|
1 /* |
|
2 * Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 package com.nokia.mj.impl.security.midp.authorization; |
|
20 |
|
21 |
|
22 |
|
23 import java.util.Hashtable; |
|
24 import com.nokia.mj.impl.utils.Uid; |
|
25 import com.nokia.mj.impl.installer.utils.InstallerMain; |
|
26 import com.nokia.mj.impl.security.midp.authorization.AccessControllerImpl; |
|
27 import com.nokia.mj.impl.security.midp.authorization.PermissionResolver; |
|
28 import com.nokia.mj.impl.security.midp.authorization.AccessControllerFactoryImpl; |
|
29 import com.nokia.mj.impl.utils.exception.ExceptionBase; |
|
30 import com.nokia.mj.impl.security.midp.authentication.AuthenticationModule; |
|
31 import com.nokia.mj.impl.security.midp.authorization.PermissionGranter; |
|
32 import com.nokia.mj.impl.security.midp.common.AuthenticationCredentials; |
|
33 import com.nokia.mj.impl.security.midp.common.SecurityAttributes; |
|
34 import com.nokia.mj.impl.security.midp.common.SigningCertificate; |
|
35 import com.nokia.mj.impl.security.midp.common.AuthenticationAttribute; |
|
36 import com.nokia.mj.impl.security.midp.common.MIDPPermission; |
|
37 import com.nokia.mj.impl.security.midp.common.PermissionMappingTable; |
|
38 import com.nokia.mj.impl.security.midp.common.TestPermissionMappingTable; |
|
39 import com.nokia.mj.impl.utils.Attribute; |
|
40 import com.nokia.mj.impl.security.utils.*; |
|
41 import java.security.*; |
|
42 //import javax.microedition.io.*; |
|
43 import com.nokia.mj.impl.security.midp.storage.SecurityStorage; |
|
44 import com.nokia.mj.impl.storage.*; |
|
45 import com.nokia.mj.impl.security.midp.common.PolicyBasedPermission; |
|
46 import com.nokia.mj.impl.security.midp.common.PolicyBasedPermissionImpl; |
|
47 import com.nokia.mj.impl.security.midp.common.UserSecuritySettings; |
|
48 import com.nokia.mj.impl.security.midp.common.GeneralSecuritySettings; |
|
49 import com.nokia.mj.impl.security.midp.common.UserSecuritySettingsImpl; |
|
50 import com.nokia.mj.impl.rt.ui.RuntimeUiFactory; |
|
51 import com.nokia.mj.impl.rt.ui.RuntimeUi; |
|
52 |
|
53 import j2meunit.framework.Test; |
|
54 import j2meunit.framework.TestCase; |
|
55 import j2meunit.framework.TestMethod; |
|
56 import j2meunit.framework.TestSuite; |
|
57 |
|
58 import java.util.Vector; |
|
59 |
|
60 /** |
|
61 * Interactive AccessController unit tests. |
|
62 */ |
|
63 public class InteractiveAccessControllerTests extends TestCase implements InstallerMain |
|
64 { |
|
65 |
|
66 private static String TEST_DATA_DIR; |
|
67 |
|
68 static |
|
69 { |
|
70 String platform = System.getProperty("os.name"); |
|
71 if (platform != null && platform.equalsIgnoreCase("linux")) |
|
72 { |
|
73 TEST_DATA_DIR = System.getProperty("JAVA_BIN_ROOT") + "/securitytestdata/"; |
|
74 } |
|
75 else |
|
76 { |
|
77 TEST_DATA_DIR = "C:\\java\\securitytestdata\\"; |
|
78 } |
|
79 } |
|
80 |
|
81 /** |
|
82 * Hashtable holding all the attributes. Tests populate this hashtable |
|
83 * prior to being executed |
|
84 */ |
|
85 protected Hashtable allAttributes; |
|
86 |
|
87 AuthenticationModule authenticationModule; |
|
88 PermissionGranter permissionGranter; |
|
89 |
|
90 // general-purpose constants |
|
91 protected static final String MIDP_PROFILE_ATTRIBUTE_NAME = "MicroEdition-Profile"; |
|
92 protected static final String MIDP3 = "MIDP-3.0"; |
|
93 protected static final String MIDP2 = "MIDP-2.0"; |
|
94 private static final String COMMA = ","; |
|
95 |
|
96 /** |
|
97 * The implementation's mapping between (MIDP2 and MIDP3 permissions) and the |
|
98 * internal class permissions |
|
99 */ |
|
100 private Hashtable IMPL_PERMISSION_MAPPING_TABLE; |
|
101 |
|
102 /** |
|
103 * The mapping between (MIDP2 and MIDP3 permissions) and the internal |
|
104 * class permissions |
|
105 */ |
|
106 //private Hashtable TEST_PERMISSION_MAPPING_TABLE; |
|
107 |
|
108 // Begin j2meunit test framework setup |
|
109 public void installerMain(String[] args) |
|
110 { |
|
111 TestSuite suite = new TestSuite(this.getClass().getName()); |
|
112 |
|
113 suite.addTest(new InteractiveAccessControllerTests("testAVKONSecurityPrompts", new TestMethod() |
|
114 { |
|
115 public void run(TestCase tc) |
|
116 { |
|
117 ((InteractiveAccessControllerTests)tc).testAVKONSecurityPrompts(); |
|
118 } |
|
119 })); |
|
120 |
|
121 com.nokia.mj.impl.utils.OmjTestRunner.run(suite); |
|
122 } |
|
123 |
|
124 public InteractiveAccessControllerTests() |
|
125 { |
|
126 } |
|
127 |
|
128 public InteractiveAccessControllerTests(String aTestName, TestMethod aTestMethod) |
|
129 { |
|
130 super(aTestName, aTestMethod); |
|
131 } |
|
132 |
|
133 public void assertFalse(String aMsg, boolean aCondition) |
|
134 { |
|
135 assertTrue(aMsg, !aCondition); |
|
136 } |
|
137 |
|
138 // End j2meunit test framework setup |
|
139 |
|
140 protected void setUp() |
|
141 { |
|
142 authenticationModule = authenticationModule.getInstance(); |
|
143 permissionGranter = permissionGranter.getInstance(); |
|
144 } |
|
145 |
|
146 protected void tearDown() |
|
147 { |
|
148 } |
|
149 |
|
150 private void testAVKONSecurityPrompts() |
|
151 { |
|
152 System.setProperty("com.nokia.mj.impl.rt.ui", "com.nokia.mj.impl.rt.ui.avkon.RuntimeUiAvkon"); |
|
153 testSecurityPrompts(); |
|
154 } |
|
155 |
|
156 private void testSecurityPrompts() |
|
157 { |
|
158 // init the new mapping & policies |
|
159 //initMappingTable(); |
|
160 IMPL_PERMISSION_MAPPING_TABLE = PermissionMappingTable.setMappingTable(TestPermissionMappingTable.getMappingTable()); |
|
161 SecurityPolicyModule.policiesDir = TEST_DATA_DIR; |
|
162 SecurityPolicyModule.policiesFileNamePrefix = "test_"; |
|
163 allAttributes = new Hashtable(); |
|
164 SecurityAttributes securityAttributes; |
|
165 SigningCertificate[] signingCerts; |
|
166 AuthenticationCredentials[] credentials; |
|
