/*
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.provider;
import java.io.*;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.*;
import javax.security.auth.x500.X500Principal;
import sun.security.util.Debug;
import sun.security.util.PropertyExpander;
import sun.security.util.LocalizedMessage;
/**
* The policy for a Java runtime (specifying
* which permissions are available for code from various principals)
* is represented as a separate
* persistent configuration. The configuration may be stored as a
* flat ASCII file, as a serialized binary file of
* the Policy class, or as a database.
*
* <p>The Java runtime creates one global Policy object, which is used to
* represent the static policy configuration file. It is consulted by
* a ProtectionDomain when the protection domain initializes its set of
* permissions.
*
* <p>The Policy <code>init</code> method parses the policy
* configuration file, and then
* populates the Policy object. The Policy object is agnostic in that
* it is not involved in making policy decisions. It is merely the
* Java runtime representation of the persistent policy configuration
* file.
*
* <p>When a protection domain needs to initialize its set of
* permissions, it executes code such as the following
* to ask the global Policy object to populate a
* Permissions object with the appropriate permissions:
* <pre>
* policy = Policy.getPolicy();
* Permissions perms = policy.getPermissions(protectiondomain)
* </pre>
*
* <p>The protection domain contains a CodeSource
* object, which encapsulates its codebase (URL) and public key attributes.
* It also contains the principals associated with the domain.
* The Policy object evaluates the global policy in light of who the
* principal is and what the code source is and returns an appropriate
* Permissions object.
*
* @author Roland Schemers
* @author Ram Marti
*
* @since 1.2
*/
public class PolicyParser {
private Vector<GrantEntry> grantEntries;
private Map<String, DomainEntry> domainEntries;
// Convenience variables for parsing
private static final Debug debug = Debug.getInstance("parser",
"\t[Policy Parser]");
private StreamTokenizer st;
private int lookahead;
private boolean expandProp = false;
private String keyStoreUrlString = null; // unexpanded
private String keyStoreType = null;
private String keyStoreProvider = null;
private String storePassURL = null;
private String expand(String value)
throws PropertyExpander.ExpandException
{
return expand(value, false);
}
private String expand(String value, boolean encodeURL)
throws PropertyExpander.ExpandException
{
if (!expandProp) {
return value;
} else {
return PropertyExpander.expand(value, encodeURL);
}
}
/**
* Creates a PolicyParser object.
*/
public PolicyParser() {
grantEntries = new Vector<GrantEntry>();
}
public PolicyParser(boolean expandProp) {
this();
this.expandProp = expandProp;
}
/**
* Reads a policy configuration into the Policy object using a
* Reader object. <p>
*
* @param policy the policy Reader object.
*
* @exception ParsingException if the policy configuration contains
* a syntax error.
*
* @exception IOException if an error occurs while reading the policy
* configuration.
*/
public void read(Reader policy)
throws ParsingException, IOException
{
if (!(policy instanceof BufferedReader)) {
policy = new BufferedReader(policy);
}
/**
* Configure the stream tokenizer:
* Recognize strings between "..."
* Don't convert words to lowercase
* Recognize both C-style and C++-style comments
* Treat end-of-line as white space, not as a token
*/
st = new StreamTokenizer(policy);
st.resetSyntax();
st.wordChars('a', 'z');
st.wordChars('A', 'Z');
st.wordChars('.', '.');
st.wordChars('0', '9');
st.wordChars('_', '_');
st.wordChars('$', '$');
st.wordChars(128 + 32, 255);
st.whitespaceChars(0, ' ');
st.commentChar('/');
st.quoteChar('\'');
st.quoteChar('"');
st.lowerCaseMode(false);
st.ordinaryChar('/');
st.slashSlashComments(true);
st.slashStarComments(true);
/**
* The main parsing loop. The loop is executed once
* for each entry in the config file. The entries
* are delimited by semicolons. Once we've read in
* the information for an entry, go ahead and try to
* add it to the policy vector.
