PermissionEntry xref

View Javadoc

1   package org.eclipse.jetty.policy.entry;
2   //========================================================================
3   //Copyright (c) Webtide LLC
4   //------------------------------------------------------------------------
5   //All rights reserved. This program and the accompanying materials
6   //are made available under the terms of the Eclipse Public License v1.0
7   //and Apache License v2.0 which accompanies this distribution.
8   //
9   //The Eclipse Public License is available at
10  //http://www.eclipse.org/legal/epl-v10.html
11  //
12  //The Apache License v2.0 is available at
13  //http://www.apache.org/licenses/LICENSE-2.0.txt
14  //
15  //You may elect to redistribute this code under either of these licenses.
16  //========================================================================
17  
18  import java.lang.reflect.Constructor;
19  import java.security.KeyStore;
20  import java.security.KeyStoreException;
21  import java.security.Permission;
22  import java.security.cert.Certificate;
23  import java.util.HashSet;
24  import java.util.Set;
25  import java.util.StringTokenizer;
26  
27  import org.eclipse.jetty.policy.PolicyContext;
28  import org.eclipse.jetty.policy.PolicyException;
29  
30  public class PermissionEntry extends AbstractEntry
31  {
32      /**
33       * The classname part of permission clause.
34       */
35      private String klass;
36  
37      /**
38       * The name part of permission clause.
39       */
40      private String name;
41  
42      /**
43       * The actions part of permission clause.
44       */
45      private String actions;
46  
47      /**
48       * The signers part of permission clause. This is a comma-separated list of certificate aliases.
49       */
50      private String signers;
51      
52      
53      private Certificate[] signerArray;
54      
55      public Permission toPermission() throws PolicyException
56      {
57          try
58          {
59              Class clazz = Class.forName( klass );
60              
61              if ( signerArray != null && !validate( signerArray, (Certificate[])clazz.getSigners() ) )
62              {
63                  throw new PolicyException( "Unvalidated Permissions: " + klass + "/" + name );
64              }
65              
66              Permission permission = null;
67  
68              if ( name == null && actions == null )
69              {
70                  permission = (Permission) clazz.newInstance();
71              }
72              else if ( name != null && actions == null )
73              {
74                  Constructor c = clazz.getConstructor( new Class[] { String.class } );
75                  permission = (Permission) c.newInstance( name );
76              }
77              else if ( name != null && actions != null )
78              {
79                  Constructor c = clazz.getConstructor( new Class[] { String.class, String.class } );
80                  permission = (Permission) c.newInstance( name, actions );
81              }
82            
83              return permission;    
84          }
85          catch ( Exception e )
86          {
87              throw new PolicyException( e );
88          }
89      }
90      
91      public void expand( PolicyContext context ) throws PolicyException
92      {
93          if ( name != null )
94          {
95              name = context.evaluate( name ).trim();
96          }
97          
98          if ( actions != null )
99          {
100             actions = context.evaluate( actions ).trim();
101         }
102         
103         if ( signers != null )
104         {
105             signerArray = resolveCertificates( context.getKeystore(), signers );
106         }
107         
108         setExpanded( true );
109     }
110     
111     /**
112      * validate that all permission certs are present in the class certs
113      * 
114      * @param permCerts
115      * @param classCerts
116      * @return true if the permissions match up
117      */
118     private static boolean validate( Certificate[] permCerts, Certificate[] classCerts )
119     {
120         if ( classCerts == null )
121         {
122             return false;
123         }
124         
125         for ( int i = 0; i < permCerts.length; ++i )
126         {
127             boolean found = false;           
128             for ( int j = 0; j < classCerts.length; ++j )
129             {
130                 if ( permCerts[i].equals( classCerts[j] ) )
131                 {
132                     found = true;
133                     break;
134                 }
135             }
136             // if we didn't find the permCert in the classCerts then we don't match up
137             if ( found == false )
138             {
139                 return false;
140             }
141         }
142         
143         // we found all the permCerts in classCerts so return true
144         return true;
145     }
146     
147     private static Certificate[] resolveCertificates( KeyStore keyStore, String signers ) throws PolicyException
148     {               
149         if ( keyStore == null )
150         {
151             Certificate[] certs = null;
152             return certs;
153         }
154                 
155         Set<Certificate> certificateSet = new HashSet<Certificate>();       
156         StringTokenizer strTok = new StringTokenizer( signers, ",");
157         
158         for ( int i = 0; strTok.hasMoreTokens(); ++i )
159         {
160             try
161             {               
162                 Certificate certificate = keyStore.getCertificate( strTok.nextToken().trim() );
163                 
164                 if ( certificate != null )
165                 {
166                     certificateSet.add( certificate );
167                 }               
168             }
169             catch ( KeyStoreException kse )
170             {
171                 throw new PolicyException( kse );
172             }
173         }
174         
175         return certificateSet.toArray( new Certificate[certificateSet.size()]);
176     }
177 
178     public String getKlass()
179     {
180         return klass;
181     }
182 
183     public void setKlass( String klass )
184     {
185         this.klass = klass;
186     }
187 
188     public String getName()
189     {
190         return name;
191     }
192 
193     public void setName( String name )
194     {
195         this.name = name;
196     }
197 
198     public String getActions()
199     {
200         return actions;
201     }
202 
203     public void setActions( String actions )
204     {
205         this.actions = actions;
206     }
207 
208     public String getSigners()
209     {
210         return signers;
211     }
212 
213     public void setSigners( String signers )
214     {
215         this.signers = signers;
216     }
217     
218     
219     
220 }