jdk-sandbox: comparison jdk/src/share/classes/sun/security/provider/ConfigSpiFile.java

equal deleted inserted replaced

-:ff3beb903c1d
+:30930d65aff1
-/*
-* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
-* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-*
-* This code is free software; you can redistribute it and/or modify it
-* under the terms of the GNU General Public License version 2 only, as
-* published by the Free Software Foundation.  Oracle designates this
-* particular file as subject to the "Classpath" exception as provided
-* by Oracle in the LICENSE file that accompanied this code.
-*
-* This code is distributed in the hope that it will be useful, but WITHOUT
-* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-* FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-* version 2 for more details (a copy is included in the LICENSE file that
-* accompanied this code).
-*
-* You should have received a copy of the GNU General Public License version
-* 2 along with this work; if not, write to the Free Software Foundation,
-* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-*
-* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-* or visit www.oracle.com if you need additional information or have any
-* questions.
-*/
-package sun.security.provider;
-import java.io.*;
-import java.net.MalformedURLException;
-import java.net.URI;
-import java.net.URL;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-import java.security.Security;
-import java.security.URIParameter;
-import java.text.MessageFormat;
-import java.util.*;
-import javax.security.auth.AuthPermission;
-import javax.security.auth.login.AppConfigurationEntry;
-import javax.security.auth.login.Configuration;
-import javax.security.auth.login.ConfigurationSpi;
-import sun.security.util.Debug;
-import sun.security.util.PropertyExpander;
-import sun.security.util.ResourcesMgr;
-/**
-* This class represents a default implementation for
-* {@code javax.security.auth.login.Configuration}.
-*
-* <p> This object stores the runtime login configuration representation,
-* and is the amalgamation of multiple static login
-* configurations that resides in files.
-* The algorithm for locating the login configuration file(s) and reading their
-* information into this {@code Configuration} object is:
-*
-* <ol>
-* <li>
-*   Loop through the security properties,
-*   <i>login.config.url.1</i>, <i>login.config.url.2</i>, ...,
-*   <i>login.config.url.X</i>.
-*   Each property value specifies a <code>URL</code> pointing to a
-*   login configuration file to be loaded.  Read in and load
-*   each configuration.
-*
-* <li>
-*   The {@code java.lang.System} property
-*   <i>java.security.auth.login.config</i>
-*   may also be set to a {@code URL} pointing to another
-*   login configuration file
-*   (which is the case when a user uses the -D switch at runtime).
-*   If this property is defined, and its use is allowed by the
-*   security property file (the Security property,
-*   <i>policy.allowSystemProperty</i> is set to <i>true</i>),
-*   also load that login configuration.
-*
-* <li>
-*   If the <i>java.security.auth.login.config</i> property is defined using
-*   "==" (rather than "="), then ignore all other specified
-*   login configurations and only load this configuration.
-*
-* <li>
-*   If no system or security properties were set, try to read from the file,
-*   ${user.home}/.java.login.config, where ${user.home} is the value
-*   represented by the "user.home" System property.
-* </ol>
-*
-* <p> The configuration syntax supported by this implementation
-* is exactly that syntax specified in the
-* {@code javax.security.auth.login.Configuration} class.
-*
-* @see javax.security.auth.login.LoginContext
-* @see java.security.Security security properties
-*/
-public final class ConfigSpiFile extends ConfigurationSpi {
-private URL url;
-private boolean expandProp = true;
-private Map<String, List<AppConfigurationEntry>> configuration;
-private int linenum;
-private StreamTokenizer st;
-private int lookahead;
-private static Debug debugConfig = Debug.getInstance("configfile");
-private static Debug debugParser = Debug.getInstance("configparser");
-/**
-* Create a new {@code Configuration} object.
-*
-* @throws SecurityException if the {@code Configuration} can not be
-*                           initialized
-*/
-public ConfigSpiFile() {
-try {
-init();
-} catch (IOException ioe) {
-throw new SecurityException(ioe);
-}
-}
-/**
-* Create a new {@code Configuration} object from the specified {@code URI}.