*
*/
lookahead = st.nextToken();
GrantEntry ge = null;
while (lookahead != StreamTokenizer.TT_EOF) {
if (peek("grant")) {
ge = parseGrantEntry();
// could be null if we couldn't expand a property
if (ge != null)
add(ge);
} else if (peek("keystore") && keyStoreUrlString==null) {
// only one keystore entry per policy file, others will be
// ignored
parseKeyStoreEntry();
} else if (peek("keystorePasswordURL") && storePassURL==null) {
// only one keystore passwordURL per policy file, others will be
// ignored
parseStorePassURL();
} else if (ge == null && keyStoreUrlString == null &&
storePassURL == null && peek("domain")) {
if (domainEntries == null) {
domainEntries = new TreeMap<>();
}
DomainEntry de = parseDomainEntry();
if (de != null) {
String domainName = de.getName();
if (!domainEntries.containsKey(domainName)) {
domainEntries.put(domainName, de);
} else {
LocalizedMessage localizedMsg = new LocalizedMessage(
"duplicate.keystore.domain.name");
Object[] source = {domainName};
String msg = "duplicate keystore domain name: " +
domainName;
throw new ParsingException(msg, localizedMsg, source);
}
}
} else {
// error?
}
match(";");
}
if (keyStoreUrlString == null && storePassURL != null) {
throw new ParsingException(LocalizedMessage.getNonlocalized
("keystorePasswordURL.can.not.be.specified.without.also.specifying.keystore"));
}
}
public void add(GrantEntry ge)
{
grantEntries.addElement(ge);
}
public void replace(GrantEntry origGe, GrantEntry newGe)
{
grantEntries.setElementAt(newGe, grantEntries.indexOf(origGe));
}
public boolean remove(GrantEntry ge)
{
return grantEntries.removeElement(ge);
}
/**
* Returns the (possibly expanded) keystore location, or null if the
* expansion fails.
*/
public String getKeyStoreUrl() {
try {
if (keyStoreUrlString!=null && keyStoreUrlString.length()!=0) {
return expand(keyStoreUrlString, true).replace
(File.separatorChar, '/');
}
} catch (PropertyExpander.ExpandException peee) {
if (debug != null) {
debug.println(peee.toString());
}
return null;
}
return null;
}
public void setKeyStoreUrl(String url) {
keyStoreUrlString = url;
}
public String getKeyStoreType() {
return keyStoreType;
}
public void setKeyStoreType(String type) {
keyStoreType = type;
}
public String getKeyStoreProvider() {
return keyStoreProvider;
}
public void setKeyStoreProvider(String provider) {
keyStoreProvider = provider;
}
public String getStorePassURL() {
try {
if (storePassURL!=null && storePassURL.length()!=0) {
return expand(storePassURL, true).replace
(File.separatorChar, '/');
}
} catch (PropertyExpander.ExpandException peee) {
if (debug != null) {
debug.println(peee.toString());
}
return null;
}
return null;
}
public void setStorePassURL(String storePassURL) {
this.storePassURL = storePassURL;
}
/**
* Enumerate all the entries in the global policy object.
* This method is used by policy admin tools. The tools
* should use the Enumeration methods on the returned object
* to fetch the elements sequentially.
