Menu
▾
▴
[Jnode-svn-commits] SF.net SVN: jnode:[5177] trunk
|
From: <ls...@us...> - 2009-03-29 07:55:30
|
Revision: 5177
http://jnode.svn.sourceforge.net/jnode/?rev=5177&view=rev
Author: lsantha
Date: 2009-03-29 07:55:25 +0000 (Sun, 29 Mar 2009)
Log Message:
-----------
OpenJDK integration.
Modified Paths:
--------------
trunk/all/conf/openjdk-annotations.properties
trunk/core/descriptors/org.classpath.core.xml
trunk/core/src/core/org/jnode/security/JNodePolicy.java
trunk/fs/descriptors/org.jnode.fs.ftpfs.xml
Added Paths:
-----------
trunk/core/src/openjdk/java/java/security/CodeSource.java
trunk/core/src/openjdk/java/java/security/Policy.java
trunk/core/src/openjdk/java/java/security/ProtectionDomain.java
trunk/core/src/openjdk/java/java/security/SecureClassLoader.java
Removed Paths:
-------------
trunk/core/src/classpath/java/java/security/CodeSource.java
trunk/core/src/classpath/java/java/security/Policy.java
trunk/core/src/classpath/java/java/security/ProtectionDomain.java
trunk/core/src/classpath/java/java/security/SecureClassLoader.java
Modified: trunk/all/conf/openjdk-annotations.properties
===================================================================
--- trunk/all/conf/openjdk-annotations.properties 2009-03-29 07:49:07 UTC (rev 5176)
+++ trunk/all/conf/openjdk-annotations.properties 2009-03-29 07:55:25 UTC (rev 5177)
@@ -20,6 +20,8 @@
java/net/URLConnection.class=SharedStatics
java/nio/charset/Charset.class=SharedStatics
java/nio/charset/CoderResult.class=SharedStatics
+# TODO Policy might need to be isolated
+java/security/Policy.class=SharedStatics
java/util/Currency.class=SharedStatics
java/util/concurrent/locks/LockSupport.class=SharedStatics
sun/awt/AppContext.class=SharedStatics
Modified: trunk/core/descriptors/org.classpath.core.xml
===================================================================
--- trunk/core/descriptors/org.classpath.core.xml 2009-03-29 07:49:07 UTC (rev 5176)
+++ trunk/core/descriptors/org.classpath.core.xml 2009-03-29 07:55:25 UTC (rev 5177)
@@ -45,6 +45,8 @@
<export name="sun.security.jca.*"/>
<export name="sun.security.pkcs.ParsingException"/>
<export name="sun.security.provider.SecureRandom"/>
+ <export name="sun.security.provider.PolicyFile"/>
+ <export name="sun.security.provider.PolicyParser"/>
<export name="sun.security.util.*"/>
<export name="sun.misc.Service"/>
Deleted: trunk/core/src/classpath/java/java/security/CodeSource.java
===================================================================
--- trunk/core/src/classpath/java/java/security/CodeSource.java 2009-03-29 07:49:07 UTC (rev 5176)
+++ trunk/core/src/classpath/java/java/security/CodeSource.java 2009-03-29 07:55:25 UTC (rev 5177)
@@ -1,378 +0,0 @@
-/* CodeSource.java -- Code location and certifcates
- Copyright (C) 1998, 2002, 2004 Free Software Foundation, Inc.
-
-This file is part of GNU Classpath.
-
-GNU Classpath is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2, or (at your option)
-any later version.
-
-GNU Classpath is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with GNU Classpath; see the file COPYING. If not, write to the
-Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-02110-1301 USA.
-
-Linking this library statically or dynamically with other modules is
-making a combined work based on this library. Thus, the terms and
-conditions of the GNU General Public License cover the whole
-combination.
