View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.policy.entry;
20  
21  import java.net.URI;
22  import java.net.URL;
23  import java.security.CodeSource;
24  import java.security.KeyStore;
25  import java.security.KeyStoreException;
26  import java.security.PermissionCollection;
27  import java.security.Permissions;
28  import java.security.Principal;
29  import java.security.cert.Certificate;
30  import java.util.Collection;
31  import java.util.HashSet;
32  import java.util.Iterator;
33  import java.util.Set;
34  import java.util.StringTokenizer;
35  
36  import org.eclipse.jetty.policy.PolicyContext;
37  import org.eclipse.jetty.policy.PolicyException;
38  
39  public class GrantEntry extends AbstractEntry
40  {
41  
42      /**
43       * The signers part of grant clause. This is a comma-separated list of certificate aliases.
44       */
45      private String signers;
46  
47      /**
48       * The codebase part of grant clause. This is an URL from which code originates.
49       */
50      private String codebase;
51  
52      /**
53       * Collection of PrincipalEntries of grant clause.
54       */
55      private Collection<PrincipalEntry> principalNodes;
56  
57      /**
58       * Collection of PermissionEntries of grant clause.
59       */
60      private Collection<PermissionEntry> permissionNodes;
61  
62      // cached permissions
63      private PermissionCollection permissions;
64      private Certificate[] signerArray;
65      private CodeSource codesource;
66      private Principal[] principals;
67      
68      /**
69       * Adds specified element to the <code>principals</code> collection. If collection does not exist yet, creates a
70       * new one.
71       */
72      public void addPrincipal( PrincipalEntry pe )
73      {
74          if ( principalNodes == null )
75          {
76              principalNodes = new HashSet<PrincipalEntry>();
77          }
78          principalNodes.add( pe );
79      }
80  
81      public void expand( PolicyContext context ) throws PolicyException
82      {
83          if ( signers != null )
84          {
85              signerArray = resolveToCertificates( context.getKeystore(), signers );  // TODO alter to support self:: etc
86          }
87          codebase = context.evaluate( codebase );
88          
89          if ( principalNodes != null )
90          {
91              Set<Principal> principalSet = new HashSet<Principal>();
92              for ( Iterator<PrincipalEntry> i = principalNodes.iterator(); i.hasNext(); )
93              {
94                  PrincipalEntry node = i.next();
95                  node.expand( context );
96                  principalSet.add( node.toPrincipal( context ) );
97              }
98              principals = principalSet.toArray( new Principal[principalSet.size()] );
99          }
100         
101         context.setPrincipals( principals );
102         permissions = new Permissions();
103         for ( Iterator<PermissionEntry> i = permissionNodes.iterator(); i.hasNext(); )
104         {
105             PermissionEntry node = i.next();
106             node.expand( context );
107             permissions.add( node.toPermission() );
108         }
109         context.setPrincipals( null );
110         
111         setExpanded( true );
112     }    
113     
114     public PermissionCollection getPermissions() throws PolicyException
115     {
116         return permissions;
117     }    
118     
119     public Principal[] getPrincipals() throws PolicyException
120     {
121         return principals;
122     }
123     
124     public CodeSource getCodeSource() throws PolicyException
125     {
126         if ( !isExpanded() )
127         {
128             throw new PolicyException("GrantNode needs to be expanded.");
129         }
130         
131         try
132         {
133             if ( codesource == null && codebase != null )
134             {
135                 URL url = new URI( codebase ).toURL();
136                 codesource = new CodeSource( url, signerArray );
137             }
138 
139             return codesource;
140         }
141         catch ( Exception e )
142         {
143             throw new PolicyException( e );
144         }
145     }
146     
147     /**
148      * resolve signers into an array of certificates using a given keystore
149      * 
150      * @param keyStore
151      * @param signers
152      * @return
153      * @throws Exception
154      */
155     private Certificate[] resolveToCertificates( KeyStore keyStore, String signers ) throws PolicyException
156     {               
157         if ( keyStore == null )
158         {
159             Certificate[] certs = null;
160             return certs;
161         }
162                 
163         Set<Certificate> certificateSet = new HashSet<Certificate>();       
164         StringTokenizer strTok = new StringTokenizer( signers, ",");
165         
166         for ( int i = 0; strTok.hasMoreTokens(); ++i )
167         {
168             try
169             {               
170                 Certificate certificate = keyStore.getCertificate( strTok.nextToken().trim() );
171                 
172                 if ( certificate != null )
173                 {
174                     certificateSet.add( certificate );
175                 }               
176             }
177             catch ( KeyStoreException kse )
178             {
179                 throw new PolicyException( kse );
180             }
181         }
182         
183         return certificateSet.toArray( new Certificate[certificateSet.size()] );
184     }
185     
186 
187     public void setSigners( String signers )
188     {
189         this.signers = signers;
190     }
191 
192     public void setCodebase( String codebase )
193     {
194         this.codebase = codebase;
195     }
196 
197     public void setPrincipals( Collection<PrincipalEntry> principals )
198     {
199         this.principalNodes = principals;
200     }
201 
202     public void setPermissions( Collection<PermissionEntry> permissions )
203     {
204         this.permissionNodes = permissions;
205     }
206 
207     
208     
209 }