*/
public Enumeration<GrantEntry> grantElements(){
return grantEntries.elements();
}
public Collection<DomainEntry> getDomainEntries() {
return domainEntries.values();
}
/**
* write out the policy
*/
public void write(Writer policy)
{
PrintWriter out = new PrintWriter(new BufferedWriter(policy));
Enumeration<GrantEntry> enum_ = grantElements();
out.println("/* AUTOMATICALLY GENERATED ON "+
(new java.util.Date()) + "*/");
out.println("/* DO NOT EDIT */");
out.println();
// write the (unexpanded) keystore entry as the first entry of the
// policy file
if (keyStoreUrlString != null) {
writeKeyStoreEntry(out);
}
if (storePassURL != null) {
writeStorePassURL(out);
}
// write "grant" entries
while (enum_.hasMoreElements()) {
GrantEntry ge = enum_.nextElement();
ge.write(out);
out.println();
}
out.flush();
}
/**
* parses a keystore entry
*/
private void parseKeyStoreEntry() throws ParsingException, IOException {
match("keystore");
keyStoreUrlString = match("quoted string");
// parse keystore type
if (!peek(",")) {
return; // default type
}
match(",");
if (peek("\"")) {
keyStoreType = match("quoted string");
} else {
throw new ParsingException(st.lineno(),
LocalizedMessage.getNonlocalized("expected.keystore.type"));
}
// parse keystore provider
if (!peek(",")) {
return; // provider optional
}
match(",");
if (peek("\"")) {
keyStoreProvider = match("quoted string");
} else {
throw new ParsingException(st.lineno(),
LocalizedMessage.getNonlocalized("expected.keystore.provider"));
}
}
private void parseStorePassURL() throws ParsingException, IOException {
match("keyStorePasswordURL");
storePassURL = match("quoted string");
}
/**
* writes the (unexpanded) keystore entry
*/
private void writeKeyStoreEntry(PrintWriter out) {
out.print("keystore \"");
out.print(keyStoreUrlString);
out.print('"');
if (keyStoreType != null && keyStoreType.length() > 0)
out.print(", \"" + keyStoreType + "\"");
if (keyStoreProvider != null && keyStoreProvider.length() > 0)
out.print(", \"" + keyStoreProvider + "\"");
out.println(";");
out.println();
}
private void writeStorePassURL(PrintWriter out) {
out.print("keystorePasswordURL \"");
out.print(storePassURL);
out.print('"');
out.println(";");
out.println();
}
/**
* parse a Grant entry
*/
private GrantEntry parseGrantEntry()
throws ParsingException, IOException
{
GrantEntry e = new GrantEntry();
LinkedList<PrincipalEntry> principals = null;
boolean ignoreEntry = false;
match("grant");
while(!peek("{")) {
if (peekAndMatch("Codebase")) {
if (e.codeBase != null)
throw new ParsingException(
st.lineno(),
LocalizedMessage.getNonlocalized
("multiple.Codebase.expressions"));
e.codeBase = match("quoted string");
peekAndMatch(",");
} else if (peekAndMatch("SignedBy")) {
if (e.signedBy != null)
throw new ParsingException(
st.lineno(),
LocalizedMessage.getNonlocalized
("multiple.SignedBy.expressions"));
e.signedBy = match("quoted string");
// verify syntax of the aliases
StringTokenizer aliases = new StringTokenizer(e.signedBy,
",", true);
int actr = 0;
int cctr = 0;
while (aliases.hasMoreTokens()) {
String alias = aliases.nextToken().trim();
if (alias.equals(","))
cctr++;
else if (alias.length() > 0)
actr++;
}
if (actr <= cctr)
throw new ParsingException(
st.lineno(),
LocalizedMessage.getNonlocalized
("SignedBy.has.empty.alias"));
peekAndMatch(",");
} else if (peekAndMatch("Principal")) {
if (principals == null) {
principals = new LinkedList<>();
}
String principalClass;
String principalName;
if (peek("\"")) {
// both the principalClass and principalName
// will be replaced later
principalClass = PrincipalEntry.REPLACE_NAME;
principalName = match("principal type");
} else {
// check for principalClass wildcard
if (peek("*")) {
match("*");
principalClass = PrincipalEntry.WILDCARD_CLASS;
} else {
principalClass = match("principal type");
}
// check for principalName wildcard
if (peek("*")) {
match("*");
principalName = PrincipalEntry.WILDCARD_NAME;
} else {
principalName = match("quoted string");
}
// disallow WILDCARD_CLASS && actual name
if (principalClass.equals(PrincipalEntry.WILDCARD_CLASS) &&
!principalName.equals(PrincipalEntry.WILDCARD_NAME)) {
if (debug != null) {
debug.println("disallowing principal that " +
"has WILDCARD class but no WILDCARD name");
}
throw new ParsingException
(st.lineno(),
LocalizedMessage.getNonlocalized
("can.not.specify.Principal.with.a.wildcard.class.without.a.wildcard.name"));
}
}
try {
principalName = expand(principalName);
if (principalClass.equals
("javax.security.auth.x500.X500Principal") &&
!principalName.equals(PrincipalEntry.WILDCARD_NAME)) {
// 4702543: X500 names with an EmailAddress
// were encoded incorrectly. construct a new
// X500Principal with correct encoding.
