From 3306244c3006de741bb1384e15197982fc4e2f4a Mon Sep 17 00:00:00 2001 From: Goetz Lindenmaier Date: Tue, 5 Mar 2024 08:59:35 +0000 Subject: [PATCH 1/2] 8305900: Use loopback IP addresses in security policy files of httpclient tests Reviewed-by: mbaesken Backport-of: 646b666a265c4de961b8ba3f9e4e8c9231be8a6f --- .../net/httpclient/AsFileDownloadTest.java | 44 ++++++------- .../net/httpclient/AsFileDownloadTest.policy | 19 ++++-- .../FilePublisherPermsTest1.policy | 31 ++++++--- .../FilePublisherPermsTest2.policy | 31 ++++++--- .../FilePublisherPermsTest3.policy | 31 ++++++--- .../FilePublisher/FilePublisherTest.policy | 31 ++++++--- .../net/httpclient/HttpServerAdapters.java | 11 +++- .../net/httpclient/LightWeightHttpServer.java | 13 +++- .../httpclient/PathSubscriber/ofFile.policy | 31 ++++++--- .../PathSubscriber/ofFileDownload.policy | 31 ++++++--- .../java/net/httpclient/RequestBodyTest.java | 35 +++++------ .../net/httpclient/RequestBodyTest.policy | 11 ++-- test/jdk/java/net/httpclient/dependent.policy | 20 +++--- .../http2/server/Http2TestServer.java | 7 ++- .../jdk/java/net/httpclient/security/0.policy | 9 +-- .../jdk/java/net/httpclient/security/1.policy | 12 ++-- .../java/net/httpclient/security/10.policy | 12 ++-- .../java/net/httpclient/security/11.policy | 18 ++++-- .../java/net/httpclient/security/12.policy | 18 ++++-- .../java/net/httpclient/security/14.policy | 12 ++-- .../java/net/httpclient/security/15.policy | 12 ++-- .../java/net/httpclient/security/16.policy | 12 ++-- .../java/net/httpclient/security/17.policy | 12 ++-- .../jdk/java/net/httpclient/security/2.policy | 12 ++-- .../jdk/java/net/httpclient/security/3.policy | 12 ++-- .../jdk/java/net/httpclient/security/4.policy | 16 +++-- .../jdk/java/net/httpclient/security/5.policy | 12 ++-- .../jdk/java/net/httpclient/security/6.policy | 12 ++-- .../jdk/java/net/httpclient/security/7.policy | 13 ++-- .../jdk/java/net/httpclient/security/8.policy | 12 ++-- .../jdk/java/net/httpclient/security/9.policy | 12 ++-- .../net/httpclient/security/Security.java | 63 ++++++++++--------- 32 files changed, 391 insertions(+), 236 deletions(-) diff --git a/test/jdk/java/net/httpclient/AsFileDownloadTest.java b/test/jdk/java/net/httpclient/AsFileDownloadTest.java index 890f0701b94..96dc2570536 100644 --- a/test/jdk/java/net/httpclient/AsFileDownloadTest.java +++ b/test/jdk/java/net/httpclient/AsFileDownloadTest.java @@ -21,25 +21,6 @@ * questions. */ -/* - * @test - * @summary Basic test for ofFileDownload - * @bug 8196965 8302475 - * @modules java.base/sun.net.www.http - * java.net.http/jdk.internal.net.http.common - * java.net.http/jdk.internal.net.http.frame - * java.net.http/jdk.internal.net.http.hpack - * java.logging - * jdk.httpserver - * @library /test/lib http2/server - * @build Http2TestServer - * @build jdk.test.lib.net.SimpleSSLContext - * @build jdk.test.lib.Platform - * @build jdk.test.lib.util.FileUtils - * @run testng/othervm AsFileDownloadTest - * @run testng/othervm/java.security.policy=AsFileDownloadTest.policy AsFileDownloadTest - */ - import com.sun.net.httpserver.HttpExchange; import com.sun.net.httpserver.HttpHandler; import com.sun.net.httpserver.HttpServer; @@ -81,6 +62,25 @@ import static org.testng.Assert.assertTrue; import static org.testng.Assert.fail; +/* + * @test + * @summary Basic test for ofFileDownload + * @bug 8196965 8302475 + * @modules java.base/sun.net.www.http + * java.net.http/jdk.internal.net.http.common + * java.net.http/jdk.internal.net.http.frame + * java.net.http/jdk.internal.net.http.hpack + * java.logging + * jdk.httpserver + * @library /test/lib http2/server + * @build Http2TestServer + * @build jdk.test.lib.net.SimpleSSLContext + * @build jdk.test.lib.Platform + * @build jdk.test.lib.util.FileUtils + * @run testng/othervm AsFileDownloadTest + * @run testng/othervm/java.security.policy=AsFileDownloadTest.policy AsFileDownloadTest + */ + public class AsFileDownloadTest { SSLContext sslContext; @@ -267,8 +267,10 @@ void negativeTest(String uriString, String contentDispositionValue) // -- Infrastructure static String serverAuthority(HttpServer server) { - return InetAddress.getLoopbackAddress().getHostName() + ":" - + server.getAddress().getPort(); + final String hostIP = InetAddress.getLoopbackAddress().getHostAddress(); + // escape for ipv6 + final String h = hostIP.contains(":") ? "[" + hostIP + "]" : hostIP; + return h + ":" + server.getAddress().getPort(); } @BeforeTest diff --git a/test/jdk/java/net/httpclient/AsFileDownloadTest.policy b/test/jdk/java/net/httpclient/AsFileDownloadTest.policy index 0f38171503d..79103cac6f6 100644 --- a/test/jdk/java/net/httpclient/AsFileDownloadTest.policy +++ b/test/jdk/java/net/httpclient/AsFileDownloadTest.policy @@ -34,7 +34,8 @@ grant codeBase "file:${test.classes}/../../../../java/net/httpclient/http2/serve permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack"; permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http"; - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.lang.RuntimePermission "modifyThread"; }; @@ -42,10 +43,15 @@ grant codeBase "file:${test.classes}/*" { permission java.io.FilePermission "${user.dir}${/}asFileDownloadTest.tmp.dir", "read,write"; permission java.io.FilePermission "${user.dir}${/}asFileDownloadTest.tmp.dir/-", "read,write"; - permission java.net.URLPermission "http://localhost:*/http1/afdt", "POST"; - permission java.net.URLPermission "https://localhost:*/https1/afdt", "POST"; - permission java.net.URLPermission "http://localhost:*/http2/afdt", "POST"; - permission java.net.URLPermission "https://localhost:*/https2/afdt", "POST"; + permission java.net.URLPermission "http://127.0.0.1:*/http1/afdt", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/afdt", "POST"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/afdt", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/afdt", "POST"; + // ipv6 + permission java.net.URLPermission "http://[::1]:*/http1/afdt", "POST"; + permission java.net.URLPermission "https://[::1]:*/https1/afdt", "POST"; + permission java.net.URLPermission "http://[::1]:*/http2/afdt", "POST"; + permission java.net.URLPermission "https://[::1]:*/https2/afdt", "POST"; // needed to grant permission to the HTTP/2 server @@ -58,7 +64,8 @@ grant codeBase "file:${test.classes}/*" { permission java.util.logging.LoggingPermission "control"; // needed to grant the HTTP servers - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "modifyThread"; diff --git a/test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest1.policy b/test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest1.policy index a133d4e9247..b32f23047b1 100644 --- a/test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest1.policy +++ b/test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest1.policy @@ -34,19 +34,29 @@ grant codeBase "file:${test.classes}/../../../../../java/net/httpclient/http2/se permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack"; permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http"; - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.lang.RuntimePermission "modifyThread"; }; grant codeBase "file:${test.classes}/*" { - permission java.net.URLPermission "http://localhost:*/http1/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/https1/echo", "POST"; - permission java.net.URLPermission "http://localhost:*/http2/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/https2/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/http1/echo", "GET"; - permission java.net.URLPermission "https://localhost:*/https1/echo", "GET"; - permission java.net.URLPermission "http://localhost:*/http2/echo", "GET"; - permission java.net.URLPermission "https://localhost:*/https2/echo", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/http1/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/echo", "POST"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/http1/echo", "GET"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/echo", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/echo", "GET"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/echo", "GET"; + // ipv6 + permission java.net.URLPermission "http://[::1]:*/http1/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/https1/echo", "POST"; + permission java.net.URLPermission "http://[::1]:*/http2/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/https2/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/http1/echo", "GET"; + permission java.net.URLPermission "https://[::1]:*/https1/echo", "GET"; + permission java.net.URLPermission "http://[::1]:*/http2/echo", "GET"; + permission java.net.URLPermission "https://[::1]:*/https2/echo", "GET"; // file permissions permission java.io.FilePermission "${user.dir}${/}defaultFile.txt", "read,write,delete"; @@ -69,7 +79,8 @@ grant codeBase "file:${test.classes}/*" { permission java.util.logging.LoggingPermission "control"; // needed to grant the HTTP servers - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "modifyThread"; diff --git a/test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest2.policy b/test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest2.policy index fdde92b4ea5..eac025611a2 100644 --- a/test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest2.policy +++ b/test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest2.policy @@ -36,19 +36,29 @@ grant codeBase "file:${test.classes}/../../../../../java/net/httpclient/http2/se permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack"; permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http"; - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.lang.RuntimePermission "modifyThread"; }; grant codeBase "file:${test.classes}/*" { - permission java.net.URLPermission "http://localhost:*/http1/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/https1/echo", "POST"; - permission java.net.URLPermission "http://localhost:*/http2/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/https2/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/http1/echo", "GET"; - permission java.net.URLPermission "https://localhost:*/https1/echo", "GET"; - permission java.net.URLPermission "http://localhost:*/http2/echo", "GET"; - permission java.net.URLPermission "https://localhost:*/https2/echo", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/http1/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/echo", "POST"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/http1/echo", "GET"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/echo", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/echo", "GET"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/echo", "GET"; + // ipv6 + permission java.net.URLPermission "http://[::1]:*/http1/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/https1/echo", "POST"; + permission java.net.URLPermission "http://[::1]:*/http2/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/https2/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/http1/echo", "GET"; + permission java.net.URLPermission "https://[::1]:*/https1/echo", "GET"; + permission java.net.URLPermission "http://[::1]:*/http2/echo", "GET"; + permission java.net.URLPermission "https://[::1]:*/https2/echo", "GET"; // file permissions permission java.io.FilePermission "${user.dir}${/}defaultFile.txt", "read,write,delete"; @@ -74,7 +84,8 @@ grant codeBase "file:${test.classes}/*" { permission java.util.logging.LoggingPermission "control"; // needed to grant the HTTP servers - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "modifyThread"; diff --git a/test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest3.policy b/test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest3.policy index 4f7c4fee363..e855d69d20e 100644 --- a/test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest3.policy +++ b/test/jdk/java/net/httpclient/FilePublisher/FilePublisherPermsTest3.policy @@ -41,19 +41,29 @@ grant codeBase "file:${test.classes}/../../../../../java/net/httpclient/http2/se permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack"; permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http"; - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.lang.RuntimePermission "modifyThread"; }; grant codeBase "file:${test.classes}/*" { - permission java.net.URLPermission "http://localhost:*/http1/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/https1/echo", "POST"; - permission java.net.URLPermission "http://localhost:*/http2/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/https2/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/http1/echo", "GET"; - permission java.net.URLPermission "https://localhost:*/https1/echo", "GET"; - permission java.net.URLPermission "http://localhost:*/http2/echo", "GET"; - permission java.net.URLPermission "https://localhost:*/https2/echo", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/http1/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/echo", "POST"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/http1/echo", "GET"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/echo", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/echo", "GET"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/echo", "GET"; + // ipv6 + permission java.net.URLPermission "http://[::1]:*/http1/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/https1/echo", "POST"; + permission java.net.URLPermission "http://[::1]:*/http2/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/https2/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/http1/echo", "GET"; + permission java.net.URLPermission "https://[::1]:*/https1/echo", "GET"; + permission java.net.URLPermission "http://[::1]:*/http2/echo", "GET"; + permission java.net.URLPermission "https://[::1]:*/https2/echo", "GET"; // file permissions permission java.io.FilePermission "${user.dir}${/}defaultFile.txt", "read,write,delete"; @@ -77,7 +87,8 @@ grant codeBase "file:${test.classes}/*" { permission java.util.logging.LoggingPermission "control"; // needed to grant the HTTP servers - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "modifyThread"; diff --git a/test/jdk/java/net/httpclient/FilePublisher/FilePublisherTest.policy b/test/jdk/java/net/httpclient/FilePublisher/FilePublisherTest.policy index 82f517858bf..0765c408f9f 100644 --- a/test/jdk/java/net/httpclient/FilePublisher/FilePublisherTest.policy +++ b/test/jdk/java/net/httpclient/FilePublisher/FilePublisherTest.policy @@ -34,19 +34,29 @@ grant codeBase "file:${test.classes}/../../../../../java/net/httpclient/http2/se permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack"; permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http"; - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.lang.RuntimePermission "modifyThread"; }; grant codeBase "file:${test.classes}/*" { - permission java.net.URLPermission "http://localhost:*/http1/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/https1/echo", "POST"; - permission java.net.URLPermission "http://localhost:*/http2/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/https2/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/http1/echo", "GET"; - permission java.net.URLPermission "https://localhost:*/https1/echo", "GET"; - permission java.net.URLPermission "http://localhost:*/http2/echo", "GET"; - permission java.net.URLPermission "https://localhost:*/https2/echo", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/http1/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/echo", "POST"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/http1/echo", "GET"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/echo", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/echo", "GET"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/echo", "GET"; + // ipv6 + permission java.net.URLPermission "http://[::1]:*/http1/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/https1/echo", "POST"; + permission java.net.URLPermission "http://[::1]:*/http2/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/https2/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/http1/echo", "GET"; + permission java.net.URLPermission "https://[::1]:*/https1/echo", "GET"; + permission java.net.URLPermission "http://[::1]:*/http2/echo", "GET"; + permission java.net.URLPermission "https://[::1]:*/https2/echo", "GET"; // file permissions permission java.io.FilePermission "${user.dir}${/}defaultFile.txt", "read,write,delete"; @@ -62,7 +72,8 @@ grant codeBase "file:${test.classes}/*" { permission java.util.logging.LoggingPermission "control"; // needed to grant the HTTP servers - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "modifyThread"; diff --git a/test/jdk/java/net/httpclient/HttpServerAdapters.java b/test/jdk/java/net/httpclient/HttpServerAdapters.java index 8396c65fc5f..2b0c6bbd857 100644 --- a/test/jdk/java/net/httpclient/HttpServerAdapters.java +++ b/test/jdk/java/net/httpclient/HttpServerAdapters.java @@ -530,8 +530,15 @@ static void enableLogging() { public abstract Version getVersion(); public String serverAuthority() { - return InetAddress.getLoopbackAddress().getHostName() + ":" - + getAddress().getPort(); + InetSocketAddress address = getAddress(); + String hostString = address.getHostString(); + hostString = address.getAddress().isLoopbackAddress() || hostString.equals("localhost") + ? address.getAddress().getHostAddress() // use the raw IP address, if loopback + : hostString; // use whatever host string was used to construct the address + hostString = hostString.contains(":") + ? "[" + hostString + "]" + : hostString; + return hostString + ":" + address.getPort(); } public static HttpTestServer of(HttpServer server) { diff --git a/test/jdk/java/net/httpclient/LightWeightHttpServer.java b/test/jdk/java/net/httpclient/LightWeightHttpServer.java index 54fa174296f..92603d55d0a 100644 --- a/test/jdk/java/net/httpclient/LightWeightHttpServer.java +++ b/test/jdk/java/net/httpclient/LightWeightHttpServer.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -119,14 +119,21 @@ public static void initServer() throws IOException { System.out.println("HTTP server port = " + port); httpsport = httpsServer.getAddress().getPort(); System.out.println("HTTPS server port = " + httpsport); - httproot = "http://localhost:" + port + "/"; - httpsroot = "https://localhost:" + httpsport + "/"; + httproot = "http://" + makeServerAuthority(httpServer.getAddress()) + "/"; + httpsroot = "https://" + makeServerAuthority(httpsServer.getAddress()) + "/"; proxy = new ProxyServer(0, false); proxyPort = proxy.getPort(); System.out.println("Proxy port = " + proxyPort); } + private static String makeServerAuthority(final InetSocketAddress addr) { + final String hostIP = addr.getAddress().getHostAddress(); + // escape for ipv6 + final String h = hostIP.contains(":") ? "[" + hostIP + "]" : hostIP; + return h + ":" + addr.getPort(); + } + public static void stop() throws IOException { if (httpServer != null) { httpServer.stop(0); diff --git a/test/jdk/java/net/httpclient/PathSubscriber/ofFile.policy b/test/jdk/java/net/httpclient/PathSubscriber/ofFile.policy index c5df09ae865..de879febb8a 100644 --- a/test/jdk/java/net/httpclient/PathSubscriber/ofFile.policy +++ b/test/jdk/java/net/httpclient/PathSubscriber/ofFile.policy @@ -45,19 +45,29 @@ grant codeBase "file:${test.classes}/../../../../../java/net/httpclient/http2/se permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack"; permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http"; - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.lang.RuntimePermission "modifyThread"; }; grant codeBase "file:${test.classes}/*" { - permission java.net.URLPermission "http://localhost:*/http1/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/https1/echo", "POST"; - permission java.net.URLPermission "http://localhost:*/http2/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/https2/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/http1/echo", "GET"; - permission java.net.URLPermission "https://localhost:*/https1/echo", "GET"; - permission java.net.URLPermission "http://localhost:*/http2/echo", "GET"; - permission java.net.URLPermission "https://localhost:*/https2/echo", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/http1/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/echo", "POST"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/http1/echo", "GET"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/echo", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/echo", "GET"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/echo", "GET"; + // ipv6 + permission java.net.URLPermission "http://[::1]:*/http1/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/https1/echo", "POST"; + permission java.net.URLPermission "http://[::1]:*/http2/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/https2/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/http1/echo", "GET"; + permission java.net.URLPermission "https://[::1]:*/https1/echo", "GET"; + permission java.net.URLPermission "http://[::1]:*/http2/echo", "GET"; + permission java.net.URLPermission "https://[::1]:*/https2/echo", "GET"; // file permissions for test files permission java.io.FilePermission "${user.dir}${/}defaultFile.txt", "read,write,delete"; @@ -77,7 +87,8 @@ grant codeBase "file:${test.classes}/*" { permission java.util.logging.LoggingPermission "control"; // needed to grant the HTTP servers - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "modifyThread"; diff --git a/test/jdk/java/net/httpclient/PathSubscriber/ofFileDownload.policy b/test/jdk/java/net/httpclient/PathSubscriber/ofFileDownload.policy index a9dc8816241..34068386cd1 100644 --- a/test/jdk/java/net/httpclient/PathSubscriber/ofFileDownload.policy +++ b/test/jdk/java/net/httpclient/PathSubscriber/ofFileDownload.policy @@ -45,19 +45,29 @@ grant codeBase "file:${test.classes}/../../../../../java/net/httpclient/http2/se permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack"; permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http"; - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.lang.RuntimePermission "modifyThread"; }; grant codeBase "file:${test.classes}/*" { - permission java.net.URLPermission "http://localhost:*/http1/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/https1/echo", "POST"; - permission java.net.URLPermission "http://localhost:*/http2/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/https2/echo", "POST"; - permission java.net.URLPermission "https://localhost:*/http1/echo", "GET"; - permission java.net.URLPermission "https://localhost:*/https1/echo", "GET"; - permission java.net.URLPermission "http://localhost:*/http2/echo", "GET"; - permission java.net.URLPermission "https://localhost:*/https2/echo", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/http1/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/echo", "POST"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/echo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/http1/echo", "GET"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/echo", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/echo", "GET"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/echo", "GET"; + // ipv6 + permission java.net.URLPermission "http://[::1]:*/http1/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/https1/echo", "POST"; + permission java.net.URLPermission "http://[::1]:*/http2/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/https2/echo", "POST"; + permission java.net.URLPermission "https://[::1]:*/http1/echo", "GET"; + permission java.net.URLPermission "https://[::1]:*/https1/echo", "GET"; + permission java.net.URLPermission "http://[::1]:*/http2/echo", "GET"; + permission java.net.URLPermission "https://[::1]:*/https2/echo", "GET"; // file permissions for test files permission java.io.FilePermission "${user.dir}${/}file.zip", "read,write"; @@ -74,7 +84,8 @@ grant codeBase "file:${test.classes}/*" { permission java.util.logging.LoggingPermission "control"; // needed to grant the HTTP servers - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "modifyThread"; diff --git a/test/jdk/java/net/httpclient/RequestBodyTest.java b/test/jdk/java/net/httpclient/RequestBodyTest.java index b323efd86e5..805a5b490db 100644 --- a/test/jdk/java/net/httpclient/RequestBodyTest.java +++ b/test/jdk/java/net/httpclient/RequestBodyTest.java @@ -21,24 +21,6 @@ * questions. */ -/* - * @test - * @bug 8087112 - * @modules java.net.http - * java.logging - * jdk.httpserver - * @library /test/lib - * @compile ../../../com/sun/net/httpserver/LogFilter.java - * @compile ../../../com/sun/net/httpserver/EchoHandler.java - * @compile ../../../com/sun/net/httpserver/FileServerHandler.java - * @build jdk.test.lib.net.SimpleSSLContext - * @build LightWeightHttpServer - * @build jdk.test.lib.Platform - * @build jdk.test.lib.util.FileUtils - * @run testng/othervm RequestBodyTest - * @run testng/othervm/java.security.policy=RequestBodyTest.policy RequestBodyTest - */ - import java.io.*; import java.net.URI; import java.net.http.HttpClient; @@ -74,6 +56,23 @@ import org.testng.annotations.Test; import static org.testng.Assert.*; +/* + * @test + * @bug 8087112 + * @modules java.net.http + * java.logging + * jdk.httpserver + * @library /test/lib + * @compile ../../../com/sun/net/httpserver/LogFilter.java + * @compile ../../../com/sun/net/httpserver/EchoHandler.java + * @compile ../../../com/sun/net/httpserver/FileServerHandler.java + * @build jdk.test.lib.net.SimpleSSLContext + * @build LightWeightHttpServer + * @build jdk.test.lib.Platform + * @build jdk.test.lib.util.FileUtils + * @run testng/othervm RequestBodyTest + * @run testng/othervm/java.security.policy=RequestBodyTest.policy RequestBodyTest + */ public class RequestBodyTest { static final String fileroot = System.getProperty("test.src", ".") + "/docs"; diff --git a/test/jdk/java/net/httpclient/RequestBodyTest.policy b/test/jdk/java/net/httpclient/RequestBodyTest.policy index d3797cf472d..0bfedf22b84 100644 --- a/test/jdk/java/net/httpclient/RequestBodyTest.policy +++ b/test/jdk/java/net/httpclient/RequestBodyTest.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -38,14 +38,17 @@ grant codeBase "file:${test.classes}/*" { permission java.io.FilePermission "${test.src}${/}docs${/}files${/}notsobigfile.txt", "read"; permission java.io.FilePermission "RequestBodyTest.tmp", "read,write,delete"; - permission java.net.URLPermission "http://localhost:*/echo/foo", "POST"; - permission java.net.URLPermission "https://localhost:*/echo/foo", "POST"; + permission java.net.URLPermission "http://127.0.0.1:*/echo/foo", "POST"; + permission java.net.URLPermission "https://127.0.0.1:*/echo/foo", "POST"; + permission java.net.URLPermission "http://[::1]:*/echo/foo", "POST"; + permission java.net.URLPermission "https://[::1]:*/echo/foo", "POST"; // for HTTP/1.1 server logging permission java.util.logging.LoggingPermission "control"; // needed to grant the HTTP server - permission java.net.SocketPermission "localhost:*", "accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "accept,resolve"; permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "modifyThread"; diff --git a/test/jdk/java/net/httpclient/dependent.policy b/test/jdk/java/net/httpclient/dependent.policy index 2396a118b20..a7562f43364 100644 --- a/test/jdk/java/net/httpclient/dependent.policy +++ b/test/jdk/java/net/httpclient/dependent.policy @@ -34,7 +34,8 @@ grant codeBase "file:${test.classes}/../../../../java/net/httpclient/http2/serve permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.hpack"; permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http"; - permission java.net.SocketPermission "localhost:*", "listen,accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "listen,accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "listen,accept,resolve"; permission java.lang.RuntimePermission "modifyThread"; }; @@ -42,11 +43,15 @@ grant codeBase "file:${test.classes}/*" { permission java.io.FilePermission "${user.dir}${/}asFileDownloadTest.tmp.dir", "read,write"; permission java.io.FilePermission "${user.dir}${/}asFileDownloadTest.tmp.dir/-", "read,write"; - permission java.net.URLPermission "http://localhost:*/http1/-", "GET,POST"; - permission java.net.URLPermission "https://localhost:*/https1/-", "GET,POST"; - permission java.net.URLPermission "http://localhost:*/http2/-", "GET,POST"; - permission java.net.URLPermission "https://localhost:*/https2/-", "GET,POST"; - + permission java.net.URLPermission "http://127.0.0.1:*/http1/-", "GET,POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https1/-", "GET,POST"; + permission java.net.URLPermission "http://127.0.0.1:*/http2/-", "GET,POST"; + permission java.net.URLPermission "https://127.0.0.1:*/https2/-", "GET,POST"; + // ipv6 + permission java.net.URLPermission "http://[::1]:*/http1/-", "GET,POST"; + permission java.net.URLPermission "https://[::1]:*/https1/-", "GET,POST"; + permission java.net.URLPermission "http://[::1]:*/http2/-", "GET,POST"; + permission java.net.URLPermission "https://[::1]:*/https2/-", "GET,POST"; // needed to grant permission to the HTTP/2 server permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.net.http.common"; @@ -58,7 +63,8 @@ grant codeBase "file:${test.classes}/*" { permission java.util.logging.LoggingPermission "control"; // needed to grant the HTTP servers - permission java.net.SocketPermission "localhost:*", "listen,accept,resolve"; + permission java.net.SocketPermission "127.0.0.1:*", "listen,accept,resolve"; + permission java.net.SocketPermission "[::1]:*", "listen,accept,resolve"; permission java.util.PropertyPermission "*", "read"; permission java.lang.RuntimePermission "modifyThread"; diff --git a/test/jdk/java/net/httpclient/http2/server/Http2TestServer.java b/test/jdk/java/net/httpclient/http2/server/Http2TestServer.java index f8592272588..ab756b543ba 100644 --- a/test/jdk/java/net/httpclient/http2/server/Http2TestServer.java +++ b/test/jdk/java/net/httpclient/http2/server/Http2TestServer.java @@ -81,8 +81,11 @@ public InetSocketAddress getAddress() { } public String serverAuthority() { - return InetAddress.getLoopbackAddress().getHostName() + ":" - + getAddress().getPort(); + final InetSocketAddress inetSockAddr = getAddress(); + final String hostIP = inetSockAddr.getAddress().getHostAddress(); + // escape for ipv6 + final String h = hostIP.contains(":") ? "[" + hostIP + "]" : hostIP; + return h + ":" + inetSockAddr.getPort(); } public Http2TestServer(boolean secure, diff --git a/test/jdk/java/net/httpclient/security/0.policy b/test/jdk/java/net/httpclient/security/0.policy index 32a1e54da52..2e2b4588168 100644 --- a/test/jdk/java/net/httpclient/security/0.policy +++ b/test/jdk/java/net/httpclient/security/0.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -29,7 +29,8 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; @@ -39,8 +40,8 @@ grant { // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/1.policy b/test/jdk/java/net/httpclient/security/1.policy index 3c5d96da67d..ee9e021c50e 100644 --- a/test/jdk/java/net/httpclient/security/1.policy +++ b/test/jdk/java/net/httpclient/security/1.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,19 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:${port.number}/files/foo.txt", "GET"; + permission java.net.URLPermission "http://127.0.0.1:${port.number}/files/foo.txt", "GET"; + permission java.net.URLPermission "http://[::1]:${port.number}/files/foo.txt", "GET"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/10.policy b/test/jdk/java/net/httpclient/security/10.policy index f131a44dcfd..a83bf44153c 100644 --- a/test/jdk/java/net/httpclient/security/10.policy +++ b/test/jdk/java/net/httpclient/security/10.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,16 +28,18 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:${port.number}/files/foo.txt", "GET:*"; + permission java.net.URLPermission "http://127.0.0.1:${port.number}/files/foo.txt", "GET:*"; + permission java.net.URLPermission "http://[::1]:${port.number}/files/foo.txt", "GET:*"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/11.policy b/test/jdk/java/net/httpclient/security/11.policy index 51fee36bc17..f75fdcc7dfd 100644 --- a/test/jdk/java/net/httpclient/security/11.policy +++ b/test/jdk/java/net/httpclient/security/11.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,18 +28,26 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:${port.number}/files/foo.txt", "GET:*"; + permission java.net.URLPermission "http://127.0.0.1:${port.number}/files/foo.txt", "GET:*"; + permission java.net.URLPermission "socket://127.0.0.1:${port.number1}", "CONNECT"; + // ipv6 + permission java.net.URLPermission "http://[::1]:${port.number}/files/foo.txt", "GET:*"; + permission java.net.URLPermission "socket://[::1]:${port.number1}", "CONNECT"; + // this specific test uses a proxy configured to loopback address. the httpclient implementation + // during permissions check uses the InetAddress.hostString() API which can return resolved + // hostname, so we use include a permission for "localhost" to cover that case too permission java.net.URLPermission "socket://localhost:${port.number1}", "CONNECT"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/12.policy b/test/jdk/java/net/httpclient/security/12.policy index 51fee36bc17..f75fdcc7dfd 100644 --- a/test/jdk/java/net/httpclient/security/12.policy +++ b/test/jdk/java/net/httpclient/security/12.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,18 +28,26 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:${port.number}/files/foo.txt", "GET:*"; + permission java.net.URLPermission "http://127.0.0.1:${port.number}/files/foo.txt", "GET:*"; + permission java.net.URLPermission "socket://127.0.0.1:${port.number1}", "CONNECT"; + // ipv6 + permission java.net.URLPermission "http://[::1]:${port.number}/files/foo.txt", "GET:*"; + permission java.net.URLPermission "socket://[::1]:${port.number1}", "CONNECT"; + // this specific test uses a proxy configured to loopback address. the httpclient implementation + // during permissions check uses the InetAddress.hostString() API which can return resolved + // hostname, so we use include a permission for "localhost" to cover that case too permission java.net.URLPermission "socket://localhost:${port.number1}", "CONNECT"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/14.policy b/test/jdk/java/net/httpclient/security/14.policy index 0a6562b2691..39bdbea6654 100644 --- a/test/jdk/java/net/httpclient/security/14.policy +++ b/test/jdk/java/net/httpclient/security/14.