diff -r ee92e7cf8d35 -r f7bcbf987d5c jdk/src/share/classes/com/sun/security/auth/PolicyParser.java --- a/jdk/src/share/classes/com/sun/security/auth/PolicyParser.java Thu Aug 22 09:10:13 2013 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,964 +0,0 @@ -/* - * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License version 2 only, as - * published by the Free Software Foundation. Oracle designates this - * particular file as subject to the "Classpath" exception as provided - * by Oracle in the LICENSE file that accompanied this code. - * - * This code is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * version 2 for more details (a copy is included in the LICENSE file that - * accompanied this code). - * - * You should have received a copy of the GNU General Public License version - * 2 along with this work; if not, write to the Free Software Foundation, - * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA - * or visit www.oracle.com if you need additional information or have any - * questions. - */ - -package com.sun.security.auth; - -import java.io.*; -import java.lang.RuntimePermission; -import java.net.MalformedURLException; -import java.net.SocketPermission; -import java.net.URL; -import java.security.GeneralSecurityException; -import java.text.MessageFormat; -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.LinkedList; -import java.util.ListIterator; -import java.util.Vector; -import java.util.StringTokenizer; -import sun.security.util.PropertyExpander; - -/** - * The policy for a Java runtime (specifying - * which permissions are available for code from various principals) - * is represented as a separate - * persistent configuration. The configuration may be stored as a - * flat ASCII file, as a serialized binary file of - * the Policy class, or as a database.

- * - *

The Java runtime creates one global Policy object, which is used to - * represent the static policy configuration file. It is consulted by - * a ProtectionDomain when the protection domain initializes its set of - * permissions.

- * - *

The Policy init method parses the policy - * configuration file, and then - * populates the Policy object. The Policy object is agnostic in that - * it is not involved in making policy decisions. It is merely the - * Java runtime representation of the persistent policy configuration - * file.

- * - *

When a protection domain needs to initialize its set of - * permissions, it executes code such as the following - * to ask the global Policy object to populate a - * Permissions object with the appropriate permissions: - *

- *  policy = Policy.getPolicy();
- *  Permissions perms = policy.getPermissions(MyCodeSource)
- * 
- * - *

The protection domain passes in a CodeSource - * object, which encapsulates its codebase (URL) and public key attributes. - * The Policy object evaluates the global policy in light of who the - * principal is and returns an appropriate Permissions object. - * - * @deprecated As of JDK 1.4, replaced by - * {@link sun.security.provider.PolicyParser}. - * This class is entirely deprecated. - * - * @author Roland Schemers - * - * @since 1.2 - */ -@Deprecated -class PolicyParser { - - private static final java.util.ResourceBundle rb = - java.security.AccessController.doPrivileged - (new java.security.PrivilegedAction() { - public java.util.ResourceBundle run() { - return (java.util.ResourceBundle.getBundle - ("sun.security.util.AuthResources")); - } - }); - - private Vector grantEntries; - - // Convenience variables for parsing - private static final sun.security.util.Debug debug = - sun.security.util.Debug.getInstance("parser", "\t[Auth Policy Parser]"); - private StreamTokenizer st; - private int lookahead; - private int linenum; - private boolean expandProp = false; - private String keyStoreUrlString = null; // unexpanded - private String keyStoreType = null; - - private String expand(String value) - throws PropertyExpander.ExpandException - { - if (expandProp) - return PropertyExpander.expand(value); - else - return value; - } - /** - * Creates a PolicyParser object. - */ - - public PolicyParser() { - grantEntries = new Vector(); - } - - - public PolicyParser(boolean expandProp) { - this(); - this.expandProp = expandProp; - } - - /** - * Reads a policy configuration into the Policy object using a - * Reader object.

