Java > Open Source Codes > javax > crypto > CryptoPermission


1 /*
2  * @(#)CryptoPermission.java 1.11 04/01/06
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */
7
8 package javax.crypto;
9
10 import java.security.*;
11 import java.security.spec.AlgorithmParameterSpec;
12 import java.io.Serializable;
13 import java.util.Enumeration;
14 import java.util.Vector;
15
16 import javax.crypto.spec.*;
17
18 /**
19  * The CryptoPermission class extends the
20  * java.security.Permission class. A
21  * CryptoPermission object is used to represent
22  * the ability of an application/applet to use certain
23  * algorithms with certain key sizes and other
24  * restrictions in certain environments. <p>
25  *
26  * @see java.security.Permission
27  *
28  * @version 1.11 01/06/04
29  * @author Jan Luehe
30  * @author Sharon Liu
31  * @since 1.4
32  */
33 class CryptoPermission extends java.security.Permission {
34
35     private static final long serialVersionUID = 8987399626114087514L;
36
37     private String alg;
38     private int maxKeySize = Integer.MAX_VALUE; // no restriction on maxKeySize
39 private String exemptionMechanism = null;
40     private AlgorithmParameterSpec algParamSpec = null;
41     private boolean checkParam = false; // no restriction on param
42
43     static final String ALG_NAME_WILDCARD = "*";
44     
45     /**
46      * Constructor that takes an algorithm name.
47      *
48      * This constructor implies that the given algorithm can be
49      * used without any restrictions.
50      *
51      * @param alg the algorithm name.
52      */
53     CryptoPermission(String alg) {
54     super(null);
55     this.alg = alg;
56     }
57
58     /**
59      * Constructor that takes an algorithm name and a maximum
60      * key size.
61      *
62      * This constructor implies that the given algorithm can be
63      * used with a key size up to <code>maxKeySize</code>.
64      *
65      * @param alg the algorithm name.
66      *
67      * @param maxKeySize the maximum allowable key size,
68      * specified in number of bits.
69      */
70     CryptoPermission(String alg, int maxKeySize) {
71     super(null);
72         this.alg = alg;
73     this.maxKeySize = maxKeySize;
74     }
75
76     /**
77      * Constructor that takes an algorithm name, a maximum
78      * key size, and an AlgorithmParameterSpec object.
79      *
80      * This constructor implies that the given algorithm can be
81      * used with a key size up to <code>maxKeySize</code>, and
82      * algorithm
83      * parameters up to the limits set in <code>algParamSpec</code>.
84      *
85      * @param alg the algorithm name.
86      *
87      * @param maxKeySize the maximum allowable key size,
88      * specified in number of bits.
89      *
90      * @param algParamSpec the limits for allowable algorithm
91      * parameters.
92      */
93     CryptoPermission(String alg,
94              int maxKeySize,
95              AlgorithmParameterSpec algParamSpec) {
96     super(null);
97         this.alg = alg;
98     this.maxKeySize = maxKeySize;
99     this.checkParam = true;
100     this.algParamSpec = algParamSpec;
101     }
102
103     /**
104      * Constructor that takes an algorithm name and the name of
105      * an exemption mechanism.
106      *
107      * This constructor implies that the given algorithm can be
108      * used without any key size or algorithm parameter restrictions
109      * provided that the specified exemption mechanism is enforced.
110      *
111      * @param alg the algorithm name.
112      *
113      * @param exemptionMechanism the name of the exemption mechanism.
114      */
115     CryptoPermission(String alg,
116              String exemptionMechanism) {
117     super(null);
118         this.alg = alg;
119     this.exemptionMechanism = exemptionMechanism;
120     }
121
122     /**
123      * Constructor that takes an algorithm name, a maximum key
124      * size, and the name of an exemption mechanism.
125      *
126      * This constructor implies that the given algorithm can be
127      * used with a key size up to <code>maxKeySize</code>
128      * provided that the
129      * specified exemption mechanism is enforced.
130      *
131      * @param alg the algorithm name.
