The policy for a Java runtime (specifying * which permissions are available for code from various principals) * is represented by a Policy object. * Whenever a Policy is initialized or refreshed, Permission objects of * appropriate classes are created for all permissions * allowed by the Policy. * *
Many permission class types * referenced by the policy configuration are ones that exist * locally (i.e., ones that can be found on CLASSPATH). * Objects for such permissions can be instantiated during * Policy initialization. For example, it is always possible * to instantiate a java.io.FilePermission, since the * FilePermission class is found on the CLASSPATH. * *
Other permission classes may not yet exist during Policy * initialization. For example, a referenced permission class may * be in a JAR file that will later be loaded. * For each such class, an UnresolvedPermission is instantiated. * Thus, an UnresolvedPermission is essentially a "placeholder" * containing information about the permission. * *
Later, when code calls AccessController.checkPermission * on a permission of a type that was previously unresolved, * but whose class has since been loaded, previously-unresolved * permissions of that type are "resolved". That is, * for each such UnresolvedPermission, a new object of * the appropriate class type is instantiated, based on the * information in the UnresolvedPermission. * *
To instantiate the new class, UnresolvedPermission assumes
* the class provides a zero, one, and/or two-argument constructor.
* The zero-argument constructor would be used to instantiate
* a permission without a name and without actions.
* A one-arg constructor is assumed to take a String
* name as input, and a two-arg constructor is assumed to take a
* String name and String actions
* as input. UnresolvedPermission may invoke a
* constructor with a null name and/or actions.
* If an appropriate permission constructor is not available,
* the UnresolvedPermission is ignored and the relevant permission
* will not be granted to executing code.
*
*
The newly created permission object replaces the * UnresolvedPermission, which is removed. * *
Note that the To determine certificate equality, this method only compares
* actual signer certificates. Supporting certificate chains
* are not taken into consideration by this method.
*
* @param obj the object we are testing for equality with this object.
*
* @return true if obj is an UnresolvedPermission, and has the same
* type (class) name, permission name, actions, and
* certificates as this object.
*/
public boolean equals(Object obj) {
if (obj == this)
return true;
if (! (obj instanceof UnresolvedPermission))
return false;
UnresolvedPermission that = (UnresolvedPermission) obj;
// check type
if (!this.type.equals(that.type)) {
return false;
}
// check name
if (this.name == null) {
if (that.name != null) {
return false;
}
} else if (!this.name.equals(that.name)) {
return false;
}
// check actions
if (this.actions == null) {
if (that.actions != null) {
return false;
}
} else {
if (!this.actions.equals(that.actions)) {
return false;
}
}
// check certs
if ((this.certs == null && that.certs != null) ||
(this.certs != null && that.certs == null) ||
(this.certs != null && that.certs != null &&
this.certs.length != that.certs.length)) {
return false;
}
int i,j;
boolean match;
for (i = 0; this.certs != null && i < this.certs.length; i++) {
match = false;
for (j = 0; j < that.certs.length; j++) {
if (this.certs[i].equals(that.certs[j])) {
match = true;
break;
}
}
if (!match) return false;
}
for (i = 0; that.certs != null && i < that.certs.length; i++) {
match = false;
for (j = 0; j < this.certs.length; j++) {
if (that.certs[i].equals(this.certs[j])) {
match = true;
break;
}
}
if (!match) return false;
}
return true;
}
/**
* Returns the hash code value for this object.
*
* @return a hash code value for this object.
*/
public int hashCode() {
int hash = type.hashCode();
if (name != null)
hash ^= name.hashCode();
if (actions != null)
hash ^= actions.hashCode();
return hash;
}
/**
* Returns the canonical string representation of the actions,
* which currently is the empty string "", since there are no actions for
* an UnresolvedPermission. That is, the actions for the
* permission that will be created when this UnresolvedPermission
* is resolved may be non-null, but an UnresolvedPermission
* itself is never considered to have any actions.
*
* @return the empty string "".
*/
public String getActions()
{
return "";
}
/**
* Get the type (class name) of the underlying permission that
* has not been resolved.
*
* @return the type (class name) of the underlying permission that
* has not been resolved
*
* @since 1.5
*/
public String getUnresolvedType() {
return type;
}
/**
* Get the target name of the underlying permission that
* has not been resolved.
*
* @return the target name of the underlying permission that
* has not been resolved, or
* @return a new PermissionCollection object suitable for
* storing UnresolvedPermissions.
