1 package org.eclipse.jetty.policy.entry;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 import java.lang.reflect.Constructor;
19 import java.security.KeyStore;
20 import java.security.KeyStoreException;
21 import java.security.Permission;
22 import java.security.cert.Certificate;
23 import java.util.HashSet;
24 import java.util.Set;
25 import java.util.StringTokenizer;
26
27 import org.eclipse.jetty.policy.PolicyContext;
28 import org.eclipse.jetty.policy.PolicyException;
29
30 public class PermissionEntry extends AbstractEntry
31 {
32
33
34
35 private String klass;
36
37
38
39
40 private String name;
41
42
43
44
45 private String actions;
46
47
48
49
50 private String signers;
51
52
53 private Certificate[] signerArray;
54
55 public Permission toPermission() throws PolicyException
56 {
57 try
58 {
59 Class clazz = Class.forName( klass );
60
61 if ( signerArray != null && !validate( signerArray, (Certificate[])clazz.getSigners() ) )
62 {
63 throw new PolicyException( "Unvalidated Permissions: " + klass + "/" + name );
64 }
65
66 Permission permission = null;
67
68 if ( name == null && actions == null )
69 {
70 permission = (Permission) clazz.newInstance();
71 }
72 else if ( name != null && actions == null )
73 {
74 Constructor c = clazz.getConstructor( new Class[] { String.class } );
75 permission = (Permission) c.newInstance( name );
76 }
77 else if ( name != null && actions != null )
78 {
79 Constructor c = clazz.getConstructor( new Class[] { String.class, String.class } );
80 permission = (Permission) c.newInstance( name, actions );
81 }
82
83 return permission;
84 }
85 catch ( Exception e )
86 {
87 throw new PolicyException( e );
88 }
89 }
90
91 public void expand( PolicyContext context ) throws PolicyException
92 {
93 if ( name != null )
94 {
95 name = context.evaluate( name ).trim();
96 }
97
98 if ( actions != null )
99 {
100 actions = context.evaluate( actions ).trim();
101 }
102
103 if ( signers != null )
104 {
105 signerArray = resolveCertificates( context.getKeystore(), signers );
106 }
107
108 setExpanded( true );
109 }
110
111
112
113
114
115
116
117
118 private static boolean validate( Certificate[] permCerts, Certificate[] classCerts )
119 {
120 if ( classCerts == null )
121 {
122 return false;
123 }
124
125 for ( int i = 0; i < permCerts.length; ++i )
126 {
127 boolean found = false;
128 for ( int j = 0; j < classCerts.length; ++j )
129 {
130 if ( permCerts[i].equals( classCerts[j] ) )
131 {
132 found = true;
133 break;
134 }
135 }
136
137 if ( found == false )
138 {
139 return false;
140 }
141 }
142
143
144 return true;
145 }
146
147 private static Certificate[] resolveCertificates( KeyStore keyStore, String signers ) throws PolicyException
148 {
149 if ( keyStore == null )
150 {
151 Certificate[] certs = null;
152 return certs;
153 }
154
155 Set<Certificate> certificateSet = new HashSet<Certificate>();
156 StringTokenizer strTok = new StringTokenizer( signers, ",");
157
158 for ( int i = 0; strTok.hasMoreTokens(); ++i )
159 {
160 try
161 {
162 Certificate certificate = keyStore.getCertificate( strTok.nextToken().trim() );
163
164 if ( certificate != null )
165 {
166 certificateSet.add( certificate );
167 }
168 }
169 catch ( KeyStoreException kse )
170 {
171 throw new PolicyException( kse );
172 }
173 }
174
175 return certificateSet.toArray( new Certificate[certificateSet.size()]);
176 }
177
178 public String getKlass()
179 {
180 return klass;
181 }
182
183 public void setKlass( String klass )
184 {
185 this.klass = klass;
186 }
187
188 public String getName()
189 {
190 return name;
191 }
192
193 public void setName( String name )
194 {
195 this.name = name;
196 }
197
198 public String getActions()
199 {
200 return actions;
201 }
202
203 public void setActions( String actions )
204 {
205 this.actions = actions;
206 }
207
208 public String getSigners()
209 {
210 return signers;
211 }
212
213 public void setSigners( String signers )
214 {
215 this.signers = signers;
216 }
217
218
219
220 }