24 */ |
24 */ |
25 |
25 |
26 package sun.security.provider; |
26 package sun.security.provider; |
27 |
27 |
28 import java.io.*; |
28 import java.io.*; |
29 import java.lang.RuntimePermission; |
|
30 import java.lang.reflect.*; |
29 import java.lang.reflect.*; |
31 import java.lang.ref.*; |
|
32 import java.net.MalformedURLException; |
30 import java.net.MalformedURLException; |
33 import java.net.URL; |
31 import java.net.URL; |
34 import java.net.URI; |
32 import java.net.URI; |
35 import java.util.*; |
33 import java.util.*; |
36 import java.util.Enumeration; |
34 import java.util.Enumeration; |
37 import java.util.Hashtable; |
|
38 import java.util.List; |
35 import java.util.List; |
39 import java.util.StringTokenizer; |
36 import java.util.StringTokenizer; |
40 import java.util.PropertyPermission; |
|
41 import java.util.ArrayList; |
37 import java.util.ArrayList; |
42 import java.util.ListIterator; |
38 import java.util.ListIterator; |
43 import java.util.WeakHashMap; |
|
44 import java.text.MessageFormat; |
39 import java.text.MessageFormat; |
45 import com.sun.security.auth.PrincipalComparator; |
40 import com.sun.security.auth.PrincipalComparator; |
46 import java.security.*; |
41 import java.security.*; |
47 import java.security.cert.Certificate; |
42 import java.security.cert.Certificate; |
48 import java.security.cert.X509Certificate; |
43 import java.security.cert.X509Certificate; |
49 import javax.security.auth.PrivateCredentialPermission; |
|
50 import javax.security.auth.Subject; |
44 import javax.security.auth.Subject; |
51 import javax.security.auth.x500.X500Principal; |
45 import javax.security.auth.x500.X500Principal; |
52 import java.io.FilePermission; |
46 import java.io.FilePermission; |
53 import java.net.SocketPermission; |
47 import java.net.SocketPermission; |
54 import java.net.NetPermission; |
48 import java.net.NetPermission; |
66 import javax.net.ssl.SSLPermission; |
60 import javax.net.ssl.SSLPermission; |
67 */ |
61 */ |
68 import sun.misc.JavaSecurityProtectionDomainAccess; |
62 import sun.misc.JavaSecurityProtectionDomainAccess; |
69 import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache; |
63 import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache; |
70 import sun.misc.SharedSecrets; |
64 import sun.misc.SharedSecrets; |
71 import sun.security.util.Password; |
|
72 import sun.security.util.PolicyUtil; |
65 import sun.security.util.PolicyUtil; |
73 import sun.security.util.PropertyExpander; |
66 import sun.security.util.PropertyExpander; |
74 import sun.security.util.Debug; |
67 import sun.security.util.Debug; |
75 import sun.security.util.ResourcesMgr; |
68 import sun.security.util.ResourcesMgr; |
76 import sun.security.util.SecurityConstants; |
69 import sun.security.util.SecurityConstants; |
1004 /** |
997 /** |
1005 * Creates one of the well-known permissions directly instead of |
998 * Creates one of the well-known permissions directly instead of |
1006 * via reflection. Keep list short to not penalize non-JDK-defined |
999 * via reflection. Keep list short to not penalize non-JDK-defined |
1007 * permissions. |
1000 * permissions. |
1008 */ |
1001 */ |
1009 private static final Permission getKnownInstance(Class claz, |
1002 private static final Permission getKnownInstance(Class<?> claz, |
1010 String name, String actions) { |
1003 String name, String actions) { |
1011 // XXX shorten list to most popular ones? |
1004 // XXX shorten list to most popular ones? |
1012 if (claz.equals(FilePermission.class)) { |
1005 if (claz.equals(FilePermission.class)) { |
1013 return new FilePermission(name, actions); |
1006 return new FilePermission(name, actions); |
1014 } else if (claz.equals(SocketPermission.class)) { |
1007 } else if (claz.equals(SocketPermission.class)) { |
1344 debug.println("evaluate principals:\n" + |
1337 debug.println("evaluate principals:\n" + |
1345 "\tPolicy Principals: " + entryPs + "\n" + |
1338 "\tPolicy Principals: " + entryPs + "\n" + |
