Mercurial Mercurial > jdk-sandbox / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/share/classes/sun/security/provider/PolicyFile.java
changeset 10336 0bb1999251f8
parent 9771 0e8006984450
child 11992 664aa0d389f9
equal deleted inserted replaced
10335:3c7eda3ab2f5 10336:0bb1999251f8 
    24  */
 
    24  */
 
    25 
    25 
    26 package sun.security.provider;
 
    26 package sun.security.provider;
 
    27 
    27 
    28 import java.io.*;
 
    28 import java.io.*;
 
    29 import java.lang.RuntimePermission;
 
       
    30 import java.lang.reflect.*;
 
    29 import java.lang.reflect.*;
 
    31 import java.lang.ref.*;
 
       
    32 import java.net.MalformedURLException;
 
    30 import java.net.MalformedURLException;
 
    33 import java.net.URL;
 
    31 import java.net.URL;
 
    34 import java.net.URI;
 
    32 import java.net.URI;
 
    35 import java.util.*;
 
    33 import java.util.*;
 
    36 import java.util.Enumeration;
 
    34 import java.util.Enumeration;
 
    37 import java.util.Hashtable;
 
       
    38 import java.util.List;
 
    35 import java.util.List;
 
    39 import java.util.StringTokenizer;
 
    36 import java.util.StringTokenizer;
 
    40 import java.util.PropertyPermission;
 
       
    41 import java.util.ArrayList;
 
    37 import java.util.ArrayList;
 
    42 import java.util.ListIterator;
 
    38 import java.util.ListIterator;
 
    43 import java.util.WeakHashMap;
 
       
    44 import java.text.MessageFormat;
 
    39 import java.text.MessageFormat;
 
    45 import com.sun.security.auth.PrincipalComparator;
 
    40 import com.sun.security.auth.PrincipalComparator;
 
    46 import java.security.*;
 
    41 import java.security.*;
 
    47 import java.security.cert.Certificate;
 
    42 import java.security.cert.Certificate;
 
    48 import java.security.cert.X509Certificate;
 
    43 import java.security.cert.X509Certificate;
 
    49 import javax.security.auth.PrivateCredentialPermission;
 
       
    50 import javax.security.auth.Subject;
 
    44 import javax.security.auth.Subject;
 
    51 import javax.security.auth.x500.X500Principal;
 
    45 import javax.security.auth.x500.X500Principal;
 
    52 import java.io.FilePermission;
 
    46 import java.io.FilePermission;
 
    53 import java.net.SocketPermission;
 
    47 import java.net.SocketPermission;
 
    54 import java.net.NetPermission;
 
    48 import java.net.NetPermission;
 
    66 import javax.net.ssl.SSLPermission;
 
    60 import javax.net.ssl.SSLPermission;
 
    67 */
 
    61 */
 
    68 import sun.misc.JavaSecurityProtectionDomainAccess;
 
    62 import sun.misc.JavaSecurityProtectionDomainAccess;
 
    69 import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
 
    63 import static sun.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
 
    70 import sun.misc.SharedSecrets;
 
    64 import sun.misc.SharedSecrets;
 
    71 import sun.security.util.Password;
 
       
    72 import sun.security.util.PolicyUtil;
 
    65 import sun.security.util.PolicyUtil;
 
    73 import sun.security.util.PropertyExpander;
 
    66 import sun.security.util.PropertyExpander;
 
    74 import sun.security.util.Debug;
 
    67 import sun.security.util.Debug;
 
    75 import sun.security.util.ResourcesMgr;
 
    68 import sun.security.util.ResourcesMgr;
 
    76 import sun.security.util.SecurityConstants;
 
    69 import sun.security.util.SecurityConstants;
 
  1004     /**
 
   997     /**
 
  1005      * Creates one of the well-known permissions directly instead of
 
   998      * Creates one of the well-known permissions directly instead of
 
  1006      * via reflection. Keep list short to not penalize non-JDK-defined
 
   999      * via reflection. Keep list short to not penalize non-JDK-defined
 
  1007      * permissions.
 
  1000      * permissions.
 
  1008      */
 
  1001      */
 
  1009     private static final Permission getKnownInstance(Class claz,
 
  1002     private static final Permission getKnownInstance(Class<?> claz,
 
  1010         String name, String actions) {
 
  1003         String name, String actions) {
 
  1011         // XXX shorten list to most popular ones?
 
  1004         // XXX shorten list to most popular ones?
 
