--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/javacommons/security/tsrc/javasrc/com/nokia/mj/impl/security/midp/authorization/InteractiveAccessControllerTests.java Tue Apr 27 16:30:29 2010 +0300
@@ -0,0 +1,877 @@
+/*
+* Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+*
+*/
+
+
+package com.nokia.mj.impl.security.midp.authorization;
+
+
+
+import java.util.Hashtable;
+import com.nokia.mj.impl.utils.Uid;
+import com.nokia.mj.impl.installer.utils.InstallerMain;
+import com.nokia.mj.impl.security.midp.authorization.AccessControllerImpl;
+import com.nokia.mj.impl.security.midp.authorization.PermissionResolver;
+import com.nokia.mj.impl.security.midp.authorization.AccessControllerFactoryImpl;
+import com.nokia.mj.impl.utils.exception.ExceptionBase;
+import com.nokia.mj.impl.security.midp.authentication.AuthenticationModule;
+import com.nokia.mj.impl.security.midp.authorization.PermissionGranter;
+import com.nokia.mj.impl.security.midp.common.AuthenticationCredentials;
+import com.nokia.mj.impl.security.midp.common.SecurityAttributes;
+import com.nokia.mj.impl.security.midp.common.SigningCertificate;
+import com.nokia.mj.impl.security.midp.common.AuthenticationAttribute;
+import com.nokia.mj.impl.security.midp.common.MIDPPermission;
+import com.nokia.mj.impl.security.midp.common.PermissionMappingTable;
+import com.nokia.mj.impl.security.midp.common.TestPermissionMappingTable;
+import com.nokia.mj.impl.utils.Attribute;
+import com.nokia.mj.impl.security.utils.*;
+import java.security.*;
+//import javax.microedition.io.*;
+import com.nokia.mj.impl.security.midp.storage.SecurityStorage;
+import com.nokia.mj.impl.storage.*;
+import com.nokia.mj.impl.security.midp.common.PolicyBasedPermission;
+import com.nokia.mj.impl.security.midp.common.PolicyBasedPermissionImpl;
+import com.nokia.mj.impl.security.midp.common.UserSecuritySettings;
+import com.nokia.mj.impl.security.midp.common.GeneralSecuritySettings;
+import com.nokia.mj.impl.security.midp.common.UserSecuritySettingsImpl;
+import com.nokia.mj.impl.rt.ui.RuntimeUiFactory;
+import com.nokia.mj.impl.rt.ui.RuntimeUi;
+
+import j2meunit.framework.Test;
+import j2meunit.framework.TestCase;
+import j2meunit.framework.TestMethod;
+import j2meunit.framework.TestSuite;
+
+import java.util.Vector;
+
+/**
+ * Interactive AccessController unit tests.
+ */
+public class InteractiveAccessControllerTests extends TestCase implements InstallerMain
+{
+
+ private static String TEST_DATA_DIR;
+
+ static
+ {
+ String platform = System.getProperty("os.name");
+ if (platform != null && platform.equalsIgnoreCase("linux"))
+ {
+ TEST_DATA_DIR = System.getProperty("JAVA_BIN_ROOT") + "/securitytestdata/";
+ }
+ else
+ {
+ TEST_DATA_DIR = "C:\\java\\securitytestdata\\";
+ }
+ }
+
+ /**
+ * Hashtable holding all the attributes. Tests populate this hashtable
+ * prior to being executed
+ */
+ protected Hashtable allAttributes;
+
+ AuthenticationModule authenticationModule;
+ PermissionGranter permissionGranter;
+
+ // general-purpose constants
+ protected static final String MIDP_PROFILE_ATTRIBUTE_NAME = "MicroEdition-Profile";
+ protected static final String MIDP3 = "MIDP-3.0";
+ protected static final String MIDP2 = "MIDP-2.0";
+ private static final String COMMA = ",";
+
+ /**
+ * The implementation's mapping between (MIDP2 and MIDP3 permissions) and the
+ * internal class permissions
+ */
+ private Hashtable IMPL_PERMISSION_MAPPING_TABLE;
+
+ /**
+ * The mapping between (MIDP2 and MIDP3 permissions) and the internal
+ * class permissions
+ */
+ //private Hashtable TEST_PERMISSION_MAPPING_TABLE;
+
+ // Begin j2meunit test framework setup
+ public void installerMain(String[] args)
+ {
+ TestSuite suite = new TestSuite(this.getClass().getName());
+
+ suite.addTest(new InteractiveAccessControllerTests("testAVKONSecurityPrompts", new TestMethod()
+ {
+ public void run(TestCase tc)
+ {
