1 /* |
|
2 * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 package sun.security.provider; |
|
27 |
|
28 import java.io.*; |
|
29 import java.lang.reflect.*; |
|
30 import java.net.URL; |
|
31 import java.util.*; |
|
32 |
|
33 import java.security.AccessController; |
|
34 import java.security.CodeSource; |
|
35 import java.security.KeyStore; |
|
36 import java.security.KeyStoreException; |
|
37 import java.security.Permission; |
|
38 import java.security.Permissions; |
|
39 import java.security.PermissionCollection; |
|
40 import java.security.Principal; |
|
41 import java.security.PrivilegedAction; |
|
42 import java.security.UnresolvedPermission; |
|
43 import java.security.Security; |
|
44 import java.security.cert.Certificate; |
|
45 import java.security.cert.X509Certificate; |
|
46 |
|
47 import javax.security.auth.Subject; |
|
48 import javax.security.auth.PrivateCredentialPermission; |
|
49 |
|
50 import sun.security.provider.PolicyParser.GrantEntry; |
|
51 import sun.security.provider.PolicyParser.PermissionEntry; |
|
52 import sun.security.provider.PolicyParser.PrincipalEntry; |
|
53 import sun.security.util.Debug; |
|
54 import sun.security.util.PolicyUtil; |
|
55 import sun.security.util.PropertyExpander; |
|
56 |
|
57 /** |
|
58 * See {@code com.sun.security.auth.PolicyFile} for the class description. |
|
59 * This class is necessary in order to support a default |
|
60 * {@code javax.security.auth.Policy} implementation on the compact1 and |
|
61 * compact2 profiles. |
|
62 * |
|
63 * @deprecated As of JDK 1.4, replaced by |
|
64 * {@code sun.security.provider.PolicyFile}. |
|
65 * This class is entirely deprecated. |
|
66 */ |
|
67 @Deprecated |
|
68 @SuppressWarnings("removal") |
|
69 public class AuthPolicyFile extends javax.security.auth.Policy { |
|
70 |
|
71 static final ResourceBundle rb = |
|
72 AccessController.doPrivileged(new PrivilegedAction<ResourceBundle>() { |
|
73 @Override public ResourceBundle run() { |
|
74 return (ResourceBundle.getBundle |
|
75 ("sun.security.util.AuthResources")); |
|
76 } |
|
77 }); |
|
78 |
|
79 private static final Debug debug = Debug.getInstance("policy", |
|
80 "\t[Auth Policy]"); |
|
81 |
|
82 private static final String AUTH_POLICY = "java.security.auth.policy"; |
|
83 private static final String SECURITY_MANAGER = "java.security.manager"; |
|
84 private static final String AUTH_POLICY_URL = "auth.policy.url."; |
|
85 |
|
86 private Vector<PolicyEntry> policyEntries; |
|
87 private Hashtable<Object, Object> aliasMapping; |
|
88 |
|
89 private boolean initialized = false; |
|
90 |
|
91 private boolean expandProperties = true; |
|
92 private boolean ignoreIdentityScope = true; |
|
93 |
|
94 // for use with the reflection API |
|
95 private static final Class<?>[] PARAMS = { String.class, String.class}; |
|
96 |
|
97 /** |
|
98 * Initializes the Policy object and reads the default policy |
|
99 * configuration file(s) into the Policy object. |
|
100 */ |
|
101 public AuthPolicyFile() { |
|
102 // initialize Policy if either the AUTH_POLICY or |
|
103 // SECURITY_MANAGER properties are set |
|
104 String prop = System.getProperty(AUTH_POLICY); |
|
105 |
|
106 if (prop == null) { |
|
107 prop = System.getProperty(SECURITY_MANAGER); |
|
108 } |
|
109 if (prop != null) { |
|
110 init(); |
|
111 } |
|
112 } |
|
113 |
|
114 private synchronized void init() { |
|
115 if (initialized) { |
|
116 return; |
|
117 } |
|
118 |
|
119 policyEntries = new Vector<PolicyEntry>(); |
|
120 aliasMapping = new Hashtable<Object, Object>(11); |
|
121 |
|
122 initPolicyFile(); |
|
123 initialized = true; |
|
124 } |
|
125 |
|
126 @Override |
|
127 public synchronized void refresh() { |
|
128 |
|
129 java.lang.SecurityManager sm = System.getSecurityManager(); |
|
130 if (sm != null) { |
|
131 sm.checkPermission(new javax.security.auth.AuthPermission |
|
132 ("refreshPolicy")); |
|
133 } |
|
134 |
|
135 // XXX |
|
136 // |
|
137 // 1) if code instantiates PolicyFile directly, then it will need |
|
138 // all the permissions required for the PolicyFile initialization |
|
139 // 2) if code calls Policy.getPolicy, then it simply needs |
|
140 // AuthPermission(getPolicy), and the javax.security.auth.Policy |
|
141 // implementation instantiates PolicyFile in a doPrivileged block |
|
142 // 3) if after instantiating a Policy (either via #1 or #2), |
|
143 // code calls refresh, it simply needs |
|
144 // AuthPermission(refreshPolicy). then PolicyFile wraps |
|
145 // the refresh in a doPrivileged block. |
|
146 initialized = false; |
|
147 AccessController.doPrivileged(new PrivilegedAction<Void>() { |
|
148 @Override public Void run() { |
|
149 init(); |
|
150 return null; |
|
151 } |
|
152 }); |
|
153 } |
|
154 |
|
155 private KeyStore initKeyStore(URL policyUrl, String keyStoreName, |
|
156 String keyStoreType) { |
|
157 if (keyStoreName != null) { |
|
158 try { |
|
159 /* |
|
