/* * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions.
*/
/* * First Debug properties and arguments are collect in expected * map (argName, value) format, then calls original test's run method.
*/ publicstaticvoid main(String args[]) throws Exception {
// Supported parameters list format is : // "MainClass [-server <param-spec> ...] [-client <param-spec> ...] // with <param-spec> either "-parami valuei" or "-parami"
HashMap<String, Object> serverMap = new HashMap<>() ; int clientArgsIndex =
Utils.parseServerParameters(args, SERVER_CLASS_NAME, serverMap);
// Extract and records client params
String[] clientParams = null; if (clientArgsIndex < args.length) { int clientParamsSize = args.length - clientArgsIndex;
clientParams = new String[clientParamsSize];
System.arraycopy(args, clientArgsIndex, clientParams, 0, clientParamsSize);
} else {
clientParams = new String[0];
}
// Run test
SecurityTest test = new SecurityTest();
test.run(serverMap, clientParams);
}
// Return full path of filename in the test sopurce directory privatestatic String buildSourcePath(String filename) { return System.getProperty("test.src") + File.separator + filename;
}
/* * Collects security run params for server side.
*/ private HashMap<String, Object> setServerSecurityEnv(Map<String, Object> map) throws Exception {
// Creates Authentication environment from server side params
HashMap<String, Object> env = new HashMap<>();
// Retrieve and set keystore and truststore config if any if (map.containsKey("-keystore") &&
map.get("-keystore") != null) {
setKeyStoreProperties(map);
}
System.out.println("Done keystore properties");
String value = null; if ((value = (String)map.get("-mapType")) != null) {
// Case of remote password file with all authorized credentials if (value.contains("x.password.file")) {
String passwordFileStr = buildSourcePath("password.properties");
env.put("jmx.remote.x.password.file", passwordFileStr);
System.out.println("Added " + passwordFileStr + " file as jmx.remote.x.password.file");
}
// Case of dedicated authenticator class : TestJMXAuthenticator if (value.contains("x.authenticator")) {
env.put("jmx.remote.authenticator", new TestJMXAuthenticator()) ;
System.out.println( "Added \"jmx.remote.authenticator\" = TestJMXAuthenticator");
}
// Case of security config file with standard Authentication if (value.contains("x.login.config.PasswordFileAuthentication")) {
String loginConfig = System.getProperty("login.config.file");
// redirects "password.file" property to file in ${test.src}
String passwordFileStr =
buildSourcePath(System.getProperty("password.file"));
System.setProperty("password.file", passwordFileStr);
System.out.println( "Redirected \"password.file\" property value to = " +
passwordFileStr) ;
}
// Case of security config file with unexisting athentication config if (value.contains("x.login.config.UnknownAuthentication")) {
String loginConfig = System.getProperty("login.config.file");
// redirects "password.file" property to file in ${test.src}
String passwordFileStr =
buildSourcePath(System.getProperty("password.file"));
System.setProperty("password.file", passwordFileStr);
System.out.println( "Redirected \"password.file\" property value to = " +
passwordFileStr) ;
}
// Case of security config file with dedicated login module if (value.contains("x.login.config.SampleLoginModule")) {
String loginConfig = System.getProperty("login.config.file");
if (value.contains(RMI_SERVER_SOCKET_FACTORY_SSL)) { if (value.contains( "rmi.server.socket.factory.ssl.need.client.authentication")) { // rmi ssl authentication with client authentication
env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(null, null, true)) ;
System.out.println( "Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with client authentication") ;
} elseif (value.contains("rmi.server.socket.factory.ssl.enabled.cipher.suites.md5")) { // Allows all ciphering and protocols for testing purpose
Security.setProperty("jdk.tls.disabledAlgorithms", "");
env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory( new String[] {"SSL_RSA_WITH_RC4_128_MD5"}, null, false));
System.out.println( "Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with SSL_RSA_WITH_RC4_128_MD5 cipher suite");
} elseif (value.contains("rmi.server.socket.factory.ssl.enabled.cipher.suites.sha")) { // Allows all ciphering and protocols for testing purpose
Security.setProperty("jdk.tls.disabledAlgorithms", "");
env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory( new String[] { "SSL_RSA_WITH_RC4_128_SHA" }, null, false)) ;
System.out.println( "Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with SSL_RSA_WITH_RC4_128_SHA cipher suite") ;
} elseif (value.contains("rmi.server.socket.factory.ssl.enabled.protocols.sslv3")) { // Allows all ciphering and protocols for testing purpose
Security.setProperty("jdk.tls.disabledAlgorithms", "");
env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(null, new String[] {"SSLv3"}, false)) ;
System.out.println( "Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with SSLv3 protocol") ;
} elseif (value.contains("rmi.server.socket.factory.ssl.enabled.protocols.tlsv1")) { // Allows all ciphering and protocols for testing purpose
Security.setProperty("jdk.tls.disabledAlgorithms", "");
env.put("jmx.remote.rmi.server.socket.factory", new SslRMIServerSocketFactory(null, new String[] {"TLSv1"}, false)) ;
System.out.println( "Added \"jmx.remote.rmi.server.socket.factory\"" + " = SslRMIServerSocketFactory with TLSv1 protocol") ;
/* * Create the MBeansServer side of the test and returns its address
*/ private JMXServiceURL createServerSide(Map<String, Object> serverMap) throws Exception { finalint NINETY_SECONDS = 90;
/* * Creating command-line for running subprocess JVM: * * JVM command line is like: * {test_jdk}/bin/java {defaultopts} -cp {test.class.path} {testopts} main * * {defaultopts} are the default java options set by the framework. *
*/ private List<String> buildCommandLine(String args[]) {
/** * Runs SecurityTest$ClientSide with the passed options and redirects * subprocess standard I/O to the current (parent) process. This provides a * trace of what happens in the subprocess while it is runnning (and before * it terminates). * * @param serviceUrlStr string representing the JMX service Url to connect to.
