PolicyFile.java revision 0
782N/A * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 0N/A * published by the Free Software Foundation. Sun designates this 0N/A * particular file as subject to the "Classpath" exception as provided 0N/A * by Sun in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 0N/A * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, 0N/A * CA 95054 USA or visit www.sun.com if you need additional information or 0N/A * have any questions. 0N/Aimport javax.security.auth.AuthPermission; 0N/Aimport javax.security.auth.kerberos.ServicePermission; 0N/Aimport javax.security.auth.kerberos.DelegationPermission; 0N/Aimport java.io.SerializablePermission; 0N/Aimport java.util.logging.LoggingPermission; 0N/Aimport java.sql.SQLPermission; 0N/Aimport java.lang.reflect.ReflectPermission; 0N/Aimport javax.sound.sampled.AudioPermission; 0N/Aimport javax.net.ssl.SSLPermission; 0N/A * This class represents a default implementation for 0N/A * <code>java.security.Policy</code>. 0N/A * For backward compatibility with JAAS 1.0 it loads 0N/A * both java.auth.policy and java.policy. However it 0N/A * is recommended that java.auth.policy be not used 0N/A * and the java.policy contain all grant entries including 0N/A * that contain principal-based entries. 0N/A * <p> This object stores the policy for entire Java runtime, 0N/A * and is the amalgamation of multiple static policy 0N/A * configurations that resides in files. 0N/A * The algorithm for locating the policy file(s) and reading their 0N/A * information into this <code>Policy</code> object is: 0N/A * Loop through the <code>java.security.Security</code> properties, 0N/A * <i>policy.url.1</i>, <i>policy.url.2</i>, ..., 0N/A * <i>policy.url.X</i>" and 0N/A * <i>auth.policy.url.1</i>, <i>auth.policy.url.2</i>, ..., 0N/A * <i>auth.policy.url.X</i>". These properties are set 0N/A * in the Java security properties file, which is located in the file named 0N/A * <JAVA_HOME> refers to the value of the java.home system property, 0N/A * and specifies the directory where the JRE is installed. 0N/A * Each property value specifies a <code>URL</code> pointing to a 0N/A * policy file to be loaded. Read in and load each policy. 0N/A * <i>auth.policy.url</i> is supported only for backward compatibility. 0N/A * The <code>java.lang.System</code> property <i>java.security.policy</i> 0N/A * may also be set to a <code>URL</code> pointing to another policy file 0N/A * (which is the case when a user uses the -D switch at runtime). 0N/A * If this property is defined, and its use is allowed by the 0N/A * security property file (the Security property, 0N/A * <i>policy.allowSystemProperty</i> is set to <i>true</i>), 0N/A * also load that policy. 0N/A * The <code>java.lang.System</code> property 0N/A * <i>java.security.auth.policy</i> may also be set to a 0N/A * <code>URL</code> pointing to another policy file 0N/A * (which is the case when a user uses the -D switch at runtime). 0N/A * If this property is defined, and its use is allowed by the 0N/A * security property file (the Security property, 0N/A * <i>policy.allowSystemProperty</i> is set to <i>true</i>), 0N/A * also load that policy. 0N/A * <i>java.security.auth.policy</i> is supported only for backward 0N/A * If the <i>java.security.policy</i> or 0N/A * <i>java.security.auth.policy</i> property is defined using 0N/A * "==" (rather than "="), then ignore all other specified 0N/A * policies and only load this policy. 0N/A * Each policy file consists of one or more grant entries, each of 0N/A * which consists of a number of permission entries. 0N/A * grant signedBy "<b>alias</b>", codeBase "<b>URL</b>", 0N/A * principal <b>principalClass</b> "<b>principalName</b>", 0N/A * principal <b>principalClass</b> "<b>principalName</b>", 0N/A * permission <b>Type</b> "<b>name</b> "<b>action</b>", 0N/A * signedBy "<b>alias</b>"; 0N/A * permission <b>Type</b> "<b>name</b> "<b>action</b>", 0N/A * signedBy "<b>alias</b>"; 0N/A * All non-bold items above must appear as is (although case 0N/A * doesn't matter and some are optional, as noted below). 