1. /*

  2.  * @(#)SubjectDomainCombiner.java	1.45 03/12/19

  3.  *

  4.  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7. 

  8. package javax.security.auth;

  9. 

  10. import java.security.AccessController;

  11. import java.security.AccessControlContext;

  12. import java.security.AllPermission;

  13. import java.security.Permission;

  14. import java.security.Permissions;

  15. import java.security.PermissionCollection;

  16. import java.security.Policy;

  17. import java.security.Principal;

  18. import java.security.PrivilegedAction;

  19. import java.security.ProtectionDomain;

  20. import java.lang.ClassLoader;

  21. import java.security.Security;

  22. import java.util.Set;

  23. import java.util.Iterator;

  24. 

  25. /**

  26.  * A <code>SubjectDomainCombiner</code> updates ProtectionDomains

  27.  * with Principals from the <code>Subject</code> associated with this

  28.  * <code>SubjectDomainCombiner</code>.

  29.  *

  30.  * @version 1.45, 12/19/03 

  31.  */

  32. public class SubjectDomainCombiner implements java.security.DomainCombiner {

  33. 

  34.     private Subject subject;

  35.     private java.util.Map cachedPDs = new java.util.WeakHashMap();

  36.     private Set principalSet;

  37.     private Principal[] principals;

  38. 

  39.     private static final sun.security.util.Debug debug =

  40. 	sun.security.util.Debug.getInstance("combiner",

  41. 					"\t[SubjectDomainCombiner]");

  42. 

  43.     // Note: check only at classloading time, not dynamically during combine()

  44.     private static final boolean useJavaxPolicy = compatPolicy();

  45. 

  46.     // Relevant only when useJavaxPolicy is true

  47.     private static final boolean allowCaching =

  48. 					(useJavaxPolicy && cachePolicy());

  49. 

  50.     /**

  51.      * Associate the provided <code>Subject</code> with this

  52.      * <code>SubjectDomainCombiner</code>.

  53.      *

  54.      * <p>

  55.      *

  56.      * @param subject the <code>Subject</code> to be associated with

  57.      *		with this <code>SubjectDomainCombiner</code>.

  58.      */

  59.     public SubjectDomainCombiner(Subject subject) {

  60. 	this.subject = subject;

  61. 

  62. 	if (subject.isReadOnly()) {

  63. 	    principalSet = subject.getPrincipals();

  64. 	    principals = (Principal[])principalSet.toArray

  65. 			(new Principal[principalSet.size()]);

  66. 	}

  67.     }

  68. 

  69.     /**

  70.      * Get the <code>Subject</code> associated with this

  71.      * <code>SubjectDomainCombiner</code>.

  72.      *

  73.      * <p>

  74.      *

  75.      * @return the <code>Subject</code> associated with this

  76.      *		<code>SubjectDomainCombiner</code>, or <code>null</code>

  77.      *		if no <code>Subject</code> is associated with this

  78.      *		<code>SubjectDomainCombiner</code>.

  79.      *

  80.      * @exception SecurityException if the caller does not have permission

  81.      *		to get the <code>Subject</code> associated with this

  82.      *		<code>SubjectDomainCombiner</code>.

  83.      */

  84.     public Subject getSubject() {

  85. 	java.lang.SecurityManager sm = System.getSecurityManager();

  86. 	if (sm != null) {

  87. 	    sm.checkPermission(new AuthPermission

  88. 		("getSubjectFromDomainCombiner"));

  89. 	}

  90. 	return subject;

  91.     }

  92. 

  93.     /**

  94.      * Update the relevant ProtectionDomains with the Principals

  95.      * from the <code>Subject</code> associated with this

  96.      * <code>SubjectDomainCombiner</code>.

  97.      *

  98.      * <p> A new <code>ProtectionDomain</code> instance is created

  99.      * for each <code>ProtectionDomain</code> in the

  100.      * <i>currentDomains</i> array.  Each new <code>ProtectionDomain</code>

  101.      * instance is created using the <code>CodeSource</code>,

  102.      * <code>Permission</code>s and <code>ClassLoader</code>

  103.      * from the corresponding <code>ProtectionDomain</code> in

  104.      * <i>currentDomains</i>, as well as with the Principals from

  105.      * the <code>Subject</code> associated with this

  106.      * <code>SubjectDomainCombiner</code>.

