Home Explore Help
Sign In
nnesse
/
minwin-gcc-5-2
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f5de7b477e
Branches Tags
minwin-gcc-5-2
/
libjava
/
classpath
/
java
/
security
/
CodeSource.java

CodeSource.java 12 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357 
  1. /* CodeSource.java -- Code location and certifcates
    2. 

  2.    Copyright (C) 1998, 2002, 2004  Free Software Foundation, Inc.
    3. 

  3. 

  4. This file is part of GNU Classpath.
    5. 

  5. 

  6. GNU Classpath is free software; you can redistribute it and/or modify
    7. 

  7. it under the terms of the GNU General Public License as published by
    8. 

  8. the Free Software Foundation; either version 2, or (at your option)
    9. 

  9. any later version.
    10. 

  10. 

  11. GNU Classpath is distributed in the hope that it will be useful, but
    12. 

  12. WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    14. 

  14. General Public License for more details.
    15. 

  15. 

  16. You should have received a copy of the GNU General Public License
    17. 

  17. along with GNU Classpath; see the file COPYING.  If not, write to the
    18. 

  18. Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
    19. 

  19. 02110-1301 USA.
    20. 

  20. 

  21. Linking this library statically or dynamically with other modules is
    22. 

  22. making a combined work based on this library.  Thus, the terms and
    23. 

  23. conditions of the GNU General Public License cover the whole
    24. 

  24. combination.
    25. 

  25. 

  26. As a special exception, the copyright holders of this library give you
    27. 

  27. permission to link this library with independent modules to produce an
    28. 

  28. executable, regardless of the license terms of these independent
    29. 

  29. modules, and to copy and distribute the resulting executable under
    30. 

  30. terms of your choice, provided that you also meet, for each linked
    31. 

  31. independent module, the terms and conditions of the license of that
    32. 

  32. module.  An independent module is a module which is not derived from
    33. 

  33. or based on this library.  If you modify this library, you may extend
    34. 

  34. this exception to your version of the library, but you are not
    35. 

  35. obligated to do so.  If you do not wish to do so, delete this
    36. 

  36. exception statement from your version. */
    37. 

  37. 

  38. 

  39. package java.security;
    40. 

  40. 

  41. import gnu.java.lang.CPStringBuilder;
    42. 

  42. 

  43. import java.io.ByteArrayInputStream;
    44. 

  44. import java.io.IOException;
    45. 

  45. import java.io.ObjectInputStream;
    46. 

  46. import java.io.ObjectOutputStream;
    47. 

  47. import java.io.Serializable;
    48. 

  48. import java.net.SocketPermission;
    49. 

  49. import java.net.URL;
    50. 

  50. // Note that this overrides Certificate in this package.
    51. 

  51. import java.security.cert.Certificate;
    52. 

  52. import java.security.cert.CertificateEncodingException;
    53. 

  53. import java.security.cert.CertificateException;
    54. 

  54. import java.security.cert.CertificateFactory;
    55. 

  55. import java.util.Arrays;
    56. 

  56. import java.util.HashSet;
    57. 

  57. import java.util.Iterator;
    58. 

  58. 

  59. /**
    60. 

  60.  * This class represents a location from which code is loaded (as
    61. 

  61.  * represented by a URL), and the list of certificates that are used to
    62. 

  62.  * check the signatures of signed code loaded from this source.
    63. 

  63.  *
    64. 

  64.  * @author Aaron M. Renn (arenn@urbanophile.com)
    65. 

  65.  * @author Eric Blake (ebb9@email.byu.edu)
    66. 

  66.  * @since 1.1
    67. 

  67.  * @status updated to 1.4
    68. 

  68.  */
    69. 

  69. public class CodeSource implements Serializable
    70. 

  70. {
    71. 

  71.   /**
    72. 

  72.    * Compatible with JDK 1.1+.
    73. 

  73.    */
    74. 

  74.   private static final long serialVersionUID = 4977541819976013951L;
    75. 

  75. 

  76.   /**
    77. 

  77.    * This is the URL that represents the code base from which code will
    78. 

  78.    * be loaded.
    79. 

  79.    *
    80. 

  80.    * @serial the code location
    81. 

  81.    */
    82. 

  82.   private final URL location;
    83. 

  83. 

  84.   /** The set of certificates for this code base. */
    85. 

  85.   private transient HashSet certs;
    86. 

  86. 

  87.   /**
    88. 