132      * @param maxKeySize the maximum allowable key size,
133      * specified in number of bits.
134      * @param exemptionMechanism the name of the exemption
135      * mechanism.
136      */
137     CryptoPermission(String alg,
138              int maxKeySize,
139              String exemptionMechanism) {
140     super(null);
141         this.alg = alg;
142     this.exemptionMechanism = exemptionMechanism;
143     this.maxKeySize = maxKeySize;
144     }
145
146     /**
147      * Constructor that takes an algorithm name, a maximum key
148      * size, the name of an exemption mechanism, and an
149      * AlgorithmParameterSpec object.
150      *
151      * This constructor implies that the given algorithm can be
152      * used with a key size up to <code>maxKeySize</code>
153      * and algorithm
154      * parameters up to the limits set in <code>algParamSpec</code>
155      * provided that
156      * the specified exemption mechanism is enforced.
157      *
158      * @param alg the algorithm name.
159      * @param maxKeySize the maximum allowable key size,
160      * specified in number of bits.
161      * @param algParamSpec the limit for allowable algorithm
162      * parameter spec.
163      * @param exemptionMechanism the name of the exemption
164      * mechanism.
165      */
166     CryptoPermission(String alg,
167              int maxKeySize,
168              AlgorithmParameterSpec algParamSpec,
169              String exemptionMechanism) {
170     super(null);
171         this.alg = alg;
172     this.exemptionMechanism = exemptionMechanism;
173     this.maxKeySize = maxKeySize;
174     this.checkParam = true;
175     this.algParamSpec = algParamSpec;
176     }
177
178     /**
179      * Checks if the specified permission is "implied" by
180      * this object.
181      * <p>
182      * More specifically, this method returns true if:<p>
183      * <ul>
184      * <li> <i>p</i> is an instance of CryptoPermission, and<p>
185      * <li> <i>p</i>'s algorithm name equals or (in the case of wildcards)
186      * is implied by this permission's algorithm name, and<p>
187      * <li> <i>p</i>'s maximum allowable key size is less or
188      * equal to this permission's maximum allowable key size, and<p>
189      * <li> <i>p</i>'s algorithm parameter spec equals or is
190      * implied by this permission's algorithm parameter spec, and<p>
191      * <li> <i>p</i>'s exemptionMechanism equals or
192      * is implied by this permission's
193      * exemptionMechanism (a <code>null</code> exemption mechanism
194      * implies any other exemption mechanism).
195      * </ul>
196      *
197      * @param p the permission to check against.
198      *
199      * @return true if the specified permission is equal to or
200      * implied by this permission, false otherwise.
201      */
202     public boolean implies(Permission p) {
203     if (!(p instanceof CryptoPermission))
204         return false;
205
206     CryptoPermission cp = (CryptoPermission)p;
207
208     if ((!alg.equalsIgnoreCase(cp.alg)) &&
209         (!alg.equalsIgnoreCase(ALG_NAME_WILDCARD))) {
210         return false;
211     }
212
213     // alg is the same as cp's alg or
214 // alg is a wildcard.
215 if (cp.maxKeySize <= this.maxKeySize) {
216         // check algParamSpec.
217 if (!impliesParameterSpec(cp.checkParam, cp.algParamSpec)) {
218         return false;
219         }
220
221         // check exemptionMechanism.
222 if (impliesExemptionMechanism(cp.exemptionMechanism)) {
223         return true;
224         }
225     }
226
227     return false;
228     }
229
230     /**
231      * Checks two CryptoPermission objects for equality. Checks that
232      * <code>obj</code> is a CryptoPermission, and has the same
233      * algorithm name,
234      * exemption mechanism name, maximum allowable key size and
235      * algorithm parameter spec
236      * as this object.
237      * <P>
238      * @param obj the object to test for equality with this object.
239      * @return true if <code>obj</code> is equal to this object.