+ ((InteractiveAccessControllerTests)tc).testAVKONSecurityPrompts();
+ }
+ }));
+
+ com.nokia.mj.impl.utils.OmjTestRunner.run(suite);
+ }
+
+ public InteractiveAccessControllerTests()
+ {
+ }
+
+ public InteractiveAccessControllerTests(String aTestName, TestMethod aTestMethod)
+ {
+ super(aTestName, aTestMethod);
+ }
+
+ public void assertFalse(String aMsg, boolean aCondition)
+ {
+ assertTrue(aMsg, !aCondition);
+ }
+
+ // End j2meunit test framework setup
+
+ protected void setUp()
+ {
+ authenticationModule = authenticationModule.getInstance();
+ permissionGranter = permissionGranter.getInstance();
+ }
+
+ protected void tearDown()
+ {
+ }
+
+ private void testAVKONSecurityPrompts()
+ {
+ System.setProperty("com.nokia.mj.impl.rt.ui", "com.nokia.mj.impl.rt.ui.avkon.RuntimeUiAvkon");
+ testSecurityPrompts();
+ }
+
+ private void testSecurityPrompts()
+ {
+ // init the new mapping & policies
+ //initMappingTable();
+ IMPL_PERMISSION_MAPPING_TABLE = PermissionMappingTable.setMappingTable(TestPermissionMappingTable.getMappingTable());
+ SecurityPolicyModule.policiesDir = TEST_DATA_DIR;
+ SecurityPolicyModule.policiesFileNamePrefix = "test_";
+ allAttributes = new Hashtable();
+ SecurityAttributes securityAttributes;
+ SigningCertificate[] signingCerts;
+ AuthenticationCredentials[] credentials;
+ Uid appUID = Uid.createUid("myAppUID");
+ String appName = "InteractiveSecurityTests";
+ SecurityStorage storage = new SecurityStorage();
+ StorageSession session = StorageFactory.createSession();
+ session.open();
+ Vector grantedPermissions;
+ storage.removeGrantedPermissions(appUID);
+ AccessControllerImpl ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ session.remove(StorageNames.MIDP_PACKAGE_TABLE, appUID);
+ StorageEntry entry = new StorageEntry();
+ entry.addAttribute(new StorageAttribute(
+ StorageNames.ID,
+ appUID.getStringValue()));
+ entry.addAttribute(new StorageAttribute(
+ StorageNames.SECURITY_WARNINGS,
+ "" + GeneralSecuritySettings.DEFAULT_SECURITY_MODE));
+ session.write(StorageNames.MIDP_PACKAGE_TABLE, entry);
+ // prompts for composite actions
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.PermissionWithCompositeActionsImpl",
+ "uri://",
+ "action1",
+ new UserSecuritySettingsImpl("Function Group",
+ UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.PermissionWithCompositeActionsImpl",
+ "uri://",
+ "action2",
+ new UserSecuritySettingsImpl("Function Group",
+ UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ com.nokia.mj.impl.security.midp.authentication.InteractiveAuthenticationModuleTests.showGuidelines("Check that each of the following three prompts contains two identical texts");
+ ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\nPrompt for action1", "action1"));
+ ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\nPrompt for action2", "action2"));
+ ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\nPrompt for action1 and action2", "action1,action2"));
+ ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\nPrompt for action1 and action2", "action2,action1"));
+ try
+ {
+ ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)", "action2,action1,action3"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ try
+ {
+ ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)", "action2,action3"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ assertTrue(true);
+ // for NORMAL security mode, in case of identical prompts, only show one (even though they are part of different function groups)
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.CommProtocolPermissionImpl",
+ "comm://",
+ null,
+ new UserSecuritySettingsImpl("Low Level Net Access",
+ UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl",
+ "http://",
+ null,
+ new UserSecuritySettingsImpl("Net Access",
+ UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW and make sure this text is shown only once)"));
+ ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose ALLOW and make sure this text is shown only once)"));
+ // for USER security mode, in case of identical prompts, show them both
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.CommProtocolPermissionImpl",
+ "comm://",
+ null,
+ new UserSecuritySettingsImpl("Low Level Net Access",
+ UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl",
+ "http://",
+ null,
+ new UserSecuritySettingsImpl("Net Access",
+ UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW and make sure this text is shown twice)"));
+ ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose ALLOW and make sure this text is shown twice)"));
+ // check user permission with oneshot interaction mode -> multiple prompts and deny is oneshot deny
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.CommProtocolPermissionImpl",
+ "comm://",
+ null,
+ new UserSecuritySettingsImpl("Low Level Net Access",
+ UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose ALLOW)"));
+ try
+ {
+ ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose DENY)"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ try
+ {
+ ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose DENY)"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ storage.removeGrantedPermissions(appUID);
+ // check user permission with session interaction mode -> only one user prompt
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl",
+ "http://",
+ null,
+ new UserSecuritySettingsImpl("Net Access",
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse", "\n(choose ALLOW)"));
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)"));
+ assertTrue(ac.checkPermission("javax.microedition.io.Connector.http") == 1);
+ storage.removeGrantedPermissions(appUID);
+ assertTrue(true);
+ // isPermissionAllowed
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl",
+ "http://",
+ null,
+ new UserSecuritySettingsImpl("Net Access",
+ UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.HttpsProtocolPermissionImpl",
+ "https://",
+ null,
+ new UserSecuritySettingsImpl("Net Access",
+ UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ assertTrue(ac.checkPermission("javax.microedition.io.Connector.http") == -1);
+ assertTrue(ac.checkPermission("javax.microedition.io.Connector.https") == -1);
+ assertTrue(ac.checkPermission("javax.microedition.securityservice.CMSMessageSignatureService") == 0);
+ // show note -> choose yes
+ com.nokia.mj.impl.security.midp.authentication.InteractiveAuthenticationModuleTests.showGuidelines("Choose Yes for each of the following two prompts");
+ assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.http"));
+ assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.https"));
+ assertTrue(ac.isPermissionAllowed("javax.microedition.media.control.VideoControl.getSnapshot") == false);
+ // show note choose no
+ com.nokia.mj.impl.security.midp.authentication.InteractiveAuthenticationModuleTests.showGuidelines("Choose No for each of the following two prompts");
+ assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.http") == false);
+ assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.https") == false);
+ assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.rtsp") == false);
+ assertTrue(ac.isPermissionAllowed("javax.microedition.media.control.VideoControl.getSnapshot") == false);
+ storage.removeGrantedPermissions(appUID);
+ assertTrue(true);
+ // check user permission with session interaction mode, user says no -> second prompt is not shown in normal security mode
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl",
+ "http://",
+ null,
+ new UserSecuritySettingsImpl("Net Access",
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ try
+ {
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse","\n(choose DENY)"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ try
+ {
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ storage.removeGrantedPermissions(appUID);
