1 /* |
1 /* |
2 * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
28 import java.io.*; |
28 import java.io.*; |
29 import java.lang.reflect.*; |
29 import java.lang.reflect.*; |
30 import java.net.MalformedURLException; |
30 import java.net.MalformedURLException; |
31 import java.net.URL; |
31 import java.net.URL; |
32 import java.net.URI; |
32 import java.net.URI; |
|
33 import java.nio.file.Files; |
33 import java.nio.file.Path; |
34 import java.nio.file.Path; |
34 import java.util.*; |
35 import java.util.*; |
35 import java.security.*; |
36 import java.security.*; |
36 import java.security.cert.Certificate; |
37 import java.security.cert.Certificate; |
37 import java.security.cert.X509Certificate; |
38 import java.security.cert.X509Certificate; |
38 import javax.security.auth.Subject; |
39 import javax.security.auth.Subject; |
39 import javax.security.auth.x500.X500Principal; |
40 import javax.security.auth.x500.X500Principal; |
40 import java.io.FilePermission; |
|
41 import java.net.SocketPermission; |
41 import java.net.SocketPermission; |
42 import java.net.NetPermission; |
42 import java.net.NetPermission; |
43 import java.util.concurrent.ConcurrentHashMap; |
43 import java.util.concurrent.ConcurrentHashMap; |
44 import jdk.internal.access.JavaSecurityAccess; |
44 import jdk.internal.access.JavaSecurityAccess; |
45 import static jdk.internal.access.JavaSecurityAccess.ProtectionDomainCache; |
45 import static jdk.internal.access.JavaSecurityAccess.ProtectionDomainCache; |
271 * subsequently ignored. |
271 * subsequently ignored. |
272 */ |
272 */ |
273 private static Set<URL> badPolicyURLs = |
273 private static Set<URL> badPolicyURLs = |
274 Collections.newSetFromMap(new ConcurrentHashMap<URL,Boolean>()); |
274 Collections.newSetFromMap(new ConcurrentHashMap<URL,Boolean>()); |
275 |
275 |
276 // The default.policy file |
|
277 private static final URL DEFAULT_POLICY_URL = |
|
278 AccessController.doPrivileged(new PrivilegedAction<>() { |
|
279 @Override |
|
280 public URL run() { |
|
281 String sep = File.separator; |
|
282 try { |
|
283 return Path.of(StaticProperty.javaHome(), |
|
284 "lib", "security", |
|
285 "default.policy").toUri().toURL(); |
|
286 } catch (MalformedURLException mue) { |
|
287 // should not happen |
|
288 throw new Error("Malformed default.policy URL: " + mue); |
|
289 } |
|
290 } |
|
291 }); |
|
292 |
|
293 /** |
276 /** |
294 * Initializes the Policy object and reads the default policy |
277 * Initializes the Policy object and reads the default policy |
295 * configuration file(s) into the Policy object. |
278 * configuration file(s) into the Policy object. |
296 */ |
279 */ |
297 public PolicyFile() { |
280 public PolicyFile() { |
347 } |
330 } |
348 |
331 |
349 private void initPolicyFile(final PolicyInfo newInfo, final URL url) { |
332 private void initPolicyFile(final PolicyInfo newInfo, final URL url) { |
350 |
333 |
351 // always load default.policy |
334 // always load default.policy |
352 if (debug != null) { |
|
353 debug.println("reading " + DEFAULT_POLICY_URL); |
|
354 } |
|
355 AccessController.doPrivileged(new PrivilegedAction<>() { |
335 AccessController.doPrivileged(new PrivilegedAction<>() { |
356 @Override |
336 @Override |
357 public Void run() { |
337 public Void run() { |
358 init(DEFAULT_POLICY_URL, newInfo, true); |
338 initDefaultPolicy(newInfo); |
359 return null; |
339 return null; |
360 } |
340 } |
361 }); |
341 }); |
362 |
342 |
363 if (url != null) { |
343 if (url != null) { |
371 debug.println("reading " + url); |
351 debug.println("reading " + url); |
372 } |
352 } |
373 AccessController.doPrivileged(new PrivilegedAction<>() { |
353 AccessController.doPrivileged(new PrivilegedAction<>() { |
374 @Override |
354 @Override |
375 public Void run() { |
355 public Void run() { |
376 if (init(url, newInfo, false) == false) { |
356 if (init(url, newInfo) == false) { |
377 // use static policy if all else fails |
