1 package org.eclipse.jetty.policy.entry;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 import java.net.URL;
19 import java.security.CodeSource;
20 import java.security.KeyStore;
21 import java.security.KeyStoreException;
22 import java.security.PermissionCollection;
23 import java.security.Permissions;
24 import java.security.Principal;
25 import java.security.cert.Certificate;
26 import java.util.Collection;
27 import java.util.HashSet;
28 import java.util.Iterator;
29 import java.util.Set;
30 import java.util.StringTokenizer;
31
32 import org.eclipse.jetty.policy.PolicyContext;
33 import org.eclipse.jetty.policy.PolicyException;
34
35 public class GrantEntry extends AbstractEntry
36 {
37
38
39
40
41 private String signers;
42
43
44
45
46 private String codebase;
47
48
49
50
51 private Collection<PrincipalEntry> principalNodes;
52
53
54
55
56 private Collection<PermissionEntry> permissionNodes;
57
58
59 private PermissionCollection permissions;
60 private Certificate[] signerArray;
61 private CodeSource codesource;
62 private Principal[] principals;
63
64
65
66
67
68 public void addPrincipal( PrincipalEntry pe )
69 {
70 if ( principalNodes == null )
71 {
72 principalNodes = new HashSet<PrincipalEntry>();
73 }
74 principalNodes.add( pe );
75 }
76
77 public void expand( PolicyContext context ) throws PolicyException
78 {
79 if ( signers != null )
80 {
81 signerArray = resolveToCertificates( context.getKeystore(), signers );
82 }
83 codebase = context.evaluate( codebase );
84
85 if ( principalNodes != null )
86 {
87 Set<Principal> principalSet = new HashSet<Principal>();
88 for ( Iterator<PrincipalEntry> i = principalNodes.iterator(); i.hasNext(); )
89 {
90 PrincipalEntry node = i.next();
91 node.expand( context );
92 principalSet.add( node.toPrincipal( context ) );
93 }
94 principals = principalSet.toArray( new Principal[principalSet.size()] );
95 }
96
97 context.setPrincipals( principals );
98 permissions = new Permissions();
99 for ( Iterator<PermissionEntry> i = permissionNodes.iterator(); i.hasNext(); )
100 {
101 PermissionEntry node = i.next();
102 node.expand( context );
103 permissions.add( node.toPermission() );
104 }
105 context.setPrincipals( null );
106
107 setExpanded( true );
108 }
109
110 public PermissionCollection getPermissions() throws PolicyException
111 {
112 return permissions;
113 }
114
115 public Principal[] getPrincipals() throws PolicyException
116 {
117 return principals;
118 }
119
120 public CodeSource getCodeSource() throws PolicyException
121 {
122 if ( !isExpanded() )
123 {
124 throw new PolicyException("GrantNode needs to be expanded.");
125 }
126
127 try
128 {
129 if ( codesource == null && codebase != null )
130 {
131 URL url = new URL( codebase );
132 codesource = new CodeSource( url, signerArray );
133 }
134
135 return codesource;
136 }
137 catch ( Exception e )
138 {
139 throw new PolicyException( e );
140 }
141 }
142
143
144
145
146
147
148
149
150
151 private Certificate[] resolveToCertificates( KeyStore keyStore, String signers ) throws PolicyException
152 {
153 if ( keyStore == null )
154 {
155 Certificate[] certs = null;
156 return certs;
157 }
158
159 Set<Certificate> certificateSet = new HashSet<Certificate>();
160 StringTokenizer strTok = new StringTokenizer( signers, ",");
161
162 for ( int i = 0; strTok.hasMoreTokens(); ++i )
163 {
164 try
165 {
166 Certificate certificate = keyStore.getCertificate( strTok.nextToken().trim() );
167
168 if ( certificate != null )
169 {
170 certificateSet.add( certificate );
171 }
172 }
173 catch ( KeyStoreException kse )
174 {
175 throw new PolicyException( kse );
176 }
177 }
178
179 return certificateSet.toArray( new Certificate[certificateSet.size()] );
180 }
181
182
183 public void setSigners( String signers )
184 {
185 this.signers = signers;
186 }
187
188 public void setCodebase( String codebase )
189 {
190 this.codebase = codebase;
191 }
192
193 public void setPrincipals( Collection<PrincipalEntry> principals )
194 {
195 this.principalNodes = principals;
196 }
197
198 public void setPermissions( Collection<PermissionEntry> permissions )
199 {
200 this.permissionNodes = permissions;
201 }
202
203
204
205 }