat", tc1sat); //$NON-NLS-1$
assertNotNull("tc2sat", tc2sat); //$NON-NLS-1$
assertNotNull("tc1unsat", tc1unsat); //$NON-NLS-1$
assertNotNull("tc2unsat", tc2unsat); //$NON-NLS-1$
tc1sat.setSatisfied(false);
tc2sat.setSatisfied(false);
testSMPermission(sm, pds, new FilePermission("test", "read"), true); //$NON-NLS-1$ //$NON-NLS-2$
}
public void testAccessControlContext01() {
// test single row with signer condition
SecurityAdmin securityAdmin = createSecurityAdmin(null);
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {SIGNER_CONDITION1}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
AccessControlContext acc = securityAdmin.getAccessControlContext(new String[] {"cn=t1,cn=FR;cn=test1,c=US"}); //$NON-NLS-1$
try {
acc.checkPermission(new FilePermission("test", "write")); //$NON-NLS-1$ //$NON-NLS-2$
fail("expecting AccessControlExcetpion"); //$NON-NLS-1$
} catch (AccessControlException e) {
// expected
}
try {
acc.checkPermission(new FilePermission("test", "read")); //$NON-NLS-1$ //$NON-NLS-2$
} catch (AccessControlException e) {
fail("Unexpected AccessControlExcetpion", e); //$NON-NLS-1$
}
}
public void testAccessControlContext02() {
// test with DENY row
SecurityAdmin securityAdmin = createSecurityAdmin(null);
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {SIGNER_CONDITION1}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {SIGNER_CONDITION1}, READWRITE_INFOS, ConditionalPermissionInfo.DENY));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {SIGNER_CONDITION1}, READWRITE_INFOS, ConditionalPermissionInfo.ALLOW));
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
AccessControlContext acc = securityAdmin.getAccessControlContext(new String[] {"cn=t1,cn=FR;cn=test1,c=US"}); //$NON-NLS-1$
try {
acc.checkPermission(new FilePermission("test", "write")); //$NON-NLS-1$ //$NON-NLS-2$
fail("expecting AccessControlExcetpion"); //$NON-NLS-1$
} catch (AccessControlException e) {
// expected
}
try {
acc.checkPermission(new FilePermission("test", "read")); //$NON-NLS-1$ //$NON-NLS-2$
} catch (AccessControlException e) {
fail("Unexpected AccessControlExcetpion", e); //$NON-NLS-1$
}
}
public void testAccessControlContext03() {
// test multiple signer conditions
SecurityAdmin securityAdmin = createSecurityAdmin(null);
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {SIGNER_CONDITION1}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
AccessControlContext acc = securityAdmin.getAccessControlContext(new String[] {"cn=t1,cn=FR;cn=test2,c=US"}); //$NON-NLS-1$
try {
acc.checkPermission(new FilePermission("test", "write")); //$NON-NLS-1$ //$NON-NLS-2$
fail("expecting AccessControlExcetpion"); //$NON-NLS-1$
} catch (AccessControlException e) {
// expected
}
try {
acc.checkPermission(new FilePermission("test", "read")); //$NON-NLS-1$ //$NON-NLS-2$
fail("expecting AccessControlExcetpion"); //$NON-NLS-1$
} catch (AccessControlException e) {
// expected
}
update = securityAdmin.newConditionalPermissionUpdate();
rows = update.getConditionalPermissionInfos();
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {SIGNER_CONDITION2}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
acc = securityAdmin.getAccessControlContext(new String[] {"cn=t1,cn=FR;cn=test2,c=US"}); //$NON-NLS-1$
try {
acc.checkPermission(new FilePermission("test", "write")); //$NON-NLS-1$ //$NON-NLS-2$
fail("expecting AccessControlExcetpion"); //$NON-NLS-1$
} catch (AccessControlException e) {
// expected
}