357 // use static policy if all else fails |
378 initStaticPolicy(newInfo); |
358 initStaticPolicy(newInfo); |
379 } |
359 } |
380 return null; |
360 return null; |
381 } |
361 } |
427 policyURL = new URL(extra_policy); |
407 policyURL = new URL(extra_policy); |
428 } |
408 } |
429 if (debug != null) { |
409 if (debug != null) { |
430 debug.println("reading "+policyURL); |
410 debug.println("reading "+policyURL); |
431 } |
411 } |
432 if (init(policyURL, newInfo, false)) { |
412 if (init(policyURL, newInfo)) { |
433 loaded_policy = true; |
413 loaded_policy = true; |
434 } |
414 } |
435 } catch (Exception e) { |
415 } catch (Exception e) { |
436 // ignore. |
416 // ignore. |
437 if (debug != null) { |
417 if (debug != null) { |
490 }); |
470 }); |
491 |
471 |
492 return loadedPolicy; |
472 return loadedPolicy; |
493 } |
473 } |
494 |
474 |
|
475 private void initDefaultPolicy(PolicyInfo newInfo) { |
|
476 Path defaultPolicy = Path.of(StaticProperty.javaHome(), |
|
477 "lib", |
|
478 "security", |
|
479 "default.policy"); |
|
480 if (debug != null) { |
|
481 debug.println("reading " + defaultPolicy); |
|
482 } |
|
483 try (BufferedReader br = Files.newBufferedReader(defaultPolicy)) { |
|
484 |
|
485 PolicyParser pp = new PolicyParser(expandProperties); |
|
486 pp.read(br); |
|
487 |
|
488 Enumeration<PolicyParser.GrantEntry> enum_ = pp.grantElements(); |
|
489 while (enum_.hasMoreElements()) { |
|
490 PolicyParser.GrantEntry ge = enum_.nextElement(); |
|
491 addGrantEntry(ge, null, newInfo); |
|
492 } |
|
493 } catch (Exception e) { |
|
494 throw new InternalError("Failed to load default.policy", e); |
|
495 } |
|
496 } |
|
497 |
495 /** |
498 /** |
496 * Reads a policy configuration into the Policy object using a |
499 * Reads a policy configuration into the Policy object using a |
497 * Reader object. |
500 * Reader object. |
498 */ |
501 */ |
499 private boolean init(URL policy, PolicyInfo newInfo, boolean defPolicy) { |
502 private boolean init(URL policy, PolicyInfo newInfo) { |
500 |
503 |
501 // skip parsing policy file if it has been previously parsed and |
504 // skip parsing policy file if it has been previously parsed and |
502 // has syntax errors |
505 // has syntax errors |
503 if (badPolicyURLs.contains(policy)) { |
506 if (badPolicyURLs.contains(policy)) { |
504 if (debug != null) { |
507 if (debug != null) { |
535 PolicyParser.GrantEntry ge = enum_.nextElement(); |
538 PolicyParser.GrantEntry ge = enum_.nextElement(); |
536 addGrantEntry(ge, keyStore, newInfo); |
539 addGrantEntry(ge, keyStore, newInfo); |
537 } |
540 } |
538 return true; |
541 return true; |
539 } catch (PolicyParser.ParsingException pe) { |
542 } catch (PolicyParser.ParsingException pe) { |
540 if (defPolicy) { |
|
541 throw new InternalError("Failed to load default.policy", pe); |
|
542 } |
|
543 // record bad policy file to avoid later reparsing it |
543 // record bad policy file to avoid later reparsing it |
544 badPolicyURLs.add(policy); |
544 badPolicyURLs.add(policy); |
545 Object[] source = {policy, pe.getNonlocalizedMessage()}; |
545 Object[] source = {policy, pe.getNonlocalizedMessage()}; |
546 System.err.println(LocalizedMessage.getNonlocalized |
546 System.err.println(LocalizedMessage.getNonlocalized |
547 (POLICY + ".error.parsing.policy.message", source)); |
547 (POLICY + ".error.parsing.policy.message", source)); |
548 if (debug != null) { |
548 if (debug != null) { |
549 pe.printStackTrace(); |
549 pe.printStackTrace(); |
550 } |
550 } |
551 } catch (Exception e) { |
551 } catch (Exception e) { |
552 if (defPolicy) { |
|
553 throw new InternalError("Failed to load default.policy", e); |
|
554 } |
|
555 if (debug != null) { |
552 if (debug != null) { |
556 debug.println("error parsing "+policy); |
553 debug.println("error parsing "+policy); |
557 debug.println(e.toString()); |
554 debug.println(e.toString()); |
558 e.printStackTrace(); |
555 e.printStackTrace(); |
559 } |
556 } |