7451c1559e
* Makefile.in: Rebuilt. * Makefile.am (ordinary_java_source_files): Added new files. * java/security/AlgorithmParameterGenerator.java, java/security/AlgorithmParameters.java, java/security/Engine.java, java/security/Identity.java, java/security/IdentityScope.java, java/security/KeyFactory.java, java/security/KeyPairGenerator.java, java/security/KeyStore.java, java/security/MessageDigest.java, java/security/Policy.java, java/security/ProtectionDomain.java, java/security/SecureRandom.java, java/security/Security.java, java/security/Signature.java, java/security/SignatureSpi.java, java/security/SignedObject.java, java/security/Signer.java, java/security/interfaces/RSAMultiPrimePrivateCrtKey.java, java/security/spec/PSSParameterSpec.java, java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java, java/security/spec/RSAOtherPrimeInfo.java: New versions from Classpath. From-SVN: r65829
270 lines
9.7 KiB
Java
270 lines
9.7 KiB
Java
/* ProtectionDomain.java -- A security domain
|
|
Copyright (C) 1998, 2003, Free Software Foundation, Inc.
|
|
|
|
This file is part of GNU Classpath.
|
|
|
|
GNU Classpath is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2, or (at your option)
|
|
any later version.
|
|
|
|
GNU Classpath is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with GNU Classpath; see the file COPYING. If not, write to the
|
|
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
|
02111-1307 USA.
|
|
|
|
Linking this library statically or dynamically with other modules is
|
|
making a combined work based on this library. Thus, the terms and
|
|
conditions of the GNU General Public License cover the whole
|
|
combination.
|
|
|
|
As a special exception, the copyright holders of this library give you
|
|
permission to link this library with independent modules to produce an
|
|
executable, regardless of the license terms of these independent
|
|
modules, and to copy and distribute the resulting executable under
|
|
terms of your choice, provided that you also meet, for each linked
|
|
independent module, the terms and conditions of the license of that
|
|
module. An independent module is a module which is not derived from
|
|
or based on this library. If you modify this library, you may extend
|
|
this exception to your version of the library, but you are not
|
|
obligated to do so. If you do not wish to do so, delete this
|
|
exception statement from your version. */
|
|
|
|
package java.security;
|
|
|
|
/**
|
|
* <p>This <code>ProtectionDomain</code> class encapsulates the characteristics
|
|
* of a domain, which encloses a set of classes whose instances are granted a
|
|
* set of permissions when being executed on behalf of a given set of
|
|
* <i>Principals</i>.
|
|
*
|
|
* <p>A static set of permissions can be bound to a <code>ProtectionDomain</code>
|
|
* when it is constructed; such permissions are granted to the domain regardless
|
|
* of the {@link Policy} in force. However, to support dynamic security
|
|
* policies, a <code>ProtectionDomain</code> can also be constructed such that
|
|
* it is dynamically mapped to a set of permissions by the current {@link
|
|
* Policy} whenever a permission is checked.</p>
|
|
*
|
|
* @author Aaron M. Renn (arenn@urbanophile.com)
|
|
* @version 0.0
|
|
*/
|
|
public class ProtectionDomain
|
|
{
|
|
/** This is the <code>CodeSource</code> for this protection domain. */
|
|
private CodeSource code_source;
|
|
|
|
/** This is the set of permissions granted to this domain. */
|
|
private PermissionCollection perms;
|
|
|
|
/** The {@link ClassLoader} associated with this domain. */
|
|
private ClassLoader classloader;
|
|
|
|
/** The array of Principals associated with this domain.. */
|
|
private Principal[] principals;
|
|
|
|
/** Post 1.4 the policy may be refreshed! use false for pre 1.4. */
|
|
private boolean staticBinding;
|
|
|
|
/**
|
|
* Creates a new <code>ProtectionDomain</code> with the given {@link
|
|
* CodeSource} and {@link Permissions}. If the permissions object is not
|
|
* <code>null</code>, then <code>setReadOnly()</code> will be called on the
|
|
* passed in {@link Permissions} object. The only permissions granted to this
|
|
* domain are the ones specified; the current {@link Policy} will not be
|
|
* consulted.
|
|
*
|
|
* @param codesource the codesource associated with this domain.
|
|
* @param permissions the permissions granted to this domain
|
|
*/
|
|
public ProtectionDomain(CodeSource codesource, PermissionCollection permissions)
|
|
{
|
|
this(codesource, permissions, null, null, false);
|
|
}
|
|
|
|
/**
|
|
* <p>Creates a new ProtectionDomain qualified by the given CodeSource,
|
|
* Permissions, ClassLoader and array of Principals. If the permissions
|
|
* object is not null, then <code>setReadOnly()</code> will be called on the
|
|
* passed in Permissions object. The permissions granted to this domain are
|
|
* dynamic; they include both the static permissions passed to this
|
|
* constructor, and any permissions granted to this domain by the current
|
|
* Policy at the time a permission is checked.</p>
|
|
*
|
|
* <p>This constructor is typically used by {@link ClassLoader}s and {@link
|
|
* DomainCombiner}s which delegate to <code>Policy</code> to actively
|
|
* associate the permissions granted to this domain. This constructor affords
|
|
* the Policy provider the opportunity to augment the supplied
|
|
* PermissionCollection to reflect policy changes.</p>
|
|
*
|
|
* @param codesource the CodeSource associated with this domain.
|
|
* @param permissions the permissions granted to this domain.
|
|
* @param classloader the ClassLoader associated with this domain.
|
|
* @param principals the array of Principals associated with this domain.
