1. /*

  2.  * @(#)UnresolvedPermission.java	1.16 01/11/29

  3.  *

  4.  * Copyright 2002 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7.  

  8. package java.security;

  9. 

  10. import java.io.IOException;

  11. import java.io.ByteArrayInputStream;

  12. import java.util.ArrayList;

  13. import java.util.Enumeration;

  14. import java.util.Hashtable;

  15. import java.util.Vector;

  16. import java.lang.reflect.*;

  17. import java.security.cert.*;

  18. 

  19. /**

  20.  * The UnresolvedPermission class is used to hold Permissions that

  21.  * were "unresolved" when the Policy was initialized. 

  22.  * An unresolved permission is one whose actual Permission class

  23.  * does not yet exist at the time the Policy is initialized (see below).

  24.  * 

  25.  * <p>The policy for a Java runtime (specifying 

  26.  * which permissions are available for code from various principals)

  27.  * is represented by a Policy object.

  28.  * Whenever a Policy is initialized or refreshed, Permission objects of

  29.  * appropriate classes are created for all permissions

  30.  * allowed by the Policy. 

  31.  * 

  32.  * <p>Many permission class types 

  33.  * referenced by the policy configuration are ones that exist

  34.  * locally (i.e., ones that can be found on CLASSPATH).

  35.  * Objects for such permissions can be instantiated during

  36.  * Policy initialization. For example, it is always possible

  37.  * to instantiate a java.io.FilePermission, since the

  38.  * FilePermission class is found on the CLASSPATH.

  39.  * 

  40.  * <p>Other permission classes may not yet exist during Policy

  41.  * initialization. For example, a referenced permission class may

  42.  * be in a JAR file that will later be loaded.

  43.  * For each such class, an UnresolvedPermission is instantiated.

  44.  * Thus, an UnresolvedPermission is essentially a "placeholder"

  45.  * containing information about the permission.

  46.  * 

  47.  * <p>Later, when code calls AccessController.checkPermission 

  48.  * on a permission of a type that was previously unresolved,

  49.  * but whose class has since been loaded, previously-unresolved

  50.  * permissions of that type are "resolved". That is,

  51.  * for each such UnresolvedPermission, a new object of

  52.  * the appropriate class type is instantiated, based on the

  53.  * information in the UnresolvedPermission. This new object

  54.  * replaces the UnresolvedPermission, which is removed.

  55.  *

  56.  * @see java.security.Permission

  57.  * @see java.security.Permissions

  58.  * @see java.security.PermissionCollection

  59.  * @see java.security.Policy

  60.  *

  61.  * @version 1.16 01/11/29

  62.  *

  63.  * @author Roland Schemers

  64.  */

  65. 

  66. public final class UnresolvedPermission extends Permission 

  67. implements java.io.Serializable

  68. {

  69.     /**

  70.      * The class name of the Permission class that will be

  71.      * created when this unresolved permission is resolved.

  72.      *

  73.      * @serial

  74.      */

  75.     private String type;

  76. 

  77.     /**

  78.      * The permission name.

  79.      *

  80.      * @serial

  81.      */

  82.     private String name;

  83. 

  84.     /**

  85.      * The actions of the permission.

  86.      *

  87.      * @serial

  88.      */

  89.     private String actions;

  90. 

  91.     private transient java.security.cert.Certificate certs[];

  92. 

  93.     /**

  94.      * Creates a new UnresolvedPermission containing the permission

  95.      * information needed later to actually create a Permission of the

  96.      * specified class, when the permission is resolved.

  97.      * 

  98.      * @param type the class name of the Permission class that will be

  99.      * created when this unresolved permission is resolved.

  100.      * @param name the name of the permission.

  101.      * @param actions the actions of the permission.

  102.      * @param certs the certificates the permission's class was signed with.

  103.      * This is a list of certificate chains, where each chain is composed of a

  104.      * signer certificate and optionally its supporting certificate chain.

  105.      * Each chain is ordered bottom-to-top (i.e., with the signer certificate

  106.      * first and the (root) certificate authority last).

