Search in sources :

Example 1 with PrincipalEntry

use of sun.security.provider.PolicyParser.PrincipalEntry in project jdk8u_jdk by JetBrains.

the class PolicyPermissions method addSelfPermissions.

/**
     * Returns true if 'Self' permissions were added to the provided
     * 'perms', and false otherwise.
     *
     * <p>
     *
     * @param p check to see if this Permission is a "SELF"
     *                  PrivateCredentialPermission. <p>
     *
     * @param entryCs the codesource for the Policy entry.
     *
     * @param accCs the codesource for from the current AccessControlContext.
     *
     * @param perms the PermissionCollection where the individual
     *                  PrivateCredentialPermissions will be added.
     */
private boolean addSelfPermissions(final Permission p, CodeSource entryCs, CodeSource accCs, Permissions perms) {
    if (!(p instanceof PrivateCredentialPermission)) {
        return false;
    }
    if (!(entryCs instanceof SubjectCodeSource)) {
        return false;
    }
    PrivateCredentialPermission pcp = (PrivateCredentialPermission) p;
    SubjectCodeSource scs = (SubjectCodeSource) entryCs;
    // see if it is a SELF permission
    String[][] pPrincipals = pcp.getPrincipals();
    if (pPrincipals.length <= 0 || !pPrincipals[0][0].equalsIgnoreCase("self") || !pPrincipals[0][1].equalsIgnoreCase("self")) {
        // regular PrivateCredentialPermission
        return false;
    } else {
        if (scs.getPrincipals() == null) {
            // XXX SubjectCodeSource has no Subject???
            return true;
        }
        for (PrincipalEntry principal : scs.getPrincipals()) {
            //      if the Policy entry's Principal does not contain a
            //              WILDCARD for the Principal name, then a
            //              new PrivateCredentialPermission is created
            //              for the Principal listed in the Policy entry.
            //      if the Policy entry's Principal contains a WILDCARD
            //              for the Principal name, then a new
            //              PrivateCredentialPermission is created
            //              for each Principal associated with the Subject
            //              in the current ACC.
            String[][] principalInfo = getPrincipalInfo(principal, accCs);
            for (int i = 0; i < principalInfo.length; i++) {
                // here's the new PrivateCredentialPermission
                PrivateCredentialPermission newPcp = new PrivateCredentialPermission(pcp.getCredentialClass() + " " + principalInfo[i][0] + " " + "\"" + principalInfo[i][1] + "\"", "read");
                if (debug != null) {
                    debug.println("adding SELF permission: " + newPcp.toString());
                }
                perms.add(newPcp);
            }
        }
    }
    return true;
}
Also used : PrincipalEntry(sun.security.provider.PolicyParser.PrincipalEntry) PrivateCredentialPermission(javax.security.auth.PrivateCredentialPermission)

Example 2 with PrincipalEntry

use of sun.security.provider.PolicyParser.PrincipalEntry in project jdk8u_jdk by JetBrains.

the class SubjectCodeSource method toString.

/**
     * Return a String representation of this <code>SubjectCodeSource</code>.
     *
     * <p>
     *
     * @return a String representation of this <code>SubjectCodeSource</code>.
     */
public String toString() {
    String returnMe = super.toString();
    if (getSubject() != null) {
        if (debug != null) {
            final Subject finalSubject = getSubject();
            returnMe = returnMe + "\n" + java.security.AccessController.doPrivileged(new java.security.PrivilegedAction<String>() {

                public String run() {
                    return finalSubject.toString();
                }
            });
        } else {
            returnMe = returnMe + "\n" + getSubject().toString();
        }
    }
    if (principals != null) {
        ListIterator<PrincipalEntry> li = principals.listIterator();
        while (li.hasNext()) {
            PrincipalEntry pppe = li.next();
            returnMe = returnMe + rb.getString("NEWLINE") + pppe.getPrincipalClass() + " " + pppe.getPrincipalName();
        }
    }
    return returnMe;
}
Also used : PrincipalEntry(sun.security.provider.PolicyParser.PrincipalEntry) Subject(javax.security.auth.Subject)

Example 3 with PrincipalEntry

use of sun.security.provider.PolicyParser.PrincipalEntry in project jdk8u_jdk by JetBrains.

the class PolicyPermissions method addGrantEntry.

