securitywrapper.java

First of all, the Applet-phone is a SIP User-Agent with audio and text messaging capabilities. But

/*
 * SecurityWrapper.java
 *
 * Created on June 17, 2003, 9:09 AM
 */

package gov.nist.security.bcs.wrapper;

import javax.sip.message.*;
import javax.sip.header.*;

/**
 * Class that will be called from the bytecode. Each method will do a particular check
 * @author  DERUELLE Jean
 */
public class SecurityWrapper {
	/**number of listening points already created*/
	private int listeningPointsCreated = 0;
	/**the access control context of the jvm with wich we will check the different permissions*/
	private java.security.AccessControlContext context = null;
	
	public String errorReason=null;
	
	/** Creates a new instance of SecurityWrapper */
	public SecurityWrapper() {
		SecurityManager securityManager = System.getSecurityManager();
		if (securityManager != null)
			context =
				(java.security.AccessControlContext) securityManager
					.getSecurityContext();
	}

	/**
	 * Method that will check the "before runtime" methods
	 * It will check if the permission in parameter has been granted to the user
	 * @param permission -the permission coming from the bytecode and in fact from the permissions.xml file
	 * (the permission can be any existing permission like FilePermission or StackPermission)     
	 */
	public void checkPermission(java.security.Permission permission) {
		try {
			System.out.println(
				"Checking in your group policy file for the following PERMISSION : "
					+ permission);
			context.checkPermission(permission);

			//System.out.println("Access granted.");   
		} catch (Exception e) {
			System.out.println("Access rejected.");
			System.exit(1);
		}
	}
	/**
	 * Method that will check the Inheritance of the all service.
	 * It will check if the permission in parameter has been granted to the user.
	 * @param permission -the permission coming from the bytecode and in fact from the permissions.xml file
	 * @param message - the message to print if there is any inheritance problem
	 * (the permission can be any existing permission like FilePermission or StackPermission)     
	 */
	public void checkInheritance(
		java.security.Permission permission,
		java.lang.String message) {
		try {
			System.out.println(
				"Checking in your group policy file for the following PERMISSION : "
					+ permission);
			context.checkPermission(permission);

			//System.out.println("Access granted.");   
		} catch (Exception e) {
			System.out.println(message);
			System.exit(1);
		}
	}
	/**
	 * A method to check if the response To header argument
	 * is a URI granted. 
	 * @param response - the response message from which we will extract the to header argument     
	 */
	public void checkResponseTO(Response response) {
		String caller = (response.getHeader(ToHeader.NAME)).toString();
		int indexOpeningParenthesis = caller.indexOf("<");
		int indexClosingParenthesis = caller.indexOf(">");
		caller =
			caller.substring(
				indexOpeningParenthesis + 1,
				indexClosingParenthesis);
		caller = caller.substring("sip:".length());
		try {
			gov.nist.security.permissions.SipCallPermission callPermission =
				new gov.nist.security.permissions.SipCallPermission(
					caller,
					"outgoing");
			//System.out.println("Checking in your group policy file for the following CALL PERMISSION : "+ callPermission);
			context.checkPermission(callPermission);

			//System.out.println("Sending response accepted caller: "+caller);        
		} catch (Exception e) {
			System.out.println("Sending response rejected caller: " + caller);
			System.exit(1);
		}
	}

	/**
	 * A method to check if the request From header argument
	 * is a URI granted. 
	 * @param request - the request message from which we will extract the from header argument     
	 */
	public void checkRequestFrom(Request request) {
		String caller = (request.getHeader(FromHeader.NAME)).toString();
		int indexOpeningParenthesis = caller.indexOf("<");
		int indexClosingParenthesis = caller.indexOf(">");
		caller =
			caller.substring(
				indexOpeningParenthesis + 1,
				indexClosingParenthesis);
		caller = caller.substring("sip:".length());
		try {
			gov.nist.security.permissions.SipCallPermission callPermission =
				new gov.nist.security.permissions.SipCallPermission(
					caller,
					"incoming");
			//System.out.println("Checking in your group policy file for the following CALL PERMISSION : "+ callPermission);
			context.checkPermission(callPermission);

			//System.out.println("Sending response accepted caller: "+caller);        
		} catch (Exception e) {
			System.out.println("Sending response rejected caller: " + caller);
			System.exit(1);
		}
	}

