View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.policy.entry;
20  
21  import java.lang.reflect.Constructor;
22  import java.security.KeyStore;
23  import java.security.KeyStoreException;
24  import java.security.Permission;
25  import java.security.cert.Certificate;
26  import java.util.HashSet;
27  import java.util.Set;
28  import java.util.StringTokenizer;
29  
30  import org.eclipse.jetty.policy.PolicyContext;
31  import org.eclipse.jetty.policy.PolicyException;
32  
33  public class PermissionEntry extends AbstractEntry
34  {
35      /**
36       * The classname part of permission clause.
37       */
38      private String klass;
39  
40      /**
41       * The name part of permission clause.
42       */
43      private String name;
44  
45      /**
46       * The actions part of permission clause.
47       */
48      private String actions;
49  
50      /**
51       * The signers part of permission clause. This is a comma-separated list of certificate aliases.
52       */
53      private String signers;
54      
55      
56      private Certificate[] signerArray;
57      
58      public Permission toPermission() throws PolicyException
59      {
60          try
61          {
62              Class<?> clazz = Class.forName(klass);
63              
64              if ( signerArray != null && !validate( signerArray, (Certificate[])clazz.getSigners() ) )
65              {
66                  throw new PolicyException( "Unvalidated Permissions: " + klass + "/" + name );
67              }
68              
69              Permission permission = null;
70  
71              if ( name == null && actions == null )
72              {
73                  permission = (Permission) clazz.newInstance();
74              }
75              else if ( name != null && actions == null )
76              {
77                  Constructor<?> c = clazz.getConstructor(new Class[]
78                  { String.class });
79                  permission = (Permission) c.newInstance( name );
80              }
81              else if ( name != null && actions != null )
82              {
83                  Constructor<?> c = clazz.getConstructor(new Class[]
84                  { String.class, String.class });
85                  permission = (Permission) c.newInstance( name, actions );
86              }
87            
88              return permission;    
89          }
90          catch ( Exception e )
91          {
92              throw new PolicyException( e );
93          }
94      }
95      
96      @Override
97      public void expand( PolicyContext context ) throws PolicyException
98      {
99          if ( name != null )
100         {
101             name = context.evaluate( name ).trim();
102         }
103         
104         if ( actions != null )
105         {
106             actions = context.evaluate( actions ).trim();
107         }
108         
109         if ( signers != null )
110         {
111             signerArray = resolveCertificates( context.getKeystore(), signers );
112         }
113         
114         setExpanded( true );
115     }
116     
117     /**
118      * validate that all permission certs are present in the class certs
119      * 
120      * @param permCerts
121      * @param classCerts
122      * @return true if the permissions match up
123      */
124     private static boolean validate( Certificate[] permCerts, Certificate[] classCerts )
125     {
126         if ( classCerts == null )
127         {
128             return false;
129         }
130         
131         for ( int i = 0; i < permCerts.length; ++i )
132         {
133             boolean found = false;           
134             for ( int j = 0; j < classCerts.length; ++j )
135             {
136                 if ( permCerts[i].equals( classCerts[j] ) )
137                 {
138                     found = true;
139                     break;
140                 }
141             }
142             // if we didn't find the permCert in the classCerts then we don't match up
143             if ( found == false )
144             {
145                 return false;
146             }
147         }
148         
149         // we found all the permCerts in classCerts so return true
150         return true;
151     }
152     
153     private static Certificate[] resolveCertificates( KeyStore keyStore, String signers ) throws PolicyException
154     {               
155         if ( keyStore == null )
156         {
157             Certificate[] certs = null;
158             return certs;
159         }
160                 
161         Set<Certificate> certificateSet = new HashSet<Certificate>();       
162         StringTokenizer strTok = new StringTokenizer( signers, ",");
163         
164         for ( int i = 0; strTok.hasMoreTokens(); ++i )
165         {
166             try
167             {               
168                 Certificate certificate = keyStore.getCertificate( strTok.nextToken().trim() );
169                 
170                 if ( certificate != null )
171                 {
172                     certificateSet.add( certificate );
173                 }               
174             }
175             catch ( KeyStoreException kse )
176             {
177                 throw new PolicyException( kse );
178             }
179         }
180         
181         return certificateSet.toArray( new Certificate[certificateSet.size()]);
182     }
183 
184     public String getKlass()
185     {
186         return klass;
187     }
188 
189     public void setKlass( String klass )
190     {
191         this.klass = klass;
192     }
193 
194     public String getName()
195     {
196         return name;
197     }
198 
199     public void setName( String name )
200     {
201         this.name = name;
202     }
203 
204     public String getActions()
205     {
206         return actions;
207     }
208 
209     public void setActions( String actions )
210     {
211         this.actions = actions;
212     }
213 
214     public String getSigners()
215     {
216         return signers;
217     }
218 
219     public void setSigners( String signers )
220     {
221         this.signers = signers;
222     }
223     
224     
225     
226 }