View Javadoc

1   package org.eclipse.jetty.policy;
2   //========================================================================
3   //Copyright (c) Webtide LLC
4   //------------------------------------------------------------------------
5   //All rights reserved. This program and the accompanying materials
6   //are made available under the terms of the Eclipse Public License v1.0
7   //and Apache License v2.0 which accompanies this distribution.
8   //
9   //The Eclipse Public License is available at
10  //http://www.eclipse.org/legal/epl-v10.html
11  //
12  //The Apache License v2.0 is available at
13  //http://www.apache.org/licenses/LICENSE-2.0.txt
14  //
15  //You may elect to redistribute this code under either of these licenses.
16  //========================================================================
17  
18  import java.security.KeyStore;
19  import java.security.Principal;
20  import java.security.cert.Certificate;
21  import java.security.cert.X509Certificate;
22  import java.util.HashMap;
23  import java.util.Map;
24  
25  public class PolicyContext
26  {
27      private Map<String, String> properties = new HashMap<String, String>();
28      
29      private Principal[] principals;
30      private KeyStore keystore;
31      
32      public void addProperty( String name, String value )
33      {
34          this.properties.put( name, value );
35      }
36      
37      public void setProperties( Map<String,String> properties )
38      {
39          this.properties = properties;
40      }
41  
42      public KeyStore getKeystore()
43      {
44          return keystore;
45      }
46  
47      public void setKeystore( KeyStore keystore )
48      {
49          this.keystore = keystore;
50      }  
51  
52      public Principal[] getPrincipals()
53      {
54          return principals;
55      }
56  
57      public void setPrincipals( Principal[] principals )
58      {
59          this.principals = principals;
60      }
61  
62      public String evaluate(String s) throws PolicyException
63      {       
64          s = processProtocols( s );
65          
66          int i1=0;
67          int i2=0;
68  
69          while (s!=null)
70          {
71              i1=s.indexOf("${",i2);
72              if (i1<0)
73              {
74                  break;
75              }
76              
77              i2=s.indexOf("}",i1+2);
78              if (i2<0)
79              {
80                  break;
81              }
82       
83              String property=getProperty(s.substring(i1+2,i2));
84         
85              s=s.substring(0,i1)+property+s.substring(i2+1);
86          }
87          
88          return s;
89      }
90      
91      private String processProtocols( String s ) throws PolicyException
92      {
93          int i1=0;
94          int i2=0;
95  
96          while (s!=null)
97          {
98              i1=s.indexOf("${{",i2);
99              if (i1<0)
100             {
101                 break;
102             }
103             
104             i2=s.indexOf("}}",i1+2);
105             if (i2<0)
106             {
107                 break;
108             }
109      
110             String property;
111             String target = s.substring(i1+3,i2);
112             
113             if ( target.indexOf( ":" ) >= 0 )
114             {
115                 String[] resolve = target.split( ":" );
116                 property = resolve(resolve[0], resolve[1] );
117             }
118             else
119             {
120                 property = resolve( target, null );
121             }
122             s=s.substring(0,i1)+property+s.substring(i2+2);
123         }
124         
125         return s;
126     }
127     
128     
129     private String getProperty(String name)
130     {       
131         if (properties.containsKey(name))
132         {
133             return properties.get(name);
134         }
135         
136         return System.getProperty(name);
137     }
138     
139     private String resolve( String protocol, String data ) throws PolicyException
140     {
141 
142         if ( "self".equals( protocol ) ) { //$NON-NLS-1$
143             // need expanding to list of principals in grant clause
144             if ( principals != null && principals.length != 0 )
145             {
146                 StringBuilder sb = new StringBuilder();
147                 for ( int i = 0; i < principals.length; ++i )
148                 {
149                     sb.append( principals[i].getClass().getName() );
150                     sb.append( " \"" );
151                     sb.append( principals[i].getName() );
152                     sb.append( "\" " );
153                 }
154                 return sb.toString();
155             }
156             else
157             {
158                 throw new PolicyException( "self can not be expanded, missing principals" );
159             }
160         }
161         if ( "alias".equals( protocol ) ) 
162         { 
163             try
164             {
165                  Certificate cert = keystore.getCertificate(data);
166                
167                  if ( cert instanceof X509Certificate )
168                  {
169                      Principal principal = ((X509Certificate) cert).getSubjectX500Principal(); 
170                      StringBuilder sb = new StringBuilder();
171                      sb.append( principal.getClass().getName() );
172                      sb.append( " \"" );
173                      sb.append( principal.getName() );
174                      sb.append( "\" " );
175                      return sb.toString();
176                  }
177                  else
178                  {
179                      throw new PolicyException( "alias can not be expanded, bad cert" );
180                  }
181             }
182             catch ( Exception e )
183             {
184                 throw new PolicyException( "alias can not be expanded: " + data );
185             }
186         }
187         throw new PolicyException( "unknown protocol: " + protocol );
188     }    
189 }