1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.policy.entry;
20
21 import java.lang.reflect.Constructor;
22 import java.security.KeyStore;
23 import java.security.KeyStoreException;
24 import java.security.Permission;
25 import java.security.cert.Certificate;
26 import java.util.HashSet;
27 import java.util.Set;
28 import java.util.StringTokenizer;
29
30 import org.eclipse.jetty.policy.PolicyContext;
31 import org.eclipse.jetty.policy.PolicyException;
32
33 public class PermissionEntry extends AbstractEntry
34 {
35
36
37
38 private String klass;
39
40
41
42
43 private String name;
44
45
46
47
48 private String actions;
49
50
51
52
53 private String signers;
54
55
56 private Certificate[] signerArray;
57
58 public Permission toPermission() throws PolicyException
59 {
60 try
61 {
62 Class<?> clazz = Class.forName(klass);
63
64 if ( signerArray != null && !validate( signerArray, (Certificate[])clazz.getSigners() ) )
65 {
66 throw new PolicyException( "Unvalidated Permissions: " + klass + "/" + name );
67 }
68
69 Permission permission = null;
70
71 if ( name == null && actions == null )
72 {
73 permission = (Permission) clazz.newInstance();
74 }
75 else if ( name != null && actions == null )
76 {
77 Constructor<?> c = clazz.getConstructor(new Class[]
78 { String.class });
79 permission = (Permission) c.newInstance( name );
80 }
81 else if ( name != null && actions != null )
82 {
83 Constructor<?> c = clazz.getConstructor(new Class[]
84 { String.class, String.class });
85 permission = (Permission) c.newInstance( name, actions );
86 }
87
88 return permission;
89 }
90 catch ( Exception e )
91 {
92 throw new PolicyException( e );
93 }
94 }
95
96 @Override
97 public void expand( PolicyContext context ) throws PolicyException
98 {
99 if ( name != null )
100 {
101 name = context.evaluate( name ).trim();
102 }
103
104 if ( actions != null )
105 {
106 actions = context.evaluate( actions ).trim();
107 }
108
109 if ( signers != null )
110 {
111 signerArray = resolveCertificates( context.getKeystore(), signers );
112 }
113
114 setExpanded( true );
115 }
116
117
118
119
120
121
122
123
124 private static boolean validate( Certificate[] permCerts, Certificate[] classCerts )
125 {
126 if ( classCerts == null )
127 {
128 return false;
129 }
130
131 for ( int i = 0; i < permCerts.length; ++i )
132 {
133 boolean found = false;
134 for ( int j = 0; j < classCerts.length; ++j )
135 {
136 if ( permCerts[i].equals( classCerts[j] ) )
137 {
138 found = true;
139 break;
140 }
141 }
142
143 if ( found == false )
144 {
145 return false;
146 }
147 }
148
149
150 return true;
151 }
152
153 private static Certificate[] resolveCertificates( KeyStore keyStore, String signers ) throws PolicyException
154 {
155 if ( keyStore == null )
156 {
157 Certificate[] certs = null;
158 return certs;
159 }
160
161 Set<Certificate> certificateSet = new HashSet<Certificate>();
162 StringTokenizer strTok = new StringTokenizer( signers, ",");
163
164 for ( int i = 0; strTok.hasMoreTokens(); ++i )
165 {
166 try
167 {
168 Certificate certificate = keyStore.getCertificate( strTok.nextToken().trim() );
169
170 if ( certificate != null )
171 {
172 certificateSet.add( certificate );
173 }
174 }
175 catch ( KeyStoreException kse )
176 {
177 throw new PolicyException( kse );
178 }
179 }
180
181 return certificateSet.toArray( new Certificate[certificateSet.size()]);
182 }
183
184 public String getKlass()
185 {
186 return klass;
187 }
188
189 public void setKlass( String klass )
190 {
191 this.klass = klass;
192 }
193
194 public String getName()
195 {
196 return name;
197 }
198
199 public void setName( String name )
200 {
201 this.name = name;
202 }
203
204 public String getActions()
205 {
206 return actions;
207 }
208
209 public void setActions( String actions )
210 {
211 this.actions = actions;
212 }
213
214 public String getSigners()
215 {
216 return signers;
217 }
218
219 public void setSigners( String signers )
220 {
221 this.signers = signers;
222 }
223
224
225
226 }