0N/A * principal entries are optional and need not be present. 0N/A * Italicized items represent variable values. 0N/A * <p> A grant entry must begin with the word <code>grant</code>. 0N/A * The <code>signedBy</code>,<code>codeBase</code> and <code>principal</code> 0N/A * If they are not present, then any signer (including unsigned code) 0N/A * will match, and any codeBase will match. 0N/A * Note that the <i>principalClass</i> 0N/A * may be set to the wildcard value, *, which allows it to match 0N/A * any <code>Principal</code> class. In addition, the <i>principalName</i> 0N/A * may also be set to the wildcard value, *, allowing it to match 0N/A * any <code>Principal</code> name. When setting the <i>principalName</i> 0N/A * to the *, do not surround the * with quotes. 0N/A * <p> A permission entry must begin with the word <code>permission</code>. 0N/A * The word <code><i>Type</i></code> in the template above is 0N/A * a specific permission type, such as <code>java.io.FilePermission</code> 0N/A * or <code>java.lang.RuntimePermission</code>. 0N/A * <p> The "<i>action</i>" is required for 0N/A * many permission types, such as <code>java.io.FilePermission</code> 0N/A * (where it specifies what type of file access that is permitted). 0N/A * It is not required for categories such as 0N/A * <code>java.lang.RuntimePermission</code> 0N/A * where it is not necessary - you either have the 0N/A * permission specified by the <code>"<i>name</i>"</code> 0N/A * value following the type name or you don't. 0N/A * <p> The <code>signedBy</code> name/value pair for a permission entry 0N/A * is optional. If present, it indicates a signed permission. That is, 0N/A * the permission class itself must be signed by the given alias in 0N/A * order for it to be granted. For example, 0N/A * suppose you have the following grant entry: 0N/A * grant principal foo.com.Principal "Duke" { 0N/A * permission Foo "foobar", signedBy "FooSoft"; 0N/A * <p> Then this permission of type <i>Foo</i> is granted if the 0N/A * <code>Foo.class</code> permission has been signed by the 0N/A * "FooSoft" alias, or if XXX <code>Foo.class</code> is a 0N/A * system class (i.e., is found on the CLASSPATH). 0N/A * <p> Items that appear in an entry must appear in the specified order 0N/A * (<code>permission</code>, <i>Type</i>, "<i>name</i>", and 0N/A * "<i>action</i>"). An entry is terminated with a semicolon. 0N/A * <p> Case is unimportant for the identifiers (<code>permission</code>, 0N/A * <code>signedBy</code>, <code>codeBase</code>, etc.) but is 0N/A * significant for the <i>Type</i> 0N/A * or for any string that is passed in as a value. <p> 0N/A * <p> An example of two entries in a policy configuration file is 0N/A * // if the code is comes from "foo.com" and is running as "Duke", 0N/A * grant codeBase "foo.com", principal foo.com.Principal "Duke" { 0N/A * permission java.io.FilePermission "/tmp/*", "read,write"; 0N/A * // grant any code running as "Duke" permission to read 0N/A * // the "java.vendor" Property. 0N/A * grant principal foo.com.Principal "Duke" { 0N/A * permission java.util.PropertyPermission "java.vendor"; 0N/A * This Policy implementation supports special handling of any 0N/A * permission that contains the string, "<b>${{self}}</b>", as part of 0N/A * its target name. When such a permission is evaluated 0N/A * (such as during a security check), <b>${{self}}</b> is replaced 0N/A * replacement performed depends upon the contents of the 0N/A * grant clause to which the permission belongs. 0N/A * If the grant clause does not contain any principal information, 0N/A * the permission will be ignored (permissions containing 0N/A * <b>${{self}}</b> in their target names are only valid in the context 0N/A * of a principal-based grant clause). For example, BarPermission 0N/A * will always be ignored in the following grant clause: 0N/A * grant codebase "www.foo.com", signedby "duke" { 0N/A * permission BarPermission "... ${{self}} ..."; 0N/A * If the grant clause contains principal information, <b>${{self}}</b> 0N/A * will be replaced with that same principal information. 