View Javadoc

1   package org.eclipse.jetty.policy.entry;
2   //========================================================================
3   //Copyright (c) Webtide LLC
4   //------------------------------------------------------------------------
5   //All rights reserved. This program and the accompanying materials
6   //are made available under the terms of the Eclipse Public License v1.0
7   //and Apache License v2.0 which accompanies this distribution.
8   //
9   //The Eclipse Public License is available at
10  //http://www.eclipse.org/legal/epl-v10.html
11  //
12  //The Apache License v2.0 is available at
13  //http://www.apache.org/licenses/LICENSE-2.0.txt
14  //
15  //You may elect to redistribute this code under either of these licenses.
16  //========================================================================
17  
18  import java.lang.reflect.Constructor;
19  import java.security.KeyStore;
20  import java.security.KeyStoreException;
21  import java.security.Permission;
22  import java.security.cert.Certificate;
23  import java.util.HashSet;
24  import java.util.Set;
25  import java.util.StringTokenizer;
26  
27  import org.eclipse.jetty.policy.PolicyContext;
28  import org.eclipse.jetty.policy.PolicyException;
29  
30  public class PermissionEntry extends AbstractEntry
31  {
32      /**
33       * The classname part of permission clause.
34       */
35      private String klass;
36  
37      /**
38       * The name part of permission clause.
39       */
40      private String name;
41  
42      /**
43       * The actions part of permission clause.
44       */
45      private String actions;
46  
47      /**
48       * The signers part of permission clause. This is a comma-separated list of certificate aliases.
49       */
50      private String signers;
51      
52      
53      private Certificate[] signerArray;
54      
55      public Permission toPermission() throws PolicyException
56      {
57          try
58          {
59              Class<?> clazz = Class.forName(klass);
60              
61              if ( signerArray != null && !validate( signerArray, (Certificate[])clazz.getSigners() ) )
62              {
63                  throw new PolicyException( "Unvalidated Permissions: " + klass + "/" + name );
64              }
65              
66              Permission permission = null;
67  
68              if ( name == null && actions == null )
69              {
70                  permission = (Permission) clazz.newInstance();
71              }
72              else if ( name != null && actions == null )
73              {
74                  Constructor<?> c = clazz.getConstructor(new Class[]
75                  { String.class });
76                  permission = (Permission) c.newInstance( name );
77              }
78              else if ( name != null && actions != null )
79              {
80                  Constructor<?> c = clazz.getConstructor(new Class[]
81                  { String.class, String.class });
82                  permission = (Permission) c.newInstance( name, actions );
83              }
84            
85              return permission;    
86          }
87          catch ( Exception e )
88          {
89              throw new PolicyException( e );
90          }
91      }
92      
93      @Override
94      public void expand( PolicyContext context ) throws PolicyException
95      {
96          if ( name != null )
97          {
98              name = context.evaluate( name ).trim();
99          }
100         
101         if ( actions != null )
102         {
103             actions = context.evaluate( actions ).trim();
104         }
105         
106         if ( signers != null )
107         {
108             signerArray = resolveCertificates( context.getKeystore(), signers );
109         }
110         
111         setExpanded( true );
112     }
113     
114     /**
115      * validate that all permission certs are present in the class certs
116      * 
117      * @param permCerts
118      * @param classCerts
119      * @return true if the permissions match up
120      */
121     private static boolean validate( Certificate[] permCerts, Certificate[] classCerts )
122     {
123         if ( classCerts == null )
124         {
125             return false;
126         }
127         
128         for ( int i = 0; i < permCerts.length; ++i )
129         {
130             boolean found = false;           
131             for ( int j = 0; j < classCerts.length; ++j )
132             {
133                 if ( permCerts[i].equals( classCerts[j] ) )
134                 {
135                     found = true;
136                     break;
137                 }
138             }
139             // if we didn't find the permCert in the classCerts then we don't match up
140             if ( found == false )
141             {
142                 return false;
143             }
144         }
145         
146         // we found all the permCerts in classCerts so return true
147         return true;
148     }
149     
150     private static Certificate[] resolveCertificates( KeyStore keyStore, String signers ) throws PolicyException
151     {               
152         if ( keyStore == null )
153         {
154             Certificate[] certs = null;
155             return certs;
156         }
157                 
158         Set<Certificate> certificateSet = new HashSet<Certificate>();       
159         StringTokenizer strTok = new StringTokenizer( signers, ",");
160         
161         for ( int i = 0; strTok.hasMoreTokens(); ++i )
162         {
163             try
164             {               
165                 Certificate certificate = keyStore.getCertificate( strTok.nextToken().trim() );
166                 
167                 if ( certificate != null )
168                 {
169                     certificateSet.add( certificate );
170                 }               
171             }
172             catch ( KeyStoreException kse )
173             {
174                 throw new PolicyException( kse );
175             }
176         }
177         
178         return certificateSet.toArray( new Certificate[certificateSet.size()]);
179     }
180 
181     public String getKlass()
182     {
183         return klass;
184     }
185 
186     public void setKlass( String klass )
187     {
188         this.klass = klass;
189     }
190 
191     public String getName()
192     {
193         return name;
194     }
195 
196     public void setName( String name )
197     {
198         this.name = name;
199     }
200 
201     public String getActions()
202     {
203         return actions;
204     }
205 
206     public void setActions( String actions )
207     {
208         this.actions = actions;
209     }
210 
211     public String getSigners()
212     {
213         return signers;
214     }
215 
216     public void setSigners( String signers )
217     {
218         this.signers = signers;
219     }
220     
221     
222     
223 }