X500Principal p = new X500Principal
((new X500Principal(principalName)).toString());
principalName = p.getName();
}
principals.add
(new PrincipalEntry(principalClass, principalName));
} catch (PropertyExpander.ExpandException peee) {
// ignore the entire policy entry
// but continue parsing all the info
// so we can get to the next entry
if (debug != null) {
debug.println("principal name expansion failed: " +
principalName);
}
ignoreEntry = true;
}
peekAndMatch(",");
} else {
throw new ParsingException(st.lineno(),
LocalizedMessage.getNonlocalized
("expected.codeBase.or.SignedBy.or.Principal"));
}
}
if (principals != null) e.principals = principals;
match("{");
while(!peek("}")) {
if (peek("Permission")) {
try {
PermissionEntry pe = parsePermissionEntry();
e.add(pe);
} catch (PropertyExpander.ExpandException peee) {
// ignore. The add never happened
if (debug != null) {
debug.println(peee.toString());
}
skipEntry(); // BugId 4219343
}
match(";");
} else {
throw new
ParsingException(st.lineno(),
LocalizedMessage.getNonlocalized
("expected.permission.entry"));
}
}
match("}");
try {
if (e.signedBy != null) e.signedBy = expand(e.signedBy);
if (e.codeBase != null) {
e.codeBase = expand(e.codeBase, true).replace
(File.separatorChar, '/');
}
} catch (PropertyExpander.ExpandException peee) {
if (debug != null) {
debug.println(peee.toString());
}
return null;
}
return (ignoreEntry == true) ? null : e;
}
/**
* parse a Permission entry
*/
private PermissionEntry parsePermissionEntry()
throws ParsingException, IOException, PropertyExpander.ExpandException
{
PermissionEntry e = new PermissionEntry();
// Permission
match("Permission");
e.permission = match("permission type");
if (peek("\"")) {
// Permission name
e.name = expand(match("quoted string"));
}
if (!peek(",")) {
return e;
}
match(",");
if (peek("\"")) {
e.action = expand(match("quoted string"));
if (!peek(",")) {
return e;
}
match(",");
}
if (peekAndMatch("SignedBy")) {
e.signedBy = expand(match("quoted string"));
}
return e;
}
/**
* parse a domain entry
*/
private DomainEntry parseDomainEntry()
throws ParsingException, IOException
{
boolean ignoreEntry = false;
DomainEntry domainEntry;
String name = null;
Map<String, String> properties = new HashMap<>();
match("domain");
name = match("domain name");
while(!peek("{")) {
// get the domain properties
properties = parseProperties("{");
}
match("{");
domainEntry = new DomainEntry(name, properties);
while(!peek("}")) {
match("keystore");
name = match("keystore name");
// get the keystore properties
if (!peek("}")) {
properties = parseProperties(";");
}
match(";");
domainEntry.add(new KeyStoreEntry(name, properties));
}
match("}");
return (ignoreEntry == true) ? null : domainEntry;
}
/*
* Return a collection of domain properties or keystore properties.