160 * location of keystore is specified as absolute URL in policy |
|
161 * file, or is relative to URL of policy file |
|
162 */ |
|
163 URL keyStoreUrl = null; |
|
164 try { |
|
165 keyStoreUrl = new URL(keyStoreName); |
|
166 // absolute URL |
|
167 } catch (java.net.MalformedURLException e) { |
|
168 // relative URL |
|
169 keyStoreUrl = new URL(policyUrl, keyStoreName); |
|
170 } |
|
171 |
|
172 if (debug != null) { |
|
173 debug.println("reading keystore"+keyStoreUrl); |
|
174 } |
|
175 |
|
176 InputStream inStream = new BufferedInputStream( |
|
177 PolicyUtil.getInputStream(keyStoreUrl)); |
|
178 |
|
179 KeyStore ks; |
|
180 if (keyStoreType != null) |
|
181 ks = KeyStore.getInstance(keyStoreType); |
|
182 else |
|
183 ks = KeyStore.getInstance(KeyStore.getDefaultType()); |
|
184 ks.load(inStream, null); |
|
185 inStream.close(); |
|
186 return ks; |
|
187 } catch (Exception e) { |
|
188 // ignore, treat it like we have no keystore |
|
189 if (debug != null) { |
|
190 debug.println("Debug info only. No keystore."); |
|
191 e.printStackTrace(); |
|
192 } |
|
193 return null; |
|
194 } |
|
195 } |
|
196 return null; |
|
197 } |
|
198 |
|
199 private void initPolicyFile() { |
|
200 |
|
201 String prop = Security.getProperty("policy.expandProperties"); |
|
202 if (prop != null) { |
|
203 expandProperties = prop.equalsIgnoreCase("true"); |
|
204 } |
|
205 |
|
206 String iscp = Security.getProperty("policy.ignoreIdentityScope"); |
|
207 if (iscp != null) { |
|
208 ignoreIdentityScope = iscp.equalsIgnoreCase("true"); |
|
209 } |
|
210 |
|
211 String allowSys = Security.getProperty("policy.allowSystemProperty"); |
|
212 if (allowSys != null && allowSys.equalsIgnoreCase("true")) { |
|
213 String extra_policy = System.getProperty(AUTH_POLICY); |
|
214 if (extra_policy != null) { |
|
215 boolean overrideAll = false; |
|
216 if (extra_policy.startsWith("=")) { |
|
217 overrideAll = true; |
|
218 extra_policy = extra_policy.substring(1); |
|
219 } |
|
220 try { |
|
221 extra_policy = PropertyExpander.expand(extra_policy); |
|
222 URL policyURL; |
|
223 File policyFile = new File(extra_policy); |
|
224 if (policyFile.exists()) { |
|
225 policyURL = |
|
226 new URL("file:" + policyFile.getCanonicalPath()); |
|
227 } else { |
|
228 policyURL = new URL(extra_policy); |
|
229 } |
|
230 if (debug != null) { |
|
231 debug.println("reading " + policyURL); |
|
232 } |
|
233 init(policyURL); |
|
234 } catch (Exception e) { |
|
235 // ignore. |
|
236 if (debug != null) { |
|
237 debug.println("caught exception: " + e); |
|
238 } |
|
239 |
|
240 } |
|
241 if (overrideAll) { |
|
242 if (debug != null) { |
|
243 debug.println("overriding other policies!"); |
|
244 } |
|
245 return; |
|
246 } |
|
247 } |
|
248 } |
|
249 |
|
250 int n = 1; |
|
251 boolean loaded_one = false; |
|
252 String policy_url; |
|
253 |
|
254 while ((policy_url = Security.getProperty(AUTH_POLICY_URL+n)) != null) { |
|
255 try { |
|
256 policy_url = PropertyExpander.expand(policy_url).replace |
|
257 (File.separatorChar, '/'); |
|
258 if (debug != null) { |
|
259 debug.println("reading " + policy_url); |
|
260 } |
|
261 init(new URL(policy_url)); |
|
262 loaded_one = true; |
|
263 } catch (Exception e) { |
|
264 if (debug != null) { |
|
265 debug.println("Debug info only. Error reading policy " + e); |
|
266 e.printStackTrace(); |
|
267 } |
|
268 // ignore that policy |
|
269 } |
|
270 n++; |
|
271 } |
|
272 |
|
273 if (loaded_one == false) { |
|
274 // do not load a static policy |
|
275 } |
|
276 } |
|
277 |
|
278 /** |
|
279 * Checks public key. If it is marked as trusted in |
|
280 * the identity database, add it to the policy |
|
281 * with the AllPermission. |
|
282 */ |
|
283 private boolean checkForTrustedIdentity(final Certificate cert) { |
|
284 return false; |
|
285 } |
|
286 |
|
287 /** |
|
288 * Reads a policy configuration into the Policy object using a |
|
289 * Reader object. |
|
290 * |
|
291 * @param policyFile the policy Reader object. |
|
292 */ |
|
293 private void init(URL policy) { |
|
294 PolicyParser pp = new PolicyParser(expandProperties); |
|
295 try (InputStreamReader isr |
|
296 = new InputStreamReader(PolicyUtil.getInputStream(policy))) { |
|
297 pp.read(isr); |
|
298 KeyStore keyStore = initKeyStore(policy, pp.getKeyStoreUrl(), |
|
299 pp.getKeyStoreType()); |
|
300 Enumeration<GrantEntry> enum_ = pp.grantElements(); |
|
301 while (enum_.hasMoreElements()) { |
|
302 GrantEntry ge = enum_.nextElement(); |
|
303 addGrantEntry(ge, keyStore); |
|
304 } |
|
305 } catch (PolicyParser.ParsingException pe) { |
|
306 System.err.println(AUTH_POLICY + |
|
307 rb.getString(".error.parsing.") + policy); |
|
308 System.err.println(AUTH_POLICY + rb.getString("COLON") + |
|
309 pe.getMessage()); |
|
310 if (debug != null) { |
|
311 pe.printStackTrace(); |
|
312 } |
|
313 } catch (Exception e) { |
|
314 if (debug != null) { |
|
315 debug.println("error parsing " + policy); |
|
316 debug.println(e.toString()); |