167 Uid appUID = Uid.createUid("myAppUID"); |
|
168 String appName = "InteractiveSecurityTests"; |
|
169 SecurityStorage storage = new SecurityStorage(); |
|
170 StorageSession session = StorageFactory.createSession(); |
|
171 session.open(); |
|
172 Vector grantedPermissions; |
|
173 storage.removeGrantedPermissions(appUID); |
|
174 AccessControllerImpl ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
175 session.remove(StorageNames.MIDP_PACKAGE_TABLE, appUID); |
|
176 StorageEntry entry = new StorageEntry(); |
|
177 entry.addAttribute(new StorageAttribute( |
|
178 StorageNames.ID, |
|
179 appUID.getStringValue())); |
|
180 entry.addAttribute(new StorageAttribute( |
|
181 StorageNames.SECURITY_WARNINGS, |
|
182 "" + GeneralSecuritySettings.DEFAULT_SECURITY_MODE)); |
|
183 session.write(StorageNames.MIDP_PACKAGE_TABLE, entry); |
|
184 // prompts for composite actions |
|
185 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); |
|
186 PermissionResolver.testClearCache(); |
|
187 grantedPermissions = new Vector(); |
|
188 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
189 "com.nokia.mj.impl.security.midp.authorization.PermissionWithCompositeActionsImpl", |
|
190 "uri://", |
|
191 "action1", |
|
192 new UserSecuritySettingsImpl("Function Group", |
|
193 UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
194 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
195 UserSecuritySettings.NO_INTERACTION_MODE |
|
196 }))); |
|
197 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
198 "com.nokia.mj.impl.security.midp.authorization.PermissionWithCompositeActionsImpl", |
|
199 "uri://", |
|
200 "action2", |
|
201 new UserSecuritySettingsImpl("Function Group", |
|
202 UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
203 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
204 UserSecuritySettings.NO_INTERACTION_MODE |
|
205 }))); |
|
206 storage.removeGrantedPermissions(appUID); |
|
207 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
208 com.nokia.mj.impl.security.midp.authentication.InteractiveAuthenticationModuleTests.showGuidelines("Check that each of the following three prompts contains two identical texts"); |
|
209 ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\nPrompt for action1", "action1")); |
|
210 ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\nPrompt for action2", "action2")); |
|
211 ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\nPrompt for action1 and action2", "action1,action2")); |
|
212 ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\nPrompt for action1 and action2", "action2,action1")); |
|
213 try |
|
214 { |
|
215 ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)", "action2,action1,action3")); |
|
216 assertTrue(false); |
|
217 } |
|
218 catch (AccessControlException e) |
|
219 { |
|
220 assertTrue(true); |
|
221 } |
|
222 try |
|
223 { |
|
224 ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)", "action2,action3")); |
|
225 assertTrue(false); |
|
226 } |
|
227 catch (AccessControlException e) |
|
228 { |
|
229 assertTrue(true); |
|
230 } |
|
231 assertTrue(true); |
|
232 // for NORMAL security mode, in case of identical prompts, only show one (even though they are part of different function groups) |
|
233 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); |
|
234 PermissionResolver.testClearCache(); |
|
235 grantedPermissions = new Vector(); |
|
236 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
237 "com.nokia.mj.impl.security.midp.authorization.CommProtocolPermissionImpl", |
|
238 "comm://", |
|
239 null, |
|
240 new UserSecuritySettingsImpl("Low Level Net Access", |
|
241 UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
242 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
243 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
244 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
245 UserSecuritySettings.NO_INTERACTION_MODE |
|
246 }))); |
|
247 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
248 "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", |
|
249 "http://", |
|
250 null, |
|
251 new UserSecuritySettingsImpl("Net Access", |
|
252 UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
253 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
254 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
255 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
256 UserSecuritySettings.NO_INTERACTION_MODE |
|
257 }))); |
|
258 storage.removeGrantedPermissions(appUID); |
|
259 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
260 ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW and make sure this text is shown only once)")); |
|
261 ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose ALLOW and make sure this text is shown only once)")); |
|
262 // for USER security mode, in case of identical prompts, show them both |
|
263 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); |
|
264 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
265 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
266 PermissionResolver.testClearCache(); |
|
267 grantedPermissions = new Vector(); |
|
268 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
269 "com.nokia.mj.impl.security.midp.authorization.CommProtocolPermissionImpl", |
|
270 "comm://", |
|
271 null, |
|
272 new UserSecuritySettingsImpl("Low Level Net Access", |
|
273 UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
274 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
275 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
276 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
277 UserSecuritySettings.NO_INTERACTION_MODE |
|
278 }))); |
|
279 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
280 "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", |
|
281 "http://", |
|
282 null, |
|
283 new UserSecuritySettingsImpl("Net Access", |
|