0N/A * For example, <b>${{self}}</b> in BarPermission will be replaced by 0N/A * <b>javax.security.auth.x500.X500Principal "cn=Duke"</b> 0N/A * in the following grant clause: 0N/A * grant principal javax.security.auth.x500.X500Principal "cn=Duke" { 0N/A * permission BarPermission "... ${{self}} ..."; 0N/A * If there is a comma-separated list of principals in the grant 0N/A * clause, then <b>${{self}}</b> will be replaced by the same 0N/A * comma-separated list or principals. 0N/A * In the case where both the principal class and name are 0N/A * wildcarded in the grant clause, <b>${{self}}</b> is replaced 0N/A * with all the principals associated with the <code>Subject</code> 0N/A * in the current <code>AccessControlContext</code>. 0N/A * <p> For PrivateCredentialPermissions, you can also use "<b>self</b>" 0N/A * instead of "<b>${{self}}</b>". However the use of "<b>self</b>" is 0N/A * deprecated in favour of "<b>${{self}}</b>". 0N/A * @see java.security.CodeSource 0N/A * @see java.security.Permissions 0N/A * @see java.security.ProtectionDomain 0N/A "javax.security.auth.x500.X500Principal";
0N/A /** the scope to check */ 0N/A // contains the policy grant entries, PD cache, and alias mapping 0N/A // for use with the reflection API 0N/A * Initializes the Policy object and reads the default policy 0N/A * configuration file(s) into the Policy object. 0N/A * Initializes the Policy object and reads the default policy 0N/A * from the specified URL only. 0N/A * Initializes the Policy object and reads the default policy 0N/A * configuration file(s) into the Policy object. 0N/A * The algorithm for locating the policy file(s) and reading their 0N/A * information into the Policy object is: 0N/A * loop through the Security Properties named "policy.url.1", 0N/A * ""policy.url.2", "auth.policy.url.1", "auth.policy.url.2" etc, until 0N/A * you don't find one. Each of these specify a policy file. 0N/A * if none of these could be loaded, use a builtin static policy 0N/A * if the system property "java.policy" or "java.auth.policy" is defined 0N/A * case when the user uses the -D switch at runtime), and 0N/A * its use is allowed by the security property file, 0N/A * Each policy file consists of one or more grant entries, each of 0N/A * which consists of a number of permission entries. 0N/A * grant signedBy "<i>alias</i>", codeBase "<i>URL</i>" { 0N/A * permission <i>Type</i> "<i>name</i>", "<i>action</i>", 0N/A * signedBy "<i>alias</i>"; 0N/A * permission <i>Type</i> "<i>name</i>", "<i>action</i>", 0N/A * signedBy "<i>alias</i>"; 0N/A * All non-italicized items above must appear as is (although case 0N/A * doesn't matter and some are optional, as noted below). 0N/A * Italicized items represent variable values. 0N/A * <p> A grant entry must begin with the word <code>grant</code>. 0N/A * The <code>signedBy</code> and <code>codeBase</code> name/value 0N/A * pairs are optional. 0N/A * If they are not present, then any signer (including unsigned code) 0N/A * will match, and any codeBase will match. 0N/A * <p> A permission entry must begin with the word <code>permission</code>. 0N/A * The word <code><i>Type</i></code> in the template above would actually 0N/A * be a specific permission type, such as 0N/A * <code>java.io.FilePermission</code> or 0N/A * <code>java.lang.RuntimePermission</code>. 0N/A * <p>The "<i>action</i>" is required for 0N/A * many permission types, such as <code>java.io.FilePermission</code> 0N/A * (where it specifies what type of file access is permitted). 0N/A * It is not required for categories such as 0N/A * <code>java.lang.RuntimePermission</code> 0N/A * where it is not necessary - you either have the 0N/A * permission specified by the <code>"<i>name</i>"</code> 0N/A * value following the type name or you don't. 0N/A * <p>The <code>signedBy</code> name/value pair for a permission entry 0N/A * is optional. If present, it indicates a signed permission. That is, 0N/A * the permission class itself must be signed by the given alias in 0N/A * order for it to be granted. For example, 0N/A * suppose you have the following grant entry: 0N/A * permission Foo "foobar", signedBy "FooSoft"; 0N/A * <p>Then this permission of type <i>Foo</i> is granted if the 0N/A * <code>Foo.class</code> permission has been signed by the 0N/A * "FooSoft" alias, or if <code>Foo.class</code> is a 0N/A * system class (i.e., is found on the CLASSPATH). 