author | chegar |
Thu, 17 Oct 2019 20:54:25 +0100 | |
branch | datagramsocketimpl-branch |
changeset 58679 | 9c3209ff7550 |
parent 58678 | 9cf78a70fa4f |
parent 58242 | 94bb65cb37d3 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
54472
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
2 |
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package java.security; |
|
27 |
||
54472
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
28 |
import java.io.InvalidObjectException; |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
29 |
import java.io.IOException; |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
30 |
import java.io.ObjectInputStream; |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
31 |
import java.io.ObjectOutputStream; |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
32 |
import java.io.ObjectStreamField; |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
33 |
import java.io.Serializable; |
2 | 34 |
import java.util.Enumeration; |
54472
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
35 |
import java.util.HashMap; |
2 | 36 |
import java.util.Hashtable; |
37 |
import java.util.Iterator; |
|
54472
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
38 |
import java.util.List; |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
39 |
import java.util.Map; |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
40 |
import java.util.NoSuchElementException; |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
41 |
import java.util.concurrent.ConcurrentHashMap; |
2 | 42 |
|
43 |
/** |
|
44 |
* This class represents a heterogeneous collection of Permissions. That is, |
|
45 |
* it contains different types of Permission objects, organized into |
|
46 |
* PermissionCollections. For example, if any |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
47 |
* {@code java.io.FilePermission} objects are added to an instance of |
2 | 48 |
* this class, they are all stored in a single |
49 |
* PermissionCollection. It is the PermissionCollection returned by a call to |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
50 |
* the {@code newPermissionCollection} method in the FilePermission class. |
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
51 |
* Similarly, any {@code java.lang.RuntimePermission} objects are |
2 | 52 |
* stored in the PermissionCollection returned by a call to the |
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
53 |
* {@code newPermissionCollection} method in the |
2 | 54 |
* RuntimePermission class. Thus, this class represents a collection of |
55 |
* PermissionCollections. |
|
56 |
* |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
57 |
* <p>When the {@code add} method is called to add a Permission, the |
2 | 58 |
* Permission is stored in the appropriate PermissionCollection. If no such |
59 |
* collection exists yet, the Permission object's class is determined and the |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
60 |
* {@code newPermissionCollection} method is called on that class to create |
2 | 61 |
* the PermissionCollection and add it to the Permissions object. If |
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
62 |
* {@code newPermissionCollection} returns null, then a default |
2 | 63 |
* PermissionCollection that uses a hashtable will be created and used. Each |
64 |
* hashtable entry stores a Permission object as both the key and the value. |
|
65 |
* |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
66 |
* <p> Enumerations returned via the {@code elements} method are |
2 | 67 |
* not <em>fail-fast</em>. Modifications to a collection should not be |
68 |
* performed while enumerating over that collection. |
|
69 |
* |
|
70 |
* @see Permission |
|
71 |
* @see PermissionCollection |
|
72 |
* @see AllPermission |
|
73 |
* |
|
74 |
* |
|
75 |
* @author Marianne Mueller |
|
76 |
* @author Roland Schemers |
|
45434
4582657c7260
8181082: class-level since tag issues in java.base & java.datatransfer module
mli
parents:
31538
diff
changeset
|
77 |
* @since 1.2 |
2 | 78 |
* |
79 |
* @serial exclude |
|
80 |
*/ |
|
81 |
||
82 |
public final class Permissions extends PermissionCollection |
|
83 |
implements Serializable |
|
84 |
{ |
|
85 |
/** |
|
86 |
* Key is permissions Class, value is PermissionCollection for that class. |
|
87 |
* Not serialized; see serialization section at end of class. |
|
88 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
89 |
private transient ConcurrentHashMap<Class<?>, PermissionCollection> permsMap; |
