bytecoderewriter.java

First of all, the Applet-phone is a SIP User-Agent with audio and text messaging capabilities. But

									Constants.PUTSTATIC));
						InstructionHandle start=il.getStart();                            
						il.insert(start,newInitInstructionList);                            
						method.setMaxLocals();
						method.setMaxStack();
						//Field Initialized
					}
					else if(method.getName().equals("processResponse")){
						//Get the instruction List from the bytecode method
						InstructionList il = method.getInstructionList();  
						il.setPositions();
						// Factory to create new instructions
						InstructionFactory factory = new InstructionFactory(cp);
						InstructionList newInitInstructionList = new InstructionList();
						//Put the value of the RequestEvent 
						//in the RequestEvent field of the place holder
						newInitInstructionList.append(factory.createLoad(
								Type.OBJECT,
								1));																		   
						newInitInstructionList.append(factory.createFieldAccess(
								"gov.nist.security.bcs.wrapper.PlaceHolder",
								"responseEvent",
								new ObjectType("javax.sip.ResponseEvent"), 
								Constants.PUTSTATIC));
						newInitInstructionList.append(InstructionConstants.ACONST_NULL);
						newInitInstructionList.append(factory.createFieldAccess(
									"gov.nist.security.bcs.wrapper.PlaceHolder",
									"requestEvent",
									new ObjectType("javax.sip.RequestEvent"), 
									Constants.PUTSTATIC));						           
						newInitInstructionList.append(InstructionConstants.ACONST_NULL);
						newInitInstructionList.append(factory.createFieldAccess(
									"gov.nist.security.bcs.wrapper.PlaceHolder",
									"timeoutEvent",
									new ObjectType("javax.sip.TimeoutEvent"), 
									Constants.PUTSTATIC));            
						InstructionHandle start=il.getStart();                    						       
						il.insert(start,newInitInstructionList);                            
						method.setMaxLocals();
						method.setMaxStack();
						//Field Initialized
					}
					else if(method.getName().equals("processTimeout")){
						//Get the instruction List from the bytecode method
						InstructionList il = method.getInstructionList();  
						il.setPositions();
						// Factory to create new instructions
						InstructionFactory factory = new InstructionFactory(cp);
						InstructionList newInitInstructionList = new InstructionList();
						//Put the value of the RequestEvent 
						//in the RequestEvent field of the place holder
						newInitInstructionList.append(factory.createLoad(
								Type.OBJECT,
								1));																		   
						newInitInstructionList.append(factory.createFieldAccess(
								"gov.nist.security.bcs.wrapper.PlaceHolder",
								"timeoutEvent",
								new ObjectType("javax.sip.TimeoutEvent"), 
								Constants.PUTSTATIC));            
						newInitInstructionList.append(InstructionConstants.ACONST_NULL);
						newInitInstructionList.append(factory.createFieldAccess(
									"gov.nist.security.bcs.wrapper.PlaceHolder",
									"responseEvent",
									new ObjectType("javax.sip.ResponseEvent"), 
									Constants.PUTSTATIC));						           
						newInitInstructionList.append(InstructionConstants.ACONST_NULL);
						newInitInstructionList.append(factory.createFieldAccess(
									"gov.nist.security.bcs.wrapper.PlaceHolder",
									"requestEvent",
									new ObjectType("javax.sip.RequestEvent"), 
									Constants.PUTSTATIC));								
						InstructionHandle start=il.getStart();                    						       
						il.insert(start,newInitInstructionList);                            
						method.setMaxLocals();
						method.setMaxStack();
						//Field Initialized
					}
					methods[i]=method.getMethod();
				}		
			}
			//dump the class rewritten with the wrapper initialized
			jclass.setConstantPool(cp.getFinalConstantPool());    
			try{
				jclass.dump(dumpPath);                                                  
			}
			catch(IOException ioe){
				ioe.printStackTrace();
			}
		//}
    }
    