284 UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
285 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
286 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
287 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
288 UserSecuritySettings.NO_INTERACTION_MODE |
|
289 }))); |
|
290 storage.removeGrantedPermissions(appUID); |
|
291 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
292 ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW and make sure this text is shown twice)")); |
|
293 ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose ALLOW and make sure this text is shown twice)")); |
|
294 // check user permission with oneshot interaction mode -> multiple prompts and deny is oneshot deny |
|
295 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); |
|
296 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
297 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
298 PermissionResolver.testClearCache(); |
|
299 grantedPermissions = new Vector(); |
|
300 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
301 "com.nokia.mj.impl.security.midp.authorization.CommProtocolPermissionImpl", |
|
302 "comm://", |
|
303 null, |
|
304 new UserSecuritySettingsImpl("Low Level Net Access", |
|
305 UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
306 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
307 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
308 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
309 UserSecuritySettings.NO_INTERACTION_MODE |
|
310 }))); |
|
311 storage.removeGrantedPermissions(appUID); |
|
312 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
313 ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose ALLOW)")); |
|
314 try |
|
315 { |
|
316 ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose DENY)")); |
|
317 assertTrue(false); |
|
318 } |
|
319 catch (AccessControlException e) |
|
320 { |
|
321 assertTrue(true); |
|
322 } |
|
323 try |
|
324 { |
|
325 ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose DENY)")); |
|
326 assertTrue(false); |
|
327 } |
|
328 catch (AccessControlException e) |
|
329 { |
|
330 assertTrue(true); |
|
331 } |
|
332 storage.removeGrantedPermissions(appUID); |
|
333 // check user permission with session interaction mode -> only one user prompt |
|
334 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
335 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
336 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); |
|
337 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
338 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
339 PermissionResolver.testClearCache(); |
|
340 grantedPermissions = new Vector(); |
|
341 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
342 "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", |
|
343 "http://", |
|
344 null, |
|
345 new UserSecuritySettingsImpl("Net Access", |
|
346 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
347 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
348 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
349 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
350 UserSecuritySettings.NO_INTERACTION_MODE |
|
351 }))); |
|
352 storage.removeGrantedPermissions(appUID); |
|
353 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
354 ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse", "\n(choose ALLOW)")); |
|
355 ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); |
|
356 assertTrue(ac.checkPermission("javax.microedition.io.Connector.http") == 1); |
|
357 storage.removeGrantedPermissions(appUID); |
|
358 assertTrue(true); |
|
359 // isPermissionAllowed |
|
360 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
361 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
362 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); |
|
363 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
364 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
365 PermissionResolver.testClearCache(); |
|
366 grantedPermissions = new Vector(); |
|
367 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
368 "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", |
|
369 "http://", |
|
370 null, |
|
371 new UserSecuritySettingsImpl("Net Access", |
|
372 UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
373 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
374 UserSecuritySettings.NO_INTERACTION_MODE |
|
375 }))); |
|
376 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
377 "com.nokia.mj.impl.security.midp.authorization.HttpsProtocolPermissionImpl", |
|
378 "https://", |
|
379 null, |
|
380 new UserSecuritySettingsImpl("Net Access", |
|
381 UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
382 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
383 UserSecuritySettings.NO_INTERACTION_MODE |
|
384 }))); |
|
385 storage.removeGrantedPermissions(appUID); |
|
386 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
387 assertTrue(ac.checkPermission("javax.microedition.io.Connector.http") == -1); |
|
388 assertTrue(ac.checkPermission("javax.microedition.io.Connector.https") == -1); |
|
389 assertTrue(ac.checkPermission("javax.microedition.securityservice.CMSMessageSignatureService") == 0); |
|
390 // show note -> choose yes |
|
391 com.nokia.mj.impl.security.midp.authentication.InteractiveAuthenticationModuleTests.showGuidelines("Choose Yes for each of the following two prompts"); |
|
392 assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.http")); |
|
393 assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.https")); |
|
394 assertTrue(ac.isPermissionAllowed("javax.microedition.media.control.VideoControl.getSnapshot") == false); |
|
395 // show note choose no |
|
396 com.nokia.mj.impl.security.midp.authentication.InteractiveAuthenticationModuleTests.showGuidelines("Choose No for each of the following two prompts"); |
