1 8 package org.codehaus.loom.xmlpolicy.builder; 9 10 import java.io.InputStream ; 11 import java.lang.reflect.Constructor ; 12 import java.net.MalformedURLException ; 13 import java.net.URL ; 14 import java.security.CodeSource ; 15 import java.security.KeyStore ; 16 import java.security.KeyStoreException ; 17 import java.security.Permission ; 18 import java.security.Policy ; 19 import java.security.UnresolvedPermission ; 20 import java.security.cert.Certificate ; 21 import java.util.ArrayList ; 22 import java.util.HashMap ; 23 import java.util.List ; 24 import java.util.Map ; 25 import java.util.PropertyPermission ; 26 import java.util.StringTokenizer ; 27 28 import org.codehaus.loom.xmlpolicy.metadata.GrantMetaData; 29 import org.codehaus.loom.xmlpolicy.metadata.KeyStoreMetaData; 30 import org.codehaus.loom.xmlpolicy.metadata.PermissionMetaData; 31 import org.codehaus.loom.xmlpolicy.metadata.PolicyMetaData; 32 33 40 public class PolicyBuilder 41 { 42 49 public Policy buildPolicy( final PolicyMetaData policy, 50 final PolicyResolver resolver ) 51 throws Exception 52 { 53 if( null == policy ) 54 { 55 throw new NullPointerException ( "policy" ); 56 } 57 if( null == resolver ) 58 { 59 throw new NullPointerException ( "resolver" ); 60 } 61 62 final Map keyStores = 63 createKeyStores( policy.getKeyStores(), resolver ); 64 final Map grants = new HashMap (); 65 processGrants( policy.getGrants(), keyStores, grants, resolver ); 66 67 final CodeSource codeSource = createDefaultCodeSource(); 68 final Permission [] permissions = getDefaultPermissions(); 69 grants.put( codeSource, permissions ); 70 71 return resolver.createPolicy( grants ); 72 } 73 74 83 private void processGrants( final GrantMetaData[] metaDatas, 84 final Map keyStores, 85 final Map grants, 86 final PolicyResolver resolver ) 87 throws Exception 88 { 89 for( int i = 0; i < metaDatas.length; i++ ) 90 { 91 processGrant( metaDatas[ i ], keyStores, grants, resolver ); 92 } 93 } 94 95 104 private void processGrant( final GrantMetaData metaData, 105 final Map keyStores, 106 final Map grants, 107 final PolicyResolver resolver ) 108 throws Exception 109 { 110 final URL url = 111 resolver.resolveLocation( metaData.getCodebase() ); 112 113 final Certificate [] signers = 114 getSigners( metaData.getSignedBy(), 115 metaData.getKeyStore(), 116 keyStores ); 117 final CodeSource codeSource = new CodeSource ( url, signers ); 118 119 final Permission [] permissions = 120 createPermissions( metaData.getPermissions(), 121 keyStores ); 122 grants.put( codeSource, permissions ); 123 } 124 125 133 private Permission [] createPermissions( final PermissionMetaData[] metaDatas, 134 final Map keyStores ) 135 throws Exception 136 { 137 final List set = new ArrayList (); 138 139 for( int i = 0; i < metaDatas.length; i++ ) 140 { 141 final Permission permission = 142 createPermission( metaDatas[ i ], keyStores ); 143 set.add( permission ); 144 } 145 146 return (Permission [])set.toArray( new Permission [ set.size() ] ); 147 } 148 149 157 private Permission createPermission( final PermissionMetaData metaData, 158 final Map keyStores ) 159 throws Exception 160 { 161 final String type = metaData.getClassname(); 162 final String actions = metaData.getAction(); 163 final String signedBy = metaData.getSignedBy(); 164 final String keyStoreName = metaData.getKeyStore(); 165 final String target = metaData.getTarget(); 166 167 final Certificate [] signers = 168 getSigners( signedBy, keyStoreName, keyStores ); 169 return createPermission( type, target, actions, signers ); 170 } 171 172 179 private Map createKeyStores( final KeyStoreMetaData[] metaDatas, 180 final PolicyResolver resolver ) 181 throws Exception 182 { 183 final Map keyStores = new HashMap (); 184 185 for( int i = 0; i < metaDatas.length; i++ ) 186 { 187 final KeyStoreMetaData metaData = metaDatas[ i ]; 188 final String name = metaData.getName(); 189 190 try 191 { 192 final URL url = 193 resolver.resolveLocation( metaData.getLocation() ); 194 final KeyStore keyStore = 195 createKeyStore( metaData.getType(), url ); 196 197 keyStores.put( name, keyStore ); 198 } 199 catch( final Exception e ) 200 { 201 final String message = 202 "Error creating keystore " + name + ". Due to " + e; 203 throw new Exception ( message ); 204 } 205 } 206 207 return keyStores; 208 } 209 210 221 private final Permission createPermission( final String type, 222 final String target, 223 final String actions, 224 final Certificate [] signers ) 225 throws Exception 226 { 227 if( null != signers ) 228 { 229 return new UnresolvedPermission ( type, target, actions, signers ); 230 } 231 232 try 233 { 234 final Class clazz = Class.forName( type ); 235 236 Class paramClasses[] = null; 237 Object params[] = null; 238 239 if( null == actions && null == target ) 240 { 241 paramClasses = new Class [ 0 ]; 242 params = new Object [ 0 ]; 243 } 244 else if( null == actions ) 245 { 246 paramClasses = new Class [ 1 ]; 247 paramClasses[ 0 ] = String .class; 248 params = new Object [ 1 ]; 249 params[ 0 ] = target; 250 } 251 else 252 { 253 paramClasses = new Class [ 2 ]; 254 paramClasses[ 0 ] = String .class; 255 paramClasses[ 1 ] = String .class; 256 params = new Object [ 2 ]; 257 params[ 0 ] = target; 258 params[ 1 ] = actions; 259 } 260 261 final Constructor constructor = clazz.getConstructor( paramClasses ); 262 return (Permission )constructor.newInstance( params ); 263 } 264 catch( final ClassNotFoundException cnfe ) 265 { 266 return new UnresolvedPermission ( type, target, actions, signers ); 267 } 268 } 269 270 278 protected KeyStore createKeyStore( final String type, 279 final URL url ) 280 throws Exception 281 { 282 final KeyStore keyStore = KeyStore.getInstance( type ); 283 final InputStream ins = url.openStream(); 284 keyStore.load( ins, null ); 285 return keyStore; 286 } 287 288 298 private Certificate [] getSigners( final String signedBy, 299 final String keyStoreName, 300 final Map keyStores ) 301 throws Exception 302 { 303 if( null == signedBy ) 304 { 305 return null; 306 } 307 else 308 { 309 final KeyStore keyStore = getKeyStore( keyStoreName, keyStores ); 310 return getCertificates( signedBy, keyStore ); 311 } 312 } 313 314 322 private Certificate [] getCertificates( final String signedBy, 323 final KeyStore keyStore ) 324 throws Exception 325 { 326 final List certificateSet = new ArrayList (); 327 328 final StringTokenizer st = new StringTokenizer ( signedBy, "," ); 329 while( st.hasMoreTokens() ) 330 { 331 final String alias = st.nextToken().trim(); 332 Certificate certificate = null; 333 334 try 335 { 336 certificate = keyStore.getCertificate( alias ); 337 } 338 catch( final KeyStoreException kse ) 339 { 340 final String message = 341 "Unable to get certificate for alias " + 342 alias + " due to " + kse; 343 throw new Exception ( message ); 344 } 345 346 if( null == certificate ) 347 { 348 final String message = 349 "Missing certificate for alias " + alias; 350 throw new Exception ( message ); 351 } 352 353 if( !certificateSet.contains( certificate ) ) 354 { 355 certificateSet.add( certificate ); 356 } 357 } 358 359 return (Certificate [])certificateSet.toArray( new Certificate [ certificateSet.size() ] ); 360 } 361 362 371 private KeyStore getKeyStore( final String keyStoreName, final Map keyStores ) throws Exception 372 { 373 final KeyStore keyStore = (KeyStore )keyStores.get( keyStoreName ); 374 if( null == keyStore ) 375 { 376 final String message = "Missing keystore named: " + keyStoreName; 377 throw new Exception ( message ); 378 } 379 else 380 { 381 return keyStore; 382 } 383 } 384 385 391 private CodeSource createDefaultCodeSource() 392 { 393 final URL url; 395 try 396 { 397 url = new URL ( "file:/-" ); 398 } 399 catch( final MalformedURLException mue ) 400 { 401 throw new IllegalStateException ( mue.getMessage() ); 403 } 404 final CodeSource codeSource = new CodeSource ( url, null ); 405 return codeSource; 406 } 407 408 411 private Permission [] getDefaultPermissions() 412 { 413 final ArrayList list = new ArrayList (); 414 list.add( new PropertyPermission ( "os.name", "read" ) ); 416 list.add( new PropertyPermission ( "os.arch", "read" ) ); 417 list.add( new PropertyPermission ( "os.version", "read" ) ); 418 list.add( new PropertyPermission ( "file.separator", "read" ) ); 419 list.add( new PropertyPermission ( "path.separator", "read" ) ); 420 list.add( new PropertyPermission ( "line.separator", "read" ) ); 421 422 list.add( new PropertyPermission ( "java.version", "read" ) ); 423 list.add( new PropertyPermission ( "java.vendor", "read" ) ); 424 list.add( new PropertyPermission ( "java.vendor.url", "read" ) ); 425 426 list.add( new PropertyPermission ( "java.class.version", "read" ) ); 427 list.add( new PropertyPermission ( "java.vm.version", "read" ) ); 428 list.add( new PropertyPermission ( "java.vm.vendor", "read" ) ); 429 list.add( new PropertyPermission ( "java.vm.name", "read" ) ); 430 431 list.add( new PropertyPermission ( "java.specification.version", "read" ) ); 432 list.add( new PropertyPermission ( "java.specification.vendor", "read" ) ); 433 list.add( new PropertyPermission ( "java.specification.name", "read" ) ); 434 list.add( new PropertyPermission ( "java.vm.specification.version", "read" ) ); 435 list.add( new PropertyPermission ( "java.vm.specification.vendor", "read" ) ); 436 list.add( new PropertyPermission ( "java.vm.specification.name", "read" ) ); 437 438 return (Permission [])list.toArray( new Permission [ list.size() ] ); 439 } 440 } 441 | Popular Tags |