2 | 90 |
|
91 |
// optimization. keep track of whether unresolved permissions need to be |
|
92 |
// checked |
|
93 |
private transient boolean hasUnresolved = false; |
|
94 |
||
95 |
// optimization. keep track of the AllPermission collection |
|
96 |
// - package private for ProtectionDomain optimization |
|
97 |
PermissionCollection allPermission; |
|
98 |
||
99 |
/** |
|
100 |
* Creates a new Permissions object containing no PermissionCollections. |
|
101 |
*/ |
|
102 |
public Permissions() { |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
103 |
permsMap = new ConcurrentHashMap<>(11); |
2 | 104 |
allPermission = null; |
105 |
} |
|
106 |
||
107 |
/** |
|
108 |
* Adds a permission object to the PermissionCollection for the class the |
|
109 |
* permission belongs to. For example, if <i>permission</i> is a |
|
110 |
* FilePermission, it is added to the FilePermissionCollection stored |
|
111 |
* in this Permissions object. |
|
112 |
* |
|
113 |
* This method creates |
|
114 |
* a new PermissionCollection object (and adds the permission to it) |
|
29492
a4bf9a570035
8028266: Tidy warnings cleanup for packages java.security/javax.security
avstepan
parents:
25859
diff
changeset
|
115 |
* if an appropriate collection does not yet exist. |
2 | 116 |
* |
117 |
* @param permission the Permission object to add. |
|
118 |
* |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
57950
diff
changeset
|
119 |
* @throws SecurityException if this Permissions object is |
2 | 120 |
* marked as readonly. |
121 |
* |
|
122 |
* @see PermissionCollection#isReadOnly() |
|
123 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
124 |
@Override |
2 | 125 |
public void add(Permission permission) { |
126 |
if (isReadOnly()) |
|
127 |
throw new SecurityException( |
|
128 |
"attempt to add a Permission to a readonly Permissions object"); |
|
129 |
||
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
130 |
PermissionCollection pc = getPermissionCollection(permission, true); |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
131 |
pc.add(permission); |
2 | 132 |
|
133 |
// No sync; staleness -> optimizations delayed, which is OK |
|
134 |
if (permission instanceof AllPermission) { |
|
135 |
allPermission = pc; |
|
136 |
} |
|
137 |
if (permission instanceof UnresolvedPermission) { |
|
138 |
hasUnresolved = true; |
|
139 |
} |
|
140 |
} |
|
141 |
||
142 |
/** |
|
143 |
* Checks to see if this object's PermissionCollection for permissions of |
|
144 |
* the specified permission's class implies the permissions |
|
145 |
* expressed in the <i>permission</i> object. Returns true if the |
|
146 |
* combination of permissions in the appropriate PermissionCollection |
|
147 |
* (e.g., a FilePermissionCollection for a FilePermission) together |
|
148 |
* imply the specified permission. |
|
149 |
* |
|
150 |
* <p>For example, suppose there is a FilePermissionCollection in this |
|
151 |
* Permissions object, and it contains one FilePermission that specifies |
|
152 |
* "read" access for all files in all subdirectories of the "/tmp" |
|
153 |
* directory, and another FilePermission that specifies "write" access |
|
154 |
* for all files in the "/tmp/scratch/foo" directory. |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
155 |
* Then if the {@code implies} method |
2 | 156 |
* is called with a permission specifying both "read" and "write" access |
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
157 |
* to files in the "/tmp/scratch/foo" directory, {@code true} is |
2 | 158 |
* returned. |
159 |
* |
|
160 |
* <p>Additionally, if this PermissionCollection contains the |
|
161 |
* AllPermission, this method will always return true. |
|
29492
a4bf9a570035
8028266: Tidy warnings cleanup for packages java.security/javax.security
avstepan
parents:
25859
diff
changeset
|
162 |
* |
2 | 163 |
* @param permission the Permission object to check. |
164 |
* |
|
165 |
* @return true if "permission" is implied by the permissions in the |
|
166 |
* PermissionCollection it |
|
167 |
* belongs to, false if not. |
|
168 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
169 |
@Override |
2 | 170 |
public boolean implies(Permission permission) { |
171 |
// No sync; staleness -> skip optimization, which is OK |
|
172 |
if (allPermission != null) { |
|
173 |
return true; // AllPermission has already been added |
|
174 |
} else { |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
175 |
