You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@river.apache.org by pe...@apache.org on 2012/02/10 12:53:36 UTC
svn commit: r1242750 [2/5] - in /river/jtsk/trunk: ./ asm/ qa/ qa/doc/
qa/harness/policy/ qa/harness/trust/ qa/jtreg/certs/ qa/jtreg/certs/keys/
qa/jtreg/net/jini/jeri/ssl/UnitTests/
qa/jtreg/net/jini/jeri/tcp/localHostExposure/ qa/jtreg/net/jini/jeri/...
Modified: river/jtsk/trunk/qa/jtreg/certs/CA.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/certs/CA.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/certs/CA.java (original)
+++ river/jtsk/trunk/qa/jtreg/certs/CA.java Fri Feb 10 11:53:29 2012
@@ -15,18 +15,434 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-import com.dstc.security.pki.ConsoleCATool;
-import com.dstc.security.provider.DSTC;
+//import com.dstc.security.pki.ConsoleCATool;
+//import com.dstc.security.provider.DSTC;
+import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.FilenameFilter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.Reader;
+import java.io.Writer;
+import java.math.BigInteger;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.Provider;
+import java.security.PublicKey;
+import java.security.SecureRandom;
import java.security.Security;
+import java.security.cert.Certificate;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.Set;
+import java.util.regex.Pattern;
+import javax.crypto.Cipher;
+import javax.crypto.EncryptedPrivateKeyInfo;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+import javax.security.auth.x500.X500Principal;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.X509v1CertificateBuilder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
+import org.bouncycastle.jce.PKCS10CertificationRequest;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMReader;
+import org.bouncycastle.openssl.PEMWriter;
+import org.bouncycastle.openssl.PasswordFinder;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestHolder;
-/**
+/*
+ * HISTORICAL:
* Run the DSTC Certificate Authority console after installing the provider.
* Install the provider here, rather than in the java.security file, since it
* conflicts with the RSAJCA provider that comes with the JDK 1.3.
*/
+/**
+ * args must be one of two arguments:
+ *
+ * -CA Generate Certificate Authority.
+ * -CR Process Certification Requests.
+ *
+ * @author peter
+ */
public class CA {
+
public static void main(String[] args) {
- Security.insertProviderAt(new DSTC(), 1);
- com.dstc.security.pki.ConsoleCATool.main(args);
+ // The original implementation only consisted of these two calls.
+ //Security.insertProviderAt(new DSTC(), 1);
+ //com.dstc.security.pki.ConsoleCATool.main(args);
+ Security.insertProviderAt(new BouncyCastleProvider(), 1);
+ try {
+ if (args[0].equals("-CA")) {
+ generateCertificateAuthorityCerts();
+ return;
+ } else
+ if (args[0].equals("-CR")) {
+ signCertificationRequests();
+ return;
+ } else {
+ throw new IllegalArgumentException("Argument required either -CA or -CR");
+ }
+ }catch (Exception ex){
+ ex.printStackTrace(System.err);
+ }
+ }
+
+ private static void generateCertificateAuthorityCerts() throws Exception{
+ Properties p = readProperties();
+
+ // Generate CA key pair
+ KeyPairGenerator keyGen = null;
+ String algorithm = p.getProperty("jcsi.ca.keyAlg", "DSA");
+ int keyLen = Integer.parseInt(p.getProperty("jcsi.ca.keyLength", "512"));
+ keyGen = KeyPairGenerator.getInstance(algorithm, "BC");
+ SecureRandom random = new SecureRandom();
+ keyGen.initialize(keyLen, random);
+ KeyPair keys = keyGen.generateKeyPair();
+ PublicKey publicKey = keys.getPublic();
+ PrivateKey privKey = keys.getPrivate(); // The key used to sign our Certificate.
+
+ String issuerDN = p.getProperty("jcsi.ca.issuerDN");
+ long validDays
+ = Integer.parseInt(p.getProperty("jcsi.ca.validityPeriod"));
+ String signerAlgorithm = p.getProperty("jcsi.ca.sigAlg", "SHA1withDSA");
+
+ // Generate root certificate
+ ContentSigner sigGen = new JcaContentSignerBuilder(signerAlgorithm).setProvider("BC").build(privKey);
+ X500Principal issuer = new X500Principal(issuerDN);
+
+ X500Principal subject = issuer; // Self signed.
+ long time = System.currentTimeMillis();
+ BigInteger serial = BigInteger.valueOf(time);
+ Date notBefore = new Date(time - 50000);
+ Date notAfter = new Date(time + validDays* 86400000L);
+ Certificate rootCert = build(sigGen,issuer,serial, notBefore, notAfter, subject, publicKey);
+
+ //Write Private key and Certificate to file.
+ writePrivateKey(privKey, p, random);
+ writeRootCertificate(rootCert, p);
+
+// // Pasword Protect the private key in preparate to write to file.
+// String password = p.getProperty("jcsi.ca.privKey.password", "changeit");
+// byte[] salt = "salt and pepper shakers &*@".getBytes();
+// int iterationCount = 2048;
+// PBEKeySpec pbeSpec = new PBEKeySpec(password.toCharArray(), salt, iterationCount);
+// Cipher cipher = null;
+// SecretKeyFactory skf = null;
+// byte [] wrappedPrivKey = null;
+// cipher = Cipher.getInstance("PBEWithSHA1AndDES", "BC");
+// skf = SecretKeyFactory.getInstance("PBEWithSHA1AndDES", "BC");
+// cipher.init(Cipher.WRAP_MODE, skf.generateSecret(pbeSpec));
+// wrappedPrivKey = cipher.wrap(privKey);
+//
+// String directory = p.getProperty("jcsi.ca.key.dir", ".");
+//
+// String keyFileName = p.getProperty("jcsi.ca.privKey", "private.key");
+// String certFileName = p.getProperty("jcsi.ca.cert", "user.cert");
+//
+// File keyFile = new File(directory + "/" + keyFileName);
+// keyFile.canWrite();
+// File certFile = new File (directory + "/" + certFileName);
+// certFile.canWrite();
+// writeFile(certFile, rootCert.getEncoded());
+// writeFile(keyFile, wrappedPrivKey);
+ }
+
+ private static void signCertificationRequests() throws Exception{
+ Properties p = readProperties();
+ ContentSigner sigGen = getContentSigner(p);
+ Certificate rootCert = readRootCertificate(p);
+ X500Principal issuer = getIssuer(p);
+ long time = System.currentTimeMillis();
+ Date notBefore = new Date(time - 50000);
+ long validDays
+ = Integer.parseInt(p.getProperty("jcsi.ca.validityPeriod"));
+ Date notAfter = new Date(time + validDays * 86400000L);
+ /*
+ * Get certificate requests and write chains to file.
+ */
+ String reqDir = p.getProperty("ca.requests", "requests");
+ String pattern = p.getProperty("ca.regex.pattern", "request");
+ File requests = new File(reqDir);
+ if ( requests.isDirectory()){
+ Filter filter = new Filter(pattern);
+ File [] certRequests = requests.listFiles(filter);
+ int l = certRequests.length;
+ for (int i = 0; i < l; i++){
+ String fileName = certRequests[i].getName();
+ String chainName = fileName.replaceAll("request", "chain");
+ Reader input = new InputStreamReader(
+ new BufferedInputStream(
+ new FileInputStream(certRequests[i]))
+ );
+ PEMReader pemRead = new PEMReader(input);
+ PKCS10CertificationRequest certReq =
+ (PKCS10CertificationRequest) pemRead.readObject();
+ JcaPKCS10CertificationRequestHolder holder =
+ new JcaPKCS10CertificationRequestHolder(certReq);
+ PublicKey publicKey1 = holder.getPublicKey();
+ X500Name x500Name = holder.getSubject();
+ X500Principal subject1 = new X500Principal(x500Name.toString());
+ BigInteger ser = BigInteger.valueOf(System.currentTimeMillis());
+ Certificate issuedCert = build(sigGen, issuer, ser,
+ notBefore, notAfter, subject1, publicKey1);
+ File f = new File(reqDir + "/" + chainName);
+ OutputStreamWriter out = new OutputStreamWriter(
+ new BufferedOutputStream(new FileOutputStream(f)));
+ PEMWriter pemWrt = new PEMWriter(out);
+ pemWrt.writeObject(issuedCert);
+ pemWrt.writeObject(rootCert);
+ pemWrt.close();
+ }
+
+ }
+ }
+
+ private static Properties readProperties() throws Exception {
+ Properties systemProperties = System.getProperties();
+ String userHome = systemProperties.getProperty("user.home", "");
+ String configFile = systemProperties.getProperty("jcsi.ca.conf", userHome + "{/}.jcsi${/}ca.properties");
+ Properties p = new Properties();
+ File conf = new File(configFile);
+ conf.canRead();
+ InputStream in = new FileInputStream(conf);
+ p.load(in);
+ expand(p, systemProperties);
+ return p;
+ }
+
+ private static void writePrivateKey( PrivateKey k, Properties p, SecureRandom r) throws Exception {
+ // Pasword Protect the private key in preparate to write to file.