0N/A * <p>Items that appear in an entry must appear in the specified order 0N/A * (<code>permission</code>, <i>Type</i>, "<i>name</i>", and 0N/A * "<i>action</i>"). An entry is terminated with a semicolon. 0N/A * <p>Case is unimportant for the identifiers (<code>permission</code>, 0N/A * <code>signedBy</code>, <code>codeBase</code>, etc.) but is 0N/A * significant for the <i>Type</i> 0N/A * or for any string that is passed in as a value. <p> 0N/A * <p>An example of two entries in a policy configuration file is 0N/A * // if the code is signed by "Duke", grant it read/write to all 0N/A * grant signedBy "Duke" { 0N/A * permission java.io.FilePermission "/tmp/*", "read,write"; 0N/A * // grant everyone the following permission 0N/A * permission java.util.PropertyPermission "java.vendor"; 0N/A // Properties are set once for each init(); ignore changes between 0N/A // between diff invocations of initPolicyFile(policy, url, info). 0N/A // System.out.println("number caches=" + numCaches); 0N/A * If the caller specified a URL via Policy.getInstance, 0N/A * we only read from that URL 0N/A // use static policy if all else fails 0N/A * Caller did not specify URL via Policy.getInstance. 0N/A * Read from URLs listed in the java.security properties file. 0N/A * We call initPolicyFile with POLICY , POLICY_URL and then 0N/A * call it with AUTH_POLICY and AUTH_POLICY_URL 0N/A * So first we will process the JAVA standard policy 0N/A * and then process the JAVA AUTH Policy. 0N/A * This is for backward compatibility as well as to handle 0N/A * cases where the user has a single unified policyfile 0N/A * with both java policy entries and auth entries 0N/A // To maintain strict backward compatibility 0N/A // we load the static policy only if POLICY load failed 0N/A // use static policy if all else fails 0N/A // this special case accommodates 0N/A // expand to a single slash, resulting in 0N/A // ignore that policy 0N/A * Reads a policy configuration into the Policy object using a 0N/A * @param policyFile the policy Reader object. 0N/A // read in policy using UTF-8 by default 0N/A // check non-standard system property to see if 0N/A // the default encoding should be used instead 0N/A // ignore, treat it like we have no keystore 0N/A (
POLICY +
": error parsing policy:\n\tmessage"));
0N/A // ignore the exception 0N/A (
"java.specification.version",
0N/A (
"java.specification.vendor",
0N/A (
"java.specification.name",
0N/A (
"java.vm.specification.version",
0N/A (
"java.vm.specification.vendor",
0N/A (
"java.vm.specification.name",
0N/A // No need to sync because noone has access to newInfo yet 0N/A // Add AllPermissions for standard extensions 0N/A // No need to sync because noone has access to 0N/A // this is probably bad (though not dangerous). 0N/A // What should we do? 0N/A * Given a GrantEntry, create a codeSource. 0N/A * @return null if signedBy alias is not recognized 0N/A // we don't have a key for this alias, 0N/A * Add one policy entry to the list. 0N/A // skip if signedBy alias was unknown... 0N/A // perform keystore alias principal replacement. 0N/A // for example, if alias resolves to X509 certificate, 0N/A // replace principal with: <X500Principal class> <SubjectDN> 0N/A // -- skip if alias is unknown 0N/A // perform ${{ ... }} expansions within permission name 0N/A // XXX special case PrivateCredentialPermission-SELF 0N/A (
"javax.security.auth.PrivateCredentialPermission") &&
0N/A // Create a "SelfPermission" , it could be an 0N/A // an unresolved permission which will be resolved 0N/A // when implies is called 0N/A // only add if we had no signer or we had a 0N/A // a signer and found the keys for it. 0N/A ": error adding Permission, perm:\n\tmessage"));
0N/A ": error adding Permission, perm:\n\tmessage"));
0N/A // No need to sync because noone has access to newInfo yet 0N/A +
": error adding Entry:\n\tmessage"));
