instrument MailToURLConnection

Author: ldematte

libs/entitlement/bridge/src/main/java/org/elasticsearch/entitlement/bridge/EntitlementChecker.java

@@ -371,6 +371,10 @@ public interface EntitlementChecker {
 
     void check$sun_net_www_URLConnection$getContentLength(Class<?> callerClass, java.net.URLConnection that);
 
+    void check$sun_net_www_protocol_mailto_MailToURLConnection$connect(Class<?> callerClass, java.net.URLConnection that);
+
+    void check$sun_net_www_protocol_mailto_MailToURLConnection$getOutputStream(Class<?> callerClass, java.net.URLConnection that);
+
     // Network miscellanea
 
     // HttpClient#send and sendAsync are abstract, so we instrument their internal implementations

libs/entitlement/qa/entitled-plugin/src/main/java/org/elasticsearch/entitlement/qa/entitled/EntitledActions.java

@@ -13,6 +13,7 @@
 
 import java.io.IOException;
 import java.net.URI;
+import java.net.URISyntaxException;
 import java.net.URLConnection;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -63,4 +64,8 @@ public static Path createTempSymbolicLink() throws IOException {
     public static URLConnection createHttpURLConnection() throws IOException {
         return URI.create("http://127.0.0.1:12345/").toURL().openConnection();
     }
+
+    public static URLConnection createMailToURLConnection() throws URISyntaxException, IOException {
+        return new URI("mailto", "[email protected]", null).toURL().openConnection();
+    }
 }

libs/entitlement/qa/entitlement-test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/URLConnectionNetworkActions.java

@@ -79,6 +79,17 @@ private static void withJdkHttpConnection(CheckedConsumer<HttpURLConnection, Exc
         }
     }
 
+    private static void withJdkMailToConnection(CheckedConsumer<URLConnection, Exception> connectionConsumer) throws Exception {
+        var conn = EntitledActions.createMailToURLConnection();
+        // Be sure we got the connection implementation we want
+        assert conn.getClass().getSimpleName().equals("MailToURLConnection");
+        try {
+            connectionConsumer.accept(conn);
+        } catch (IOException e) {
+            // It's OK, it means we passed entitlement checks, and we tried to perform some IO
+        }
+    }
+
     @EntitlementTest(expectedAccess = PLUGINS)
     static void urlOpenConnection() throws Exception {
         URI.create("http://127.0.0.1:12345/").toURL().openConnection();
@@ -218,4 +229,14 @@ static void baseUrlConnectionGetContentWithClasses() throws Exception {
     static void sunHttpConnectionGetContentWithClasses() throws Exception {
         withJdkHttpConnection(conn -> conn.getContent(new Class<?>[] { String.class }));
     }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunMailToURLConnectionConnect() throws Exception {
+        withJdkMailToConnection(URLConnection::connect);
+    }
+
+    @EntitlementTest(expectedAccess = PLUGINS)
+    static void sunMailToURLConnectionGetOutputStream() throws Exception {
+        withJdkMailToConnection(URLConnection::connect);
+    }
 }

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/api/ElasticsearchEntitlementChecker.java

@@ -835,6 +835,16 @@ private static boolean isNetworkUrlConnection(java.net.URLConnection urlConnecti
         }
     }
 
+    @Override
+    public void check$sun_net_www_protocol_mailto_MailToURLConnection$connect(Class<?> callerClass, java.net.URLConnection that) {
+        policyManager.checkOutboundNetworkAccess(callerClass);
+    }
+
+    @Override
+    public void check$sun_net_www_protocol_mailto_MailToURLConnection$getOutputStream(Class<?> callerClass, java.net.URLConnection that) {
+        policyManager.checkOutboundNetworkAccess(callerClass);
+    }
+
     @Override
     public void check$jdk_internal_net_http_HttpClientImpl$send(
         Class<?> callerClass,