/**
     * Add one policy entry to the vector.
     */
private void addGrantEntry(GrantEntry ge, KeyStore keyStore) {
    if (debug != null) {
        debug.println("Adding policy entry: ");
        debug.println("  signedBy " + ge.signedBy);
        debug.println("  codeBase " + ge.codeBase);
        if (ge.principals != null) {
            for (PrincipalEntry pppe : ge.principals) {
                debug.println("  " + pppe.getPrincipalClass() + " " + pppe.getPrincipalName());
            }
        }
        debug.println();
    }
    try {
        CodeSource codesource = getCodeSource(ge, keyStore);
        // skip if signedBy alias was unknown...
        if (codesource == null)
            return;
        PolicyEntry entry = new PolicyEntry(codesource);
        Enumeration<PermissionEntry> enum_ = ge.permissionElements();
        while (enum_.hasMoreElements()) {
            PermissionEntry pe = enum_.nextElement();
            try {
                // XXX special case PrivateCredentialPermission-SELF
                Permission perm;
                if (pe.permission.equals("javax.security.auth.PrivateCredentialPermission") && pe.name.endsWith(" self")) {
                    perm = getInstance(pe.permission, pe.name + " \"self\"", pe.action);
                } else {
                    perm = getInstance(pe.permission, pe.name, pe.action);
                }
                entry.add(perm);
                if (debug != null) {
                    debug.println("  " + perm);
                }
            } catch (ClassNotFoundException cnfe) {
                Certificate[] certs;
                if (pe.signedBy != null) {
                    certs = getCertificates(keyStore, pe.signedBy);
                } else {
                    certs = null;
                }
                // a signer and found the keys for it.
                if (certs != null || pe.signedBy == null) {
                    Permission perm = new UnresolvedPermission(pe.permission, pe.name, pe.action, certs);
                    entry.add(perm);
                    if (debug != null) {
                        debug.println("  " + perm);
                    }
                }
            } catch (java.lang.reflect.InvocationTargetException ite) {
                System.err.println(AUTH_POLICY + rb.getString(".error.adding.Permission.") + pe.permission + rb.getString("SPACE") + ite.getTargetException());
            } catch (Exception e) {
                System.err.println(AUTH_POLICY + rb.getString(".error.adding.Permission.") + pe.permission + rb.getString("SPACE") + e);
            }
        }
        policyEntries.addElement(entry);
    } catch (Exception e) {
        System.err.println(AUTH_POLICY + rb.getString(".error.adding.Entry.") + ge + rb.getString("SPACE") + e);
    }
    if (debug != null) {
        debug.println();
    }
}
Also used : UnresolvedPermission(java.security.UnresolvedPermission) java.lang.reflect(java.lang.reflect) PermissionEntry(sun.security.provider.PolicyParser.PermissionEntry) UnresolvedPermission(java.security.UnresolvedPermission) PrivateCredentialPermission(javax.security.auth.PrivateCredentialPermission) Permission(java.security.Permission) PrincipalEntry(sun.security.provider.PolicyParser.PrincipalEntry) CodeSource(java.security.CodeSource) KeyStoreException(java.security.KeyStoreException)

Example 4 with PrincipalEntry

use of sun.security.provider.PolicyParser.PrincipalEntry in project jdk8u_jdk by JetBrains.

the class SubjectCodeSource method implies.

