1. /*

  2.  * Copyright 2002 Sun Microsystems, Inc. All rights reserved.

  3.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  4.  */

  5. 

  6. package javax.security.auth;

  7. 

  8. import java.security.AccessController;

  9. import java.security.AccessControlContext;

  10. import java.security.AllPermission;

  11. import java.security.Permission;

  12. import java.security.Permissions;

  13. import java.security.PermissionCollection;

  14. import java.security.PrivilegedAction;

  15. import java.security.ProtectionDomain;

  16. import java.util.Hashtable;

  17. 

  18. /**

  19.  * A <code>SubjectDomainCombiner</code> updates the

  20.  * ProtectionDomains affiliated with an <code>AccessControlContext</code>

  21.  * with the relevant Subject-based Permissions configured in the

  22.  * <code>java.security.auth.Policy</code>.

  23.  *

  24.  * <p> If the <code>Security</code> property, <i>cache.auth.policy</i>,

  25.  * either is not set, or if it is set to <i>true</i>, then this

  26.  * <code>SubjectDomainCombiner</code> implementation caches

  27.  * policy information.  Otherwise, this <code>SubjectDomainCombiner</code>

  28.  * implementation refrains from performing any caching.

  29.  * The <i>cache.auth.policy</i> property may be set in the Security

  30.  * properties file, located in the file named

  31.  * <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME>

  32.  * refers to the directory where the SDK was installed.

  33.  * 

  34.  * @version 1.19, 01/13/00

  35.  */

  36. public class SubjectDomainCombiner implements java.security.DomainCombiner {

  37. 

  38.     private static Policy policy;

  39.     private Subject subject;

  40.     private Hashtable cachedProtectionDomains = new Hashtable();

  41.     private static boolean checkedCacheProperty = false;

  42.     private static boolean allowCaching = true;

  43. 

  44.     private static final AllPermission ALL_PERMISSION = new AllPermission();

  45. 

  46.     private static final Debug debug = Debug.getInstance("combiner",

  47. 						"\t[SubjectDomainCombiner]");

  48. 

  49.     /**

  50.      * Associate the provided <code>Subject</code> with this

  51.      * <code>SubjectDomainCombiner</code>.

  52.      *

  53.      * <p>

  54.      *

  55.      * @param subject the <code>Subject</code> to be associated with

  56.      *		with this <code>SubjectDomainCombiner</code>.

  57.      */

  58.     public SubjectDomainCombiner(Subject subject) {

  59. 	this.subject = subject;

  60. 

  61. 	// XXX must go here -- that way the policy gets initialized

  62. 	//	before anyone has done a doPrivileged or doAs

  63. 	//	with a SubjectDomainCombiner.  otherwise,

  64. 	//	you will get into an infinite loop since:

  65. 	//		1) combine calls Policy.getPolicy()

  66. 	//		2) a security check is invoked

  67. 	//		3) SecurityManager calls AccessController.getContext()

  68. 	//		4) combine() gets called again

  69. 	if (policy == null)

  70. 	    policy = Policy.getPolicy();

  71. 

  72. 	// see if we allow caching of the permissions

  73. 	if (!checkedCacheProperty) {

  74. 	    allowCaching = cachePolicy();

  75. 	    checkedCacheProperty = true;

  76. 	}

  77. 

  78.     }

  79. 

  80.     /**

  81.      * Get the <code>Subject</code> associated with this

  82.      * <code>SubjectDomainCombiner</code>.

  83.      *

  84.      * <p>

  85.      *

  86.      * @return the <code>Subject</code> associated with this

  87.      *		<code>SubjectDomainCombiner</code>, or <code>null</code>

  88.      *		if no <code>Subject</code> is associated with this

  89.      *		<code>SubjectDomainCombiner</code>.

  90.      *

  91.      * @exception SecurityException if the caller does not have permission

  92.      *		to get the <code>Subject</code> associated with this

  93.      *		<code>SubjectDomainCombiner</code>.

  94.      */

  95.     public Subject getSubject() {

  96. 

  97. 	java.lang.SecurityManager sm = System.getSecurityManager();

  98. 	if (sm != null) {

  99. 	    sm.checkPermission(new AuthPermission

  100. 		("getSubjectFromDomainCombiner"));

  101. 	}

  102. 

  103. 	return subject;

  104.     }

  105. 

  106.     /**

  107.      * Update the provided ProtectionDomains with the relevant

  108.      * Subject-based Permissions.

  109.      *

  110.      * <p> For each <code>ProtectionDomain</code> in the

  111.      * <i>currentDomains</i> array, this method retrieves the

  112.      * Subject-based permissions granted in the <code>Policy</code>.

