diff -r e8e63152f320 -r 2a9601315dfc javacommons/security/tsrc/javasrc/com/nokia/mj/impl/security/midp/authorization/InteractiveAccessControllerTests.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/javacommons/security/tsrc/javasrc/com/nokia/mj/impl/security/midp/authorization/InteractiveAccessControllerTests.java Mon May 03 12:27:20 2010 +0300 @@ -0,0 +1,877 @@ +/* +* Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* +*/ + + +package com.nokia.mj.impl.security.midp.authorization; + + + +import java.util.Hashtable; +import com.nokia.mj.impl.utils.Uid; +import com.nokia.mj.impl.installer.utils.InstallerMain; +import com.nokia.mj.impl.security.midp.authorization.AccessControllerImpl; +import com.nokia.mj.impl.security.midp.authorization.PermissionResolver; +import com.nokia.mj.impl.security.midp.authorization.AccessControllerFactoryImpl; +import com.nokia.mj.impl.utils.exception.ExceptionBase; +import com.nokia.mj.impl.security.midp.authentication.AuthenticationModule; +import com.nokia.mj.impl.security.midp.authorization.PermissionGranter; +import com.nokia.mj.impl.security.midp.common.AuthenticationCredentials; +import com.nokia.mj.impl.security.midp.common.SecurityAttributes; +import com.nokia.mj.impl.security.midp.common.SigningCertificate; +import com.nokia.mj.impl.security.midp.common.AuthenticationAttribute; +import com.nokia.mj.impl.security.midp.common.MIDPPermission; +import com.nokia.mj.impl.security.midp.common.PermissionMappingTable; +import com.nokia.mj.impl.security.midp.common.TestPermissionMappingTable; +import com.nokia.mj.impl.utils.Attribute; +import com.nokia.mj.impl.security.utils.*; +import java.security.*; +//import javax.microedition.io.*; +import com.nokia.mj.impl.security.midp.storage.SecurityStorage; +import com.nokia.mj.impl.storage.*; +import com.nokia.mj.impl.security.midp.common.PolicyBasedPermission; +import com.nokia.mj.impl.security.midp.common.PolicyBasedPermissionImpl; +import com.nokia.mj.impl.security.midp.common.UserSecuritySettings; +import com.nokia.mj.impl.security.midp.common.GeneralSecuritySettings; +import com.nokia.mj.impl.security.midp.common.UserSecuritySettingsImpl; +import com.nokia.mj.impl.rt.ui.RuntimeUiFactory; +import com.nokia.mj.impl.rt.ui.RuntimeUi; + +import j2meunit.framework.Test; +import j2meunit.framework.TestCase; +import j2meunit.framework.TestMethod; +import j2meunit.framework.TestSuite; + +import java.util.Vector; + +/** + * Interactive AccessController unit tests. + */ +public class InteractiveAccessControllerTests extends TestCase implements InstallerMain +{ + + private static String TEST_DATA_DIR; + + static + { + String platform = System.getProperty("os.name"); + if (platform != null && platform.equalsIgnoreCase("linux")) + { + TEST_DATA_DIR = System.getProperty("JAVA_BIN_ROOT") + "/securitytestdata/"; + } + else + { + TEST_DATA_DIR = "C:\\java\\securitytestdata\\"; + } + } + + /** + * Hashtable holding all the attributes. Tests populate this hashtable + * prior to being executed + */ + protected Hashtable allAttributes; + + AuthenticationModule authenticationModule; + PermissionGranter permissionGranter; + + // general-purpose constants + protected static final String MIDP_PROFILE_ATTRIBUTE_NAME = "MicroEdition-Profile"; + protected static final String MIDP3 = "MIDP-3.0"; + protected static final String MIDP2 = "MIDP-2.0"; + private static final String COMMA = ","; + + /** + * The implementation's mapping between (MIDP2 and MIDP3 permissions) and the + * internal class permissions + */ + private Hashtable IMPL_PERMISSION_MAPPING_TABLE; + + /** + * The mapping between (MIDP2 and MIDP3 permissions) and the internal + * class permissions + */ + //private Hashtable TEST_PERMISSION_MAPPING_TABLE; + + // Begin j2meunit test framework setup + public void installerMain(String[] args) + { + TestSuite suite = new TestSuite(this.getClass().getName()); + + suite.addTest(new InteractiveAccessControllerTests("testAVKONSecurityPrompts", new