instrument sun HttpsURLConnection classes

Author: ldematte

libs/entitlement/bridge/src/main/java/org/elasticsearch/entitlement/bridge/EntitlementChecker.java

@@ -410,6 +410,119 @@ public interface EntitlementChecker {
 
     void check$sun_net_www_protocol_http_HttpURLConnection$getHeaderFieldKey(Class<?> callerClass, java.net.HttpURLConnection that, int n);
 
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$connect(Class<?> callerClass, javax.net.ssl.HttpsURLConnection that);
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getOutputStream(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getInputStream(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getErrorStream(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getHeaderField(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that,
+        String name
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getHeaderFields(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getHeaderField(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that,
+        int n
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getHeaderFieldKey(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that,
+        int n
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getResponseCode(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getResponseMessage(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getContentLength(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getContentLengthLong(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getContentType(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getContentEncoding(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getExpiration(Class<?> callerClass, javax.net.ssl.HttpsURLConnection that);
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getDate(Class<?> callerClass, javax.net.ssl.HttpsURLConnection that);
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getLastModified(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getHeaderFieldInt(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that,
+        String name,
+        int defaultValue
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getHeaderFieldLong(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that,
+        String name,
+        long defaultValue
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getHeaderFieldDate(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that,
+        String name,
+        long defaultValue
+    );
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getContent(Class<?> callerClass, javax.net.ssl.HttpsURLConnection that);
+
+    void check$sun_net_www_protocol_https_HttpsURLConnectionImpl$getContent(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that,
+        Class<?>[] classes
+    );
+
+    void check$sun_net_www_protocol_https_AbstractDelegateHttpsURLConnection$connect(
+        Class<?> callerClass,
+        javax.net.ssl.HttpsURLConnection that
+    );
+
     // Network miscellanea
 
     // HttpClient#send and sendAsync are abstract, so we instrument their internal implementations

libs/entitlement/qa/entitled-plugin/src/main/java/org/elasticsearch/entitlement/qa/entitled/EntitledActions.java

@@ -64,6 +64,10 @@ public static URLConnection createHttpURLConnection() throws IOException {
         return URI.create("http://127.0.0.1:12345/").toURL().openConnection();
     }
 
+    public static URLConnection createHttpsURLConnection() throws IOException {
+        return URI.create("https://127.0.0.1:12345/").toURL().openConnection();
+    }
+
     public static URLConnection createFtpURLConnection() throws IOException {
         return URI.create("ftp://127.0.0.1:12345/").toURL().openConnection();
     }

libs/entitlement/qa/entitlement-test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/URLConnectionNetworkActions.java

@@ -25,6 +25,8 @@
 import java.net.URL;
 import java.net.URLConnection;
 
+import javax.net.ssl.HttpsURLConnection;
+
 import static org.elasticsearch.entitlement.qa.test.EntitlementTest.ExpectedAccess.PLUGINS;
 
 @SuppressWarnings("unused") // everything is called via reflection
@@ -79,6 +81,17 @@ private static void withJdkHttpConnection(CheckedConsumer<HttpURLConnection, Exc
         }
     }
 
+    private static void withJdkHttpsConnection(CheckedConsumer<HttpsURLConnection, Exception> connectionConsumer) throws Exception {
+        var conn = EntitledActions.createHttpsURLConnection();
+        // Be sure we got the connection implementation we want
+        assert HttpsURLConnection.class.isAssignableFrom(conn.getClass());
+        try {
+            connectionConsumer.accept((HttpsURLConnection) conn);
+        } catch (java.net.ConnectException e) {
+            // It's OK, it means we passed entitlement checks, and we tried to connect
+        }
+    }
+
     private static void withJdkFtpConnection(CheckedConsumer<URLConnection, Exception> connectionConsumer) throws Exception {
         var conn = EntitledActions.createFtpURLConnection();
         // Be sure we got the connection implementation we want
@@ -302,4 +315,118 @@ static void sunHttpURLConnectionGetHeaderFieldWithIndex() throws Exception {
     static void sunHttpURLConnectionGetHeaderFieldKey() throws Exception {
         withJdkHttpConnection(conn -> conn.getHeaderFieldKey(0));
     }
+
+    // https
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplConnect() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::connect);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetOutputStream() throws Exception {
+        withJdkHttpsConnection(httpsURLConnection -> {
+            httpsURLConnection.setDoOutput(true);
+            httpsURLConnection.getOutputStream();
+        });
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetInputStream() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getInputStream);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetErrorStream() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getErrorStream);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetHeaderFieldWithName() throws Exception {
+        withJdkHttpsConnection(httpsURLConnection -> httpsURLConnection.getHeaderField("date"));
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetHeaderFields() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getHeaderFields);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetHeaderFieldWithIndex() throws Exception {
+        withJdkHttpsConnection(httpsURLConnection -> httpsURLConnection.getHeaderField(0));
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetHeaderFieldKey() throws Exception {
+        withJdkHttpsConnection(httpsURLConnection -> httpsURLConnection.getHeaderFieldKey(0));
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetResponseCode() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getResponseCode);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetResponseMessage() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getResponseMessage);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetContentLength() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getContentLength);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImpl$getContentLengthLong() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getContentLengthLong);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetContentType() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getContentType);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetContentEncoding() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getContentEncoding);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetExpiration() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getExpiration);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetDate() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getDate);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetLastModified() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getLastModified);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetHeaderFieldInt() throws Exception {
+        withJdkHttpsConnection(httpsURLConnection -> httpsURLConnection.getHeaderFieldInt("content-length", -1));
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetHeaderFieldLong() throws Exception {
+        withJdkHttpsConnection(httpsURLConnection -> httpsURLConnection.getHeaderFieldLong("content-length", -1));
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetHeaderFieldDate() throws Exception {
+        withJdkHttpsConnection(httpsURLConnection -> httpsURLConnection.getHeaderFieldDate("date", 0));
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetContent() throws Exception {
+        withJdkHttpsConnection(HttpsURLConnection::getContent);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunHttpsURLConnectionImplGetContentWithClasses() throws Exception {
+        withJdkHttpsConnection(httpsURLConnection -> httpsURLConnection.getContent(new Class<?>[] { String.class }));
+    }
 }