GrantEntry xref

View Javadoc

1   package org.eclipse.jetty.policy.entry;
2   //========================================================================
3   //Copyright (c) Webtide LLC
4   //------------------------------------------------------------------------
5   //All rights reserved. This program and the accompanying materials
6   //are made available under the terms of the Eclipse Public License v1.0
7   //and Apache License v2.0 which accompanies this distribution.
8   //
9   //The Eclipse Public License is available at
10  //http://www.eclipse.org/legal/epl-v10.html
11  //
12  //The Apache License v2.0 is available at
13  //http://www.apache.org/licenses/LICENSE-2.0.txt
14  //
15  //You may elect to redistribute this code under either of these licenses.
16  //========================================================================
17  
18  import java.net.URL;
19  import java.security.CodeSource;
20  import java.security.KeyStore;
21  import java.security.KeyStoreException;
22  import java.security.PermissionCollection;
23  import java.security.Permissions;
24  import java.security.Principal;
25  import java.security.cert.Certificate;
26  import java.util.Collection;
27  import java.util.HashSet;
28  import java.util.Iterator;
29  import java.util.Set;
30  import java.util.StringTokenizer;
31  
32  import org.eclipse.jetty.policy.PolicyContext;
33  import org.eclipse.jetty.policy.PolicyException;
34  
35  public class GrantEntry extends AbstractEntry
36  {
37  
38      /**
39       * The signers part of grant clause. This is a comma-separated list of certificate aliases.
40       */
41      private String signers;
42  
43      /**
44       * The codebase part of grant clause. This is an URL from which code originates.
45       */
46      private String codebase;
47  
48      /**
49       * Collection of PrincipalEntries of grant clause.
50       */
51      private Collection<PrincipalEntry> principalNodes;
52  
53      /**
54       * Collection of PermissionEntries of grant clause.
55       */
56      private Collection<PermissionEntry> permissionNodes;
57  
58      // cached permissions
59      private PermissionCollection permissions;
60      private Certificate[] signerArray;
61      private CodeSource codesource;
62      private Principal[] principals;
63      
64      /**
65       * Adds specified element to the <code>principals</code> collection. If collection does not exist yet, creates a
66       * new one.
67       */
68      public void addPrincipal( PrincipalEntry pe )
69      {
70          if ( principalNodes == null )
71          {
72              principalNodes = new HashSet<PrincipalEntry>();
73          }
74          principalNodes.add( pe );
75      }
76  
77      public void expand( PolicyContext context ) throws PolicyException
78      {
79          if ( signers != null )
80          {
81              signerArray = resolveToCertificates( context.getKeystore(), signers );  // TODO alter to support self:: etc
82          }
83          codebase = context.evaluate( codebase );
84          
85          if ( principalNodes != null )
86          {
87              Set<Principal> principalSet = new HashSet<Principal>();
88              for ( Iterator<PrincipalEntry> i = principalNodes.iterator(); i.hasNext(); )
89              {
90                  PrincipalEntry node = i.next();
91                  node.expand( context );
92                  principalSet.add( node.toPrincipal( context ) );
93              }
94              principals = principalSet.toArray( new Principal[principalSet.size()] );
95          }
96          
97          context.setPrincipals( principals );
98          permissions = new Permissions();
99          for ( Iterator<PermissionEntry> i = permissionNodes.iterator(); i.hasNext(); )
100         {
101             PermissionEntry node = i.next();
102             node.expand( context );
103             permissions.add( node.toPermission() );
104         }
105         context.setPrincipals( null );
106         
107         setExpanded( true );
108     }    
109     
110     public PermissionCollection getPermissions() throws PolicyException
111     {
112         return permissions;
113     }    
114     
115     public Principal[] getPrincipals() throws PolicyException
116     {
117         return principals;
118     }
119     
120     public CodeSource getCodeSource() throws PolicyException
121     {
122         if ( !isExpanded() )
123         {
124             throw new PolicyException("GrantNode needs to be expanded.");
125         }
126         
127         try
128         {
129             if ( codesource == null && codebase != null )
130             {
131                 URL url = new URL( codebase );
132                 codesource = new CodeSource( url, signerArray );
133             }
134 
135             return codesource;
136         }
137         catch ( Exception e )
138         {
139             throw new PolicyException( e );
140         }
141     }
142     
143     /**
144      * resolve signers into an array of certificates using a given keystore
145      * 
146      * @param keyStore
147      * @param signers
148      * @return
149      * @throws Exception
150      */
151     private Certificate[] resolveToCertificates( KeyStore keyStore, String signers ) throws PolicyException
152     {               
153         if ( keyStore == null )
154         {
155             Certificate[] certs = null;
156             return certs;
157         }
158                 
159         Set<Certificate> certificateSet = new HashSet<Certificate>();       
160         StringTokenizer strTok = new StringTokenizer( signers, ",");
161         
162         for ( int i = 0; strTok.hasMoreTokens(); ++i )
163         {
164             try
165             {               
166                 Certificate certificate = keyStore.getCertificate( strTok.nextToken().trim() );
167                 
168                 if ( certificate != null )
169                 {
170                     certificateSet.add( certificate );
171                 }               
172             }
173             catch ( KeyStoreException kse )
174             {
175                 throw new PolicyException( kse );
176             }
177         }
178         
179         return certificateSet.toArray( new Certificate[certificateSet.size()] );
180     }
181     
182 
183     public void setSigners( String signers )
184     {
185         this.signers = signers;
186     }
187 
188     public void setCodebase( String codebase )
189     {
190         this.codebase = codebase;
191     }
192 
193     public void setPrincipals( Collection<PrincipalEntry> principals )
194     {
195         this.principalNodes = principals;
196     }
197 
198     public void setPermissions( Collection<PermissionEntry> permissions )
199     {
200         this.permissionNodes = permissions;
201     }
202 
203     
204     
205 }