|
397 assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.http") == false); |
|
398 assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.https") == false); |
|
399 assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.rtsp") == false); |
|
400 assertTrue(ac.isPermissionAllowed("javax.microedition.media.control.VideoControl.getSnapshot") == false); |
|
401 storage.removeGrantedPermissions(appUID); |
|
402 assertTrue(true); |
|
403 // check user permission with session interaction mode, user says no -> second prompt is not shown in normal security mode |
|
404 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); |
|
405 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
406 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
407 PermissionResolver.testClearCache(); |
|
408 grantedPermissions = new Vector(); |
|
409 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
410 "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", |
|
411 "http://", |
|
412 null, |
|
413 new UserSecuritySettingsImpl("Net Access", |
|
414 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
415 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
416 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
417 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
418 UserSecuritySettings.NO_INTERACTION_MODE |
|
419 }))); |
|
420 storage.removeGrantedPermissions(appUID); |
|
421 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
422 try |
|
423 { |
|
424 ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse","\n(choose DENY)")); |
|
425 assertTrue(false); |
|
426 } |
|
427 catch (AccessControlException e) |
|
428 { |
|
429 assertTrue(true); |
|
430 } |
|
431 try |
|
432 { |
|
433 ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); |
|
434 assertTrue(false); |
|
435 } |
|
436 catch (AccessControlException e) |
|
437 { |
|
438 assertTrue(true); |
|
439 } |
|
440 storage.removeGrantedPermissions(appUID); |
|
441 assertTrue(true); |
|
442 |
|
443 // check user permission with session interaction mode, user says no -> second prompt is not shown in user security mode |
|
444 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); |
|
445 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
446 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
447 PermissionResolver.testClearCache(); |
|
448 grantedPermissions = new Vector(); |
|
449 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
450 "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", |
|
451 "http://", |
|
452 null, |
|
453 new UserSecuritySettingsImpl("Net Access", |
|
454 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
455 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
456 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
457 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
458 UserSecuritySettings.NO_INTERACTION_MODE |
|
459 }))); |
|
460 storage.removeGrantedPermissions(appUID); |
|
461 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
462 try |
|
463 { |
|
464 ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse","\n(choose DENY)")); |
|
465 assertTrue(false); |
|
466 } |
|
467 catch (AccessControlException e) |
|
468 { |
|
469 assertTrue(true); |
|
470 } |
|
471 try |
|
472 { |
|
473 ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); |
|
474 assertTrue(false); |
|
475 } |
|
476 catch (AccessControlException e) |
|
477 { |
|
478 assertTrue(true); |
|
479 } |
|
480 storage.removeGrantedPermissions(appUID); |
|
481 assertTrue(true); |
|
482 // check user permission with blanket interaction mode, user says no -> second prompt is not shown |
|
483 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); |
|
484 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
485 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
486 PermissionResolver.testClearCache(); |
|
487 grantedPermissions = new Vector(); |
|
488 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
489 "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl", |
|
490 "file://*", |
|
491 "read", |
|
492 new UserSecuritySettingsImpl("File Access", |
|
493 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
494 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
495 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
496 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
497 UserSecuritySettings.NO_INTERACTION_MODE |
|
498 }))); |
|
499 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
500 "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", |
|
501 "http://", |
|
502 null, |
|
503 new UserSecuritySettingsImpl("NetAccess", |
|
504 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
505 new int[] { UserSecuritySettings.NO_INTERACTION_MODE}))); |
|
506 storage.removeGrantedPermissions(appUID); |
|
507 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
508 try |
|
509 { |
|
510 ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose DENY)")); |
|
511 assertTrue(false); |
|
512 } |
|
513 catch (AccessControlException e) |
|
514 { |
|
515 assertTrue(true); |
|
516 } |
|
517 try |
|
518 { |
|
519 ac.checkPermission(new FileProtocolPermissionImpl("file://myfile2.txt","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); |
|
520 assertTrue(false); |
|
521 } |
|
522 catch (AccessControlException e) |
|
523 { |
|
524 assertTrue(true); |
|
525 } |
|
526 storage.removeGrantedPermissions(appUID); |
|
527 assertTrue(true); |
|
528 storage.removeGrantedPermissions(appUID); |
|
529 |
|
530 // check user permission with blanket interaction mode, user says no -> second prompt is not shown |
|
531 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); |
|
532 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
533 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
534 PermissionResolver.testClearCache(); |
|
535 grantedPermissions = new Vector(); |