  107.      * 

  108.      * <p> All of the newly instantiated ProtectionDomains are

  109.      * combined into a new array.  The ProtectionDomains from the

  110.      * <i>assignedDomains</i> array are appended to this new array,

  111.      * and the result is returned.

  112.      *

  113.      * <p> Note that optimizations such as the removal of duplicate

  114.      * ProtectionDomains may have occurred.

  115.      * In addition, caching of ProtectionDomains may be permitted.

  116.      *

  117.      * <p>

  118.      *

  119.      * @param currentDomains the ProtectionDomains associated with the

  120.      *		current execution Thread, up to the most recent

  121.      *		privileged <code>ProtectionDomain</code>.

  122.      *		The ProtectionDomains are are listed in order of execution,

  123.      *		with the most recently executing <code>ProtectionDomain</code>

  124.      *		residing at the beginning of the array. This parameter may

  125.      *		be <code>null</code> if the current execution Thread

  126.      *		has no associated ProtectionDomains.<p>

  127.      *

  128.      * @param assignedDomains the ProtectionDomains inherited from the

  129.      *		parent Thread, or the ProtectionDomains from the

  130.      *		privileged <i>context</i>, if a call to

  131.      *		AccessController.doPrivileged(..., <i>context</i>)

  132.      *		had occurred  This parameter may be <code>null</code>

  133.      *		if there were no ProtectionDomains inherited from the

  134.      *		parent Thread, or from the privileged <i>context</i>.

  135.      *

  136.      * @return a new array consisting of the updated ProtectionDomains,

  137.      *		or <code>null</code>.

  138.      */

  139.     public ProtectionDomain[] combine(ProtectionDomain[] currentDomains,

  140. 				ProtectionDomain[] assignedDomains) {

  141. 	if (debug != null) {

  142. 	    if (subject == null) {

  143. 		debug.println("null subject");

  144. 	    } else {

  145. 		final Subject s = subject;

  146. 		AccessController.doPrivileged

  147. 		    (new java.security.PrivilegedAction() {

  148. 		    public Object run() {

  149. 			debug.println(s.toString());

  150. 			return null;

  151. 		    }

  152. 		});

  153. 	    }

  154. 	    printInputDomains(currentDomains, assignedDomains);

  155. 	}

  156. 

  157. 	if (currentDomains == null || currentDomains.length == 0) {

  158. 	    // No need to optimize assignedDomains because it should

  159. 	    // have been previously optimized (when it was set).

  160. 

  161. 	    // Note that we are returning a direct reference

  162. 	    // to the input array - since ACC does not clone

  163. 	    // the arrays when it calls combiner.combine,

  164. 	    // multiple ACC instances may share the same

  165. 	    // array instance in this case

  166. 

  167. 	    return assignedDomains;

  168. 	}

  169. 

  170. 	// optimize currentDomains

  171. 	//

  172. 	// No need to optimize assignedDomains because it should

  173.         // have been previously optimized (when it was set).

  174. 

  175. 	currentDomains = optimize(currentDomains);

  176. 	if (debug != null) {

  177. 	    debug.println("after optimize");

  178. 	    printInputDomains(currentDomains, assignedDomains);

  179. 	}

  180. 

  181. 	if (currentDomains == null && assignedDomains == null) {

  182. 	    return null;

  183. 	}

  184. 

  185. 	// maintain backwards compatibility for people who provide

  186. 	// their own javax.security.auth.Policy implementations

  187. 	if (useJavaxPolicy) {

  188. 	    return combineJavaxPolicy(currentDomains, assignedDomains);

  189. 	}

  190. 	

  191. 	int cLen = (currentDomains == null ? 0 : currentDomains.length);

  192. 	int aLen = (assignedDomains == null ? 0 : assignedDomains.length);

  193. 

  194. 	// the ProtectionDomains for the new AccessControlContext

  195. 	// that we will return

  196. 	ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];

  197. 

  198. 	boolean allNew = true;

  199. 	synchronized(cachedPDs) {

  200. 	    if (!subject.isReadOnly() &&

  201. 		!subject.getPrincipals().equals(principalSet)) {

  202. 