*/ privateint runClientSide(String args[], String serviceUrlStr) throws Exception {
// Building command-line
List<String> opts = buildCommandLine(args);
opts.add("-serviceUrl");
opts.add(serviceUrlStr);
// Launch separate JVM subprocess int exitCode = 0;
String[] optsArray = opts.toArray(new String[0]);
ProcessBuilder pb = new ProcessBuilder(optsArray);
Process p = ProcessTools.startProcess("SecurityTest$ClientSide", pb);
// Handling end of subprocess try {
exitCode = p.waitFor(); if (exitCode != 0) {
System.out.println( "Subprocess unexpected exit value of [" + exitCode + "]. Expected 0.\n");
}
} catch (InterruptedException e) {
System.out.println("Parent process interrupted with exception : \n " + e + " :" );
// Supported parameters list format is : "MainClass [-client <param-spec> ...] // with <param-spec> either "-parami valuei" or "-parami"
HashMap<String, Object> clientMap = new HashMap<>() ;
Utils.parseClientParameters(args, CLIENT_CLASS_NAME, clientMap);
// Run test
ClientSide test = new ClientSide();
test.run(clientMap);
}
publicvoid run(Map<String, Object> args) {
System.out.println("ClientSide::run: Start"); int errorCount = 0;
try { // Setup client side parameters
HashMap<String, Object> env = new HashMap<>();
// If needed allows all ciphering and protocols for testing purpose if (System.getProperty(RMI_SSL_CLIENT_ENABLEDCIPHERSUITES) != null) {
Security.setProperty("jdk.tls.disabledAlgorithms", "");
}
// If needed allows all ciphering and protocols for testing purpose if (System.getProperty(RMI_SSL_CLIENT_ENABLEDPROTOCOLS) != null) {
Security.setProperty("jdk.tls.disabledAlgorithms", "");
}
// Retrieve and set keystore and truststore config if any if (args.containsKey("-keystore") &&
args.get("-keystore") != null) {
SecurityTest.setKeyStoreProperties(args);
} if (args.containsKey("-truststore") &&
args.get("-truststore") != null) {
SecurityTest.setTrustStoreProperties(args);
}
String authCallCountName = "-expectedAuthenticatorCallCount"; int authCallCountValue = 0; if (args.containsKey(authCallCountName)) {
authCallCountValue =
(new Integer((String) args.get(authCallCountName))).intValue();
}
try { // Get a connection to remote mbean server
JMXServiceURL addr = new JMXServiceURL((String)args.get("-serviceUrl"));
cc = JMXConnectorFactory.connect(addr,env);
mbsc = cc.getMBeanServerConnection();
// In case we should have got an exception if (expectedThrowable != null) {
System.out.println("ClientSide::run: (ERROR) " + " Connect did not fail with expected " + expectedThrowable);
errorCount++;
} else {
System.out.println("ClientSide::run: (OK) Connect succeed");
}
} catch (Throwable e) {
Utils.printThrowable(e, true); if (expectedThrowable != null) { if (Utils.compareThrowable(e, expectedThrowable)) {
System.out.println("ClientSide::run: (OK) " + "Connect failed with expected " + expectedThrowable);
} else {
System.out.println("ClientSide::run: (ERROR) Connect failed with " +
e.getClass() + " instead of expected " +
expectedThrowable);
errorCount++;
}
} else {
System.out.println("ClientSide::run: (ERROR) " + "Connect failed with exception");
errorCount++;
}
}
// Depending on the client state, // perform some requests if (mbsc != null && errorCount == 0) { // Perform some little JMX requests
System.out.println("ClientSide::run: Start sending requests");
doRequests();
// In case authentication has been used we check how it did. if (authCallCountValue != 0) {
errorCount += checkAuthenticator(mbsc, authCallCountValue);
}
}
} catch (Exception e) {
Utils.printThrowable(e, true);
errorCount++;
} finally { // Terminate the JMX Client if any if (cc != null) { try {
cc.close();
} catch (Exception e) {
Utils.printThrowable(e, true) ;
errorCount++;
}
}
}
System.out.println("ClientSide::run: Done");
// Handle result if (errorCount != 0) { thrownew RuntimeException();
}
}
privatevoid doRequests() throws Exception {
