On 3/9/07, Ruth Cao wrote:
If no one objects, I'll raise a JIRA and create a patch to let the test
pass on both RI and Harmony. Thanks.
Yes, please file a JIRA and to fix the test.
Thanks,
Stepan.
Ruth Cao wrote:
> Stepan Mishura wrote:
>> On 3/7/07, Ruth Cao wrote:
>>
>>> Hi all,
>>>
>>> When I'm looking at the exclude lists in the security module, I've
>>> found
>>> that the test_impliesLjava_security_Permission method in
>>> t.a.j.security.PermissionCollectionTest fails on both RI and Harmony.
>>> Looking more deeply into the code, I think the main reason may be that
>>> the 'coucou.FileAccess' class does not contain certain permission.
>>> Thus,
>>> the result string on both RI and Harmony is 'false, false, false',
>>> which
>>> does not equal to the assertion.
>>
>>
>> The test fails on Harmony and RI with:
>> java.security.AccessControlException: access denied
>> (java.io.FilePermission<abs_path>/signedBKS.jar read)
>>
> The j.i.FilePermission happens just because the temporary policy file
> does not grant enough permission to the program. However, after
> modifying the test case a little (pls see the attached patch), I still
> got a failure, which indicates the result String returned by
> Support_Exec.execJava is 'false, false, false'. So I guess it is due
> to the 'coucou.FileAccess'.
>
> Pls correct me if I'm wrong. Thanks.
>
>> Why you think that 'coucou.FileAccess' class needs more permissions
>> to read
>> signedBKS.jar file?
>>
>>> Is it just a test case code problem or does it need more configuration
>>> to run this PermissionCollectionTest? Can any security guru give me
>>> some
>>> advice or suggestion? Thanks a lot.
>>>
>>
>> Yes, it looks like a test case code problem for me - I can not
>> understand
>> why PermissionCollection.implies() method is tested in this odd way:
>> signed
>> jar-file, keystore, dynamically generated policy file, forked VM
....:-)
>> (May be I'm missing some nuances).
>> Do this testing scenario really tests the method? First of all it's
>> abstract
>> method so we can test its implementation by some sublass. The test
>> invokes
>> Policy.getPermissions(ProtectionDomain) method to get
>> PermissionCollection
>> object but indeed that is instance of java.security.Permissions
>> class. So
>> why not just simply create Permissions object, add required
>> permissions to
>> it and test implies() method?
>>
>> Thanks,
>> Stepan Mishura
>> Intel Enterprise Solutions Software Division
>>
>
>
> ------------------------------------------------------------------------
>
> Index:
src/test/api/java/tests/api/java/security/PermissionCollectionTest.java
> ===================================================================
> ---
src/test/api/java/tests/api/java/security/PermissionCollectionTest.java
(revision 515400)
> +++
src/test/api/java/tests/api/java/security/PermissionCollectionTest.java
(working copy)
> @@ -57,7 +57,7 @@
> /**
> * @tests java.security.PermissionCollection#implies(
java.security.Permission)
> */
> - public void test_impliesLjava_security_Permission() {
> + public void test_impliesLjava_security_Permission() throws
Exception {
>
> // Look for the tests classpath
> URL classURL = this.getClass
().getProtectionDomain().getCodeSource()
> @@ -78,7 +78,18 @@
> try {
> FileOutputStream fileOut = new
FileOutputStream(policyFile);
> String linebreak = System.getProperty("line.separator");
> - String towrite = "grant codeBase \""
> + String towrite = "grant {"
> + + linebreak
> + + "permission java.io.FilePermission \""
> + + signedBKS.getFile() + "\", \"read\";"
> + + linebreak
> + + "permission
java.lang.RuntimePermission\"getProtectionDomain\";"
> + + linebreak
> + + "permission
java.security.SecurityPermission\"getPolicy\";"
> + + linebreak
> + + "};"
> + + linebreak
> + + "grant codeBase \""
> + signedBKS.toExternalForm()
> + "\" signedBy \"eleanor\" {"
> + linebreak
> @@ -96,7 +107,8 @@
> + linebreak + "};" + linebreak + "grant codeBase
\"";
> towrite += classURL.toExternalForm();
> towrite += "\" {" + linebreak
> - + "permission java.security.AllPermission;" +
linebreak
> + + "permission java.security.AllPermission;"
> + + linebreak
> + "};" + linebreak + "keystore \""
> + keystoreBKS.toExternalForm()
> + "\",\"BKS\";";
> @@ -150,44 +162,36 @@
> + e);
> }
>
> - try {
> - String result = Support_Exec.execJava(args, classPathArray,
true);
> - // Delete the Jar file copied in the user directory
> - if (!jarFile.delete()) {
> - throw new IOException("Could not delete temporary jar
file : "
> - + jarFile.getPath());
> - }
> +
> + String result = Support_Exec.execJava(args, classPathArray,
true);
> + // Delete the Jar file copied in the user directory
> + if (!jarFile.delete()) {
> + throw new IOException("Could not delete temporary
jar file : "
> + + jarFile.getPath());
> + }
>
> - // Delete the temporary policy file
> - if (!policyFile.delete()) {
> - throw new IOException(
> - "Could not delete temporary policy file : "
> - + policyFile.getPath());
> - }
> + // Delete the temporary policy file
> + if (!policyFile.delete()) {
> + throw new IOException("Could not delete temporary
policy file : "
> + + policyFile.getPath());
> + }
>
> - StringTokenizer resultTokenizer = new
StringTokenizer(result, ",");
> + StringTokenizer resultTokenizer = new
StringTokenizer(result, ",");
>
> - // Check the test result from the new VM process
> - assertEquals("Permission should be granted", "true",
> - resultTokenizer.nextToken());
> - assertEquals("signed Permission should be granted", "true",
> - resultTokenizer.nextToken());
> - assertEquals("Permission should not be granted", "false",
> - resultTokenizer.nextToken());
> - } catch (IOException e) {
> - fail("IOException during test : " + e);
> - } catch (InterruptedException e) {
> - fail("InterruptedException during test : " + e);
> - } catch (NoSuchElementException e) {
> - fail("NoSuchElementException during test : " + e);
> - } catch (Exception e) {
> - fail("Exception during test : " + e);
> - }
> + // Check the test result from the new VM process
> + assertEquals("Permission should be granted", "true",
resultTokenizer
> + .nextToken());
> + assertEquals("signed Permission should be granted",
"true",
> + resultTokenizer.nextToken());
> + assertEquals("Permission should not be granted", "false",
> + resultTokenizer.nextToken());
> +
> }
>
--
Regards,
Ruth Cao
China Software Development Lab, IBM
--
Stepan Mishura
Intel Enterprise Solutions Software Division
