Example 1 with PrincipalEntry
use of sun.security.provider.PolicyParser.PrincipalEntry in project jdk8u_jdk by JetBrains.
the class PolicyPermissions method addSelfPermissions.
/**
* Returns true if 'Self' permissions were added to the provided
* 'perms', and false otherwise.
*
* <p>
*
* @param p check to see if this Permission is a "SELF"
* PrivateCredentialPermission. <p>
*
* @param entryCs the codesource for the Policy entry.
*
* @param accCs the codesource for from the current AccessControlContext.
*
* @param perms the PermissionCollection where the individual
* PrivateCredentialPermissions will be added.
*/
private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) {
if (!(p instanceof PrivateCredentialPermission)) {
return false;
}
if (!(entryCs instanceof SubjectCodeSource)) {
return false;
}
PrivateCredentialPermission pcp = (PrivateCredentialPermission) p;
SubjectCodeSource scs = (SubjectCodeSource) entryCs;
// see if it is a SELF permission
String[][] pPrincipals = pcp.getPrincipals();
if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) {
// regular PrivateCredentialPermission
return false;
} else {
if (scs.getPrincipals() == null) {
// XXX SubjectCodeSource has no Subject???
return true;
}
for (PrincipalEntry principal : scs.getPrincipals()) {
// if the Policy entry's Principal does not contain a
// WILDCARD for the Principal name, then a
// new PrivateCredentialPermission is created
// for the Principal listed in the Policy entry.
// if the Policy entry's Principal contains a WILDCARD
// for the Principal name, then a new
// PrivateCredentialPermission is created
// for each Principal associated with the Subject
// in the current ACC.
String[][] principalInfo = getPrincipalInfo(principal, accCs);
for (int i = 0; i < principalInfo.length; i++) {
// here's the new PrivateCredentialPermission
PrivateCredentialPermission newPcp = new PrivateCredentialPermission(pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read");
if (debug != null) {
debug.println("adding SELF permission: " + newPcp.toString());
}
perms.add(newPcp);
}
}
}
return true;
}
Also used :
PrincipalEntry(sun.security.provider.PolicyParser.PrincipalEntry)
PrivateCredentialPermission(javax.security.auth.PrivateCredentialPermission)
Example 2 with PrincipalEntry
use of sun.security.provider.PolicyParser.PrincipalEntry in project jdk8u_jdk by JetBrains.
the class SubjectCodeSource method toString.
/**
* Return a String representation of this <code>SubjectCodeSource</code>.
*
* <p>
*
* @return a String representation of this <code>SubjectCodeSource</code>.
*/
public String toString() {
String returnMe = super.toString();
if (getSubject() != null) {
if (debug != null) {
final Subject finalSubject = getSubject();
returnMe = returnMe + "\n" + java.security.AccessController.doPrivileged(new java.security.PrivilegedAction<String>() {
public String run() {
return finalSubject.toString();
}
});
} else {
returnMe = returnMe + "\n" + getSubject().toString();
}
}
if (principals != null) {
ListIterator<PrincipalEntry> li = principals.listIterator();
while (li.hasNext()) {
PrincipalEntry pppe = li.next();
returnMe = returnMe + rb.getString("NEWLINE") + pppe.getPrincipalClass() + " " + pppe.getPrincipalName();
}
}
return returnMe;
}
Also used :
PrincipalEntry(sun.security.provider.PolicyParser.PrincipalEntry)
Subject(javax.security.auth.Subject)
Example 3 with PrincipalEntry
use of sun.security.provider.PolicyParser.PrincipalEntry in project jdk8u_jdk by JetBrains.
the class PolicyPermissions method addGrantEntry.
/**
* Add one policy entry to the vector.
*/
private void addGrantEntry(GrantEntry ge, KeyStore keyStore) {
if (debug != null) {
debug.println("Adding policy entry: ");
debug.println(" signedBy " + ge.signedBy);
debug.println(" codeBase " + ge.codeBase);
if (ge.principals != null) {
for (PrincipalEntry pppe : ge.principals) {
debug.println(" " + pppe.getPrincipalClass() + " " + pppe.getPrincipalName());
}
}
debug.println();
}
try {
CodeSource codesource = getCodeSource(ge, keyStore);
// skip if signedBy alias was unknown...
if (codesource == null)
return;
PolicyEntry entry = new PolicyEntry(codesource);
Enumeration<PermissionEntry> enum_ = ge.permissionElements();
while (enum_.hasMoreElements()) {
PermissionEntry pe = enum_.nextElement();
try {
// XXX special case PrivateCredentialPermission-SELF
Permission perm;
if (pe.permission.equals("javax.security.auth.PrivateCredentialPermission") && pe.name.endsWith(" self")) {
perm = getInstance(pe.permission, pe.name + " \"self\"", pe.action);
} else {
perm = getInstance(pe.permission, pe.name, pe.action);
}
entry.add(perm);
if (debug != null) {
debug.println(" " + perm);
}
} catch (ClassNotFoundException cnfe) {
Certificate[] certs;
if (pe.signedBy != null) {
certs = getCertificates(keyStore, pe.signedBy);
} else {
certs = null;
}
// a signer and found the keys for it.