  107.      */

  108.     public UnresolvedPermission(String type,

  109. 				String name,

  110. 				String actions,

  111. 				java.security.cert.Certificate certs[])

  112.     {

  113. 	super(type);

  114. 

  115. 	if (type == null) 

  116. 		throw new NullPointerException("type can't be null");

  117. 

  118. 	this.type = type;

  119. 	this.name = name;

  120. 	this.actions = actions;

  121. 	if (certs != null) {

  122. 	    // Extract the signer certs from the list of certificates.

  123. 	    for (int i=0; i<certs.length; i++) {

  124. 		if (!(certs[i] instanceof X509Certificate)) {

  125. 		    // there is no concept of signer certs, so we store the

  126. 		    // entire cert array

  127. 		    this.certs =

  128. 			(java.security.cert.Certificate[])certs.clone();

  129. 		    break;

  130. 		}

  131. 	    }

  132. 

  133. 	    if (this.certs == null) {

  134. 		// Go through the list of certs and see if all the certs are

  135. 		// signer certs.

  136. 		int i = 0;

  137. 		int count = 0;

  138. 		while (i < certs.length) {

  139. 		    count++;

  140. 		    while (((i+1) < certs.length) &&

  141. 			   ((X509Certificate)certs[i]).getIssuerDN().equals(

  142. 		               ((X509Certificate)certs[i+1]).getSubjectDN())) {

  143. 			i++;

  144. 		    }

  145. 		    i++;

  146. 		}

  147. 		if (count == certs.length) {

  148. 		    // All the certs are signer certs, so we store the entire

  149. 		    // array

  150. 		    this.certs =

  151. 			(java.security.cert.Certificate[])certs.clone();

  152. 		}

  153. 

  154. 		if (this.certs == null) {

  155. 		    // extract the signer certs

  156. 		    ArrayList signerCerts = new ArrayList();

  157. 		    i = 0;

  158. 		    while (i < certs.length) {

  159. 			signerCerts.add(certs[i]);

  160. 			while (((i+1) < certs.length) &&

  161. 			    ((X509Certificate)certs[i]).getIssuerDN().equals(

  162.              		      ((X509Certificate)certs[i+1]).getSubjectDN())) {

  163. 			    i++;

  164. 			}

  165. 			i++;

  166. 		    }

  167. 		    this.certs =

  168. 			new java.security.cert.Certificate[signerCerts.size()];

  169. 		    signerCerts.toArray(this.certs);

  170. 		}

  171. 	    }

  172. 	}

  173.     }

  174. 

  175. 

  176.     private static final Class[] PARAMS = { String.class, String.class};

  177. 

  178.     /**

  179.      * try and resolve this permission using the class loader of the permission

  180.      * that was passed in.

  181.      */

  182.     Permission resolve(Permission p, java.security.cert.Certificate certs[]) {

  183. 	if (this.certs != null) {

  184. 	    // if p wasn't signed, we don't have a match

  185. 	    if (certs == null) {

  186. 		return null;

  187. 	    }

  188. 

  189. 	    // all certs in this.certs must be present in certs

  190. 	    boolean match;

  191. 	    for (int i = 0; i < this.certs.length; i++) {

  192. 		match = false;

  193. 		for (int j = 0; j < certs.length; j++) {

  194. 		    if (this.certs[i].equals(certs[j])) {

  195. 			match = true;

  196. 			break;

  197. 		    }

  198. 		}

  199. 		if (!match) return null;

  200. 	    }

  201. 	}

  202. 	try {

  203. 	    Class pc = p.getClass();

  204. 	    Constructor c = pc.getConstructor(PARAMS);

  205. 	    return (Permission) c.newInstance(new Object[] { name, actions });

  206. 	} catch (Exception e) {

  207. 	    return null;

  208. 	}

  209.     }

  210. 

  211.     /**

  212.      * This method always returns false for unresolved permissions.

  213.      * That is, an UnresolvedPermission is never considered to

  214.      * imply another permission.

  215.      *

  216.      * @param p the permission to check against.

  217.      * 

  218.      * @return false.