  88.    * This creates a new instance of <code>CodeSource</code> that loads code
    89. 

  89.    * from the specified URL location and which uses the specified certificates
    90. 

  90.    * for verifying signatures.
    91. 

  91.    *
    92. 

  92.    * @param location the location from which code will be loaded
    93. 

  93.    * @param certs the list of certificates
    94. 

  94.    */
    95. 

  95.   public CodeSource(URL location, Certificate[] certs)
    96. 

  96.   {
    97. 

  97.     this.location = location;
    98. 

  98.     if (certs != null)
    99. 

  99.       this.certs = new HashSet(Arrays.asList(certs));
    100. 

  100.   }
    101. 

  101. 

  102.   /**
    103. 

  103.    * This method returns a hash value for this object.
    104. 

  104.    *
    105. 

  105.    * @return a hash value for this object
    106. 

  106.    */
    107. 

  107.   public int hashCode()
    108. 

  108.   {
    109. 

  109.     return (location == null ? 0 : location.hashCode())
    110. 

  110.       ^ (certs == null ? 0 : certs.hashCode());
    111. 

  111.   }
    112. 

  112. 

  113.   /**
    114. 

  114.    * This method tests the specified <code>Object</code> for equality with
    115. 

  115.    * this object.  This will be true if and only if the locations are equal
    116. 

  116.    * and the certificate sets are identical (ignoring order).
    117. 

  117.    *
    118. 

  118.    * @param obj the <code>Object</code> to test against
    119. 

  119.    * @return true if the specified object is equal to this one
    120. 

  120.    */
    121. 

  121.   public boolean equals(Object obj)
    122. 

  122.   {
    123. 

  123.     if (! (obj instanceof CodeSource))
    124. 

  124.       return false;
    125. 

  125.     CodeSource cs = (CodeSource) obj;
    126. 

  126.     return (certs == null ? cs.certs == null : certs.equals(cs.certs))
    127. 

  127.       && (location == null ? cs.location == null
    128. 

  128.           : location.equals(cs.location));
    129. 

  129.   }
    130. 

  130. 

  131.   /**
    132. 

  132.    * This method returns the URL specifying the location from which code
    133. 

  133.    * will be loaded under this <code>CodeSource</code>.
    134. 

  134.    *
    135. 

  135.    * @return the code location for this <code>CodeSource</code>
    136. 

  136.    */
    137. 

  137.   public final URL getLocation()
    138. 

  138.   {
    139. 

  139.     return location;
    140. 

  140.   }
    141. 

  141. 

  142.   /**
    143. 

  143.    * This method returns the list of digital certificates that can be used
    144. 

  144.    * to verify the signatures of code loaded under this
    145. 

  145.    * <code>CodeSource</code>.
    146. 

  146.    *
    147. 

  147.    * @return the certifcate list for this <code>CodeSource</code>
    148. 

  148.    */
    149. 

  149.   public final Certificate[] getCertificates()
    150. 

  150.   {
    151. 

  151.     if (certs == null)
    152. 

  152.       return null;
    153. 

  153.     Certificate[] c = new Certificate[certs.size()];
    154. 

  154.     certs.toArray(c);
    155. 

  155.     return c;
    156. 

  156.   }
    157. 

  157. 

  158.   /**
    159. 

  159.    * This method tests to see if a specified <code>CodeSource</code> is
    160. 

  160.    * implied by this object.  Effectively, to meet this test, the specified
    161. 

  161.    * object must have all the certifcates this object has (but may have more),
    162. 

  162.    * and must have a location that is a subset of this object's.  In order
    163. 

  163.    * for this object to imply the specified object, the following must be
    164. 

  164.    * true:
    165. 

  165.    *
    166. 

  166.    * <ol>
    167. 

  167.    * <li><em>codesource</em> must not be <code>null</code>.</li>
    168. 

  168.    * <li>If <em>codesource</em> has a certificate list, all of it's
    169. 

  169.    *     certificates must be present in the certificate list of this
    170. 

  170.    *     code source.</li>
    171. 

  171.    * <li>If this object does not have a <code>null</code> location, then
    172. 

  172.    *     the following addtional tests must be passed.
    173. 

  173.    *
    174. 

  174.    *     <ol>
    175. 

  175.    *     <li><em>codesource</em> must not have a <code>null</code>
    176. 

  176.    *         location.</li>
    177. 

  177.    *     <li><em>codesource</em>'s location must be equal to this object's
    178. 