PermissionCollection pc = getPermissionCollection(permission, |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
176 |
false); |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
177 |
if (pc != null) { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
178 |
return pc.implies(permission); |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
179 |
} else { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
180 |
// none found |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
181 |
return false; |
2 | 182 |
} |
183 |
} |
|
184 |
} |
|
185 |
||
186 |
/** |
|
187 |
* Returns an enumeration of all the Permission objects in all the |
|
188 |
* PermissionCollections in this Permissions object. |
|
189 |
* |
|
190 |
* @return an enumeration of all the Permissions. |
|
191 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
192 |
@Override |
2 | 193 |
public Enumeration<Permission> elements() { |
194 |
// go through each Permissions in the hash table |
|
195 |
// and call their elements() function. |
|
196 |
||
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
197 |
return new PermissionsEnumerator(permsMap.values().iterator()); |
2 | 198 |
} |
199 |
||
200 |
/** |
|
201 |
* Gets the PermissionCollection in this Permissions object for |
|
202 |
* permissions whose type is the same as that of <i>p</i>. |
|
203 |
* For example, if <i>p</i> is a FilePermission, |
|
204 |
* the FilePermissionCollection |
|
205 |
* stored in this Permissions object will be returned. |
|
206 |
* |
|
207 |
* If createEmpty is true, |
|
208 |
* this method creates a new PermissionCollection object for the specified |
|
209 |
* type of permission objects if one does not yet exist. |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
210 |
* To do so, it first calls the {@code newPermissionCollection} method |
2 | 211 |
* on <i>p</i>. Subclasses of class Permission |
212 |
* override that method if they need to store their permissions in a |
|
213 |
* particular PermissionCollection object in order to provide the |
|
18579
b678846778ad
8019360: Cleanup of the javadoc <code> tag in java.security.*
juh
parents:
10336
diff
changeset
|
214 |
* correct semantics when the {@code PermissionCollection.implies} |
2 | 215 |
* method is called. |
216 |
* If the call returns a PermissionCollection, that collection is stored |
|
217 |
* in this Permissions object. If the call returns null and createEmpty |
|
218 |
* is true, then |
|
219 |
* this method instantiates and stores a default PermissionCollection |
|
220 |
* that uses a hashtable to store its permission objects. |
|
221 |
* |
|
222 |
* createEmpty is ignored when creating empty PermissionCollection |
|
223 |
* for unresolved permissions because of the overhead of determining the |
|
224 |
* PermissionCollection to use. |
|
225 |
* |
|
226 |
* createEmpty should be set to false when this method is invoked from |
|
227 |
* implies() because it incurs the additional overhead of creating and |
|
228 |
* adding an empty PermissionCollection that will just return false. |
|
229 |
* It should be set to true when invoked from add(). |
|
230 |
*/ |
|
231 |
private PermissionCollection getPermissionCollection(Permission p, |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
232 |
boolean createEmpty) { |
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
233 |
Class<?> c = p.getClass(); |
2 | 234 |
|
235 |
if (!hasUnresolved && !createEmpty) { |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
236 |
return permsMap.get(c); |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
237 |
} |
2 | 238 |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
239 |
// Create and add permission collection to map if it is absent. |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
240 |
// NOTE: cannot use lambda for mappingFunction parameter until |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
241 |
// JDK-8076596 is fixed. |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
242 |
return permsMap.computeIfAbsent(c, |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
243 |
new java.util.function.Function<>() { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
244 |
@Override |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
245 |
public PermissionCollection apply(Class<?> k) { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
246 |
// Check for unresolved permissions |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
247 |
PermissionCollection pc = |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