|
317 e.printStackTrace(); |
|
318 } |
|
319 } |
|
320 } |
|
321 |
|
322 /** |
|
323 * Given a PermissionEntry, create a codeSource. |
|
324 * |
|
325 * @return null if signedBy alias is not recognized |
|
326 */ |
|
327 CodeSource getCodeSource(GrantEntry ge, KeyStore keyStore) |
|
328 throws java.net.MalformedURLException |
|
329 { |
|
330 Certificate[] certs = null; |
|
331 if (ge.signedBy != null) { |
|
332 certs = getCertificates(keyStore, ge.signedBy); |
|
333 if (certs == null) { |
|
334 // we don't have a key for this alias, |
|
335 // just return |
|
336 if (debug != null) { |
|
337 debug.println(" no certs for alias " + |
|
338 ge.signedBy + ", ignoring."); |
|
339 } |
|
340 return null; |
|
341 } |
|
342 } |
|
343 |
|
344 URL location; |
|
345 if (ge.codeBase != null) { |
|
346 location = new URL(ge.codeBase); |
|
347 } else { |
|
348 location = null; |
|
349 } |
|
350 |
|
351 if (ge.principals == null || ge.principals.size() == 0) { |
|
352 return (canonicalizeCodebase |
|
353 (new CodeSource(location, certs), |
|
354 false)); |
|
355 } else { |
|
356 return (canonicalizeCodebase |
|
357 (new SubjectCodeSource(null, ge.principals, location, certs), |
|
358 false)); |
|
359 } |
|
360 } |
|
361 |
|
362 /** |
|
363 * Add one policy entry to the vector. |
|
364 */ |
|
365 private void addGrantEntry(GrantEntry ge, KeyStore keyStore) { |
|
366 |
|
367 if (debug != null) { |
|
368 debug.println("Adding policy entry: "); |
|
369 debug.println(" signedBy " + ge.signedBy); |
|
370 debug.println(" codeBase " + ge.codeBase); |
|
371 if (ge.principals != null) { |
|
372 for (PrincipalEntry pppe : ge.principals) { |
|
373 debug.println(" " + pppe.getPrincipalClass() + |
|
374 " " + pppe.getPrincipalName()); |
|
375 } |
|
376 } |
|
377 debug.println(); |
|
378 } |
|
379 |
|
380 try { |
|
381 CodeSource codesource = getCodeSource(ge, keyStore); |
|
382 // skip if signedBy alias was unknown... |
|
383 if (codesource == null) return; |
|
384 |
|
385 PolicyEntry entry = new PolicyEntry(codesource); |
|
386 Enumeration<PermissionEntry> enum_ = ge.permissionElements(); |
|
387 while (enum_.hasMoreElements()) { |
|
388 PermissionEntry pe = enum_.nextElement(); |
|
389 try { |
|
390 // XXX special case PrivateCredentialPermission-SELF |
|
391 Permission perm; |
|
392 if (pe.permission.equals |
|
393 ("javax.security.auth.PrivateCredentialPermission") && |
|
394 pe.name.endsWith(" self")) { |
|
395 perm = getInstance(pe.permission, |
|
396 pe.name + " \"self\"", |
|
397 pe.action); |
|
398 } else { |
|
399 perm = getInstance(pe.permission, |
|
400 pe.name, |
|
401 pe.action); |
|
402 } |
|
403 entry.add(perm); |
|
404 if (debug != null) { |
|
405 debug.println(" "+perm); |
|
406 } |
|
407 } catch (ClassNotFoundException cnfe) { |
|
408 Certificate[] certs; |
|
409 if (pe.signedBy != null) { |
|
410 certs = getCertificates(keyStore, pe.signedBy); |
|
411 } else { |
|
412 certs = null; |
|
413 } |
|
414 |
|
415 // only add if we had no signer or we had |
|
416 // a signer and found the keys for it. |
|
417 if (certs != null || pe.signedBy == null) { |
|
418 Permission perm = new UnresolvedPermission( |
|
419 pe.permission, |
|
420 pe.name, |
|
421 pe.action, |
|
422 certs); |
|
423 entry.add(perm); |
|
424 if (debug != null) { |
|
425 debug.println(" "+perm); |
|
426 } |
|
427 } |
|
428 } catch (java.lang.reflect.InvocationTargetException ite) { |
|
429 System.err.println |
|
430 (AUTH_POLICY + |
|
431 rb.getString(".error.adding.Permission.") + |
|
432 pe.permission + |
|
433 rb.getString("SPACE") + |
|
434 ite.getTargetException()); |
|
435 } catch (Exception e) { |
|
436 System.err.println |
|
437 (AUTH_POLICY + |
|
438 rb.getString(".error.adding.Permission.") + |
|
439 pe.permission + |
|
440 rb.getString("SPACE") + |
|
441 e); |
|
442 } |
|
443 } |
|
444 policyEntries.addElement(entry); |
|
445 } catch (Exception e) { |
|
446 System.err.println |
|
447 (AUTH_POLICY + |
|
448 rb.getString(".error.adding.Entry.") + |
|
449 ge + |
|
450 rb.getString("SPACE") + |
|
451 e); |
|
452 } |
|
453 |
|
454 if (debug != null) { |
|
455 debug.println(); |
|
456 } |
|
457 } |
|
458 |
|
459 /** |
|
460 * Returns a new Permission object of the given Type. The Permission is |
|
461 * created by getting the |
|
462 * Class object using the <code>Class.forName</code> method, and using |
|
463 * the reflection API to invoke the (String name, String actions) |
|
464 * constructor on the |
|
465 * object. |
|
466 * |
|
467 * @param type the type of Permission being created. |
|
468 * @param name the name of the Permission being created. |
|
469 * @param actions the actions of the Permission being created. |
|
470 * |
|
471 * @exception ClassNotFoundException if the particular Permission |
|
472 * class could not be found. |
|
473 * |
|
474 * @exception IllegalAccessException if the class or initializer is |
|
475 * not accessible. |
|
476 * |
|
