Example 1 with Conditions
use of org.apache.felix.framework.security.util.Conditions in project felix by apache.
the class SecurityActivator method start.
public synchronized void start(BundleContext context) throws Exception {
PermissionAdminImpl pai = null;
SecureAction action = new SecureAction();
Permissions permissions = new Permissions(context, action);
File tmp = context.getDataFile("security" + File.separator + "tmp");
if ((tmp == null) || (!tmp.isDirectory() && !tmp.mkdirs())) {
throw new IOException("Can't create tmp dir.");
}
// TODO: log something if we can not clean-up the tmp dir
File[] old = tmp.listFiles();
if (old != null) {
for (int i = 0; i < old.length; i++) {
old[i].delete();
}
}
if ("TRUE".equalsIgnoreCase(getProperty(context, SecurityConstants.ENABLE_PERMISSIONADMIN_PROP, SecurityConstants.ENABLE_PERMISSIONADMIN_VALUE))) {
File cache = context.getDataFile("security" + File.separator + "pa.txt");
if ((cache == null) || (!cache.isFile() && !cache.createNewFile())) {
throw new IOException("Can't create cache file");
}
pai = new PermissionAdminImpl(permissions, new PropertiesCache(cache, tmp, action));
}
ConditionalPermissionAdminImpl cpai = null;
if ("TRUE".equalsIgnoreCase(getProperty(context, SecurityConstants.ENABLE_CONDPERMADMIN_PROP, SecurityConstants.ENABLE_CONDPERMADMIN_VALUE))) {
File cpaCache = context.getDataFile("security" + File.separator + "cpa.txt");
if ((cpaCache == null) || (!cpaCache.isFile() && !cpaCache.createNewFile())) {
throw new IOException("Can't create cache file");
}
LocalPermissions localPermissions = new LocalPermissions(permissions);
cpai = new ConditionalPermissionAdminImpl(permissions, new Conditions(action), localPermissions, new PropertiesCache(cpaCache, tmp, action), pai);
}
if ((pai != null) || (cpai != null)) {
String crlList = getProperty(context, SecurityConstants.CRL_FILE_PROP, SecurityConstants.CRL_FILE_VALUE);
String storeList = getProperty(context, SecurityConstants.KEYSTORE_FILE_PROP, SecurityConstants.KEYSTORE_FILE_VALUE);
String passwdList = getProperty(context, SecurityConstants.KEYSTORE_PASS_PROP, SecurityConstants.KEYSTORE_PASS_VALUE);
String typeList = getProperty(context, SecurityConstants.KEYSTORE_TYPE_PROP, SecurityConstants.KEYSTORE_TYPE_VALUE);
String osgi_keystores = getProperty(context, Constants.FRAMEWORK_TRUST_REPOSITORIES, null);
if (osgi_keystores != null) {
StringTokenizer tok = new StringTokenizer(osgi_keystores, File.pathSeparator);
if (storeList.length() == 0) {
storeList += "file:" + tok.nextToken();
passwdList += " ";
typeList += "JKS";
}
while (tok.hasMoreTokens()) {
storeList += "|file:" + tok.nextToken();
passwdList += "| ";
typeList += "|JKS";
}
}
StringTokenizer storeTok = new StringTokenizer(storeList, "|");
StringTokenizer passwdTok = new StringTokenizer(passwdList, "|");
StringTokenizer typeTok = new StringTokenizer(typeList, "|");
if ((storeTok.countTokens() != typeTok.countTokens()) || (passwdTok.countTokens() != storeTok.countTokens())) {
throw new BundleException("Each CACerts keystore must have one type and one passwd entry and vice versa.");
}
SecurityProvider provider = new SecurityProviderImpl(crlList, typeList, passwdList, storeList, pai, cpai, action, ((Felix) context.getBundle(0)).getLogger());
((Felix) context.getBundle(0)).setSecurityProvider(provider);
}
if (pai != null) {
context.registerService(PermissionAdmin.class.getName(), pai, null);
}
if (cpai != null) {
context.registerService(ConditionalPermissionAdmin.class.getName(), cpai, null);
}
}
Also used :
ConditionalPermissionAdmin(org.osgi.service.condpermadmin.ConditionalPermissionAdmin)
IOException(java.io.IOException)
Conditions(org.apache.felix.framework.security.util.Conditions)
LocalPermissions(org.apache.felix.framework.security.util.LocalPermissions)
StringTokenizer(java.util.StringTokenizer)
PropertiesCache(org.apache.felix.framework.security.util.PropertiesCache)
PermissionAdminImpl(org.apache.felix.framework.security.permissionadmin.PermissionAdminImpl)
ConditionalPermissionAdminImpl(org.apache.felix.framework.security.condpermadmin.ConditionalPermissionAdminImpl)
Permissions(org.apache.felix.framework.security.util.Permissions)
LocalPermissions(org.apache.felix.framework.security.util.LocalPermissions)
SecurityProvider(org.apache.felix.framework.ext.SecurityProvider)
BundleException(org.osgi.framework.BundleException)
ConditionalPermissionAdminImpl(org.apache.felix.framework.security.condpermadmin.ConditionalPermissionAdminImpl)
SecureAction(org.apache.felix.framework.util.SecureAction)
File(java.io.File)
ConditionalPermissionAdmin(org.osgi.service.condpermadmin.ConditionalPermissionAdmin)
PermissionAdmin(org.osgi.service.permissionadmin.PermissionAdmin)
Example 2 with Conditions
use of org.apache.felix.framework.security.util.Conditions in project felix by apache.