|
|
* @since 1.4
|
|
* @see Policy#refresh()
|
|
* @see Policy#getPermissions(ProtectionDomain)
|
|
*/
|
|
public ProtectionDomain(CodeSource codesource,
|
|
PermissionCollection permissions,
|
|
ClassLoader classloader, Principal[] principals)
|
|
{
|
|
this(codesource, permissions, classloader, principals, false);
|
|
}
|
|
|
|
private ProtectionDomain(CodeSource codesource,
|
|
PermissionCollection permissions,
|
|
ClassLoader classloader, Principal[] principals,
|
|
boolean staticBinding)
|
|
{
|
|
super();
|
|
|
|
code_source = codesource;
|
|
if (permissions != null)
|
|
{
|
|
perms = permissions;
|
|
perms.setReadOnly();
|
|
}
|
|
|
|
this.classloader = classloader;
|
|
this.principals =
|
|
(principals != null ? (Principal[]) principals.clone() : new Principal[0]);
|
|
this.staticBinding = staticBinding;
|
|
}
|
|
|
|
/**
|
|
* Returns the {@link CodeSource} of this domain.
|
|
*
|
|
* @return the {@link CodeSource} of this domain which may be <code>null</code>.
|
|
* @since 1.2
|
|
*/
|
|
public final CodeSource getCodeSource()
|
|
{
|
|
return code_source;
|
|
}
|
|
|
|
/**
|
|
* Returns the {@link ClassLoader} of this domain.
|
|
*
|
|
* @return the {@link ClassLoader} of this domain which may be
|
|
* <code>null</code>.
|
|
* @since 1.4
|
|
*/
|
|
public final ClassLoader getClassLoader()
|
|
{
|
|
return this.classloader;
|
|
}
|
|
|
|
/**
|
|
* Returns an array of principals for this domain.
|
|
*
|
|
* @return returns a non-null array of principals for this domain. Changes to
|
|
* this array will have no impact on the <code>ProtectionDomain</code>.
|
|
* @since 1.4
|
|
*/
|
|
public final Principal[] getPrincipals()
|
|
{
|
|
return (Principal[]) principals.clone();
|
|
}
|
|
|
|
/**
|
|
* Returns the static permissions granted to this domain.
|
|
*
|
|
* @return the static set of permissions for this domain which may be
|
|
* <code>null</code>.
|
|
* @see Policy#refresh()
|
|
* @see Policy#getPermissions(ProtectionDomain)
|
|
*/
|
|
public final PermissionCollection getPermissions()
|
|
{
|
|
return perms;
|
|
}
|
|
|
|
/**
|
|
* <p>Check and see if this <code>ProtectionDomain</code> implies the
|
|
* permissions expressed in the <code>Permission</code> object.</p>
|
|
*
|
|
* <p>The set of permissions evaluated is a function of whether the
|
|
* <code>ProtectionDomain</code> was constructed with a static set of
|
|
* permissions or it was bound to a dynamically mapped set of permissions.</p>
|
|
*
|
|
* <p>If the <code>ProtectionDomain</code> was constructed to a statically
|
|
* bound {@link PermissionCollection} then the permission will only be checked
|
|
* against the {@link PermissionCollection} supplied at construction.</p>
|
|
*
|
|
* <p>However, if the <code>ProtectionDomain</code> was constructed with the
|
|
* constructor variant which supports dynamically binding permissions, then
|
|
* the permission will be checked against the combination of the
|
|
* {@link PermissionCollection} supplied at construction and the current
|
|
* {@link Policy} binding.
|
|
*
|
|
* @param permission the {@link Permission} object to check.
|
|
* @return <code>true</code> if <code>permission</code> is implicit to this
|
|
* <code>ProtectionDomain</code>.
|
|
*/
|
|
public boolean implies(Permission permission)
|
|
{
|
|
if (staticBinding)
|
|
return (perms == null ? false : perms.implies(permission));
|
|
// Else dynamically bound. Do we have it?
|
|
// NOTE: this will force loading of Policy.currentPolicy
|
|
return Policy.getCurrentPolicy().implies(this, permission);
|
|
}
|
|
|
|
/**
|
|
* Convert a <code>ProtectionDomain</code> to a String.
|
|
*
|
|
* @return a string representation of the object.
|
|
*/
|
|
public String toString()
|
|
{
|
|
String linesep = System.getProperty("line.separator");
|
|
StringBuffer sb = new StringBuffer("ProtectionDomain (").append(linesep);
|
|
|
|
if (code_source == null)
|
|
sb.append("CodeSource:null");
|
|
else
|
|
sb.append(code_source);
|
|
|
|
sb.append(linesep);
|
|
if (classloader == null)
|
|
sb.append("ClassLoader:null");
|
|
else
|
|
sb.append(classloader);
|
|
|
|
sb.append(linesep);
|
|
sb.append("Principals:");
|
|
if (principals != null && principals.length > 0)
|
|
{
|
|
sb.append("[");
|
|
Principal pal;
|
|
for (int i = 0; i < principals.length; i++)
|
|
{
|
|
pal = principals[i];
|
|
sb.append("'").append(pal.getName())
|
|
.append("' of type ").append(pal.getClass().getName());
|
|
if (i < principals.length-1)
|
|
sb.append(", ");
|
|
}
|
|
sb.append("]");
|
|
}
|
|
else
|
|
sb.append("none");
|
|
|
|
sb.append(linesep);
|
|
if (!staticBinding) // include all but dont force loading Policy.currentPolicy
|
|
if (Policy.isLoaded())
|
|
sb.append(Policy.getCurrentPolicy().getPermissions(this));
|
|
else // fallback on this one's permissions
|
|
sb.append(perms);
|
|
else
|
|
sb.append(perms);
|
|
|
|
return sb.append(linesep).append(")").append(linesep).toString();
|
|
}
|
|
}
|