+ String password = p.getProperty("jcsi.ca.privKey.password", "changeit");
+ byte[] salt = "salt and pepper shakers &*@".getBytes();
+ int iterationCount = 2048;
+ PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, iterationCount);
+
+ PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, iterationCount);
+ String pbeAlgorithm = "PBEwithSHA1AndDESede";
+ Cipher cipher = Cipher.getInstance(pbeAlgorithm);
+ SecretKeyFactory skf = SecretKeyFactory.getInstance(pbeAlgorithm);
+ cipher.init(Cipher.WRAP_MODE, skf.generateSecret(pbeKeySpec));
+ byte [] wrappedPrivKey = cipher.wrap(k);
+ // Info to enable later retreival. cipher.getParameters() returns null.
+// AlgorithmParameters algParam = AlgorithmParameters.getInstance(pbeAlgorithm);
+// algParam.init(pbeParamSpec);
+ EncryptedPrivateKeyInfo pInfo = new EncryptedPrivateKeyInfo(cipher.getParameters(), wrappedPrivKey);
+ String directory = p.getProperty("jcsi.ca.key.dir", ".");
+ String keyFileName = p.getProperty("jcsi.ca.privKey", "private.key");
+ File keyFile = new File(directory + "/" + keyFileName);
+ keyFile.canWrite();
+ writeFile(keyFile, pInfo.getEncoded());
+
+// PKCS8Generator generator = new PKCS8Generator(k, "PBEWithSHA1AndDES", "BC");
+// String password = p.getProperty("jcsi.ca.privKey.password", "changeit");
+// String directory = p.getProperty("jcsi.ca.key.dir", ".");
+// String keyFileName = p.getProperty("jcsi.ca.privKey", "private.key");
+// generator.setIterationCount(2048);
+// generator.setPassword(password.toCharArray());
+// generator.setSecureRandom(r);
+// File f = new File(directory +"/"+ keyFileName);
+// Writer out = new OutputStreamWriter(new BufferedOutputStream(new FileOutputStream(f)));
+// PEMWriter pemWriter = new PEMWriter(out, "BC");
+// pemWriter.writeObject(generator);
+// pemWriter.flush();
+// pemWriter.close();
+ }
+
+ private static PrivateKey readPrivateKey( Properties p ) throws Exception {
+ // Retrieve property strings
+ String secretKeyAlgorithm = p.getProperty("jcsi.ca.keyAlg", "DSA");
+ String password = p.getProperty("jcsi.ca.privKey.password", "changeit");
+ String directory = p.getProperty("jcsi.ca.key.dir", ".");
+ String keyFileName = p.getProperty("jcsi.ca.privKey", "private.key");
+ // Read ASN.1 Encoded byte[] from file.
+ File keyFile = new File(directory + "/" + keyFileName);
+ InputStream in = new BufferedInputStream(new FileInputStream(keyFile));
+ int len = (int) keyFile.length();
+ byte [] bytes = new byte[len];
+ in.read(bytes);
+ // Reconstruct ASN.1 encoded bytes.
+ EncryptedPrivateKeyInfo pInfo = new EncryptedPrivateKeyInfo(bytes);
+ // Get the wrapper key algorithm.
+ String wrapKeyAlgorithm = pInfo.getAlgName();
+ // Factory to generate the wrapper key.
+ SecretKeyFactory secretKeyFact = SecretKeyFactory.getInstance(wrapKeyAlgorithm);
+ // Get the cipher.
+ Cipher cipher = Cipher.getInstance(pInfo.getAlgName());
+ // The wrapper key password.
+ PBEKeySpec pbeSpec = new PBEKeySpec(password.toCharArray());
+ // initialise the cypher with wrapper key in unwrap mode.
+ cipher.init(Cipher.DECRYPT_MODE, secretKeyFact.generateSecret(pbeSpec), pInfo.getAlgParameters());
+ // Retrieve the private key.
+ PKCS8EncodedKeySpec pcks8Spec = pInfo.getKeySpec(cipher);
+ KeyFactory keyFact = KeyFactory.getInstance(secretKeyAlgorithm, "BC");
+ return keyFact.generatePrivate(pcks8Spec);
+
+// if (rootKey != null ) return rootKey;
+// String password = p.getProperty("jcsi.ca.privKey.password", "changeit");
+// String directory = p.getProperty("jcsi.ca.key.dir", ".");
+// String keyFileName = p.getProperty("jcsi.ca.privKey", "private.key");
+// File f = new File(directory +"/"+ keyFileName);
+// Reader in = new InputStreamReader(new BufferedInputStream(new FileInputStream(f)));
+// PEMReader pemReader = new PEMReader(in, new Pass(password),"BC");
+// rootKey = (PrivateKey) pemReader.readObject();
+// return rootKey;
+ }
+
+ private static void writeRootCertificate( Certificate c, Properties p) throws Exception{
+ String directory = p.getProperty("jcsi.ca.key.dir", ".");
+ String certFileName = p.getProperty("jcsi.ca.cert", "user.cert");
+ File f = new File(directory +"/"+ certFileName);
+ Writer out = new OutputStreamWriter(new BufferedOutputStream(new FileOutputStream(f)));
+ PEMWriter pemWriter = new PEMWriter(out, "BC");
+ pemWriter.writeObject(c);
+ pemWriter.flush();
+ pemWriter.close();
+ }
+
+ private static Certificate readRootCertificate( Properties p ) throws FileNotFoundException, IOException, Exception{
+ String directory = p.getProperty("jcsi.ca.key.dir", ".");
+ String certFileName = p.getProperty("jcsi.ca.cert", "user.cert");
+ File f = new File(directory +"/"+ certFileName);
+ Reader in = new InputStreamReader(new BufferedInputStream(new FileInputStream(f)));
+ PEMReader pemReader = new PEMReader(in);
+ return (Certificate) pemReader.readObject();
+ }
+
+ private static X500Principal getIssuer( Properties p ){
+ String issuerDN = p.getProperty("jcsi.ca.issuerDN");
+ return new X500Principal(issuerDN);
+ }
+
+ private static ContentSigner getContentSigner(Properties p) throws Exception{
+ String signerAlgorithm = p.getProperty("jcsi.ca.sigAlg", "SHA1withDSA");
+ return new JcaContentSignerBuilder(signerAlgorithm).setProvider("BC").build(readPrivateKey(p));
+ }
+
+ private static void writeFile(File f, byte[] bytes) throws Exception{
+ OutputStream out = new BufferedOutputStream(new FileOutputStream(f));
+ out.write(bytes);
+ out.flush();
+ out.close();
+ }
+
+ private static Certificate build(
+ ContentSigner sigGen,
+ X500Principal issuer,
+ BigInteger serial,
+ Date notBefore,
+ Date notAfter,
+ X500Principal subject,
+ PublicKey publicKey
+ ) throws Exception
+ {
+ X509v1CertificateBuilder certBuilder =
+ new JcaX509v1CertificateBuilder(
+ issuer,
+ serial,
+ notBefore,
+ notAfter,
+ subject,
+ publicKey);
+
+ X509CertificateHolder certHolder = certBuilder.build(sigGen);
+ JcaX509CertificateConverter converter = new JcaX509CertificateConverter();
+ Certificate cert = null;
+ cert = converter.getCertificate(certHolder);
+ return cert;
+ }
+
+ public static void expand(Properties p, Properties system) throws Exception{
+ Set<Entry<Object, Object>> entrySet = p.entrySet();
+ Iterator<Entry<Object, Object>> i = entrySet.iterator();
+ while (i.hasNext()){
+ Entry<Object, Object> entry = i.next();
+ Object value = entry.getValue();
+ value = expand(value.toString(), system);
+ entry.setValue(value);
+ }
+ }
+ /**
+ * Substitutes all entries like ${some.key}, found in specified string,
+ * for specified values.
+ * If some key is unknown, throws ExpansionFailedException.
+ * @param str the string to be expanded
+ * @param properties available key-value mappings
+ * @return expanded string
+ * @throws Exception
+ */
+ public static String expand(String str, Properties properties)
+ throws Exception {
+ final String START_MARK = "${"; //$NON-NLS-1$
+ final String END_MARK = "}"; //$NON-NLS-1$
+ final int START_OFFSET = START_MARK.length();
+ final int END_OFFSET = END_MARK.length();
+
+ StringBuilder result = new StringBuilder(str);
+ int start = result.indexOf(START_MARK);
+ while (start >= 0) {
+ int end = result.indexOf(END_MARK, start);
+ if (end >= 0) {
+ String key = result.substring(start + START_OFFSET, end);
+ String value = properties.getProperty(key);
+ if (value != null) {
+ result.replace(start, end + END_OFFSET, value);
+ start += value.length();
+ } else {
+ System.err.println(str + " key not found: " + key);
+ throw new Exception("Failed to expand properties"); //$NON-NLS-1$
+ }
+ }
+ start = result.indexOf(START_MARK, start);
+ }
+ return result.toString();
+ }
+
+ private static class Filter implements FilenameFilter {
+ private final Pattern regex;
+ private Filter(String regex){
+ this.regex = Pattern.compile(regex);
+ }
+
+ @Override
+ public boolean accept(File dir, String name) {
+ if (regex.matcher(name).matches()){
+ return true;
+ }
+ return false;
+ }
+
+ }
+
+ private static class Pass implements PasswordFinder {
+ private final String password;
+
+ private Pass(String password){
+ this.password = password;
+ }
+
+ @Override
+ public char[] getPassword() {
+ return password.toCharArray();
+ }
+
}
+
}
Modified: river/jtsk/trunk/qa/jtreg/certs/Makefile
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/certs/Makefile?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/certs/Makefile (original)
+++ river/jtsk/trunk/qa/jtreg/certs/Makefile Fri Feb 10 11:53:29 2012
@@ -15,10 +15,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#*/
-DSTCROOT = /home/tjb/lib/jcsi/jcsi_v1.0b1
-JDK13HOME = /files/jdk13
+#DSTCROOT = /home/tjb/lib/jcsi/jcsi_v1.0b1 #replaced with BC_LIB
+#JDK13HOME = /files/jdk13 #replaced with JAVA_HOME
-KEYTOOL=${JDK13HOME}/bin/keytool
+BC_LIB = ../../../bouncy-castle
+
+KEYTOOL=${JAVA_HOME}/bin/keytool
KEYSTORECMD=${KEYTOOL} -storepass keypass -keypass keypass -validity 3650
JINIGROUP=OU=Jini Group, O=Sun Microsystems Inc, L=Burlington, ST=MA, C=US
@@ -26,10 +28,16 @@ JINIGROUP=OU=Jini Group, O=Sun Microsyst
CA_NAMES=1 2
USER_NAMES=A B C D E
+#compile:
+# ${JAVA_HOME}/bin/javac \
+# -d . \
+# -classpath .:${DSTCROOT}/classes:${DSTCROOT}/jars/jcsi.jar \
+# *.java
+
compile:
- ${JDK13HOME}/bin/javac \
+ ${JAVA_HOME}/bin/javac \
-d . \
- -classpath .:${DSTCROOT}/classes:${DSTCROOT}/jars/jcsi.jar \
+ -classpath .:${BC_LIB}/bcprov-jdk16-146.jar:${BC_LIB}/bcmail-jdk16-146.jar \
*.java
create:
Modified: river/jtsk/trunk/qa/jtreg/certs/keys/test-ca1.cert
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/certs/keys/test-ca1.cert?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
Binary files - no diff available.
