1. /*

  2.  * @(#)Permissions.java	1.46 00/02/02

  3.  *

  4.  * Copyright 1997-2000 Sun Microsystems, Inc. All Rights Reserved.

  5.  * 

  6.  * This software is the proprietary information of Sun Microsystems, Inc.  

  7.  * Use is subject to license terms.

  8.  * 

  9.  */

  10.  

  11. package java.security;

  12. 

  13. import java.util.Enumeration; 

  14. import java.util.Hashtable;

  15. import java.util.NoSuchElementException;

  16. import java.io.Serializable;

  17. import java.util.ArrayList;

  18. 

  19. /**  

  20.  * This class represents a heterogeneous collection of Permissions. That is,

  21.  * it contains different types of Permission objects, organized into

  22.  * PermissionCollections. For example, if any <code>java.io.FilePermission</code>

  23.  * objects are added to an instance of this class, they are all stored in a single

  24.  * PermissionCollection. It is the PermissionCollection returned by a call to

  25.  * the <code>newPermissionCollection</code> method in the FilePermission class.

  26.  * Similarly, any <code>java.lang.RuntimePermission</code> objects are stored in 

  27.  * the PermissionCollection returned by a call to the 

  28.  * <code>newPermissionCollection</code> method in the

  29.  * RuntimePermission class. Thus, this class represents a collection of

  30.  * PermissionCollections.

  31.  * 

  32.  * <p>When the <code>add</code> method is called to add a Permission, the 

  33.  * Permission is stored in the appropriate PermissionCollection. If no such 

  34.  * collection exists yet, the Permission object's class is determined and the

  35.  * <code>newPermissionCollection</code> method is called on that class to create

  36.  * the PermissionCollection and add it to the Permissions object. If

  37.  * <code>newPermissionCollection</code> returns null, then a default 

  38.  * PermissionCollection that uses a hashtable will be created and used. Each 

  39.  * hashtable entry stores a Permission object as both the key and the value.

  40.  * 

  41.  * @see Permission

  42.  * @see PermissionCollection

  43.  * @see AllPermission

  44.  * 

  45.  * @version 1.46, 00/02/02

  46.  *

  47.  * @author Marianne Mueller

  48.  * @author Roland Schemers

  49.  *

  50.  * @serial exclude

  51.  */

  52. 

  53. public final class Permissions extends PermissionCollection 

  54. implements Serializable 

  55. {

  56. 

  57.     private Hashtable perms;

  58. 

  59.     // optimization. keep track of the AllPermission collection

  60.     private PermissionCollection allPermission;

  61. 

  62.     /**

  63.      * Creates a new Permissions object containing no PermissionCollections.

  64.      */

  65.     public Permissions() {

  66. 	perms = new Hashtable(11);

  67. 	allPermission = null;

  68.     }

  69. 

  70.     /**

  71.      * Adds a permission object to the PermissionCollection for the class the

  72.      * permission belongs to. For example, if <i>permission</i> is a FilePermission,

  73.      * it is added to the FilePermissionCollection stored in this

  74.      * Permissions object. 

  75.      * 

  76.      * This method creates

  77.      * a new PermissionCollection object (and adds the permission to it)

  78.      * if an appropriate collection does not yet exist. <p>

  79.      *

  80.      * @param permission the Permission object to add.

  81.      * 

  82.      * @exception SecurityException if this Permissions object is

  83.      * marked as readonly.

  84.      * 

  85.      * @see PermissionCollection#isReadOnly()

  86.      */

  87. 

  88.     public void add(Permission permission) {

  89. 	if (isReadOnly())

  90. 	    throw new SecurityException(

  91.               "attempt to add a Permission to a readonly Permissions object");

  92. 	PermissionCollection pc = getPermissionCollection(permission);

  93. 	pc.add(permission);

  94. 	if (permission instanceof AllPermission) {

  95. 	    allPermission = pc;

  96. 	}

  97.     }

  98. 

  99.     /**

  100.      * Checks to see if this object's PermissionCollection for permissions of the

  101.      * specified permission's type implies the permissions 

  102.      * expressed in the <i>permission</i> object. Returns true if the combination

  103.      * of permissions in the appropriate PermissionCollection (e.g., a

  104.      * FilePermissionCollection for a FilePermission) together imply the

  105.      * specified permission.

  106.      * 

  107.      * <p>For example, suppose there is a FilePermissionCollection in this Permissions

  108.      * object, and it contains one FilePermission that specifies "read" access for

  109.      * all files in all subdirectories of the "/tmp" directory, and another

  110.      * FilePermission that specifies "write" access for all files in the

  111.      * "/tmp/scratch/foo" directory. Then if the <code>implies</code> method

  112.      * is called with a permission specifying both "read" and "write" access

  113.      * to files in the "/tmp/scratch/foo" directory, <code>true</code> is returned.

  114.      * <p>Additionally, if this PermissionCollection contains the

  115.      * AllPermission, this method will always return true.

  116.      * <p>

  117.      * @param permission the Permission object to check.

  118.      *

  119.      * @return true if "permission" is implied by the permissions in the

  120.      * PermissionCollection it

  121.      * belongs to, false if not.

