2005-02-08 Andrew Haley <aph@redhat.com>

        * javax/security/auth/Subject.java (doAsPrivileged): If acc is
        null, create a new AccessControlContext.
        * java/security/SecureClassLoader.java (protectionDomainCache):
        new field.
        (defineClass): Create a new protection domain and add it to our
        cache.

        * java/rmi/server/UnicastRemoteObject.java (exportObject): Call
        addStub() to keep track of the stub we've exported.
        (unexportObject): Call deleteStub().
        * java/rmi/server/RemoteObject.java (stubs): New field.
        (addStub): New method.
        (deleteStub): New method.
        (toStub): Rewrite.

        * java/lang/VMCompiler.java (loadSharedLibrary): Pass
        true to findHelper (tryParents).
        * gnu/gcj/runtime/SharedLibLoader.java (SharedLibLoader):
        Likewise.
        * java/net/URLClassLoader.java (SoURLLoader): Likewise.
        * gnu/gcj/runtime/SharedLibHelper.java (SharedLibHelper): Pass
        ProtectionDomain.
        If tryParents is false, don't scan parent class loaders.

        * java/security/Permissions.java (PermissionsHash.implies):
        Iterate over the collection and invoke implies() on each
        element.


git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@95111 138bc75d-0d04-0410-961f-82ee72b054a4

10 files changed, 115 insertions, 30 deletions

diff --git a/libjava/ChangeLog b/libjava/ChangeLog
index d6a90bda48d..fdfd3c2e94d 100644
--- a/libjava/ChangeLog
+++ b/libjava/ChangeLog
@@ -1,5 +1,38 @@
 2005-02-16  Andrew Haley  <aph@redhat.com>
 
+
+2005-02-08  Andrew Haley  <aph@redhat.com>
+
+	* javax/security/auth/Subject.java (doAsPrivileged): If acc is
+	null, create a new AccessControlContext.
+	* java/security/SecureClassLoader.java (protectionDomainCache):
+	new field.
+	(defineClass): Create a new protection domain and add it to our
+	cache.
+
+	* java/rmi/server/UnicastRemoteObject.java (exportObject): Call
+	addStub() to keep track of the stub we've exported.
+	(unexportObject): Call deleteStub().
+	* java/rmi/server/RemoteObject.java (stubs): New field.
+	(addStub): New method.
+	(deleteStub): New method.
+	(toStub): Rewrite.
+	
+	* java/lang/VMCompiler.java (loadSharedLibrary): Pass
+	true to findHelper (tryParents).
+	* gnu/gcj/runtime/SharedLibLoader.java (SharedLibLoader):
+	Likewise.
+	* java/net/URLClassLoader.java (SoURLLoader): Likewise.
+	* gnu/gcj/runtime/SharedLibHelper.java (SharedLibHelper): Pass
+	ProtectionDomain.  
+	If tryParents is false, don't scan parent class loaders.
+
+	* java/security/Permissions.java (PermissionsHash.implies):
+	Iterate over the collection and invoke implies() on each
+	element.
+
+2005-02-16  Andrew Haley  <aph@redhat.com>
+
 	* gnu/gcj/runtime/PersistentByteMap.java (name, values, fc): new
 	fields.
 	(PersistentByteMap): Set name
diff --git a/libjava/gnu/gcj/runtime/SharedLibHelper.java b/libjava/gnu/gcj/runtime/SharedLibHelper.java
index a0bfe68b83c..912c58e397e 100644
--- a/libjava/gnu/gcj/runtime/SharedLibHelper.java
+++ b/libjava/gnu/gcj/runtime/SharedLibHelper.java
@@ -28,13 +28,15 @@ public class SharedLibHelper
    * @parem flags passed to dlopen
    */
   SharedLibHelper(String libname, ClassLoader parent, CodeSource source,
-		  int flags)
+		  ProtectionDomain domain, int flags)
   {
     // FIXME: ask security manager first.
     loader = parent;
     baseName = libname;
-    domain = new ProtectionDomain(source,
-				  Policy.getPolicy().getPermissions(source));
+    if (domain == null)
+      domain = new ProtectionDomain(source,
+				    Policy.getPolicy().getPermissions(source));
+    this.domain = domain;
     this.flags = flags;
   }
 