  203. 		// if the Subject was mutated, clear the PD cache

  204. 		Set newSet = subject.getPrincipals();

  205. 		synchronized(newSet) {

  206. 		    principalSet = new java.util.HashSet(newSet);

  207. 		}

  208. 		principals = (Principal[])principalSet.toArray

  209. 			(new Principal[principalSet.size()]);

  210. 		cachedPDs.clear();

  211. 

  212. 		if (debug != null) {

  213. 		    debug.println("Subject mutated - clearing cache");

  214. 		}

  215. 	    } 

  216. 

  217. 	    ProtectionDomain subjectPd;

  218. 	    for (int i = 0; i < cLen; i++) {

  219. 		ProtectionDomain pd = currentDomains[i];

  220. 

  221. 		subjectPd = (ProtectionDomain) cachedPDs.get(pd);

  222. 

  223. 		if (subjectPd == null) {

  224. 		    subjectPd = new ProtectionDomain(pd.getCodeSource(),

  225. 						pd.getPermissions(), 

  226. 						pd.getClassLoader(),

  227. 						principals);

  228. 		    cachedPDs.put(pd, subjectPd);

  229. 		} else {

  230. 		    allNew = false;

  231. 		}

  232. 		newDomains[i] = subjectPd;

  233. 	    }

  234.         }

  235. 

  236. 	if (debug != null) {

  237. 	    debug.println("updated current: "); 

  238. 	    for (int i = 0; i < cLen; i++) {

  239. 		debug.println("\tupdated[" + i + "] = " +

  240. 				printDomain(newDomains[i]));

  241. 	    }

  242. 	}

  243. 

  244. 	// now add on the assigned domains

  245. 	if (aLen > 0) {

  246. 	    System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen);

  247. 

  248. 	    // optimize the result (cached PDs might exist in assignedDomains)

  249. 	    if (!allNew) {

  250. 		newDomains = optimize(newDomains);

  251. 	    }

  252. 	}

  253. 

  254. 	// if aLen == 0 || allNew, no need to further optimize newDomains

  255. 	

  256. 	if (debug != null) {

  257. 	    if (newDomains == null || newDomains.length == 0) {

  258. 		debug.println("returning null");

  259. 	    } else {

  260. 		debug.println("combinedDomains: ");

  261. 		for (int i = 0; i < newDomains.length; i++) {

  262. 		    debug.println("newDomain " + i + ": " +

  263. 				  printDomain(newDomains[i]));

  264. 		}

  265. 	    }

  266. 	}

  267. 	

  268. 	// return the new ProtectionDomains

  269. 	if (newDomains == null || newDomains.length == 0) {

  270. 	    return null;

  271. 	} else {

  272. 	    return newDomains;

  273. 	}

  274.     }

  275. 

  276.     /**

  277.      * Use the javax.security.auth.Policy implementation

  278.      */

  279.     private ProtectionDomain[] combineJavaxPolicy(

  280. 	ProtectionDomain[] currentDomains,

  281. 	ProtectionDomain[] assignedDomains) {

  282. 

  283. 	if (!allowCaching) {

  284. 	    java.security.AccessController.doPrivileged

  285. 		(new PrivilegedAction() {

  286. 		    public Object run() {

  287. 			// Call refresh only caching is disallowed

  288. 			javax.security.auth.Policy.getPolicy().refresh();

  289. 			return null;

  290. 		    }

  291. 		});

  292. 	}

  293. 	

  294. 	int cLen = (currentDomains == null ? 0 : currentDomains.length);

  295. 	int aLen = (assignedDomains == null ? 0 : assignedDomains.length);

  296. 

  297. 	// the ProtectionDomains for the new AccessControlContext

  298. 	// that we will return

  299. 	ProtectionDomain[] newDomains = new ProtectionDomain[cLen + aLen];

  300. 

  301. 	synchronized(cachedPDs) {

  302. 	    if (!subject.isReadOnly() &&

  303. 		!subject.getPrincipals().equals(principalSet)) {

  304. 

  305. 		// if the Subject was mutated, clear the PD cache

  306. 		Set newSet = subject.getPrincipals();

  307. 		synchronized(newSet) {

  308. 		    principalSet = new java.util.HashSet(newSet);

  309. 		}

  310. 		principals = (Principal[])principalSet.toArray

  311. 			(new Principal[principalSet.size()]);

  312. 		cachedPDs.clear();

  313. 