|
536 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
537 "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl", |
|
538 "file://*", |
|
539 "read", |
|
540 new UserSecuritySettingsImpl("File Access", |
|
541 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
542 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
543 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
544 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
545 UserSecuritySettings.NO_INTERACTION_MODE |
|
546 }))); |
|
547 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
548 "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", |
|
549 "http://", |
|
550 null, |
|
551 new UserSecuritySettingsImpl("NetAccess", |
|
552 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
553 new int[] { UserSecuritySettings.NO_INTERACTION_MODE}))); |
|
554 storage.removeGrantedPermissions(appUID); |
|
555 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
556 try |
|
557 { |
|
558 ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose DENY)")); |
|
559 assertTrue(false); |
|
560 } |
|
561 catch (AccessControlException e) |
|
562 { |
|
563 assertTrue(true); |
|
564 } |
|
565 try |
|
566 { |
|
567 ac.checkPermission(new FileProtocolPermissionImpl("file://myfile2.txt","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); |
|
568 assertTrue(false); |
|
569 } |
|
570 catch (AccessControlException e) |
|
571 { |
|
572 assertTrue(true); |
|
573 } |
|
574 storage.removeGrantedPermissions(appUID); |
|
575 assertTrue(true); |
|
576 storage.removeGrantedPermissions(appUID); |
|
577 // check user permission with prompt not shown in blanket interaction mode -> one user prompt only |
|
578 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
579 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
580 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); |
|
581 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
582 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
583 PermissionResolver.testClearCache(); |
|
584 grantedPermissions = new Vector(); |
|
585 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
586 "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl", |
|
587 "file://*", |
|
588 "read", |
|
589 new UserSecuritySettingsImpl("File Access", |
|
590 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
591 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
592 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
593 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
594 UserSecuritySettings.NO_INTERACTION_MODE |
|
595 }))); |
|
596 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
597 "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", |
|
598 "http://", |
|
599 null, |
|
600 new UserSecuritySettingsImpl("NetAccess", |
|
601 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
602 new int[] { UserSecuritySettings.NO_INTERACTION_MODE}))); |
|
603 storage.removeGrantedPermissions(appUID); |
|
604 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
605 ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose ALLOW)")); |
|
606 ac.checkPermission(new FileProtocolPermissionImpl("file://myfile2.txt","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); |
|
607 ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW)")); |
|
608 ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); |
|
609 storage.removeGrantedPermissions(appUID); |
|
610 assertTrue(true); |
|
611 storage.removeGrantedPermissions(appUID); |
|
612 // user permission with blanket interaction mode, show prompt, do an update, check if the promtps is still shown |
|
613 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); |
|
614 storage.removeAuthenticationStorageData(appUID); |
|
615 permissionGranter.removeSecurityData(session,appUID); |
|
616 PermissionResolver.testClearCache(); |
|
617 allAttributes.clear(); |
|
618 allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); |
|
619 allAttributes.put(AuthenticationAttribute.MAIN_ATTRIBUTE_PREFIX + "1-1", new Attribute("", "MIICWDCCAcECBEhQwOgwDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCZmkxEjAQBgNVBAgTCVBpcmthbm1hYTEQMA4GA1UEBxMHVGFtcGVyZTEOMAwGA1UEChMFTm9raWExDTALBgNVBAsTBEphdmExHzAdBgNVBAMMFkpQX1RoaXJkX1BhcnR5X1RydXN0ZWQwHhcNMDgwNjEyMDYyMzM2WhcNMTgwNjEwMDYyMzM2WjBzMQswCQYDVQQGEwJmaTESMBAGA1UECBMJUGlya2FubWFhMRAwDgYDVQQHEwdUYW1wZXJlMQ4wDAYDVQQKEwVOb2tpYTENMAsGA1UECxMESmF2YTEfMB0GA1UEAwwWSlBfVGhpcmRfUGFydHlfVHJ1c3RlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArAesh03rswICRUjexWMoIH9ZZqUtlx+tfhZhuzuYhiL6cLdhxNlU8yuIdw4f17XP3yxVIB8rz1EEagCMd0Y5ZleNFZ992ReLcf9VH13RxaZ88PRxBLLROm1jcwTknYSS6AxGMup77DMwwFSN8XPnOHWt4aLGUrecMeUyI2c5UbsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAylJ+3aSq6a7AAL7UM8V8JhGZlLneErF7A/BJGDi7Vmr5gmlGyf6RCJJIg4qCp+J3Tv3eCRNNuphQaSRdFpaulwCmtfCzSZNtvZg0VhMOVsZqTwQgmP6NzKoIbqqzlgm5U+yUJw8FmX17vgdeSEdJ/oL/WT4AKrWFJYl8MdQ9ZnQ==")); |
|
620 allAttributes.put(AuthenticationAttribute.SECOND_LEGACY_ATTRIBUTE_NAME ,new Attribute("", "F9/dB/WITCC1n886yppP9QTQBeQT6/8pV0UKwbTU9L8mP5qFuX2bjw7gPQZNxAC/4qNHYnmnMmwkfOPDjZzbOojdGJyEYXFyF0sBtLZKYYHylW8uXz4HDdtC1c2WHn8/Zl+a0Zoa8MjuxGRi5IVNY4XONlpPfzLxkOMVjna4KhA=")); |
|
621 allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http")); |
|
622 securityAttributes = new SecurityAttributes(); |
|
623 securityAttributes.addDescriptorAttributes(allAttributes); |
|
624 credentials = authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); |
|
625 permissionGranter.grantJadPermissions(appUID, null, securityAttributes.getPermissionAttributes(), credentials); |
|
626 allAttributes.clear(); |
|
627 allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); |
|
628 allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http")); |
|
629 securityAttributes.addManifestAttributes(allAttributes); |
|