TestMethod() + { + public void run(TestCase tc) + { + ((InteractiveAccessControllerTests)tc).testAVKONSecurityPrompts(); + } + })); + + com.nokia.mj.impl.utils.OmjTestRunner.run(suite); + } + + public InteractiveAccessControllerTests() + { + } + + public InteractiveAccessControllerTests(String aTestName, TestMethod aTestMethod) + { + super(aTestName, aTestMethod); + } + + public void assertFalse(String aMsg, boolean aCondition) + { + assertTrue(aMsg, !aCondition); + } + + // End j2meunit test framework setup + + protected void setUp() + { + authenticationModule = authenticationModule.getInstance(); + permissionGranter = permissionGranter.getInstance(); + } + + protected void tearDown() + { + } + + private void testAVKONSecurityPrompts() + { + System.setProperty("com.nokia.mj.impl.rt.ui", "com.nokia.mj.impl.rt.ui.avkon.RuntimeUiAvkon"); + testSecurityPrompts(); + } + + private void testSecurityPrompts() + { + // init the new mapping & policies + //initMappingTable(); + IMPL_PERMISSION_MAPPING_TABLE = PermissionMappingTable.setMappingTable(TestPermissionMappingTable.getMappingTable()); + SecurityPolicyModule.policiesDir = TEST_DATA_DIR; + SecurityPolicyModule.policiesFileNamePrefix = "test_"; + allAttributes = new Hashtable(); + SecurityAttributes securityAttributes; + SigningCertificate[] signingCerts; + AuthenticationCredentials[] credentials; + Uid appUID = Uid.createUid("myAppUID"); + String appName = "InteractiveSecurityTests"; + SecurityStorage storage = new SecurityStorage(); + StorageSession session = StorageFactory.createSession(); + session.open(); + Vector grantedPermissions; + storage.removeGrantedPermissions(appUID); + AccessControllerImpl ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + session.remove(StorageNames.MIDP_PACKAGE_TABLE, appUID); + StorageEntry entry = new StorageEntry(); + entry.addAttribute(new StorageAttribute( + StorageNames.ID, + appUID.getStringValue())); + entry.addAttribute(new StorageAttribute( + StorageNames.SECURITY_WARNINGS, + "" + GeneralSecuritySettings.DEFAULT_SECURITY_MODE)); + session.write(StorageNames.MIDP_PACKAGE_TABLE, entry); + // prompts for composite actions + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.PermissionWithCompositeActionsImpl", + "uri://", + "action1", + new UserSecuritySettingsImpl("Function Group", + UserSecuritySettings.ONESHOT_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.PermissionWithCompositeActionsImpl", + "uri://", + "action2", + new UserSecuritySettingsImpl("Function Group", + UserSecuritySettings.ONESHOT_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + com.nokia.mj.impl.security.midp.authentication.InteractiveAuthenticationModuleTests.showGuidelines("Check that each of the following three prompts contains two identical texts"); + ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\nPrompt for action1", "action1")); + ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\nPrompt for action2", "action2")); + ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\nPrompt for action1 and action2", "action1,action2")); + ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\nPrompt for action1 and action2", "action2,action1")); + try + { + ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)", "action2,action1,action3")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + try + { + ac.checkPermission(new PermissionWithCompositeActionsImpl("uri://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)", "action2,action3")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + assertTrue(true); + // for NORMAL security mode, in case of identical prompts, only show one (even though they are part of different function groups) + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.CommProtocolPermissionImpl", + "comm://", + null, + new UserSecuritySettingsImpl("Low Level Net Access", + UserSecuritySettings.ONESHOT_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.SESSION_INTERACTION_MODE, + UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", + "http://", + null, + new