0N/A * Returns a new Permission object of the given Type. The Permission is 0N/A * created by getting the 0N/A * Class object using the <code>Class.forName</code> method, and using 0N/A * the reflection API to invoke the (String name, String actions) 0N/A * constructor on the 0N/A * @param type the type of Permission being created. 0N/A * @param name the name of the Permission being created. 0N/A * @param actions the actions of the Permission being created. 0N/A * @exception ClassNotFoundException if the particular Permission 0N/A * class could not be found. 0N/A * @exception IllegalAccessException if the class or initializer is 0N/A * @exception InstantiationException if getInstance tries to 0N/A * instantiate an abstract class or an interface, or if the 0N/A * instantiation fails for some other reason. 0N/A * @exception NoSuchMethodException if the (String, String) constructor 0N/A * @exception InvocationTargetException if the underlying Permission 0N/A * constructor throws an exception. 0N/A //XXX we might want to keep a hash of created factories... 0N/A * Creates one of the well-known permissions directly instead of 0N/A * via reflection. Keep list short to not penalize non-JDK-defined 0N/A // XXX shorten list to most popular ones? 0N/A } else if (claz.equals(ReflectPermission.class)) { 0N/A return new ReflectPermission(name, actions); 0N/A } else if (claz.equals(SecurityPermission.class)) { 0N/A return new SecurityPermission(name, actions); 0N/A } else if (claz.equals(PrivateCredentialPermission.class)) { 0N/A return new PrivateCredentialPermission(name, actions); 0N/A } else if (claz.equals(AuthPermission.class)) { 0N/A return new AuthPermission(name, actions); 0N/A } else if (claz.equals(ServicePermission.class)) { 0N/A return new ServicePermission(name, actions); 0N/A } else if (claz.equals(DelegationPermission.class)) { 0N/A return new DelegationPermission(name, actions); 0N/A } else if (claz.equals(SerializablePermission.class)) { 0N/A return new SerializablePermission(name, actions); 0N/A } else if (claz.equals(AudioPermission.class)) { 0N/A return new AudioPermission(name, actions); 0N/A } else if (claz.equals(SSLPermission.class)) { 0N/A return new SSLPermission(name, actions); 0N/A } else if (claz.equals(LoggingPermission.class)) { 0N/A return new LoggingPermission(name, actions); 0N/A } else if (claz.equals(SQLPermission.class)) { 0N/A return new SQLPermission(name, actions); 0N/A * Fetch all certs associated with this alias. 0N/A // See if this alias's cert has already been cached 0N/A // never happens, because keystore has already been loaded 0N/A // when we call this 0N/A // make sure n == vcerts.size, since we are doing a logical *and* 0N/A * Refreshes the policy object by re-reading all the policy files. 0N/A * Evaluates the the global policy for the permissions granted to 0N/A * the ProtectionDomain and tests whether the permission is 0N/A * @param domain the ProtectionDomain to test 0N/A * @param permission the Permission object to be tested for implication. 0N/A * @return true if "permission" is a proper subset of a permission 0N/A * granted to this ProtectionDomain. 0N/A * @see java.security.ProtectionDomain 0N/A // cache mapping of protection domain to its PermissionCollection 0N/A * Examines this <code>Policy</code> and returns the permissions granted 0N/A * to the specified <code>ProtectionDomain</code>. This includes 0N/A * the permissions currently associated with the domain as well 0N/A * as the policy permissions granted to the domain's 0N/A * CodeSource, ClassLoader, and Principals. 0N/A * <p> Note that this <code>Policy</code> implementation has 0N/A * special handling for PrivateCredentialPermissions. 0N/A * When this method encounters a <code>PrivateCredentialPermission</code> 0N/A * which specifies "self" as the <code>Principal</code> class and name, 0N/A * it does not add that <code>Permission</code> to the returned 0N/A * <code>PermissionCollection</code>. Instead, it builds 0N/A * a new <code>PrivateCredentialPermission</code> 0N/A * for each <code>Principal</code> associated with the provided 0N/A * <code>Subject</code>. Each new <code>PrivateCredentialPermission</code> 0N/A * contains the same Credential class as specified in the 0N/A * originally granted permission, as well as the Class and name 0N/A * for the respective <code>Principal</code>. 