the class ConditionalPermissionAdminImpl method eval.
// we need to find all conditions that apply and then check whether they
// de note the permission in question unless the conditions are postponed
// then we make sure their permissions imply the permission and add them
// to the list of posts. Return true in case we pass or have posts
// else falls and clear the posts first.
private boolean eval(List posts, BundleRevisionImpl module, Permission permission, Object admin) {
List condPermInfos = null;
synchronized (m_condPermInfos) {
if (isEmpty() && (admin == null)) {
return true;
}
condPermInfos = new ArrayList(m_condPermInfos.values());
}
// Check for implicit permissions like access to file area
if (m_permissions.getPermissions(m_permissions.getImplicit(module.getBundle())).implies(permission, module.getBundle())) {
return true;
}
List pls = new ArrayList();
// now do the real thing
for (Iterator iter = condPermInfos.iterator(); iter.hasNext(); ) {
ConditionalPermissionInfoImpl cpi = (ConditionalPermissionInfoImpl) iter.next();
ConditionInfo[] conditions = cpi._getConditionInfos();
List currentPosts = new ArrayList();
Conditions conds = m_conditions.getConditions(module, conditions);
if (!conds.isSatisfied(currentPosts, m_permissions.getPermissions(cpi._getPermissionInfos()), permission)) {
continue;
}
if (!m_permissions.getPermissions(cpi._getPermissionInfos()).implies(permission, null)) {
continue;
}
if (currentPosts.isEmpty()) {
pls.add(new Object[] { cpi, null });
break;
}
pls.add(new Object[] { cpi, currentPosts, conds });
}
while (pls.size() > 1) {
if (!((ConditionalPermissionInfoImpl) ((Object[]) pls.get(pls.size() - 1))[0]).isAllow()) {
pls.remove(pls.size() - 1);
} else {
break;
}
}
if (pls.size() == 1) {
if (((Object[]) pls.get(0))[1] != null) {
posts.add(pls.get(0));
}
return ((ConditionalPermissionInfoImpl) ((Object[]) pls.get(0))[0]).isAllow();
}
for (Iterator iter = pls.iterator(); iter.hasNext(); ) {
posts.add(iter.next());
}
return !posts.isEmpty();
}
Also used :
ConditionInfo(org.osgi.service.condpermadmin.ConditionInfo)
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
Conditions(org.apache.felix.framework.security.util.Conditions)
Aggregations
Conditions (org.apache.felix.framework.security.util.Conditions)2
File (java.io.File)1
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
Iterator (java.util.Iterator)1
List (java.util.List)1
StringTokenizer (java.util.StringTokenizer)1
SecurityProvider (org.apache.felix.framework.ext.SecurityProvider)1
ConditionalPermissionAdminImpl (org.apache.felix.framework.security.condpermadmin.ConditionalPermissionAdminImpl)1
PermissionAdminImpl (org.apache.felix.framework.security.permissionadmin.PermissionAdminImpl)1
LocalPermissions (org.apache.felix.framework.security.util.LocalPermissions)1
Permissions (org.apache.felix.framework.security.util.Permissions)1
PropertiesCache (org.apache.felix.framework.security.util.PropertiesCache)1
SecureAction (org.apache.felix.framework.util.SecureAction)1
BundleException (org.osgi.framework.BundleException)1
ConditionInfo (org.osgi.service.condpermadmin.ConditionInfo)1
ConditionalPermissionAdmin (org.osgi.service.condpermadmin.ConditionalPermissionAdmin)1
PermissionAdmin (org.osgi.service.permissionadmin.PermissionAdmin)1