try {
acc.checkPermission(new FilePermission("test", "read")); //$NON-NLS-1$ //$NON-NLS-2$
} catch (AccessControlException e) {
fail("Unexpected AccessControlExcetpion", e); //$NON-NLS-1$
}
}
public void testAccessControlContext04() {
// test multiple signer conditions
SecurityAdmin securityAdmin = createSecurityAdmin(null);
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {SIGNER_CONDITION1, SIGNER_CONDITION2}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {SIGNER_CONDITION1}, READWRITE_INFOS, ConditionalPermissionInfo.ALLOW));
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
AccessControlContext acc = securityAdmin.getAccessControlContext(new String[] {"cn=t1,cn=FR;cn=test2,c=US"}); //$NON-NLS-1$
try {
acc.checkPermission(new FilePermission("test", "write")); //$NON-NLS-1$ //$NON-NLS-2$
fail("expecting AccessControlExcetpion"); //$NON-NLS-1$
} catch (AccessControlException e) {
// expected
}
try {
acc.checkPermission(new FilePermission("test", "read")); //$NON-NLS-1$ //$NON-NLS-2$
fail("expecting AccessControlExcetpion"); //$NON-NLS-1$
} catch (AccessControlException e) {
// expected
}
acc = securityAdmin.getAccessControlContext(new String[] {"cn=t1,cn=FR;cn=test1,c=US", "cn=t1,cn=FR;cn=test2,c=US"}); //$NON-NLS-1$ //$NON-NLS-2$
try {
acc.checkPermission(new FilePermission("test", "write")); //$NON-NLS-1$ //$NON-NLS-2$
} catch (AccessControlException e) {
fail("Unexpected AccessControlExcetpion", e); //$NON-NLS-1$
}
try {
acc.checkPermission(new FilePermission("test", "read")); //$NON-NLS-1$ //$NON-NLS-2$
} catch (AccessControlException e) {
fail("Unexpected AccessControlExcetpion", e); //$NON-NLS-1$
}
}
public void testAccessControlContext05() {
// test with empty rows
SecurityAdmin securityAdmin = createSecurityAdmin(null);
AccessControlContext acc = securityAdmin.getAccessControlContext(new String[] {"cn=t1,cn=FR;cn=test2,c=US"}); //$NON-NLS-1$
try {
acc.checkPermission(new FilePermission("test", "write")); //$NON-NLS-1$ //$NON-NLS-2$
acc.checkPermission(new FilePermission("test", "read")); //$NON-NLS-1$ //$NON-NLS-2$
acc.checkPermission(new AllPermission());
} catch (AccessControlException e) {
fail("Unexpected AccessControlExcetpion", e); //$NON-NLS-1$
}
// set the default permissions
securityAdmin.setDefaultPermissions(READWRITE_INFOS);
acc = securityAdmin.getAccessControlContext(new String[] {"cn=t1,cn=FR;cn=test2,c=US"}); //$NON-NLS-1$
try {
acc.checkPermission(new FilePermission("test", "write")); //$NON-NLS-1$ //$NON-NLS-2$
acc.checkPermission(new FilePermission("test", "read")); //$NON-NLS-1$ //$NON-NLS-2$
} catch (AccessControlException e) {
fail("Unexpected AccessControlExcetpion", e); //$NON-NLS-1$
}
try {
acc.checkPermission(new AllPermission());
fail("expecting AccessControlExcetpion"); //$NON-NLS-1$
} catch (AccessControlException e) {
// expected
}
}
public void testAccessControlContext06() {
// test with empty condition rows
SecurityAdmin securityAdmin = createSecurityAdmin(null);
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {SIGNER_CONDITION1}, READWRITE_INFOS, ConditionalPermissionInfo.ALLOW));
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
AccessControlContext acc = securityAdmin.getAccessControlContext(new String[] {"cn=t1,cn=FR;cn=test2,c=US"}); //$NON-NLS-1$
try {
acc.checkPermission(new FilePermission("test", "read")); //$NON-NLS-1$ //$NON-NLS-2$
} catch (AccessControlException e) {
fail("Unexpected AccessControlExcetpion", e); //$NON-NLS-1$
