Package

Source Code of BootstrapAttack

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements.  See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
*      http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/* @test
* @bug 4398973
*
* @summary test that code downloading is disabled for registry
* @author Bob Scheifler
*
* @library ../../../../../testlibrary
* @build TestLibrary RMID
* @build BootstrapAttack
* @build Foo
* @run shell classpath.sh main/othervm/policy=security.policy/timeout=240 BootstrapAttack
*/
import java.lang.reflect.Method;
import java.net.URL;
import java.net.URLClassLoader;
import java.rmi.ServerException;
import java.rmi.UnmarshalException;
import java.rmi.activation.ActivationSystem;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.RemoteObject;
import java.rmi.server.RemoteRef;

public class BootstrapAttack {
    /** Method hash for Registry.lookup */
    private static long LOOKUP = -7538657168040752697L;

    /**
     * Check that the ServerException contains an UnmarshalException
     * that contains a ClassNotFoundException with detail "Foo".
     */
    private static void check(ServerException e) throws ServerException {
  if (e.detail instanceof UnmarshalException) {
      Throwable t = ((UnmarshalException) e.detail).detail;
      if (t instanceof ClassNotFoundException &&
    "Foo".equals(t.getMessage()))
      {
    return;
      }
  }
  throw e;
    }

    public static void main(String[] args) throws Exception {
  if (System.getSecurityManager() == null) {
      System.setSecurityManager(new SecurityManager());
  }
  URL remoteCodebase =
      TestLibrary.installClassInCodebase("Foo", "remote_codebase");
  ClassLoader remoteLoader =
      URLClassLoader.newInstance(new URL[]{remoteCodebase});
  Object foo = remoteLoader.loadClass("Foo").newInstance();
  RMID.removeLog();
  RMID rmid = RMID.createRMID();
  rmid.start();
  try {
      RemoteObject stub = (RemoteObject)
    LocateRegistry.getRegistry(ActivationSystem.SYSTEM_PORT);
      Method method =
    Registry.class.getMethod("lookup", new Class[]{String.class});
      RemoteRef ref = stub.getRef();
      try {
    // call lookup() on the registry ref with a Foo
    ref.invoke(stub, method, new Object[]{foo}, LOOKUP);
    throw new RuntimeException("lookup did not fail");
      } catch (ServerException e) {
    check(e);
      }
  } finally {
      ActivationLibrary.rmidCleanup(rmid);
  }
    }
}
TOP

Related Classes of BootstrapAttack

  • java.lang.reflect.Method
  • java.rmi.server.RemoteObject
  • java.rmi.server.RemoteRef
  • java.net.URL
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.