View Javadoc

1   package org.eclipse.jetty.policy.entry;
2   //========================================================================
3   //Copyright (c) Webtide LLC
4   //------------------------------------------------------------------------
5   //All rights reserved. This program and the accompanying materials
6   //are made available under the terms of the Eclipse Public License v1.0
7   //and Apache License v2.0 which accompanies this distribution.
8   //
9   //The Eclipse Public License is available at
10  //http://www.eclipse.org/legal/epl-v10.html
11  //
12  //The Apache License v2.0 is available at
13  //http://www.apache.org/licenses/LICENSE-2.0.txt
14  //
15  //You may elect to redistribute this code under either of these licenses.
16  //========================================================================
17  
18  import java.net.URI;
19  import java.net.URL;
20  import java.security.CodeSource;
21  import java.security.KeyStore;
22  import java.security.KeyStoreException;
23  import java.security.PermissionCollection;
24  import java.security.Permissions;
25  import java.security.Principal;
26  import java.security.cert.Certificate;
27  import java.util.Collection;
28  import java.util.HashSet;
29  import java.util.Iterator;
30  import java.util.Set;
31  import java.util.StringTokenizer;
32  
33  import org.eclipse.jetty.policy.PolicyContext;
34  import org.eclipse.jetty.policy.PolicyException;
35  
36  public class GrantEntry extends AbstractEntry
37  {
38  
39      /**
40       * The signers part of grant clause. This is a comma-separated list of certificate aliases.
41       */
42      private String signers;
43  
44      /**
45       * The codebase part of grant clause. This is an URL from which code originates.
46       */
47      private String codebase;
48  
49      /**
50       * Collection of PrincipalEntries of grant clause.
51       */
52      private Collection<PrincipalEntry> principalNodes;
53  
54      /**
55       * Collection of PermissionEntries of grant clause.
56       */
57      private Collection<PermissionEntry> permissionNodes;
58  
59      // cached permissions
60      private PermissionCollection permissions;
61      private Certificate[] signerArray;
62      private CodeSource codesource;
63      private Principal[] principals;
64      
65      /**
66       * Adds specified element to the <code>principals</code> collection. If collection does not exist yet, creates a
67       * new one.
68       */
69      public void addPrincipal( PrincipalEntry pe )
70      {
71          if ( principalNodes == null )
72          {
73              principalNodes = new HashSet<PrincipalEntry>();
74          }
75          principalNodes.add( pe );
76      }
77  
78      public void expand( PolicyContext context ) throws PolicyException
79      {
80          if ( signers != null )
81          {
82              signerArray = resolveToCertificates( context.getKeystore(), signers );  // TODO alter to support self:: etc
83          }
84          codebase = context.evaluate( codebase );
85          
86          if ( principalNodes != null )
87          {
88              Set<Principal> principalSet = new HashSet<Principal>();
89              for ( Iterator<PrincipalEntry> i = principalNodes.iterator(); i.hasNext(); )
90              {
91                  PrincipalEntry node = i.next();
92                  node.expand( context );
93                  principalSet.add( node.toPrincipal( context ) );
94              }
95              principals = principalSet.toArray( new Principal[principalSet.size()] );
96          }
97          
98          context.setPrincipals( principals );
99          permissions = new Permissions();
100         for ( Iterator<PermissionEntry> i = permissionNodes.iterator(); i.hasNext(); )
101         {
102             PermissionEntry node = i.next();
103             node.expand( context );
104             permissions.add( node.toPermission() );
105         }
106         context.setPrincipals( null );
107         
108         setExpanded( true );
109     }    
110     
111     public PermissionCollection getPermissions() throws PolicyException
112     {
113         return permissions;
114     }    
115     
116     public Principal[] getPrincipals() throws PolicyException
117     {
118         return principals;
119     }
120     
121     public CodeSource getCodeSource() throws PolicyException
122     {
123         if ( !isExpanded() )
124         {
125             throw new PolicyException("GrantNode needs to be expanded.");
126         }
127         
128         try
129         {
130             if ( codesource == null && codebase != null )
131             {
132                 URL url = new URI( codebase ).toURL();
133                 codesource = new CodeSource( url, signerArray );
134             }
135 
136             return codesource;
137         }
138         catch ( Exception e )
139         {
140             throw new PolicyException( e );
141         }
142     }
143     
144     /**
145      * resolve signers into an array of certificates using a given keystore
146      * 
147      * @param keyStore
148      * @param signers
149      * @return
150      * @throws Exception
151      */
152     private Certificate[] resolveToCertificates( KeyStore keyStore, String signers ) throws PolicyException
153     {               
154         if ( keyStore == null )
155         {
156             Certificate[] certs = null;
157             return certs;
158         }
159                 
160         Set<Certificate> certificateSet = new HashSet<Certificate>();       
161         StringTokenizer strTok = new StringTokenizer( signers, ",");
162         
163         for ( int i = 0; strTok.hasMoreTokens(); ++i )
164         {
165             try
166             {               
167                 Certificate certificate = keyStore.getCertificate( strTok.nextToken().trim() );
168                 
169                 if ( certificate != null )
170                 {
171                     certificateSet.add( certificate );
172                 }               
173             }
174             catch ( KeyStoreException kse )
175             {
176                 throw new PolicyException( kse );
177             }
178         }
179         
180         return certificateSet.toArray( new Certificate[certificateSet.size()] );
181     }
182     
183 
184     public void setSigners( String signers )
185     {
186         this.signers = signers;
187     }
188 
189     public void setCodebase( String codebase )
190     {
191         this.codebase = codebase;
192     }
193 
194     public void setPrincipals( Collection<PrincipalEntry> principals )
195     {
196         this.principalNodes = principals;
197     }
198 
199     public void setPermissions( Collection<PermissionEntry> permissions )
200     {
201         this.permissionNodes = permissions;
202     }
203 
204     
205     
206 }