240      */
241     public boolean equals(Object obj) {
242     if (obj == this)
243         return true;
244
245     if (!(obj instanceof CryptoPermission))
246         return false;
247
248     CryptoPermission that = (CryptoPermission) obj;
249
250     if (!(alg.equalsIgnoreCase(that.alg)) ||
251         (maxKeySize != that.maxKeySize)) {
252         return false;
253     }
254     if (this.checkParam != that.checkParam) {
255         return false;
256     }
257     return (equalObjects(this.exemptionMechanism,
258                  that.exemptionMechanism) &&
259             equalObjects(this.algParamSpec,
260                  that.algParamSpec));
261     }
262
263     /**
264      * Returns the hash code value for this object.
265      *
266      * @return a hash code value for this object.
267      */
268
269     public int hashCode() {
270     int retval = alg.hashCode();
271     retval ^= maxKeySize;
272     if (exemptionMechanism != null) {
273         retval ^= exemptionMechanism.hashCode();
274     }
275     if (checkParam) retval ^= 100;
276     if (algParamSpec != null) {
277         retval ^= algParamSpec.hashCode();
278     }
279     return retval;
280     }
281
282     /**
283      * There is no action defined for a CryptoPermission
284      * onject.
285      */
286     public String getActions()
287     {
288     return null;
289     }
290
291     /**
292      * Returns a new PermissionCollection object for storing
293      * CryptoPermission objects.
294      *
295      * @return a new PermissionCollection object suitable for storing
296      * CryptoPermissions.
297      */
298
299     public PermissionCollection newPermissionCollection() {
300     return new CryptoPermissionCollection();
301     }
302
303     /**
304      * Returns the algorithm name associated with
305      * this CryptoPermission object.
306      */
307     final String getAlgorithm() {
308     return alg;
309     }
310
311     /**
312      * Returns the exemption mechanism name
313      * associated with this CryptoPermission
314      * object.
315      */
316     final String getExemptionMechanism() {
317     return exemptionMechanism;
318     }
319
320     /**
321      * Returns the maximum allowable key size associated
322      * with this CryptoPermission object.
323      */
324     final int getMaxKeySize() {
325     return maxKeySize;
326     }
327
328     /**
329      * Returns true if there is a limitation on the
330      * AlgorithmParameterSpec associated with this
331      * CryptoPermission object and false if otherwise.
332      */
333     final boolean getCheckParam() {
334     return checkParam;
335     }
336
337     /**
338      * Returns the AlgorithmParameterSpec
339      * associated with this CryptoPermission
340      * object.
341      */
342     final AlgorithmParameterSpec getAlgorithmParameterSpec() {
343     return algParamSpec;
344     }
345
346     /**
347      * Returns a string describing this CryptoPermission. The convention is to
348      * specify the class name, the algorithm name, the maximum allowable
349      * key size, and the name of the exemption mechanism, in the following
350      * format: '("ClassName" "algorithm" "keysize" "exemption_mechanism")'.
351      *
352      * @return information about this CryptoPermission.
