1 package org.eclipse.jetty.policy.entry;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 import java.lang.reflect.Constructor;
19 import java.security.KeyStore;
20 import java.security.KeyStoreException;
21 import java.security.Permission;
22 import java.security.cert.Certificate;
23 import java.util.HashSet;
24 import java.util.Set;
25 import java.util.StringTokenizer;
26
27 import org.eclipse.jetty.policy.PolicyContext;
28 import org.eclipse.jetty.policy.PolicyException;
29
30 public class PermissionEntry extends AbstractEntry
31 {
32
33
34
35 private String klass;
36
37
38
39
40 private String name;
41
42
43
44
45 private String actions;
46
47
48
49
50 private String signers;
51
52
53 private Certificate[] signerArray;
54
55 public Permission toPermission() throws PolicyException
56 {
57 try
58 {
59 Class<?> clazz = Class.forName(klass);
60
61 if ( signerArray != null && !validate( signerArray, (Certificate[])clazz.getSigners() ) )
62 {
63 throw new PolicyException( "Unvalidated Permissions: " + klass + "/" + name );
64 }
65
66 Permission permission = null;
67
68 if ( name == null && actions == null )
69 {
70 permission = (Permission) clazz.newInstance();
71 }
72 else if ( name != null && actions == null )
73 {
74 Constructor<?> c = clazz.getConstructor(new Class[]
75 { String.class });
76 permission = (Permission) c.newInstance( name );
77 }
78 else if ( name != null && actions != null )
79 {
80 Constructor<?> c = clazz.getConstructor(new Class[]
81 { String.class, String.class });
82 permission = (Permission) c.newInstance( name, actions );
83 }
84
85 return permission;
86 }
87 catch ( Exception e )
88 {
89 throw new PolicyException( e );
90 }
91 }
92
93 @Override
94 public void expand( PolicyContext context ) throws PolicyException
95 {
96 if ( name != null )
97 {
98 name = context.evaluate( name ).trim();
99 }
100
101 if ( actions != null )
102 {
103 actions = context.evaluate( actions ).trim();
104 }
105
106 if ( signers != null )
107 {
108 signerArray = resolveCertificates( context.getKeystore(), signers );
109 }
110
111 setExpanded( true );
112 }
113
114
115
116
117
118
119
120
121 private static boolean validate( Certificate[] permCerts, Certificate[] classCerts )
122 {
123 if ( classCerts == null )
124 {
125 return false;
126 }
127
128 for ( int i = 0; i < permCerts.length; ++i )
129 {
130 boolean found = false;
131 for ( int j = 0; j < classCerts.length; ++j )
132 {
133 if ( permCerts[i].equals( classCerts[j] ) )
134 {
135 found = true;
136 break;
137 }
138 }
139
140 if ( found == false )
141 {
142 return false;
143 }
144 }
145
146
147 return true;
148 }
149
150 private static Certificate[] resolveCertificates( KeyStore keyStore, String signers ) throws PolicyException
151 {
152 if ( keyStore == null )
153 {
154 Certificate[] certs = null;
155 return certs;
156 }
157
158 Set<Certificate> certificateSet = new HashSet<Certificate>();
159 StringTokenizer strTok = new StringTokenizer( signers, ",");
160
161 for ( int i = 0; strTok.hasMoreTokens(); ++i )
162 {
163 try
164 {
165 Certificate certificate = keyStore.getCertificate( strTok.nextToken().trim() );
166
167 if ( certificate != null )
168 {
169 certificateSet.add( certificate );
170 }
171 }
172 catch ( KeyStoreException kse )
173 {
174 throw new PolicyException( kse );
175 }
176 }
177
178 return certificateSet.toArray( new Certificate[certificateSet.size()]);
179 }
180
181 public String getKlass()
182 {
183 return klass;
184 }
185
186 public void setKlass( String klass )
187 {
188 this.klass = klass;
189 }
190
191 public String getName()
192 {
193 return name;
194 }
195
196 public void setName( String name )
197 {
198 this.name = name;
199 }
200
201 public String getActions()
202 {
203 return actions;
204 }
205
206 public void setActions( String actions )
207 {
208 this.actions = actions;
209 }
210
211 public String getSigners()
212 {
213 return signers;
214 }
215
216 public void setSigners( String signers )
217 {
218 this.signers = signers;
219 }
220
221
222
223 }