UserSecuritySettingsImpl("Net Access", + UserSecuritySettings.ONESHOT_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.SESSION_INTERACTION_MODE, + UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW and make sure this text is shown only once)")); + ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose ALLOW and make sure this text is shown only once)")); + // for USER security mode, in case of identical prompts, show them both + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.CommProtocolPermissionImpl", + "comm://", + null, + new UserSecuritySettingsImpl("Low Level Net Access", + UserSecuritySettings.ONESHOT_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.SESSION_INTERACTION_MODE, + UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", + "http://", + null, + new UserSecuritySettingsImpl("Net Access", + UserSecuritySettings.ONESHOT_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.SESSION_INTERACTION_MODE, + UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW and make sure this text is shown twice)")); + ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose ALLOW and make sure this text is shown twice)")); + // check user permission with oneshot interaction mode -> multiple prompts and deny is oneshot deny + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.CommProtocolPermissionImpl", + "comm://", + null, + new UserSecuritySettingsImpl("Low Level Net Access", + UserSecuritySettings.ONESHOT_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.SESSION_INTERACTION_MODE, + UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose ALLOW)")); + try + { + ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose DENY)")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + try + { + ac.checkPermission(new CommProtocolPermissionImpl("comm://", "\n(choose DENY)")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + storage.removeGrantedPermissions(appUID); + // check user permission with session interaction mode -> only one user prompt + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", + "http://", + null, + new UserSecuritySettingsImpl("Net Access", + UserSecuritySettings.SESSION_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.SESSION_INTERACTION_MODE, + UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse", "\n(choose ALLOW)")); + ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); + assertTrue(ac.checkPermission("javax.microedition.io.Connector.http") == 1); + storage.removeGrantedPermissions(appUID); + assertTrue(true); + // isPermissionAllowed + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", + "http://", + null, + new UserSecuritySettingsImpl("Net Access", + UserSecuritySettings.ONESHOT_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.HttpsProtocolPermissionImpl", + "https://", + null, + new UserSecuritySettingsImpl("Net Access", + UserSecuritySettings.ONESHOT_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + assertTrue(ac.checkPermission("javax.microedition.io.Connector.http") == -1); + assertTrue(ac.checkPermission("javax.microedition.io.Connector.https") == -1); + assertTrue(ac.checkPermission("javax.microedition.securityservice.CMSMessageSignatureService") == 0); + // show note -> choose yes + com.nokia.mj.impl.security.midp.authentication.InteractiveAuthenticationModuleTests.showGuidelines("Choose Yes for each of the following two prompts"); + assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.http")); + assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.https")); + assertTrue(ac.isPermissionAllowed("javax.microedition.media.control.VideoControl.getSnapshot") == false); + // show note choose no + com.nokia.mj.impl.security.midp.authentication.InteractiveAuthenticationModuleTests.showGuidelines("Choose No for each of the following two