  219.      */

  220.     public boolean implies(Permission p) {

  221. 	return false;

  222.     }

  223. 

  224.     /**

  225.      * Checks two UnresolvedPermission objects for equality. 

  226.      * Checks that <i>obj</i> is an UnresolvedPermission, and has 

  227.      * the same type (class) name, permission name, actions, and

  228.      * certificates as this object.

  229.      * 

  230.      * @param obj the object we are testing for equality with this object.

  231.      * 

  232.      * @return true if obj is an UnresolvedPermission, and has the same 

  233.      * type (class) name, permission name, actions, and

  234.      * certificates as this object.

  235.      */

  236.     public boolean equals(Object obj) {

  237. 	if (obj == this)

  238. 	    return true;

  239. 

  240. 	if (! (obj instanceof UnresolvedPermission))

  241. 	    return false;

  242. 	UnresolvedPermission that = (UnresolvedPermission) obj;

  243. 

  244. 	if (!(this.type.equals(that.type) &&

  245. 	    this.name.equals(that.name) &&

  246. 	    this.actions.equals(that.actions)))

  247. 	    return false;

  248. 

  249. 	if (this.certs.length != that.certs.length)

  250. 	    return false;

  251. 	    

  252. 	int i,j;

  253. 	boolean match;

  254. 

  255. 	for (i = 0; i < this.certs.length; i++) {

  256. 	    match = false;

  257. 	    for (j = 0; j < that.certs.length; j++) {

  258. 		if (this.certs[i].equals(that.certs[j])) {

  259. 		    match = true;

  260. 		    break;

  261. 		}

  262. 	    }

  263. 	    if (!match) return false;

  264. 	}

  265. 

  266. 	for (i = 0; i < that.certs.length; i++) {

  267. 	    match = false;

  268. 	    for (j = 0; j < this.certs.length; j++) {

  269. 		if (that.certs[i].equals(this.certs[j])) {

  270. 		    match = true;

  271. 		    break;

  272. 		}

  273. 	    }

  274. 	    if (!match) return false;

  275. 	}

  276. 	return true;

  277.     }

  278. 

  279.     /**

  280.      * Returns the hash code value for this object.

  281.      *

  282.      * @return a hash code value for this object.

  283.      */

  284. 

  285.     public int hashCode() {

  286. 	int hash = type.hashCode();

  287. 	if (name != null)

  288. 	    hash ^= name.hashCode();

  289. 	if (actions != null)

  290. 	    hash ^= actions.hashCode();

  291. 	return hash;

  292.     }

  293. 

  294.     /**

  295.      * Returns the canonical string representation of the actions,

  296.      * which currently is the empty string "", since there are no actions for 

  297.      * an UnresolvedPermission. That is, the actions for the

  298.      * permission that will be created when this UnresolvedPermission

  299.      * is resolved may be non-null, but an UnresolvedPermission

  300.      * itself is never considered to have any actions.

  301.      *

  302.      * @return the empty string "".

  303.      */

  304.     public String getActions()

  305.     {

  306. 	return "";

  307.     }

  308. 

  309.     /**

  310.      * Returns a string describing this UnresolvedPermission.  The convention 

  311.      * is to specify the class name, the permission name, and the actions, in

  312.      * the following format: '(unresolved "ClassName" "name" "actions")'.

  313.      * 

  314.      * @return information about this UnresolvedPermission.

  315.      */

  316.     public String toString() {

  317. 	return "(unresolved " + type + " " + name + " " + actions + ")";

  318.     }

  319. 

  320.     /**

  321.      * Returns a new PermissionCollection object for storing 

  322.      * UnresolvedPermission  objects.

  323.      * <p>

  324.      * @return a new PermissionCollection object suitable for 

  325.      * storing UnresolvedPermissions.

  326.      */

  327. 

  328.     public PermissionCollection newPermissionCollection() {

  329. 	return new UnresolvedPermissionCollection();

  330.     }

  331. 

  332.     /**

  333.      * Writes this object out to a stream (i.e., serializes it).