477 * @exception InstantiationException if getInstance tries to |
|
478 * instantiate an abstract class or an interface, or if the |
|
479 * instantiation fails for some other reason. |
|
480 * |
|
481 * @exception NoSuchMethodException if the (String, String) constructor |
|
482 * is not found. |
|
483 * |
|
484 * @exception InvocationTargetException if the underlying Permission |
|
485 * constructor throws an exception. |
|
486 * |
|
487 */ |
|
488 private static final Permission getInstance(String type, |
|
489 String name, |
|
490 String actions) |
|
491 throws ClassNotFoundException, |
|
492 InstantiationException, |
|
493 IllegalAccessException, |
|
494 NoSuchMethodException, |
|
495 InvocationTargetException |
|
496 { |
|
497 //XXX we might want to keep a hash of created factories... |
|
498 Class<?> pc = Class.forName(type); |
|
499 Constructor<?> c = pc.getConstructor(PARAMS); |
|
500 return (Permission) c.newInstance(new Object[] { name, actions }); |
|
501 } |
|
502 |
|
503 /** |
|
504 * Fetch all certs associated with this alias. |
|
505 */ |
|
506 Certificate[] getCertificates(KeyStore keyStore, String aliases) { |
|
507 |
|
508 Vector<Certificate> vcerts = null; |
|
509 |
|
510 StringTokenizer st = new StringTokenizer(aliases, ","); |
|
511 int n = 0; |
|
512 |
|
513 while (st.hasMoreTokens()) { |
|
514 String alias = st.nextToken().trim(); |
|
515 n++; |
|
516 Certificate cert = null; |
|
517 // See if this alias's cert has already been cached |
|
518 cert = (Certificate) aliasMapping.get(alias); |
|
519 if (cert == null && keyStore != null) { |
|
520 |
|
521 try { |
|
522 cert = keyStore.getCertificate(alias); |
|
523 } catch (KeyStoreException kse) { |
|
524 // never happens, because keystore has already been loaded |
|
525 // when we call this |
|
526 } |
|
527 if (cert != null) { |
|
528 aliasMapping.put(alias, cert); |
|
529 aliasMapping.put(cert, alias); |
|
530 } |
|
531 } |
|
532 |
|
533 if (cert != null) { |
|
534 if (vcerts == null) { |
|
535 vcerts = new Vector<Certificate>(); |
|
536 } |
|
537 vcerts.addElement(cert); |
|
538 } |
|
539 } |
|
540 |
|
541 // make sure n == vcerts.size, since we are doing a logical *and* |
|
542 if (vcerts != null && n == vcerts.size()) { |
|
543 Certificate[] certs = new Certificate[vcerts.size()]; |
|
544 vcerts.copyInto(certs); |
|
545 return certs; |
|
546 } else { |
|
547 return null; |
|
548 } |
|
549 } |
|
550 |
|
551 /** |
|
552 * Enumerate all the entries in the global policy object. |
|
553 * This method is used by policy admin tools. The tools |
|
554 * should use the Enumeration methods on the returned object |
|
555 * to fetch the elements sequentially. |
|
556 */ |
|
557 private final synchronized Enumeration<PolicyEntry> elements() { |
|
558 return policyEntries.elements(); |
|
559 } |
|
560 |
|
561 @Override |
|
562 public PermissionCollection getPermissions(final Subject subject, |
|
563 final CodeSource codesource) { |
|
564 |
|
565 // 1) if code instantiates PolicyFile directly, then it will need |
|
566 // all the permissions required for the PolicyFile initialization |
|
567 // 2) if code calls Policy.getPolicy, then it simply needs |
|
568 // AuthPermission(getPolicy), and the javax.security.auth.Policy |
|
569 // implementation instantiates PolicyFile in a doPrivileged block |
|
570 // 3) if after instantiating a Policy (either via #1 or #2), |
|
571 // code calls getPermissions, PolicyFile wraps the call |
|
572 // in a doPrivileged block. |
|
573 return AccessController.doPrivileged |
|
574 (new PrivilegedAction<PermissionCollection>() { |
|
575 @Override public PermissionCollection run() { |
|
576 SubjectCodeSource scs = new SubjectCodeSource( |
|
577 subject, null, |
|
578 codesource == null ? null : codesource.getLocation(), |
|
579 codesource == null ? null : codesource.getCertificates()); |
|
580 if (initialized) { |
|
581 return getPermissions(new Permissions(), scs); |
|
582 } else { |
|
583 return new PolicyPermissions(AuthPolicyFile.this, scs); |
|
584 } |
|
585 } |
|
586 }); |
|
587 } |
|
588 |
|
589 /** |
|
590 * Examines the global policy for the specified CodeSource, and |
|
591 * creates a PermissionCollection object with |
|
592 * the set of permissions for that principal's protection domain. |
|
593 * |
|
594 * @param CodeSource the codesource associated with the caller. |
|
595 * This encapsulates the original location of the code (where the code |
|
596 * came from) and the public key(s) of its signer. |
|
597 * |
|
598 * @return the set of permissions according to the policy. |
|
599 */ |
|
600 PermissionCollection getPermissions(CodeSource codesource) { |
|
601 |
|
602 if (initialized) { |
|
603 return getPermissions(new Permissions(), codesource); |
|
604 } else { |
|
605 return new PolicyPermissions(this, codesource); |
|
606 } |
|
607 } |
|
608 |
|
609 /** |
|
610 * Examines the global policy for the specified CodeSource, and |
|
611 * creates a PermissionCollection object with |
