1. /*

  2.  * @(#)SubjectDomainCombiner.java	1.40 03/01/23

  3.  *

  4.  * Copyright 2003 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7. 

  8. package javax.security.auth;

  9. 

  10. import java.security.AccessController;

  11. import java.security.AccessControlContext;

  12. import java.security.AllPermission;

  13. import java.security.Permission;

  14. import java.security.Permissions;

  15. import java.security.PermissionCollection;

  16. import java.security.Policy;

  17. import java.security.Principal;

  18. import java.security.PrivilegedAction;

  19. import java.security.ProtectionDomain;

  20. import java.lang.ClassLoader;

  21. import java.security.Security;

  22. import java.util.Set;

  23. import java.util.Iterator;

  24. 

  25. /**

  26.  * A <code>SubjectDomainCombiner</code> updates ProtectionDomains

  27.  * with Principals from the <code>Subject</code> associated with this

  28.  * <code>SubjectDomainCombiner</code>.

  29.  *

  30.  * @version 1.40, 01/23/03 

  31.  */

  32. public class SubjectDomainCombiner implements java.security.DomainCombiner {

  33. 

  34.     private Subject subject;

  35.     private java.util.Map cachedPDs = new java.util.WeakHashMap();

  36.     private Set principalSet;

  37.     private Principal[] principals;

  38.     private static boolean checkedCacheProperty = false;

  39.     private static boolean allowCaching = true;

  40. 

  41.     private static final sun.security.util.Debug debug =

  42. 	sun.security.util.Debug.getInstance("combiner",

  43. 					"\t[SubjectDomainCombiner]");

  44. 

  45.     /**

  46.      * Associate the provided <code>Subject</code> with this

  47.      * <code>SubjectDomainCombiner</code>.

  48.      *

  49.      * <p>

  50.      *

  51.      * @param subject the <code>Subject</code> to be associated with

  52.      *		with this <code>SubjectDomainCombiner</code>.

  53.      */

  54.     public SubjectDomainCombiner(Subject subject) {

  55. 	this.subject = subject;

  56. 

  57. 	if (subject.isReadOnly()) {

  58. 	    principalSet = subject.getPrincipals();

  59. 	    principals = (Principal[])principalSet.toArray

  60. 			(new Principal[principalSet.size()]);

  61. 	}

  62. 

  63. 	// see if we allow caching of the permissions

  64. 	if (!checkedCacheProperty) {

  65. 	    allowCaching = cachePolicy();

  66. 	    checkedCacheProperty = true;

  67. 	}

  68.     }

  69. 

  70.     /**

  71.      * Get the <code>Subject</code> associated with this

  72.      * <code>SubjectDomainCombiner</code>.

  73.      *

  74.      * <p>

  75.      *

  76.      * @return the <code>Subject</code> associated with this

  77.      *		<code>SubjectDomainCombiner</code>, or <code>null</code>

  78.      *		if no <code>Subject</code> is associated with this

  79.      *		<code>SubjectDomainCombiner</code>.

  80.      *

  81.      * @exception SecurityException if the caller does not have permission

  82.      *		to get the <code>Subject</code> associated with this

  83.      *		<code>SubjectDomainCombiner</code>.

  84.      */

  85.     public Subject getSubject() {

  86. 	java.lang.SecurityManager sm = System.getSecurityManager();

  87. 	if (sm != null) {

  88. 	    sm.checkPermission(new AuthPermission

  89. 		("getSubjectFromDomainCombiner"));

  90. 	}

  91. 	return subject;

  92.     }

  93. 

  94.     /**

  95.      * Update the relevant ProtectionDomains with the Principals

  96.      * from the <code>Subject</code> associated with this

  97.      * <code>SubjectDomainCombiner</code>.

  98.      *

  99.      * <p> A new <code>ProtectionDomain</code> instance is created

  100.      * for each <code>ProtectionDomain</code> in the

  101.      * <i>currentDomains</i> array.  Each new <code>ProtectionDomain</code>

  102.      * instance is created using the <code>CodeSource</code>,

  103.      * <code>Permission</code>s and <code>ClassLoader</code>

  104.      * from the corresponding <code>ProtectionDomain</code> in

  105.      * <i>currentDomains</i>, as well as with the Principals from

  106.      * the <code>Subject</code> associated with this

  107.      * <code>SubjectDomainCombiner</code>.