*/
private Map<String, String> parseProperties(String terminator)
throws ParsingException, IOException {
Map<String, String> properties = new HashMap<>();
String key;
String value;
while (!peek(terminator)) {
key = match("property name");
match("=");
try {
value = expand(match("quoted string"));
} catch (PropertyExpander.ExpandException peee) {
throw new IOException(peee.getLocalizedMessage());
}
properties.put(key.toLowerCase(Locale.ENGLISH), value);
}
return properties;
}
private boolean peekAndMatch(String expect)
throws ParsingException, IOException
{
if (peek(expect)) {
match(expect);
return true;
} else {
return false;
}
}
private boolean peek(String expect) {
boolean found = false;
switch (lookahead) {
case StreamTokenizer.TT_WORD:
if (expect.equalsIgnoreCase(st.sval))
found = true;
break;
case ',':
if (expect.equalsIgnoreCase(","))
found = true;
break;
case '{':
if (expect.equalsIgnoreCase("{"))
found = true;
break;
case '}':
if (expect.equalsIgnoreCase("}"))
found = true;
break;
case '"':
if (expect.equalsIgnoreCase("\""))
found = true;
break;
case '*':
if (expect.equalsIgnoreCase("*"))
found = true;
break;
case ';':
if (expect.equalsIgnoreCase(";"))
found = true;
break;
default:
}
return found;
}
private String match(String expect)
throws ParsingException, IOException
{
String value = null;
switch (lookahead) {
case StreamTokenizer.TT_NUMBER:
throw new ParsingException(st.lineno(), expect,
LocalizedMessage.getNonlocalized("number.") +
String.valueOf(st.nval));
case StreamTokenizer.TT_EOF:
LocalizedMessage localizedMsg = new LocalizedMessage
("expected.expect.read.end.of.file.");
Object[] source = {expect};
String msg = "expected [" + expect + "], read [end of file]";
throw new ParsingException(msg, localizedMsg, source);
case StreamTokenizer.TT_WORD:
if (expect.equalsIgnoreCase(st.sval)) {
lookahead = st.nextToken();
} else if (expect.equalsIgnoreCase("permission type")) {
value = st.sval;
lookahead = st.nextToken();
} else if (expect.equalsIgnoreCase("principal type")) {
value = st.sval;
lookahead = st.nextToken();
} else if (expect.equalsIgnoreCase("domain name") ||
expect.equalsIgnoreCase("keystore name") ||
expect.equalsIgnoreCase("property name")) {
value = st.sval;
lookahead = st.nextToken();
} else {
throw new ParsingException(st.lineno(), expect,
st.sval);
}
break;
case '"':
if (expect.equalsIgnoreCase("quoted string")) {
value = st.sval;
lookahead = st.nextToken();
} else if (expect.equalsIgnoreCase("permission type")) {
value = st.sval;
lookahead = st.nextToken();
} else if (expect.equalsIgnoreCase("principal type")) {
value = st.sval;
lookahead = st.nextToken();
} else {
throw new ParsingException(st.lineno(), expect, st.sval);
}
break;
case ',':
if (expect.equalsIgnoreCase(","))
lookahead = st.nextToken();
else
throw new ParsingException(st.lineno(), expect, ",");
break;
case '{':
if (expect.equalsIgnoreCase("{"))
lookahead = st.nextToken();
else
throw new ParsingException(st.lineno(), expect, "{");
break;
case '}':
if (expect.equalsIgnoreCase("}"))
lookahead = st.nextToken();
else
throw new ParsingException(st.lineno(), expect, "}");
break;
case ';':
if (expect.equalsIgnoreCase(";"))
lookahead = st.nextToken();
else
throw new ParsingException(st.lineno(), expect, ";");
break;
case '*':
if (expect.equalsIgnoreCase("*"))
lookahead = st.nextToken();
else
throw new ParsingException(st.lineno(), expect, "*");
break;
case '=':
if (expect.equalsIgnoreCase("="))
lookahead = st.nextToken();
else
throw new ParsingException(st.lineno(), expect, "=");
break;
default:
throw new ParsingException(st.lineno(), expect,
new String(new char[] {(char)lookahead}));
}
return value;
}
/**
* skip all tokens for this entry leaving the delimiter ";"
* in the stream.