  113.      * To retrieve these permissions, this method invokes the

  114.      * <code>getPermissions</code> method from the <code>Policy</code>,

  115.      * passing it the <code>Subject</code> associated with this

  116.      * <code>SubjectDomainCombiner</code>, along with the

  117.      * <code>CodeSource</code> associated with the respective

  118.      * <code>ProtectionDomain</code>.

  119.      * A new collection of Permissions is created from the union of the

  120.      * retrieved Permissions and the original Permissions granted to that

  121.      * <code>ProtectionDomain</code>.  A new

  122.      * <code>ProtectionDomain</code> is then instantiated

  123.      * with this new collection of Permissions, as well as the

  124.      * <code>CodeSource</code> from the original <code>ProtectionDomain</code>.

  125.      * All of the newly instantiated ProtectionDomains are then

  126.      * combined into a new array.  The ProtectionDomains from the

  127.      * <i>assignedDomains</i> array are appended to this new array,

  128.      * and the result is returned.

  129.      *

  130.      * <p> Note that optimizations such as the removal of duplicate entries

  131.      * in the array, or the removal of duplicate Permissions in a

  132.      * <code>ProtectionDomain</code> entry may have occurred.

  133.      * Also note that if caching is permitted and the relevant

  134.      * Permissions were already cached, this method does not need to consult

  135.      * the <code>Policy</code> to retrieve the Subject-based permissions.

  136.      * It simply accesses the cached permissions.

  137.      *

  138.      * <p>

  139.      *

  140.      * @param currentDomains the ProtectionDomains associated with the

  141.      *		current execution Thread, up to the most recent

  142.      *		privileged <code>ProtectionDomain</code>.

  143.      *		The ProtectionDomains are are listed in order of execution,

  144.      *		with the most recently executing <code>ProtectionDomain</code>

  145.      *		residing at the beginning of the array. This parameter may

  146.      *		be <code>null</code> if the current execution Thread

  147.      *		has no associated ProtectionDomains.<p>

  148.      *

  149.      * @param assignedDomains the ProtectionDomains inherited from the

  150.      *		parent Thread, or the ProtectionDomains from the

  151.      *		privileged <i>context</i>, if a call to

  152.      *		AccessController.doPrivileged(..., <i>context</i>)

  153.      *		had occurred  This parameter may be <code>null</code>

  154.      *		if there were no ProtectionDomains inherited from the

  155.      *		parent Thread, or from the privileged <i>context</i>.

  156.      *

  157.      * @return a new array consisting of the updated ProtectionDomains,

  158.      *		or <code>null</code>.

  159.      */

  160.     public ProtectionDomain[] combine(ProtectionDomain[] currentDomains,

  161. 				ProtectionDomain[] assignedDomains) {

  162. 

  163. 	if (currentDomains == null || currentDomains.length == 0)

  164. 	    return optimize(assignedDomains);

  165. 

  166. 	if (debug != null) {

  167. 	    if (subject == null) {

  168. 		debug.println("null subject");

  169. 	    } else {

  170. 		final Subject s = subject;

  171. 		AccessController.doPrivileged

  172. 		    (new java.security.PrivilegedAction() {

  173. 		    public Object run() {

  174. 			debug.println(s.toString());

  175. 			return null;

  176. 		    }

  177. 		});

  178. 	    }

  179. 	    printInputDomains(currentDomains, assignedDomains);

  180. 	}

  181. 

  182. 	if (!allowCaching) {

  183. 	    java.security.AccessController.doPrivileged

  184. 		(new PrivilegedAction() {

  185. 		public Object run() {

  186. 		    policy.refresh();

  187. 		    return null;

  188. 		}

  189. 	    });

  190. 	}

  191. 

  192. 	// optimize the inputs

  193. 	currentDomains = optimize(currentDomains);

  194. 	assignedDomains = optimize(assignedDomains);

  195. 	if (debug != null) {

  196. 	    debug.println("after optimize");

  197. 	    printInputDomains(currentDomains, assignedDomains);

  198. 	}

  199. 

  200. 	if (currentDomains == null && assignedDomains == null)

  201. 	    return null;

  202. 

  203. 	int cLen = (currentDomains == null ? 0 : currentDomains.length);

  204. 	int aLen = (assignedDomains == null ? 0 : assignedDomains.length);

  205. 

  206. 	// the ProtectionDomains for the new AccessControlContext

  207. 	// that we will return

  208. 	ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];

  209. 	int newDomainIndex = 0;

  210. 

  211. 	// update the permissions for the currentDomains

  212. 	for (int i = 0; i < cLen; i++) {

  213. 