248 |
(hasUnresolved ? getUnresolvedPermissions(p) : null); |
2 | 249 |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
250 |
// if still null, create a new collection |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
251 |
if (pc == null && createEmpty) { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
252 |
|
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
253 |
pc = p.newPermissionCollection(); |
2 | 254 |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
255 |
// still no PermissionCollection? |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
256 |
// We'll give them a PermissionsHash. |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
257 |
if (pc == null) { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
258 |
pc = new PermissionsHash(); |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
259 |
} |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
260 |
} |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
261 |
return pc; |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
262 |
} |
2 | 263 |
} |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
264 |
); |
2 | 265 |
} |
266 |
||
267 |
/** |
|
268 |
* Resolves any unresolved permissions of type p. |
|
269 |
* |
|
270 |
* @param p the type of unresolved permission to resolve |
|
271 |
* |
|
272 |
* @return PermissionCollection containing the unresolved permissions, |
|
273 |
* or null if there were no unresolved permissions of type p. |
|
274 |
* |
|
275 |
*/ |
|
276 |
private PermissionCollection getUnresolvedPermissions(Permission p) |
|
277 |
{ |
|
278 |
UnresolvedPermissionCollection uc = |
|
279 |
(UnresolvedPermissionCollection) permsMap.get(UnresolvedPermission.class); |
|
280 |
||
281 |
// we have no unresolved permissions if uc is null |
|
282 |
if (uc == null) |
|
283 |
return null; |
|
284 |
||
285 |
List<UnresolvedPermission> unresolvedPerms = |
|
286 |
uc.getUnresolvedPermissions(p); |
|
287 |
||
288 |
// we have no unresolved permissions of this type if unresolvedPerms is null |
|
289 |
if (unresolvedPerms == null) |
|
290 |
return null; |
|
291 |
||
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
31080
diff
changeset
|
292 |
java.security.cert.Certificate[] certs = null; |
2 | 293 |
|
31538
0981099a3e54
8130022: Use Java-style array declarations consistently
igerasim
parents:
31080
diff
changeset
|
294 |
Object[] signers = p.getClass().getSigners(); |
2 | 295 |
|
296 |
int n = 0; |
|
297 |
if (signers != null) { |
|
298 |
for (int j=0; j < signers.length; j++) { |
|
299 |
if (signers[j] instanceof java.security.cert.Certificate) { |
|
300 |
n++; |
|
301 |
} |
|
302 |
} |
|
303 |
certs = new java.security.cert.Certificate[n]; |
|
304 |
n = 0; |
|
305 |
for (int j=0; j < signers.length; j++) { |
|
306 |
if (signers[j] instanceof java.security.cert.Certificate) { |
|
307 |
certs[n++] = (java.security.cert.Certificate)signers[j]; |
|
308 |
} |
|
309 |
} |
|
310 |
} |
|
311 |
||
312 |
PermissionCollection pc = null; |
|
313 |
synchronized (unresolvedPerms) { |
|
314 |
int len = unresolvedPerms.size(); |
|
315 |
for (int i = 0; i < len; i++) { |
|
316 |
UnresolvedPermission up = unresolvedPerms.get(i); |
|
317 |
Permission perm = up.resolve(p, certs); |
|
318 |
if (perm != null) { |
|
319 |
if (pc == null) { |
|
320 |
pc = p.newPermissionCollection(); |
|
321 |
if (pc == null) |
|
322 |
pc = new PermissionsHash(); |
|
323 |
} |
|
324 |
pc.add(perm); |
|
325 |
} |
|
326 |
} |
|
327 |
} |
|
328 |
return pc; |
|
329 |
} |
|
330 |
||
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
54472
diff
changeset
|
331 |
@java.io.Serial |
2 | 332 |
private static final long serialVersionUID = 4858622370623524688L; |
333 |
||
334 |
// Need to maintain serialization interoperability with earlier releases, |
|
335 |
// which had the serializable field: |
|
336 |
// private Hashtable perms; |
|
337 |
||
338 |
/** |
|
339 |
* @serialField perms java.util.Hashtable |
|
340 |
* A table of the Permission classes and PermissionCollections. |
|
341 |
* @serialField allPermission java.security.PermissionCollection |
|
342 |
*/ |
|
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
54472
diff
changeset
|
343 |
@java.io.Serial |
2 | 344 |
private static final ObjectStreamField[] serialPersistentFields = { |
345 |
new ObjectStreamField("perms", Hashtable.class), |
|
346 |
new ObjectStreamField("allPermission", PermissionCollection.class), |
|
347 |
}; |
|
348 |
||
349 |
/** |
|
350 |