0N/A * @param domain the Permissions granted to this 0N/A * <code>ProtectionDomain</code> are returned. 0N/A * @return the Permissions granted to the provided 0N/A * <code>ProtectionDomain</code>. 0N/A // first get policy perms 0N/A // - adding static perms after policy perms is necessary 0N/A // to avoid a regression for 4301064 0N/A * Examines this Policy and creates a PermissionCollection object with 0N/A * the set of permissions for the specified CodeSource. 0N/A * @param CodeSource the codesource associated with the caller. 0N/A * This encapsulates the original location of the code (where the code 0N/A * came from) and the public key(s) of its signer. 0N/A * @return the set of permissions according to the policy. 0N/A * Examines the global policy and returns the provided Permissions 0N/A * object with additional permissions granted to the specified 0N/A * @param perm the Permissions to populate 0N/A * @param pd the ProtectionDomain associated with the caller. 0N/A * @return the set of Permissions according to the policy. 0N/A * Examines the global policy and returns the provided Permissions 0N/A * object with additional permissions granted to the specified 0N/A * @param permissions the permissions to populate 0N/A * @param codesource the codesource associated with the caller. 782N/A * This encapsulates the original location of the code (where the code 782N/A * came from) and the public key(s) of its signer. 0N/A * @return the set of permissions according to the policy. 0N/A // Go through policyEntries gotten from identity db; sync required 0N/A // because checkForTrustedIdentity (below) might update list 0N/A // now see if any of the keys are trusted ids. 782N/A // checkForTrustedIdentity added it 782N/A // to the policy for us. next time 782N/A // around we'll find it. This time 782N/A // around we need to add it. 0N/A "\tActive CodeSource: " +
cs);
0N/A // check to see if the CodeSource implies 0N/A // CodeSource does not imply - return and try next policy entry 0N/A // check to see if the Principals imply 0N/A // policy entry has no principals - 0N/A // add perms regardless of principals in current ACC 0N/A // current thread has no principals but this policy entry 0N/A // has principals - perms are not added 0N/A // current thread has principals and this policy entry 0N/A // has principals. see if policy entry principals match 0N/A // principals in current ACC 0N/A // see if principal entry is a PrincipalComparator 0N/A // common case - dealing with regular Principal class. 0N/A // see if policy entry principal is in current ACC 0N/A // policy entry principal not in current ACC - 0N/A // immediately return and go to next policy entry 0N/A // dealing with a PrincipalComparator 0N/A // check if the PrincipalComparator 0N/A // implies the current thread's principals 0N/A (
"evaluation (principal comparator) failed");
0N/A // policy principal does not imply the current Subject - 0N/A // immediately return and go to next policy entry 0N/A // fall back to regular principal comparison. 0N/A // see if policy entry principal is in current ACC 0N/A // policy entry principal not in current ACC - 0N/A // immediately return and go to next policy entry 0N/A // either the principal information matched, 0N/A // or the PrincipalComparator.implies succeeded. 0N/A // continue loop and test the next policy principal 0N/A // all policy entry principals were found in the current ACC - 0N/A // grant the policy permissions 0N/A // handle "SELF" permissions 0N/A * This method returns, true, if the principal in the policy entry, 0N/A * pppe, is part of the current thread's principal array, pList. 0N/A * This method also returns, true, if the policy entry's principal 0N/A * is appropriately wildcarded. 