353      */
354     public String toString() {
355     StringBuilder buf = new StringBuilder(100);
356     buf.append("(CryptoPermission " + alg + " " + maxKeySize);
357     if (algParamSpec != null) {
358         if (algParamSpec instanceof RC2ParameterSpec) {
359             buf.append(" , effective " +
360             ((RC2ParameterSpec)algParamSpec).getEffectiveKeyBits());
361         } else if (algParamSpec instanceof RC5ParameterSpec) {
362         buf.append(" , rounds " +
363             ((RC5ParameterSpec)algParamSpec).getRounds());
364         }
365     }
366     if (exemptionMechanism != null) { // OPTIONAL
367 buf.append(" " + exemptionMechanism);
368     }
369     buf.append(")");
370     return buf.toString();
371     }
372
373     private boolean impliesExemptionMechanism(String exemptionMechanism) {
374     if (this.exemptionMechanism == null) {
375         return true;
376     }
377
378     if (exemptionMechanism == null) {
379         return false;
380     }
381
382     if (this.exemptionMechanism.equals(exemptionMechanism)) {
383         return true;
384     }
385
386     return false;
387     }
388
389     private boolean impliesParameterSpec(boolean checkParam,
390                      AlgorithmParameterSpec algParamSpec) {
391     if ((this.checkParam) && checkParam) {
392         if (algParamSpec == null) {
393         return true;
394         } else if (this.algParamSpec == null) {
395         return false;
396         }
397         
398         if (this.algParamSpec.getClass() != algParamSpec.getClass()) {
399         return false;
400         }
401         
402         if (algParamSpec instanceof RC2ParameterSpec) {
403         if (((RC2ParameterSpec)algParamSpec).getEffectiveKeyBits() <=
404             ((RC2ParameterSpec)
405              (this.algParamSpec)).getEffectiveKeyBits()) {
406             return true;
407         }
408         }
409         
410         if (algParamSpec instanceof RC5ParameterSpec) {
411         if (((RC5ParameterSpec)algParamSpec).getRounds() <=
412             ((RC5ParameterSpec)this.algParamSpec).getRounds()) {
413             return true;
414         }
415         }
416         
417         if (algParamSpec instanceof PBEParameterSpec) {
418         if (((PBEParameterSpec)algParamSpec).getIterationCount() <=
419             ((PBEParameterSpec)this.algParamSpec).getIterationCount()) {
420             return true;
421         }
422         }
423         
424         // For classes we don't know, the following
425 // may be the best try.
426 if (this.algParamSpec.equals(algParamSpec)) {
427         return true;
428         }
429         return false;
430     } else if (this.checkParam) {
431         return false;
432     } else {
433         return true;
434     }
435     }
436
437     private boolean equalObjects(Object obj1, Object obj2) {
438     if (obj1 == null) {
439         return (obj2 == null ? true : false);
440     }
441
442     return obj1.equals(obj2);
443     }
444 }
445
446 /**
447  * A CryptoPermissionCollection stores a set of CryptoPermission
448  * permissions.
449  *
450  * @see java.security.Permission
451  * @see java.security.Permissions
452  * @see java.security.PermissionCollection
453  *
454  * @version 1.11 01/06/04
455  *
456  * @author Sharon Liu
457  */
458 final class CryptoPermissionCollection extends PermissionCollection
459 implements Serializable {
460
461     private static final long serialVersionUID = -511215555898802763L;
462
463     private Vector permissions;
464
465     /**
466      * Creates an empty CryptoPermissionCollection
467      * object.
468      */
469     CryptoPermissionCollection() {
470     permissions = new Vector(3);
471     }
472
473     /**
474      * Adds a permission to the CryptoPermissionCollection.
475      *
476      * @param permission the Permission object to add.
477      *
478      * @exception SecurityException - if this CryptoPermissionCollection
479      * object has been marked <i>readOnly</i>.
480      */
481     public void add(Permission permission)
482     {
483     if (isReadOnly())
484         throw new SecurityException("attempt to add a Permission " +
485                     "to a readonly PermissionCollection");
486
487         if (!(permission instanceof CryptoPermission))
488             return;
489         
490     permissions.addElement(permission);
491     }
492
493     /**
494       * Check and see if this CryptoPermission object implies
495       * the given Permission object.
496      *
497      * @param p the Permission object to compare
498      *
499      * @return true if the given permission is implied by this
500      * CryptoPermissionCollection, false if not.
501      */
502     public boolean implies(Permission permission) {
503     if (!(permission instanceof CryptoPermission))
504         return false;
505
506     CryptoPermission cp = (CryptoPermission)permission;
507
508     Enumeration e = permissions.elements();
509
510     while (e.hasMoreElements()) {
511         CryptoPermission x = (CryptoPermission) e.nextElement();
512         if (x.implies(cp)) {
513         return true;
514         }
515     }
516     return false;
517     }
518
519     /**
520      * Returns an enumeration of all the CryptoPermission objects
521      * in the container.
522      *
523      * @return an enumeration of all the CryptoPermission objects.
524      */
525
526     public Enumeration elements()
527     {
528     return permissions.elements();
529     }
530 }
531

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Java Books

---

Remove Frame

---

Popular Tags