* @serialData Default fields. |
|
351 |
*/ |
|
352 |
/* |
|
353 |
* Writes the contents of the permsMap field out as a Hashtable for |
|
354 |
* serialization compatibility with earlier releases. allPermission |
|
355 |
* unchanged. |
|
356 |
*/ |
|
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
54472
diff
changeset
|
357 |
@java.io.Serial |
2 | 358 |
private void writeObject(ObjectOutputStream out) throws IOException { |
359 |
// Don't call out.defaultWriteObject() |
|
360 |
||
361 |
// Copy perms into a Hashtable |
|
362 |
Hashtable<Class<?>, PermissionCollection> perms = |
|
7970
af1579474d16
7008728: diamond conversion of basic security, permissions, authentication
smarks
parents:
5506
diff
changeset
|
363 |
new Hashtable<>(permsMap.size()*2); // no sync; estimate |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
364 |
perms.putAll(permsMap); |
2 | 365 |
|
366 |
// Write out serializable fields |
|
367 |
ObjectOutputStream.PutField pfields = out.putFields(); |
|
368 |
||
369 |
pfields.put("allPermission", allPermission); // no sync; staleness OK |
|
370 |
pfields.put("perms", perms); |
|
371 |
out.writeFields(); |
|
372 |
} |
|
373 |
||
374 |
/* |
|
375 |
* Reads in a Hashtable of Class/PermissionCollections and saves them in the |
|
376 |
* permsMap field. Reads in allPermission. |
|
377 |
*/ |
|
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
54472
diff
changeset
|
378 |
@java.io.Serial |
2 | 379 |
private void readObject(ObjectInputStream in) throws IOException, |
380 |
ClassNotFoundException { |
|
381 |
// Don't call defaultReadObject() |
|
382 |
||
383 |
// Read in serialized fields |
|
384 |
ObjectInputStream.GetField gfields = in.readFields(); |
|
385 |
||
386 |
// Get allPermission |
|
387 |
allPermission = (PermissionCollection) gfields.get("allPermission", null); |
|
388 |
||
389 |
// Get permissions |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
390 |
// writeObject writes a Hashtable<Class<?>, PermissionCollection> for |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
391 |
// the perms key, so this cast is safe, unless the data is corrupt. |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
392 |
@SuppressWarnings("unchecked") |
2 | 393 |
Hashtable<Class<?>, PermissionCollection> perms = |
394 |
(Hashtable<Class<?>, PermissionCollection>)gfields.get("perms", null); |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
395 |
permsMap = new ConcurrentHashMap<>(perms.size()*2); |
2 | 396 |
permsMap.putAll(perms); |
397 |
||
54472
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
398 |
// Check that Class is mapped to PermissionCollection containing |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
399 |
// Permissions of the same class |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
400 |
for (Map.Entry<Class<?>, PermissionCollection> e : perms.entrySet()) { |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
401 |
Class<?> k = e.getKey(); |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
402 |
PermissionCollection v = e.getValue(); |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
403 |
Enumeration<Permission> en = v.elements(); |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
404 |
while (en.hasMoreElements()) { |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
405 |
Permission p = en.nextElement(); |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
406 |
if (!k.equals(p.getClass())) { |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
407 |
throw new InvalidObjectException("Permission with class " + |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
408 |
k + " incorrectly mapped to PermissionCollection " + |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
409 |
"containing Permission with " + p.getClass()); |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
410 |
} |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
411 |
} |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
412 |
} |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
413 |
|
2 | 414 |
// Set hasUnresolved |
415 |
UnresolvedPermissionCollection uc = |
|
416 |
(UnresolvedPermissionCollection) permsMap.get(UnresolvedPermission.class); |
|
417 |
hasUnresolved = (uc != null && uc.elements().hasMoreElements()); |
|
418 |
} |
|
419 |
} |
|
420 |
||
421 |
final class PermissionsEnumerator implements Enumeration<Permission> { |
|
422 |
||
423 |
// all the perms |
|
424 |
private Iterator<PermissionCollection> perms; |
|
425 |
// the current set |