630 authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); |
|
631 permissionGranter.grantJarPermissions(session, appUID, null, securityAttributes.getPermissionAttributes()); |
|
632 permissionGranter.getBlanketPermissions(appUID); |
|
633 ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW)")); |
|
634 ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); |
|
635 boolean blanketPromptShown = storage.readUserSecuritySettingsPromptFlag(appUID, "Net Access"); |
|
636 assertTrue(blanketPromptShown); |
|
637 StorageEntry appPackageEntry = new StorageEntry(); |
|
638 appPackageEntry.addAttribute(new StorageAttribute( |
|
639 StorageAttribute.ID, |
|
640 appUID.getStringValue())); |
|
641 session.remove(StorageNames.APPLICATION_PACKAGE_ATTRIBUTES_TABLE, appPackageEntry); |
|
642 appPackageEntry.addAttribute(new StorageAttribute( |
|
643 StorageNames.NAME, |
|
644 "MIDlet-Certificate-1-1")); |
|
645 appPackageEntry.addAttribute(new StorageAttribute( |
|
646 StorageNames.VALUE, |
|
647 "MIICWDCCAcECBEhQwOgwDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCZmkxEjAQBgNVBAgTCVBpcmthbm1hYTEQMA4GA1UEBxMHVGFtcGVyZTEOMAwGA1UEChMFTm9raWExDTALBgNVBAsTBEphdmExHzAdBgNVBAMMFkpQX1RoaXJkX1BhcnR5X1RydXN0ZWQwHhcNMDgwNjEyMDYyMzM2WhcNMTgwNjEwMDYyMzM2WjBzMQswCQYDVQQGEwJmaTESMBAGA1UECBMJUGlya2FubWFhMRAwDgYDVQQHEwdUYW1wZXJlMQ4wDAYDVQQKEwVOb2tpYTENMAsGA1UECxMESmF2YTEfMB0GA1UEAwwWSlBfVGhpcmRfUGFydHlfVHJ1c3RlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArAesh03rswICRUjexWMoIH9ZZqUtlx+tfhZhuzuYhiL6cLdhxNlU8yuIdw4f17XP3yxVIB8rz1EEagCMd0Y5ZleNFZ992ReLcf9VH13RxaZ88PRxBLLROm1jcwTknYSS6AxGMup77DMwwFSN8XPnOHWt4aLGUrecMeUyI2c5UbsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAylJ+3aSq6a7AAL7UM8V8JhGZlLneErF7A/BJGDi7Vmr5gmlGyf6RCJJIg4qCp+J3Tv3eCRNNuphQaSRdFpaulwCmtfCzSZNtvZg0VhMOVsZqTwQgmP6NzKoIbqqzlgm5U+yUJw8FmX17vgdeSEdJ/oL/WT4AKrWFJYl8MdQ9ZnQ==")); |
|
648 session.write(StorageNames.APPLICATION_PACKAGE_ATTRIBUTES_TABLE, appPackageEntry); |
|
649 PermissionResolver.testClearCache(); |
|
650 allAttributes.clear(); |
|
651 allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); |
|
652 allAttributes.put(AuthenticationAttribute.MAIN_ATTRIBUTE_PREFIX + "1-1", new Attribute("", "MIICWDCCAcECBEhQwOgwDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCZmkxEjAQBgNVBAgTCVBpcmthbm1hYTEQMA4GA1UEBxMHVGFtcGVyZTEOMAwGA1UEChMFTm9raWExDTALBgNVBAsTBEphdmExHzAdBgNVBAMMFkpQX1RoaXJkX1BhcnR5X1RydXN0ZWQwHhcNMDgwNjEyMDYyMzM2WhcNMTgwNjEwMDYyMzM2WjBzMQswCQYDVQQGEwJmaTESMBAGA1UECBMJUGlya2FubWFhMRAwDgYDVQQHEwdUYW1wZXJlMQ4wDAYDVQQKEwVOb2tpYTENMAsGA1UECxMESmF2YTEfMB0GA1UEAwwWSlBfVGhpcmRfUGFydHlfVHJ1c3RlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArAesh03rswICRUjexWMoIH9ZZqUtlx+tfhZhuzuYhiL6cLdhxNlU8yuIdw4f17XP3yxVIB8rz1EEagCMd0Y5ZleNFZ992ReLcf9VH13RxaZ88PRxBLLROm1jcwTknYSS6AxGMup77DMwwFSN8XPnOHWt4aLGUrecMeUyI2c5UbsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAylJ+3aSq6a7AAL7UM8V8JhGZlLneErF7A/BJGDi7Vmr5gmlGyf6RCJJIg4qCp+J3Tv3eCRNNuphQaSRdFpaulwCmtfCzSZNtvZg0VhMOVsZqTwQgmP6NzKoIbqqzlgm5U+yUJw8FmX17vgdeSEdJ/oL/WT4AKrWFJYl8MdQ9ZnQ==")); |
|
653 allAttributes.put(AuthenticationAttribute.SECOND_LEGACY_ATTRIBUTE_NAME ,new Attribute("", "F9/dB/WITCC1n886yppP9QTQBeQT6/8pV0UKwbTU9L8mP5qFuX2bjw7gPQZNxAC/4qNHYnmnMmwkfOPDjZzbOojdGJyEYXFyF0sBtLZKYYHylW8uXz4HDdtC1c2WHn8/Zl+a0Zoa8MjuxGRi5IVNY4XONlpPfzLxkOMVjna4KhA=")); |
|
654 allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http")); |
|
655 securityAttributes = new SecurityAttributes(); |
|
656 securityAttributes.addDescriptorAttributes(allAttributes); |
|
657 credentials = authenticationModule.authenticateJad(appUID,appUID,securityAttributes.getAuthenticationAttributes()); |
|
658 permissionGranter.grantJadPermissions(appUID, null, securityAttributes.getPermissionAttributes(), credentials); |
|
659 allAttributes.clear(); |
|
660 allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); |
|
661 allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http")); |
|
662 securityAttributes.addManifestAttributes(allAttributes); |
|
663 authenticationModule.authenticateJar(session, appUID,appUID,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); |
|
664 permissionGranter.grantJarPermissions(session, appUID, appUID, securityAttributes.getPermissionAttributes()); |
|
665 blanketPromptShown = storage.readUserSecuritySettingsPromptFlag(appUID, "Net Access"); |
|
666 ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); |
|
667 storage.removeAuthenticationStorageData(appUID); |
|
668 permissionGranter.removeSecurityData(session,appUID); |
|
669 PermissionResolver.testClearCache(); |
|
670 assertTrue(blanketPromptShown); |
|
671 // Add check user permission with prompt shown in blanket interaction mode -> no user prompts |
|
672 // legacy signed MIDlet, some permissions requested -> checkPermission for the granted perms succeeds and checkPermission for not granted perms fails |
|
673 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
674 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
675 storage.removeAuthenticationStorageData(appUID); |
|
676 storage.removeGrantedPermissions(appUID); |
|
677 PermissionResolver.testClearCache(); |
|
678 allAttributes.clear(); |
|
679 allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); |
|
680 allAttributes.put(AuthenticationAttribute.MAIN_ATTRIBUTE_PREFIX + "1-1", new Attribute("", "MIICWDCCAcECBEhQwA0wDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCZmkxEjAQBgNVBAgTCVBpcmthbm1hYTEQMA4GA1UEBxMHVGFtcGVyZTEOMAwGA1UEChMFTm9raWExDTALBgNVBAsTBEphdmExHzAdBgNVBAMMFkpQX0RldmljZV9NYW51ZmFjdHVyZXIwHhcNMDgwNjEyMDYxOTU3WhcNMTgwNjEwMDYxOTU3WjBzMQswCQYDVQQGEwJmaTESMBAGA1UECBMJUGlya2FubWFhMRAwDgYDVQQHEwdUYW1wZXJlMQ4wDAYDVQQKEwVOb2tpYTENMAsGA1UECxMESmF2YTEfMB0GA1UEAwwWSlBfRGV2aWNlX01hbnVmYWN0dXJlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApi3ipIPj8O33/rZre1euh7Itd9d6ZVf2mvQ/tLpHEsFJe5XLOsVViMvFskhhKUzmDsRbP4J03L6827/vEDIi/1i8kJGLaoFqJYaLGFWI2Zmxlj6aJV8cfZyOjmQPWJn1IDEe1ZAWbvMSp8xibWRsCLNEGKIkxQvAr/QDK/6iS+kCAwEAATANBgkqhkiG9w0BAQQFAAOBgQCDXt6klAs6yKvdTab3D2wkdoi3Lu4YFsMgLexJOu5HhAUJ/9VYO+Q2+mjd95MRsTa5rWQ2Jjvhn57Z3z/KBOwfHbymmNtMk6Gl14H0vQRoHa31jh3mTuAy5KotDVthaDp30aOizk473NU68wY1WdP4gFk5ZhrpNea9q3st13BxIQ==")); |