|
612 * the set of permissions for that principal's protection domain. |
|
613 * |
|
614 * @param permissions the permissions to populate |
|
615 * @param codesource the codesource associated with the caller. |
|
616 * This encapsulates the original location of the code (where the code |
|
617 * came from) and the public key(s) of its signer. |
|
618 * |
|
619 * @return the set of permissions according to the policy. |
|
620 */ |
|
621 Permissions getPermissions(final Permissions perms, |
|
622 final CodeSource cs) |
|
623 { |
|
624 if (!initialized) { |
|
625 init(); |
|
626 } |
|
627 |
|
628 final CodeSource[] codesource = {null}; |
|
629 |
|
630 codesource[0] = canonicalizeCodebase(cs, true); |
|
631 |
|
632 if (debug != null) { |
|
633 debug.println("evaluate(" + codesource[0] + ")\n"); |
|
634 } |
|
635 |
|
636 // needs to be in a begin/endPrivileged block because |
|
637 // codesource.implies calls URL.equals which does an |
|
638 // InetAddress lookup |
|
639 |
|
640 for (int i = 0; i < policyEntries.size(); i++) { |
|
641 |
|
642 PolicyEntry entry = policyEntries.elementAt(i); |
|
643 |
|
644 if (debug != null) { |
|
645 debug.println("PolicyFile CodeSource implies: " + |
|
646 entry.codesource.toString() + "\n\n" + |
|
647 "\t" + codesource[0].toString() + "\n\n"); |
|
648 } |
|
649 |
|
650 if (entry.codesource.implies(codesource[0])) { |
|
651 for (int j = 0; j < entry.permissions.size(); j++) { |
|
652 Permission p = entry.permissions.elementAt(j); |
|
653 if (debug != null) { |
|
654 debug.println(" granting " + p); |
|
655 } |
|
656 if (!addSelfPermissions(p, entry.codesource, |
|
657 codesource[0], perms)) { |
|
658 // we could check for duplicates |
|
659 // before adding new permissions, |
|
660 // but the SubjectDomainCombiner |
|
661 // already checks for duplicates later |
|
662 perms.add(p); |
|
663 } |
|
664 } |
|
665 } |
|
666 } |
|
667 |
|
668 // now see if any of the keys are trusted ids. |
|
669 |
|
670 if (!ignoreIdentityScope) { |
|
671 Certificate[] certs = codesource[0].getCertificates(); |
|
672 if (certs != null) { |
|
673 for (int k=0; k < certs.length; k++) { |
|
674 if (aliasMapping.get(certs[k]) == null && |
|
675 checkForTrustedIdentity(certs[k])) { |
|
676 // checkForTrustedIdentity added it |
|
677 // to the policy for us. next time |
|
678 // around we'll find it. This time |
|
679 // around we need to add it. |
|
680 perms.add(new java.security.AllPermission()); |
|
681 } |
|
682 } |
|
683 } |
|
684 } |
|
685 return perms; |
|
686 } |
|
687 |
|
688 /** |
|
689 * Returns true if 'Self' permissions were added to the provided |
|
690 * 'perms', and false otherwise. |
|
691 * |
|
692 * <p> |
|
693 * |
|
694 * @param p check to see if this Permission is a "SELF" |
|
695 * PrivateCredentialPermission. <p> |
|
696 * |
|
697 * @param entryCs the codesource for the Policy entry. |
|
698 * |
|
699 * @param accCs the codesource for from the current AccessControlContext. |
|
700 * |
|
701 * @param perms the PermissionCollection where the individual |
|
702 * PrivateCredentialPermissions will be added. |
|
703 */ |
|
704 private boolean addSelfPermissions(final Permission p, |
|
705 CodeSource entryCs, |
|
706 CodeSource accCs, |
|
707 Permissions perms) { |
|
708 |
|
709 if (!(p instanceof PrivateCredentialPermission)) { |
|
710 return false; |
|
711 } |
|
712 |
|
713 if (!(entryCs instanceof SubjectCodeSource)) { |
|
714 return false; |
|
715 } |
|
716 |
|
717 PrivateCredentialPermission pcp = (PrivateCredentialPermission)p; |
|
718 SubjectCodeSource scs = (SubjectCodeSource)entryCs; |
|
719 |
|
720 // see if it is a SELF permission |
|
721 String[][] pPrincipals = pcp.getPrincipals(); |
|
722 if (pPrincipals.length <= 0 || |
|
723 !pPrincipals[0][0].equalsIgnoreCase("self") || |
|
724 !pPrincipals[0][1].equalsIgnoreCase("self")) { |
|
725 |
|
726 // regular PrivateCredentialPermission |
|
727 return false; |
|
728 } else { |
|
729 |
|
730 // granted a SELF permission - create a |
|
731 // PrivateCredentialPermission for each |
|
732 // of the Policy entry's CodeSource Principals |
|
733 |
|
734 if (scs.getPrincipals() == null) { |
|
735 // XXX SubjectCodeSource has no Subject??? |
|
736 return true; |
|
737 } |
|
738 |
|
739 for (PrincipalEntry principal : scs.getPrincipals()) { |
|
740 |
|
741 // if the Policy entry's Principal does not contain a |
|
742 // WILDCARD for the Principal name, then a |
|
743 // new PrivateCredentialPermission is created |
|
744 // for the Principal listed in the Policy entry. |
|
745 // if the Policy entry's Principal contains a WILDCARD |
|
746 // for the Principal name, then a new |
|
747 // PrivateCredentialPermission is created |
|
748 // for each Principal associated with the Subject |
|
749 // in the current ACC. |
|
750 |
|
751 String[][] principalInfo = getPrincipalInfo(principal, accCs); |
|
752 |
|
753 for (int i = 0; i < principalInfo.length; i++) { |
|