*/
private void skipEntry() throws ParsingException, IOException {
while(lookahead != ';') {
switch (lookahead) {
case StreamTokenizer.TT_NUMBER:
throw new ParsingException(st.lineno(), ";",
LocalizedMessage.getNonlocalized("number.") +
String.valueOf(st.nval));
case StreamTokenizer.TT_EOF:
throw new ParsingException(LocalizedMessage.getNonlocalized
("expected.read.end.of.file."));
default:
lookahead = st.nextToken();
}
}
}
/**
* Each grant entry in the policy configuration file is
* represented by a GrantEntry object.
*
* <p>
* For example, the entry
* <pre>
* grant signedBy "Duke" {
* permission java.io.FilePermission "/tmp", "read,write";
* };
*
* </pre>
* is represented internally
* <pre>
*
* pe = new PermissionEntry("java.io.FilePermission",
* "/tmp", "read,write");
*
* ge = new GrantEntry("Duke", null);
*
* ge.add(pe);
*
* </pre>
*
* @author Roland Schemers
*
* version 1.19, 05/21/98
*/
public static class GrantEntry {
public String signedBy;
public String codeBase;
public LinkedList<PrincipalEntry> principals;
public Vector<PermissionEntry> permissionEntries;
public GrantEntry() {
principals = new LinkedList<PrincipalEntry>();
permissionEntries = new Vector<PermissionEntry>();
}
public GrantEntry(String signedBy, String codeBase) {
this.codeBase = codeBase;
this.signedBy = signedBy;
principals = new LinkedList<PrincipalEntry>();
permissionEntries = new Vector<PermissionEntry>();
}
public void add(PermissionEntry pe)
{
permissionEntries.addElement(pe);
}
public boolean remove(PrincipalEntry pe)
{
return principals.remove(pe);
}
public boolean remove(PermissionEntry pe)
{
return permissionEntries.removeElement(pe);
}
public boolean contains(PrincipalEntry pe)
{
return principals.contains(pe);
}
public boolean contains(PermissionEntry pe)
{
return permissionEntries.contains(pe);
}
/**
* Enumerate all the permission entries in this GrantEntry.
*/
public Enumeration<PermissionEntry> permissionElements(){
return permissionEntries.elements();
}
public void write(PrintWriter out) {
out.print("grant");
if (signedBy != null) {
out.print(" signedBy \"");
out.print(signedBy);
out.print('"');
if (codeBase != null)
out.print(", ");
}
if (codeBase != null) {
out.print(" codeBase \"");
out.print(codeBase);
out.print('"');
if (principals != null && principals.size() > 0)
out.print(",\n");
}
if (principals != null && principals.size() > 0) {
Iterator<PrincipalEntry> pli = principals.iterator();
while (pli.hasNext()) {
out.print(" ");
PrincipalEntry pe = pli.next();
pe.write(out);
if (pli.hasNext())
out.print(",\n");
}
}
out.println(" {");
Enumeration<PermissionEntry> enum_ = permissionEntries.elements();
while (enum_.hasMoreElements()) {
PermissionEntry pe = enum_.nextElement();
out.write(" ");
pe.write(out);
}
out.println("};");
}
public Object clone() {
GrantEntry ge = new GrantEntry();
ge.codeBase = this.codeBase;
ge.signedBy = this.signedBy;
ge.principals = new LinkedList<PrincipalEntry>(this.principals);
ge.permissionEntries =
new Vector<PermissionEntry>(this.permissionEntries);
return ge;
}
}
/**
* Principal info (class and name) in a grant entry
*/
public static class PrincipalEntry implements Principal {
public static final String WILDCARD_CLASS = "WILDCARD_PRINCIPAL_CLASS";
public static final String WILDCARD_NAME = "WILDCARD_PRINCIPAL_NAME";
public static final String REPLACE_NAME = "PolicyParser.REPLACE_NAME";
String principalClass;
String principalName;
/**
* A PrincipalEntry consists of the Principal class and Principal name.