-*
-* @param uri the {@code URI}
-* @throws SecurityException if the {@code Configuration} can not be
-*                           initialized
-* @throws NullPointerException if {@code uri} is null
-*/
-public ConfigSpiFile(URI uri) {
-// only load config from the specified URI
-try {
-url = uri.toURL();
-init();
-} catch (IOException ioe) {
-throw new SecurityException(ioe);
-}
-}
-public ConfigSpiFile(final Configuration.Parameters params)
-throws IOException {
-// call in a doPrivileged
-//
-// we have already passed the Configuration.getInstance
-// security check.  also this class is not freely accessible
-// (it is in the "sun" package).
-try {
-AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
-public Void run() throws IOException {
-if (params == null) {
-init();
-} else {
-if (!(params instanceof URIParameter)) {
-throw new IllegalArgumentException
-("Unrecognized parameter: " + params);
-}
-URIParameter uriParam = (URIParameter)params;
-url = uriParam.getURI().toURL();
-init();
-}
-return null;
-}
-});
-} catch (PrivilegedActionException pae) {
-throw (IOException)pae.getException();
-}
-// if init() throws some other RuntimeException,
-// let it percolate up naturally.
-}
-/**
-* Read and initialize the entire login Configuration from the configured
-* URL.
-*
-* @throws IOException if the Configuration can not be initialized
-* @throws SecurityException if the caller does not have permission
-*                           to initialize the Configuration
-*/
-private void init() throws IOException {
-boolean initialized = false;
-// For policy.expandProperties, check if either a security or system
-// property is set to false (old code erroneously checked the system
-// prop so we must check both to preserve compatibility).
-String expand = Security.getProperty("policy.expandProperties");
-if (expand == null) {
-expand = System.getProperty("policy.expandProperties");
-}
-if ("false".equals(expand)) {
-expandProp = false;
-}
-// new configuration
-Map<String, List<AppConfigurationEntry>> newConfig = new HashMap<>();
-if (url != null) {
-/**
-* If the caller specified a URI via Configuration.getInstance,
-* we only read from that URI
-*/
-if (debugConfig != null) {
-debugConfig.println("reading " + url);
-}
-init(url, newConfig);
-configuration = newConfig;
-return;
-}
-/**
-* Caller did not specify URI via Configuration.getInstance.
-* Read from URLs listed in the java.security properties file.
-*/
-String allowSys = Security.getProperty("policy.allowSystemProperty");
-if ("true".equalsIgnoreCase(allowSys)) {
-String extra_config = System.getProperty
-("java.security.auth.login.config");
-if (extra_config != null) {
-boolean overrideAll = false;
-if (extra_config.startsWith("=")) {
-overrideAll = true;
-extra_config = extra_config.substring(1);
-}
-try {
-extra_config = PropertyExpander.expand(extra_config);
-} catch (PropertyExpander.ExpandException peee) {
-MessageFormat form = new MessageFormat
-(ResourcesMgr.getString
-("Unable.to.properly.expand.config",
-"sun.security.util.AuthResources"));
-Object[] source = {extra_config};
-throw new IOException(form.format(source));
-}
-URL configURL = null;
-try {
-configURL = new URL(extra_config);
-} catch (MalformedURLException mue) {
-File configFile = new File(extra_config);
-if (configFile.exists()) {
-configURL = configFile.toURI().toURL();
-} else {
-MessageFormat form = new MessageFormat
-(ResourcesMgr.getString
-("extra.config.No.such.file.or.directory.",
-"sun.security.util.AuthResources"));
-Object[] source = {extra_config};
-throw new IOException(form.format(source));
-}
-}
-if (debugConfig != null) {
-debugConfig.println("reading "+configURL);
-}
-init(configURL, newConfig);
-initialized = true;
-if (overrideAll) {
-if (debugConfig != null) {
-debugConfig.println("overriding other policies!");
-}
-configuration = newConfig;
-return;
-}
-}
-}
-int n = 1;
-String config_url;
-while ((config_url = Security.getProperty
-("login.config.url."+n)) != null) {
-try {
-config_url = PropertyExpander.expand
-(config_url).replace(File.separatorChar, '/');
-if (debugConfig != null) {
-debugConfig.println("\tReading config: " + config_url);
-}
-init(new URL(config_url), newConfig);
-initialized = true;
-} catch (PropertyExpander.ExpandException peee) {
-MessageFormat form = new MessageFormat
-(ResourcesMgr.getString
-("Unable.to.properly.expand.config",
-"sun.security.util.AuthResources"));
-Object[] source = {config_url};
-throw new IOException(form.format(source));
-}
-n++;
-}
-if (initialized == false && n == 1 && config_url == null) {
-// get the config from the user's home directory
-if (debugConfig != null) {
-debugConfig.println("\tReading Policy " +
-"from ~/.java.login.config");
-}
-config_url = System.getProperty("user.home");
-String userConfigFile = config_url +
-File.separatorChar + ".java.login.config";
-// No longer throws an exception when there's no config file
-// at all. Returns an empty Configuration instead.