+ assertTrue(true);
+
+ // check user permission with session interaction mode, user says no -> second prompt is not shown in user security mode
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl",
+ "http://",
+ null,
+ new UserSecuritySettingsImpl("Net Access",
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ try
+ {
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse","\n(choose DENY)"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ try
+ {
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ storage.removeGrantedPermissions(appUID);
+ assertTrue(true);
+ // check user permission with blanket interaction mode, user says no -> second prompt is not shown
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl",
+ "file://*",
+ "read",
+ new UserSecuritySettingsImpl("File Access",
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl",
+ "http://",
+ null,
+ new UserSecuritySettingsImpl("NetAccess",
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.NO_INTERACTION_MODE})));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ try
+ {
+ ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose DENY)"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ try
+ {
+ ac.checkPermission(new FileProtocolPermissionImpl("file://myfile2.txt","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ storage.removeGrantedPermissions(appUID);
+ assertTrue(true);
+ storage.removeGrantedPermissions(appUID);
+
+ // check user permission with blanket interaction mode, user says no -> second prompt is not shown
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl",
+ "file://*",
+ "read",
+ new UserSecuritySettingsImpl("File Access",
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl",
+ "http://",
+ null,
+ new UserSecuritySettingsImpl("NetAccess",
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.NO_INTERACTION_MODE})));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ try
+ {
+ ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose DENY)"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ try
+ {
+ ac.checkPermission(new FileProtocolPermissionImpl("file://myfile2.txt","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ storage.removeGrantedPermissions(appUID);
+ assertTrue(true);
+ storage.removeGrantedPermissions(appUID);
+ // check user permission with prompt not shown in blanket interaction mode -> one user prompt only
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl",
+ "file://*",
+ "read",
+ new UserSecuritySettingsImpl("File Access",
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl",
+ "http://",
+ null,
+ new UserSecuritySettingsImpl("NetAccess",
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.NO_INTERACTION_MODE})));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose ALLOW)"));
+ ac.checkPermission(new FileProtocolPermissionImpl("file://myfile2.txt","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)"));
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW)"));
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)"));
+ storage.removeGrantedPermissions(appUID);
+ assertTrue(true);
+ storage.removeGrantedPermissions(appUID);
+ // user permission with blanket interaction mode, show prompt, do an update, check if the promtps is still shown
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE);
+ storage.removeAuthenticationStorageData(appUID);
+ permissionGranter.removeSecurityData(session,appUID);
+ PermissionResolver.testClearCache();
+ allAttributes.clear();
+ allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2));