}
try {
acc.checkPermission(new FilePermission("test", "write")); //$NON-NLS-1$ //$NON-NLS-2$
fail("expecting AccessControlExcetpion"); //$NON-NLS-1$
} catch (AccessControlException e) {
// expected
}
}
public void testAccessControlContext07() {
// test ! signer condition
SecurityAdmin securityAdmin = createSecurityAdmin(null);
ConditionalPermissionUpdate update = securityAdmin.newConditionalPermissionUpdate();
List rows = update.getConditionalPermissionInfos();
rows.add(securityAdmin.newConditionalPermissionInfo(null, new ConditionInfo[] {NOT_SIGNER_CONDITION1}, READONLY_INFOS, ConditionalPermissionInfo.ALLOW));
assertTrue("failed to commit", update.commit()); //$NON-NLS-1$
AccessControlContext acc = securityAdmin.getAccessControlContext(new String[] {"cn=t1,cn=FR;cn=test1,c=US"}); //$NON-NLS-1$
try {
acc.checkPermission(new FilePermission("test", "write")); //$NON-NLS-1$ //$NON-NLS-2$
fail("expecting AccessControlExcetpion"); //$NON-NLS-1$
} catch (AccessControlException e) {
// expected
}
try {
acc.checkPermission(new FilePermission("test", "read")); //$NON-NLS-1$ //$NON-NLS-2$
fail("expecting AccessControlExcetpion"); //$NON-NLS-1$
} catch (AccessControlException e) {
// expected
}
acc = securityAdmin.getAccessControlContext(new String[] {"cn=t1,cn=FR;cn=test2,c=US"}); //$NON-NLS-1$
try {
acc.checkPermission(new FilePermission("test", "write")); //$NON-NLS-1$ //$NON-NLS-2$
fail("expecting AccessControlExcetpion"); //$NON-NLS-1$
} catch (AccessControlException e) {
// expected
}
try {
acc.checkPermission(new FilePermission("test", "read")); //$NON-NLS-1$ //$NON-NLS-2$
} catch (AccessControlException e) {
fail("Unexpected AccessControlExcetpion", e); //$NON-NLS-1$
}
}
private void testSMPermission(EquinoxSecurityManager sm, ProtectionDomain[] pds, Permission permission, boolean expectedToPass) {
AccessControlContext acc = new AccessControlContext(pds);
try {
sm.checkPermission(permission, acc);
if (!expectedToPass)
fail("test should not have the permission " + permission); //$NON-NLS-1$
} catch (SecurityException e) {
if (expectedToPass)
fail("test should have the permission " + permission); //$NON-NLS-1$
}
}
private void testPermission(ProtectionDomain pd, Permission permission, boolean expectedToPass) {
if (expectedToPass ^ pd.implies(permission))
fail("test should" + (expectedToPass ? "" : " not") + " have the permission " + permission); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$
}
private ConditionInfo[] getLocationConditions(String location, boolean not) {
String[] args = not ? new String[] {location, "!"} : new String[] {location}; //$NON-NLS-1$
return new ConditionInfo[] {new ConditionInfo("org.osgi.service.condpermadmin.BundleLocationCondition", args)}; //$NON-NLS-1$
}
private Bundle installTestBundle() {
try {
return installer.installBundle("test"); //$NON-NLS-1$
} catch (BundleException e) {
fail("failed to install bundle", e); //$NON-NLS-1$
}
return null;
}
private Bundle installTest2Bundle() {
try {
return installer.installBundle("test2"); //$NON-NLS-1$
} catch (BundleException e) {
fail("failed to install bundle", e); //$NON-NLS-1$
}
return null;
}
private Bundle installConditionBundle() {
try {
Bundle bundle = installer.installBundle("ext.framework.b", false); //$NON-NLS-1$
installer.resolveBundles(new Bundle[] {bundle});
return bundle;
} catch (BundleException e) {
fail("failed to install bundle", e); //$NON-NLS-1$
}
return null;
}
}