// Send some requests to the remote JMX server
ObjectName objName1 = new ObjectName("TestDomain:class=MBS_Light,rank=1");
String mbeanClass = "MBS_Light";
Exception exception = new Exception("MY TEST EXCEPTION");
Attribute attException = new Attribute("AnException", exception);
Error error = new Error("MY TEST ERROR");
Attribute attError = new Attribute("AnError", error);
String opParamString = "TOTORO";
RjmxMBeanParameter opParam = new RjmxMBeanParameter(opParamString);
Object[] params1 = {opParamString};
String[] sig1 = {"java.lang.String"};
Object[] params2 = {opParam};
String[] sig2 = {"RjmxMBeanParameter"};
// Create and register the MBean
Utils.debug(Utils.DEBUG_STANDARD, "ClientSide::doRequests: Create and register the MBean");
mbsc.createMBean(mbeanClass, objName1); if (!mbsc.isRegistered(objName1)) { thrownew Exception("Unable to register an MBean");
}
// Set attributes of the MBean
Utils.debug(Utils.DEBUG_STANDARD, "ClientSide::doRequests: Set attributes of the MBean");
mbsc.setAttribute(objName1, attException);
mbsc.setAttribute(objName1, attError);
// Get attributes of the MBean
Utils.debug(Utils.DEBUG_STANDARD, "ClientSide::doRequests: Get attributes of the MBean");
Exception retException =
(Exception) mbsc.getAttribute(objName1,"AnException"); if (!retException.getMessage().equals(exception.getMessage())) {
System.out.println("Expected = " + exception);
System.out.println("Got = " + retException); thrownew Exception("Attribute AnException not as expected");
}
Error retError = (Error) mbsc.getAttribute(objName1, "AnError"); if (!retError.getMessage().equals(error.getMessage())) {
System.out.println("Expected = " + error);
System.out.println("Got = " + retError); thrownew Exception("Attribute AnError not as expected");
}
// Unregister the MBean
Utils.debug(Utils.DEBUG_STANDARD, "ClientSide::doRequests: Unregister the MBean");
mbsc.unregisterMBean(objName1); if (mbsc.isRegistered(objName1)) { thrownew Exception("Unable to unregister an MBean");
}
}
/** * Make some check about the instance of TestJMXAuthenticator. * The authenticator is supposed to have set some properties on * a ServerDelegate MBean. * We compare the number of times it has been called with the expected value. * We also check the Principal that has been given to the authenticator * was not null. * That method is of use to authentication with the JSR 262. * @param mbs * @param expectedAuthenticatorCallCount * @return The number of errors encountered. * @throws java.lang.Exception
*/ protectedint checkAuthenticator(MBeanServerConnection mbs, int expectedAuthenticatorCallCount) throws Exception { int errorCount = 0;
// Ensure the authenticator has been called the right number // of times. int callCount =
((Integer) mbs.getAttribute( new ObjectName(SERVER_DELEGATE_MBEAN_NAME), "TestJMXAuthenticatorCallCount")).intValue();
if (callCount == expectedAuthenticatorCallCount) {
System.out.println("---- OK Authenticator has been called "
+ expectedAuthenticatorCallCount + " time");
} else {
errorCount++;
System.out.println("---- ERROR Authenticator has been called " + callCount
+ " times in place of " + expectedAuthenticatorCallCount);
}
// Ensure the provider has been called with // a non null Principal.
String principalString =
(String) mbs.getAttribute( new ObjectName(SERVER_DELEGATE_MBEAN_NAME), "TestJMXAuthenticatorPrincipalString");
if (principalString == null) {
errorCount++;
System.out.println("---- ERROR Authenticator has been called"
+ " with a null Principal");
} else { if (principalString.length() > 0) {
System.out.println("---- OK Authenticator has been called"
+ " with the Principal " + principalString);
} else {
errorCount++;
System.out.println("---- ERROR Authenticator has been called"
+ " with an empty Principal");
}
}
return errorCount;
}
}
}
Messung V0.5
¤ Dauer der Verarbeitung: 0.20 Sekunden
(vorverarbeitet)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