+ allAttributes.put(AuthenticationAttribute.MAIN_ATTRIBUTE_PREFIX + "1-1", new Attribute("", "MIICWDCCAcECBEhQwOgwDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCZmkxEjAQBgNVBAgTCVBpcmthbm1hYTEQMA4GA1UEBxMHVGFtcGVyZTEOMAwGA1UEChMFTm9raWExDTALBgNVBAsTBEphdmExHzAdBgNVBAMMFkpQX1RoaXJkX1BhcnR5X1RydXN0ZWQwHhcNMDgwNjEyMDYyMzM2WhcNMTgwNjEwMDYyMzM2WjBzMQswCQYDVQQGEwJmaTESMBAGA1UECBMJUGlya2FubWFhMRAwDgYDVQQHEwdUYW1wZXJlMQ4wDAYDVQQKEwVOb2tpYTENMAsGA1UECxMESmF2YTEfMB0GA1UEAwwWSlBfVGhpcmRfUGFydHlfVHJ1c3RlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArAesh03rswICRUjexWMoIH9ZZqUtlx+tfhZhuzuYhiL6cLdhxNlU8yuIdw4f17XP3yxVIB8rz1EEagCMd0Y5ZleNFZ992ReLcf9VH13RxaZ88PRxBLLROm1jcwTknYSS6AxGMup77DMwwFSN8XPnOHWt4aLGUrecMeUyI2c5UbsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAylJ+3aSq6a7AAL7UM8V8JhGZlLneErF7A/BJGDi7Vmr5gmlGyf6RCJJIg4qCp+J3Tv3eCRNNuphQaSRdFpaulwCmtfCzSZNtvZg0VhMOVsZqTwQgmP6NzKoIbqqzlgm5U+yUJw8FmX17vgdeSEdJ/oL/WT4AKrWFJYl8MdQ9ZnQ=="));
+ allAttributes.put(AuthenticationAttribute.SECOND_LEGACY_ATTRIBUTE_NAME ,new Attribute("", "F9/dB/WITCC1n886yppP9QTQBeQT6/8pV0UKwbTU9L8mP5qFuX2bjw7gPQZNxAC/4qNHYnmnMmwkfOPDjZzbOojdGJyEYXFyF0sBtLZKYYHylW8uXz4HDdtC1c2WHn8/Zl+a0Zoa8MjuxGRi5IVNY4XONlpPfzLxkOMVjna4KhA="));
+ allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http"));
+ securityAttributes = new SecurityAttributes();
+ securityAttributes.addDescriptorAttributes(allAttributes);
+ credentials = authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes());
+ permissionGranter.grantJadPermissions(appUID, null, securityAttributes.getPermissionAttributes(), credentials);
+ allAttributes.clear();
+ allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2));
+ allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http"));
+ securityAttributes.addManifestAttributes(allAttributes);
+ authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false);
+ permissionGranter.grantJarPermissions(session, appUID, null, securityAttributes.getPermissionAttributes());
+ permissionGranter.getBlanketPermissions(appUID);
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW)"));
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)"));
+ boolean blanketPromptShown = storage.readUserSecuritySettingsPromptFlag(appUID, "Net Access");
+ assertTrue(blanketPromptShown);
+ StorageEntry appPackageEntry = new StorageEntry();
+ appPackageEntry.addAttribute(new StorageAttribute(
+ StorageAttribute.ID,
+ appUID.getStringValue()));
+ session.remove(StorageNames.APPLICATION_PACKAGE_ATTRIBUTES_TABLE, appPackageEntry);
+ appPackageEntry.addAttribute(new StorageAttribute(
+ StorageNames.NAME,
+ "MIDlet-Certificate-1-1"));
+ appPackageEntry.addAttribute(new StorageAttribute(
+ StorageNames.VALUE,
+ "MIICWDCCAcECBEhQwOgwDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCZmkxEjAQBgNVBAgTCVBpcmthbm1hYTEQMA4GA1UEBxMHVGFtcGVyZTEOMAwGA1UEChMFTm9raWExDTALBgNVBAsTBEphdmExHzAdBgNVBAMMFkpQX1RoaXJkX1BhcnR5X1RydXN0ZWQwHhcNMDgwNjEyMDYyMzM2WhcNMTgwNjEwMDYyMzM2WjBzMQswCQYDVQQGEwJmaTESMBAGA1UECBMJUGlya2FubWFhMRAwDgYDVQQHEwdUYW1wZXJlMQ4wDAYDVQQKEwVOb2tpYTENMAsGA1UECxMESmF2YTEfMB0GA1UEAwwWSlBfVGhpcmRfUGFydHlfVHJ1c3RlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArAesh03rswICRUjexWMoIH9ZZqUtlx+tfhZhuzuYhiL6cLdhxNlU8yuIdw4f17XP3yxVIB8rz1EEagCMd0Y5ZleNFZ992ReLcf9VH13RxaZ88PRxBLLROm1jcwTknYSS6AxGMup77DMwwFSN8XPnOHWt4aLGUrecMeUyI2c5UbsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAylJ+3aSq6a7AAL7UM8V8JhGZlLneErF7A/BJGDi7Vmr5gmlGyf6RCJJIg4qCp+J3Tv3eCRNNuphQaSRdFpaulwCmtfCzSZNtvZg0VhMOVsZqTwQgmP6NzKoIbqqzlgm5U+yUJw8FmX17vgdeSEdJ/oL/WT4AKrWFJYl8MdQ9ZnQ=="));
+ session.write(StorageNames.APPLICATION_PACKAGE_ATTRIBUTES_TABLE, appPackageEntry);
+ PermissionResolver.testClearCache();
+ allAttributes.clear();
+ allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2));