    /**
     * This method check if the class has a inheritance not authorized
     * @param name - class name
     * @return true if the class doesn't inherit unauthorized classes
     */
    protected boolean checkInheritance(String name){
        //parse the class 
        try{
            JavaClass jclass = new ClassParser(
            uploadDirectory.concat(
                    name.replace('.',File.separatorChar))+".class")
                    .parse();
            String superClassName=jclass.getSuperclassName();
            Enumeration keys=sipPermissions.keys();
            //If there is no permissions to check we dumped the file
            if (!keys.hasMoreElements() )
                return true;                
            else{
                while(keys.hasMoreElements()){
                    String permissionName=(String)keys.nextElement();            
                    PermissionTag permissionTag=(PermissionTag)sipPermissions.get(permissionName);
                    InheritanceTag inheritanceTag=permissionTag.getInheritanceTag();
                    if(inheritanceTag!=null){
                        List superClassesToCheck=inheritanceTag.getSuperClassesToCheck();
                        if(superClassesToCheck!=null){
                            for(int i=0;i<superClassesToCheck.size();i++)
                                if(superClassName.equals(superClassesToCheck.get(i)))
                                    addThrowExceptionToMainClass("Restricted inheritance found on the following class : " + name,
                                                                 inheritanceTag.getByteCodeTag(),
                                                                 permissionTag);                    
                        }
                    }
                }
            }                
        }
        catch(FileNotFoundException fnfe) {
            fnfe.printStackTrace(); 
        }
        catch(IOException e) {
            e.printStackTrace(); 
        }
        return true;    
    }
    /**
     * This method adds a hook to the main class to check if we have the permission
     * to use this superclass
     * @param message - message to show where the bad inheritance has been found
     * @param byteCodeTag - tag needed to know which method of which class we have to call
     * @param permissionTag - tag needed to know which permission we have to create
     * to do the security hook
     */
    protected void addThrowExceptionToMainClass(String message,
                                            ByteCodeTag byteCodeTag,
                                            PermissionTag permissionTag){
        try{
            JavaClass jclass = new ClassParser(
                uploadDirectory.concat(
                    mainClass.replace('.',File.separatorChar))+".class")
                    .parse();
            ConstantPoolGen cp  = new ConstantPoolGen(jclass.getConstantPool());     
            org.apache.bcel.classfile.Method methods[]= jclass.getMethods();  
            for (int i = 0; i< methods.length; i++) {
                if (!methods[i].isAbstract()  && !methods[i].isNative()) {
                    MethodGen method = new MethodGen(methods[i],jclass.getClassName(), cp);                                                               
                    //Do the check
                    if(method.getName().equals("main")){
                        //Get the instruction List from the bytecode method
                        InstructionList il = method.getInstructionList();  
                        il.setPositions();
                        // Factory to create new instructions
                        InstructionFactory factory = new InstructionFactory(cp);
                        //New InstructionList that will be some of the bytecode added to the service
                        InstructionList newInstructionList = new InstructionList(); 
                        
                        newInstructionList.append(factory.createFieldAccess(
                                    mainClass,
                                    "__"+byteCodeTag.getClassToInvoke().replace('.','_'),
                                    new ObjectType(byteCodeTag.getClassToInvoke()),
                                    Constants.GETSTATIC));            
                        //Create the permission
                        newInstructionList.append(factory.createNew(permissionTag.getClassName()));
                        newInstructionList.append(InstructionConstants.DUP);
                        newInstructionList.append(new PUSH(cp,permissionTag.getActions()));
                        newInstructionList.append(factory.createInvoke(
                                                    permissionTag.getClassName(),
                                                    "<init>",
                                                    Type.VOID,
                                                    new Type[]{new ObjectType("java.lang.String")},
                                                    Constants.INVOKESPECIAL));    
                        //Push the message to print if the permission is not granted
                        newInstructionList.append(new PUSH(cp,message));
                        //Specify the types of the method's arguments 
                        //through the ByteCode Tag extracted from the permissions.xml file  
                        //Get the arguments of the method to invoke
                        Vector bc_args=byteCodeTag.getArguments();        
                        Type[] args_types=new Type[bc_args.size()];                        
                        for(int j=0;j<bc_args.size();j++)
                            args_types[j]=getBCELType(((ByteCodeArgumentTag)bc_args.get(j)).getClassName());                        
                        //Create a call to the method which will do the check
                        newInstructionList.append(factory.createInvoke(
                                                        byteCodeTag.getClassToInvoke(),
                                                        byteCodeTag.getMethod(), Type.VOID,
                                                        args_types,
                                                        org.apache.bcel.Constants.INVOKEVIRTUAL));                        
                        il.insert(il.getStart(),newInstructionList);        
                        method.setMaxLocals();
                        method.setMaxStack();
                        //Field Initialized
                        methods[i]=method.getMethod();
                    }
                }
            }
            // Dump the class to the directory dump with the same name
            jclass.setConstantPool(cp.getFinalConstantPool());                        
            jclass.dump(uploadDirectory+"dump"+File.separatorChar+mainClass.replace('.',File.separatorChar)+".class");        
        }
        catch(IOException ioe){
            ioe.printStackTrace();
        }
    }
    
    /**
     * this method enforce the security on a class by checking if there is no
     * violations of the permission granted to the user and by adding some bytecode
     * to the class to enforce the security at runtime by checking the value of some arguments
     * of some method invoked by the user
     * @param name - the name of the class     
     * @return true - if there is no violations of the permissions before runtime else false
     */
    protected boolean enforceSecurity(String name){
        boolean StackPermissionsRespected=true;
        //Checking the sip customized permissions and add runtime security hooks for each permission            
        //if we found the same methods through the bytecode
        Enumeration keys=sipPermissions.keys();
        //If there is no permissions to check we return ok
        if (!keys.hasMoreElements() ){            
            return StackPermissionsRespected;        
        }            
        //Put a bytcode security check on his service
        SipPermissionChecker stackPerm=new SipPermissionChecker(dumpPath,this);        
        logger.debug(name+" in rewriting !");        
         while(keys.hasMoreElements() && StackPermissionsRespected){
            String permissionName=(String)keys.nextElement();            
            PermissionTag permissionTag=(PermissionTag)sipPermissions.get(permissionName);
            Vector methodsToCheck=permissionTag.getMethodsToCheck();