unresolvedpermission.java

来自「This is a resource based on j2me embedde」· Java 代码 · 共 540 行 · 第 1/2 页

/*
 * @(#)UnresolvedPermission.java	1.24 06/10/10
 *
 * Copyright  1990-2008 Sun Microsystems, Inc. All Rights Reserved.  
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER  
 *   
 * This program is free software; you can redistribute it and/or  
 * modify it under the terms of the GNU General Public License version  
 * 2 only, as published by the Free Software Foundation.   
 *   
 * This program is distributed in the hope that it will be useful, but  
 * WITHOUT ANY WARRANTY; without even the implied warranty of  
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU  
 * General Public License version 2 for more details (a copy is  
 * included at /legal/license.txt).   
 *   
 * You should have received a copy of the GNU General Public License  
 * version 2 along with this work; if not, write to the Free Software  
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  
 * 02110-1301 USA   
 *   
 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa  
 * Clara, CA 95054 or visit www.sun.com if you need additional  
 * information or have any questions. 
 *
 */
 
package java.security;

import java.io.IOException;
import java.io.ByteArrayInputStream;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
import java.lang.reflect.*;
import java.security.cert.*;

/**
 * The UnresolvedPermission class is used to hold Permissions that
 * were "unresolved" when the Policy was initialized. 
 * An unresolved permission is one whose actual Permission class
 * does not yet exist at the time the Policy is initialized (see below).
 * 
 * <p>The policy for a Java runtime (specifying 
 * which permissions are available for code from various principals)
 * is represented by a Policy object.
 * Whenever a Policy is initialized or refreshed, Permission objects of
 * appropriate classes are created for all permissions
 * allowed by the Policy. 
 * 
 * <p>Many permission class types 
 * referenced by the policy configuration are ones that exist
 * locally (i.e., ones that can be found on CLASSPATH).
 * Objects for such permissions can be instantiated during
 * Policy initialization. For example, it is always possible
 * to instantiate a java.io.FilePermission, since the
 * FilePermission class is found on the CLASSPATH.
 * 
 * <p>Other permission classes may not yet exist during Policy
 * initialization. For example, a referenced permission class may
 * be in a JAR file that will later be loaded.
 * For each such class, an UnresolvedPermission is instantiated.
 * Thus, an UnresolvedPermission is essentially a "placeholder"
 * containing information about the permission.
 * 
 * <p>Later, when code calls AccessController.checkPermission 
 * on a permission of a type that was previously unresolved,
 * but whose class has since been loaded, previously-unresolved
 * permissions of that type are "resolved". That is,
 * for each such UnresolvedPermission, a new object of
 * the appropriate class type is instantiated, based on the
 * information in the UnresolvedPermission.
 *
 * <p> To instantiate the new class, UnresolvedPermission assumes
 * the class provides a zero, one, and/or two-argument constructor.
 * The zero-argument constructor would be used to instantiate
 * a permission without a name and without actions.
 * A one-arg constructor is assumed to take a <code>String</code>
 * name as input, and a two-arg constructor is assumed to take a
 * <code>String</code> name and <code>String</code> actions
 * as input.  UnresolvedPermission may invoke a
 * constructor with a <code>null</code> name and/or actions.
 * If an appropriate permission constructor is not available,
 * the UnresolvedPermission is ignored and the relevant permission
 * will not be granted to executing code.
 *
 * <p> The newly created permission object replaces the
 * UnresolvedPermission, which is removed.
 *
 * @see java.security.Permission
 * @see java.security.Permissions
 * @see java.security.PermissionCollection
 * @see java.security.Policy
 *
 * @version 1.17 00/02/02
 *
 * @author Roland Schemers
 */

public final class UnresolvedPermission extends Permission 
implements java.io.Serializable
{
    private static final sun.security.util.Debug debug =
	sun.security.util.Debug.getInstance
	("policy,access", "UnresolvedPermission");

    /**
     * The class name of the Permission class that will be
     * created when this unresolved permission is resolved.
     *
     * @serial
     */
    private String type;

    /**
     * The permission name.
     *
     * @serial
     */
    private String name;

    /**
     * The actions of the permission.
     *
     * @serial
     */
    private String actions;

    private transient java.security.cert.Certificate certs[];