Modified: river/jtsk/trunk/qa/jtreg/certs/keys/test-ca1.key
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/certs/keys/test-ca1.key?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
Files river/jtsk/trunk/qa/jtreg/certs/keys/test-ca1.key (original) and river/jtsk/trunk/qa/jtreg/certs/keys/test-ca1.key Fri Feb 10 11:53:29 2012 differ
Modified: river/jtsk/trunk/qa/jtreg/certs/keys/test-ca2.cert
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/certs/keys/test-ca2.cert?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
Binary files - no diff available.
Modified: river/jtsk/trunk/qa/jtreg/certs/keys/test-ca2.key
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/certs/keys/test-ca2.key?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
Files river/jtsk/trunk/qa/jtreg/certs/keys/test-ca2.key (original) and river/jtsk/trunk/qa/jtreg/certs/keys/test-ca2.key Fri Feb 10 11:53:29 2012 differ
Modified: river/jtsk/trunk/qa/jtreg/certs/run-ca.sh
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/certs/run-ca.sh?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/certs/run-ca.sh (original)
+++ river/jtsk/trunk/qa/jtreg/certs/run-ca.sh Fri Feb 10 11:53:29 2012
@@ -17,16 +17,24 @@
# limitations under the License.
#*/
# Run a DSTC certificate authority, specifying the properties file as
-# the first argument.
+# the argument.
# Directory containing classes that patch JCSI
-PATCHROOT=/home/tjb/.jcsi
+#PATCHROOT=/home/tjb/.jcsi
# JSCI classes
-DSTCROOT=/home/tjb/lib/jcsi/jcsi_v1.0b1
+#DSTCROOT=/home/tjb/lib/jcsi/jcsi_v1.0b1
+
+# JCSI has been replaced with Bouncy Castle
+BC_LIB=${RIVER_HOME}/bouncy-castle
+JTREG_DIR=${RIVER_HOME}/qa/jtreg
# JCSI uses a different format for requesting Cipher algorithms than is
# supported by the JDK 1.4, so use 1.3
-JDK13HOME=/files/jdk13
+#JDK13HOME=/files/jdk13
+
+#$JDK13HOME/bin/java -cp .:$PATCHROOT:$DSTCROOT/classes:$DSTCROOT/jars/jcsi.jar \
+# -Djcsi.ca.conf=$1 CA
-$JDK13HOME/bin/java -cp .:$PATCHROOT:$DSTCROOT/classes:$DSTCROOT/jars/jcsi.jar \
- -Djcsi.ca.conf=$1 CA
+# Changed, so the first argument is the option to pass the CA, the second is the configuration file.
+$JAVA_HOME/bin/java -cp .:${BC_LIB}/bcprov-jdk16-146.jar:${BC_LIB}/bcmail-jdk16-146.jar:${JTREG_DIR}/certs \
+ -Djtreg.dir=${JTREG_DIR} -Djcsi.ca.conf=$2 CA $1
Modified: river/jtsk/trunk/qa/jtreg/certs/test-ca1.properties
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/certs/test-ca1.properties?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/certs/test-ca1.properties (original)
+++ river/jtsk/trunk/qa/jtreg/certs/test-ca1.properties Fri Feb 10 11:53:29 2012
@@ -14,8 +14,10 @@ jcsi.ca.keyLength=1024
jcsi.ca.issuerDN=CN=Test CA 1, OU=Jini Group, O=Sun Microsystems Inc, L=Burlington, ST=MA, C=US
# algorithms the CA uses
-jcsi.ca.sigAlg=SHA-1/DSA
-jcsi.ca.keyAlg=DSA
+# was SHA-1/DSA
+jcsi.ca.sigAlg=SHA1withRSA
+# was DSA
+jcsi.ca.keyAlg=RSA
# the CA's key directory
jcsi.ca.key.dir=keys
@@ -34,3 +36,9 @@ jcsi.ca.ldap.publish=false
# The validity period for generated certificates, in days
jcsi.ca.certValidityPeriod=3650
+
+# The requests directory
+ca.requests=requests
+
+# Regex for filtering files.
+ca.regex.pattern=^.*[1]{1}[A-Z]{1}\\.request$
\ No newline at end of file
Modified: river/jtsk/trunk/qa/jtreg/certs/test-ca2.properties
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/certs/test-ca2.properties?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/certs/test-ca2.properties (original)
+++ river/jtsk/trunk/qa/jtreg/certs/test-ca2.properties Fri Feb 10 11:53:29 2012
@@ -14,8 +14,10 @@ jcsi.ca.keyLength=1024
jcsi.ca.issuerDN=CN=Test CA 2, OU=Jini Group, O=Sun Microsystems Inc, L=Burlington, ST=MA, C=US
# algorithms the CA uses
-jcsi.ca.sigAlg=SHA-1/DSA
-jcsi.ca.keyAlg=DSA
+# was SHA-1/DSA
+jcsi.ca.sigAlg=SHA1withRSA
+# was DSA
+jcsi.ca.keyAlg=RSA
# the CA's key directory
jcsi.ca.key.dir=keys
@@ -34,3 +36,9 @@ jcsi.ca.ldap.publish=false
# The validity period for generated certificates, in days
jcsi.ca.certValidityPeriod=3650
+
+# The requests directory
+ca.requests=requests
+
+# Regex for filtering files.
+ca.regex.pattern=^.*[2]{1}[A-Z]{1}\\.request$
\ No newline at end of file
Modified: river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestRMI.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestRMI.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestRMI.java (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestRMI.java Fri Feb 10 11:53:29 2012
@@ -306,39 +306,55 @@ public class TestRMI extends TestUtiliti
/** Test timing out client and server SSL sessions. */
public static class TestTimeout extends BasicTest {
+ static final String serverPropName = "com.sun.jini.jeri.ssl.maxServerSessionDuration";
+ static final String clientPropName = "com.sun.jini.jeri.ssl.maxClientSessionDuration";
+ static final String max = Long.toString(Long.MAX_VALUE);
/* Time needed to complete an initial call successfully */
static final long CALLTIME = 10 * 1000;
+ static final String calltime = Long.toString(CALLTIME);
static Test[] localtests = {
new TestTimeout("client timeout", 2 * CALLTIME) {
public Object run() throws IOException {
- long old = setMaxClientSessionDuration(CALLTIME);
+ String old = System.setProperty(clientPropName, calltime);
try {
return super.run();
} finally {
- setMaxClientSessionDuration(old);
+ if ( old != null ){
+ System.setProperty(clientPropName, old );
+ }else{
+ System.clearProperty(clientPropName);
+ }
}
}
},
new TestTimeout("client timeout wraparound", CALLTIME) {
public Object run() throws IOException {
- long old = setMaxClientSessionDuration(Long.MAX_VALUE);
+ String old = System.setProperty(clientPropName, max);
try {
return super.run();
} finally {
- setMaxClientSessionDuration(old);
+ if ( old != null ){
+ System.setProperty(clientPropName, old );
+ }else{
+ System.clearProperty(clientPropName);
+ }
}
}
},
new TestTimeout("server timeout", 2 * CALLTIME) {
public Object run() throws IOException {
- long old = setMaxServerSessionDuration(CALLTIME);
+ String old = System.setProperty(serverPropName, calltime);
try {
return super.run();
} catch (IOException e) {
return e;
} finally {
- setMaxServerSessionDuration(old);
+ if ( old != null ){
+ System.setProperty(serverPropName, old );
+ }else{
+ System.clearProperty(serverPropName);
+ }
}
}
public void check(Object result) {
@@ -350,20 +366,24 @@ public class TestRMI extends TestUtiliti
},
new TestTimeout("server timeout wraparound", CALLTIME) {
public Object run() throws IOException {
- long old = setMaxServerSessionDuration(Long.MAX_VALUE);
+ String old = System.setProperty(serverPropName, max);
try {
return super.run();
} finally {
- setMaxServerSessionDuration(old);
+ if ( old != null ){
+ System.setProperty(serverPropName, old );
+ }else{
+ System.clearProperty(serverPropName);
+ }
}
}
}
};
- Subject clientSubject = getClientSubject();
+ final Subject clientSubject = getClientSubject();
- long timeout;
- int calls;
+ final long timeout;
+ volatile int calls; //Ok cause only one thread increments.