prompts"); + assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.http") == false); + assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.https") == false); + assertTrue(ac.isPermissionAllowed("javax.microedition.io.Connector.rtsp") == false); + assertTrue(ac.isPermissionAllowed("javax.microedition.media.control.VideoControl.getSnapshot") == false); + storage.removeGrantedPermissions(appUID); + assertTrue(true); + // check user permission with session interaction mode, user says no -> second prompt is not shown in normal security mode + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", + "http://", + null, + new UserSecuritySettingsImpl("Net Access", + UserSecuritySettings.SESSION_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.SESSION_INTERACTION_MODE, + UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + try + { + ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse","\n(choose DENY)")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + try + { + ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + storage.removeGrantedPermissions(appUID); + assertTrue(true); + + // check user permission with session interaction mode, user says no -> second prompt is not shown in user security mode + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", + "http://", + null, + new UserSecuritySettingsImpl("Net Access", + UserSecuritySettings.SESSION_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.SESSION_INTERACTION_MODE, + UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + try + { + ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse","\n(choose DENY)")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + try + { + ac.checkPermission(new HttpProtocolPermissionImpl("http://somethingelse", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + storage.removeGrantedPermissions(appUID); + assertTrue(true); + // check user permission with blanket interaction mode, user says no -> second prompt is not shown + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl", + "file://*", + "read", + new UserSecuritySettingsImpl("File Access", + UserSecuritySettings.BLANKET_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.SESSION_INTERACTION_MODE, + UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", + "http://", + null, + new UserSecuritySettingsImpl("NetAccess", + UserSecuritySettings.BLANKET_INTERACTION_MODE, + new int[] { UserSecuritySettings.NO_INTERACTION_MODE}))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + try + { + ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose DENY)")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + try + { + ac.checkPermission(new FileProtocolPermissionImpl("file://myfile2.txt","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + storage.removeGrantedPermissions(appUID); + assertTrue(true); + storage.removeGrantedPermissions(appUID); + + // check user permission with blanket interaction mode, user says no -> second prompt is not shown + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl", + "file://*", + "read", + new UserSecuritySettingsImpl("File Access", + UserSecuritySettings.BLANKET_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.SESSION_INTERACTION_MODE, + UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", + "http://", + null, + new UserSecuritySettingsImpl("NetAccess", + UserSecuritySettings.BLANKET_INTERACTION_MODE, + new int[] { UserSecuritySettings.NO_INTERACTION_MODE}))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + try + { + ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose DENY)")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + try + { + ac.checkPermission(new FileProtocolPermissionImpl("file://myfile2.txt","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + storage.removeGrantedPermissions(appUID); + assertTrue(true); + storage.removeGrantedPermissions(appUID); + // check user permission with prompt not shown in blanket interaction mode -> one user prompt only + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl", + "file://*", + "read", + new UserSecuritySettingsImpl("File