From 0f0d7d05b87fe9626b2f4afb09183280f91a44de Mon Sep 17 00:00:00 2001 From: tromey Date: Sat, 19 Apr 2003 20:54:55 +0000 Subject: * Makefile.in: Rebuilt. * Makefile.am (ordinary_java_source_files): Added new files. * java/security/AlgorithmParameterGenerator.java, java/security/AlgorithmParameters.java, java/security/Engine.java, java/security/Identity.java, java/security/IdentityScope.java, java/security/KeyFactory.java, java/security/KeyPairGenerator.java, java/security/KeyStore.java, java/security/MessageDigest.java, java/security/Policy.java, java/security/ProtectionDomain.java, java/security/SecureRandom.java, java/security/Security.java, java/security/Signature.java, java/security/SignatureSpi.java, java/security/SignedObject.java, java/security/Signer.java, java/security/interfaces/RSAMultiPrimePrivateCrtKey.java, java/security/spec/PSSParameterSpec.java, java/security/spec/RSAMultiPrimePrivateCrtKeySpec.java, java/security/spec/RSAOtherPrimeInfo.java: New versions from Classpath. git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@65829 138bc75d-0d04-0410-961f-82ee72b054a4 --- libjava/java/security/ProtectionDomain.java | 237 +++++++++++++++++++++------- 1 file changed, 181 insertions(+), 56 deletions(-) (limited to 'libjava/java/security/ProtectionDomain.java') diff --git a/libjava/java/security/ProtectionDomain.java b/libjava/java/security/ProtectionDomain.java index e8ead466565..21d9b6d09b4 100644 --- a/libjava/java/security/ProtectionDomain.java +++ b/libjava/java/security/ProtectionDomain.java @@ -1,5 +1,5 @@ /* ProtectionDomain.java -- A security domain - Copyright (C) 1998 Free Software Foundation, Inc. + Copyright (C) 1998, 2003, Free Software Foundation, Inc. This file is part of GNU Classpath. @@ -38,55 +38,109 @@ exception statement from your version. */ package java.security; /** - * This class represents a group of classes, along with the permissions - * they are granted. The classes are identified by a CodeSource. - * Thus, any class loaded from the specified CodeSource is - * treated as part of this domain. The set of permissions is represented - * by a PermissionCollection. - *

- * Every class in the system will belong to one and only one - * ProtectionDomain. + *

This ProtectionDomain class encapsulates the characteristics + * of a domain, which encloses a set of classes whose instances are granted a + * set of permissions when being executed on behalf of a given set of + * Principals. * - * @version 0.0 + *

A static set of permissions can be bound to a ProtectionDomain + * when it is constructed; such permissions are granted to the domain regardless + * of the {@link Policy} in force. However, to support dynamic security + * policies, a ProtectionDomain can also be constructed such that + * it is dynamically mapped to a set of permissions by the current {@link + * Policy} whenever a permission is checked.

* * @author Aaron M. Renn (arenn@urbanophile.com) + * @version 0.0 */ public class ProtectionDomain { - /** - * This is the CodeSource for this protection domain - */ + /** This is the CodeSource for this protection domain. */ private CodeSource code_source; + /** This is the set of permissions granted to this domain. */ + private PermissionCollection perms; + + /** The {@link ClassLoader} associated with this domain. */ + private ClassLoader classloader; + + /** The array of Principals associated with this domain.. */ + private Principal[] principals; + + /** Post 1.4 the policy may be refreshed! use false for pre 1.4. */ + private boolean staticBinding; + /** - * This is the set of permissions granted to this domain + * Creates a new ProtectionDomain with the given {@link + * CodeSource} and {@link Permissions}. If the permissions object is not + * null, then setReadOnly() will be called on the + * passed in {@link Permissions} object. The only permissions granted to this + * domain are the ones specified; the current {@link Policy} will not be + * consulted. + * + * @param codesource the codesource associated with this domain. + * @param permissions the permissions granted to this domain */ - private PermissionCollection perms; + public ProtectionDomain(CodeSource codesource, PermissionCollection permissions) + { + this(codesource, permissions, null, null, false); + } /** - * This method initializes a new instance of ProtectionDomain - * representing the specified CodeSource and permission set. - * No permissions may be added to the PermissionCollection - * and this contructor will call the setReadOnly method on - * the specified permission set. + *

Creates a new ProtectionDomain qualified by the given CodeSource, + * Permissions, ClassLoader and array of Principals. If the permissions + * object is not null, then setReadOnly() will be called on the + * passed in Permissions object. The permissions granted to this domain are + * dynamic; they include both the static permissions passed to this + * constructor, and any permissions granted to this domain by the current + * Policy at the time a permission is checked.

* - * @param code_source The CodeSource for this domain - * @param perms The permission set for this domain + *

This constructor is typically used by {@link ClassLoader}s and {@link + * DomainCombiner}s which delegate to Policy to actively + * associate the permissions granted to this domain. This constructor affords + * the Policy provider the opportunity to augment the supplied + * PermissionCollection to reflect policy changes.