-if (new File(userConfigFile).exists()) {
-init(new File(userConfigFile).toURI().toURL(),
-newConfig);
-}
-}
-configuration = newConfig;
-}
-private void init(URL config,
-Map<String, List<AppConfigurationEntry>> newConfig)
-throws IOException {
-try (InputStreamReader isr
-= new InputStreamReader(getInputStream(config), "UTF-8")) {
-readConfig(isr, newConfig);
-} catch (FileNotFoundException fnfe) {
-if (debugConfig != null) {
-debugConfig.println(fnfe.toString());
-}
-throw new IOException(ResourcesMgr.getString
-("Configuration.Error.No.such.file.or.directory",
-"sun.security.util.AuthResources"));
-}
-}
-/**
-* Retrieve an entry from the Configuration using an application name
-* as an index.
-*
-* @param applicationName the name used to index the Configuration.
-* @return an array of AppConfigurationEntries which correspond to
-*         the stacked configuration of LoginModules for this
-*         application, or null if this application has no configured
-*         LoginModules.
-*/
-@Override
-public AppConfigurationEntry[] engineGetAppConfigurationEntry
-(String applicationName) {
-List<AppConfigurationEntry> list = null;
-synchronized (configuration) {
-list = configuration.get(applicationName);
-}
-if (list == null || list.size() == 0)
-return null;
-AppConfigurationEntry[] entries =
-new AppConfigurationEntry[list.size()];
-Iterator<AppConfigurationEntry> iterator = list.iterator();
-for (int i = 0; iterator.hasNext(); i++) {
-AppConfigurationEntry e = iterator.next();
-entries[i] = new AppConfigurationEntry(e.getLoginModuleName(),
-e.getControlFlag(),
-e.getOptions());
-}
-return entries;
-}
-/**
-* Refresh and reload the Configuration by re-reading all of the
-* login configurations.
-*
-* @throws SecurityException if the caller does not have permission
-*                           to refresh the Configuration.