Access", + UserSecuritySettings.BLANKET_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.SESSION_INTERACTION_MODE, + UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE + }))); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", + "http://", + null, + new UserSecuritySettingsImpl("NetAccess", + UserSecuritySettings.BLANKET_INTERACTION_MODE, + new int[] { UserSecuritySettings.NO_INTERACTION_MODE}))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose ALLOW)")); + ac.checkPermission(new FileProtocolPermissionImpl("file://myfile2.txt","read", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); + ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW)")); + ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); + storage.removeGrantedPermissions(appUID); + assertTrue(true); + storage.removeGrantedPermissions(appUID); + // user permission with blanket interaction mode, show prompt, do an update, check if the promtps is still shown + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); + storage.removeAuthenticationStorageData(appUID); + permissionGranter.removeSecurityData(session,appUID); + PermissionResolver.testClearCache(); + allAttributes.clear(); + allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); + allAttributes.put(AuthenticationAttribute.MAIN_ATTRIBUTE_PREFIX + "1-1", new Attribute("", "MIICWDCCAcECBEhQwOgwDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCZmkxEjAQBgNVBAgTCVBpcmthbm1hYTEQMA4GA1UEBxMHVGFtcGVyZTEOMAwGA1UEChMFTm9raWExDTALBgNVBAsTBEphdmExHzAdBgNVBAMMFkpQX1RoaXJkX1BhcnR5X1RydXN0ZWQwHhcNMDgwNjEyMDYyMzM2WhcNMTgwNjEwMDYyMzM2WjBzMQswCQYDVQQGEwJmaTESMBAGA1UECBMJUGlya2FubWFhMRAwDgYDVQQHEwdUYW1wZXJlMQ4wDAYDVQQKEwVOb2tpYTENMAsGA1UECxMESmF2YTEfMB0GA1UEAwwWSlBfVGhpcmRfUGFydHlfVHJ1c3RlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArAesh03rswICRUjexWMoIH9ZZqUtlx+tfhZhuzuYhiL6cLdhxNlU8yuIdw4f17XP3yxVIB8rz1EEagCMd0Y5ZleNFZ992ReLcf9VH13RxaZ88PRxBLLROm1jcwTknYSS6AxGMup77DMwwFSN8XPnOHWt4aLGUrecMeUyI2c5UbsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAylJ+3aSq6a7AAL7UM8V8JhGZlLneErF7A/BJGDi7Vmr5gmlGyf6RCJJIg4qCp+J3Tv3eCRNNuphQaSRdFpaulwCmtfCzSZNtvZg0VhMOVsZqTwQgmP6NzKoIbqqzlgm5U+yUJw8FmX17vgdeSEdJ/oL/WT4AKrWFJYl8MdQ9ZnQ==")); + allAttributes.put(AuthenticationAttribute.SECOND_LEGACY_ATTRIBUTE_NAME ,new Attribute("", "F9/dB/WITCC1n886yppP9QTQBeQT6/8pV0UKwbTU9L8mP5qFuX2bjw7gPQZNxAC/4qNHYnmnMmwkfOPDjZzbOojdGJyEYXFyF0sBtLZKYYHylW8uXz4HDdtC1c2WHn8/Zl+a0Zoa8MjuxGRi5IVNY4XONlpPfzLxkOMVjna4KhA=")); + allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http")); + securityAttributes = new SecurityAttributes(); + securityAttributes.addDescriptorAttributes(allAttributes); + credentials = authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); + permissionGranter.grantJadPermissions(appUID, null, securityAttributes.getPermissionAttributes(), credentials); + allAttributes.clear(); + allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); + allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http")); + securityAttributes.addManifestAttributes(allAttributes); + authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); + permissionGranter.grantJarPermissions(session, appUID, null, securityAttributes.getPermissionAttributes()); + permissionGranter.getBlanketPermissions(appUID); + ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW)")); + ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); + boolean blanketPromptShown = storage.readUserSecuritySettingsPromptFlag(appUID, "Net Access"); + assertTrue(blanketPromptShown); + StorageEntry appPackageEntry = new StorageEntry(); + appPackageEntry.addAttribute(new StorageAttribute( + StorageAttribute.ID, + appUID.getStringValue())); + session.remove(StorageNames.APPLICATION_PACKAGE_ATTRIBUTES_TABLE, appPackageEntry); + appPackageEntry.addAttribute(new StorageAttribute( + StorageNames.NAME, + "MIDlet-Certificate-1-1")); + appPackageEntry.addAttribute(new