754 |
|
755 // here's the new PrivateCredentialPermission |
|
756 |
|
757 PrivateCredentialPermission newPcp = |
|
758 new PrivateCredentialPermission |
|
759 (pcp.getCredentialClass() + |
|
760 " " + |
|
761 principalInfo[i][0] + |
|
762 " " + |
|
763 "\"" + principalInfo[i][1] + "\"", |
|
764 "read"); |
|
765 |
|
766 if (debug != null) { |
|
767 debug.println("adding SELF permission: " + |
|
768 newPcp.toString()); |
|
769 } |
|
770 |
|
771 perms.add(newPcp); |
|
772 } |
|
773 } |
|
774 } |
|
775 return true; |
|
776 } |
|
777 |
|
778 /** |
|
779 * return the principal class/name pair in the 2D array. |
|
780 * array[x][y]: x corresponds to the array length. |
|
781 * if (y == 0), it's the principal class. |
|
782 * if (y == 1), it's the principal name. |
|
783 */ |
|
784 private String[][] getPrincipalInfo(PrincipalEntry principal, |
|
785 final CodeSource accCs) { |
|
786 |
|
787 // there are 3 possibilities: |
|
788 // 1) the entry's Principal class and name are not wildcarded |
|
789 // 2) the entry's Principal name is wildcarded only |
|
790 // 3) the entry's Principal class and name are wildcarded |
|
791 |
|
792 if (!principal.getPrincipalClass().equals |
|
793 (PrincipalEntry.WILDCARD_CLASS) && |
|
794 !principal.getPrincipalName().equals |
|
795 (PrincipalEntry.WILDCARD_NAME)) { |
|
796 |
|
797 // build a PrivateCredentialPermission for the principal |
|
798 // from the Policy entry |
|
799 String[][] info = new String[1][2]; |
|
800 info[0][0] = principal.getPrincipalClass(); |
|
801 info[0][1] = principal.getPrincipalName(); |
|
802 return info; |
|
803 |
|
804 } else if (!principal.getPrincipalClass().equals |
|
805 (PrincipalEntry.WILDCARD_CLASS) && |
|
806 principal.getPrincipalName().equals |
|
807 (PrincipalEntry.WILDCARD_NAME)) { |
|
808 |
|
809 // build a PrivateCredentialPermission for all |
|
810 // the Subject's principals that are instances of principalClass |
|
811 |
|
812 // the accCs is guaranteed to be a SubjectCodeSource |
|
813 // because the earlier CodeSource.implies succeeded |
|
814 SubjectCodeSource scs = (SubjectCodeSource)accCs; |
|
815 |
|
816 Set<? extends Principal> principalSet = null; |
|
817 try { |
|
818 // principal.principalClass should extend Principal |
|
819 // If it doesn't, we should stop here with a ClassCastException. |
|
820 @SuppressWarnings("unchecked") |
|
821 Class<? extends Principal> pClass = (Class<? extends Principal>) |
|
822 Class.forName(principal.getPrincipalClass(), false, |
|
823 ClassLoader.getSystemClassLoader()); |
|
824 principalSet = scs.getSubject().getPrincipals(pClass); |
|
825 } catch (Exception e) { |
|
826 if (debug != null) { |
|
827 debug.println("problem finding Principal Class " + |
|
828 "when expanding SELF permission: " + |
|
829 e.toString()); |
|
830 } |
|
831 } |
|
832 |
|
833 if (principalSet == null) { |
|
834 // error |
|
835 return new String[0][0]; |
|
836 } |
|
837 |
|
838 String[][] info = new String[principalSet.size()][2]; |
|
839 |
|
840 int i = 0; |
|
841 for (Principal p : principalSet) { |
|
842 info[i][0] = p.getClass().getName(); |
|
843 info[i][1] = p.getName(); |
|
844 i++; |
|
845 } |
|
846 return info; |
|
847 |
|
848 } else { |
|
849 |
|
850 // build a PrivateCredentialPermission for every |
|
851 // one of the current Subject's principals |
|
852 |
|
853 // the accCs is guaranteed to be a SubjectCodeSource |
|
854 // because the earlier CodeSource.implies succeeded |
|
855 SubjectCodeSource scs = (SubjectCodeSource)accCs; |
|
856 Set<Principal> principalSet = scs.getSubject().getPrincipals(); |
|
857 |
|
858 String[][] info = new String[principalSet.size()][2]; |
|
859 |
|
860 int i = 0; |
|
861 for (Principal p : principalSet) { |
|
862 info[i][0] = p.getClass().getName(); |
|
863 info[i][1] = p.getName(); |
|
864 i++; |
|
865 } |
|
866 return info; |
|
867 } |
|
868 } |
|
869 |
|
870 /* |
|
871 * Returns the signer certificates from the list of certificates associated |
|
872 * with the given code source. |
|
873 * |
|
874 * The signer certificates are those certificates that were used to verify |
|
875 * signed code originating from the codesource location. |
|
876 * |
|
877 * This method assumes that in the given code source, each signer |
|
878 * certificate is followed by its supporting certificate chain |
|
879 * (which may be empty), and that the signer certificate and its |
|
880 * supporting certificate chain are ordered bottom-to-top (i.e., with the |
|
881 * signer certificate first and the (root) certificate authority last). |
|
882 */ |
|
883 Certificate[] getSignerCertificates(CodeSource cs) { |
|
884 Certificate[] certs = null; |
|
885 if ((certs = cs.getCertificates()) == null) { |
|
886 return null; |
|
887 } |
|
888 for (int i = 0; i < certs.length; i++) { |
|
889 if (!(certs[i] instanceof X509Certificate)) |
|
890 return cs.getCertificates(); |
|
891 } |
|
892 |
|
893 // Do we have to do anything? |
|
894 int i = 0; |