  178.    *         location, or
    179. 

  179.    *         <ul>
    180. 

  180.    *         <li><em>codesource</em>'s location protocol, port, and ref (aka,
    181. 

  181.    *             anchor) must equal this objects</li>
    182. 

  182.    *         <li><em>codesource</em>'s location host must imply this object's
    183. 

  183.    *             location host, as determined by contructing
    184. 

  184.    *             <code>SocketPermission</code> objects from each with no
    185. 

  185.    *             action list and using that classes's <code>implies</code>
    186. 

  186.    *             method</li>
    187. 

  187.    *         <li>If this object's location file ends with a '/', then the
    188. 

  188.    *             specified object's location file must start with this
    189. 

  189.    *             object's location file. Otherwise, the specified object's
    190. 

  190.    *             location file must start with this object's location file
    191. 

  191.    *             with the '/' character appended to it.</li>
    192. 

  192.    *         </ul></li>
    193. 

  193.    *     </ol></li>
    194. 

  194.    * </ol>
    195. 

  195.    *
    196. 

  196.    * <p>For example, each of these locations imply the location
    197. 

  197.    * "http://java.sun.com/classes/foo.jar":</p>
    198. 

  198.    *
    199. 

  199.    * <pre>
    200. 

  200.    * http:
    201. 

  201.    * http://*.sun.com/classes/*
    202. 

  202.    * http://java.sun.com/classes/-
    203. 

  203.    * http://java.sun.com/classes/foo.jar
    204. 

  204.    * </pre>
    205. 

  205.    *
    206. 

  206.    * <p>Note that the code source with null location and null certificates implies
    207. 

  207.    * all other code sources.</p>
    208. 

  208.    *
    209. 

  209.    * @param cs the <code>CodeSource</code> to test against this object
    210. 

  210.    * @return true if this specified <code>CodeSource</code> is implied
    211. 

  211.    */
    212. 

  212.   public boolean implies(CodeSource cs)
    213. 

  213.   {
    214. 

  214.     if (cs == null)
    215. 

  215.       return false;
    216. 

  216.     // First check the certificate list.
    217. 

  217.     if (certs != null && (cs.certs == null || ! certs.containsAll(cs.certs)))
    218. 

  218.       return false;
    219. 

  219.     // Next check the location.
    220. 

  220.     if (location == null)
    221. 

  221.       return true;
    222. 

  222.     if (cs.location == null
    223. 

  223.         || ! location.getProtocol().equals(cs.location.getProtocol())
    224. 

  224.         || (location.getPort() != -1
    225. 

  225.             && location.getPort() != cs.location.getPort())
    226. 

  226.         || (location.getRef() != null
    227. 

  227.             && ! location.getRef().equals(cs.location.getRef())))
    228. 

  228.       return false;
    229. 

  229.     if (location.getHost() != null)
    230. 

  230.       {
    231. 

  231.         String their_host = cs.location.getHost();
    232. 

  232.         if (their_host == null)
    233. 

  233.           return false;
    234. 

  234.         SocketPermission our_sockperm =
    235. 

  235.           new SocketPermission(location.getHost(), "accept");
    236. 

  236.         SocketPermission their_sockperm =
    237. 

  237.           new SocketPermission(their_host, "accept");
    238. 

  238.         if (! our_sockperm.implies(their_sockperm))
    239. 

  239.           return false;
    240. 

  240.       }
    241. 

  241.     String our_file = location.getFile();
    242. 

  242.     if (our_file != null)
    243. 

  243.       {
    244. 

  244.         if (! our_file.endsWith("/"))
    245. 

  245.           our_file += "/";
    246. 

  246.         String their_file = cs.location.getFile();
    247. 

  247.         if (their_file == null
    248. 

  248.             || ! their_file.startsWith(our_file))
    249. 

  249.           return false;
    250. 

  250.       }
    251. 

  251.     return true;
    252. 

  252.   }
    253. 

  253. 

  254.   /**
    255. 

  255.    * This method returns a <code>String</code> that represents this object.
    256. 

  256.    * The result is in the format <code>"(" + getLocation()</code> followed
    257. 

  257.    * by a space separated list of certificates (or "&lt;no certificates&gt;"),
    258. 

  258.    * followed by <code>")"</code>.
    259. 

  259.    *
    260. 

  260.    * @return a <code>String</code> for this object
    261. 

  261.    */
    262. 

  262.   public String toString()
    263. 

  263.   {
    264. 

