View Javadoc

1   package org.eclipse.jetty.policy;
2   //========================================================================
3   //Copyright (c) Webtide LLC
4   //------------------------------------------------------------------------
5   //All rights reserved. This program and the accompanying materials
6   //are made available under the terms of the Eclipse Public License v1.0
7   //and Apache License v2.0 which accompanies this distribution.
8   //
9   //The Eclipse Public License is available at
10  //http://www.eclipse.org/legal/epl-v10.html
11  //
12  //The Apache License v2.0 is available at
13  //http://www.apache.org/licenses/LICENSE-2.0.txt
14  //
15  //You may elect to redistribute this code under either of these licenses.
16  //========================================================================
17  
18  import java.io.File;
19  import java.security.KeyStore;
20  import java.security.Principal;
21  import java.security.cert.Certificate;
22  import java.security.cert.X509Certificate;
23  import java.util.HashMap;
24  import java.util.Map;
25  
26  public class PolicyContext
27  {
28      private Map<String, String> properties = new HashMap<String, String>();
29      
30      private Principal[] principals;
31      private KeyStore keystore;
32      
33      public PolicyContext()
34      {
35          // special property case for resolving ${/} to native separator
36          properties.put( "/", File.separator );
37      }
38      
39      public void addProperty( String name, String value )
40      {
41          this.properties.put( name, value );
42      }
43      
44      public void setProperties( Map<String,String> properties )
45      {
46          this.properties.putAll( properties );
47      }
48  
49      public KeyStore getKeystore()
50      {
51          return keystore;
52      }
53  
54      public void setKeystore( KeyStore keystore )
55      {
56          this.keystore = keystore;
57      }  
58  
59      public Principal[] getPrincipals()
60      {
61          return principals;
62      }
63  
64      public void setPrincipals( Principal[] principals )
65      {
66          this.principals = principals;
67      }
68  
69      public String evaluate(String s) throws PolicyException
70      {       
71          s = processProtocols( s );
72          
73          int i1=0;
74          int i2=0;
75  
76          while (s!=null)
77          {
78              i1=s.indexOf("${");
79              if (i1<0)
80              {
81                  break;
82              }
83              
84              i2=s.indexOf("}",i1+2);
85              if (i2<0)
86              {
87                  break;
88              }
89       
90              String property=getProperty(s.substring(i1+2,i2));
91         
92              s=s.substring(0,i1)+property+s.substring(i2+1);         
93          }
94          
95          return s;
96      }
97      
98      private String processProtocols( String s ) throws PolicyException
99      {
100         int i1=0;
101         int i2=0;
102 
103         while (s!=null)
104         {
105             i1=s.indexOf("${{");
106             if (i1<0)
107             {
108                 break;
109             }
110             
111             i2=s.indexOf("}}",i1+2);
112             if (i2<0)
113             {
114                 break;
115             }
116      
117             String property;
118             String target = s.substring(i1+3,i2);
119             
120             if ( target.indexOf( ":" ) >= 0 )
121             {
122                 String[] resolve = target.split( ":" );
123                 property = resolve(resolve[0], resolve[1] );
124             }
125             else
126             {
127                 property = resolve( target, null );
128             }
129             s=s.substring(0,i1)+property+s.substring(i2+2);
130         }
131         
132         return s;
133     }
134     
135     
136     private String getProperty(String name)
137     {       
138         if (properties.containsKey(name))
139         {
140             return properties.get(name);
141         }
142         
143         return System.getProperty(name);
144     }
145     
146     private String resolve( String protocol, String data ) throws PolicyException
147     {
148 
149         if ( "self".equals( protocol ) ) 
150         { 
151             // need expanding to list of principals in grant clause
152             if ( principals != null && principals.length != 0 )
153             {
154                 StringBuilder sb = new StringBuilder();
155                 for ( int i = 0; i < principals.length; ++i )
156                 {
157                     sb.append( principals[i].getClass().getName() );
158                     sb.append( " \"" );
159                     sb.append( principals[i].getName() );
160                     sb.append( "\" " );
161                 }
162                 return sb.toString();
163             }
164             else
165             {
166                 throw new PolicyException( "self can not be expanded, missing principals" );
167             }
168         }
169         if ( "alias".equals( protocol ) ) 
170         { 
171             try
172             {
173                  Certificate cert = keystore.getCertificate(data);
174                
175                  if ( cert instanceof X509Certificate )
176                  {
177                      Principal principal = ((X509Certificate) cert).getSubjectX500Principal(); 
178                      StringBuilder sb = new StringBuilder();
179                      sb.append( principal.getClass().getName() );
180                      sb.append( " \"" );
181                      sb.append( principal.getName() );
182                      sb.append( "\" " );
183                      return sb.toString();
184                  }
185                  else
186                  {
187                      throw new PolicyException( "alias can not be expanded, bad cert" );
188                  }
189             }
190             catch ( Exception e )
191             {
192                 throw new PolicyException( "alias can not be expanded: " + data );
193             }
194         }
195         throw new PolicyException( "unknown protocol: " + protocol );
196     }    
197 }