UnresolvedPermission.java revision 3381
2362N/A * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * The UnresolvedPermission class is used to hold Permissions that 0N/A * were "unresolved" when the Policy was initialized. 0N/A * An unresolved permission is one whose actual Permission class 0N/A * does not yet exist at the time the Policy is initialized (see below). 0N/A * <p>The policy for a Java runtime (specifying 0N/A * which permissions are available for code from various principals) 0N/A * is represented by a Policy object. 0N/A * Whenever a Policy is initialized or refreshed, Permission objects of 0N/A * appropriate classes are created for all permissions 0N/A * allowed by the Policy. 0N/A * <p>Many permission class types 0N/A * referenced by the policy configuration are ones that exist 0N/A * locally (i.e., ones that can be found on CLASSPATH). 0N/A * Objects for such permissions can be instantiated during 0N/A * Policy initialization. For example, it is always possible 0N/A * to instantiate a java.io.FilePermission, since the 0N/A * FilePermission class is found on the CLASSPATH. 0N/A * <p>Other permission classes may not yet exist during Policy 0N/A * initialization. For example, a referenced permission class may 0N/A * be in a JAR file that will later be loaded. 0N/A * For each such class, an UnresolvedPermission is instantiated. 0N/A * Thus, an UnresolvedPermission is essentially a "placeholder" 0N/A * containing information about the permission. 0N/A * <p>Later, when code calls AccessController.checkPermission 0N/A * on a permission of a type that was previously unresolved, 0N/A * but whose class has since been loaded, previously-unresolved 0N/A * permissions of that type are "resolved". That is, 0N/A * for each such UnresolvedPermission, a new object of 0N/A * the appropriate class type is instantiated, based on the 0N/A * information in the UnresolvedPermission. 0N/A * <p> To instantiate the new class, UnresolvedPermission assumes 0N/A * the class provides a zero, one, and/or two-argument constructor. 0N/A * The zero-argument constructor would be used to instantiate 0N/A * a permission without a name and without actions. 0N/A * A one-arg constructor is assumed to take a <code>String</code> 0N/A * name as input, and a two-arg constructor is assumed to take a 0N/A * <code>String</code> name and <code>String</code> actions 0N/A * as input. UnresolvedPermission may invoke a 0N/A * constructor with a <code>null</code> name and/or actions. 0N/A * If an appropriate permission constructor is not available, 0N/A * the UnresolvedPermission is ignored and the relevant permission 0N/A * will not be granted to executing code. 0N/A * <p> The newly created permission object replaces the 0N/A * UnresolvedPermission, which is removed. 0N/A * <p> Note that the <code>getName</code> method for an 0N/A * <code>UnresolvedPermission</code> returns the 0N/A * <code>type</code> (class name) for the underlying permission 0N/A * that has not been resolved. 0N/A * @see java.security.Permission 0N/A * @see java.security.Permissions 0N/A * @see java.security.PermissionCollection 0N/A * @see java.security.Policy 0N/A * @author Roland Schemers 0N/A (
"policy,access",
"UnresolvedPermission");
0N/A * The class name of the Permission class that will be 0N/A * created when this unresolved permission is resolved. 0N/A * The permission name. 0N/A * The actions of the permission. 0N/A * Creates a new UnresolvedPermission containing the permission 0N/A * information needed later to actually create a Permission of the 0N/A * specified class, when the permission is resolved. 0N/A * @param type the class name of the Permission class that will be 0N/A * created when this unresolved permission is resolved. 0N/A * @param name the name of the permission. 0N/A * @param actions the actions of the permission. 0N/A * @param certs the certificates the permission's class was signed with. 0N/A * This is a list of certificate chains, where each chain is composed of a 0N/A * signer certificate and optionally its supporting certificate chain. 0N/A * Each chain is ordered bottom-to-top (i.e., with the signer certificate 0N/A * first and the (root) certificate authority last). The signer 0N/A * certificates are copied from the array. Subsequent changes to 0N/A * the array will not affect this UnsolvedPermission. 0N/A // Extract the signer certs from the list of certificates. 