/**
     * Returns true if this <code>SubjectCodeSource</code> object "implies"
     * the specified <code>CodeSource</code>.
     * More specifically, this method makes the following checks.
     * If any fail, it returns false.  If they all succeed, it returns true.
     *
     * <p>
     * <ol>
     * <li> The provided codesource must not be <code>null</code>.
     * <li> codesource must be an instance of <code>SubjectCodeSource</code>.
     * <li> super.implies(codesource) must return true.
     * <li> for each principal in this codesource's principal list:
     * <ol>
     * <li>     if the principal is an instanceof
     *          <code>Principal</code>, then the principal must
     *          imply the provided codesource's <code>Subject</code>.
     * <li>     if the principal is not an instanceof
     *          <code>Principal</code>, then the provided
     *          codesource's <code>Subject</code> must have an
     *          associated <code>Principal</code>, <i>P</i>, where
     *          P.getClass().getName equals principal.principalClass,
     *          and P.getName() equals principal.principalName.
     * </ol>
     * </ol>
     *
     * <p>
     *
     * @param codesource the <code>CodeSource</code> to compare against.
     *
     * @return true if this <code>SubjectCodeSource</code> implies the
     *          the specified <code>CodeSource</code>.
     */
public boolean implies(CodeSource codesource) {
    LinkedList<PrincipalEntry> subjectList = null;
    if (codesource == null || !(codesource instanceof SubjectCodeSource) || !(super.implies(codesource))) {
        if (debug != null)
            debug.println("\tSubjectCodeSource.implies: FAILURE 1");
        return false;
    }
    SubjectCodeSource that = (SubjectCodeSource) codesource;
    if (this.principals == null) {
        if (debug != null)
            debug.println("\tSubjectCodeSource.implies: PASS 1");
        return true;
    }
    if (that.getSubject() == null || that.getSubject().getPrincipals().size() == 0) {
        if (debug != null)
            debug.println("\tSubjectCodeSource.implies: FAILURE 2");
        return false;
    }
    ListIterator<PrincipalEntry> li = this.principals.listIterator(0);
    while (li.hasNext()) {
        PrincipalEntry pppe = li.next();
        try {
            // use new Principal.implies method
            Class<?> pClass = Class.forName(pppe.principalClass, true, sysClassLoader);
            if (!Principal.class.isAssignableFrom(pClass)) {
                // not the right subtype
                throw new ClassCastException(pppe.principalClass + " is not a Principal");
            }
            Constructor<?> c = pClass.getConstructor(PARAMS);
            Principal p = (Principal) c.newInstance(new Object[] { pppe.principalName });
            if (!p.implies(that.getSubject())) {
                if (debug != null)
                    debug.println("\tSubjectCodeSource.implies: FAILURE 3");
                return false;
            } else {
                if (debug != null)
                    debug.println("\tSubjectCodeSource.implies: PASS 2");
                return true;
            }
        } catch (Exception e) {
            if (subjectList == null) {
                if (that.getSubject() == null) {
                    if (debug != null)
                        debug.println("\tSubjectCodeSource.implies: " + "FAILURE 4");
                    return false;
                }
                Iterator<Principal> i = that.getSubject().getPrincipals().iterator();
                subjectList = new LinkedList<PrincipalEntry>();
                while (i.hasNext()) {
                    Principal p = i.next();
                    PrincipalEntry spppe = new PrincipalEntry(p.getClass().getName(), p.getName());
                    subjectList.add(spppe);
                }
            }
            if (!subjectListImpliesPrincipalEntry(subjectList, pppe)) {
                if (debug != null)
                    debug.println("\tSubjectCodeSource.implies: FAILURE 5");
                return false;
            }
        }
    }
    if (debug != null)
        debug.println("\tSubjectCodeSource.implies: PASS 3");
    return true;
}
Also used : PrincipalEntry(sun.security.provider.PolicyParser.PrincipalEntry) Principal(java.security.Principal)

Aggregations

PrincipalEntry (sun.security.provider.PolicyParser.PrincipalEntry)4 PrivateCredentialPermission (javax.security.auth.PrivateCredentialPermission)2 java.lang.reflect (java.lang.reflect)1 CodeSource (java.security.CodeSource)1 KeyStoreException (java.security.KeyStoreException)1 Permission (java.security.Permission)1 Principal (java.security.Principal)1 UnresolvedPermission (java.security.UnresolvedPermission)1 Subject (javax.security.auth.Subject)1 PermissionEntry (sun.security.provider.PolicyParser.PermissionEntry)1