  214. 	    // XXX

  215. 	    // one of the negatives of moving the PolicyFile implementation

  216. 	    // to the com.sun package is that we no longer have a

  217. 	    // SubjectCodeSource implementation to use here

  218. 	    // (for debugging or as a hash index for caching).

  219. 	    // we could duplicate SubjectCodeSource, but that's not good either.

  220. 

  221. 	    java.security.CodeSource cs = currentDomains[i].getCodeSource();

  222. 	    ProtectionDomain subjectPd = null;

  223. 	    CacheEntry ce = new CacheEntry(subject, cs);

  224. 	    if ((subjectPd = (ProtectionDomain)

  225. 		cachedProtectionDomains.get(ce)) == null) {

  226. 

  227. 		// XXX 

  228. 		// we must first add the original permissions.

  229. 		// that way when we later add the new JAAS permissions,

  230. 		// any unresolved JAAS-related permissions will

  231. 		// automatically get resolved.

  232. 

  233. 		// get the original perms

  234. 		Permissions perms = new Permissions();

  235. 		java.util.Enumeration e =

  236. 		    currentDomains[i].getPermissions().elements();

  237. 		while (e.hasMoreElements()) {

  238. 		    Permission newPerm = (Permission)e.nextElement();

  239. 		    perms.add(newPerm);

  240. 		}

  241. 

  242. 		// get perms from the policy

  243. 		PermissionCollection newPerms = null;

  244. 

  245. 		final java.security.CodeSource finalCs = cs;

  246. 		final Subject finalS = subject;

  247. 		newPerms = (PermissionCollection)

  248. 		    java.security.AccessController.doPrivileged

  249. 		    (new PrivilegedAction() {

  250. 		    public Object run() {

  251. 			return policy.getPermissions(finalS, finalCs);

  252. 		    }

  253. 		});

  254. 			

  255. 		// add the newly granted perms,

  256. 		// avoiding duplicates

  257. 		e = newPerms.elements();

  258. 		while (e.hasMoreElements()) {

  259. 		    Permission newPerm = (Permission)e.nextElement();

  260. 		    if (!perms.implies(newPerm))

  261. 			perms.add(newPerm);

  262. 		}

  263. 		subjectPd = new ProtectionDomain(cs, perms);

  264. 	    }

  265. 

  266. 	    newDomains[newDomainIndex++] = subjectPd;

  267. 	    if (allowCaching)

  268. 		cachedProtectionDomains.put(ce, subjectPd);

  269. 	}

  270. 

  271. 	if (debug != null) {

  272. 	    debug.println("updated current: ");

  273. 	    if (newDomainIndex == 0) {

  274. 		debug.println("\tkept nothing");

  275. 	    } else {

  276. 		for (int j = 0; j < newDomainIndex; j++) {

  277. 		    debug.println("\tupdated[" + j + "] = " + newDomains[j]);

  278. 		}

  279. 	    }

  280. 	}

  281. 

  282. 	// now add on the assigned domains

  283. 	if (aLen > 0) {

  284. 	    System.arraycopy(assignedDomains, 0,

  285. 			newDomains, newDomainIndex,

  286. 			aLen);

  287. 	}

  288. 

  289. 	// optimize the result

  290. 	newDomains = optimize(newDomains);

  291. 

  292. 	if (debug != null) {

  293. 	    if (newDomains == null || newDomains.length == 0) {

  294. 		debug.println("returning null");

  295. 	    } else {

  296. 		debug.println("combinedDomains: ");

  297. 		for (int i = 0; i < newDomains.length; i++) {

  298. 		    debug.println("newDomain " + i + ": " +

  299. 			newDomains[i].toString());

  300. 		}

  301. 	    }

  302. 	}

  303. 

  304. 	// return the new ProtectionDomains

  305. 	if (newDomains == null || newDomains.length == 0) {

  306. 	    return null;

  307. 	} else {

  308. 	    return newDomains;

  309. 	}

  310.     }

  311. 

  312.     ProtectionDomain[] optimize(ProtectionDomain[] domains) {

  313. 

  314. 	if (domains == null)

  315. 	    return null;

  316. 

  317. 	ProtectionDomain[] optimized = new ProtectionDomain[domains.length];

  318. 	int num = 0;

  319. 	for (int i = 0; i < domains.length; i++) {

  320. 

  321. 	    // skip System Domains

  322. 	    if (domains[i] == null)

  323. 		continue;

  324. 

  325. 	    // skip domains with AllPermission 

  326. 	    // XXX

  327. 	    //

  328. 	    //	if (domains[i].implies(ALL_PERMISSION))

  329. 	    //	continue;

  330. 