  334.      *

  335.      * @serialData An initial <code>String</code> denoting the

  336.      * <code>type</code> is followed by a <code>String</code> denoting the

  337.      * <code>name</code> is followed by a <code>String</code> denoting the

  338.      * <code>actions</code> is followed by an <code>int</code> indicating the

  339.      * number of certificates to follow 

  340.      * (a value of "zero" denotes that there are no certificates associated

  341.      * with this object).

  342.      * Each certificate is written out starting with a <code>String</code>

  343.      * denoting the certificate type, followed by an

  344.      * <code>int</code> specifying the length of the certificate encoding,

  345.      * followed by the certificate encoding itself which is written out as an

  346.      * array of bytes.

  347.      */

  348.     private synchronized void writeObject(java.io.ObjectOutputStream oos)

  349.         throws IOException

  350.     {

  351. 	oos.defaultWriteObject();

  352. 

  353. 	if (certs==null || certs.length==0) {

  354. 	    oos.writeInt(0);

  355. 	} else {

  356. 	    // write out the total number of certs

  357. 	    oos.writeInt(certs.length);

  358. 	    // write out each cert, including its type

  359. 	    for (int i=0; i < certs.length; i++) {

  360. 		java.security.cert.Certificate cert = certs[i];

  361. 		try {

  362. 		    oos.writeUTF(cert.getType());

  363. 		    byte[] encoded = cert.getEncoded();

  364. 		    oos.writeInt(encoded.length);

  365. 		    oos.write(encoded);

  366. 		} catch (CertificateEncodingException cee) {

  367. 		    throw new IOException(cee.getMessage());

  368. 		}

  369. 	    }

  370. 	}

  371.     }

  372. 

  373.     /**

  374.      * Restores this object from a stream (i.e., deserializes it).

  375.      */

  376.     private synchronized void readObject(java.io.ObjectInputStream ois)

  377. 	throws IOException, ClassNotFoundException

  378.     {

  379. 	CertificateFactory cf;

  380. 	Hashtable cfs=null;

  381. 

  382. 	ois.defaultReadObject();

  383. 

  384. 	if (type == null) 

  385. 		throw new NullPointerException("type can't be null");

  386. 

  387. 	// process any new-style certs in the stream (if present)

  388. 	int size = ois.readInt();

  389. 	if (size > 0) {

  390. 	    // we know of 3 different cert types: X.509, PGP, SDSI, which

  391. 	    // could all be present in the stream at the same time

  392. 	    cfs = new Hashtable(3);

  393. 	    this.certs = new java.security.cert.Certificate[size];

  394. 	}

  395. 

  396. 	for (int i=0; i<size; i++) {

  397. 	    // read the certificate type, and instantiate a certificate

  398. 	    // factory of that type (reuse existing factory if possible)

  399. 	    String certType = ois.readUTF();

  400. 	    if (cfs.containsKey(certType)) {

  401. 		// reuse certificate factory

  402. 		cf = (CertificateFactory)cfs.get(certType);

  403. 	    } else {

  404. 		// create new certificate factory

  405. 		try {

  406. 		    cf = CertificateFactory.getInstance(certType);

  407. 		} catch (CertificateException ce) {

  408. 		    throw new ClassNotFoundException

  409. 			("Certificate factory for "+certType+" not found");

  410. 		}

  411. 		// store the certificate factory so we can reuse it later

  412. 		cfs.put(certType, cf);

  413. 	    }

  414. 	    // parse the certificate

  415. 	    byte[] encoded=null;

  416. 	    try {

  417. 		encoded = new byte[ois.readInt()];

  418. 	    } catch (OutOfMemoryError oome) {

  419. 		throw new IOException("Certificate too big");

  420. 	    }

  421. 	    ois.readFully(encoded);

  422. 	    ByteArrayInputStream bais = new ByteArrayInputStream(encoded);

  423. 	    try {

  424. 		this.certs[i] = cf.generateCertificate(bais);

  425. 	    } catch (CertificateException ce) {

  426. 		throw new IOException(ce.getMessage());

  427. 	    }

  428. 	    bais.close();

  429. 	}

  430.     }

  431. }