-*/
-@Override
-public synchronized void engineRefresh() {
-SecurityManager sm = System.getSecurityManager();
-if (sm != null)
-sm.checkPermission(new AuthPermission("refreshLoginConfiguration"));
-AccessController.doPrivileged(new PrivilegedAction<Void>() {
-public Void run() {
-try {
-init();
-} catch (IOException ioe) {
-throw new SecurityException(ioe.getLocalizedMessage(), ioe);
-}
-return null;
-}
-});
-}
-private void readConfig(Reader reader,
-Map<String, List<AppConfigurationEntry>> newConfig)
-throws IOException {
-linenum = 1;
-if (!(reader instanceof BufferedReader))
-reader = new BufferedReader(reader);
-st = new StreamTokenizer(reader);
-st.quoteChar('"');
-st.wordChars('$', '$');
-st.wordChars('_', '_');
-st.wordChars('-', '-');
-st.wordChars('*', '*');
-st.lowerCaseMode(false);
-st.slashSlashComments(true);
-st.slashStarComments(true);
-st.eolIsSignificant(true);
-lookahead = nextToken();
-while (lookahead != StreamTokenizer.TT_EOF) {
-parseLoginEntry(newConfig);
-}
-}
-private void parseLoginEntry(
-Map<String, List<AppConfigurationEntry>> newConfig)
-throws IOException {
-List<AppConfigurationEntry> configEntries = new LinkedList<>();
-// application name
-String appName = st.sval;
-lookahead = nextToken();
-if (debugParser != null) {
-debugParser.println("\tReading next config entry: " + appName);
-}
-match("{");
-// get the modules
-while (peek("}") == false) {
-// get the module class name
-String moduleClass = match("module class name");
-// controlFlag (required, optional, etc)
-AppConfigurationEntry.LoginModuleControlFlag controlFlag;
-String sflag = match("controlFlag").toUpperCase();
-switch (sflag) {
-case "REQUIRED":
-controlFlag =
-AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
-break;
-case "REQUISITE":
-controlFlag =
-AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
-break;
-case "SUFFICIENT":
-controlFlag =
-AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
-break;
-case "OPTIONAL":
-controlFlag =
-AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
-break;
-default:
-MessageFormat form = new MessageFormat(
-ResourcesMgr.getString
-("Configuration.Error.Invalid.control.flag.flag",
-"sun.security.util.AuthResources"));
-Object[] source = {sflag};
-throw new IOException(form.format(source));
-}
-// get the args
-Map<String, String> options = new HashMap<>();
-while (peek(";") == false) {
-String key = match("option key");
-match("=");
-try {
-options.put(key, expand(match("option value")));
-} catch (PropertyExpander.ExpandException peee) {
-throw new IOException(peee.getLocalizedMessage());
-}
-}
-lookahead = nextToken();
-// create the new element
-if (debugParser != null) {
-debugParser.println("\t\t" + moduleClass + ", " + sflag);
-for (String key : options.keySet()) {
-debugParser.println("\t\t\t" + key +
-"=" + options.get(key));
-}
-}
-configEntries.add(new AppConfigurationEntry(moduleClass,
-controlFlag, options));
-}
-match("}");
-match(";");
-// add this configuration entry
-if (newConfig.containsKey(appName)) {
-MessageFormat form = new MessageFormat(ResourcesMgr.getString
-("Configuration.Error.Can.not.specify.multiple.entries.for.appName",
-"sun.security.util.AuthResources"));
-Object[] source = {appName};
-throw new IOException(form.format(source));
-}
-newConfig.put(appName, configEntries);
-}
-private String match(String expect) throws IOException {
-String value = null;
-switch(lookahead) {
-case StreamTokenizer.TT_EOF:
-MessageFormat form1 = new MessageFormat(ResourcesMgr.getString
-("Configuration.Error.expected.expect.read.end.of.file.",
-"sun.security.util.AuthResources"));
-Object[] source1 = {expect};
-throw new IOException(form1.format(source1));
-case '"':
-case StreamTokenizer.TT_WORD:
-if (expect.equalsIgnoreCase("module class name") ||
-expect.equalsIgnoreCase("controlFlag") ||
-expect.equalsIgnoreCase("option key") ||
-expect.equalsIgnoreCase("option value")) {
-value = st.sval;
-lookahead = nextToken();
-} else {
-MessageFormat form = new MessageFormat(ResourcesMgr.getString
-("Configuration.Error.Line.line.expected.expect.found.value.",
-"sun.security.util.AuthResources"));