  331. 	    // remove duplicates

  332. 	    boolean foundIt = false;

  333. 	    for (int j = 0; j < num; j++) {

  334. 		if (optimized[j] == domains[i]) {

  335. 		    foundIt = true;

  336. 		    break;

  337. 		}

  338. 	    }

  339. 	    if (foundIt == false)

  340. 		optimized[num++] = domains[i];

  341. 	}

  342. 

  343. 	// resize the array if necessary

  344. 	if (num < domains.length) {

  345. 	    ProtectionDomain[] downSize = new ProtectionDomain[num];

  346. 	    System.arraycopy(optimized, 0, downSize, 0, downSize.length);

  347. 	    optimized = downSize;

  348. 	}

  349. 

  350. 	return (optimized.length == 0 ? null : optimized);

  351.     }

  352. 

  353.     private boolean cachePolicy() {

  354. 	String s = (String)AccessController.doPrivileged

  355. 	    (new PrivilegedAction() {

  356. 	    public Object run() {

  357. 		return java.security.Security.getProperty

  358. 					("cache.auth.policy");

  359. 	    }

  360. 	});

  361. 	if (s != null) {

  362. 	    Boolean b = new Boolean(s);

  363. 	    return b.booleanValue();

  364. 	}

  365. 

  366. 	// cache by default

  367. 	return true;

  368.     }

  369. 

  370.     private void printInputDomains(ProtectionDomain[] currentDomains,

  371. 				ProtectionDomain[] assignedDomains) {

  372. 

  373. 	if (currentDomains == null || currentDomains.length == 0) {

  374. 	    debug.println("currentDomains null or 0 length");

  375. 	} else {

  376. 	    for (int i = 0; currentDomains != null &&

  377. 			i < currentDomains.length; i++) {

  378. 		if (currentDomains[i] == null) {

  379. 		    debug.println("currentDomain " + i + ": SystemDomain");

  380. 		} else {

  381. 		    debug.println("currentDomain " + i + ": " +

  382. 				currentDomains[i].toString());

  383. 		}

  384. 	    }

  385. 	}

  386. 

  387. 	if (assignedDomains == null || assignedDomains.length == 0) {

  388. 	    debug.println("assignedDomains null or 0 length");

  389. 	} else {

  390. 	    debug.println("assignedDomains = ");

  391. 	    for (int i = 0; assignedDomains != null &&

  392. 			i < assignedDomains.length; i++) {

  393. 		if (assignedDomains[i] == null) {

  394. 		    debug.println("assignedDomain " + i + ": SystemDomain");

  395. 		} else {

  396. 		    debug.println("assignedDomain " + i + ": " +

  397. 				assignedDomains[i].toString());

  398. 		}

  399. 	    }

  400. 	}

  401.     }

  402. 

  403.     /**

  404.      * It would be nice to use a SubjectCodeSource instead of this class.

  405.      * but since SubjectCodeSource is package private inside of

  406.      * the com package, and we do not want to duplicate it in this package,

  407.      * we will live with having this inner class.

  408.      */

  409.     private class CacheEntry {

  410. 	private Subject subject;

  411. 	private java.security.CodeSource codesource;

  412. 

  413. 	public CacheEntry(Subject s, java.security.CodeSource cs) {

  414. 	    this.subject = s;

  415. 	    this.codesource = cs;

  416. 	}

  417. 

  418. 	public boolean equals(Object o) {

  419. 	    if (o == null)

  420. 		return false;

  421. 

  422. 	    if (this == o)

  423. 		return true;

  424. 

  425. 	    if (o instanceof CacheEntry) {

  426. 		CacheEntry that = (CacheEntry)o;

  427. 

  428. 		// compare codesources

  429. 		if ((this.codesource == null && that.codesource == null) ||

  430. 		    (this.codesource != null && that.codesource != null &&

  431. 			this.codesource.equals(that.codesource)))  {

  432. 		    // compare subject principals

  433. 		    if ((this.subject == null && that.subject == null) ||

  434. 			(this.subject != null && that.subject != null &&

  435. 				this.subject.getPrincipals().containsAll

  436. 				(that.subject.getPrincipals()) &&

  437. 				that.subject.getPrincipals().containsAll

  438. 				(this.subject.getPrincipals()))) {

  439. 			return true;

  440. 		    }

  441. 		}

  442. 	    }

  443. 	    return false;

  444. 	}

  445. 

  446. 	public int hashCode() {

  447. 	    if (codesource != null) {

  448. 		return codesource.hashCode();

  449. 	    } else {

  450. 		if (subject == null)

  451. 		    return 0;

  452. 		else

  453. 		    return subject.hashCode();

  454. 	    }

  455. 	}

  456.     }

  457. }