  108.      * 

  109.      * <p> All of the newly instantiated ProtectionDomains are

  110.      * combined into a new array.  The ProtectionDomains from the

  111.      * <i>assignedDomains</i> array are appended to this new array,

  112.      * and the result is returned.

  113.      *

  114.      * <p> Note that optimizations such as the removal of duplicate

  115.      * ProtectionDomains may have occurred.

  116.      * In addition, caching of ProtectionDomains may be permitted.

  117.      *

  118.      * <p>

  119.      *

  120.      * @param currentDomains the ProtectionDomains associated with the

  121.      *		current execution Thread, up to the most recent

  122.      *		privileged <code>ProtectionDomain</code>.

  123.      *		The ProtectionDomains are are listed in order of execution,

  124.      *		with the most recently executing <code>ProtectionDomain</code>

  125.      *		residing at the beginning of the array. This parameter may

  126.      *		be <code>null</code> if the current execution Thread

  127.      *		has no associated ProtectionDomains.<p>

  128.      *

  129.      * @param assignedDomains the ProtectionDomains inherited from the

  130.      *		parent Thread, or the ProtectionDomains from the

  131.      *		privileged <i>context</i>, if a call to

  132.      *		AccessController.doPrivileged(..., <i>context</i>)

  133.      *		had occurred  This parameter may be <code>null</code>

  134.      *		if there were no ProtectionDomains inherited from the

  135.      *		parent Thread, or from the privileged <i>context</i>.

  136.      *

  137.      * @return a new array consisting of the updated ProtectionDomains,

  138.      *		or <code>null</code>.

  139.      */

  140.     public ProtectionDomain[] combine(ProtectionDomain[] currentDomains,

  141. 				ProtectionDomain[] assignedDomains) {

  142. 	if (currentDomains == null || currentDomains.length == 0)

  143. 	    return optimize(assignedDomains, null);

  144. 

  145. 	if (debug != null) {

  146. 	    if (subject == null) {

  147. 		debug.println("null subject");

  148. 	    } else {

  149. 		final Subject s = subject;

  150. 		AccessController.doPrivileged

  151. 		    (new java.security.PrivilegedAction() {

  152. 		    public Object run() {

  153. 			debug.println(s.toString());

  154. 			return null;

  155. 		    }

  156. 		});

  157. 	    }

  158. 	    printInputDomains(currentDomains, assignedDomains);

  159. 	}

  160. 

  161. 	// optimize the inputs

  162. 	assignedDomains = optimize(assignedDomains, null);

  163. 	currentDomains = optimize(currentDomains, assignedDomains);

  164. 	if (debug != null) {

  165. 	    debug.println("after optimize");

  166. 	    printInputDomains(currentDomains, assignedDomains);

  167. 	}

  168. 

  169. 	if (currentDomains == null && assignedDomains == null)

  170. 	    return null;

  171. 

  172. 	// maintain backwards compatibility for people who provide

  173. 	// their own javax.security.auth.Policy implementations

  174. 	javax.security.auth.Policy javaxPolicy =

  175. 	    (javax.security.auth.Policy)AccessController.doPrivileged

  176. 	    (new PrivilegedAction() {

  177. 	    public Object run() {

  178. 		return javax.security.auth.Policy.getPolicy();

  179. 	    }

  180. 	});

  181. 	if (!(javaxPolicy instanceof com.sun.security.auth.PolicyFile)) {

  182. 	    if (debug != null) {

  183. 		debug.println("Providing backwards compatibility for " +

  184. 			"javax.security.auth.policy implementation: " +

  185. 			javaxPolicy.toString());

  186. 	    }

  187. 	    // use the javax.security.auth.Policy implementation

  188. 	    return combineJavaxPolicy(currentDomains, assignedDomains);

  189. 	}

  190. 	

  191. 	int cLen = (currentDomains == null ? 0 : currentDomains.length);

  192. 	int aLen = (assignedDomains == null ? 0 : assignedDomains.length);

  193. 

  194. 	// the ProtectionDomains for the new AccessControlContext

  195. 	// that we will return

  196. 	ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];

  197. 