- * - * @param policy the policy Reader object. - * - * @exception ParsingException if the policy configuration contains - * a syntax error. - * - * @exception IOException if an error occurs while reading the policy - * configuration. - */ - - public void read(Reader policy) - throws ParsingException, IOException - { - if (!(policy instanceof BufferedReader)) { - policy = new BufferedReader(policy); - } - - /** - * Configure the stream tokenizer: - * Recognize strings between "..." - * Don't convert words to lowercase - * Recognize both C-style and C++-style comments - * Treat end-of-line as white space, not as a token - */ - st = new StreamTokenizer(policy); - - st.resetSyntax(); - st.wordChars('a', 'z'); - st.wordChars('A', 'Z'); - st.wordChars('.', '.'); - st.wordChars('0', '9'); - st.wordChars('_', '_'); - st.wordChars('$', '$'); - st.wordChars(128 + 32, 255); - st.whitespaceChars(0, ' '); - st.commentChar('/'); - st.quoteChar('\''); - st.quoteChar('"'); - st.lowerCaseMode(false); - st.ordinaryChar('/'); - st.slashSlashComments(true); - st.slashStarComments(true); - - /** - * The main parsing loop. The loop is executed once - * for each entry in the config file. The entries - * are delimited by semicolons. Once we've read in - * the information for an entry, go ahead and try to - * add it to the policy vector. - * - */ - - lookahead = st.nextToken(); - while (lookahead != StreamTokenizer.TT_EOF) { - if (peek("grant")) { - GrantEntry ge = parseGrantEntry(); - // could be null if we couldn't expand a property - if (ge != null) - add(ge); - } else if (peek("keystore") && keyStoreUrlString==null) { - // only one keystore entry per policy file, others will be - // ignored - parseKeyStoreEntry(); - } else { - // error? - } - match(";"); - } - } - - public void add(GrantEntry ge) - { - grantEntries.addElement(ge); - } - - public void replace(GrantEntry origGe, GrantEntry newGe) - { - grantEntries.setElementAt(newGe, grantEntries.indexOf(origGe)); - } - - public boolean remove(GrantEntry ge) - { - return grantEntries.removeElement(ge); - } - - /** - * Returns the (possibly expanded) keystore location, or null if the - * expansion fails. - */ - public String getKeyStoreUrl() { - try { - if (keyStoreUrlString!=null && keyStoreUrlString.length()!=0) { - return expand(keyStoreUrlString).replace(File.separatorChar, - '/'); - } - } catch (PropertyExpander.ExpandException peee) { - return null; - } - return null; - } - - public void setKeyStoreUrl(String url) { - keyStoreUrlString = url; - } - - public String getKeyStoreType() { - return keyStoreType; - } - - public void setKeyStoreType(String type) { - keyStoreType = type; - } - - /** - * Enumerate all the entries in the global policy object. - * This method is used by policy admin tools. The tools - * should use the Enumeration methods on the returned object - * to fetch the elements sequentially. - */ - public Enumeration grantElements(){ - return grantEntries.elements(); - } - - /** - * write out the policy - */ - - public void write(Writer policy) - { - PrintWriter out = new PrintWriter(new BufferedWriter(policy)); - - Enumeration enum_ = grantElements(); - - out.println("/* AUTOMATICALLY GENERATED ON "+ - (new java.util.Date()) + "*/"); - out.println("/* DO NOT EDIT */"); - out.println(); - - // write the (unexpanded) keystore entry as the first entry of the - // policy file - if (keyStoreUrlString != null) { - writeKeyStoreEntry(out); - } - - // write "grant" entries - while (enum_.hasMoreElements()) { - GrantEntry ge = enum_.nextElement(); - ge.write(out); - out.println(); - } - out.flush(); - } - - /** - * parses a keystore entry - */ - private void parseKeyStoreEntry() throws ParsingException, IOException { - match("keystore"); - keyStoreUrlString = match("quoted string"); - - // parse