IOException ioException;
boolean done;
@@ -374,6 +394,9 @@ public class TestRMI extends TestUtiliti
TestTimeout(String name, long timeout) {
super(name);
this.timeout = timeout;
+ calls = 0;
+ ioException = null;
+ done = false;
}
Subject getClientSubject() {
@@ -415,14 +438,14 @@ public class TestRMI extends TestUtiliti
} catch (InterruptedException e) {
}
} while (!done && System.currentTimeMillis() < stop);
- }
- if (calls == 0) {
- throw new FailedException("No calls made");
- } else if (ioException != null) {
- throw ioException;
- } else {
- return null;
- }
+ if (calls == 0) {
+ throw new FailedException("No calls made");
+ } else if (ioException != null) {
+ throw ioException;
+ } else {
+ return null;
+ }
+ }
}
void runInThread() {
@@ -457,7 +480,9 @@ public class TestRMI extends TestUtiliti
}
server.unexport();
} catch (IOException e) {
- ioException = e;
+ synchronized (this){
+ ioException = e;
+ }
} finally {
synchronized (TestTimeout.this) {
done = true;
@@ -475,7 +500,11 @@ public class TestRMI extends TestUtiliti
/** Test with expired certificates. */
public static class TestExpired extends BasicTest {
- static Test[] localtests = { new TestExpired() };
+ static final String serverPropName = "com.sun.jini.jeri.ssl.maxServerSessionDuration";
+ static final String clientPropName = "com.sun.jini.jeri.ssl.maxClientSessionDuration";
+ static final String clientMax = Long.toString(23*60*60*1000);
+ static final String serverMax = Long.toString(24*60*60*1000);
+ static Test[] localtests = { new TestExpired()};
Subject clientSubject = new WithSubject() { {
addX500Principal("clientDSA2", subject);
@@ -504,9 +533,9 @@ public class TestRMI extends TestUtiliti
});
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
- }
- }
-
+ }
+ }
+
public void check(Object result) { }
Object runInternal() throws IOException {
Modified: river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestUtilities.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestUtilities.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestUtilities.java (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/TestUtilities.java Fri Feb 10 11:53:29 2012
@@ -76,8 +76,8 @@ public class TestUtilities extends UnitT
/* Reflection */
/** The name of the package containing the classes */
- static String PACKAGE = "net.jini.jeri.ssl";
-
+ static final String PACKAGE = "net.jini.jeri.ssl";
+
static final LazyMethod impliesConstraintConstraint = new LazyMethod(
"Utilities", "implies",
new Class[] { InvocationConstraint.class, InvocationConstraint.class });
@@ -179,11 +179,11 @@ public class TestUtilities extends UnitT
/* Credentials */
- private static KeyStore keyStore;
+ private static volatile KeyStore keyStore;
- private static CertificateFactory certFactory;
+ private static volatile CertificateFactory certFactory;
- static char[] keyStorePassword = "keypass".toCharArray();
+ static final char[] keyStorePassword = "keypass".toCharArray();
static final String clientDSA = "CN=clientDSA";
static final String clientRSA1 = "CN=clientRSA1, C=US";
@@ -402,10 +402,10 @@ public class TestUtilities extends UnitT
/** Like Method, but resolves method when first invoked */
static class LazyMethod {
- private String className;
- private String methodName;
- private Class[] argumentTypes;
- private Method method;
+ private final String className;
+ private final String methodName;
+ private final Class[] argumentTypes;
+ private volatile Method method;
LazyMethod(String className,
String methodName,
@@ -430,7 +430,10 @@ public class TestUtilities extends UnitT
*/
Object invoke(Object object, Object[] arguments) {
try {
- return getMethod().invoke(object, arguments);
+ Method m = getMethod();
+ synchronized (m){
+ return m.invoke(object, arguments);
+ }
} catch (InvocationTargetException e) {
throw unexpectedException(e.getTargetException());
} catch (Exception e) {
@@ -446,7 +449,10 @@ public class TestUtilities extends UnitT
throws InvocationTargetException
{
try {
- return getMethod().invoke(object, arguments);
+ Method m = getMethod();
+ synchronized (m){
+ return m.invoke(object, arguments);
+ }
} catch (InvocationTargetException e) {
throw e;
} catch (Exception e) {
@@ -457,13 +463,17 @@ public class TestUtilities extends UnitT
/** Returns the requested provider method */
private Method getMethod() {
if (method == null) {
- try {
- Class type = TestUtilities.getClass(className);
- method = type.getDeclaredMethod(methodName, argumentTypes);
- method.setAccessible(true);
- } catch (NoSuchMethodException e) {
- throw unexpectedException(e);
- }
+ synchronized (this){
+ if (method == null){
+ try {
+ Class type = TestUtilities.getClass(className);
+ method = type.getDeclaredMethod(methodName, argumentTypes);
+ method.setAccessible(true);
+ } catch (NoSuchMethodException e) {
+ throw unexpectedException(e);
+ }
+ }
+ }
}
return method;
}
@@ -471,9 +481,9 @@ public class TestUtilities extends UnitT
/** Like Constructor, but resolves constructor when first used */
static class LazyConstructor {
- private String className;
- private Class[] argumentTypes;
- private Constructor constructor;
+ private final String className;
+ private final Class[] argumentTypes;
+ private volatile Constructor constructor;
LazyConstructor(String className, Class[] argumentTypes) {
this.className = className;
@@ -513,13 +523,17 @@ public class TestUtilities extends UnitT
/** Returns the requested provider constructor */
private Constructor getConstructor() {
if (constructor == null) {
- try {
- Class type = TestUtilities.getClass(className);
- constructor = type.getDeclaredConstructor(argumentTypes);
- constructor.setAccessible(true);
- } catch (NoSuchMethodException e) {
- throw unexpectedException(e);
- }
+ synchronized (this){
+ if (constructor == null){
+ try {
+ Class type = TestUtilities.getClass(className);
+ constructor = type.getDeclaredConstructor(argumentTypes);
+ constructor.setAccessible(true);
+ } catch (NoSuchMethodException e) {
+ throw unexpectedException(e);
+ }
+ }
+ }
}
return constructor;
}
@@ -527,10 +541,10 @@ public class TestUtilities extends UnitT
/** Like Field, but resolves field when first used */
static class LazyField {
- private String packageName;
- private String className;
- private String fieldName;
- private Field field;
+ private final String packageName;
+ private final String className;
+ private final String fieldName;
+ private volatile Field field;
LazyField(String className, String fieldName) {
this(PACKAGE, className, fieldName);
@@ -559,15 +573,19 @@ public class TestUtilities extends UnitT
/** Returns the requested provider field */
private Field getField() {
if (field == null) {
- try {
- Class type =
- TestUtilities.getClass(packageName, className);
- field = type.getDeclaredField(fieldName);
- field.setAccessible(true);
- } catch (NoSuchFieldException e) {
- throw unexpectedException(e);
- }
- }
+ synchronized (this) {
+ if (field == null){
+ try {
+ Class type =
+ TestUtilities.getClass(packageName, className);
+ field = type.getDeclaredField(fieldName);
+ field.setAccessible(true);
+ } catch (NoSuchFieldException e) {
+ throw unexpectedException(e);
+ }
+ }
+ }
+ }
return field;
}
@@ -579,7 +597,10 @@ public class TestUtilities extends UnitT
/** Sets a field */
void set(Object object, Object value) {
try {
- getField().set(object, value);
+ Field f = getField();
+ synchronized (f){
+ f.set(object, value);
+ }
} catch (Exception e) {
throw unexpectedException(e);
}
@@ -660,8 +681,12 @@ public class TestUtilities extends UnitT
/* -- Credentials -- */
static class TestPrincipal implements Principal {
- String name;
- TestPrincipal(String name) { this.name = name; }
+ private final String name;
+
+ TestPrincipal(String name) {
+ this.name = name;
+ }
+
public String getName() { return name; }
public String toString() { return "TestPrincipal{" + name + "}"; }
public int hashCode() { return name.hashCode(); }
Modified: river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
Binary files - no diff available.
Modified: river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore.sh
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore.sh?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore.sh (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/keystore.sh Fri Feb 10 11:53:29 2012
@@ -19,6 +19,11 @@
#
# Create the keystore and truststore files
# Usage: keystore.sh
+#
+# You must first compile CA.java in the qa/jtreg/certs directory by calling
+# make compile, in that directory. When you've finished, run this script,
+# to generate new certificates.