StorageAttribute( + StorageNames.VALUE, + "MIICWDCCAcECBEhQwOgwDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCZmkxEjAQBgNVBAgTCVBpcmthbm1hYTEQMA4GA1UEBxMHVGFtcGVyZTEOMAwGA1UEChMFTm9raWExDTALBgNVBAsTBEphdmExHzAdBgNVBAMMFkpQX1RoaXJkX1BhcnR5X1RydXN0ZWQwHhcNMDgwNjEyMDYyMzM2WhcNMTgwNjEwMDYyMzM2WjBzMQswCQYDVQQGEwJmaTESMBAGA1UECBMJUGlya2FubWFhMRAwDgYDVQQHEwdUYW1wZXJlMQ4wDAYDVQQKEwVOb2tpYTENMAsGA1UECxMESmF2YTEfMB0GA1UEAwwWSlBfVGhpcmRfUGFydHlfVHJ1c3RlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArAesh03rswICRUjexWMoIH9ZZqUtlx+tfhZhuzuYhiL6cLdhxNlU8yuIdw4f17XP3yxVIB8rz1EEagCMd0Y5ZleNFZ992ReLcf9VH13RxaZ88PRxBLLROm1jcwTknYSS6AxGMup77DMwwFSN8XPnOHWt4aLGUrecMeUyI2c5UbsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAylJ+3aSq6a7AAL7UM8V8JhGZlLneErF7A/BJGDi7Vmr5gmlGyf6RCJJIg4qCp+J3Tv3eCRNNuphQaSRdFpaulwCmtfCzSZNtvZg0VhMOVsZqTwQgmP6NzKoIbqqzlgm5U+yUJw8FmX17vgdeSEdJ/oL/WT4AKrWFJYl8MdQ9ZnQ==")); + session.write(StorageNames.APPLICATION_PACKAGE_ATTRIBUTES_TABLE, appPackageEntry); + PermissionResolver.testClearCache(); + allAttributes.clear(); + allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); + allAttributes.put(AuthenticationAttribute.MAIN_ATTRIBUTE_PREFIX + "1-1", new Attribute("", "MIICWDCCAcECBEhQwOgwDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCZmkxEjAQBgNVBAgTCVBpcmthbm1hYTEQMA4GA1UEBxMHVGFtcGVyZTEOMAwGA1UEChMFTm9raWExDTALBgNVBAsTBEphdmExHzAdBgNVBAMMFkpQX1RoaXJkX1BhcnR5X1RydXN0ZWQwHhcNMDgwNjEyMDYyMzM2WhcNMTgwNjEwMDYyMzM2WjBzMQswCQYDVQQGEwJmaTESMBAGA1UECBMJUGlya2FubWFhMRAwDgYDVQQHEwdUYW1wZXJlMQ4wDAYDVQQKEwVOb2tpYTENMAsGA1UECxMESmF2YTEfMB0GA1UEAwwWSlBfVGhpcmRfUGFydHlfVHJ1c3RlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArAesh03rswICRUjexWMoIH9ZZqUtlx+tfhZhuzuYhiL6cLdhxNlU8yuIdw4f17XP3yxVIB8rz1EEagCMd0Y5ZleNFZ992ReLcf9VH13RxaZ88PRxBLLROm1jcwTknYSS6AxGMup77DMwwFSN8XPnOHWt4aLGUrecMeUyI2c5UbsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAylJ+3aSq6a7AAL7UM8V8JhGZlLneErF7A/BJGDi7Vmr5gmlGyf6RCJJIg4qCp+J3Tv3eCRNNuphQaSRdFpaulwCmtfCzSZNtvZg0VhMOVsZqTwQgmP6NzKoIbqqzlgm5U+yUJw8FmX17vgdeSEdJ/oL/WT4AKrWFJYl8MdQ9ZnQ==")); + allAttributes.put(AuthenticationAttribute.SECOND_LEGACY_ATTRIBUTE_NAME ,new Attribute("", "F9/dB/WITCC1n886yppP9QTQBeQT6/8pV0UKwbTU9L8mP5qFuX2bjw7gPQZNxAC/4qNHYnmnMmwkfOPDjZzbOojdGJyEYXFyF0sBtLZKYYHylW8uXz4HDdtC1c2WHn8/Zl+a0Zoa8MjuxGRi5IVNY4XONlpPfzLxkOMVjna4KhA=")); + allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http")); + securityAttributes = new SecurityAttributes(); + securityAttributes.addDescriptorAttributes(allAttributes); + credentials = authenticationModule.authenticateJad(appUID,appUID,securityAttributes.getAuthenticationAttributes()); + permissionGranter.grantJadPermissions(appUID, null, securityAttributes.getPermissionAttributes(), credentials); + allAttributes.clear(); + allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); + allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http")); + securityAttributes.addManifestAttributes(allAttributes); + authenticationModule.authenticateJar(session, appUID,appUID,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); + permissionGranter.grantJarPermissions(session, appUID, appUID, securityAttributes.getPermissionAttributes()); + blanketPromptShown = storage.readUserSecuritySettingsPromptFlag(appUID, "Net Access"); + ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED)")); + storage.removeAuthenticationStorageData(appUID); + permissionGranter.removeSecurityData(session,appUID); + PermissionResolver.testClearCache(); + assertTrue(blanketPromptShown); + // Add check user permission with prompt shown in blanket interaction mode -> no user prompts + // legacy signed MIDlet, some permissions requested -> checkPermission for the granted perms succeeds and checkPermission for not granted perms fails + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + storage.removeAuthenticationStorageData(appUID); + storage.removeGrantedPermissions(appUID); + PermissionResolver.testClearCache(); + allAttributes.clear(); + allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); + allAttributes.put(AuthenticationAttribute.MAIN_ATTRIBUTE_PREFIX + "1-1", new Attribute("", "MIICWDCCAcECBEhQwA0wDQYJKoZIhvcNAQEEBQAwczELMAkGA1UEBhMCZmkxEjAQBgNVBAgTCVBpcmthbm1hYTEQMA4GA1UEBxMHVGFtcGVyZTEOMAwGA1UEChMFTm9raWExDTALBgNVBAsTBEphdmExHzAdBgNVBAMMFkpQX0RldmljZV9NYW51ZmFjdHVyZXIwHhcNMDgwNjEyMDYxOTU3WhcNMTgwNjEwMDYxOTU3WjBzMQswCQYDVQQGEwJmaTESMBAGA1UECBMJUGlya2FubWFhMRAwDgYDVQQHEwdUYW1wZXJlMQ4wDAYDVQQKEwVOb2tpYTENMAsGA1UECxMESmF2YTEfMB0GA1UEAwwWSlBfRGV2aWNlX01hbnVmYWN0dXJlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApi3ipIPj8O33/rZre1euh7Itd9d6ZVf2mvQ/tLpHEsFJe5XLOsVViMvFskhhKUzmDsRbP4J03L6827/vEDIi/1i8kJGLaoFqJYaLGFWI2Zmxlj6aJV8cfZyOjmQPWJn1IDEe1ZAWbvMSp8xibWRsCLNEGKIkxQvAr/QDK/6iS+kCAwEAATANBgkqhkiG9w0BAQQFAAOBgQCDXt6klAs6yKvdTab3D2wkdoi3Lu4YFsMgLexJOu5HhAUJ/9VYO+Q2+mjd95MRsTa5rWQ2Jjvhn57Z3z/KBOwfHbymmNtMk6Gl14H0vQRoHa31jh3mTuAy5KotDVthaDp30aOizk473NU68wY1WdP4gFk5ZhrpNea9q3st13BxIQ==")); + allAttributes.put(AuthenticationAttribute.SECOND_LEGACY_ATTRIBUTE_NAME ,new Attribute("", "IcANmLKiOJQF8ABCNDj1PNNH/O8v9jfCVuiGBVm8enXDkM/gLwPjrC65sDKpOCHPqssUlHzjmVN5b9g8aRs4jxUOXNt2b732J7NSIPh97vw/WrP/KHdiooi/1KFUyklMyokK9ZrIv+GW1ttLCfKbuFupT9zmPAmWJQpnuD7J6sE=")); + allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http")); + securityAttributes = new SecurityAttributes(); + securityAttributes.addDescriptorAttributes(allAttributes); + credentials = authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); + permissionGranter.grantJadPermissions(appUID, null, securityAttributes.getPermissionAttributes(), credentials); + allAttributes.clear(); + allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); + allAttributes.put(com.nokia.mj.impl.security.midp.common.PermissionAttribute.MANDATORY_LEGACY_ATTRIBUTE_NAME, new Attribute("","javax.microedition.io.Connector.socket,javax.microedition.io.Connector.http")); + securityAttributes.addManifestAttributes(allAttributes); + authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); + permissionGranter.grantJarPermissions(session, appUID, null, securityAttributes.getPermissionAttributes()); + signingCerts = authenticationModule.getCertificatesDetails(session, appUID); + assertTrue(signingCerts != null + && signingCerts.length == 1 + && signingCerts[0].getIssuer() != null + && signingCerts[0].getDateNotAfter() != null + && signingCerts[0].getDateNotBefore() != null + && signingCerts[0].getValidFrom() != null + && signingCerts[0].getValidUntil() != null + && signingCerts[0].getSerialNumber() != null + && signingCerts[0].getFingerprint() != null + && signingCerts[0].getFormattedFingerprint() != null + && signingCerts[0].getSubject() != null + && signingCerts[0].getOrganization() != null + && signingCerts[0].getProtectionDomain() != null + && signingCerts[0].getProtectionDomain().getName() != null + && signingCerts[0].getProtectionDomain().getCategory() != null); + ac.checkPermission(new SocketProtocolPermissionImpl("socket://100", "\n(choose ALLOW)")); + //ac.checkPermission(new HttpProtocolPermission("http://url")); + ac.checkPermission(new SocketProtocolPermissionImpl("socket://100", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED")); + ac.checkPermission(new HttpProtocolPermissionImpl("http://url", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED")); + // 2 legacy unsigned MIDlets, install from JAD -> checkPermission succeeds with multiple prompts + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + storage.removeAuthenticationStorageData(appUID); + storage.removeGrantedPermissions(appUID); + PermissionResolver.testClearCache(); + allAttributes.clear(); + allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); + securityAttributes = new SecurityAttributes(); + securityAttributes.addDescriptorAttributes(allAttributes); + credentials = authenticationModule.authenticateJad(appUID,null,securityAttributes.getAuthenticationAttributes()); + permissionGranter.grantJadPermissions(appUID, null, securityAttributes.getPermissionAttributes(), credentials); + allAttributes.clear(); + allAttributes.put(MIDP_PROFILE_ATTRIBUTE_NAME,new