keystore type - if (!peek(",")) { - return; // default type - } - match(","); - - if (peek("\"")) { - keyStoreType = match("quoted string"); - } else { - throw new ParsingException(st.lineno(), - rb.getString("expected.keystore.type")); - } - } - - /** - * writes the (unexpanded) keystore entry - */ - private void writeKeyStoreEntry(PrintWriter out) { - out.print("keystore \""); - out.print(keyStoreUrlString); - out.print('"'); - if (keyStoreType != null && keyStoreType.length() > 0) - out.print(", \"" + keyStoreType + "\""); - out.println(";"); - out.println(); - } - - /** - * parse a Grant entry - */ - private GrantEntry parseGrantEntry() - throws ParsingException, IOException - { - GrantEntry e = new GrantEntry(); - LinkedList principals = null; - boolean ignoreEntry = false; - - match("grant"); - - while(!peek("{")) { - - if (peekAndMatch("Codebase")) { - e.codeBase = match("quoted string"); - peekAndMatch(","); - } else if (peekAndMatch("SignedBy")) { - e.signedBy = match("quoted string"); - peekAndMatch(","); - } else if (peekAndMatch("Principal")) { - if (principals == null) { - principals = new LinkedList(); - } - - // check for principalClass wildcard - String principalClass; - if (peek("*")) { - match("*"); - principalClass = PrincipalEntry.WILDCARD_CLASS; - } else { - principalClass = match("principal type"); - } - - // check for principalName wildcard - String principalName; - if (peek("*")) { - match("*"); - principalName = PrincipalEntry.WILDCARD_NAME; - } else { - principalName = match("quoted string"); - } - - // disallow WILDCARD_CLASS && actual name - if (principalClass.equals(PrincipalEntry.WILDCARD_CLASS) && - !principalName.equals(PrincipalEntry.WILDCARD_NAME)) { - if (debug != null) - debug.println("disallowing principal that has " + - "WILDCARD class but no WILDCARD name"); - throw new ParsingException - (st.lineno(), - rb.getString("can.not.specify.Principal.with.a." + - "wildcard.class.without.a.wildcard.name")); - } - - try { - principalName = expand(principalName); - principals.add - (new PrincipalEntry(principalClass, principalName)); - } catch (PropertyExpander.ExpandException peee) { - // ignore the entire policy entry - // but continue parsing all the info - // so we can get to the next entry - if (debug != null) - debug.println("principal name expansion failed: " + - principalName); - ignoreEntry = true; - } - peekAndMatch(","); - } else { - throw new - ParsingException(st.lineno(), - rb.getString("expected.codeBase.or.SignedBy")); - } - } - - // disallow non principal-based grant entries - if (principals == null) { - throw new ParsingException - (st.lineno(), - rb.getString("only.Principal.based.grant.entries.permitted")); - } - - e.principals = principals; - match("{"); - - while(!peek("}")) { - if (peek("Permission")) { - try { - PermissionEntry pe = parsePermissionEntry(); - e.add(pe); - } catch (PropertyExpander.ExpandException peee) { - // ignore. The add never happened - skipEntry(); // BugId 4219343 - } - match(";"); - } else { - throw new - ParsingException(st.lineno(), - rb.getString("expected.permission.entry")); - } - } - match("}"); - - try { - if (e.codeBase != null) - e.codeBase = expand(e.codeBase).replace(File.separatorChar, '/'); - e.signedBy = expand(e.signedBy); - } catch (PropertyExpander.ExpandException peee) { - return null; - } - - return (ignoreEntry == true) ? null : e; - } - - /** - * parse a Permission entry - */ - private PermissionEntry parsePermissionEntry() - throws ParsingException, IOException, PropertyExpander.ExpandException - { - PermissionEntry e = new PermissionEntry(); - - // Permission - match("Permission"); - e.permission = match("permission type"); - - if (peek("\"")) { - // Permission name - e.name = expand(match("quoted string")); - } - - if (!peek(",")) { - return