+# This task needs to be performed once every ten years when certificates expire.
if [ "${TESTJAVA}" ]; then
JAVABIN=${TESTJAVA}/bin/;
@@ -34,6 +39,7 @@ TRUSTSTORE=${TESTSRC}/truststore
KEYTOOL=${JAVABIN}keytool
+KEYSTORECMDEXP="${KEYTOOL} -keystore ${KEYSTORE} -storepass keypass -keypass keypass -validity 1"
KEYSTORECMD="${KEYTOOL} -keystore ${KEYSTORE} -storepass keypass -keypass keypass -validity 3650"
TRUSTSTORECMD="${KEYTOOL} -keystore ${TRUSTSTORE} -storepass keypass -keypass keypass -validity 3650"
@@ -60,21 +66,34 @@ ${KEYSTORECMD} -genkey -alias notTrusted
${KEYSTORECMD} -genkey -alias clientDSA2 -dname CN=clientDSA2 -keyalg DSA
${KEYSTORECMD} -certreq -alias clientDSA2 -file clientDSA2.request
-${KEYSTORECMD} -keyclone -alias clientDSA2 -dest clientDSA2expired -new keypass
-${KEYSTORECMD} -selfcert -alias clientDSA2expired
+${KEYSTORECMDEXP} -genkey -alias clientDSA2expired -dname CN=clientDSA2 -keyalg DSA
+${KEYSTORECMDEXP} -certreq -alias clientDSA2expired -file clientDSA2expired.request
${KEYSTORECMD} -genkey -alias serverRSA2 -dname CN=serverRSA2 -keyalg RSA
${KEYSTORECMD} -certreq -alias serverRSA2 -file serverRSA2.request
-${KEYSTORECMD} -keyclone -alias serverRSA2 -dest serverRSA2expired -new keypass
-${KEYSTORECMD} -selfcert -alias serverRSA2expired
+${KEYSTORECMDEXP} -genkey -alias serverRSA2expired -dname CN=serverRSA2 -keyalg RSA
+${KEYSTORECMDEXP} -certreq -alias serverRSA2expired -file serverRSA2expired.request
set +x
+echo Sign clientDSA2.req, serverRSA2.req, clientDSA2expired.req and serverRSA2expired.req,\
+ then import them:
+echo expired certificates need one day to expire before testing.
-echo Sign clientDSA2.req and serverRSA2.req and then import them:
-echo ${TRUSTSTORECMD} -import -noprompt -alias ca -file ca.cert
-echo ${KEYSTORECMD} -import -noprompt -alias ca -file ca.cert
-echo ${KEYSTORECMD} -import -noprompt -alias clientDSA2 -file clientDSA2.cert
-echo ${KEYSTORECMD} -import -noprompt -alias clientDSA2expired -file clientDSA2expired.cert
-echo ${KEYSTORECMD} -import -noprompt -alias serverRSA2 -file serverRSA2.cert
-echo ${KEYSTORECMD} -import -noprompt -alias serverRSA2expired -file serverRSA2expired.cert
+set -x
+
+../../../../../certs/run-ca.sh -CA ./ca.properties
+../../../../../certs/run-ca.sh -CA ./ca1.properties
+../../../../../certs/run-ca.sh -CR ./ca.properties
+../../../../../certs/run-ca.sh -CR ./ca1.properties
+../../../../../certs/run-ca.sh -CR ./serverRSA2expired.properties
+../../../../../certs/run-ca.sh -CR ./clientDSA2expired.properties
+
+${TRUSTSTORECMD} -import -noprompt -alias ca -file ca.cert
+${TRUSTSTORECMD} -import -noprompt -alias ca1 -file ca1.cert
+${KEYSTORECMD} -import -noprompt -alias ca -file ca.cert
+${KEYSTORECMD} -import -noprompt -alias ca1 -file ca1.cert
+${KEYSTORECMD} -import -noprompt -alias clientDSA2 -file clientDSA2.chain
+${KEYSTORECMDEXP} -import -noprompt -alias clientDSA2expired -file clientDSA2expired.chain
+${KEYSTORECMD} -import -noprompt -alias serverRSA2 -file serverRSA2.chain
+${KEYSTORECMDEXP} -import -noprompt -alias serverRSA2expired -file serverRSA2expired.chain
Modified: river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/policy
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/policy?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/policy (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/policy Fri Feb 10 11:53:29 2012
@@ -48,6 +48,10 @@ grant {
permission net.jini.security.AuthenticationPermission
"TestUtilities$TestPrincipal \"*\"", "connect,accept";
+// permission net.jini.security.AuthenticationPermission
+// "javax.security.auth.x500.X500Principal \"CN=clientDSA2expired\" peer javax.security.auth.x500.X500Principal \"CN=serverRSA2\"",
+// "connect";
+
permission java.security.SecurityPermission "insertProvider.*";
permission java.security.SecurityPermission "putProviderProperty.*";
permission java.security.SecurityPermission "getPolicy";
Modified: river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/truststore
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/jeri/ssl/UnitTests/truststore?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
Binary files - no diff available.
Modified: river/jtsk/trunk/qa/jtreg/net/jini/jeri/tcp/localHostExposure/TestNameService.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/jeri/tcp/localHostExposure/TestNameService.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/jeri/tcp/localHostExposure/TestNameService.java (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/jeri/tcp/localHostExposure/TestNameService.java Fri Feb 10 11:53:29 2012
@@ -15,6 +15,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+import java.net.InetAddress;
import java.net.UnknownHostException;
import sun.net.spi.nameservice.NameService;
@@ -28,8 +29,19 @@ public class TestNameService implements
return lastNameLookup;
}
}
+
+ /* Java 6 version */
+ public InetAddress [] lookupAllHostAddr(String host) throws UnknownHostException{
+ byte [][] allHostAdd = lookAllHostAddr(host);
+ int l = allHostAdd.length;
+ InetAddress [] result = new InetAddress[l];
+ for (int i = 0; i<l; i++){
+ result[i] = InetAddress.getByAddress(allHostAdd[i]);
+ }
+ return result;
+ }
- public byte[][] lookupAllHostAddr(String host)
+ private byte[][] lookAllHostAddr(String host)
throws UnknownHostException
{
// System.err.println("FORWARD: " + host);
Modified: river/jtsk/trunk/qa/jtreg/net/jini/jeri/transport/multihomed/TestNameService.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/jeri/transport/multihomed/TestNameService.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/jeri/transport/multihomed/TestNameService.java (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/jeri/transport/multihomed/TestNameService.java Fri Feb 10 11:53:29 2012
@@ -58,8 +58,20 @@ public class TestNameService implements
// do nothing
}
}
+
+ /* Java 6 version */
+ public InetAddress [] lookupAllHostAddr(String host) throws UnknownHostException{
+ byte [][] allHostAdd = lookAllHostAddr(host);
+ int l = allHostAdd.length;
+ InetAddress [] result = new InetAddress[l];
+ for (int i = 0; i<l; i++){
+ result[i] = InetAddress.getByAddress(allHostAdd[i]);
+ }
+ return result;
+ }
- public byte[][] lookupAllHostAddr(String host)
+ /* Java 5 version of provider, renamed and privatised */
+ private byte[][] lookAllHostAddr(String host)
throws UnknownHostException
{
// System.err.println("FORWARD: " + host);
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/Security/implicitGrants/Test.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/Security/implicitGrants/Test.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/Security/implicitGrants/Test.java (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/Security/implicitGrants/Test.java Fri Feb 10 11:53:29 2012
@@ -49,6 +49,10 @@ public class Test {
TestLibrary.installClassInCodebase("Foo", "cb2")});
cl1 = Class.forName("Foo", true, ldr1);
cl2 = Class.forName("Foo", true, ldr2);
+ ProtectionDomain pd2 = cl2.getProtectionDomain();
+ if (policy.implies(pd2, pA)) throw new Error();
+ if (policy.implies(pd2, pB)) throw new Error();
+ if (policy.implies(pd2, pC)) throw new Error();
ClassLoader ldr3 = new URLClassLoader(new URL[]{
TestLibrary.installClassInCodebase("Setup", "cb3")});
@@ -62,13 +66,10 @@ public class Test {
{
throw new Error();
}
- ProtectionDomain pd2 = cl2.getProtectionDomain();
- if (policy.implies(pd2, pA) ||
- policy.implies(pd2, pB) ||
- policy.implies(pd2, pC))
- {
- throw new Error();
- }
+ //ProtectionDomain pd2 = cl2.getProtectionDomain();
+ if (policy.implies(pd2, pA)) throw new Error();
+ if (policy.implies(pd2, pB)) throw new Error();
+ if (policy.implies(pd2, pC)) throw new Error();
final Principal prX = new StringPrincipal("X"),
prY = new StringPrincipal("Y"),
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/Security/implicitGrants/policy
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/Security/implicitGrants/policy?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/Security/implicitGrants/policy (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/Security/implicitGrants/policy Fri Feb 10 11:53:29 2012
@@ -25,10 +25,11 @@ grant {
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getProperty.*";
permission java.security.SecurityPermission "setPolicy";
+ permission java.security.SecurityPermission "getPolicy";
permission java.util.PropertyPermission "*", "read";
permission javax.security.auth.AuthPermission "doAs";
};
-grant codeBase "file:.${/}cb3${/}" {
+grant codeBase "file:${scratch.dir}${/}cb3${/}*" {
permission java.security.AllPermission;
};
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/basePolicyNotFound/policy
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/basePolicyNotFound/policy?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/basePolicyNotFound/policy (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/basePolicyNotFound/policy Fri Feb 10 11:53:29 2012
@@ -15,4 +15,5 @@ grant {
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getProperty.*";
permission java.security.SecurityPermission "setProperty.*";
+ permission java.security.SecurityPermission "getPolicy";
};
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/domainCaching/policy
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/domainCaching/policy?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/domainCaching/policy (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/domainCaching/policy Fri Feb 10 11:53:29 2012
@@ -14,6 +14,7 @@ grant {
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.util.PropertyPermission "*", "read";
permission java.security.SecurityPermission "getProperty.*";
+ permission java.security.SecurityPermission "getPolicy";
permission java.io.FilePermission ".", "read,write,delete";
permission java.io.FilePermission ".${/}-", "read,write,delete";
permission java.io.FilePermission "${test.classes}", "read,write,delete";
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/dynamicBasePolicy/Test.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/dynamicBasePolicy/Test.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/dynamicBasePolicy/Test.java (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/dynamicBasePolicy/Test.java Fri Feb 10 11:53:29 2012
