1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.policy.entry;
20
21 import java.net.URI;
22 import java.net.URL;
23 import java.security.CodeSource;
24 import java.security.KeyStore;
25 import java.security.KeyStoreException;
26 import java.security.PermissionCollection;
27 import java.security.Permissions;
28 import java.security.Principal;
29 import java.security.cert.Certificate;
30 import java.util.Collection;
31 import java.util.HashSet;
32 import java.util.Iterator;
33 import java.util.Set;
34 import java.util.StringTokenizer;
35
36 import org.eclipse.jetty.policy.PolicyContext;
37 import org.eclipse.jetty.policy.PolicyException;
38
39 public class GrantEntry extends AbstractEntry
40 {
41
42
43
44
45 private String signers;
46
47
48
49
50 private String codebase;
51
52
53
54
55 private Collection<PrincipalEntry> principalNodes;
56
57
58
59
60 private Collection<PermissionEntry> permissionNodes;
61
62
63 private PermissionCollection permissions;
64 private Certificate[] signerArray;
65 private CodeSource codesource;
66 private Principal[] principals;
67
68
69
70
71
72 public void addPrincipal( PrincipalEntry pe )
73 {
74 if ( principalNodes == null )
75 {
76 principalNodes = new HashSet<PrincipalEntry>();
77 }
78 principalNodes.add( pe );
79 }
80
81 public void expand( PolicyContext context ) throws PolicyException
82 {
83 if ( signers != null )
84 {
85 signerArray = resolveToCertificates( context.getKeystore(), signers );
86 }
87 codebase = context.evaluate( codebase );
88
89 if ( principalNodes != null )
90 {
91 Set<Principal> principalSet = new HashSet<Principal>();
92 for ( Iterator<PrincipalEntry> i = principalNodes.iterator(); i.hasNext(); )
93 {
94 PrincipalEntry node = i.next();
95 node.expand( context );
96 principalSet.add( node.toPrincipal( context ) );
97 }
98 principals = principalSet.toArray( new Principal[principalSet.size()] );
99 }
100
101 context.setPrincipals( principals );
102 permissions = new Permissions();
103 for ( Iterator<PermissionEntry> i = permissionNodes.iterator(); i.hasNext(); )
104 {
105 PermissionEntry node = i.next();
106 node.expand( context );
107 permissions.add( node.toPermission() );
108 }
109 context.setPrincipals( null );
110
111 setExpanded( true );
112 }
113
114 public PermissionCollection getPermissions() throws PolicyException
115 {
116 return permissions;
117 }
118
119 public Principal[] getPrincipals() throws PolicyException
120 {
121 return principals;
122 }
123
124 public CodeSource getCodeSource() throws PolicyException
125 {
126 if ( !isExpanded() )
127 {
128 throw new PolicyException("GrantNode needs to be expanded.");
129 }
130
131 try
132 {
133 if ( codesource == null && codebase != null )
134 {
135 URL url = new URI( codebase ).toURL();
136 codesource = new CodeSource( url, signerArray );
137 }
138
139 return codesource;
140 }
141 catch ( Exception e )
142 {
143 throw new PolicyException( e );
144 }
145 }
146
147
148
149
150
151
152
153
154
155 private Certificate[] resolveToCertificates( KeyStore keyStore, String signers ) throws PolicyException
156 {
157 if ( keyStore == null )
158 {
159 Certificate[] certs = null;
160 return certs;
161 }
162
163 Set<Certificate> certificateSet = new HashSet<Certificate>();
164 StringTokenizer strTok = new StringTokenizer( signers, ",");
165
166 for ( int i = 0; strTok.hasMoreTokens(); ++i )
167 {
168 try
169 {
170 Certificate certificate = keyStore.getCertificate( strTok.nextToken().trim() );
171
172 if ( certificate != null )
173 {
174 certificateSet.add( certificate );
175 }
176 }
177 catch ( KeyStoreException kse )
178 {
179 throw new PolicyException( kse );
180 }
181 }
182
183 return certificateSet.toArray( new Certificate[certificateSet.size()] );
184 }
185
186
187 public void setSigners( String signers )
188 {
189 this.signers = signers;
190 }
191
192 public void setCodebase( String codebase )
193 {
194 this.codebase = codebase;
195 }
196
197 public void setPrincipals( Collection<PrincipalEntry> principals )
198 {
199 this.principalNodes = principals;
200 }
201
202 public void setPermissions( Collection<PermissionEntry> permissions )
203 {
204 this.permissionNodes = permissions;
205 }
206
207
208
209 }