	/**
	 * A method to check if the Ack To header argument
	 * is a URI granted. 
	 * @param request - the response message from which we will extract the to header argument     
	 */
	public void checkAckTO(Request request) {
		String caller = (request.getHeader(ToHeader.NAME)).toString();
		int indexOpeningParenthesis = caller.indexOf("<");
		int indexClosingParenthesis = caller.indexOf(">");
		caller =
			caller.substring(
				indexOpeningParenthesis + 1,
				indexClosingParenthesis);
		caller = caller.substring("sip:".length());
		try {
			gov.nist.security.permissions.SipCallPermission callPermission =
				new gov.nist.security.permissions.SipCallPermission(
					caller,
					"outgoing");
			//System.out.println("Checking in your group policy file for the following CALL PERMISSION : "+ callPermission);
			context.checkPermission(callPermission);

			//System.out.println("Sending response accepted caller: "+caller);        
		} catch (Exception e) {
			System.out.println("Sending response rejected caller: " + caller);
			System.exit(1);
		}
	}

	/**
	 * A method to check if the service tries to use his own router.     
	 * @param key - the key put in the Properties object 
	 * (if it equals javax.sip.ROUTER_PATH the acces will not be granted)
	 * @param value - the value corresponding to the key put in the Properties object 
	 */
	public void checkRouter(Object key, Object value) {
		if (key instanceof String) {
			System.out.println("Checking the following property: " + key);
			if (!key.equals("javax.sip.ROUTER_PATH"))
				return;
		}
		try {
			gov.nist.security.permissions.SipRouterPermission routerPermission =
				new gov.nist.security.permissions.SipRouterPermission(
					"allowed");
			//System.out.println("Checking in your group policy file for the following ROUTER PERMISSION : "+ routerPermission);
			context.checkPermission(routerPermission);

			//System.out.println("Using your own router "+value+" accepted");   
		} catch (Exception e) {
			System.out.println("Using your own router " + value + " rejected");
			System.exit(1);
		}
	}
	/**
	 * A method to check if the service tries to use his own router.               
	 * @param message - the message
	 */
	public void checkStatelessCalls(Message message) {
		try {
			gov.nist.security.permissions.StatelessBehavior statelessBehavior =
				new gov.nist.security.permissions.StatelessBehavior("allowed");
			//System.out.println("Checking in your group policy file for the following STATELESS CALLS PERMISSION : "+ statelessBehavior);
			context.checkPermission(statelessBehavior);

			//System.out.println("Stateless Calls allowed");   
		} catch (Exception e) {
			System.out.println("Stateless Calls rejected");
			System.exit(1);
		}
	}
	/**
	 * A method to check if the service to check where the service tries to send a mail.     
	 * @param type - the Recipient Type of the mail     
	 * @param address - the Internet Address where to send the mail.
	 */
	public void checkRecipients(javax.mail.Message message) {
		String name = null;
		gov.nist.security.permissions.MailPermission mailPermission =null;
		try {
			//gov.nist.security.permissions.MailPermission mailPermission=new gov.nist.security.permissions.MailPermission(caller,"outgoing");			
			//context.checkPermission(mailPermission);  
			java.util.EventObject sipEvent = null;

			if (PlaceHolder.requestEvent != null) {
				sipEvent = PlaceHolder.requestEvent;
			} else if (PlaceHolder.responseEvent != null) {
				sipEvent = PlaceHolder.responseEvent;
			} else {
				sipEvent = PlaceHolder.timeoutEvent;
			}
			System.out.println("SipEvent "+sipEvent);
			javax.mail.Address address[] = message.getAllRecipients();
			name = address[0].toString();
			mailPermission =
				new gov.nist.security.permissions.MailPermission(
					name,
					message,
					sipEvent,
					this);
			//System.out.println("Checking in your group policy file for the following MAIL PERMISSION : "+ mailPermission);
			context.checkPermission(mailPermission);
			//System.out.println("Sending Mail to "+caller+" accepted");   
		} catch (Exception e) {
			//e.printStackTrace();
			System.out.println("Sending Mail to " + name + " rejected");
			System.out.println("Reason : " + errorReason);
			System.exit(1);
		}
	}

	/**
	 * A method to check if the service tries to open too much port
	 * @param portNumber - the port number
	 * @param transport - the transport
	 */
	public void checkListeningPoint(
		int portNumber,
		java.lang.String transport) {
		listeningPointsCreated++;
		try {
			gov.nist.security.permissions.SipPortPermission sipPortPermission =
				new gov.nist.security.permissions.SipPortPermission(
					Integer.toString(listeningPointsCreated),
					"create");
			//System.out.println("Checking in your group policy file for the following LISTENING POINT PERMISSION : "+ sipPortPermission);
			context.checkPermission(sipPortPermission);

			//System.out.println("Listening Point Creation accepted");   
		} catch (Exception e) {
			System.out.println("Listening Point Creation rejected");
			System.exit(1);
		}
	}
}