0N/A * Note that the provided <i>pppe</i> argument may have 0N/A * wildcards (*) for both the <code>Principal</code> class and name. 0N/A * @param pList an array of principals from the current thread's 0N/A * AccessControlContext. 0N/A * @param pppe a Principal specified in a policy grant entry. 0N/A * @return true if the current thread's pList "contains" the 0N/A * principal in the policy entry, pppe. This method 0N/A * also returns true if the policy entry's principal 0N/A * appropriately wildcarded. 0N/A * @param sp the SelfPermission that needs to be expanded <p> 0N/A * @param entryPs list of principals for the Policy entry. 0N/A * @param pdp Principal array from the current ProtectionDomain. 0N/A * @param perms the PermissionCollection where the individual 0N/A * Permissions will be added after expansion. 0N/A // No principals in the grant to substitute 0N/A +
" with target name (" 0N/A +
"No Principal(s) specified " 0N/A +
"in the grant clause. " 0N/A +
"SELF-based target names are " 0N/A +
"only valid in the context " 0N/A +
"of a Principal-based grant entry." 0N/A // add non-SELF string 0N/A // add remaining string (might be the entire string) 0N/A // first try to instantiate the permission 0N/A // ok, the permission is not in the bootclasspath. 0N/A // before we add an UnresolvedPermission, check to see 0N/A // whether this perm already belongs to the collection. 0N/A // if so, use that perm's ClassLoader to create a new 0N/A // create an UnresolvedPermission 0N/A // we found an instantiated permission. 0N/A // use its class loader to instantiate a new permission. 0N/A // name parameter can not be null 0N/A " instantiation failed: " 0N/A * array[x][y]: x corresponds to the array length. 0N/A * if (y == 0), it's the principal class. 0N/A * if (y == 1), it's the principal name. 0N/A // there are 3 possibilities: 0N/A // 1) the entry's Principal class and name are not wildcarded 0N/A // 2) the entry's Principal name is wildcarded only 0N/A // 3) the entry's Principal class and name are wildcarded 0N/A // build an info array for the principal 0N/A // from the Policy entry 0N/A // build an info array for every principal 0N/A // in the current domain which has a principal class 0N/A // that is equal to policy entry principal class name 0N/A // build an info array for every 0N/A // one of the current Domain's principals 0N/A * Returns the signer certificates from the list of certificates 0N/A * associated with the given code source. 0N/A * The signer certificates are those certificates that were used 0N/A * to verifysigned code originating from the codesource location. 0N/A * This method assumes that in the given code source, each signer 0N/A * certificate is followed by its supporting certificate chain 0N/A * (which may be empty), and that the signer certificate and its 0N/A * supporting certificate chain are ordered bottom-to-top 0N/A * (i.e., with the signer certificate first and the (root) certificate 0N/A // Do we have to do anything? 0N/A // leave codesource as it is, unless we have to extract its 0N/A // signer certificates 0N/A // public for java.io.FilePermission +
"\n\t" +
"PD ClassLoader: " +
"\n\t" +
"PD Principals: " * return true if no replacement was performed, * or if replacement succeeded. // (only X509 replacement is possible now) // return true if no replacement was performed, // or if replacement succeeded // short cut the common case // get the value in ${{...}} // parse up to the first ':' // handle different prefix possibilities // do nothing - handled later // get the suffix and perform keystore alias replacement (
"alias name not provided (pe.name)"));
(
"unable to perform substitution on alias, suffix"));
(
"substitution value, prefix, unsupported"));
// copy the rest of the value // replace the name with expanded value // 4702543: X500 names with an EmailAddress // were encoded incorrectly. create new // X500Principal name with correct encoding * Checks public key. If it is marked as trusted in * the identity database, add it to the policy * with the AllPermission. // see if we are ignoring the identity scope or not // try to initialize scope // need privileged block for getIdentity in case we are trying debug.