if (certs != null || pe.signedBy == null) {
Permission perm = new UnresolvedPermission(pe.permission, pe.name, pe.action, certs);
entry.add(perm);
if (debug != null) {
debug.println(" " + perm);
}
}
} catch (java.lang.reflect.InvocationTargetException ite) {
System.err.println(AUTH_POLICY + rb.getString(".error.adding.Permission.") + pe.permission + rb.getString("SPACE") + ite.getTargetException());
} catch (Exception e) {
System.err.println(AUTH_POLICY + rb.getString(".error.adding.Permission.") + pe.permission + rb.getString("SPACE") + e);
}
}
policyEntries.addElement(entry);
} catch (Exception e) {
System.err.println(AUTH_POLICY + rb.getString(".error.adding.Entry.") + ge + rb.getString("SPACE") + e);
}
if (debug != null) {
debug.println();
}
}
Also used :
UnresolvedPermission(java.security.UnresolvedPermission)
java.lang.reflect(java.lang.reflect)
PermissionEntry(sun.security.provider.PolicyParser.PermissionEntry)
UnresolvedPermission(java.security.UnresolvedPermission)
PrivateCredentialPermission(javax.security.auth.PrivateCredentialPermission)
Permission(java.security.Permission)
PrincipalEntry(sun.security.provider.PolicyParser.PrincipalEntry)
CodeSource(java.security.CodeSource)
KeyStoreException(java.security.KeyStoreException)
Example 4 with PrincipalEntry
use of sun.security.provider.PolicyParser.PrincipalEntry in project jdk8u_jdk by JetBrains.
the class SubjectCodeSource method implies.
/**
* Returns true if this <code>SubjectCodeSource</code> object "implies"
* the specified <code>CodeSource</code>.
* More specifically, this method makes the following checks.
* If any fail, it returns false. If they all succeed, it returns true.
*
* <p>
* <ol>
* <li> The provided codesource must not be <code>null</code>.
* <li> codesource must be an instance of <code>SubjectCodeSource</code>.
* <li> super.implies(codesource) must return true.
* <li> for each principal in this codesource's principal list:
* <ol>
* <li> if the principal is an instanceof
* <code>Principal</code>, then the principal must
* imply the provided codesource's <code>Subject</code>.
* <li> if the principal is not an instanceof
* <code>Principal</code>, then the provided
* codesource's <code>Subject</code> must have an
* associated <code>Principal</code>, <i>P</i>, where
* P.getClass().getName equals principal.principalClass,
* and P.getName() equals principal.principalName.
* </ol>
* </ol>
*
* <p>
*
* @param codesource the <code>CodeSource</code> to compare against.
*
* @return true if this <code>SubjectCodeSource</code> implies the
* the specified <code>CodeSource</code>.
*/
public boolean implies(CodeSource codesource) {
LinkedList<PrincipalEntry> subjectList = null;
if (codesource == null || !(codesource instanceof SubjectCodeSource) || !(super.implies(codesource))) {
if (debug != null)
debug.println("\tSubjectCodeSource.implies: FAILURE 1");
return false;
}
SubjectCodeSource that = (SubjectCodeSource) codesource;
if (this.principals == null) {
if (debug != null)
debug.println("\tSubjectCodeSource.implies: PASS 1");
return true;
}
if (that.getSubject() == null || that.getSubject().getPrincipals().size() == 0) {
if (debug != null)
debug.println("\tSubjectCodeSource.implies: FAILURE 2");
return false;
}
ListIterator<PrincipalEntry> li = this.principals.listIterator(0);
while (li.hasNext()) {
PrincipalEntry pppe = li.next();
try {
// use new Principal.implies method
Class<?> pClass = Class.forName(pppe.principalClass, true, sysClassLoader);
if (!Principal.class.isAssignableFrom(pClass)) {
// not the right subtype
throw new ClassCastException(pppe.principalClass + " is not a Principal");
}
Constructor<?> c = pClass.getConstructor(PARAMS);
Principal p = (Principal) c.newInstance(new Object[] { pppe.principalName });
if (!p.implies(that.getSubject())) {
if (debug != null)
debug.println("\tSubjectCodeSource.implies: FAILURE 3");
return false;
} else {
if (debug != null)
debug.println("\tSubjectCodeSource.implies: PASS 2");
return true;
}
} catch (Exception e) {
if (subjectList == null) {
if (that.getSubject() == null) {
if (debug != null)
debug.println("\tSubjectCodeSource.implies: " + "FAILURE 4");
return false;
}
Iterator<Principal> i = that.getSubject().getPrincipals().iterator();
subjectList = new LinkedList<PrincipalEntry>();
while (i.hasNext()) {
Principal p = i.next();
PrincipalEntry spppe = new PrincipalEntry(p.getClass().getName(), p.getName());
subjectList.add(spppe);
}
}
if (!subjectListImpliesPrincipalEntry(subjectList, pppe)) {
if (debug != null)
debug.println("\tSubjectCodeSource.implies: FAILURE 5");
return false;
}
}
}
if (debug != null)
debug.println("\tSubjectCodeSource.implies: PASS 3");
return true;
}
Also used :
PrincipalEntry(sun.security.provider.PolicyParser.PrincipalEntry)
Principal(java.security.Principal)
Aggregations
PrincipalEntry (sun.security.provider.PolicyParser.PrincipalEntry)4
PrivateCredentialPermission (javax.security.auth.PrivateCredentialPermission)2
java.lang.reflect (java.lang.reflect)1
CodeSource (java.security.CodeSource)1
KeyStoreException (java.security.KeyStoreException)1
Permission (java.security.Permission)1
Principal (java.security.Principal)1
UnresolvedPermission (java.security.UnresolvedPermission)1
Subject (javax.security.auth.Subject)1
PermissionEntry (sun.security.provider.PolicyParser.PermissionEntry)1