e; - } - match(","); - - if (peek("\"")) { - e.action = expand(match("quoted string")); - if (!peek(",")) { - return e; - } - match(","); - } - - if (peekAndMatch("SignedBy")) { - e.signedBy = expand(match("quoted string")); - } - return e; - } - - private boolean peekAndMatch(String expect) - throws ParsingException, IOException - { - if (peek(expect)) { - match(expect); - return true; - } else { - return false; - } - } - - private boolean peek(String expect) { - boolean found = false; - - switch (lookahead) { - - case StreamTokenizer.TT_WORD: - if (expect.equalsIgnoreCase(st.sval)) - found = true; - break; - case ',': - if (expect.equalsIgnoreCase(",")) - found = true; - break; - case '{': - if (expect.equalsIgnoreCase("{")) - found = true; - break; - case '}': - if (expect.equalsIgnoreCase("}")) - found = true; - break; - case '"': - if (expect.equalsIgnoreCase("\"")) - found = true; - break; - case '*': - if (expect.equalsIgnoreCase("*")) - found = true; - break; - default: - - } - return found; - } - - private String match(String expect) - throws ParsingException, IOException - { - String value = null; - - switch (lookahead) { - case StreamTokenizer.TT_NUMBER: - throw new ParsingException(st.lineno(), expect, - rb.getString("number.") + - String.valueOf(st.nval)); - case StreamTokenizer.TT_EOF: - MessageFormat form = new MessageFormat( - rb.getString("expected.expect.read.end.of.file.")); - Object[] source = {expect}; - throw new ParsingException(form.format(source)); - case StreamTokenizer.TT_WORD: - if (expect.equalsIgnoreCase(st.sval)) { - lookahead = st.nextToken(); - } else if (expect.equalsIgnoreCase("permission type")) { - value = st.sval; - lookahead = st.nextToken(); - } else if (expect.equalsIgnoreCase("principal type")) { - value = st.sval; - lookahead = st.nextToken(); - } else { - throw new ParsingException(st.lineno(), expect, st.sval); - } - break; - case '"': - if (expect.equalsIgnoreCase("quoted string")) { - value = st.sval; - lookahead = st.nextToken(); - } else if (expect.equalsIgnoreCase("permission type")) { - value = st.sval; - lookahead = st.nextToken(); - } else if (expect.equalsIgnoreCase("principal type")) { - value = st.sval; - lookahead = st.nextToken(); - } else { - throw new ParsingException(st.lineno(), expect, st.sval); - } - break; - case ',': - if (expect.equalsIgnoreCase(",")) - lookahead = st.nextToken(); - else - throw new ParsingException(st.lineno(), expect, ","); - break; - case '{': - if (expect.equalsIgnoreCase("{")) - lookahead = st.nextToken(); - else - throw new ParsingException(st.lineno(), expect, "{"); - break; - case '}': - if (expect.equalsIgnoreCase("}")) - lookahead = st.nextToken(); - else - throw new ParsingException(st.lineno(), expect, "}"); - break; - case ';': - if (expect.equalsIgnoreCase(";")) - lookahead = st.nextToken(); - else - throw new ParsingException(st.lineno(), expect, ";"); - break; - case '*': - if (expect.equalsIgnoreCase("*")) - lookahead = st.nextToken(); - else - throw new ParsingException(st.lineno(), expect, "*"); - break; - default: - throw new ParsingException(st.lineno(), expect, - new String(new char[] {(char)lookahead})); - } - return value; - } - - /** - * skip all tokens for this entry leaving the delimiter ";" - * in the stream. - */ - private void skipEntry() - throws ParsingException, IOException - { - while(lookahead != ';') { - switch (lookahead) { - case StreamTokenizer.TT_NUMBER: - throw new ParsingException(st.lineno(), ";", - rb.getString("number.") + - String.valueOf(st.nval)); - case StreamTokenizer.TT_EOF: - throw new ParsingException - (rb.getString("expected.read.end.of.file")); - default: - lookahead = st.nextToken(); - } - } - } - - /** - * Each grant entry in the policy configuration file is - * represented by a - * GrantEntry object.