    /**
     * Creates a new UnresolvedPermission containing the permission
     * information needed later to actually create a Permission of the
     * specified class, when the permission is resolved.
     * 
     * @param type the class name of the Permission class that will be
     * created when this unresolved permission is resolved.
     * @param name the name of the permission.
     * @param actions the actions of the permission.
     * @param certs the certificates the permission's class was signed with.
     * This is a list of certificate chains, where each chain is composed of a
     * signer certificate and optionally its supporting certificate chain.
     * Each chain is ordered bottom-to-top (i.e., with the signer certificate
     * first and the (root) certificate authority last).
     */
    public UnresolvedPermission(String type,
				String name,
				String actions,
				java.security.cert.Certificate certs[])
    {
	super(type);

	if (type == null) 
		throw new NullPointerException("type can't be null");

	this.type = type;
	this.name = name;
	this.actions = actions;
	if (certs != null) {
	    // Extract the signer certs from the list of certificates.
	    for (int i=0; i<certs.length; i++) {
		if (!(certs[i] instanceof X509Certificate)) {
		    // there is no concept of signer certs, so we store the
		    // entire cert array
		    this.certs =
			(java.security.cert.Certificate[])certs.clone();
		    break;
		}
	    }

	    if (this.certs == null) {
		// Go through the list of certs and see if all the certs are
		// signer certs.
		int i = 0;
		int count = 0;
		while (i < certs.length) {
		    count++;
		    while (((i+1) < certs.length) &&
			   ((X509Certificate)certs[i]).getIssuerDN().equals(
		               ((X509Certificate)certs[i+1]).getSubjectDN())) {
			i++;
		    }
		    i++;
		}
		if (count == certs.length) {
		    // All the certs are signer certs, so we store the entire
		    // array
		    this.certs =
			(java.security.cert.Certificate[])certs.clone();
		}

		if (this.certs == null) {
		    // extract the signer certs
		    ArrayList signerCerts = new ArrayList();
		    i = 0;
		    while (i < certs.length) {
			signerCerts.add(certs[i]);
			while (((i+1) < certs.length) &&
			    ((X509Certificate)certs[i]).getIssuerDN().equals(
             		      ((X509Certificate)certs[i+1]).getSubjectDN())) {
			    i++;
			}
			i++;
		    }
		    this.certs =
			new java.security.cert.Certificate[signerCerts.size()];
		    signerCerts.toArray(this.certs);
		}
	    }
	}
    }


    private static final Class[] PARAMS0 = { };
    private static final Class[] PARAMS1 = { String.class };
    private static final Class[] PARAMS2 = { String.class, String.class };

    /**
     * try and resolve this permission using the class loader of the permission
     * that was passed in.
     */
    Permission resolve(Permission p, java.security.cert.Certificate certs[]) {
	if (this.certs != null) {
	    // if p wasn't signed, we don't have a match
	    if (certs == null) {
		return null;
	    }

	    // all certs in this.certs must be present in certs
	    boolean match;
	    for (int i = 0; i < this.certs.length; i++) {
		match = false;
		for (int j = 0; j < certs.length; j++) {
		    if (this.certs[i].equals(certs[j])) {
			match = true;
			break;
		    }
		}
		if (!match) return null;
	    }
	}
	try {
	    Class pc = p.getClass();
	    
	    if (name == null && actions == null) {
	        try {
	            Constructor c = pc.getConstructor(PARAMS0);
	    	    return (Permission)c.newInstance(new Object[] {});
		} catch (NoSuchMethodException ne) {
		    try {
		        Constructor c = pc.getConstructor(PARAMS1);
                        return (Permission) c.newInstance(
			      new Object[] { name});
		    } catch (NoSuchMethodException ne1) {
		        Constructor c = pc.getConstructor(PARAMS2);
        		return (Permission) c.newInstance(
			      new Object[] { name, actions });
		    }
		}
	    } else {
	        if (name != null && actions == null) {
	            try {
	                Constructor c = pc.getConstructor(PARAMS1);
                        return (Permission) c.newInstance(
			      new Object[] { name});
		    } catch (NoSuchMethodException ne) {
		        Constructor c = pc.getConstructor(PARAMS2);
        	        return (Permission) c.newInstance(
			      new Object[] { name, actions });