  314. 		if (debug != null) {

  315. 		    debug.println("Subject mutated - clearing cache");

  316. 		}

  317. 	    }

  318. 

  319. 	    for (int i = 0; i < cLen; i++) {

  320. 		ProtectionDomain pd = currentDomains[i];

  321. 		ProtectionDomain subjectPd =

  322. 				(ProtectionDomain)cachedPDs.get(pd);

  323. 

  324. 		if (subjectPd == null) {

  325. 

  326. 		    // XXX 

  327. 		    // we must first add the original permissions.

  328. 		    // that way when we later add the new JAAS permissions,

  329. 		    // any unresolved JAAS-related permissions will

  330. 		    // automatically get resolved.

  331. 

  332. 		    // get the original perms

  333. 		    Permissions perms = new Permissions();

  334. 		    PermissionCollection coll = pd.getPermissions();

  335. 		    java.util.Enumeration e;

  336. 		    synchronized (coll) {

  337. 			e = coll.elements();

  338. 			while (e.hasMoreElements()) {

  339. 			    Permission newPerm = (Permission)e.nextElement();

  340. 			    perms.add(newPerm);

  341. 			}

  342. 		    }

  343. 

  344. 		    // get perms from the policy

  345. 

  346. 		    final java.security.CodeSource finalCs = pd.getCodeSource();

  347. 		    final Subject finalS = subject;

  348. 		    PermissionCollection newPerms = (PermissionCollection)

  349. 			java.security.AccessController.doPrivileged

  350. 			(new PrivilegedAction() {

  351. 			public Object run() {

  352. 			  return

  353. 			  javax.security.auth.Policy.getPolicy().getPermissions

  354. 				(finalS, finalCs);

  355. 			}

  356. 		    });

  357. 			

  358. 		    // add the newly granted perms,

  359. 		    // avoiding duplicates

  360. 		    synchronized (newPerms) {

  361. 			e = newPerms.elements();

  362. 			while (e.hasMoreElements()) {

  363. 			    Permission newPerm = (Permission)e.nextElement();

  364. 			    if (!perms.implies(newPerm)) {

  365. 				perms.add(newPerm);

  366. 				if (debug != null) 

  367. 				    debug.println (

  368. 					"Adding perm " + newPerm + "\n");

  369. 			    }

  370. 			}

  371. 		    }

  372. 		    subjectPd = new ProtectionDomain(finalCs, perms);

  373. 

  374. 		    if (allowCaching)

  375. 			cachedPDs.put(pd, subjectPd);

  376. 		}

  377. 		newDomains[i] = subjectPd;

  378. 	    }

  379. 	}

  380. 

  381. 	if (debug != null) {

  382. 	    debug.println("updated current: ");

  383. 	    for (int i = 0; i < cLen; i++) {

  384. 		debug.println("\tupdated[" + i + "] = " + newDomains[i]);

  385. 	    }

  386. 	}

  387. 

  388. 	// now add on the assigned domains

  389. 	if (aLen > 0) {

  390. 	    System.arraycopy(assignedDomains, 0, newDomains, cLen, aLen);

  391. 	}

  392. 

  393. 	if (debug != null) {

  394. 	    if (newDomains == null || newDomains.length == 0) {

  395. 		debug.println("returning null");

  396. 	    } else {

  397. 		debug.println("combinedDomains: ");

  398. 		for (int i = 0; i < newDomains.length; i++) {

  399. 		    debug.println("newDomain " + i + ": " +

  400. 			newDomains[i].toString());

  401. 		}

  402. 	    }

  403. 	}

  404. 

  405. 	// return the new ProtectionDomains

  406. 	if (newDomains == null || newDomains.length == 0) {

  407. 	    return null;

  408. 	} else {

  409. 	    return newDomains;

  410. 	}

  411.     }

  412. 	

  413.     private static ProtectionDomain[] optimize(ProtectionDomain[] domains) {

  414. 	if (domains == null || domains.length == 0)

  415. 	    return null;

  416. 

  417. 	ProtectionDomain[] optimized = new ProtectionDomain[domains.length];

  418. 	ProtectionDomain pd;

  419. 	int num = 0;

  420. 	for (int i = 0; i < domains.length; i++) {

  421. 