|
681 allAttributes.put(AuthenticationAttribute.SECOND_LEGACY_ATTRIBUTE_NAME ,new Attribute("", "IcANmLKiOJQF8ABCNDj1PNNH/O8v9jfCVuiGBVm8enXDkM/gLwPjrC65sDKpOCHPqssUlHzjmVN5b9g8aRs4jxUOXNt2b732J7NSIPh97vw/WrP/KHdiooi/1KFUyklMyokK9ZrIv+GW1ttLCfKbuFupT9zmPAmWJQpnuD7J6sE=")); |
|
682 allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http")); |
|
683 securityAttributes = new SecurityAttributes(); |
|
684 securityAttributes.addDescriptorAttributes(allAttributes); |
|
685 credentials = authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); |
|
686 permissionGranter.grantJadPermissions(appUID, null, securityAttributes.getPermissionAttributes(), credentials); |
|
687 allAttributes.clear(); |
|
688 allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); |
|
689 allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http")); |
|
690 securityAttributes.addManifestAttributes(allAttributes); |
|
691 authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); |
|
692 permissionGranter.grantJarPermissions(session, appUID, null, securityAttributes.getPermissionAttributes()); |
|
693 signingCerts = authenticationModule.getCertificatesDetails(session, appUID); |
|
694 assertTrue(signingCerts != null |
|
695 && signingCerts.length == 1 |
|
696 && signingCerts[0].getIssuer() != null |
|
697 && signingCerts[0].getDateNotAfter() != null |
|
698 && signingCerts[0].getDateNotBefore() != null |
|
699 && signingCerts[0].getValidFrom() != null |
|
700 && signingCerts[0].getValidUntil() != null |
|
701 && signingCerts[0].getSerialNumber() != null |
|
702 && signingCerts[0].getFingerprint() != null |
|
703 && signingCerts[0].getFormattedFingerprint() != null |
|
704 && signingCerts[0].getSubject() != null |
|
705 && signingCerts[0].getOrganization() != null |
|
706 && signingCerts[0].getProtectionDomain() != null |
|
707 && signingCerts[0].getProtectionDomain().getName() != null |
|
708 && signingCerts[0].getProtectionDomain().getCategory() != null); |
|
709 ac.checkPermission(new SocketProtocolPermissionImpl("socket://100", "\n(choose ALLOW)")); |
|
710 //ac.checkPermission(new HttpProtocolPermission("http://url")); |
|
711 ac.checkPermission(new SocketProtocolPermissionImpl("socket://100", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED")); |
|
712 ac.checkPermission(new HttpProtocolPermissionImpl("http://url", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED")); |
|
713 // 2 legacy unsigned MIDlets, install from JAD -> checkPermission succeeds with multiple prompts |
|
714 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); |
|
715 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
716 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
717 storage.removeAuthenticationStorageData(appUID); |
|
718 storage.removeGrantedPermissions(appUID); |
|
719 PermissionResolver.testClearCache(); |
|
720 allAttributes.clear(); |
|
721 allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); |
|
722 securityAttributes = new SecurityAttributes(); |
|
723 securityAttributes.addDescriptorAttributes(allAttributes); |
|
724 credentials = authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); |
|
725 permissionGranter.grantJadPermissions(appUID, null, securityAttributes.getPermissionAttributes(), credentials); |
|
726 allAttributes.clear(); |
|
727 allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); |
|
728 securityAttributes.addManifestAttributes(allAttributes); |
|
729 authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); |
|
730 permissionGranter.grantJarPermissions(session, appUID, null, securityAttributes.getPermissionAttributes()); |
|
731 signingCerts = authenticationModule.getCertificatesDetails(session, appUID); |
|
732 assertTrue(signingCerts == null); |
|
733 ac.checkPermission(new HttpProtocolPermissionImpl("http://url", "\n(choose ALLOW)")); |
|
734 ac.checkPermission(new HttpsProtocolPermissionImpl("https://url1", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED")); |
|
735 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); |
|
736 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
737 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
738 ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose ALLOW)")); |
|
739 ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose ALLOW)")); |
|
740 try |
|
741 { |
|
742 ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose DENY)")); |
|
743 assertTrue(false); |
|
744 } |
|
745 catch (AccessControlException e) |
|
746 { |
|
747 assertTrue(true); |
|
748 } |
|
749 storage.removeGrantedPermissions(appUID); |
|
750 /* Uncomment if the mutual exclusive rules are to be applied in runtime security prompts |
|
751 // 2 check mutual exclusive rules: auto invocation is already set to blanket, then Net Access is set to Blanket -> check that auto invocation is changed to max allowed (exclusing blanket) |
|
752 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); |
|
753 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
754 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
755 PermissionResolver.testClearCache(); |
|
756 grantedPermissions = new Vector(); |
|
757 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
758 "something", |
|
759 "*", |
|
760 "autoinvocation", |
|
761 new UserSecuritySettingsImpl("Application Auto Invocation", |
|
762 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
763 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
764 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