  122.      */

  123. 

  124.     public boolean implies(Permission permission) {

  125. 	PermissionCollection pc = getPermissionCollection(permission);

  126. 

  127. 	if (allPermission != null && allPermission.implies(permission))

  128. 	    return true;

  129. 	else 

  130. 	    return pc.implies(permission);

  131.     }

  132. 

  133.     /**

  134.      * Returns an enumeration of all the Permission objects in all the

  135.      * PermissionCollections in this Permissions object.

  136.      *

  137.      * @return an enumeration of all the Permissions.

  138.      */

  139. 

  140.     public Enumeration elements() {

  141. 	// go through each Permissions in the hash table 

  142. 	// and call their elements() function.

  143. 	return new PermissionsEnumerator(perms.elements());

  144.     }

  145. 

  146.     /**

  147.      * Returns an enumeration of all the Permission objects with the same

  148.      * type as <i>p</i>.

  149.      *

  150.      * @param p the prototype Permission object.

  151.      *

  152.      * @return an enumeration of all the Permissions with the same type as <i>p</i>.

  153.      */

  154. 

  155.     // XXX this could be public. Question is, do we want to make it public?

  156.     // it is currently trivial to implement, but that might change...

  157. 

  158.     private Enumeration elements(Permission p) {

  159. 	PermissionCollection pc = getPermissionCollection(p);

  160. 	return pc.elements();

  161.     }

  162. 

  163.     /** 

  164.      * Gets the PermissionCollection in this Permissions object for

  165.      * permissions whose type is the same as that of <i>p</i>.

  166.      * For example, if <i>p</i> is a FilePermission, the FilePermissionCollection

  167.      * stored in this Permissions object will be returned. 

  168.      * 

  169.      * This method creates a new PermissionCollection object for the specified 

  170.      * type of permission objects if one does not yet exist. 

  171.      * To do so, it first calls the <code>newPermissionCollection</code> method

  172.      * on <i>p</i>.  Subclasses of class Permission 

  173.      * override that method if they need to store their permissions in a particular

  174.      * PermissionCollection object in order to provide the correct semantics

  175.      * when the <code>PermissionCollection.implies</code> method is called.

  176.      * If the call returns a PermissionCollection, that collection is stored

  177.      * in this Permissions object. If the call returns null, then

  178.      * this method instantiates and stores a default PermissionCollection 

  179.      * that uses a hashtable to store its permission objects.

  180.      */

  181. 

  182.     private PermissionCollection getPermissionCollection(Permission p) {

  183. 	Class c = p.getClass();

  184. 	PermissionCollection pc = (PermissionCollection) perms.get(c);

  185. 	if (pc == null) {

  186. 	    synchronized (perms) {

  187. 		// check again, in case someone else created one

  188. 		// between the time we checked and the time we

  189. 		// got the lock. We do this here to avoid 

  190. 		// making this whole method synchronized, because

  191. 		// it is called by every public method.

  192. 		pc = (PermissionCollection) perms.get(c);

  193. 

  194. 		//check for unresolved permissions

  195. 		if (pc == null) {

  196. 

  197. 		    pc = getUnresolvedPermissions(p);

  198. 

  199. 		    // if still null, create a new collection

  200. 		    if (pc == null) {

  201. 

  202. 			pc = p.newPermissionCollection();

  203. 

  204. 			// still no PermissionCollection? 

  205. 			// We'll give them a PermissionsHash.

  206. 			if (pc == null)

  207. 			    pc = new PermissionsHash();

  208. 		    }

  209. 		}

  210. 		perms.put(c, pc);

  211. 	    }

  212. 	}

  213. 	return pc;

  214.     }

  215. 

  216.     /**

  217.      * Resolves any unresolved permissions of type p.

  218.      *

  219.      * @param p the type of unresolved permission to resolve

  220.      *

  221.      * @return PermissionCollection containing the unresolved permissions,

  222.      *  or null if there were no unresolved permissions of type p.

  223.      *

  224.      */

  225.     private PermissionCollection getUnresolvedPermissions(Permission p)

  226.     {

  227. 	UnresolvedPermissionCollection uc = 

  228. 	(UnresolvedPermissionCollection) perms.get(UnresolvedPermission.class);

  229. 

  230. 	// we have no unresolved permissions if uc is null

  231. 	if (uc == null) 

  232. 	    return null;

  233. 

  234. 	java.util.Vector v = uc.getUnresolvedPermissions(p);

  235. 	

  236. 	// we have no unresolved permissions of this type if v is null

  237. 	if (v == null)

  238. 	    return null;

  239. 

  240. 	java.security.cert.Certificate certs[] = null;

  241. 

  242. 	Object signers[] = p.getClass().getSigners();

  243. 

  244. 	int n = 0;

  245. 	if (signers != null) {

  246. 	    for (int j=0; j < signers.length; j++) {

  247. 		if (signers[j] instanceof java.security.cert.Certificate) {

  248. 		    n++;

  249. 		}

  250. 	    }

  251. 	    certs = new java.security.cert.Certificate[n];

  252. 	    n = 0;

  253. 	    for (int j=0; j < signers.length; j++) {

  254. 		if (signers[j] instanceof java.security.cert.Certificate) {

  255. 		    certs[n++] = (java.security.cert.Certificate)signers[j];

  256. 		}

  257. 	    }

  258. 	}

  259. 