println(
"Adding policy entry for trusted Identity: ");
//needed for identity toString! // add it to the policy for future reference // add it to the mapping as well so // we don't have to go through this again * Each entry in the policy configuration file is represented by a * PolicyEntry object. <p> * A PolicyEntry is a (CodeSource,Permission) pair. The * CodeSource contains the (URL, PublicKey) that together identify * where the Java bytecodes come from and who (if anyone) signed * them. The URL could refer to localhost. The URL could also be * null, meaning that this policy entry is given to all comers, as * long as they match the signer field. The signer could be null, * meaning the code is not signed. <p> * The Permission contains the (Type, Name, Action) triplet. <p> * For now, the Policy object retrieves the public key from the * X.509 certificate on disk that corresponds to the signedBy * alias specified in the Policy config file. For reasons of * efficiency, the Policy object keeps a hashtable of certs already * read in. This could be replaced by a secure internal key * permission java.io.File "/tmp", "read,write", * is represented internally * FilePermission f = new FilePermission("/tmp", "read,write"); * PublicKey p = publickeys.get("Duke"); * URL u = InetAddress.getLocalHost(); * CodeBase c = new CodeBase( p, u ); * pe = new PolicyEntry(f, c); * @author Marianne Mueller * @author Roland Schemers * @see java.security.CodeSource * @see java.security.Policy * @see java.security.Permissions * @see java.security.ProtectionDomain * Given a Permission and a CodeSource, create a policy entry. * XXX Decide if/how to add validity fields and "purpose" fields to * @param cs the CodeSource, which encapsulates the URL and the * attributes from the policy config file. Validity checks * are performed on the public key before PolicyEntry is * add a Permission object to this entry. * No need to sync add op because perms are added to entry only * while entry is being initialized * Return the CodeSource for this policy entry * The class name of the Permission class that will be * created when this self permission is expanded . * The actions of the permission. * The certs of the permission. * Creates a new SelfPermission containing the permission * information needed later to expand the self * @param type the class name of the Permission class that will be * created when this permission is expanded and if necessary resolved. * @param name the name of the permission. * @param actions the actions of the permission. * @param certs the certificates the permission's class was signed with. * This is a list of certificate chains, where each chain is composed of * a signer certificate and optionally its supporting certificate chain. * Each chain is ordered bottom-to-top (i.e., with the signer * certificate first and the (root) certificate authority last). // Extract the signer certs from the list of certificates. // there is no concept of signer certs, so we store the // Go through the list of certs and see if all the certs are // All the certs are signer certs, so we store the // extract the signer certs * This method always returns false for SelfPermission permissions. * That is, an SelfPermission never considered to * imply another permission. * @param p the permission to check against. * Checks two SelfPermission objects for equality. * Checks that <i>obj</i> is an SelfPermission, and has * the same type (class) name, permission name, actions, and * certificates as this object. * @param obj the object we are testing for equality with this object. * @return true if obj is an SelfPermission, and has the same * type (class) name, permission name, actions, and * certificates as this object. if (!
match)
return false;
if (!
match)
return false;
* Returns the hash code value for this object. * @return a hash code value for this object. * Returns the canonical string representation of the actions, * which currently is the empty string "", since there are no actions * for an SelfPermission. That is, the actions for the * permission that will be created when this SelfPermission * is resolved may be non-null, but an SelfPermission * itself is never considered to have any actions. * @return the empty string "". * Returns a string describing this SelfPermission. The convention * is to specify the class name, the permission name, and the actions, * in the following format: '(unresolved "ClassName" "name" "actions")'. * @return information about this SelfPermission. * holds policy information that we need to synch on private static final boolean verbose =
false;
// Stores grant entries in the policy // Stores grant entries gotten from identity database // Use separate lists to avoid sync on policyEntries // Maps ProtectionDomain to PermissionCollection