+ allAttributes.put(AuthenticationAttribute.MAIN_ATTRIBUTE_PREFIX + "1-1", new Attribute("", "MIICWDCCAcECBEhQwOgwDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCZmkxEjAQBgNVBAgTCVBpcmthbm1hYTEQMA4GA1UEBxMHVGFtcGVyZTEOMAwGA1UEChMFTm9raWExDTALBgNVBAsTBEphdmExHzAdBgNVBAMMFkpQX1RoaXJkX1BhcnR5X1RydXN0ZWQwHhcNMDgwNjEyMDYyMzM2WhcNMTgwNjEwMDYyMzM2WjBzMQswCQYDVQQGEwJmaTESMBAGA1UECBMJUGlya2FubWFhMRAwDgYDVQQHEwdUYW1wZXJlMQ4wDAYDVQQKEwVOb2tpYTENMAsGA1UECxMESmF2YTEfMB0GA1UEAwwWSlBfVGhpcmRfUGFydHlfVHJ1c3RlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArAesh03rswICRUjexWMoIH9ZZqUtlx+tfhZhuzuYhiL6cLdhxNlU8yuIdw4f17XP3yxVIB8rz1EEagCMd0Y5ZleNFZ992ReLcf9VH13RxaZ88PRxBLLROm1jcwTknYSS6AxGMup77DMwwFSN8XPnOHWt4aLGUrecMeUyI2c5UbsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAylJ+3aSq6a7AAL7UM8V8JhGZlLneErF7A/BJGDi7Vmr5gmlGyf6RCJJIg4qCp+J3Tv3eCRNNuphQaSRdFpaulwCmtfCzSZNtvZg0VhMOVsZqTwQgmP6NzKoIbqqzlgm5U+yUJw8FmX17vgdeSEdJ/oL/WT4AKrWFJYl8MdQ9ZnQ=="));
+ allAttributes.put(AuthenticationAttribute.SECOND_LEGACY_ATTRIBUTE_NAME ,new Attribute("", "F9/dB/WITCC1n886yppP9QTQBeQT6/8pV0UKwbTU9L8mP5qFuX2bjw7gPQZNxAC/4qNHYnmnMmwkfOPDjZzbOojdGJyEYXFyF0sBtLZKYYHylW8uXz4HDdtC1c2WHn8/Zl+a0Zoa8MjuxGRi5IVNY4XONlpPfzLxkOMVjna4KhA="));
+ allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http"));
+ securityAttributes = new SecurityAttributes();
+ securityAttributes.addDescriptorAttributes(allAttributes);
+ credentials = authenticationModule.authenticateJad(appUID,appUID,securityAttributes.getAuthenticationAttributes());
+ permissionGranter.grantJadPermissions(appUID, null, securityAttributes.getPermissionAttributes(), credentials);
+ allAttributes.clear();
+ allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2));
+ allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http"));
+ securityAttributes.addManifestAttributes(allAttributes);
+ authenticationModule.authenticateJar(session, appUID,appUID,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false);
+ permissionGranter.grantJarPermissions(session, appUID, appUID, securityAttributes.getPermissionAttributes());
+ blanketPromptShown = storage.readUserSecuritySettingsPromptFlag(appUID, "Net Access");
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)"));
+ storage.removeAuthenticationStorageData(appUID);
+ permissionGranter.removeSecurityData(session,appUID);
+ PermissionResolver.testClearCache();
+ assertTrue(blanketPromptShown);
+ // Add check user permission with prompt shown in blanket interaction mode -> no user prompts
+ // legacy signed MIDlet, some permissions requested -> checkPermission for the granted perms succeeds and checkPermission for not granted perms fails
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ storage.removeAuthenticationStorageData(appUID);
+ storage.removeGrantedPermissions(appUID);
+ PermissionResolver.testClearCache();
+ allAttributes.clear();
+ allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2));
+ allAttributes.put(AuthenticationAttribute.MAIN_ATTRIBUTE_PREFIX + "1-1", new Attribute("", "MIICWDCCAcECBEhQwA0wDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCZmkxEjAQBgNVBAgTCVBpcmthbm1hYTEQMA4GA1UEBxMHVGFtcGVyZTEOMAwGA1UEChMFTm9raWExDTALBgNVBAsTBEphdmExHzAdBgNVBAMMFkpQX0RldmljZV9NYW51ZmFjdHVyZXIwHhcNMDgwNjEyMDYxOTU3WhcNMTgwNjEwMDYxOTU3WjBzMQswCQYDVQQGEwJmaTESMBAGA1UECBMJUGlya2FubWFhMRAwDgYDVQQHEwdUYW1wZXJlMQ4wDAYDVQQKEwVOb2tpYTENMAsGA1UECxMESmF2YTEfMB0GA1UEAwwWSlBfRGV2aWNlX01hbnVmYWN0dXJlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApi3ipIPj8O33/rZre1euh7Itd9d6ZVf2mvQ/tLpHEsFJe5XLOsVViMvFskhhKUzmDsRbP4J03L6827/vEDIi/1i8kJGLaoFqJYaLGFWI2Zmxlj6aJV8cfZyOjmQPWJn1IDEe1ZAWbvMSp8xibWRsCLNEGKIkxQvAr/QDK/6iS+kCAwEAATANBgkqhkiG9w0BAQQFAAOBgQCDXt6klAs6yKvdTab3D2wkdoi3Lu4YFsMgLexJOu5HhAUJ/9VYO+Q2+mjd95MRsTa5rWQ2Jjvhn57Z3z/KBOwfHbymmNtMk6Gl14H0vQRoHa31jh3mTuAy5KotDVthaDp30aOizk473NU68wY1WdP4gFk5ZhrpNea9q3st13BxIQ=="));
+ allAttributes.put(AuthenticationAttribute.SECOND_LEGACY_ATTRIBUTE_NAME ,new Attribute("", "IcANmLKiOJQF8ABCNDj1PNNH/O8v9jfCVuiGBVm8enXDkM/gLwPjrC65sDKpOCHPqssUlHzjmVN5b9g8aRs4jxUOXNt2b732J7NSIPh97vw/WrP/KHdiooi/1KFUyklMyokK9ZrIv+GW1ttLCfKbuFupT9zmPAmWJQpnuD7J6sE="));
+ allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http"));
+ securityAttributes = new SecurityAttributes();
+ securityAttributes.addDescriptorAttributes(allAttributes);