- * - *

- * For example, the entry - *

-     *      grant signedBy "Duke" {
-     *          permission java.io.FilePermission "/tmp", "read,write";
-     *      };
-     *
-     * 
- * is represented internally - *
-     *
-     * pe = new PermissionEntry("java.io.FilePermission",
-     *                           "/tmp", "read,write");
-     *
-     * ge = new GrantEntry("Duke", null);
-     *
-     * ge.add(pe);
-     *
-     * 
- * - * @author Roland Schemers - * - * version 1.19, 05/21/98 - */ - - static class GrantEntry { - - public String signedBy; - public String codeBase; - public LinkedList principals; - public Vector permissionEntries; - - public GrantEntry() { - permissionEntries = new Vector(); - } - - public GrantEntry(String signedBy, String codeBase) { - this.codeBase = codeBase; - this.signedBy = signedBy; - permissionEntries = new Vector(); - } - - public void add(PermissionEntry pe) - { - permissionEntries.addElement(pe); - } - - public boolean remove(PermissionEntry pe) - { - return permissionEntries.removeElement(pe); - } - - public boolean contains(PermissionEntry pe) - { - return permissionEntries.contains(pe); - } - - /** - * Enumerate all the permission entries in this GrantEntry. - */ - public Enumeration permissionElements(){ - return permissionEntries.elements(); - } - - - public void write(PrintWriter out) { - out.print("grant"); - if (signedBy != null) { - out.print(" signedBy \""); - out.print(signedBy); - out.print('"'); - if (codeBase != null) - out.print(", "); - } - if (codeBase != null) { - out.print(" codeBase \""); - out.print(codeBase); - out.print('"'); - if (principals != null && principals.size() > 0) - out.print(",\n"); - } - if (principals != null && principals.size() > 0) { - ListIterator pli = principals.listIterator(); - while (pli.hasNext()) { - out.print("\tPrincipal "); - PrincipalEntry pe = pli.next(); - out.print(pe.principalClass + - " \"" + pe.principalName + "\""); - if (pli.hasNext()) - out.print(",\n"); - } - } - out.println(" {"); - Enumeration enum_ = permissionEntries.elements(); - while (enum_.hasMoreElements()) { - PermissionEntry pe = enum_.nextElement(); - out.write(" "); - pe.write(out); - } - out.println("};"); - } - - } - - /** - * Principal info (class and name) in a grant entry - */ - static class PrincipalEntry { - - static final String WILDCARD_CLASS = "WILDCARD_PRINCIPAL_CLASS"; - static final String WILDCARD_NAME = "WILDCARD_PRINCIPAL_NAME"; - - String principalClass; - String principalName; - - /** - * A PrincipalEntry consists of the Principal - * class and Principal name. - * - *

- * - * @param principalClass the Principal class.

- * - * @param principalName the Principal name.

- */ - public PrincipalEntry(String principalClass, String principalName) { - if (principalClass == null || principalName == null) - throw new NullPointerException - ("null principalClass or principalName"); - this.principalClass = principalClass; - this.principalName = principalName; - } - - /** - * Test for equality between the specified object and this object. - * Two PrincipalEntries are equal if their PrincipalClass and - * PrincipalName values are equal. - * - *

- * - * @param obj the object to test for equality with this object. - * - * @return true if the objects are equal, false otherwise. - */ - public boolean equals(Object obj) { - if (this == obj) - return true; - - if (!(obj instanceof PrincipalEntry)) - return false; - - PrincipalEntry that = (PrincipalEntry)obj; - if (this.principalClass.equals(that.principalClass) && - this.principalName.equals(that.principalName)) { - return true; - } - - return false; - } - - /** - * Return a hashcode for this PrincipalEntry. - * - *

- * - * @return a hashcode for this PrincipalEntry. - */ - public int hashCode() { - return principalClass.hashCode(); - } - } - - /** - * Each permission entry in the policy configuration file is - * represented by a - * PermissionEntry object.