765 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
766 UserSecuritySettings.NO_INTERACTION_MODE}))); |
|
767 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
768 "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", |
|
769 "http://", |
|
770 null, |
|
771 new UserSecuritySettingsImpl("Net Access", |
|
772 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
773 new int[] { UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
774 UserSecuritySettings.NO_INTERACTION_MODE}))); |
|
775 storage.removeGrantedPermissions(appUID); |
|
776 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
777 ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW)")); |
|
778 Vector readPermissions = storage.readGrantedPermissions(appUID); |
|
779 boolean success = false; |
|
780 for(int i=0; i<readPermissions.size(); i++) |
|
781 { |
|
782 UserSecuritySettings settings = |
|
783 ((PolicyBasedPermission)readPermissions.elementAt(i)) |
|
784 .getUserSecuritySettings(); |
|
785 if (settings != null && settings.getName() |
|
786 .equalsIgnoreCase("Application Auto Invocation")) |
|
787 { |
|
788 success = (settings.getCurrentInteractionMode() |
|
789 == UserSecuritySettings.SESSION_INTERACTION_MODE); |
|
790 } |
|
791 } |
|
792 storage.removeGrantedPermissions(appUID); |
|
793 assertTrue(success);*/ |
|
794 // test parralel instances of the ui: show a security prompt, show an error, destroy the ui for error, destroy the ui for the security prompt |
|
795 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); |
|
796 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
797 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
798 PermissionResolver.testClearCache(); |
|
799 grantedPermissions = new Vector(); |
|
800 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
801 "com.nokia.mj.impl.security.midp.authorization.CommProtocolPermissionImpl", |
|
802 "comm://", |
|
803 null, |
|
804 new UserSecuritySettingsImpl("Low Level Net Access", |
|
805 UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
806 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
807 UserSecuritySettings.NO_INTERACTION_MODE |
|
808 }))); |
|
809 storage.removeGrantedPermissions(appUID); |
|
810 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
811 ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose ALLOW)")); |
|
812 RuntimeUi ui = RuntimeUiFactory.getRuntimeUi(); |
|
813 ExceptionBase exc = new ExceptionBase( |
|
814 new SecurityErrorMessage(), |
|
815 SecurityErrorMessage.JAR_TAMPERED, |
|
816 null, |
|
817 new SecurityDetailedErrorMessage(), |
|
818 SecurityDetailedErrorMessage.JAR_TAMPERED, |
|
819 null); |
|
820 ui.error(appName, exc); |
|
821 ui.destroy(); |
|
822 // check prompt for blanket |
|
823 GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); |
|
824 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
825 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
826 PermissionResolver.testClearCache(); |
|
827 grantedPermissions = new Vector(); |
|
828 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
829 "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl", |
|
830 "file://*", |
|
831 "read", |
|
832 new UserSecuritySettingsImpl("File Access", |
|
833 UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
834 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
835 UserSecuritySettings.SESSION_INTERACTION_MODE, |
|
836 UserSecuritySettings.BLANKET_INTERACTION_MODE, |
|
837 UserSecuritySettings.NO_INTERACTION_MODE |
|
838 }))); |
|
839 storage.removeGrantedPermissions(appUID); |
|
840 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
841 ac.checkPermission(new FileProtocolPermissionImpl("file://blahblah","read","\n(choose ALLOW)")); |
|
842 ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED\")")); |
|
843 ac.checkPermission(new FileProtocolPermissionImpl("file://blahblah","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED")); |
|
844 storage.removeGrantedPermissions(appUID); |
|
845 assertTrue(true); |
|
846 AccessControllerFactoryImpl.destroyAccessController(appUID); |
|
847 /* Uncomment this from time to time and check if QT still fails: create QT thread, destroy QT thread, create QT thread -> this fails |
|
848 // test sequential instances of the ui: show an error, destroy the ui for the error, show security prompt, destroy ui for security prompt |
|
849 ui = RuntimeUiFactory.getRuntimeUi(); |
|
850 exc = new ExceptionBase( |
|
851 new SecurityErrorMessage(), |
|
852 SecurityErrorMessage.CERT_NOT_AVAILABLE, |
|
853 null, |
|
854 new SecurityDetailedErrorMessage(), |
|
855 SecurityDetailedErrorMessage.CERT_DISABLED, |
|
856 null); |
|
857 ui.error("myMIDlet", exc); |
|
858 ui.destroy(); |
|
859 ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); |
|
860 PermissionResolver.testClearCache(); |
|
861 grantedPermissions = new Vector(); |
|
862 grantedPermissions.addElement(new PolicyBasedPermissionImpl( |
|
863 "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl", |
|
864 "file://*", |
|
865 "read", |
|
866 new UserSecuritySettingsImpl("Low Level Net Access", |
|
867 UserSecuritySettings.ONESHOT_INTERACTION_MODE, |
|
868 new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE}))); |
|
869 storage.removeGrantedPermissions(appUID); |
|
870 storage.writeGrantedPermissions(appUID, null, grantedPermissions); |
|
871 ac.checkPermission(new FileProtocolPermissionImpl("file://somepath/somesub-path/somefile.someextension", "\n(choose ALLOW)")); |
|
872 AccessControllerFactoryImpl.destroyAccessController(appUID);*/ |
|
873 session.remove(StorageNames.MIDP_PACKAGE_TABLE, appUID); |
|
874 PermissionMappingTable.setMappingTable(IMPL_PERMISSION_MAPPING_TABLE); |
|
875 SecurityPolicyModule.policiesDir = TEST_DATA_DIR + "securitypolicies" + System.getProperty("file.separator"); |
|
876 } |
|
877 } |