0N/A // there is no concept of signer certs, so we store the 0N/A // entire cert array 0N/A // Go through the list of certs and see if all the certs are 0N/A // All the certs are signer certs, so we store the entire 0N/A // extract the signer certs 0N/A * try and resolve this permission using the class loader of the permission 0N/A * that was passed in. 0N/A // if p wasn't signed, we don't have a match 0N/A // all certs in this.certs must be present in certs 0N/A * This method always returns false for unresolved permissions. 0N/A * That is, an UnresolvedPermission is never considered to 0N/A * imply another permission. 0N/A * @param p the permission to check against. 0N/A * Checks two UnresolvedPermission objects for equality. 0N/A * Checks that <i>obj</i> is an UnresolvedPermission, and has 0N/A * the same type (class) name, permission name, actions, and 0N/A * certificates as this object. 0N/A * <p> To determine certificate equality, this method only compares 0N/A * actual signer certificates. Supporting certificate chains 0N/A * are not taken into consideration by this method. 0N/A * @param obj the object we are testing for equality with this object. 0N/A * @return true if obj is an UnresolvedPermission, and has the same 0N/A * type (class) name, permission name, actions, and 0N/A * certificates as this object. 0N/A * Returns the hash code value for this object. 0N/A * @return a hash code value for this object. 0N/A * Returns the canonical string representation of the actions, 0N/A * which currently is the empty string "", since there are no actions for 0N/A * an UnresolvedPermission. That is, the actions for the 0N/A * permission that will be created when this UnresolvedPermission 0N/A * is resolved may be non-null, but an UnresolvedPermission 0N/A * itself is never considered to have any actions. 0N/A * @return the empty string "". 0N/A * Get the type (class name) of the underlying permission that 0N/A * has not been resolved. 0N/A * @return the type (class name) of the underlying permission that 0N/A * has not been resolved 0N/A * Get the target name of the underlying permission that 0N/A * has not been resolved. 0N/A * @return the target name of the underlying permission that 0N/A * has not been resolved, or <code>null</code>, 0N/A * if there is no targe name 0N/A * Get the actions for the underlying permission that 0N/A * has not been resolved. 0N/A * @return the actions for the underlying permission that 0N/A * has not been resolved, or <code>null</code> 0N/A * if there are no actions 0N/A * Get the signer certificates (without any supporting chain) 0N/A * for the underlying permission that has not been resolved. 0N/A * @return the signer certificates for the underlying permission that 0N/A * has not been resolved, or null, if there are no signer certificates. 0N/A * Returns a new array each time this method is called. 0N/A * Returns a string describing this UnresolvedPermission. The convention 0N/A * is to specify the class name, the permission name, and the actions, in 0N/A * the following format: '(unresolved "ClassName" "name" "actions")'. 0N/A * @return information about this UnresolvedPermission. 0N/A * Returns a new PermissionCollection object for storing 0N/A * UnresolvedPermission objects. 0N/A * @return a new PermissionCollection object suitable for 0N/A * storing UnresolvedPermissions. 0N/A * Writes this object out to a stream (i.e., serializes it). 0N/A * @serialData An initial <code>String</code> denoting the 0N/A * <code>type</code> is followed by a <code>String</code> denoting the 0N/A * <code>name</code> is followed by a <code>String</code> denoting the 0N/A * <code>actions</code> is followed by an <code>int</code> indicating the 0N/A * number of certificates to follow 0N/A * (a value of "zero" denotes that there are no certificates associated 0N/A * with this object). 0N/A * Each certificate is written out starting with a <code>String</code> 0N/A * denoting the certificate type, followed by an 0N/A * <code>int</code> specifying the length of the certificate encoding, 0N/A * followed by the certificate encoding itself which is written out as an 0N/A // write out the total number of certs 0N/A // write out each cert, including its type 0N/A * Restores this object from a stream (i.e., deserializes it). 0N/A // process any new-style certs in the stream (if present) 0N/A // we know of 3 different cert types: X.509, PGP, SDSI, which 0N/A // could all be present in the stream at the same time 0N/A // read the certificate type, and instantiate a certificate 0N/A // factory of that type (reuse existing factory if possible) 0N/A // reuse certificate factory 0N/A // create new certificate factory 0N/A // store the certificate factory so we can reuse it later 0N/A // parse the certificate