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,19 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:*/files/foo.txt", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/files/foo.txt", "GET"; + permission java.net.URLPermission "http://[::1]:*/files/foo.txt", "GET"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/15.policy b/test/jdk/java/net/httpclient/security/15.policy index 6fa7a0d4a17..ba6b9feb363 100644 --- a/test/jdk/java/net/httpclient/security/15.policy +++ b/test/jdk/java/net/httpclient/security/15.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,12 +28,14 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:*/files/foo.txt", "GET:*"; + permission java.net.URLPermission "http://127.0.0.1:*/files/foo.txt", "GET:*"; + permission java.net.URLPermission "http://[::1]:*/files/foo.txt", "GET:*"; // Test checks for this explicitly permission java.lang.RuntimePermission "foobar"; @@ -42,6 +44,6 @@ grant { // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/16.policy b/test/jdk/java/net/httpclient/security/16.policy index 5d9939fa00c..7d755cfff94 100644 --- a/test/jdk/java/net/httpclient/security/16.policy +++ b/test/jdk/java/net/httpclient/security/16.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -29,17 +29,19 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:${port.number}/files/foo.txt", "GET:Host"; + permission java.net.URLPermission "http://127.0.0.1:${port.number}/files/foo.txt", "GET:Host"; + permission java.net.URLPermission "http://[::1]:${port.number}/files/foo.txt", "GET:Host"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/17.policy b/test/jdk/java/net/httpclient/security/17.policy index ae26c857b02..92ee7f3d609 100644 --- a/test/jdk/java/net/httpclient/security/17.policy +++ b/test/jdk/java/net/httpclient/security/17.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,18 +28,20 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:${port.number}/files/foo.txt", "GET:Host"; + permission java.net.URLPermission "http://127.0.0.1:${port.number}/files/foo.txt", "GET:Host"; + permission java.net.URLPermission "http://[::1]:${port.number}/files/foo.txt", "GET:Host"; permission java.net.URLPermission "http://foohost:123/files/foo.txt", "GET:Host"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/2.policy b/test/jdk/java/net/httpclient/security/2.policy index 4d7f859556b..b69c589ee68 100644 --- a/test/jdk/java/net/httpclient/security/2.policy +++ b/test/jdk/java/net/httpclient/security/2.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,19 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:*/files/*", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/files/*", "GET"; + permission java.net.URLPermission "http://[::1]:*/files/*", "GET"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/3.policy b/test/jdk/java/net/httpclient/security/3.policy index 81837843368..32383fe88d3 100644 --- a/test/jdk/java/net/httpclient/security/3.policy +++ b/test/jdk/java/net/httpclient/security/3.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,19 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:*/redirect/foo.txt", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/redirect/foo.txt", "GET"; + permission java.net.URLPermission "http://[::1]:*/redirect/foo.txt", "GET"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/4.policy b/test/jdk/java/net/httpclient/security/4.policy index 5ea9284a4f1..7973c76d981 100644 --- a/test/jdk/java/net/httpclient/security/4.policy +++ b/test/jdk/java/net/httpclient/security/4.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,18 +28,22 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:*/redirect/foo.txt", "GET"; - permission java.net.URLPermission "http://localhost:*/redirect/bar.txt", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/redirect/foo.txt", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/redirect/bar.txt", "GET"; + // ipv6 + permission java.net.URLPermission "http://[::1]:*/redirect/foo.txt", "GET"; + permission java.net.URLPermission "http://[::1]:*/redirect/bar.txt", "GET"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/5.policy b/test/jdk/java/net/httpclient/security/5.policy index b20917a9444..0b480f95234 100644 --- a/test/jdk/java/net/httpclient/security/5.policy +++ b/test/jdk/java/net/httpclient/security/5.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,19 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:*/redirect/bar.txt", "GET"; + permission java.net.URLPermission "http://127.0.0.1:*/redirect/bar.txt", "GET"; + permission java.net.URLPermission "http://[::1]:*/redirect/bar.txt", "GET"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/6.policy b/test/jdk/java/net/httpclient/security/6.policy index f535b51ec20..80d2838bebe 100644 --- a/test/jdk/java/net/httpclient/security/6.policy +++ b/test/jdk/java/net/httpclient/security/6.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,19 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:*/files/foo.txt", "POST"; + permission java.net.URLPermission "http://127.0.0.1:*/files/foo.txt", "POST"; + permission java.net.URLPermission "http://[::1]:*/files/foo.txt", "POST"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/7.policy b/test/jdk/java/net/httpclient/security/7.policy index 29564ef73a1..8fddf36c66e 100644 --- a/test/jdk/java/net/httpclient/security/7.policy +++ b/test/jdk/java/net/httpclient/security/7.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,20 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:*/files/foo.txt", "GET:X-Bar"; + permission java.net.URLPermission "http://127.0.0.1:*/files/foo.txt", "GET:X-Bar"; + permission java.net.URLPermission "http://[::1]:*/files/foo.txt", "GET:X-Bar"; + }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/8.policy b/test/jdk/java/net/httpclient/security/8.policy index 7a2cd1b4904..4bc507b3e31 100644 --- a/test/jdk/java/net/httpclient/security/8.policy +++ b/test/jdk/java/net/httpclient/security/8.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,19 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:*/files/foo.txt", "GET:X-Foo1,X-Foo,X-Bar"; + permission java.net.URLPermission "http://127.0.0.1:*/files/foo.txt", "GET:X-Foo1,X-Foo,X-Bar"; + permission java.net.URLPermission "http://[::1]:*/files/foo.txt", "GET:X-Foo1,X-Foo,X-Bar"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/9.policy b/test/jdk/java/net/httpclient/security/9.policy index 79cdee73b73..ce7336c2975 100644 --- a/test/jdk/java/net/httpclient/security/9.policy +++ b/test/jdk/java/net/httpclient/security/9.policy @@ -1,5 +1,5 @@ // -// Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved. +// Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved. // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. // // This code is free software; you can redistribute it and/or modify it @@ -28,17 +28,19 @@ grant { permission java.io.FilePermission "${test.classes}${/}-", "read,write,delete"; permission java.lang.RuntimePermission "modifyThread"; permission java.util.logging.LoggingPermission "control", ""; - permission java.net.SocketPermission "localhost:1024-", "accept,listen"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen"; permission java.io.FilePermission "${test.src}${/}docs${/}-", "read"; permission java.lang.RuntimePermission "createClassLoader"; // permissions specific to this test - permission java.net.URLPermission "http://localhost:*/files/foo.txt", "GET:*"; + permission java.net.URLPermission "http://127.0.0.1:*/files/foo.txt", "GET:*"; + permission java.net.URLPermission "http://[::1]:*/files/foo.txt", "GET:*"; }; // For proxy only. Not being tested grant codebase "file:${test.classes}/proxydir/-" { - permission java.net.SocketPermission "localhost:1024-", "accept,listen,connect"; - permission java.net.SocketPermission "localhost:1024-", "connect,resolve"; + permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen,connect,resolve"; + permission java.net.SocketPermission "[::1]:1024-", "accept,listen,connect,resolve"; }; diff --git a/test/jdk/java/net/httpclient/security/Security.java b/test/jdk/java/net/httpclient/security/Security.java index fc2fcd1503e..5e6566dcd82 100644 --- a/test/jdk/java/net/httpclient/security/Security.java +++ b/test/jdk/java/net/httpclient/security/Security.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -103,6 +103,7 @@ public class Security { static String httproot, fileuri, fileroot, redirectroot; static List clients = new LinkedList<>(); static URI uri; + static String serverAuthority; interface ThrowingRunnable { void run() throws Throwable; } @@ -201,56 +202,56 @@ static TestAndResult[] createTests() { return new TestAndResult[] { // (0) policy does not have permission for file. Should fail TestAndResult.of(true, () -> { // Policy 0 - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u).GET().build(); HttpResponse response = client.send(request, ofString()); System.out.println("Received response:" + response); }), // (1) policy has permission for file URL TestAndResult.of(false, () -> { //Policy 1 - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u).GET().build(); HttpResponse response = client.send(request, ofString()); System.out.println("Received response:" + response); }), // (2) policy has permission for all file URLs under /files TestAndResult.of(false, () -> { // Policy 2 - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u).GET().build(); HttpResponse response = client.send(request, ofString()); System.out.println("Received response:" + response); }), // (3) policy has permission for first URL but not redirected URL TestAndResult.of(true, () -> { // Policy 3 - URI u = URI.create("http://localhost:" + port + "/redirect/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/redirect/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u).GET().build(); HttpResponse response = client.send(request, ofString()); System.out.println("Received response:" + response); }), // (4) policy has permission for both first URL and redirected URL TestAndResult.of(false, () -> { // Policy 4 - URI u = URI.create("http://localhost:" + port + "/redirect/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/redirect/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u).GET().build(); HttpResponse response = client.send(request, ofString()); System.out.println("Received response:" + response); }), // (5) policy has permission for redirected but not first URL TestAndResult.of(true, () -> { // Policy 5 - URI u = URI.create("http://localhost:" + port + "/redirect/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/redirect/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u).GET().build(); HttpResponse response = client.send(request, ofString()); System.out.println("Received response:" + response); }), // (6) policy has permission for file URL, but not method TestAndResult.of(true, () -> { //Policy 6 - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u).GET().build(); HttpResponse response = client.send(request, ofString()); System.out.println("Received response:" + response); }), // (7) policy has permission for file URL, method, but not header TestAndResult.of(true, () -> { //Policy 7 - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u) .header("X-Foo", "bar") .GET() @@ -260,7 +261,7 @@ static TestAndResult[] createTests() { }), // (8) policy has permission for file URL, method and header TestAndResult.of(false, () -> { //Policy 8 - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u) .header("X-Foo", "bar") .GET() @@ -270,7 +271,7 @@ static TestAndResult[] createTests() { }), // (9) policy has permission for file URL, method and header TestAndResult.of(false, () -> { //Policy 9 - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u) .headers("X-Foo", "bar", "X-Bar", "foo") .GET() @@ -292,7 +293,7 @@ static TestAndResult[] createTests() { }), // (13) async version of test 0 TestAndResult.of(true, () -> { // Policy 0 - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u).GET().build(); try { HttpResponse response = client.sendAsync(request, ofString()).get(); @@ -307,14 +308,14 @@ static TestAndResult[] createTests() { }), // (14) async version of test 1 TestAndResult.of(false, () -> { //Policy 1 - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u).GET().build(); try { HttpResponse response = client.sendAsync(request, ofString()).get(); System.out.println("Received response:" + response); } catch (ExecutionException e) { - if (e.getCause() instanceof SecurityException) { - throw (SecurityException)e.getCause(); + if (e.getCause() instanceof SecurityException se) { + throw se; } else { throw new RuntimeException(e); } @@ -323,7 +324,7 @@ static TestAndResult[] createTests() { // (15) check that user provided unprivileged code running on a worker // thread does not gain ungranted privileges. TestAndResult.of(true, () -> { //Policy 12 - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u).GET().build(); HttpResponse.BodyHandler sth = ofString(); @@ -369,18 +370,18 @@ public void onComplete() { System.out.println("Received response:" + response); } catch (CompletionException e) { Throwable t = e.getCause(); - if (t instanceof SecurityException) - throw (SecurityException)t; + if (t instanceof SecurityException se) + throw se; else if ((t instanceof IOException) - && (t.getCause() instanceof SecurityException)) - throw ((SecurityException)t.getCause()); + && (t.getCause() instanceof SecurityException se)) + throw se; else throw new RuntimeException(t); } }), // (16) allowed to set Host header but does not have permission TestAndResult.of(true, () -> { //Policy 16 - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u) .header("Host", "foohost:123") .GET().build(); @@ -389,7 +390,7 @@ else if ((t instanceof IOException) }), // (17) allowed to set Host header and does have permission TestAndResult.of(false, () -> { //Policy 17 - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u) .header("Host", "foohost:123") .GET().build(); @@ -426,14 +427,13 @@ private static void directProxyTest(int proxyPort, boolean samePort) } System.out.println("Proxy port, p:" + p); - InetSocketAddress addr = new InetSocketAddress(InetAddress.getLoopbackAddress(), - p); + InetSocketAddress addr = new InetSocketAddress(InetAddress.getLoopbackAddress(), p); HttpClient cl = HttpClient.newBuilder() .proxy(ProxySelector.of(addr)) .build(); clients.add(cl); - URI u = URI.create("http://localhost:" + port + "/files/foo.txt"); + URI u = URI.create("http://" + serverAuthority + "/files/foo.txt"); HttpRequest request = HttpRequest.newBuilder(u) .headers("X-Foo", "bar", "X-Bar", "foo") .build(); @@ -498,13 +498,20 @@ public static void initServer() throws Exception { throw new RuntimeException("Error wrong port"); System.out.println("Port was assigned by Driver"); } - System.out.println("HTTP server port = " + port); - httproot = "http://localhost:" + port + "/files/"; - redirectroot = "http://localhost:" + port + "/redirect/"; + serverAuthority = makeServerAuthority(addr.getAddress().getHostAddress(), port); + System.out.println("HTTP server started at " + serverAuthority); + httproot = "http://" + serverAuthority + "/files/"; + redirectroot = "http://" + serverAuthority + "/redirect/"; uri = new URI(httproot); fileuri = httproot + "foo.txt"; } + private static String makeServerAuthority(final String host, final int port) { + // escape for ipv6 + final String h = host.contains(":") ? "[" + host + "]" : host; + return h + ":" + port; + } + static class RedirectHandler implements HttpHandler { String root; From bc7379065d34fea56e526cc5bb81447fc0935c99 Mon Sep 17 00:00:00 2001 From: Sergey Bylokhov Date: Tue, 5 Mar 2024 09:06:13 +0000 Subject: [PATCH 2/2] 8322750: Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray Backport-of: 5a988a5087d0afbb577c6715fd5e1e44564888cb --- .../unix/classes/sun/awt/UNIXToolkit.java | 72 ++++++++++++++++++- .../classes/sun/awt/X11/XSystemTrayPeer.java | 27 +++++-- 2 files changed, 92 insertions(+), 7 deletions(-) diff --git a/src/java.desktop/unix/classes/sun/awt/UNIXToolkit.java b/src/java.desktop/unix/classes/sun/awt/UNIXToolkit.java index 31764c74948..d785823ea8e 100644 --- a/src/java.desktop/unix/classes/sun/awt/UNIXToolkit.java +++ b/src/java.desktop/unix/classes/sun/awt/UNIXToolkit.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2004, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,8 +26,12 @@ import java.awt.RenderingHints; import static java.awt.RenderingHints.*; +import static java.util.concurrent.TimeUnit.SECONDS; import java.awt.color.ColorSpace; import java.awt.image.*; +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStreamReader; import java.security.AccessController; import java.security.PrivilegedAction; @@ -214,6 +218,72 @@ protected Object lazilyLoadGTKIcon(String longname) { return img; } + private static volatile Boolean shouldDisableSystemTray = null; + + /** + * There is an issue displaying the xembed icons in appIndicators + * area with certain Gnome Shell versions. + * To avoid any loss of quality of service, we are disabling + * SystemTray support in such cases. + * + * @return true if system tray should be disabled + */ + public boolean shouldDisableSystemTray() { + Boolean result = shouldDisableSystemTray; + if (result == null) { + synchronized (GTK_LOCK) { + result = shouldDisableSystemTray; + if (result == null) { + if ("gnome".equals(getDesktop())) { + @SuppressWarnings("removal") + Integer gnomeShellMajorVersion = + AccessController + .doPrivileged((PrivilegedAction) + this::getGnomeShellMajorVersion); + + if (gnomeShellMajorVersion == null + || gnomeShellMajorVersion < 45) { + + return shouldDisableSystemTray = true; + } + } + shouldDisableSystemTray = result = false; + } + } + } + return result; + } + + private Integer getGnomeShellMajorVersion() { + try { + Process process = + new ProcessBuilder("/usr/bin/gnome-shell", "--version") + .start(); + try (InputStreamReader isr = new InputStreamReader(process.getInputStream()); + BufferedReader reader = new BufferedReader(isr)) { + + if (process.waitFor(2, SECONDS) && process.exitValue() == 0) { + String line = reader.readLine(); + if (line != null) { + String[] versionComponents = line + .replaceAll("[^\\d.]", "") + .split("\\."); + + if (versionComponents.length >= 1) { + return Integer.parseInt(versionComponents[0]); + } + } + } + } + } catch (IOException + | InterruptedException + | IllegalThreadStateException + | NumberFormatException ignored) { + } + + return null; + } + /** * Returns a BufferedImage which contains the Gtk icon requested. If no * such icon exists or an error occurs loading the icon the result will diff --git a/src/java.desktop/unix/classes/sun/awt/X11/XSystemTrayPeer.java b/src/java.desktop/unix/classes/sun/awt/X11/XSystemTrayPeer.java index 1a9d040616e..cdbb74ddac1 100644 --- a/src/java.desktop/unix/classes/sun/awt/X11/XSystemTrayPeer.java +++ b/src/java.desktop/unix/classes/sun/awt/X11/XSystemTrayPeer.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2018, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,6 +30,7 @@ import sun.awt.SunToolkit; import sun.awt.AppContext; import sun.awt.AWTAccessor; +import sun.awt.UNIXToolkit; import sun.util.logging.PlatformLogger; public class XSystemTrayPeer implements SystemTrayPeer, XMSelectionListener { @@ -48,22 +49,32 @@ public class XSystemTrayPeer implements SystemTrayPeer, XMSelectionListener { private static final XAtom _NET_SYSTEM_TRAY_OPCODE = XAtom.get("_NET_SYSTEM_TRAY_OPCODE"); private static final XAtom _NET_WM_ICON = XAtom.get("_NET_WM_ICON"); private static final long SYSTEM_TRAY_REQUEST_DOCK = 0; + private final boolean shouldDisableSystemTray; XSystemTrayPeer(SystemTray target) { this.target = target; peerInstance = this; - selection.addSelectionListener(this); + UNIXToolkit tk = (UNIXToolkit)Toolkit.getDefaultToolkit(); + shouldDisableSystemTray = tk.shouldDisableSystemTray(); - long selection_owner = selection.getOwner(SCREEN); - available = (selection_owner != XConstants.None); + if (!shouldDisableSystemTray) { + selection.addSelectionListener(this); - if (log.isLoggable(PlatformLogger.Level.FINE)) { - log.fine(" check if system tray is available. selection owner: " + selection_owner); + long selection_owner = selection.getOwner(SCREEN); + available = (selection_owner != XConstants.None); + + if (log.isLoggable(PlatformLogger.Level.FINE)) { + log.fine(" check if system tray is available. selection owner: " + selection_owner); + } } } public void ownerChanged(int screen, XMSelection sel, long newOwner, long data, long timestamp) { + if (shouldDisableSystemTray) { + return; + } + if (screen != SCREEN) { return; } @@ -77,6 +88,10 @@ public void ownerChanged(int screen, XMSelection sel, long newOwner, long data, } public void ownerDeath(int screen, XMSelection sel, long deadOwner) { + if (shouldDisableSystemTray) { + return; + } + if (screen != SCREEN) { return; }