*
* @param principalClass the Principal class
* @param principalName the Principal name
* @throws NullPointerException if principalClass or principalName
* are null
*/
public PrincipalEntry(String principalClass, String principalName) {
if (principalClass == null || principalName == null)
throw new NullPointerException(LocalizedMessage.getNonlocalized
("null.principalClass.or.principalName"));
this.principalClass = principalClass;
this.principalName = principalName;
}
boolean isWildcardName() {
return principalName.equals(WILDCARD_NAME);
}
boolean isWildcardClass() {
return principalClass.equals(WILDCARD_CLASS);
}
boolean isReplaceName() {
return principalClass.equals(REPLACE_NAME);
}
public String getPrincipalClass() {
return principalClass;
}
public String getPrincipalName() {
return principalName;
}
public String getDisplayClass() {
if (isWildcardClass()) {
return "*";
} else if (isReplaceName()) {
return "";
}
else return principalClass;
}
public String getDisplayName() {
return getDisplayName(false);
}
public String getDisplayName(boolean addQuote) {
if (isWildcardName()) {
return "*";
}
else {
if (addQuote) return "\"" + principalName + "\"";
else return principalName;
}
}
@Override
public String getName() {
return principalName;
}
@Override
public String toString() {
if (!isReplaceName()) {
return getDisplayClass() + "/" + getDisplayName();
} else {
return getDisplayName();
}
}
/**
* Test for equality between the specified object and this object.
* Two PrincipalEntries are equal if their class and name values
* are equal.
*
* @param obj the object to test for equality with this object
* @return true if the objects are equal, false otherwise
*/
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (!(obj instanceof PrincipalEntry))
return false;
PrincipalEntry that = (PrincipalEntry)obj;
return (principalClass.equals(that.principalClass) &&
principalName.equals(that.principalName));
}
/**
* Return a hashcode for this PrincipalEntry.
*
* @return a hashcode for this PrincipalEntry
*/
@Override
public int hashCode() {
return principalClass.hashCode();
}
public void write(PrintWriter out) {
out.print("principal " + getDisplayClass() + " " +
getDisplayName(true));
}
}
/**
* Each permission entry in the policy configuration file is
* represented by a
* PermissionEntry object.
*
* <p>
* For example, the entry
* <pre>
* permission java.io.FilePermission "/tmp", "read,write";
* </pre>
* is represented internally
* <pre>
*
* pe = new PermissionEntry("java.io.FilePermission",
* "/tmp", "read,write");
* </pre>
*
* @author Roland Schemers
*
* version 1.19, 05/21/98
*/
public static class PermissionEntry {
public String permission;
public String name;
public String action;
public String signedBy;
public PermissionEntry() {
}
public PermissionEntry(String permission,
String name,
String action) {
this.permission = permission;
this.name = name;
this.action = action;
}
/**
* Calculates a hash code value for the object. Objects
* which are equal will also have the same hashcode.
*/
@Override
public int hashCode() {
int retval = permission.hashCode();
if (name != null) retval ^= name.hashCode();
if (action != null) retval ^= action.hashCode();
return retval;
}
@Override
public boolean equals(Object obj) {
if (obj == this)
return true;
if (! (obj instanceof PermissionEntry))
return false;
PermissionEntry that = (PermissionEntry) obj;
if (this.permission == null) {
if (that.permission != null) return false;
} else {
if (!this.permission.equals(that.permission)) return false;
}
if (this.name == null) {
if (that.name != null) return false;
} else {
if (!this.name.equals(that.name)) return false;
}
if (this.action == null) {
if (that.action != null) return false;
} else {
if (!this.action.equals(that.action)) return false;
}
if (this.signedBy == null) {
if (that.signedBy != null) return false;
} else {
if (!this.signedBy.equals(that.signedBy)) return false;
}
// everything matched -- the 2 objects are equal
return true;
}
public void write(PrintWriter out) {
out.print("permission ");
out.print(permission);
if (name != null) {
out.print(" \"");
// ATTENTION: regex with double escaping,
// the normal forms look like:
// $name =~ s/\\/\\\\/g; and
// $name =~ s/\"/\\\"/g;
// and then in a java string, it's escaped again
out.print(name.replaceAll("\\\\", "\\\\\\\\").replaceAll("\\\"", "\\\\\\\""));
out.print('"');
}
if (action != null) {
out.print(", \"");
out.print(action);
out.print('"');
}
if (signedBy != null) {
out.print(", signedBy \"");
out.print(signedBy);
out.print('"');
}
out.println(";");
}
}
/**
* Each domain entry in the keystore domain configuration file is
* represented by a DomainEntry object.