|
895 int count = 0; |
|
896 while (i < certs.length) { |
|
897 count++; |
|
898 while (((i+1) < certs.length) |
|
899 && ((X509Certificate)certs[i]).getIssuerDN().equals( |
|
900 ((X509Certificate)certs[i+1]).getSubjectDN())) { |
|
901 i++; |
|
902 } |
|
903 i++; |
|
904 } |
|
905 if (count == certs.length) { |
|
906 // Done |
|
907 return certs; |
|
908 } |
|
909 |
|
910 ArrayList<Certificate> userCertList = new ArrayList<>(); |
|
911 i = 0; |
|
912 while (i < certs.length) { |
|
913 userCertList.add(certs[i]); |
|
914 while (((i+1) < certs.length) |
|
915 && ((X509Certificate)certs[i]).getIssuerDN().equals( |
|
916 ((X509Certificate)certs[i+1]).getSubjectDN())) { |
|
917 i++; |
|
918 } |
|
919 i++; |
|
920 } |
|
921 Certificate[] userCerts = new Certificate[userCertList.size()]; |
|
922 userCertList.toArray(userCerts); |
|
923 return userCerts; |
|
924 } |
|
925 |
|
926 private CodeSource canonicalizeCodebase(CodeSource cs, |
|
927 boolean extractSignerCerts) { |
|
928 CodeSource canonCs = cs; |
|
929 if (cs.getLocation() != null && |
|
930 cs.getLocation().getProtocol().equalsIgnoreCase("file")) { |
|
931 try { |
|
932 String path = cs.getLocation().getFile().replace |
|
933 ('/', |
|
934 File.separatorChar); |
|
935 URL csUrl = null; |
|
936 if (path.endsWith("*")) { |
|
937 // remove trailing '*' because it causes canonicalization |
|
938 // to fail on win32 |
|
939 path = path.substring(0, path.length()-1); |
|
940 boolean appendFileSep = false; |
|
941 if (path.endsWith(File.separator)) { |
|
942 appendFileSep = true; |
|
943 } |
|
944 if (path.equals("")) { |
|
945 path = System.getProperty("user.dir"); |
|
946 } |
|
947 File f = new File(path); |
|
948 path = f.getCanonicalPath(); |
|
949 StringBuilder sb = new StringBuilder(path); |
|
950 // reappend '*' to canonicalized filename (note that |
|
951 // canonicalization may have removed trailing file |
|
952 // separator, so we have to check for that, too) |
|
953 if (!path.endsWith(File.separator) && |
|
954 (appendFileSep || f.isDirectory())) { |
|
955 sb.append(File.separatorChar); |
|
956 } |
|
957 sb.append('*'); |
|
958 path = sb.toString(); |
|
959 } else { |
|
960 path = new File(path).getCanonicalPath(); |
|
961 } |
|
962 csUrl = new File(path).toURL(); |
|
963 |
|
964 if (cs instanceof SubjectCodeSource) { |
|
965 SubjectCodeSource scs = (SubjectCodeSource)cs; |
|
966 if (extractSignerCerts) { |
|
967 canonCs = new SubjectCodeSource(scs.getSubject(), |
|
968 scs.getPrincipals(), |
|
969 csUrl, |
|
970 getSignerCertificates(scs)); |
|
971 } else { |
|
972 canonCs = new SubjectCodeSource(scs.getSubject(), |
|
973 scs.getPrincipals(), |
|
974 csUrl, |
|
975 scs.getCertificates()); |
|
976 } |
|
977 } else { |
|
978 if (extractSignerCerts) { |
|
979 canonCs = new CodeSource(csUrl, |
|
980 getSignerCertificates(cs)); |
|
981 } else { |
|
982 canonCs = new CodeSource(csUrl, |
|
983 cs.getCertificates()); |
|
984 } |
|
985 } |
|
986 } catch (IOException ioe) { |
|
987 // leave codesource as it is, unless we have to extract its |
|
988 // signer certificates |
|
989 if (extractSignerCerts) { |
|
990 if (!(cs instanceof SubjectCodeSource)) { |
|
991 canonCs = new CodeSource(cs.getLocation(), |
|
992 getSignerCertificates(cs)); |
|
993 } else { |
|
994 SubjectCodeSource scs = (SubjectCodeSource)cs; |
|
995 canonCs = new SubjectCodeSource(scs.getSubject(), |
|
996 scs.getPrincipals(), |
|
997 scs.getLocation(), |
|
998 getSignerCertificates(scs)); |
|
999 } |
|
1000 } |
|
1001 } |
|
1002 } else { |
|
1003 if (extractSignerCerts) { |
|
1004 if (!(cs instanceof SubjectCodeSource)) { |
|
1005 canonCs = new CodeSource(cs.getLocation(), |
|
1006 getSignerCertificates(cs)); |
|
1007 } else { |
|
1008 SubjectCodeSource scs = (SubjectCodeSource)cs; |
|
1009 canonCs = new SubjectCodeSource(scs.getSubject(), |
|
1010 scs.getPrincipals(), |
|
1011 scs.getLocation(), |
|
1012 getSignerCertificates(scs)); |
|
1013 } |
|
1014 } |
|
1015 } |
|
1016 return canonCs; |
|
1017 } |
|
1018 |
|
1019 /** |
|
1020 * Each entry in the policy configuration file is represented by a |
|
1021 * PolicyEntry object. <p> |
|
1022 * |
|
1023 * A PolicyEntry is a (CodeSource,Permission) pair. The |
|
1024 * CodeSource contains the (URL, PublicKey) that together identify |
|
1025 * where the Java bytecodes come from and who (if anyone) signed |
|
1026 * them. The URL could refer to localhost. The URL could also be |
|
1027 * null, meaning that this policy entry is given to all comers, as |
|
1028 * long as they match the signer field. The signer could be null, |
|
1029 * meaning the code is not signed. <p> |
|
1030 * |
|
1031 * The Permission contains the (Type, Name, Action) triplet. <p> |
|
1032 * |
|
1033 * For now, the Policy object retrieves the public key from the |
|
1034 * X.509 certificate on disk that corresponds to the signedBy |
|
1035 * alias specified in the Policy config file. For reasons of |
|
