1 package org.eclipse.jetty.policy.entry;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 import java.net.URI;
19 import java.net.URL;
20 import java.security.CodeSource;
21 import java.security.KeyStore;
22 import java.security.KeyStoreException;
23 import java.security.PermissionCollection;
24 import java.security.Permissions;
25 import java.security.Principal;
26 import java.security.cert.Certificate;
27 import java.util.Collection;
28 import java.util.HashSet;
29 import java.util.Iterator;
30 import java.util.Set;
31 import java.util.StringTokenizer;
32
33 import org.eclipse.jetty.policy.PolicyContext;
34 import org.eclipse.jetty.policy.PolicyException;
35
36 public class GrantEntry extends AbstractEntry
37 {
38
39
40
41
42 private String signers;
43
44
45
46
47 private String codebase;
48
49
50
51
52 private Collection<PrincipalEntry> principalNodes;
53
54
55
56
57 private Collection<PermissionEntry> permissionNodes;
58
59
60 private PermissionCollection permissions;
61 private Certificate[] signerArray;
62 private CodeSource codesource;
63 private Principal[] principals;
64
65
66
67
68
69 public void addPrincipal( PrincipalEntry pe )
70 {
71 if ( principalNodes == null )
72 {
73 principalNodes = new HashSet<PrincipalEntry>();
74 }
75 principalNodes.add( pe );
76 }
77
78 public void expand( PolicyContext context ) throws PolicyException
79 {
80 if ( signers != null )
81 {
82 signerArray = resolveToCertificates( context.getKeystore(), signers );
83 }
84 codebase = context.evaluate( codebase );
85
86 if ( principalNodes != null )
87 {
88 Set<Principal> principalSet = new HashSet<Principal>();
89 for ( Iterator<PrincipalEntry> i = principalNodes.iterator(); i.hasNext(); )
90 {
91 PrincipalEntry node = i.next();
92 node.expand( context );
93 principalSet.add( node.toPrincipal( context ) );
94 }
95 principals = principalSet.toArray( new Principal[principalSet.size()] );
96 }
97
98 context.setPrincipals( principals );
99 permissions = new Permissions();
100 for ( Iterator<PermissionEntry> i = permissionNodes.iterator(); i.hasNext(); )
101 {
102 PermissionEntry node = i.next();
103 node.expand( context );
104 permissions.add( node.toPermission() );
105 }
106 context.setPrincipals( null );
107
108 setExpanded( true );
109 }
110
111 public PermissionCollection getPermissions() throws PolicyException
112 {
113 return permissions;
114 }
115
116 public Principal[] getPrincipals() throws PolicyException
117 {
118 return principals;
119 }
120
121 public CodeSource getCodeSource() throws PolicyException
122 {
123 if ( !isExpanded() )
124 {
125 throw new PolicyException("GrantNode needs to be expanded.");
126 }
127
128 try
129 {
130 if ( codesource == null && codebase != null )
131 {
132 URL url = new URI( codebase ).toURL();
133 codesource = new CodeSource( url, signerArray );
134 }
135
136 return codesource;
137 }
138 catch ( Exception e )
139 {
140 throw new PolicyException( e );
141 }
142 }
143
144
145
146
147
148
149
150
151
152 private Certificate[] resolveToCertificates( KeyStore keyStore, String signers ) throws PolicyException
153 {
154 if ( keyStore == null )
155 {
156 Certificate[] certs = null;
157 return certs;
158 }
159
160 Set<Certificate> certificateSet = new HashSet<Certificate>();
161 StringTokenizer strTok = new StringTokenizer( signers, ",");
162
163 for ( int i = 0; strTok.hasMoreTokens(); ++i )
164 {
165 try
166 {
167 Certificate certificate = keyStore.getCertificate( strTok.nextToken().trim() );
168
169 if ( certificate != null )
170 {
171 certificateSet.add( certificate );
172 }
173 }
174 catch ( KeyStoreException kse )
175 {
176 throw new PolicyException( kse );
177 }
178 }
179
180 return certificateSet.toArray( new Certificate[certificateSet.size()] );
181 }
182
183
184 public void setSigners( String signers )
185 {
186 this.signers = signers;
187 }
188
189 public void setCodebase( String codebase )
190 {
191 this.codebase = codebase;
192 }
193
194 public void setPrincipals( Collection<PrincipalEntry> principals )
195 {
196 this.principalNodes = principals;
197 }
198
199 public void setPermissions( Collection<PermissionEntry> permissions )
200 {
201 this.permissionNodes = permissions;
202 }
203
204
205
206 }