*/
static class DomainEntry {
private final String name;
private final Map<String, String> properties;
private final Map<String, KeyStoreEntry> entries;
DomainEntry(String name, Map<String, String> properties) {
this.name = name;
this.properties = properties;
entries = new HashMap<>();
}
String getName() {
return name;
}
Map<String, String> getProperties() {
return properties;
}
Collection<KeyStoreEntry> getEntries() {
return entries.values();
}
void add(KeyStoreEntry entry) throws ParsingException {
String keystoreName = entry.getName();
if (!entries.containsKey(keystoreName)) {
entries.put(keystoreName, entry);
} else {
LocalizedMessage localizedMsg = new LocalizedMessage
("duplicate.keystore.name");
Object[] source = {keystoreName};
String msg = "duplicate keystore name: " + keystoreName;
throw new ParsingException(msg, localizedMsg, source);
}
}
@Override
public String toString() {
StringBuilder s =
new StringBuilder("\ndomain ").append(name);
if (properties != null) {
for (Map.Entry<String, String> property :
properties.entrySet()) {
s.append("\n ").append(property.getKey()).append('=')
.append(property.getValue());
}
}
s.append(" {\n");
if (entries != null) {
for (KeyStoreEntry entry : entries.values()) {
s.append(entry).append("\n");
}
}
s.append("}");
return s.toString();
}
}
/**
* Each keystore entry in the keystore domain configuration file is
* represented by a KeyStoreEntry object.
*/
static class KeyStoreEntry {
private final String name;
private final Map<String, String> properties;
KeyStoreEntry(String name, Map<String, String> properties) {
this.name = name;
this.properties = properties;
}
String getName() {
return name;
}
Map<String, String> getProperties() {
return properties;
}
@Override
public String toString() {
StringBuilder s = new StringBuilder("\n keystore ").append(name);
if (properties != null) {
for (Map.Entry<String, String> property :
properties.entrySet()) {
s.append("\n ").append(property.getKey()).append('=')
.append(property.getValue());
}
}
s.append(";");
return s.toString();
}
}
public static class ParsingException extends GeneralSecurityException {
private static final long serialVersionUID = -4330692689482574072L;
private String i18nMessage;
private LocalizedMessage localizedMsg;
private Object[] source;
/**
* Constructs a ParsingException with the specified
* detail message. A detail message is a String that describes
* this particular exception, which may, for example, specify which
* algorithm is not available.
*
* @param msg the detail message.
*/
public ParsingException(String msg) {
super(msg);
i18nMessage = msg;
}
public ParsingException(String msg, LocalizedMessage localizedMsg,
Object[] source) {
super(msg);
this.localizedMsg = localizedMsg;
this.source = source;
}
public ParsingException(int line, String msg) {
super("line " + line + ": " + msg);
localizedMsg = new LocalizedMessage("line.number.msg");
source = new Object[] {line, msg};
}
public ParsingException(int line, String expect, String actual) {
super("line " + line + ": expected [" + expect +
"], found [" + actual + "]");
localizedMsg = new LocalizedMessage
("line.number.expected.expect.found.actual.");
source = new Object[] {line, expect, actual};
}
public String getNonlocalizedMessage() {
return i18nMessage != null ? i18nMessage :
localizedMsg.formatNonlocalized(source);
}
}
public static void main(String[] arg) throws Exception {
try (FileReader fr = new FileReader(arg[0]);
FileWriter fw = new FileWriter(arg[1])) {
PolicyParser pp = new PolicyParser(true);
pp.read(fr);
pp.write(fw);
}
}
}