@@ -50,9 +50,9 @@ public class Test {
}
p = new RuntimePermission("C");
+ if (policy1.implies(pd, p)) throw new Error();
policy2.grant(cl, null, new Permission[]{ p });
- if (policy1.implies(pd, p) || !policy2.implies(pd, p)) {
- throw new Error();
- }
+ if (policy1.implies(pd, p)) throw new Error();
+ if (!policy2.implies(pd, p)) throw new Error();
}
}
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/dynamicBasePolicy/policy
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/dynamicBasePolicy/policy?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/dynamicBasePolicy/policy (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/dynamicBasePolicy/policy Fri Feb 10 11:53:29 2012
@@ -16,4 +16,5 @@ grant {
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.lang.RuntimePermission "getProtectionDomain";
permission java.security.SecurityPermission "getProperty.*";
+ permission java.security.SecurityPermission "getPolicy";
};
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/nullCases/policy
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/nullCases/policy?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/nullCases/policy (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/nullCases/policy Fri Feb 10 11:53:29 2012
@@ -13,4 +13,5 @@ grant {
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getProperty.*";
+ permission java.security.SecurityPermission "getPolicy";
};
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/principalGrants/policy
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/principalGrants/policy?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/principalGrants/policy (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/principalGrants/policy Fri Feb 10 11:53:29 2012
@@ -23,4 +23,5 @@ grant {
permission java.lang.RuntimePermission "setSecurityManager";
permission java.util.PropertyPermission "*", "read";
permission java.security.SecurityPermission "getProperty.*";
+ permission java.security.SecurityPermission "getPolicy";
};
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/selfGrants/policy.0
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/selfGrants/policy.0?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/selfGrants/policy.0 (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/policy/DynamicPolicyProvider/selfGrants/policy.0 Fri Feb 10 11:53:29 2012
@@ -20,4 +20,5 @@ grant {
permission java.util.PropertyPermission "test.src", "read";
permission java.security.SecurityPermission "getProperty.*";
permission java.security.SecurityPermission "setPolicy";
+ permission java.security.SecurityPermission "getPolicy";
};
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/basePolicyNotFound/policy
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/basePolicyNotFound/policy?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/basePolicyNotFound/policy (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/basePolicyNotFound/policy Fri Feb 10 11:53:29 2012
@@ -15,4 +15,5 @@ grant {
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getProperty.*";
permission java.security.SecurityPermission "setProperty.*";
+ permission java.security.SecurityPermission "getPolicy";
};
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/basicGrants/policy.0
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/basicGrants/policy.0?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/basicGrants/policy.0 (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/basicGrants/policy.0 Fri Feb 10 11:53:29 2012
@@ -17,6 +17,7 @@ grant {
"java.security.policy", "read,write";
permission java.util.PropertyPermission "test.src", "read";
permission java.security.SecurityPermission "getProperty.*";
+ permission java.security.SecurityPermission "getPolicy";
};
grant codeBase "file:/foo/*" {
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/nullCases/policy
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/nullCases/policy?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/nullCases/policy (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/nullCases/policy Fri Feb 10 11:53:29 2012
@@ -13,4 +13,5 @@ grant {
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getProperty.*";
+ permission java.security.SecurityPermission "getPolicy";
};
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/umbrellaGrants/policy
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/umbrellaGrants/policy?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/umbrellaGrants/policy (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/policy/PolicyFileProvider/umbrellaGrants/policy Fri Feb 10 11:53:29 2012
@@ -1,7 +1,7 @@
/* @summary Test PolicyFileProvider expansion of UmbrellaGrantPermissions
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
+grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
};
@@ -13,6 +13,7 @@ grant {
permission java.lang.RuntimePermission "accessClassInPackage.*";
permission java.lang.RuntimePermission "setSecurityManager";
permission java.security.SecurityPermission "getProperty.*";
+ permission java.security.SecurityPermission "getPolicy";
};
grant codeBase "file:/foo.jar" {
Modified: river/jtsk/trunk/qa/jtreg/net/jini/security/porter/policy
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/net/jini/security/porter/policy?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/net/jini/security/porter/policy (original)
+++ river/jtsk/trunk/qa/jtreg/net/jini/security/porter/policy Fri Feb 10 11:53:29 2012
@@ -1,5 +1,5 @@
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
+grant codeBase "file:${{java.ext.dirs}}/*" {
+ permission java.security.AllPermission;
};
grant codeBase "file:${jtlib.tmp}/*" {
Modified: river/jtsk/trunk/qa/jtreg/unittestlib/BasicTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/unittestlib/BasicTest.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/unittestlib/BasicTest.java (original)
+++ river/jtsk/trunk/qa/jtreg/unittestlib/BasicTest.java Fri Feb 10 11:53:29 2012
@@ -39,16 +39,20 @@ public abstract class BasicTest extends
/** Set the value to compare to. */
protected void setCompareTo(Object compareTo) {
- this.compareTo = compareTo;
- compareToSet = true;
+ synchronized (this){
+ this.compareTo = compareTo;
+ compareToSet = true;
+ }
}
/** Get the value to compare to. Throws an exception if not set. */
protected Object getCompareTo() {
- if (!compareToSet) {
- throw new FailedException("Test error: compareTo not set");
- }
- return compareTo;
+ synchronized (this){
+ if (!compareToSet) {
+ throw new FailedException("Test error: compareTo not set");
+ }
+ return compareTo;
+ }
}
/**
@@ -64,8 +68,9 @@ public abstract class BasicTest extends
}
public void check(Object result) throws Exception {
- if (!safeEquals(getCompareTo(), result)) {
- throw new FailedException("Should be: " + compareTo);
+ Object compareToObj = getCompareTo();
+ if (!safeEquals(compareToObj, result)) {
+ throw new FailedException("Should be: " + compareToObj);
}
}
}
Modified: river/jtsk/trunk/qa/jtreg/unittestlib/UnitTestUtilities.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/jtreg/unittestlib/UnitTestUtilities.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/jtreg/unittestlib/UnitTestUtilities.java (original)
+++ river/jtsk/trunk/qa/jtreg/unittestlib/UnitTestUtilities.java Fri Feb 10 11:53:29 2012
@@ -62,7 +62,7 @@ public class UnitTestUtilities {
Integer.getInteger("lastTest", Integer.MAX_VALUE).intValue();
/** The number of the current test */
- public static int testNumber = 0;
+ public static volatile int testNumber = 0;
/** If true, stop after first failure. */
public static final boolean stopOnFail = Boolean.getBoolean("stopOnFail");
@@ -74,8 +74,8 @@ public class UnitTestUtilities {
/** Holds test results */
private static class TestResults {
- int pass;
- int fail;
+ volatile int pass;
+ volatile int fail;
}
/** Used to signal that lastTest has been done. */
Modified: river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MasterTest.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MasterTest.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MasterTest.java (original)
+++ river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MasterTest.java Fri Feb 10 11:53:29 2012
@@ -36,6 +36,7 @@ import javax.security.auth.Subject;
import net.jini.config.Configuration;
import net.jini.config.ConfigurationException;
+import org.apache.river.api.security.DelegateCombinerSecurityManager;
/**
* A wrapper which drives the execution of a test on the master host.
@@ -82,9 +83,10 @@ class MasterTest {
origErr = System.err;
System.setErr(System.out);
logger.log(Level.FINE, "Starting MasterTest");
- if (System.getSecurityManager() == null) {
- System.setSecurityManager(new java.rmi.RMISecurityManager());
+ if (System.getSecurityManager() == null) {
+// System.setSecurityManager(new java.rmi.RMISecurityManager());
// System.setSecurityManager(new ProfilingSecurityManager());
+ System.setSecurityManager(new DelegateCombinerSecurityManager());
}
if (args.length < 1) {
exit(false, Test.ENV, "Arguments missing");
Modified: river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java (original)
+++ river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/MergedPolicyProvider.java Fri Feb 10 11:53:29 2012
@@ -24,13 +24,21 @@ import java.security.Policy;
import java.security.ProtectionDomain;
import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
+import java.util.List;
import java.util.StringTokenizer;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+import org.apache.river.api.security.ConcurrentPermissions;
+import org.apache.river.api.security.ConcurrentPolicy;
import net.jini.security.policy.PolicyInitializationException;
import net.jini.security.policy.PolicyFileProvider;
+import org.apache.river.api.security.PermissionGrant;
/**
* Security policy provider that delegates to a collection of underlying
@@ -40,12 +48,14 @@ import net.jini.security.policy.PolicyFi
* access to the same file, a check for read,write access would still
* fail.