|
426 |
private Enumeration<Permission> permset; |
|
427 |
||
428 |
PermissionsEnumerator(Iterator<PermissionCollection> e) { |
|
429 |
perms = e; |
|
430 |
permset = getNextEnumWithMore(); |
|
431 |
} |
|
432 |
||
433 |
// No need to synchronize; caller should sync on object as required |
|
434 |
public boolean hasMoreElements() { |
|
435 |
// if we enter with permissionimpl null, we know |
|
436 |
// there are no more left. |
|
437 |
||
438 |
if (permset == null) |
|
439 |
return false; |
|
440 |
||
441 |
// try to see if there are any left in the current one |
|
442 |
||
443 |
if (permset.hasMoreElements()) |
|
444 |
return true; |
|
445 |
||
446 |
// get the next one that has something in it... |
|
447 |
permset = getNextEnumWithMore(); |
|
448 |
||
449 |
// if it is null, we are done! |
|
450 |
return (permset != null); |
|
451 |
} |
|
452 |
||
453 |
// No need to synchronize; caller should sync on object as required |
|
454 |
public Permission nextElement() { |
|
455 |
||
456 |
// hasMoreElements will update permset to the next permset |
|
457 |
// with something in it... |
|
458 |
||
459 |
if (hasMoreElements()) { |
|
460 |
return permset.nextElement(); |
|
461 |
} else { |
|
462 |
throw new NoSuchElementException("PermissionsEnumerator"); |
|
463 |
} |
|
464 |
||
465 |
} |
|
466 |
||
467 |
private Enumeration<Permission> getNextEnumWithMore() { |
|
468 |
while (perms.hasNext()) { |
|
469 |
PermissionCollection pc = perms.next(); |
|
470 |
Enumeration<Permission> next =pc.elements(); |
|
471 |
if (next.hasMoreElements()) |
|
472 |
return next; |
|
473 |
} |
|
474 |
return null; |
|
475 |
||
476 |
} |
|
477 |
} |
|
478 |
||
479 |
/** |
|
480 |
* A PermissionsHash stores a homogeneous set of permissions in a hashtable. |
|
481 |
* |
|
482 |
* @see Permission |
|
483 |
* @see Permissions |
|
484 |
* |
|
485 |
* |
|
486 |
* @author Roland Schemers |
|
487 |
* |
|
488 |
* @serial include |
|
489 |
*/ |
|
490 |
||
491 |
final class PermissionsHash extends PermissionCollection |
|
492 |
implements Serializable |
|
493 |
{ |
|
494 |
/** |
|
495 |
* Key and value are (same) permissions objects. |
|
496 |
* Not serialized; see serialization section at end of class. |
|
497 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
498 |
private transient ConcurrentHashMap<Permission, Permission> permsMap; |
2 | 499 |
|
500 |
/** |
|
501 |
* Create an empty PermissionsHash object. |
|
502 |
*/ |
|
503 |
PermissionsHash() { |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
504 |
permsMap = new ConcurrentHashMap<>(11); |
2 | 505 |
} |
506 |
||
507 |
/** |
|
508 |
* Adds a permission to the PermissionsHash. |
|
509 |
* |
|
510 |
* @param permission the Permission object to add. |
|
511 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
512 |
@Override |
2 | 513 |
public void add(Permission permission) { |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
514 |
permsMap.put(permission, permission); |
2 | 515 |
} |
516 |
||
517 |
/** |
|
518 |
* Check and see if this set of permissions implies the permissions |
|
519 |
* expressed in "permission". |
|
520 |
* |
|
521 |
* @param permission the Permission object to compare |
|
522 |
* |
|
523 |
* @return true if "permission" is a proper subset of a permission in |
|
524 |
* the set, false if not. |
|
525 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
526 |
@Override |
2 | 527 |
public boolean implies(Permission permission) { |
528 |
// attempt a fast lookup and implies. If that fails |
|
529 |
// then enumerate through all the permissions. |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
530 |
Permission p = permsMap.get(permission); |
2 | 531 |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
532 |
// If permission is found, then p.equals(permission) |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
533 |
if (p == null) { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
534 |
for (Permission p_ : permsMap.values()) { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
535 |
if (p_.implies(permission)) |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
536 |
return true; |
2 | 537 |
} |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
538 |
return false; |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
539 |
} else { |
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
540 |
return true; |
2 | 541 |
} |
542 |
} |
|
543 |
||
544 |
/** |
|
545 |
* Returns an enumeration of all the Permission objects in the container. |
|
546 |