  198. 	synchronized(cachedPDs) {

  199. 	    if (!subject.isReadOnly() &&

  200. 		!subject.getPrincipals().equals(principalSet)) {

  201. 

  202. 		// if the Subject was mutated, clear the PD cache

  203. 		principalSet = new java.util.HashSet(subject.getPrincipals());

  204. 		principals = (Principal[])principalSet.toArray

  205. 			(new Principal[principalSet.size()]);

  206. 		cachedPDs.clear();

  207. 

  208. 		if (debug != null) {

  209. 		    debug.println("Subject mutated - clearing cache");

  210. 		}

  211. 	    }

  212. 	    for (int i = 0; i < cLen; i++) {

  213. 		ProtectionDomain pd = currentDomains[i];

  214. 		ProtectionDomain subjectPd =

  215. 			(ProtectionDomain)cachedPDs.get(pd);

  216. 		if (subjectPd == null) {

  217. 		    subjectPd = new ProtectionDomain(pd.getCodeSource(),

  218. 						pd.getPermissions(), 

  219. 						pd.getClassLoader(),

  220. 						principals);

  221. 		    cachedPDs.put(pd, subjectPd);

  222. 		}

  223. 		newDomains[i] = subjectPd;

  224. 	    }

  225.         }

  226. 

  227. 	if (debug != null) {

  228. 	    debug.println("updated current: "); 

  229. 	    for (int i = 0; i < cLen; i++) {

  230. 		debug.println("\tupdated[" + i + "] = " +

  231. 				printDomain(newDomains[i]));

  232. 	    }

  233. 	}

  234. 		

  235. 	// now add on the assigned domains

  236. 	if (aLen > 0) {

  237. 	    System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen);

  238. 	}

  239. 

  240. 	// optimize the result

  241. 	newDomains = optimize(newDomains, null);

  242. 	

  243. 	if (debug != null) {

  244. 	    if (newDomains == null || newDomains.length == 0) {

  245. 		debug.println("returning null");

  246. 	    } else {

  247. 		debug.println("combinedDomains: ");

  248. 		for (int i = 0; i < newDomains.length; i++) {

  249. 		    debug.println("newDomain " + i + ": " +

  250. 				  printDomain(newDomains[i]));

  251. 		}

  252. 	    }

  253. 	}

  254. 	

  255. 	// return the new ProtectionDomains

  256. 	if (newDomains == null || newDomains.length == 0) {

  257. 	    return null;

  258. 	} else {

  259. 	    return newDomains;

  260. 	}

  261.     }

  262. 

  263.     /**

  264.      * Use the javax.security.auth.Policy implementation

  265.      */

  266.     ProtectionDomain[] combineJavaxPolicy(ProtectionDomain[] currentDomains,

  267. 				       ProtectionDomain[] assignedDomains) {

  268. 	java.security.AccessController.doPrivileged

  269. 	    (new PrivilegedAction() {

  270. 		public Object run() {

  271. 		    // Call refresh only caching is disallowed

  272. 		    if (!allowCaching)

  273. 			javax.security.auth.Policy.getPolicy().refresh();

  274. 		    return null;

  275. 		}

  276. 	    });

  277. 	

  278. 	int cLen = (currentDomains == null ? 0 : currentDomains.length);

  279. 	int aLen = (assignedDomains == null ? 0 : assignedDomains.length);

  280. 

  281. 	// the ProtectionDomains for the new AccessControlContext

  282. 	// that we will return

  283. 	ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];

  284. 	int newDomainIndex = 0;

  285. 

  286. 	synchronized(cachedPDs) {

  287. 	    if (!subject.isReadOnly() &&

  288. 		!subject.getPrincipals().equals(principalSet)) {

  289. 

  290. 		// if the Subject was mutated, clear the PD cache

  291. 		principalSet = new java.util.HashSet(subject.getPrincipals());

  292. 		principals = (Principal[])principalSet.toArray

  293. 			(new Principal[principalSet.size()]);

  294. 		cachedPDs.clear();

  295. 