*/
-public class MergedPolicyProvider extends Policy {
+public class MergedPolicyProvider extends Policy implements ConcurrentPolicy{
+ /** class state */
+// private static final Lock lock = new ReentrantLock();; // protects first
+// private static boolean first = false; // Why is first static?
+
/** the collection of underlying policies */
- private ArrayList policies = new ArrayList();
-
- private static boolean first = false;
+ private final Collection<Policy> policies ;
/**
* Creates a new <code>MergedPolicyProvider</code> instance that wraps a
@@ -74,6 +84,7 @@ public class MergedPolicyProvider extend
}
// no-arg semantics for 'default policy' necessary for correct behavior
// of PolicyFileProvider.refresh
+ Collection<Policy> policies = new ArrayList<Policy>();
try {
if (p1 != null) {
policies.add(new PolicyFileProvider());
@@ -93,6 +104,7 @@ public class MergedPolicyProvider extend
throw new PolicyInitializationException(
"unable to construct base policy", e);
}
+ this.policies = Collections.unmodifiableCollection(policies);
}
/**
@@ -103,25 +115,37 @@ public class MergedPolicyProvider extend
* @param source the <code>CodeSource</code>
*/
public PermissionCollection getPermissions(CodeSource source) {
- Iterator it = policies.iterator();
- if (it.hasNext()) {
- PermissionCollection pc =
- ((Policy) it.next()).getPermissions(source);
- while (it.hasNext()) {
- PermissionCollection pc2 =
- ((Policy) it.next()).getPermissions(source);
- Enumeration en = pc2.elements();
- while (en.hasMoreElements()) {
- Permission perm = (Permission) en.nextElement();
- if (!pc.implies(perm)) {
- pc.add(perm);
- }
- }
- }
- return pc;
- } else {
- throw new IllegalStateException("No policies in provider");
- }
+ if (policies.isEmpty()) throw new IllegalStateException("No policies in provider");
+ PermissionCollection pc = new ConcurrentPermissions();
+ Iterator<Policy> it = policies.iterator();
+ while (it.hasNext()){
+ Policy policy = it.next();
+ PermissionCollection col = policy.getPermissions(source);
+ Enumeration<Permission> e = col.elements();
+ while(e.hasMoreElements()){
+ pc.add(e.nextElement());
+ }
+ }
+ return pc;
+// Iterator it = policies.iterator();
+// if (it.hasNext()) {
+// PermissionCollection pc =
+// ((Policy) it.next()).getPermissions(source);
+// while (it.hasNext()) {
+// PermissionCollection pc2 =
+// ((Policy) it.next()).getPermissions(source);
+// Enumeration en = pc2.elements();
+// while (en.hasMoreElements()) {
+// Permission perm = (Permission) en.nextElement();
+// if (!pc.implies(perm)) {
+// pc.add(perm);
+// }
+// }
+// }
+// return pc;
+// } else {
+// throw new IllegalStateException("No policies in provider");
+// }
}
/**
@@ -131,55 +155,76 @@ public class MergedPolicyProvider extend
*
* @param domain the <code>ProtectionDomain</code>
*/
+// public PermissionCollection getPermissions(ProtectionDomain domain) {
+// Iterator it = policies.iterator();
+// ArrayList list = new ArrayList(64);
+// boolean first = false;
+//// lock.lock();
+//// try {
+// if (it.hasNext()) {
+// PermissionCollection pc =
+// ((Policy) it.next()).getPermissions(domain);
+// if (first) {
+// first = false;
+// Enumeration en = pc.elements();
+// list.add("BASE PERMISSIONS for domain " + domain);
+// while (en.hasMoreElements()) {
+// Permission perm = (Permission) en.nextElement();
+// list.add(perm.toString());
+// }
+// first = true;
+// }
+// while (it.hasNext()) {
+// PermissionCollection pc2 =
+// ((Policy) it.next()).getPermissions(domain);
+// Enumeration en = pc2.elements();
+// while (en.hasMoreElements()) {
+// Permission perm = (Permission) en.nextElement();
+// if (!pc.implies(perm)) {
+// if (first) {
+// first = false;
+// list.add("checking " + perm + " and adding");
+// first = true;
+// }
+// pc.add(perm);
+// } else {
+// if (first) {
+// first = false;
+// list.add("checking " + perm + " and not adding");
+// first = true;
+// }
+// }
+// }
+// }
+// if (first) {
+// first = false;
+// for (int i = 0; i < list.size(); i++) {
+// System.out.println((String) list.get(i));
+// }
+// first = true;
+// }
+// return pc;
+// } else {
+// throw new IllegalStateException("No policies in provider");
+// }
+//// }finally{
+//// lock.unlock();
+//// }
+// }
+
public PermissionCollection getPermissions(ProtectionDomain domain) {
- Iterator it = policies.iterator();
- ArrayList list = new ArrayList();
- if (it.hasNext()) {
- PermissionCollection pc =
- ((Policy) it.next()).getPermissions(domain);
- if (first) {
- first = false;
- Enumeration en = pc.elements();
- list.add("BASE PERMISSIONS for domain " + domain);
- while (en.hasMoreElements()) {
- Permission perm = (Permission) en.nextElement();
- list.add(perm.toString());
- }
- first = true;
- }
- while (it.hasNext()) {
- PermissionCollection pc2 =
- ((Policy) it.next()).getPermissions(domain);
- Enumeration en = pc2.elements();
- while (en.hasMoreElements()) {
- Permission perm = (Permission) en.nextElement();
- if (!pc.implies(perm)) {
- if (first) {
- first = false;
- list.add("checking " + perm + " and adding");
- first = true;
- }
- pc.add(perm);
- } else {
- if (first) {
- first = false;
- list.add("checking " + perm + " and not adding");
- first = true;
- }
- }
- }
- }
- if (first) {
- first = false;
- for (int i = 0; i < list.size(); i++) {
- System.out.println((String) list.get(i));
- }
- first = true;
- }
- return pc;
- } else {
- throw new IllegalStateException("No policies in provider");
- }
+ if (policies.isEmpty()) throw new IllegalStateException("No policies in provider");
+ PermissionCollection pc = new ConcurrentPermissions();
+ Iterator<Policy> it = policies.iterator();
+ while (it.hasNext()){
+ Policy policy = it.next();
+ PermissionCollection col = policy.getPermissions(domain);
+ Enumeration<Permission> e = col.elements();
+ while(e.hasMoreElements()){
+ pc.add(e.nextElement());
+ }
+ }
+ return pc;
}
/**
@@ -214,4 +259,70 @@ public class MergedPolicyProvider extend
p.refresh();
}
}
+
+ public boolean isConcurrent() {
+ if (policies.isEmpty()) throw new IllegalStateException("No policies in provider");
+ Iterator<Policy> it = policies.iterator();
+ while (it.hasNext()){
+ Policy p = it.next();
+ if (p instanceof ConcurrentPolicy){
+ if (!((ConcurrentPolicy)p).isConcurrent()) return false;
+ } else {
+ return false;
+ }
+ }
+ return true;
+ }
+
+ public PermissionGrant[] getPermissionGrants(ProtectionDomain domain) {
+ if (policies.isEmpty()) throw new IllegalStateException("No policies in provider");
+ List<PermissionGrant[]> perms = new ArrayList<PermissionGrant[]>(policies.size());
+ Iterator<Policy> it = policies.iterator();
+ int arrayLength = 0;
+ while (it.hasNext()){
+ Policy p = it.next();
+ if (p instanceof ConcurrentPolicy){
+ PermissionGrant [] g = ((ConcurrentPolicy)p).getPermissionGrants(domain);
+ arrayLength = arrayLength + g.length;
+ perms.add(g);
+ }
+ }
+ PermissionGrant [] result = new PermissionGrant[arrayLength];
+ int index = 0;
+ Iterator<PermissionGrant[]> grants = perms.iterator();
+ while (grants.hasNext()){
+ PermissionGrant [] g = grants.next();
+ int l = g.length;
+ for (int i = 0; i < l; i++, index++){
+ result[index] = g[i];
+ }
+ }
+ return result;
+ }
+
+ public PermissionGrant[] getPermissionGrants() {
+ if (policies.isEmpty()) throw new IllegalStateException("No policies in provider");
+ List<PermissionGrant[]> perms = new ArrayList<PermissionGrant[]>(policies.size());
+ Iterator<Policy> it = policies.iterator();
+ int arrayLength = 0;
+ while (it.hasNext()){
+ Policy p = it.next();
+ if (p instanceof ConcurrentPolicy){
+ PermissionGrant [] g = ((ConcurrentPolicy)p).getPermissionGrants();
+ arrayLength = arrayLength + g.length;
+ perms.add(g);
+ }
+ }
+ PermissionGrant [] result = new PermissionGrant[arrayLength];
+ int index = 0;
+ Iterator<PermissionGrant[]> grants = perms.iterator();
+ while (grants.hasNext()){
+ PermissionGrant [] g = grants.next();
+ int l = g.length;
+ for (int i = 0; i < l; i++, index++){
+ result[index] = g[i];
+ }
+ }
+ return result;
+ }
}
Modified: river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/QATest.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/QATest.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/QATest.java (original)
+++ river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/QATest.java Fri Feb 10 11:53:29 2012
@@ -24,7 +24,10 @@ import java.io.PrintWriter;
import java.io.File;
import java.rmi.RemoteException;
import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
import java.util.Iterator;
+import java.util.List;
import java.util.logging.Logger;
import java.util.logging.Level;
@@ -46,17 +49,17 @@ import net.jini.core.lease.UnknownLeaseE
public abstract class QATest implements Test {
/** the logger */
- protected static Logger logger =
+ protected static final Logger logger =
Logger.getLogger("com.sun.jini.qa.harness");
/** Keeps track of leases for automatic cancellation when test ends. */
- private ArrayList leaseArray = new ArrayList();
+ private final Collection<Lease> leaseArray = new ArrayList<Lease>();
/** The admin manager for managing services */
- protected AdminManager manager;
+ protected volatile AdminManager manager;
/** The config object for accessing the test environment */
- protected QAConfig config;
+ protected volatile QAConfig config;
/**
* Mostly mimics the behavior of the assert keyword.