* - * @see java.security.PermissionCollection#setReadOnly() - */ - public ProtectionDomain(CodeSource code_source, PermissionCollection perms) + * @param codesource the CodeSource associated with this domain. + * @param permissions the permissions granted to this domain. + * @param classloader the ClassLoader associated with this domain. + * @param principals the array of Principals associated with this domain. + * @since 1.4 + * @see Policy#refresh() + * @see Policy#getPermissions(ProtectionDomain) + */ + public ProtectionDomain(CodeSource codesource, + PermissionCollection permissions, + ClassLoader classloader, Principal[] principals) { - this.code_source = code_source; - this.perms = perms; - if (perms != null) - perms.setReadOnly(); + this(codesource, permissions, classloader, principals, false); + } + + private ProtectionDomain(CodeSource codesource, + PermissionCollection permissions, + ClassLoader classloader, Principal[] principals, + boolean staticBinding) + { + super(); + + code_source = codesource; + if (permissions != null) + { + perms = permissions; + perms.setReadOnly(); + } + + this.classloader = classloader; + this.principals = + (principals != null ? (Principal[]) principals.clone() : new Principal[0]); + this.staticBinding = staticBinding; } /** - * This method returns the CodeSource for this domain. - * - * @return This domain's CodeSource. + * Returns the {@link CodeSource} of this domain. + * + * @return the {@link CodeSource} of this domain which may be null. + * @since 1.2 */ public final CodeSource getCodeSource() { @@ -94,9 +148,36 @@ public class ProtectionDomain } /** - * This method returns the set of permissions granted to this domain. + * Returns the {@link ClassLoader} of this domain. * - * @return The permission set for this domain + * @return the {@link ClassLoader} of this domain which may be + * null. + * @since 1.4 + */ + public final ClassLoader getClassLoader() + { + return this.classloader; + } + + /** + * Returns an array of principals for this domain. + * + * @return returns a non-null array of principals for this domain. Changes to + * this array will have no impact on the ProtectionDomain. + * @since 1.4 + */ + public final Principal[] getPrincipals() + { + return (Principal[]) principals.clone(); + } + + /** + * Returns the static permissions granted to this domain. + * + * @return the static set of permissions for this domain which may be + * null. + * @see Policy#refresh() + * @see Policy#getPermissions(ProtectionDomain) */ public final PermissionCollection getPermissions() { @@ -104,41 +185,85 @@ public class ProtectionDomain } /** - * This method tests whether or not the specified Permission is - * implied by the set of permissions granted to this domain. + *

Check and see if this ProtectionDomain implies the + * permissions expressed in the Permission object.

+ * + *

The set of permissions evaluated is a function of whether the + * ProtectionDomain was constructed with a static set of + * permissions or it was bound to a dynamically mapped set of permissions.

* - * @param perm The Permission to test. + *

If the ProtectionDomain was constructed to a statically + * bound {@link PermissionCollection} then the permission will only be checked + * against the {@link PermissionCollection} supplied at construction.

* - * @return true if the specified Permission is implied for this domain, false otherwise. + *

However, if the ProtectionDomain was constructed with the + * constructor variant which supports dynamically binding permissions, then + * the permission will be checked against the combination of the + * {@link PermissionCollection} supplied at construction and the current + * {@link Policy} binding. + * + * @param permission the {@link Permission} object to check. + * @return true if permission is implicit to this + * ProtectionDomain. */ - public boolean implies(Permission perm) + public boolean implies(Permission permission) { - PermissionCollection pc = getPermissions(); - if (pc == null) - return (false); - - return (pc.implies(perm)); + if (staticBinding) + return (perms == null ? false : perms.implies(permission)); + // Else dynamically bound. Do we have it? + // NOTE: this will force loading of Policy.currentPolicy + return Policy.getCurrentPolicy().implies(this, permission); } /** - * This method returns a String representation of this - * object. It will print the CodeSource and - * permission set associated with this domain. + * Convert a ProtectionDomain to a String. * - * @return A String representation of this object. + * @return a string representation of the object. */ public String toString() { String linesep = System.getProperty("line.separator"); - StringBuffer sb = new StringBuffer(""); - sb.append("ProtectionDomain (" + linesep); + StringBuffer sb = new StringBuffer("ProtectionDomain (").append(linesep); + if (code_source == null) - sb.append("CodeSource:null" + linesep); + sb.append("CodeSource:null"); + else + sb.append(code_source); + + sb.append(linesep); + if (classloader == null) + sb.append("ClassLoader:null"); else - sb.append(code_source + linesep); - sb.append(perms); - sb.append(linesep + ")" + linesep); - - return sb.toString(); + sb.append(classloader); + + sb.append(linesep); + sb.append("Principals:"); + if (principals != null && principals.length > 0) + { + sb.append("["); + Principal pal; + for (int i = 0; i < principals.length; i++) + { + pal = principals[i]; + sb.append("'").append(pal.getName()) + .append("' of type ").append(pal.getClass().getName()); + if (i < principals.length-1) + sb.append(", "); + } + sb.append("]"); + } + else + sb.append("none"); + + sb.append(linesep); + if (!staticBinding) // include all but dont force loading Policy.currentPolicy + if (Policy.isLoaded()) + sb.append(Policy.getCurrentPolicy().getPermissions(this)); + else // fallback on this one's permissions + sb.append(perms); + else + sb.append(perms); + + return sb.append(linesep).append(")").append(linesep).toString(); } } -- cgit v1.2.3