1346 "\tActive Principals: " + accPs); |
1339 "\tActive Principals: " + accPs); |
1347 } |
1340 } |
1348 |
1341 |
1349 if (entryPs == null || entryPs.size() == 0) { |
1342 if (entryPs == null || entryPs.isEmpty()) { |
1350 |
1343 |
1351 // policy entry has no principals - |
1344 // policy entry has no principals - |
1352 // add perms regardless of principals in current ACC |
1345 // add perms regardless of principals in current ACC |
1353 |
1346 |
1354 addPerms(perms, principals, entry); |
1347 addPerms(perms, principals, entry); |
1545 private void expandSelf(SelfPermission sp, |
1538 private void expandSelf(SelfPermission sp, |
1546 List<PolicyParser.PrincipalEntry> entryPs, |
1539 List<PolicyParser.PrincipalEntry> entryPs, |
1547 Principal[] pdp, |
1540 Principal[] pdp, |
1548 Permissions perms) { |
1541 Permissions perms) { |
1549 |
1542 |
1550 if (entryPs == null || entryPs.size() == 0) { |
1543 if (entryPs == null || entryPs.isEmpty()) { |
1551 // No principals in the grant to substitute |
1544 // No principals in the grant to substitute |
1552 if (debug != null) { |
1545 if (debug != null) { |
1553 debug.println("Ignoring permission " |
1546 debug.println("Ignoring permission " |
1554 + sp.getSelfType() |
1547 + sp.getSelfType() |
1555 + " with target name (" |
1548 + " with target name (" |
1888 * or if replacement succeeded. |
1881 * or if replacement succeeded. |
1889 */ |
1882 */ |
1890 private boolean replacePrincipals( |
1883 private boolean replacePrincipals( |
1891 List<PolicyParser.PrincipalEntry> principals, KeyStore keystore) { |
1884 List<PolicyParser.PrincipalEntry> principals, KeyStore keystore) { |
1892 |
1885 |
1893 if (principals == null || principals.size() == 0 || keystore == null) |
1886 if (principals == null || principals.isEmpty() || keystore == null) |
1894 return true; |
1887 return true; |
1895 |
1888 |
1896 ListIterator<PolicyParser.PrincipalEntry> i = principals.listIterator(); |
1889 ListIterator<PolicyParser.PrincipalEntry> i = principals.listIterator(); |
1897 while (i.hasNext()) { |
1890 while (i.hasNext()) { |
1898 PolicyParser.PrincipalEntry pppe = i.next(); |
1891 PolicyParser.PrincipalEntry pppe = i.next(); |
2401 // Stores grant entries gotten from identity database |
2394 // Stores grant entries gotten from identity database |
2402 // Use separate lists to avoid sync on policyEntries |
2395 // Use separate lists to avoid sync on policyEntries |
2403 final List<PolicyEntry> identityPolicyEntries; |
2396 final List<PolicyEntry> identityPolicyEntries; |
2404 |
2397 |
2405 // Maps aliases to certs |
2398 // Maps aliases to certs |
2406 final Map aliasMapping; |
2399 final Map<Object, Object> aliasMapping; |
2407 |
2400 |
2408 // Maps ProtectionDomain to PermissionCollection |
2401 // Maps ProtectionDomain to PermissionCollection |
2409 private final ProtectionDomainCache[] pdMapping; |
2402 private final ProtectionDomainCache[] pdMapping; |
2410 private java.util.Random random; |
2403 private java.util.Random random; |
2411 |
2404 |
2412 PolicyInfo(int numCaches) { |
2405 PolicyInfo(int numCaches) { |
2413 policyEntries = new ArrayList<PolicyEntry>(); |
2406 policyEntries = new ArrayList<PolicyEntry>(); |
2414 identityPolicyEntries = |
2407 identityPolicyEntries = |
2415 Collections.synchronizedList(new ArrayList<PolicyEntry>(2)); |
2408 Collections.synchronizedList(new ArrayList<PolicyEntry>(2)); |
2416 aliasMapping = Collections.synchronizedMap(new HashMap(11)); |
2409 aliasMapping = Collections.synchronizedMap( |
|
2410 new HashMap<Object, Object>(11)); |
2417 |
2411 |
2418 pdMapping = new ProtectionDomainCache[numCaches]; |
2412 pdMapping = new ProtectionDomainCache[numCaches]; |
2419 JavaSecurityProtectionDomainAccess jspda |
2413 JavaSecurityProtectionDomainAccess jspda |
2420 = SharedSecrets.getJavaSecurityProtectionDomainAccess(); |
2414 = SharedSecrets.getJavaSecurityProtectionDomainAccess(); |
2421 for (int i = 0; i < numCaches; i++) { |
2415 for (int i = 0; i < numCaches; i++) { |