  260. 	PermissionCollection pc = null;

  261. 	Enumeration e = v.elements();

  262. 

  263. 	while(e.hasMoreElements()) {

  264. 	    UnresolvedPermission up = (UnresolvedPermission) e.nextElement();

  265. 	    Permission perm = up.resolve(p, certs);

  266. 	    if (perm != null) {

  267. 		if (pc == null) {

  268. 		    pc = p.newPermissionCollection();

  269. 		    if (pc == null) 

  270. 			pc = new PermissionsHash();

  271. 		}

  272. 		pc.add(perm);

  273. 	    }

  274. 

  275. 	}

  276. 	return pc;

  277.     }

  278. }

  279. 

  280. final class PermissionsEnumerator implements Enumeration {

  281. 

  282.     // all the perms

  283.     private Enumeration perms;

  284.     // the current set

  285.     private Enumeration permset;

  286.    

  287.     PermissionsEnumerator(Enumeration e) {

  288. 	perms = e;

  289. 	permset = getNextEnumWithMore();

  290.     }

  291. 

  292.     public synchronized boolean hasMoreElements() {

  293. 	// if we enter with permissionimpl null, we know

  294. 	// there are no more left.

  295. 

  296. 	if (permset == null) 

  297. 	    return  false;

  298. 

  299. 	// try to see if there are any left in the current one

  300. 

  301. 	if (permset.hasMoreElements())

  302. 	    return true;

  303. 

  304. 	// get the next one that has something in it...

  305. 	permset = getNextEnumWithMore();

  306. 

  307. 	// if it is null, we are done!

  308. 	return (permset != null);

  309.     }

  310. 

  311.     public synchronized Object nextElement() {

  312. 

  313. 	// hasMoreElements will update permset to the next permset

  314. 	// with something in it...

  315. 

  316. 	if (hasMoreElements()) {

  317. 	    return permset.nextElement();

  318. 	} else {

  319. 	    throw new NoSuchElementException("PermissionsEnumerator");

  320. 	}

  321. 

  322.     }

  323. 

  324.     private Enumeration getNextEnumWithMore() {

  325. 	while (perms.hasMoreElements()) {

  326. 	    PermissionCollection pc = (PermissionCollection) perms.nextElement();

  327. 	    Enumeration next = (Enumeration) pc.elements();

  328. 	    if (next.hasMoreElements())

  329. 		return next;

  330. 	}

  331. 	return null;

  332.     }

  333. }

  334. 

  335. /**

  336.  * A PermissionsHash stores a homogeneous set of permissions in a hashtable.

  337.  *

  338.  * @see Permission

  339.  * @see Permissions

  340.  *

  341.  * @version 1.46, 02/02/00

  342.  *

  343.  * @author Roland Schemers

  344.  *

  345.  * @serial include

  346.  */

  347. 

  348. final class PermissionsHash extends PermissionCollection

  349. implements Serializable

  350. {

  351. 

  352.     private Hashtable perms;

  353. 

  354.     /**

  355.      * Create an empty PermissionsHash object.

  356.      */

  357. 

  358.     PermissionsHash() {

  359. 	perms = new Hashtable(11);

  360.     }

  361. 

  362.     /**

  363.      * Adds a permission to the PermissionsHash.

  364.      *

  365.      * @param permission the Permission object to add.

  366.      */

  367. 

  368.     public void add(Permission permission)

  369.     {

  370. 	perms.put(permission, permission);

  371.     }

  372. 

  373.     /**

  374.      * Check and see if this set of permissions implies the permissions 

  375.      * expressed in "permission".

  376.      *

  377.      * @param permission the Permission object to compare

  378.      *

  379.      * @return true if "permission" is a proper subset of a permission in 

  380.      * the set, false if not.

  381.      */

  382. 

  383.     public boolean implies(Permission permission) 

  384.     {

  385. 	// attempt a fast lookup and implies. If that fails

  386. 	// then enumerate through all the permissions.

  387. 	Permission p = (Permission) perms.get(permission);

  388. 	if ((p == null) || (!p.implies(permission))) {

  389. 	    Enumeration enum = elements();

  390. 	    try {

  391. 		while (enum.hasMoreElements()) {

  392. 		    p = (Permission) enum.nextElement();

  393. 		    if (p.implies(permission))

  394. 			return true;

  395. 		}

  396. 	    } catch (NoSuchElementException e){

  397. 		// ignore

  398. 	    }

  399. 	    return false;

  400. 	} else {

  401. 	    return true;

  402. 	}

  403.     }

  404. 

  405.     /**

  406.      * Returns an enumeration of all the Permission objects in the container.

  407.      *

  408.      * @return an enumeration of all the Permissions.

  409.      */

  410. 

  411.     public Enumeration elements()

  412.     {

  413. 	return perms.elements();

  414.     }

  415. }

  416.