  296. 		if (debug != null) {

  297. 		    debug.println("Subject mutated - clearing cache");

  298. 		}

  299. 	    }

  300. 	    for (int i = 0; i < cLen; i++) {

  301. 		ProtectionDomain pd = currentDomains[i];

  302. 		ProtectionDomain subjectPd =

  303. 			(ProtectionDomain)cachedPDs.get(pd);

  304. 

  305. 		if (subjectPd == null) {

  306. 

  307. 		    // XXX 

  308. 		    // we must first add the original permissions.

  309. 		    // that way when we later add the new JAAS permissions,

  310. 		    // any unresolved JAAS-related permissions will

  311. 		    // automatically get resolved.

  312. 

  313. 		    // get the original perms

  314. 		    Permissions perms = new Permissions();

  315. 		    java.util.Enumeration e =

  316. 			currentDomains[i].getPermissions().elements();

  317. 		    while (e.hasMoreElements()) {

  318. 			Permission newPerm = (Permission)e.nextElement();

  319. 			perms.add(newPerm);

  320. 		    }

  321. 

  322. 		    // get perms from the policy

  323. 		    PermissionCollection newPerms = null;

  324. 

  325. 		    final java.security.CodeSource finalCs =

  326. 			currentDomains[i].getCodeSource();

  327. 		    final Subject finalS = subject;

  328. 		    newPerms = (PermissionCollection)

  329. 			java.security.AccessController.doPrivileged

  330. 			(new PrivilegedAction() {

  331. 			public Object run() {

  332. 			  return

  333. 			  javax.security.auth.Policy.getPolicy().getPermissions

  334. 				(finalS, finalCs);

  335. 			}

  336. 		    });

  337. 			

  338. 		    // add the newly granted perms,

  339. 		    // avoiding duplicates

  340. 		    e = newPerms.elements();

  341. 		    while (e.hasMoreElements()) {

  342. 			Permission newPerm = (Permission)e.nextElement();

  343. 			if (!perms.implies(newPerm)) {

  344. 			    perms.add(newPerm);

  345. 			    if (debug != null) 

  346. 				debug.println ("Adding perm " + newPerm + "\n");

  347. 			}

  348. 		    }

  349. 		    subjectPd = new ProtectionDomain(finalCs, perms);

  350. 

  351. 		    if (allowCaching)

  352. 			cachedPDs.put(pd, subjectPd);

  353. 		}

  354. 		newDomains[i] = subjectPd;

  355. 	    }

  356. 	}

  357. 

  358. 	if (debug != null) {

  359. 	    debug.println("updated current: ");

  360. 	    for (int i = 0; i < cLen; i++) {

  361. 		debug.println("\tupdated[" + i + "] = " + newDomains[i]);

  362. 	    }

  363. 	}

  364. 

  365. 	// now add on the assigned domains

  366. 	if (aLen > 0) {

  367. 	    System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen);

  368. 	}

  369. 

  370. 	if (debug != null) {

  371. 	    if (newDomains == null || newDomains.length == 0) {

  372. 		debug.println("returning null");

  373. 	    } else {

  374. 		debug.println("combinedDomains: ");

  375. 		for (int i = 0; i < newDomains.length; i++) {

  376. 		    debug.println("newDomain " + i + ": " +

  377. 			newDomains[i].toString());

  378. 		}

  379. 	    }

  380. 	}

  381. 

  382. 	// return the new ProtectionDomains

  383. 	if (newDomains == null || newDomains.length == 0) {

  384. 	    return null;

  385. 	} else {

  386. 	    return newDomains;

  387. 	}

  388.     }

  389. 	

  390.     /**

  391.      * Remove System Domains and duplicate domains.

  392.      *

  393.      * Also remove domains from currentDomains if they already

  394.      * exist in assignedDomains.  Optimization for bug 4308161.

  395.      * In this case, 'domains' will be currentDomains,

  396.      * and 'otherDomains' will be assignedDomains.

  397.      */

  398.     ProtectionDomain[] optimize(ProtectionDomain[] domains,

  399. 			ProtectionDomain[] otherDomains) {

  400. 	if (domains == null)

  401. 	    return null;

  402. 

  403. 	ProtectionDomain[] optimized = new ProtectionDomain[domains.length];

  404. 	int num = 0;

  405. 	for (int i = 0; i < domains.length; i++) {

  406. 

  407. 	    // skip System Domains

  408. 	    if (domains[i] == null)

  409. 		continue;

  410. 