  1012         if (claz.equals(FilePermission.class)) {
 
  1005         if (claz.equals(FilePermission.class)) {
 
  1013             return new FilePermission(name, actions);
 
  1006             return new FilePermission(name, actions);
 
  1014         } else if (claz.equals(SocketPermission.class)) {
 
  1007         } else if (claz.equals(SocketPermission.class)) {
 
  1344             debug.println("evaluate principals:\n" +
 
  1337             debug.println("evaluate principals:\n" +
 
  1345                 "\tPolicy Principals: " + entryPs + "\n" +
 
  1338                 "\tPolicy Principals: " + entryPs + "\n" +
 
  1346                 "\tActive Principals: " + accPs);
 
  1339                 "\tActive Principals: " + accPs);
 
  1347         }
 
  1340         }
 
  1348 
  1341 
  1349         if (entryPs == null || entryPs.size() == 0) {
 
  1342         if (entryPs == null || entryPs.isEmpty()) {
 
  1350 
  1343 
  1351             // policy entry has no principals -
 
  1344             // policy entry has no principals -
 
  1352             // add perms regardless of principals in current ACC
 
  1345             // add perms regardless of principals in current ACC
 
  1353 
  1346 
  1354             addPerms(perms, principals, entry);
 
  1347             addPerms(perms, principals, entry);
 
  1545     private void expandSelf(SelfPermission sp,
 
  1538     private void expandSelf(SelfPermission sp,
 
  1546                             List<PolicyParser.PrincipalEntry> entryPs,
 
  1539                             List<PolicyParser.PrincipalEntry> entryPs,
 
  1547                             Principal[] pdp,
 
  1540                             Principal[] pdp,
 
  1548                             Permissions perms) {
 
  1541                             Permissions perms) {
 
  1549 
  1542 
  1550         if (entryPs == null || entryPs.size() == 0) {
 
  1543         if (entryPs == null || entryPs.isEmpty()) {
 
  1551             // No principals in the grant to substitute
 
  1544             // No principals in the grant to substitute
 
  1552             if (debug != null) {
 
  1545             if (debug != null) {
 
  1553                 debug.println("Ignoring permission "
 
  1546                 debug.println("Ignoring permission "
 
  1554                                 + sp.getSelfType()
 
  1547                                 + sp.getSelfType()
 
  1555                                 + " with target name ("
 
  1548                                 + " with target name ("
 
  1888      * or if replacement succeeded.
 
  1881      * or if replacement succeeded.
 
  1889      */
 
  1882      */
 
  1890     private boolean replacePrincipals(
 
  1883     private boolean replacePrincipals(
 
  1891         List<PolicyParser.PrincipalEntry> principals, KeyStore keystore) {
 
  1884         List<PolicyParser.PrincipalEntry> principals, KeyStore keystore) {
 
  1892 
  1885 
  1893         if (principals == null || principals.size() == 0 || keystore == null)
 
  1886         if (principals == null || principals.isEmpty() || keystore == null)
 
  1894             return true;
 
  1887             return true;
 
  1895 
  1888 
  1896         ListIterator<PolicyParser.PrincipalEntry> i = principals.listIterator();
 
  1889         ListIterator<PolicyParser.PrincipalEntry> i = principals.listIterator();
 
  1897         while (i.hasNext()) {
 
  1890         while (i.hasNext()) {
 
  1898             PolicyParser.PrincipalEntry pppe = i.next();
 
  1891             PolicyParser.PrincipalEntry pppe = i.next();
 
  2401         // Stores grant entries gotten from identity database
 
  2394         // Stores grant entries gotten from identity database
 
  2402         // Use separate lists to avoid sync on policyEntries
 
  2395         // Use separate lists to avoid sync on policyEntries
 
  2403         final List<PolicyEntry> identityPolicyEntries;
 
  2396         final List<PolicyEntry> identityPolicyEntries;
 
  2404 
  2397 
  2405         // Maps aliases to certs
 
  2398         // Maps aliases to certs
 
  2406         final Map aliasMapping;
 
  2399         final Map<Object, Object> aliasMapping;
 
  2407 
  2400 
  2408         // Maps ProtectionDomain to PermissionCollection
 
  2401         // Maps ProtectionDomain to PermissionCollection
 
  2409         private final ProtectionDomainCache[] pdMapping;
 
  2402         private final ProtectionDomainCache[] pdMapping;
 
  2410         private java.util.Random random;
 
  2403         private java.util.Random random;
 
  2411 
  2404 
  2412         PolicyInfo(int numCaches) {
 
  2405         PolicyInfo(int numCaches) {
 
  2413             policyEntries = new ArrayList<PolicyEntry>();
 
  2406             policyEntries = new ArrayList<PolicyEntry>();
 
  2414             identityPolicyEntries =
 
  2407             identityPolicyEntries =
 
  2415                 Collections.synchronizedList(new ArrayList<PolicyEntry>(2));
 
  2408                 Collections.synchronizedList(new ArrayList<PolicyEntry>(2));
 
  2416             aliasMapping = Collections.synchronizedMap(new HashMap(11));
 
  2409             aliasMapping = Collections.synchronizedMap(
 
       
  2410                     new HashMap<Object, Object>(11));
 
  2417 
  2411 
  2418             pdMapping = new ProtectionDomainCache[numCaches];
 
  2412             pdMapping = new ProtectionDomainCache[numCaches];
 
  2419             JavaSecurityProtectionDomainAccess jspda
 
  2413             JavaSecurityProtectionDomainAccess jspda
 
  2420                 = SharedSecrets.getJavaSecurityProtectionDomainAccess();
 
  2414                 = SharedSecrets.getJavaSecurityProtectionDomainAccess();
 
  2421             for (int i = 0; i < numCaches; i++) {
 
  2415             for (int i = 0; i < numCaches; i++) {
jdk-sandbox