  422. 	    // skip domains with AllPermission 

  423. 	    // XXX

  424. 	    //

  425. 	    //	if (domains[i].implies(ALL_PERMISSION))

  426. 	    //	continue;

  427. 

  428. 	    // skip System Domains

  429. 	    if ((pd = domains[i]) != null) {

  430. 

  431. 		// remove duplicates

  432. 		boolean found = false;

  433. 		for (int j = 0; j < num && !found; j++) {

  434. 		    found = (optimized[j] == pd);

  435. 		}

  436. 		if (!found) {

  437. 		    optimized[num++] = pd;

  438. 		}

  439. 	    }

  440. 	}

  441. 

  442. 	// resize the array if necessary

  443. 	if (num > 0 && num < domains.length) {

  444. 	    ProtectionDomain[] downSize = new ProtectionDomain[num];

  445. 	    System.arraycopy(optimized, 0, downSize, 0, downSize.length);

  446. 	    optimized = downSize;

  447. 	}

  448. 

  449. 	return ((num == 0 || optimized.length == 0) ? null : optimized);

  450.     }

  451. 

  452.     private static boolean cachePolicy() {

  453. 	String s = (String)AccessController.doPrivileged

  454. 	    (new PrivilegedAction() {

  455. 	    public Object run() {

  456. 		return java.security.Security.getProperty

  457. 					("cache.auth.policy");

  458. 	    }

  459. 	});

  460. 	if (s != null) {

  461. 	    Boolean b = new Boolean(s);

  462. 	    return b.booleanValue();

  463. 	}

  464. 

  465. 	// cache by default

  466. 	return true;

  467.     }

  468. 

  469.     // maintain backwards compatibility for people who provide

  470.     // their own javax.security.auth.Policy implementations

  471.     private static boolean compatPolicy() {

  472. 	javax.security.auth.Policy javaxPolicy =

  473. 	    (javax.security.auth.Policy)AccessController.doPrivileged

  474. 	    (new PrivilegedAction() {

  475. 	    public Object run() {

  476. 		return javax.security.auth.Policy.getPolicy();

  477. 	    }

  478. 	});

  479. 

  480. 	if (!(javaxPolicy instanceof com.sun.security.auth.PolicyFile)) {

  481. 	    if (debug != null) {

  482. 		debug.println("Providing backwards compatibility for " +

  483. 			"javax.security.auth.policy implementation: " +

  484. 			javaxPolicy.toString());

  485. 	    }

  486. 

  487. 	    return true;

  488. 	} else {

  489. 	    return false;

  490. 	}

  491.     }

  492. 

  493.     private static void printInputDomains(ProtectionDomain[] currentDomains,

  494. 				ProtectionDomain[] assignedDomains) {

  495. 	if (currentDomains == null || currentDomains.length == 0) {

  496. 	    debug.println("currentDomains null or 0 length");

  497. 	} else {

  498. 	    for (int i = 0; currentDomains != null &&

  499. 			i < currentDomains.length; i++) {

  500. 		if (currentDomains[i] == null) {

  501. 		    debug.println("currentDomain " + i + ": SystemDomain");

  502. 		} else {

  503. 		    debug.println("currentDomain " + i + ": " +

  504. 				printDomain(currentDomains[i]));

  505. 		}

  506. 	    }

  507. 	}

  508. 

  509. 	if (assignedDomains == null || assignedDomains.length == 0) {

  510. 	    debug.println("assignedDomains null or 0 length");

  511. 	} else {

  512. 	    debug.println("assignedDomains = ");

  513. 	    for (int i = 0; assignedDomains != null &&

  514. 			i < assignedDomains.length; i++) {

  515. 		if (assignedDomains[i] == null) {

  516. 		    debug.println("assignedDomain " + i + ": SystemDomain");

  517. 		} else {

  518. 		    debug.println("assignedDomain " + i + ": " +

  519. 				printDomain(assignedDomains[i]));

  520. 		}

  521. 	    }

  522. 	}

  523.     }

  524. 

  525.     private static String printDomain(final ProtectionDomain pd) {

  526. 	if (pd == null) {

  527. 	    return "null";

  528. 	}

  529. 	return (String)AccessController.doPrivileged(new PrivilegedAction() {

  530. 	    public Object run() {

  531. 		return pd.toString();

  532. 	    }

  533. 	});

  534.     }

  535. }