+ credentials = authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes());
+ permissionGranter.grantJadPermissions(appUID, null, securityAttributes.getPermissionAttributes(), credentials);
+ allAttributes.clear();
+ allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2));
+ allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http"));
+ securityAttributes.addManifestAttributes(allAttributes);
+ authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false);
+ permissionGranter.grantJarPermissions(session, appUID, null, securityAttributes.getPermissionAttributes());
+ signingCerts = authenticationModule.getCertificatesDetails(session, appUID);
+ assertTrue(signingCerts != null
+ && signingCerts.length == 1
+ && signingCerts[0].getIssuer() != null
+ && signingCerts[0].getDateNotAfter() != null
+ && signingCerts[0].getDateNotBefore() != null
+ && signingCerts[0].getValidFrom() != null
+ && signingCerts[0].getValidUntil() != null
+ && signingCerts[0].getSerialNumber() != null
+ && signingCerts[0].getFingerprint() != null
+ && signingCerts[0].getFormattedFingerprint() != null
+ && signingCerts[0].getSubject() != null
+ && signingCerts[0].getOrganization() != null
+ && signingCerts[0].getProtectionDomain() != null
+ && signingCerts[0].getProtectionDomain().getName() != null
+ && signingCerts[0].getProtectionDomain().getCategory() != null);
+ ac.checkPermission(new SocketProtocolPermissionImpl("socket://100", "\n(choose ALLOW)"));
+ //ac.checkPermission(new HttpProtocolPermission("http://url"));
+ ac.checkPermission(new SocketProtocolPermissionImpl("socket://100", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED"));
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://url", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED"));
+ // 2 legacy unsigned MIDlets, install from JAD -> checkPermission succeeds with multiple prompts
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ storage.removeAuthenticationStorageData(appUID);
+ storage.removeGrantedPermissions(appUID);
+ PermissionResolver.testClearCache();
+ allAttributes.clear();
+ allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2));
+ securityAttributes = new SecurityAttributes();
+ securityAttributes.addDescriptorAttributes(allAttributes);
+ credentials = authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes());
+ permissionGranter.grantJadPermissions(appUID, null, securityAttributes.getPermissionAttributes(), credentials);
+ allAttributes.clear();
+ allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2));
+ securityAttributes.addManifestAttributes(allAttributes);
+ authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false);
+ permissionGranter.grantJarPermissions(session, appUID, null, securityAttributes.getPermissionAttributes());
+ signingCerts = authenticationModule.getCertificatesDetails(session, appUID);
+ assertTrue(signingCerts == null);
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://url", "\n(choose ALLOW)"));
+ ac.checkPermission(new HttpsProtocolPermissionImpl("https://url1", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED"));
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose ALLOW)"));
+ ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose ALLOW)"));
+ try
+ {
+ ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose DENY)"));
+ assertTrue(false);
+ }
+ catch (AccessControlException e)
+ {
+ assertTrue(true);
+ }
+ storage.removeGrantedPermissions(appUID);
+ /* Uncomment if the mutual exclusive rules are to be applied in runtime security prompts
+ // 2 check mutual exclusive rules: auto invocation is already set to blanket, then Net Access is set to Blanket -> check that auto invocation is changed to max allowed (exclusing blanket)
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "something",
+ "*",
+ "autoinvocation",
+ new UserSecuritySettingsImpl("Application Auto Invocation",
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE})));