* |
|
547 |
* @return an enumeration of all the Permissions. |
|
548 |
*/ |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
549 |
@Override |
2 | 550 |
public Enumeration<Permission> elements() { |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
551 |
return permsMap.elements(); |
2 | 552 |
} |
553 |
||
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
54472
diff
changeset
|
554 |
@java.io.Serial |
2 | 555 |
private static final long serialVersionUID = -8491988220802933440L; |
556 |
// Need to maintain serialization interoperability with earlier releases, |
|
557 |
// which had the serializable field: |
|
558 |
// private Hashtable perms; |
|
559 |
/** |
|
560 |
* @serialField perms java.util.Hashtable |
|
561 |
* A table of the Permissions (both key and value are same). |
|
562 |
*/ |
|
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
54472
diff
changeset
|
563 |
@java.io.Serial |
2 | 564 |
private static final ObjectStreamField[] serialPersistentFields = { |
565 |
new ObjectStreamField("perms", Hashtable.class), |
|
566 |
}; |
|
567 |
||
568 |
/** |
|
569 |
* @serialData Default fields. |
|
570 |
*/ |
|
571 |
/* |
|
572 |
* Writes the contents of the permsMap field out as a Hashtable for |
|
573 |
* serialization compatibility with earlier releases. |
|
574 |
*/ |
|
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
54472
diff
changeset
|
575 |
@java.io.Serial |
2 | 576 |
private void writeObject(ObjectOutputStream out) throws IOException { |
577 |
// Don't call out.defaultWriteObject() |
|
578 |
||
579 |
// Copy perms into a Hashtable |
|
580 |
Hashtable<Permission, Permission> perms = |
|
7970
af1579474d16
7008728: diamond conversion of basic security, permissions, authentication
smarks
parents:
5506
diff
changeset
|
581 |
new Hashtable<>(permsMap.size()*2); |
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
582 |
perms.putAll(permsMap); |
2 | 583 |
|
584 |
// Write out serializable fields |
|
585 |
ObjectOutputStream.PutField pfields = out.putFields(); |
|
586 |
pfields.put("perms", perms); |
|
587 |
out.writeFields(); |
|
588 |
} |
|
589 |
||
590 |
/* |
|
591 |
* Reads in a Hashtable of Permission/Permission and saves them in the |
|
592 |
* permsMap field. |
|
593 |
*/ |
|
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
54472
diff
changeset
|
594 |
@java.io.Serial |
2 | 595 |
private void readObject(ObjectInputStream in) throws IOException, |
596 |
ClassNotFoundException { |
|
597 |
// Don't call defaultReadObject() |
|
598 |
||
599 |
// Read in serialized fields |
|
600 |
ObjectInputStream.GetField gfields = in.readFields(); |
|
601 |
||
602 |
// Get permissions |
|
10336
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
603 |
// writeObject writes a Hashtable<Class<?>, PermissionCollection> for |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
604 |
// the perms key, so this cast is safe, unless the data is corrupt. |
0bb1999251f8
7064075: Security libraries don't build with javac -Xlint:all,-deprecation -Werror
jjg
parents:
9035
diff
changeset
|
605 |
@SuppressWarnings("unchecked") |
2 | 606 |
Hashtable<Permission, Permission> perms = |
607 |
(Hashtable<Permission, Permission>)gfields.get("perms", null); |
|
31080
00a25f4c4d44
8056179: Store permissions in concurrent collections in PermissionCollection subclasses
mullan
parents:
30033
diff
changeset
|
608 |
permsMap = new ConcurrentHashMap<>(perms.size()*2); |
2 | 609 |
permsMap.putAll(perms); |
54472
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
610 |
|
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
611 |
// check that the Permission key and value are the same object |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
612 |
for (Map.Entry<Permission, Permission> e : perms.entrySet()) { |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
613 |
Permission k = e.getKey(); |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
614 |
Permission v = e.getValue(); |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
615 |
if (k != v) { |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
616 |
throw new InvalidObjectException("Permission (" + k + |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
617 |
") incorrectly mapped to Permission (" + v + ")"); |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
618 |
} |
89295131e353
8020637: Permissions.readObject doesn't enforce proper Class to PermissionCollection mappings
mullan
parents:
47216
diff
changeset
|
619 |
} |
2 | 620 |
} |
621 |
} |