Search in sources :

Example 1 with Conditions

use of org.apache.felix.framework.security.util.Conditions in project felix by apache.

the class SecurityActivator method start.

public synchronized void start(BundleContext context) throws Exception {
    PermissionAdminImpl pai = null;
    SecureAction action = new SecureAction();
    Permissions permissions = new Permissions(context, action);
    File tmp = context.getDataFile("security" + File.separator + "tmp");
    if ((tmp == null) || (!tmp.isDirectory() && !tmp.mkdirs())) {
        throw new IOException("Can't create tmp dir.");
    }
    // TODO: log something if we can not clean-up the tmp dir
    File[] old = tmp.listFiles();
    if (old != null) {
        for (int i = 0; i < old.length; i++) {
            old[i].delete();
        }
    }
    if ("TRUE".equalsIgnoreCase(getProperty(context, SecurityConstants.ENABLE_PERMISSIONADMIN_PROP, SecurityConstants.ENABLE_PERMISSIONADMIN_VALUE))) {
        File cache = context.getDataFile("security" + File.separator + "pa.txt");
        if ((cache == null) || (!cache.isFile() && !cache.createNewFile())) {
            throw new IOException("Can't create cache file");
        }
        pai = new PermissionAdminImpl(permissions, new PropertiesCache(cache, tmp, action));
    }
    ConditionalPermissionAdminImpl cpai = null;
    if ("TRUE".equalsIgnoreCase(getProperty(context, SecurityConstants.ENABLE_CONDPERMADMIN_PROP, SecurityConstants.ENABLE_CONDPERMADMIN_VALUE))) {
        File cpaCache = context.getDataFile("security" + File.separator + "cpa.txt");
        if ((cpaCache == null) || (!cpaCache.isFile() && !cpaCache.createNewFile())) {
            throw new IOException("Can't create cache file");
        }
        LocalPermissions localPermissions = new LocalPermissions(permissions);
        cpai = new ConditionalPermissionAdminImpl(permissions, new Conditions(action), localPermissions, new PropertiesCache(cpaCache, tmp, action), pai);
    }
    if ((pai != null) || (cpai != null)) {
        String crlList = getProperty(context, SecurityConstants.CRL_FILE_PROP, SecurityConstants.CRL_FILE_VALUE);
        String storeList = getProperty(context, SecurityConstants.KEYSTORE_FILE_PROP, SecurityConstants.KEYSTORE_FILE_VALUE);
        String passwdList = getProperty(context, SecurityConstants.KEYSTORE_PASS_PROP, SecurityConstants.KEYSTORE_PASS_VALUE);
        String typeList = getProperty(context, SecurityConstants.KEYSTORE_TYPE_PROP, SecurityConstants.KEYSTORE_TYPE_VALUE);
        String osgi_keystores = getProperty(context, Constants.FRAMEWORK_TRUST_REPOSITORIES, null);
        if (osgi_keystores != null) {
            StringTokenizer tok = new StringTokenizer(osgi_keystores, File.pathSeparator);
            if (storeList.length() == 0) {
                storeList += "file:" + tok.nextToken();
                passwdList += " ";
                typeList += "JKS";
            }
            while (tok.hasMoreTokens()) {
                storeList += "|file:" + tok.nextToken();
                passwdList += "| ";
                typeList += "|JKS";
            }
        }
        StringTokenizer storeTok = new StringTokenizer(storeList, "|");
        StringTokenizer passwdTok = new StringTokenizer(passwdList, "|");
        StringTokenizer typeTok = new StringTokenizer(typeList, "|");
        if ((storeTok.countTokens() != typeTok.countTokens()) || (passwdTok.countTokens() != storeTok.countTokens())) {
            throw new BundleException("Each CACerts keystore must have one type and one passwd entry and vice versa.");
        }
        SecurityProvider provider = new SecurityProviderImpl(crlList, typeList, passwdList, storeList, pai, cpai, action, ((Felix) context.getBundle(0)).getLogger());
        ((Felix) context.getBundle(0)).setSecurityProvider(provider);
    }
    if (pai != null) {
        context.registerService(PermissionAdmin.class.getName(), pai, null);
    }
    if (cpai != null) {
        context.registerService(ConditionalPermissionAdmin.class.getName(), cpai, null);
    }
}
Also used : ConditionalPermissionAdmin(org.osgi.service.condpermadmin.ConditionalPermissionAdmin) IOException(java.io.IOException) Conditions(org.apache.felix.framework.security.util.Conditions) LocalPermissions(org.apache.felix.framework.security.util.LocalPermissions) StringTokenizer(java.util.StringTokenizer) PropertiesCache(org.apache.felix.framework.security.util.PropertiesCache) PermissionAdminImpl(org.apache.felix.framework.security.permissionadmin.PermissionAdminImpl) ConditionalPermissionAdminImpl(org.apache.felix.framework.security.condpermadmin.ConditionalPermissionAdminImpl) Permissions(org.apache.felix.framework.security.util.Permissions) LocalPermissions(org.apache.felix.framework.security.util.LocalPermissions) SecurityProvider(org.apache.felix.framework.ext.SecurityProvider) BundleException(org.osgi.framework.BundleException) ConditionalPermissionAdminImpl(org.apache.felix.framework.security.condpermadmin.ConditionalPermissionAdminImpl) SecureAction(org.apache.felix.framework.util.SecureAction) File(java.io.File) ConditionalPermissionAdmin(org.osgi.service.condpermadmin.ConditionalPermissionAdmin) PermissionAdmin(org.osgi.service.permissionadmin.PermissionAdmin)