-Object[] source = {new Integer(linenum), expect, st.sval};
-throw new IOException(form.format(source));
-}
-break;
-case '{':
-if (expect.equalsIgnoreCase("{")) {
-lookahead = nextToken();
-} else {
-MessageFormat form = new MessageFormat(ResourcesMgr.getString
-("Configuration.Error.Line.line.expected.expect.",
-"sun.security.util.AuthResources"));
-Object[] source = {new Integer(linenum), expect, st.sval};
-throw new IOException(form.format(source));
-}
-break;
-case ';':
-if (expect.equalsIgnoreCase(";")) {
-lookahead = nextToken();
-} else {
-MessageFormat form = new MessageFormat(ResourcesMgr.getString
-("Configuration.Error.Line.line.expected.expect.",
-"sun.security.util.AuthResources"));
-Object[] source = {new Integer(linenum), expect, st.sval};
-throw new IOException(form.format(source));
-}
-break;
-case '}':
-if (expect.equalsIgnoreCase("}")) {
-lookahead = nextToken();
-} else {
-MessageFormat form = new MessageFormat(ResourcesMgr.getString
-("Configuration.Error.Line.line.expected.expect.",
-"sun.security.util.AuthResources"));
-Object[] source = {new Integer(linenum), expect, st.sval};
-throw new IOException(form.format(source));
-}
-break;
-case '=':
-if (expect.equalsIgnoreCase("=")) {
-lookahead = nextToken();
-} else {
-MessageFormat form = new MessageFormat(ResourcesMgr.getString
-("Configuration.Error.Line.line.expected.expect.",
-"sun.security.util.AuthResources"));
-Object[] source = {new Integer(linenum), expect, st.sval};
-throw new IOException(form.format(source));
-}
-break;
-default:
-MessageFormat form = new MessageFormat(ResourcesMgr.getString
-("Configuration.Error.Line.line.expected.expect.found.value.",
-"sun.security.util.AuthResources"));
-Object[] source = {new Integer(linenum), expect, st.sval};
-throw new IOException(form.format(source));
-}
-return value;
-}
-private boolean peek(String expect) {
-boolean found = false;
-switch (lookahead) {
-case ',':
-if (expect.equalsIgnoreCase(","))
-found = true;
-break;
-case ';':
-if (expect.equalsIgnoreCase(";"))
-found = true;
-break;
-case '{':
-if (expect.equalsIgnoreCase("{"))
-found = true;
-break;
-case '}':
-if (expect.equalsIgnoreCase("}"))
-found = true;
-break;
-default:
-}
-return found;
-}
-private int nextToken() throws IOException {
-int tok;
-while ((tok = st.nextToken()) == StreamTokenizer.TT_EOL) {
-linenum++;
-}
-return tok;
-}
-private InputStream getInputStream(URL url) throws IOException {
-if ("file".equalsIgnoreCase(url.getProtocol())) {
-// Compatibility notes:
-//
-// Code changed from
-//   String path = url.getFile().replace('/', File.separatorChar);
-//   return new FileInputStream(path);
-//
-// The original implementation would search for "/tmp/a%20b"
-// when url is "file:///tmp/a%20b". This is incorrect. The
-// current codes fix this bug and searches for "/tmp/a b".
-// For compatibility reasons, when the file "/tmp/a b" does
-// not exist, the file named "/tmp/a%20b" will be tried.
-//
-// This also means that if both file exists, the behavior of
-// this method is changed, and the current codes choose the
-// correct one.
-try {
-return url.openStream();
-} catch (Exception e) {
-String file = url.getPath();
-if (url.getHost().length() > 0) {  // For Windows UNC
-file = "//" + url.getHost() + file;
-}
-if (debugConfig != null) {
-debugConfig.println("cannot read " + url +
-", try " + file);
-}
-return new FileInputStream(file);
-}
-} else {
-return url.openStream();
-}
-}
-private String expand(String value)
-throws PropertyExpander.ExpandException, IOException {
-if (value.isEmpty()) {
-return value;
-}
-if (expandProp) {
-String s = PropertyExpander.expand(value);
-if (s == null || s.length() == 0) {
-MessageFormat form = new MessageFormat(ResourcesMgr.getString
-("Configuration.Error.Line.line.system.property.value.expanded.to.empty.value",
-"sun.security.util.AuthResources"));
-Object[] source = {new Integer(linenum), value};
-throw new IOException(form.format(source));
-}
-return s;
-} else {
-return value;
-}
-}
-}

changeset 19453	30930d65aff1
parent 19452	ff3beb903c1d
parent 19451	2e571ead57dc
child 19477	b877dedb72ca