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl",
+ "http://",
+ null,
+ new UserSecuritySettingsImpl("Net Access",
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE})));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW)"));
+ Vector readPermissions = storage.readGrantedPermissions(appUID);
+ boolean success = false;
+ for(int i=0; i<readPermissions.size(); i++)
+ {
+ UserSecuritySettings settings =
+ ((PolicyBasedPermission)readPermissions.elementAt(i))
+ .getUserSecuritySettings();
+ if (settings != null && settings.getName()
+ .equalsIgnoreCase("Application Auto Invocation"))
+ {
+ success = (settings.getCurrentInteractionMode()
+ == UserSecuritySettings.SESSION_INTERACTION_MODE);
+ }
+ }
+ storage.removeGrantedPermissions(appUID);
+ assertTrue(success);*/
+ // test parralel instances of the ui: show a security prompt, show an error, destroy the ui for error, destroy the ui for the security prompt
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.CommProtocolPermissionImpl",
+ "comm://",
+ null,
+ new UserSecuritySettingsImpl("Low Level Net Access",
+ UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose ALLOW)"));
+ RuntimeUi ui = RuntimeUiFactory.getRuntimeUi();
+ ExceptionBase exc = new ExceptionBase(
+ new SecurityErrorMessage(),
+ SecurityErrorMessage.JAR_TAMPERED,
+ null,
+ new SecurityDetailedErrorMessage(),
+ SecurityDetailedErrorMessage.JAR_TAMPERED,
+ null);
+ ui.error(appName, exc);
+ ui.destroy();
+ // check prompt for blanket
+ GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl",
+ "file://*",
+ "read",
+ new UserSecuritySettingsImpl("File Access",
+ UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ UserSecuritySettings.SESSION_INTERACTION_MODE,
+ UserSecuritySettings.BLANKET_INTERACTION_MODE,
+ UserSecuritySettings.NO_INTERACTION_MODE
+ })));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ ac.checkPermission(new FileProtocolPermissionImpl("file://blahblah","read","\n(choose ALLOW)"));
+ ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED\")"));
+ ac.checkPermission(new FileProtocolPermissionImpl("file://blahblah","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED"));
+ storage.removeGrantedPermissions(appUID);
+ assertTrue(true);
+ AccessControllerFactoryImpl.destroyAccessController(appUID);
+ /* Uncomment this from time to time and check if QT still fails: create QT thread, destroy QT thread, create QT thread -> this fails
+ // test sequential instances of the ui: show an error, destroy the ui for the error, show security prompt, destroy ui for security prompt
+ ui = RuntimeUiFactory.getRuntimeUi();
+ exc = new ExceptionBase(
+ new SecurityErrorMessage(),
+ SecurityErrorMessage.CERT_NOT_AVAILABLE,
+ null,
+ new SecurityDetailedErrorMessage(),
+ SecurityDetailedErrorMessage.CERT_DISABLED,
+ null);
+ ui.error("myMIDlet", exc);
+ ui.destroy();
+ ac = AccessControllerFactoryImpl.getAccessController(appUID, appName);
+ PermissionResolver.testClearCache();
+ grantedPermissions = new Vector();
+ grantedPermissions.addElement(new PolicyBasedPermissionImpl(
+ "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl",
+ "file://*",
+ "read",
+ new UserSecuritySettingsImpl("Low Level Net Access",
+ UserSecuritySettings.ONESHOT_INTERACTION_MODE,
+ new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE})));
+ storage.removeGrantedPermissions(appUID);
+ storage.writeGrantedPermissions(appUID, null, grantedPermissions);
+ ac.checkPermission(new FileProtocolPermissionImpl("file://somepath/somesub-path/somefile.someextension", "\n(choose ALLOW)"));
+ AccessControllerFactoryImpl.destroyAccessController(appUID);*/
+ session.remove(StorageNames.MIDP_PACKAGE_TABLE, appUID);
+ PermissionMappingTable.setMappingTable(IMPL_PERMISSION_MAPPING_TABLE);
+ SecurityPolicyModule.policiesDir = TEST_DATA_DIR + "securitypolicies" + System.getProperty("file.separator");
+ }
+}