@@ -65,7 +67,14 @@ public class SharedLibHelper
   }
 
   public static SharedLibHelper findHelper (ClassLoader loader, String libname,
-					    CodeSource source)
+					    CodeSource source, boolean tryParents)
+  {
+    return findHelper (loader, libname, source, null, tryParents);
+  }
+
+  public static SharedLibHelper findHelper (ClassLoader loader, String libname,
+					    CodeSource source, ProtectionDomain domain, 
+					    boolean tryParents)
   {
     synchronized (map)
       {
@@ -95,7 +104,7 @@ public class SharedLibHelper
 			      return result;
 			    l = l.getParent();
 			  }
-			while (l != null);
+			while (tryParents && l != null);
 		      }
 		  }
 	      }
@@ -116,7 +125,7 @@ public class SharedLibHelper
 		return null;
 	      }
 	  }
-	result = new SharedLibHelper(libname, loader, source, 0);
+	result = new SharedLibHelper(libname, loader, source, domain, 0);
 	s.add(new WeakReference(result));
 	return result;
       }
diff --git a/libjava/gnu/gcj/runtime/SharedLibLoader.java b/libjava/gnu/gcj/runtime/SharedLibLoader.java
index 1f80bbc8289..b8e6a57de53 100644
--- a/libjava/gnu/gcj/runtime/SharedLibLoader.java
+++ b/libjava/gnu/gcj/runtime/SharedLibLoader.java
@@ -39,7 +39,7 @@ public class SharedLibLoader extends ClassLoader
 	url = null;
       }
     helper = SharedLibHelper.findHelper(this, libname,
-					new CodeSource(url, null));
+					new CodeSource(url, null), true);
   }
 
   /** Load a shared library, and asociate a ClassLoader with it.
diff --git a/libjava/java/lang/VMCompiler.java b/libjava/java/lang/VMCompiler.java
index 3eb4491ecec..b3f55603487 100644
--- a/libjava/java/lang/VMCompiler.java
+++ b/libjava/java/lang/VMCompiler.java
@@ -142,7 +142,8 @@ final class VMCompiler
   {
     Class c = null;
     SharedLibHelper helper 
-      = SharedLibHelper.findHelper (loader, fileName, domain.getCodeSource());
+	= SharedLibHelper.findHelper (loader, fileName, domain.getCodeSource(), 
+				      domain, false);
     c = helper.findClass (className);
     if (c != null)
       {
diff --git a/libjava/java/net/URLClassLoader.java b/libjava/java/net/URLClassLoader.java
index 0ee2e748a3d..57ea968d780 100644
--- a/libjava/java/net/URLClassLoader.java
+++ b/libjava/java/net/URLClassLoader.java
@@ -543,7 +543,7 @@ public class URLClassLoader extends SecureClassLoader
     {
       super(classloader, url, overrideURL);
       helper = SharedLibHelper.findHelper(classloader, url.getFile(),
-					  noCertCodeSource);
+					  noCertCodeSource, true);
     }
 
     Class getClass(String className)
diff --git a/libjava/java/rmi/server/RemoteObject.java b/libjava/java/rmi/server/RemoteObject.java
index 1bc7648c8fc..374fee85797 100644
--- a/libjava/java/rmi/server/RemoteObject.java
+++ b/libjava/java/rmi/server/RemoteObject.java
@@ -45,6 +45,7 @@ import java.lang.reflect.Constructor;
 import java.rmi.NoSuchObjectException;
 import java.rmi.Remote;
 import java.rmi.UnmarshalException;
+import java.util.WeakHashMap;
 
 public abstract class RemoteObject
 	implements Remote, Serializable {
@@ -53,6 +54,8 @@ public static final long serialVersionUID = -3215090123894869218l;
 
 protected transient RemoteRef ref;
 
+private static final WeakHashMap stubs = new WeakHashMap();
+
 protected RemoteObject() {
 	this(null);
 }
@@ -65,21 +68,24 @@ public RemoteRef getRef() {
 	return (ref);
 }
 
+synchronized static void addStub(Remote obj, Remote stub)
+{
+  stubs.put(obj, stub);
+}
+
+synchronized static void deleteStub(Remote obj)
+{
+  stubs.remove(obj);
+}
+
   public static Remote toStub(Remote obj) throws NoSuchObjectException 
   {
-    Class cls = obj.getClass();
-    String classname = cls.getName();
-    ClassLoader cl = cls.getClassLoader();
-    try 
-      {
-	Class scls = cl.loadClass(classname + "_Stub");
-	// JDK 1.2 stubs
-	Class[] stubprototype = new Class[] { RemoteRef.class };
-	Constructor con = scls.getConstructor(stubprototype);
-	return (Remote)(con.newInstance(new Object[]{obj}));
-      }
-    catch (Exception e) {}
-    throw new NoSuchObjectException(obj.getClass().getName());
+    Remote stub = (Remote)stubs.get(obj);
+
+    if (stub == null)
+      throw new NoSuchObjectException(obj.getClass().getName());
+
+    return stub;
   }
 
 public int hashCode() {
diff --git a/libjava/java/rmi/server/UnicastRemoteObject.java b/libjava/java/rmi/server/UnicastRemoteObject.java
index 6e8fb253820..ed296f03341 100644
--- a/libjava/java/rmi/server/UnicastRemoteObject.java
+++ b/libjava/java/rmi/server/UnicastRemoteObject.java
@@ -98,7 +98,9 @@ public static RemoteStub exportObject(Remote obj) throws RemoteException {
       {
 	sref = new UnicastServerRef(new ObjID (), port, ssf);
       }
-    return (sref.exportObject (obj)); 
+    Remote stub = sref.exportObject (obj); 
+    addStub(obj, stub);
+    return stub;
   }
 