Example 2 with Conditions

use of org.apache.felix.framework.security.util.Conditions in project felix by apache.

the class ConditionalPermissionAdminImpl method eval.

// we need to find all conditions that apply and then check whether they
// de note the permission in question unless the conditions are postponed
// then we make sure their permissions imply the permission and add them
// to the list of posts. Return true in case we pass or have posts
// else falls and clear the posts first.
private boolean eval(List posts, BundleRevisionImpl module, Permission permission, Object admin) {
    List condPermInfos = null;
    synchronized (m_condPermInfos) {
        if (isEmpty() && (admin == null)) {
            return true;
        }
        condPermInfos = new ArrayList(m_condPermInfos.values());
    }
    // Check for implicit permissions like access to file area
    if (m_permissions.getPermissions(m_permissions.getImplicit(module.getBundle())).implies(permission, module.getBundle())) {
        return true;
    }
    List pls = new ArrayList();
    // now do the real thing
    for (Iterator iter = condPermInfos.iterator(); iter.hasNext(); ) {
        ConditionalPermissionInfoImpl cpi = (ConditionalPermissionInfoImpl) iter.next();
        ConditionInfo[] conditions = cpi._getConditionInfos();
        List currentPosts = new ArrayList();
        Conditions conds = m_conditions.getConditions(module, conditions);
        if (!conds.isSatisfied(currentPosts, m_permissions.getPermissions(cpi._getPermissionInfos()), permission)) {
            continue;
        }
        if (!m_permissions.getPermissions(cpi._getPermissionInfos()).implies(permission, null)) {
            continue;
        }
        if (currentPosts.isEmpty()) {
            pls.add(new Object[] { cpi, null });
            break;
        }
        pls.add(new Object[] { cpi, currentPosts, conds });
    }
    while (pls.size() > 1) {
        if (!((ConditionalPermissionInfoImpl) ((Object[]) pls.get(pls.size() - 1))[0]).isAllow()) {
            pls.remove(pls.size() - 1);
        } else {
            break;
        }
    }
    if (pls.size() == 1) {
        if (((Object[]) pls.get(0))[1] != null) {
            posts.add(pls.get(0));
        }
        return ((ConditionalPermissionInfoImpl) ((Object[]) pls.get(0))[0]).isAllow();
    }
    for (Iterator iter = pls.iterator(); iter.hasNext(); ) {
        posts.add(iter.next());
    }
    return !posts.isEmpty();
}
Also used : ConditionInfo(org.osgi.service.condpermadmin.ConditionInfo) ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) Conditions(org.apache.felix.framework.security.util.Conditions)

Aggregations

Conditions (org.apache.felix.framework.security.util.Conditions)2 File (java.io.File)1 IOException (java.io.IOException)1 ArrayList (java.util.ArrayList)1 Iterator (java.util.Iterator)1 List (java.util.List)1 StringTokenizer (java.util.StringTokenizer)1 SecurityProvider (org.apache.felix.framework.ext.SecurityProvider)1 ConditionalPermissionAdminImpl (org.apache.felix.framework.security.condpermadmin.ConditionalPermissionAdminImpl)1 PermissionAdminImpl (org.apache.felix.framework.security.permissionadmin.PermissionAdminImpl)1 LocalPermissions (org.apache.felix.framework.security.util.LocalPermissions)1 Permissions (org.apache.felix.framework.security.util.Permissions)1 PropertiesCache (org.apache.felix.framework.security.util.PropertiesCache)1 SecureAction (org.apache.felix.framework.util.SecureAction)1 BundleException (org.osgi.framework.BundleException)1 ConditionInfo (org.osgi.service.condpermadmin.ConditionInfo)1 ConditionalPermissionAdmin (org.osgi.service.condpermadmin.ConditionalPermissionAdmin)1 PermissionAdmin (org.osgi.service.permissionadmin.PermissionAdmin)1