  264.     CPStringBuilder sb = new CPStringBuilder("(").append(location);
    265. 

  265.     if (certs == null || certs.isEmpty())
    266. 

  266.       sb.append(" <no certificates>");
    267. 

  267.     else
    268. 

  268.       {
    269. 

  269.         Iterator iter = certs.iterator();
    270. 

  270.         for (int i = certs.size(); --i >= 0; )
    271. 

  271.           sb.append(' ').append(iter.next());
    272. 

  272.       }
    273. 

  273.     return sb.append(")").toString();
    274. 

  274.   }
    275. 

  275. 

  276.   /**
    277. 

  277.    * Reads this object from a serialization stream.
    278. 

  278.    *
    279. 

  279.    * @param s the input stream
    280. 

  280.    * @throws IOException if reading fails
    281. 

  281.    * @throws ClassNotFoundException if deserialization fails
    282. 

  282.    * @serialData this reads the location, then expects an int indicating the
    283. 

  283.    *             number of certificates. Each certificate is a String type
    284. 

  284.    *             followed by an int encoding length, then a byte[] encoding
    285. 

  285.    */
    286. 

  286.   private void readObject(ObjectInputStream s)
    287. 

  287.     throws IOException, ClassNotFoundException
    288. 

  288.   {
    289. 

  289.     s.defaultReadObject();
    290. 

  290.     int count = s.readInt();
    291. 

  291.     certs = new HashSet();
    292. 

  292.     while (--count >= 0)
    293. 

  293.       {
    294. 

  294.         String type = (String) s.readObject();
    295. 

  295.         int bytes = s.readInt();
    296. 

  296.         byte[] encoded = new byte[bytes];
    297. 

  297.         for (int i = 0; i < bytes; i++)
    298. 

  298.           encoded[i] = s.readByte();
    299. 

  299.         ByteArrayInputStream stream = new ByteArrayInputStream(encoded);
    300. 

  300.         try
    301. 

  301.           {
    302. 

  302.             CertificateFactory factory = CertificateFactory.getInstance(type);
    303. 

  303.             certs.add(factory.generateCertificate(stream));
    304. 

  304.           }
    305. 

  305.         catch (CertificateException e)
    306. 

  306.           {
    307. 

  307.             // XXX Should we ignore this certificate?
    308. 

  308.           }
    309. 

  309.       }
    310. 

  310.   }
    311. 

  311. 

  312.   /**
    313. 

  313.    * Writes this object to a serialization stream.
    314. 

  314.    *
    315. 

  315.    * @param s the output stream
    316. 

  316.    * @throws IOException if writing fails
    317. 

  317.    * @serialData this writes the location, then writes an int indicating the
    318. 

  318.    *             number of certificates. Each certificate is a String type
    319. 

  319.    *             followed by an int encoding length, then a byte[] encoding
    320. 

  320.    */
    321. 

  321.   private void writeObject(ObjectOutputStream s) throws IOException
    322. 

  322.   {
    323. 

  323.     s.defaultWriteObject();
    324. 

  324.     if (certs == null)
    325. 

  325.       s.writeInt(0);
    326. 

  326.     else
    327. 

  327.       {
    328. 

  328.         int count = certs.size();
    329. 

  329.         s.writeInt(count);
    330. 

  330.         Iterator iter = certs.iterator();
    331. 

  331.         while (--count >= 0)
    332. 

  332.           {
    333. 

  333.             Certificate c = (Certificate) iter.next();
    334. 

  334.             s.writeObject(c.getType());
    335. 

  335.             byte[] encoded;
    336. 

  336.             try
    337. 

  337.               {
    338. 

  338.                 encoded = c.getEncoded();
    339. 

  339.               }
    340. 

  340.             catch (CertificateEncodingException e)
    341. 

  341.               {
    342. 

  342.                 // XXX Should we ignore this certificate?
    343. 

  343.                 encoded = null;
    344. 

  344.               }
    345. 

  345.             if (encoded == null)
    346. 

  346.               s.writeInt(0);
    347. 

  347.             else
    348. 

  348.               {
    349. 

  349.                 s.writeInt(encoded.length);
    350. 

  350.                 for (int i = 0; i < encoded.length; i++)
    351. 

  351.                   s.writeByte(encoded[i]);
    352. 

  352.               }
    353. 

  353.           }
    354. 

  354.       }
    355. 

  355.   }
    356. 

  356. } // class CodeSource
    357. 

  357.