- * - *

- * For example, the entry - *

-     *          permission java.io.FilePermission "/tmp", "read,write";
-     * 
- * is represented internally - *
-     *
-     * pe = new PermissionEntry("java.io.FilePermission",
-     *                           "/tmp", "read,write");
-     * 
- * - * @author Roland Schemers - * - * version 1.19, 05/21/98 - */ - - static class PermissionEntry { - - public String permission; - public String name; - public String action; - public String signedBy; - - public PermissionEntry() { - } - - public PermissionEntry(String permission, - String name, - String action) { - this.permission = permission; - this.name = name; - this.action = action; - } - - /** - * Calculates a hash code value for the object. Objects - * which are equal will also have the same hashcode. - */ - public int hashCode() { - int retval = permission.hashCode(); - if (name != null) retval ^= name.hashCode(); - if (action != null) retval ^= action.hashCode(); - return retval; - } - - public boolean equals(Object obj) { - if (obj == this) - return true; - - if (! (obj instanceof PermissionEntry)) - return false; - - PermissionEntry that = (PermissionEntry) obj; - - if (this.permission == null) { - if (that.permission != null) return false; - } else { - if (!this.permission.equals(that.permission)) return false; - } - - if (this.name == null) { - if (that.name != null) return false; - } else { - if (!this.name.equals(that.name)) return false; - } - - if (this.action == null) { - if (that.action != null) return false; - } else { - if (!this.action.equals(that.action)) return false; - } - - if (this.signedBy == null) { - if (that.signedBy != null) return false; - } else { - if (!this.signedBy.equals(that.signedBy)) return false; - } - - // everything matched -- the 2 objects are equal - return true; - } - - public void write(PrintWriter out) { - out.print("permission "); - out.print(permission); - if (name != null) { - out.print(" \""); - - // have to add escape chars for quotes - if (name.indexOf("\"") != -1) { - int numQuotes = 0; - char[] chars = name.toCharArray(); - - // count the number of quote chars - for (int i = 0; i < chars.length; i++) { - if (chars[i] == '"') - numQuotes++; - } - - // now, add an escape char before each quote - char[] newChars = new char[chars.length + numQuotes]; - for (int i = 0, j = 0; i < chars.length; i++) { - if (chars[i] != '"') { - newChars[j++] = chars[i]; - } else { - newChars[j++] = '\\'; - newChars[j++] = chars[i]; - } - } - name = new String(newChars); - } - out.print(name); - out.print('"'); - } - if (action != null) { - out.print(", \""); - out.print(action); - out.print('"'); - } - if (signedBy != null) { - out.print(", signedBy \""); - out.print(signedBy); - out.print('"'); - } - out.println(";"); - } - } - - static class ParsingException extends GeneralSecurityException { - - private static final long serialVersionUID = 8240970523155877400L; - - /** - * Constructs a ParsingException with the specified - * detail message. A detail message is a String that describes - * this particular exception, which may, for example, specify which - * algorithm is not available. - * - * @param msg the detail message. - */ - public ParsingException(String msg) { - super(msg); - } - - public ParsingException(int line, String msg) { - super(rb.getString("line.") + line + rb.getString("COLON") + msg); - } - - public ParsingException(int line, String expect, String actual) { - super(rb.getString("line.") + line + rb.getString(".expected.") + - expect + rb.getString(".found.") + actual + - rb.getString("QUOTE")); - } - } - - public static void main(String arg[]) throws Exception { - PolicyParser pp = new PolicyParser(true); - pp.read(new FileReader(arg[0])); - FileWriter fr = new FileWriter(arg[1]); - pp.write(fr); - fr.close(); - } -}