Attribute("",MIDP2)); + securityAttributes.addManifestAttributes(allAttributes); + authenticationModule.authenticateJar(session, appUID,null,TEST_DATA_DIR + "security_tmp" + System.getProperty("file.separator") + "HelloWorld.jar", false); + permissionGranter.grantJarPermissions(session, appUID, null, securityAttributes.getPermissionAttributes()); + signingCerts = authenticationModule.getCertificatesDetails(session, appUID); + assertTrue(signingCerts == null); + ac.checkPermission(new HttpProtocolPermissionImpl("http://url", "\n(choose ALLOW)")); + ac.checkPermission(new HttpsProtocolPermissionImpl("https://url1", "\n(IF YOU SEE THIS PROMPT THE TEST FAILED")); + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.USER_SECURITY_MODE); + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose ALLOW)")); + ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose ALLOW)")); + try + { + ac.checkPermission(new FileProtocolPermissionImpl("file://myfile1.txt","read", "\n(choose DENY)")); + assertTrue(false); + } + catch (AccessControlException e) + { + assertTrue(true); + } + storage.removeGrantedPermissions(appUID); + /* Uncomment if the mutual exclusive rules are to be applied in runtime security prompts + // 2 check mutual exclusive rules: auto invocation is already set to blanket, then Net Access is set to Blanket -> check that auto invocation is changed to max allowed (exclusing blanket) + GeneralSecuritySettings.setSecurityWarningsMode(session, appUID, GeneralSecuritySettings.DEFAULT_SECURITY_MODE); + AccessControllerFactoryImpl.destroyAccessController(appUID); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "something", + "*", + "autoinvocation", + new UserSecuritySettingsImpl("Application Auto Invocation", + UserSecuritySettings.BLANKET_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE, + UserSecuritySettings.SESSION_INTERACTION_MODE, + UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE}))); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.HttpProtocolPermissionImpl", + "http://", + null, + new UserSecuritySettingsImpl("Net Access", + UserSecuritySettings.SESSION_INTERACTION_MODE, + new int[] { UserSecuritySettings.BLANKET_INTERACTION_MODE, + UserSecuritySettings.NO_INTERACTION_MODE}))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + ac.checkPermission(new HttpProtocolPermissionImpl("http://", "\n(choose ALLOW)")); + Vector readPermissions = storage.readGrantedPermissions(appUID); + boolean success = false; + for(int i=0; i this fails + // test sequential instances of the ui: show an error, destroy the ui for the error, show security prompt, destroy ui for security prompt + ui = RuntimeUiFactory.getRuntimeUi(); + exc = new ExceptionBase( + new SecurityErrorMessage(), + SecurityErrorMessage.CERT_NOT_AVAILABLE, + null, + new SecurityDetailedErrorMessage(), + SecurityDetailedErrorMessage.CERT_DISABLED, + null); + ui.error("myMIDlet", exc); + ui.destroy(); + ac = AccessControllerFactoryImpl.getAccessController(appUID, appName); + PermissionResolver.testClearCache(); + grantedPermissions = new Vector(); + grantedPermissions.addElement(new PolicyBasedPermissionImpl( + "com.nokia.mj.impl.security.midp.authorization.FileProtocolPermissionImpl", + "file://*", + "read", + new UserSecuritySettingsImpl("Low Level Net Access", + UserSecuritySettings.ONESHOT_INTERACTION_MODE, + new int[] { UserSecuritySettings.ONESHOT_INTERACTION_MODE}))); + storage.removeGrantedPermissions(appUID); + storage.writeGrantedPermissions(appUID, null, grantedPermissions); + ac.checkPermission(new FileProtocolPermissionImpl("file://somepath/somesub-path/somefile.someextension", "\n(choose ALLOW)")); + AccessControllerFactoryImpl.destroyAccessController(appUID);*/ + session.remove(StorageNames.MIDP_PACKAGE_TABLE, appUID); + PermissionMappingTable.setMappingTable(IMPL_PERMISSION_MAPPING_TABLE); + SecurityPolicyModule.policiesDir = TEST_DATA_DIR + "securitypolicies" + System.getProperty("file.separator"); + } +}