/* CodeSource.java -- Code location and certifcates Copyright (C) 1998 Free Software Foundation, Inc. This file is part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; see the file COPYING. If not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. As a special exception, if you link this library with other files to produce an executable, this library does not by itself cause the resulting executable to be covered by the GNU General Public License. This exception does not however invalidate any other reasons why the executable file might be covered by the GNU General Public License. */ package java.security; import java.io.Serializable; import java.net.URL; import java.net.SocketPermission; /** * This class represents a location from which code is loaded (as * represented by a URL) and the list of certificates that are used to * check the signatures of signed code loaded from this source. * * @version 0.0 * * @author Aaron M. Renn (arenn@urbanophile.com) */ public class CodeSource implements Serializable { private static final String linesep = System.getProperty("line.separator"); /** * This is the URL that represents the code base from which code will * be loaded. */ private URL location; /** * This is the list of certificates for this code base */ // What is the serialized form of this? private java.security.cert.Certificate[] certs; /** * This method initializes a new instance of CodeSource that * loads code from the specified URL location and which uses the * specified certificates for verifying signatures. * * @param location The location from which code will be loaded * @param certs The list of certificates used for verifying signatures on code from this source */ public CodeSource(URL location, java.security.cert.Certificate[] certs) { this.location = location; this.certs = certs; } /** * This method returns the URL specifying the location from which code * will be loaded under this CodeSource. * * @return The code location for this CodeSource. */ public final URL getLocation() { return location; } /** * This method returns the list of digital certificates that can be used * to verify the signatures of code loaded under this CodeSource. * * @return The certifcate list for this CodeSource. */ public final java.security.cert.Certificate[] getCertificates() { return certs; } /** * This method tests to see if a specified CodeSource is * implied by this object. Effectively, to meet this test, the specified * object must have all the certifcates this object has (but may have * more) and must have a location that is a subset of this object's. In order * for this object to imply the specified object, the following must be * true: *

*

    *
  1. The specified CodeSource must not be null. *
  2. If the specified CodeSource has a certificate list, * all of that object's certificates must be present in the certificate * list of this object. *
  3. If this object does not have a null location, then * the following addtional tests must be passed. *
      *
    1. The specified CodeSource must not have a null location. *
    2. The specified CodeSource's location must be equal to * this object's location, or
      *
        *
      • The specifiec CodeSource's location protocol, port, * and ref (aka, anchor) must equal this objects, and *
      • The specified CodeSource's location host must imply this * object's location host, as determined by contructing * SocketPermission objects from each with no action list and * using that classes's implies method. And, *
      • If this object's location file ends with a '/', then the specified * object's location file must start with this object's location file. * Otherwise, the specified object's location file must start with this * object's location file with the '/' character appended to it. *
      *
    *
* * @param cs The CodeSource to test against this object * * @return true if this specified CodeSource is specified by this object, false otherwise. */ public boolean implies(CodeSource cs) { if (cs == null) return false; // First check the certificate list java.security.cert.Certificate[] their_certs = cs.getCertificates(); java.security.cert.Certificate[] our_certs = getCertificates(); if (our_certs != null) { if (their_certs == null) return false; for (int i = 0; i < our_certs.length; i++) { int j; for (j = 0; j < their_certs.length; j++) if (our_certs[i].equals(their_certs[j])) break; if (j == their_certs.length) return false; } } // Next check the location URL their_loc = getLocation(); URL our_loc = getLocation(); if (our_loc == null) return true; else if (their_loc == null) return false; if (!our_loc.getProtocol().equals(their_loc.getProtocol())) return false; if (our_loc.getPort() != -1) if (our_loc.getPort() != their_loc.getPort()) return false; if (our_loc.getRef() != null) if (!our_loc.getRef().equals(their_loc.getRef())) return false; // See javadoc comments for what we are doing here. if (our_loc.getHost() != null) { String their_host = their_loc.getHost(); if (their_host == null) return false; SocketPermission our_sockperm = new SocketPermission(our_loc.getHost(), "accept"); SocketPermission their_sockperm = new SocketPermission(their_host, "accept"); if (!our_sockperm.implies(their_sockperm)) return false; } String our_file = our_loc.getFile(); if (our_file != null) { if (!our_file.endsWith("/")) our_file = our_file + "/"; String their_file = their_loc.getFile(); if (their_file == null) return false; if (!their_file.startsWith(our_file)) return false; } return true; } /** * This method tests the specified Object for equality with * this object. This will be true if and only if: *

*

* * @param obj The Object to test against. * * @return true if the specified object is equal to this one, false otherwise. */ public boolean equals(Object obj) { if (obj == null) return false; if (!(obj instanceof CodeSource)) return false; CodeSource cs = (CodeSource) obj; // First check the certificate list java.security.cert.Certificate[] their_certs = cs.getCertificates(); java.security.cert.Certificate[] our_certs = getCertificates(); if ((our_certs == null) && (their_certs != null)) return false; else if ((our_certs != null) && (their_certs == null)) return false; if (our_certs != null) { if (our_certs.length != their_certs.length) return false; for (int i = 0; i < our_certs.length; i++) { int j; for (j = 0; j < their_certs.length; j++) if (our_certs[i].equals(their_certs[j])) break; if (j == their_certs.length) return false; } } // Now the location URL their_loc = cs.getLocation(); URL our_loc = getLocation(); if ((our_loc == null) && (their_loc != null)) return false; if (!our_loc.equals(their_loc)) return false; return true; } /** * This method returns a hash value for this object. * * @return A hash value for this object. */ public int hashCode() { URL location = getLocation(); if (location == null) return System.identityHashCode(this); return location.hashCode(); } /** * This method returns a String that represents this object. * This String will contain the object's hash code, location, * and certificate list. * * @return A String for this object */ public String toString() { StringBuffer sb = new StringBuffer(""); sb.append(super.toString() + " (" + linesep); sb.append("Location: " + getLocation() + linesep); java.security.cert.Certificate[] certs = getCertificates(); if (certs == null) sb.append("" + linesep); else for (int i = 0; i < certs.length; i++) sb.append(certs[i] + linesep); sb.append(")" + linesep); return sb.toString(); } }