Modified: river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/TestDescription.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/TestDescription.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/TestDescription.java (original)
+++ river/jtsk/trunk/qa/src/com/sun/jini/qa/harness/TestDescription.java Fri Feb 10 11:53:29 2012
@@ -603,7 +603,9 @@ public class TestDescription implements
ArrayList cmdList = new ArrayList(10);
cmdList.add(getJVM());
// Uncomment the following line if you want to debug permission requests
- //cmdList.add("-Djava.security.manager=com.sun.jini.tool.ProfilingSecurityManager");
+// cmdList.add("-Djava.security.manager=com.sun.jini.tool.ProfilingSecurityManager");
+// cmdList.add("-Djava.security.manager=java.lang.SecurityManager");
+ cmdList.add("-Djava.security.manager=org.apache.river.api.security.DelegateCombinerSecurityManager");
cmdList.add("-Djava.security.policy=" + getPolicyFile());
if (getCodebase() != null) {
cmdList.add("-Djava.rmi.server.codebase=" + getCodebase());
Modified: river/jtsk/trunk/qa/src/com/sun/jini/qa/resources/qaDefaults.properties
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/src/com/sun/jini/qa/resources/qaDefaults.properties?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/src/com/sun/jini/qa/resources/qaDefaults.properties (original)
+++ river/jtsk/trunk/qa/src/com/sun/jini/qa/resources/qaDefaults.properties Fri Feb 10 11:53:29 2012
@@ -210,11 +210,14 @@ com.sun.jini.qa.harness.actdeathdelay=5
# system property if that property is defined. The '-OD' marker flags this
# property as optional. If the property is not defined as a system property
# or in any configuration file, then the property will not be set on the VM.
-#
+#
# You might find the following debugging options useful
# -Djava.security.debug=access:failure,\
# -Djava.security.manager=com.sun.jini.tool.ProfilingSecurityManager,\
+# -Djava.security.manager=org.apache.river.api.security.DelegateCombinerSecurityManager,\
# -Dpolicy.provider=net.jini.security.policy.DynamicPolicyProvider,\
+# -Djava.security.manager=java.rmi.RMISecurityManager,\
+
# no cosmetic whitespace
com.sun.jini.qa.harness.globalvmargs=\
@@ -249,7 +252,11 @@ testPolicyfile=<url:harness/policy/defau
# The default classpath. This property must be defined, and must include
# all Jini dependencies as components
-testClasspath=<harnessJar>$:<testJar>$:${com.sun.jini.jsk.home}$/lib$/jsk-platform.jar$:${com.sun.jini.jsk.home}$/lib$/jsk-lib.jar
+testClasspath=<harnessJar>$:<testJar>$:${com.sun.jini.jsk.home}$/lib$/jsk-platform.jar$:${com.sun.jini.jsk.home}$/lib$/jsk-lib.jar$:${com.sun.jini.jsk.home}$/lib$/high-scale-lib.jar
+
+# Alternate test classpath, for tests that don't use <testJar>
+#
+altClasspath=<harnessJar>$:${com.sun.jini.jsk.home}$/lib$/jsk-platform.jar$:${com.sun.jini.jsk.home}$/lib$/jsk-lib.jar$:${com.sun.jini.jsk.home}$/lib$/high-scale-lib.jar
#
# Services run with server vm; test runs with client vm
Modified: river/jtsk/trunk/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java (original)
+++ river/jtsk/trunk/qa/src/com/sun/jini/test/impl/reggie/NameServiceImpl.java Fri Feb 10 11:53:29 2012
@@ -39,17 +39,25 @@ public class NameServiceImpl implements
}
- public InetAddress[] lookupAllHostAddr(String host)
+// public byte [][] lookupAllHostAddr(String host)
+ public InetAddress [] lookupAllHostAddr(String host)
throws UnknownHostException
{
if (host.equalsIgnoreCase(testClient)) {
- return ( new InetAddress[]
- { InetAddress.getByAddress(addr1),
- InetAddress.getByAddress(addr2),
- InetAddress.getByAddress(localhostAddr) } );
+// return ( new byte [][]
+// { InetAddress.getByAddress(addr1).getAddress(),
+// InetAddress.getByAddress(addr2).getAddress(),
+// InetAddress.getByAddress(localhostAddr).getAddress()
+ return (new InetAddress []{
+ InetAddress.getByAddress(addr1),
+ InetAddress.getByAddress(addr2),
+ InetAddress.getByAddress(localhostAddr)
+ });
} else if (host.equalsIgnoreCase(localhost)) {
- return ( new InetAddress[]
- { InetAddress.getByAddress(localhostAddr) } );
+ return
+// ( new byte[][] { InetAddress.getByAddress(localhostAddr).getAddress()
+ (new InetAddress [] { InetAddress.getByAddress(localhostAddr)
+ });
} else {
throw new UnknownHostException(host);
}
Modified: river/jtsk/trunk/qa/src/com/sun/jini/test/impl/start/ClassLoaderTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/src/com/sun/jini/test/impl/start/ClassLoaderTest.td?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/src/com/sun/jini/test/impl/start/ClassLoaderTest.td (original)
+++ river/jtsk/trunk/qa/src/com/sun/jini/test/impl/start/ClassLoaderTest.td Fri Feb 10 11:53:29 2012
@@ -2,7 +2,7 @@ testClass=ClassLoaderTest
testCategories=start,start_impl
#testClasspath=${com.sun.jini.qa.home}$/lib$/harness.jar$:${com.sun.jini.qa.home}$/lib$/qa1-start-tests.jar$:${com.sun.jini.qa.home}$/lib$/$qajinidep$:${com.sun.jini.jsk.home}$/lib$/jsk-platform.jar
-testClasspath=<harnessJar>$:<file:lib/qa1-start-tests.jar>$:${com.sun.jini.jsk.home}$/lib$/jsk-platform.jar$:${com.sun.jini.jsk.home}$/lib$/jsk-lib.jar
+testClasspath=${altClasspath}$:<file:lib/qa1-start-tests.jar>
/*******************************************************************************
Modified: river/jtsk/trunk/qa/src/com/sun/jini/test/impl/start/ClasspathTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/src/com/sun/jini/test/impl/start/ClasspathTest.td?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/src/com/sun/jini/test/impl/start/ClasspathTest.td (original)
+++ river/jtsk/trunk/qa/src/com/sun/jini/test/impl/start/ClasspathTest.td Fri Feb 10 11:53:29 2012
@@ -2,7 +2,7 @@ testClass=ClasspathTest
testCategories=start,start_impl
#testClasspath=${com.sun.jini.qa.home}$/lib$/harness.jar$:${com.sun.jini.qa.home}$/lib$/qa1-start-tests.jar$:${com.sun.jini.qa.home}$/lib$/$qajinidep$:${com.sun.jini.jsk.home}$/lib$/jsk-platform.jar
-testClasspath=<harnessJar>$:<file:lib/qa1-start-tests.jar>$:${com.sun.jini.jsk.home}$/lib$/jsk-platform.jar$:${com.sun.jini.jsk.home}$/lib$/jsk-lib.jar
+testClasspath=${altClasspath}$:<file:lib/qa1-start-tests.jar>
/*******************************************************************************
Modified: river/jtsk/trunk/qa/src/com/sun/jini/test/impl/start/CodebaseTest.td
URL: http://svn.apache.org/viewvc/river/jtsk/trunk/qa/src/com/sun/jini/test/impl/start/CodebaseTest.td?rev=1242750&r1=1242749&r2=1242750&view=diff
==============================================================================
--- river/jtsk/trunk/qa/src/com/sun/jini/test/impl/start/CodebaseTest.td (original)
+++ river/jtsk/trunk/qa/src/com/sun/jini/test/impl/start/CodebaseTest.td Fri Feb 10 11:53:29 2012
@@ -2,7 +2,7 @@ testClass=CodebaseTest
testCategories=start,start_impl
#testClasspath=${com.sun.jini.qa.home}$/lib$/harness.jar$:${com.sun.jini.qa.home}$/lib$/qa1-start-tests.jar$:${com.sun.jini.qa.home}$/lib$/$qajinidep$:${com.sun.jini.jsk.home}$/lib$/jsk-platform.jar
-testClasspath=<harnessJar>$:<file:lib/qa1-start-tests.jar>$:${com.sun.jini.jsk.home}$/lib$/jsk-platform.jar$:${com.sun.jini.jsk.home}$/lib$/jsk-lib.jar
+testClasspath=${altClasspath}$:<file:lib/qa1-start-tests.jar>
/*******************************************************************************