  411. 	    // skip domains with AllPermission 

  412. 	    // XXX

  413. 	    //

  414. 	    //	if (domains[i].implies(ALL_PERMISSION))

  415. 	    //	continue;

  416. 

  417. 	    // remove duplicates

  418. 	    boolean foundIt = false;

  419. 	    for (int j = 0; j < num; j++) {

  420. 		if (optimized[j] == domains[i]) {

  421. 		    foundIt = true;

  422. 		    break;

  423. 		}

  424. 	    }

  425. 	    if (foundIt == false) {

  426. 

  427. 		if (otherDomains == null) {

  428. 

  429. 		    // keep the domain

  430. 		    optimized[num++] = domains[i];

  431. 

  432. 		} else {

  433. 

  434. 		    // remove domain if it exists in otherDomains

  435. 		    // in this case, domains == currentDomains,

  436. 		    // otherDomains == assignedDomains

  437. 

  438. 		    boolean foundInOtherDomains = false;

  439. 		    for (int j = 0; j < otherDomains.length; j++) {

  440. 			if (otherDomains[j] == domains[i]) {

  441. 			    foundInOtherDomains = true;

  442. 			    break;

  443. 			}

  444. 		    }

  445. 

  446. 		    if (foundInOtherDomains == false) {

  447. 			// keep the domain

  448. 			optimized[num++] = domains[i];

  449. 		    }

  450. 		}

  451. 	    }

  452. 	}

  453. 

  454. 	// resize the array if necessary

  455. 	if (num < domains.length) {

  456. 	    ProtectionDomain[] downSize = new ProtectionDomain[num];

  457. 	    System.arraycopy(optimized, 0, downSize, 0, downSize.length);

  458. 	    optimized = downSize;

  459. 	}

  460. 

  461. 	return (optimized.length == 0 ? null : optimized);

  462.     }

  463. 

  464.     private boolean cachePolicy() {

  465. 	String s = (String)AccessController.doPrivileged

  466. 	    (new PrivilegedAction() {

  467. 	    public Object run() {

  468. 		return java.security.Security.getProperty

  469. 					("cache.auth.policy");

  470. 	    }

  471. 	});

  472. 	if (s != null) {

  473. 	    Boolean b = new Boolean(s);

  474. 	    return b.booleanValue();

  475. 	}

  476. 

  477. 	// cache by default

  478. 	return true;

  479.     }

  480. 

  481.     private void printInputDomains(ProtectionDomain[] currentDomains,

  482. 				ProtectionDomain[] assignedDomains) {

  483. 	if (currentDomains == null || currentDomains.length == 0) {

  484. 	    debug.println("currentDomains null or 0 length");

  485. 	} else {

  486. 	    for (int i = 0; currentDomains != null &&

  487. 			i < currentDomains.length; i++) {

  488. 		if (currentDomains[i] == null) {

  489. 		    debug.println("currentDomain " + i + ": SystemDomain");

  490. 		} else {

  491. 		    debug.println("currentDomain " + i + ": " +

  492. 				printDomain(currentDomains[i]));

  493. 		}

  494. 	    }

  495. 	}

  496. 

  497. 	if (assignedDomains == null || assignedDomains.length == 0) {

  498. 	    debug.println("assignedDomains null or 0 length");

  499. 	} else {

  500. 	    debug.println("assignedDomains = ");

  501. 	    for (int i = 0; assignedDomains != null &&

  502. 			i < assignedDomains.length; i++) {

  503. 		if (assignedDomains[i] == null) {

  504. 		    debug.println("assignedDomain " + i + ": SystemDomain");

  505. 		} else {

  506. 		    debug.println("assignedDomain " + i + ": " +

  507. 				printDomain(assignedDomains[i]));

  508. 		}

  509. 	    }

  510. 	}

  511.     }

  512. 

  513.     private String printDomain(final ProtectionDomain pd) {

  514. 	if (pd == null) {

  515. 	    return "null";

  516. 	}

  517. 	return (String)AccessController.doPrivileged(new PrivilegedAction() {

  518. 	    public Object run() {

  519. 		return pd.toString();

  520. 	    }

  521. 	});

  522.     }

  523. }