permissionfilter.java.svn-base

来自「cqME :java framework for TCK test.」· SVN-BASE 代码 · 共 251 行

/*
 * $Id$
 *
 * Copyright 1996-2007 Sun Microsystems, Inc. All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License version
 * 2 only, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License version 2 for more details (a copy is
 * included at /legal/license.txt).
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this work; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA
 *
 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
 * Clara, CA 95054 or visit www.sun.com if you need additional
 * information or have any questions.
 *
 */

package com.sun.tck.midp.policy;

import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;

import com.sun.javatest.TestDescription;
import com.sun.javatest.TestEnvironment;
import com.sun.javatest.TestFilter;
import com.sun.javatest.util.I18NResourceBundle;
import com.sun.tck.j2me.javatest.J2meBaseTestSuite;
import com.sun.tck.midp.javatest.TestRegistry;

/**
 * Filters out tests whose security requirements cannot be satisfied by the
 * device's security policy. E.g. a test can require that https permission
 * should be granted, but device's policy do not allow https to be granted.
 * <p>
 * Note: Unknown permissions (permissions not present in platform policy,
 * as configured in the interview) do not affect filtering and are
 * effectively ignored.
 *
 * @see SecurityInfo.Factory#fromEnv(TestEnvironment)
 */
public class PermissionFilter extends TestFilter {

    private TestEnvironment env;

    private SecurityInfo secInfo;
    
    private final Set/*of Permissions*/ allKnownPerms;

    /**
     * Creates Permission filter with security info taken from the environment.
     *
     * @param env
     *                Test Environment.
     * @param ts
     *                Test Suite. (ignored)
     * @deprecated Use {@link #PermissionFilter(TestEnvironment)} instead.
     */
    public PermissionFilter(TestEnvironment env, J2meBaseTestSuite ts) {
        this(env);
    }

    /**
     * Creates Permission filter with security info taken from the environment.
     *
     * @param env
     *                Test Environment.
     */
    public PermissionFilter(TestEnvironment env) {
        this.env = env;
        secInfo = SecurityInfo.Factory.fromEnv(env);
        assert secInfo != null
                : "PermissionFilter: Invalid security from Environment";

        // calculate all known permissions
        allKnownPerms = new HashSet();
        PermissionSet platformPolicy = secInfo.getPlatformUntrustedPolicy();
        if (platformPolicy != null) {
            allKnownPerms.addAll(Collections.list(platformPolicy.getDenied()));
            allKnownPerms.addAll(Collections.list(platformPolicy.getGranted()));
        }

        log.config("Created PermissionFilter, known permissions: "
                + allKnownPerms.toString());
    }

    public String getName() {
        return "PermissionFilter";
    }

    public String getDescription() {
        return "Selects tests by comparing permission"
                + " sets of platform and test";
    }

    public String getReason() {
        return "Inappropriate permissions";
    }

    public boolean accepts(TestDescription td) throws Fault {
        PermissionSet tdps = getPermissionSet(td);

        if (!secInfo.isTrustedAppsSupported() || isUntrustedTest(td)) {
            PermissionSet platformPolicy = secInfo.getPlatformUntrustedPolicy();
            if (platformPolicy == null) {
                Fault fault = new Fault(i18n, "tf.nullPlatformPolicy");
                log.severe("PermissionFilter got " + fault
                        + ", while processing test: "
                        + td.getRootRelativeURL());
                throw fault;
            }

            // Clean up test's permission set, remove permissions
            // that are not in Platform Policy (unknown permissions),
            // so that they will not affect filtering.
            Set unknownPerms = removeUnknownPermissions(tdps);

            logUnknownPerms(td, unknownPerms);

            if (!platformPolicy.contains(tdps)) {
                return false;
            }
        } else {
            TestRegistry.addTestPolicy(td.getRootRelativeURL(), tdps);
        }

        return true;
    }

    /**
     * Logs unknown permissions for the specified test.
     *
     * @param td The test.
     * @param unknownPerms The set of unknown permissions.
     */
    private void logUnknownPerms(TestDescription td, Set unknownPerms) {
        if (log.isLoggable(Level.FINE)) {
            if (!unknownPerms.isEmpty()) {
                // Found a test with permissions undefined in Platform Policy
                log.fine("PermissionFilter detected that test "
                        + td.getRootRelativeURL()
                        + " uses permissions unknown to TCK: " + unknownPerms);
            }
        }
    }
    

    /**
     * Removes unknown permissions from the permission set and returns a set
     * of removed permissions, or empty set.
     * 
     * @param tdps
     *            Original permission set to be updated.
     * @return A set of permissions that were removed.
     */
    private Set/* of unknown perms*/ removeUnknownPermissions(
            PermissionSet tdps) {
        Set unknownPerms = new HashSet();
        for (Enumeration denied = tdps.getDenied(); denied.hasMoreElements();) {
            String permission = (String) denied.nextElement();
            if (!allKnownPerms.contains(permission)) {
                tdps.removePermission(permission);
                unknownPerms.add(permission);
            } 
        }
        for (Enumeration granted = tdps.getGranted(); granted.hasMoreElements();) {
            String permission = (String) granted.nextElement();
            if (!allKnownPerms.contains(permission)) {
                tdps.removePermission(permission);
                unknownPerms.add(permission);
            }
        }
        return unknownPerms;
    }

    // never returns null
    PermissionSet getPermissionSet(TestDescription td) throws Fault {
        PermissionSet ps = new PermissionSet();
        String granted = td.getParameter("grant");
        if (granted != null) {
            granted = resolve(granted);
            StringTokenizer st = new StringTokenizer(granted, " \t\n\r\f,");
            while (st.hasMoreTokens()) {
                if (!ps.grant(st.nextToken())) {
                    throw new Fault(i18n, "tf.ContradictoryPermissions", td
                            .getRootRelativeURL());
                }
            }

        }
        String denied = td.getParameter("deny");
        if (denied != null) {
            denied = resolve(denied);
            StringTokenizer st = new StringTokenizer(denied, " \t\n\r\f,");
            while (st.hasMoreTokens()) {
                if (!ps.deny(st.nextToken())) {
                    throw new Fault(i18n, "tf.ContradictoryPermissions", td
                            .getRootRelativeURL());
                }
            }

        }
        assert ps != null : "getPermissionSet() tries to return null";
        return ps;
    }

    protected String resolve(String s) throws Fault {
        try {
            String[] ss = env.resolve(s);
            if (ss.length == 0) {
                return "";
            }
            StringBuffer buf = new StringBuffer(ss[0]);
            for (int i = 1; i < ss.length; i++) {
                buf.append(" ").append(ss[i]);
            }
            return buf.toString();
        } catch (TestEnvironment.Fault e) {
            throw new Fault(i18n, "tf.ErrorResolving", s);
        }
    }

    private static boolean isTrustedTest(TestDescription td) {
        return td.getKeywordTable().contains("trusted");
    }

    private static boolean isUntrustedTest(TestDescription td) {
        return td.getKeywordTable().contains("untrusted");
    }

    private static final I18NResourceBundle i18n =
            I18NResourceBundle.getBundleForClass(PermissionFilter.class);

    private static final Logger log = Logger.getLogger(
            PermissionFilter.class.getName());
}