*/
public PermissionCollection newPermissionCollection() {
return new UnresolvedPermissionCollection();
}
/**
* Writes this object out to a stream (i.e., serializes it).
*
* @serialData An initial getName method for an
* UnresolvedPermission returns the
* type (class name) for the underlying permission
* that has not been resolved.
*
* @see java.security.Permission
* @see java.security.Permissions
* @see java.security.PermissionCollection
* @see java.security.Policy
*
*
* @author Roland Schemers
*/
public final class UnresolvedPermission extends Permission
implements java.io.Serializable
{
private static final long serialVersionUID = -4821973115467008846L;
private static final sun.security.util.Debug debug =
sun.security.util.Debug.getInstance
("policy,access", "UnresolvedPermission");
/**
* The class name of the Permission class that will be
* created when this unresolved permission is resolved.
*
* @serial
*/
private String type;
/**
* The permission name.
*
* @serial
*/
private String name;
/**
* The actions of the permission.
*
* @serial
*/
private String actions;
private transient java.security.cert.Certificate certs[];
/**
* Creates a new UnresolvedPermission containing the permission
* information needed later to actually create a Permission of the
* specified class, when the permission is resolved.
*
* @param type the class name of the Permission class that will be
* created when this unresolved permission is resolved.
* @param name the name of the permission.
* @param actions the actions of the permission.
* @param certs the certificates the permission's class was signed with.
* This is a list of certificate chains, where each chain is composed of a
* signer certificate and optionally its supporting certificate chain.
* Each chain is ordered bottom-to-top (i.e., with the signer certificate
* first and the (root) certificate authority last). The signer
* certificates are copied from the array. Subsequent changes to
* the array will not affect this UnsolvedPermission.
*/
public UnresolvedPermission(String type,
String name,
String actions,
java.security.cert.Certificate certs[])
{
super(type);
if (type == null)
throw new NullPointerException("type can't be null");
this.type = type;
this.name = name;
this.actions = actions;
if (certs != null) {
// Extract the signer certs from the list of certificates.
for (int i=0; inull,
* if there is no targe name
*
* @since 1.5
*/
public String getUnresolvedName() {
return name;
}
/**
* Get the actions for the underlying permission that
* has not been resolved.
*
* @return the actions for the underlying permission that
* has not been resolved, or null
* if there are no actions
*
* @since 1.5
*/
public String getUnresolvedActions() {
return actions;
}
/**
* Get the signer certificates (without any supporting chain)
* for the underlying permission that has not been resolved.
*
* @return the signer certificates for the underlying permission that
* has not been resolved, or null, if there are no signer certificates.
* Returns a new array each time this method is called.
*
* @since 1.5
*/
public java.security.cert.Certificate[] getUnresolvedCerts() {
return (certs == null) ? null : certs.clone();
}
/**
* Returns a string describing this UnresolvedPermission. The convention
* is to specify the class name, the permission name, and the actions, in
* the following format: '(unresolved "ClassName" "name" "actions")'.
*
* @return information about this UnresolvedPermission.
*/
public String toString() {
return "(unresolved " + type + " " + name + " " + actions + ")";
}
/**
* Returns a new PermissionCollection object for storing
* UnresolvedPermission objects.
* String denoting the
* type is followed by a String denoting the
* name is followed by a String denoting the
* actions is followed by an int indicating the
* number of certificates to follow
* (a value of "zero" denotes that there are no certificates associated
* with this object).
* Each certificate is written out starting with a String
* denoting the certificate type, followed by an
* int specifying the length of the certificate encoding,
* followed by the certificate encoding itself which is written out as an
* array of bytes.
*/
private void writeObject(java.io.ObjectOutputStream oos)
throws IOException
{
oos.defaultWriteObject();
if (certs==null || certs.length==0) {
oos.writeInt(0);
} else {
// write out the total number of certs
oos.writeInt(certs.length);
// write out each cert, including its type
for (int i=0; i < certs.length; i++) {
java.security.cert.Certificate cert = certs[i];
try {
oos.writeUTF(cert.getType());
byte[] encoded = cert.getEncoded();
oos.writeInt(encoded.length);
oos.write(encoded);
} catch (CertificateEncodingException cee) {
throw new IOException(cee.getMessage());
}
}
}
}
/**
* Restores this object from a stream (i.e., deserializes it).
*/
private void readObject(java.io.ObjectInputStream ois)
throws IOException, ClassNotFoundException
{
CertificateFactory cf;
Hashtable