1036 * efficiency, the Policy object keeps a hashtable of certs already |
|
1037 * read in. This could be replaced by a secure internal key |
|
1038 * store. |
|
1039 * |
|
1040 * <p> |
|
1041 * For example, the entry |
|
1042 * <pre> |
|
1043 * permission java.io.File "/tmp", "read,write", |
|
1044 * signedBy "Duke"; |
|
1045 * </pre> |
|
1046 * is represented internally |
|
1047 * <pre> |
|
1048 * |
|
1049 * FilePermission f = new FilePermission("/tmp", "read,write"); |
|
1050 * PublicKey p = publickeys.get("Duke"); |
|
1051 * URL u = InetAddress.getLocalHost(); |
|
1052 * CodeBase c = new CodeBase( p, u ); |
|
1053 * pe = new PolicyEntry(f, c); |
|
1054 * </pre> |
|
1055 * |
|
1056 * @author Marianne Mueller |
|
1057 * @author Roland Schemers |
|
1058 * @see java.security.CodeSource |
|
1059 * @see java.security.Policy |
|
1060 * @see java.security.Permissions |
|
1061 * @see java.security.ProtectionDomain |
|
1062 */ |
|
1063 private static class PolicyEntry { |
|
1064 |
|
1065 CodeSource codesource; |
|
1066 Vector<Permission> permissions; |
|
1067 |
|
1068 /** |
|
1069 * Given a Permission and a CodeSource, create a policy entry. |
|
1070 * |
|
1071 * XXX Decide if/how to add validity fields and "purpose" fields to |
|
1072 * XXX policy entries |
|
1073 * |
|
1074 * @param cs the CodeSource, which encapsulates the URL and the public |
|
1075 * key attributes from the policy config file. Validity checks |
|
1076 * are performed on the public key before PolicyEntry is called. |
|
1077 * |
|
1078 */ |
|
1079 PolicyEntry(CodeSource cs) { |
|
1080 this.codesource = cs; |
|
1081 this.permissions = new Vector<Permission>(); |
|
1082 } |
|
1083 |
|
1084 /** |
|
1085 * add a Permission object to this entry. |
|
1086 */ |
|
1087 void add(Permission p) { |
|
1088 permissions.addElement(p); |
|
1089 } |
|
1090 |
|
1091 /** |
|
1092 * Return the CodeSource for this policy entry |
|
1093 */ |
|
1094 CodeSource getCodeSource() { |
|
1095 return this.codesource; |
|
1096 } |
|
1097 |
|
1098 @Override |
|
1099 public String toString(){ |
|
1100 StringBuilder sb = new StringBuilder(); |
|
1101 sb.append(rb.getString("LPARAM")); |
|
1102 sb.append(getCodeSource()); |
|
1103 sb.append("\n"); |
|
1104 for (int j = 0; j < permissions.size(); j++) { |
|
1105 Permission p = permissions.elementAt(j); |
|
1106 sb.append(rb.getString("SPACE")); |
|
1107 sb.append(rb.getString("SPACE")); |
|
1108 sb.append(p); |
|
1109 sb.append(rb.getString("NEWLINE")); |
|
1110 } |
|
1111 sb.append(rb.getString("RPARAM")); |
|
1112 sb.append(rb.getString("NEWLINE")); |
|
1113 return sb.toString(); |
|
1114 } |
|
1115 |
|
1116 } |
|
1117 } |
|
1118 |
|
1119 @SuppressWarnings("deprecation") |
|
1120 class PolicyPermissions extends PermissionCollection { |
|
1121 |
|
1122 private static final long serialVersionUID = -1954188373270545523L; |
|
1123 |
|
1124 private CodeSource codesource; |
|
1125 private Permissions perms; |
|
1126 private AuthPolicyFile policy; |
|
1127 private boolean notInit; // have we pulled in the policy permissions yet? |
|
1128 private Vector<Permission> additionalPerms; |
|
1129 |
|
1130 PolicyPermissions(AuthPolicyFile policy, |
|
1131 CodeSource codesource) |
|
1132 { |
|
1133 this.codesource = codesource; |
|
1134 this.policy = policy; |
|
1135 this.perms = null; |
|
1136 this.notInit = true; |
|
1137 this.additionalPerms = null; |
|
1138 } |
|
1139 |
|
1140 @Override |
|
1141 public void add(Permission permission) { |
|
1142 if (isReadOnly()) |
|
1143 throw new SecurityException |
|
1144 (AuthPolicyFile.rb.getString |
|
1145 ("attempt.to.add.a.Permission.to.a.readonly.PermissionCollection")); |
|
1146 |
|
1147 if (perms == null) { |
|
1148 if (additionalPerms == null) { |
|
1149 additionalPerms = new Vector<Permission>(); |
|
1150 } |
|
1151 additionalPerms.add(permission); |
|
1152 } else { |
|
1153 perms.add(permission); |
|
1154 } |
|
1155 } |
|
1156 |
|
1157 private synchronized void init() { |
|
1158 if (notInit) { |
|
1159 if (perms == null) { |
|
1160 perms = new Permissions(); |
|
1161 } |
|
1162 if (additionalPerms != null) { |
|
1163 Enumeration<Permission> e = additionalPerms.elements(); |
|
1164 while (e.hasMoreElements()) { |
|
1165 perms.add(e.nextElement()); |
|
1166 } |
|
1167 additionalPerms = null; |
|
1168 } |
|
1169 policy.getPermissions(perms, codesource); |
|
1170 notInit = false; |
|
1171 } |
|
1172 } |
|
1173 |
|
1174 @Override |
|
1175 public boolean implies(Permission permission) { |
|
1176 if (notInit) { |
|
1177 init(); |
|
1178 } |
|
1179 return perms.implies(permission); |
|
1180 } |
|
1181 |
|
1182 @Override |
|
1183 public Enumeration<Permission> elements() { |
|
1184 if (notInit) { |
|
1185 init(); |
|
1186 } |
|
1187 return perms.elements(); |
|
1188 } |
|
1189 |
|
1190 @Override |
|
1191 public String toString() { |
|
1192 if (notInit) { |
|
1193 init(); |
|
1194 } |
|
1195 return perms.toString(); |
|
1196 } |
|
1197 } |
|