   /**
@@ -116,12 +118,15 @@ public static RemoteStub exportObject(Remote obj) throws RemoteException {
   {
     if (obj instanceof RemoteObject)
       {
+	deleteStub(obj);
 	UnicastServerRef sref = (UnicastServerRef)((RemoteObject)obj).getRef();
 	return sref.unexportObject(obj, force);
       }
     else
-      //FIX ME
-      ;
+      {
+	//FIX ME
+	;
+      }
     return true;
   }
 
diff --git a/libjava/java/security/Permissions.java b/libjava/java/security/Permissions.java
index d44341c947a..ce63cc2cca2 100644
--- a/libjava/java/security/Permissions.java
+++ b/libjava/java/security/Permissions.java
@@ -228,9 +228,18 @@ class PermissionsHash extends PermissionCollection
    * @param perm the permission to check
    * @return true if it is implied
    */
+  // FIXME: Should this method be synchronized?
   public boolean implies(Permission perm)
   {
-    return perms.get(perm) != null;
+    Enumeration elements = elements();
+
+    while (elements.hasMoreElements())
+      {
+	Permission p = (Permission)elements.nextElement();
+	if (p.implies(perm))
+	  return true;
+      }
+    return false;
   }
 
   /**
diff --git a/libjava/java/security/SecureClassLoader.java b/libjava/java/security/SecureClassLoader.java
index 7546edc85e5..89b5e4effce 100644
--- a/libjava/java/security/SecureClassLoader.java
+++ b/libjava/java/security/SecureClassLoader.java
@@ -48,6 +48,8 @@ package java.security;
  */
 public class SecureClassLoader extends ClassLoader
 {
+  java.util.WeakHashMap protectionDomainCache = new java.util.WeakHashMap();
+
   protected SecureClassLoader(ClassLoader parent)
   {
     super(parent);
@@ -80,11 +82,29 @@ public class SecureClassLoader extends ClassLoader
   protected final Class defineClass(String name, byte[] b, int off, int len,
 				    CodeSource cs)
   {
-    // FIXME: Need to cache ProtectionDomains according to 1.3 docs.
     if (cs != null)
       {
-	ProtectionDomain protectionDomain
-          = new ProtectionDomain(cs, getPermissions(cs), this, null);
+	ProtectionDomain protectionDomain;
+	  
+	synchronized (protectionDomainCache)
+	  {
+	    protectionDomain = (ProtectionDomain)protectionDomainCache.get(cs);
+	  }
+
+	if (protectionDomain == null)
+	  {
+	    protectionDomain 
+	      = new ProtectionDomain(cs, getPermissions(cs), this, null);
+	    synchronized (protectionDomainCache)
+	      {
+		ProtectionDomain domain 
+		  = (ProtectionDomain)protectionDomainCache.get(cs);
+		if (domain == null)
+		  protectionDomainCache.put(cs, protectionDomain);
+		else
+		  protectionDomain = domain;
+	      }
+	  }
 	return super.defineClass(name, b, off, len, protectionDomain);
       } 
     else
diff --git a/libjava/javax/security/auth/Subject.java b/libjava/javax/security/auth/Subject.java
index 5391acec825..37baecc8aed 100644
--- a/libjava/javax/security/auth/Subject.java
+++ b/libjava/javax/security/auth/Subject.java
@@ -235,7 +235,7 @@ public final class Subject implements Serializable
    */
   public static Object doAsPrivileged (final Subject subject,
                                        final PrivilegedExceptionAction action,
-                                       final AccessControlContext acc)
+				       AccessControlContext acc)
     throws PrivilegedActionException
   {
     final SecurityManager sm = System.getSecurityManager();
@@ -243,6 +243,8 @@ public final class Subject implements Serializable
       {
         sm.checkPermission (new AuthPermission ("doAsPrivileged"));
       }
+    if (acc == null)
+      acc = new AccessControlContext (new java.security.ProtectionDomain[0]);
     AccessControlContext context =
       new AccessControlContext (acc, new SubjectDomainCombiner (subject));
     return AccessController.doPrivileged (action, context);