-
-As a special exception, the copyright holders of this library give you
-permission to link this library with independent modules to produce an
-executable, regardless of the license terms of these independent
-modules, and to copy and distribute the resulting executable under
-terms of your choice, provided that you also meet, for each linked
-independent module, the terms and conditions of the license of that
-module. An independent module is a module which is not derived from
-or based on this library. If you modify this library, you may extend
-this exception to your version of the library, but you are not
-obligated to do so. If you do not wish to do so, delete this
-exception statement from your version. */
-
-
-package java.security;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.io.Serializable;
-import java.net.SocketPermission;
-import java.net.URL;
-// Note that this overrides Certificate in this package.
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Iterator;
-
-/**
- * This class represents a location from which code is loaded (as
- * represented by a URL), and the list of certificates that are used to
- * check the signatures of signed code loaded from this source.
- *
- * @author Aaron M. Renn (ar...@ur...)
- * @author Eric Blake (eb...@em...)
- * @since 1.1
- * @status updated to 1.4
- */
-public class CodeSource implements Serializable
-{
- /**
- * Compatible with JDK 1.1+.
- */
- private static final long serialVersionUID = 4977541819976013951L;
-
- /**
- * This is the URL that represents the code base from which code will
- * be loaded.
- *
- * @serial the code location
- */
- private final URL location;
-
- /** The set of certificates for this code base. */
- private transient HashSet certs;
-
- /**
- * This creates a new instance of <code>CodeSource</code> that loads code
- * from the specified URL location and which uses the specified certificates
- * for verifying signatures.
- *
- * @param location the location from which code will be loaded
- * @param certs the list of certificates
- */
- public CodeSource(URL location, Certificate[] certs)
- {
- this.location = location;
- if (certs != null)
- this.certs = new HashSet(Arrays.asList(certs));
- }
-
- /**
- * This method returns a hash value for this object.
- *
- * @return a hash value for this object
- */
- public int hashCode()
- {
- return (location == null ? 0 : location.hashCode())
- ^ (certs == null ? 0 : certs.hashCode());
- }
-
- /**
- * This method tests the specified <code>Object</code> for equality with
- * this object. This will be true if and only if the locations are equal
- * and the certificate sets are identical (ignoring order).
- *
- * @param obj the <code>Object</code> to test against
- * @return true if the specified object is equal to this one
- */
- public boolean equals(Object obj)
- {
- if (! (obj instanceof CodeSource))
- return false;
- CodeSource cs = (CodeSource) obj;
- return (certs == null ? cs.certs == null : certs.equals(cs.certs))
- && (location == null ? cs.location == null
- : location.equals(cs.location));
- }
-
- /**
- * This method returns the URL specifying the location from which code
- * will be loaded under this <code>CodeSource</code>.
- *
- * @return the code location for this <code>CodeSource</code>
- */
- public final URL getLocation()
- {
- return location;
- }
-
- /**
- * This method returns the list of digital certificates that can be used
- * to verify the signatures of code loaded under this
- * <code>CodeSource</code>.
- *
- * @return the certifcate list for this <code>CodeSource</code>
- */
- public final Certificate[] getCertificates()
- {
- if (certs == null)
- return null;
- Certificate[] c = new Certificate[certs.size()];
- certs.toArray(c);
- return c;
- }
-
- /**
- * This method tests to see if a specified <code>CodeSource</code> is
- * implied by this object. Effectively, to meet this test, the specified
- * object must have all the certifcates this object has (but may have more),
- * and must have a location that is a subset of this object's. In order
- * for this object to imply the specified object, the following must be
- * true:
- *
- * <ol>
- * <li><em>codesource</em> must not be <code>null</code>.</li>
- * <li>If <em>codesource</em> has a certificate list, all of it's
- * certificates must be present in the certificate list of this
- * code source.</li>
- * <li>If this object does not have a <code>null</code> location, then
- * the following addtional tests must be passed.
- *
- * <ol>
- * <li><em>codesource</em> must not have a <code>null</code>
- * location.</li>
- * <li><em>codesource</em>'s location must be equal to this object's
- * location, or
- * <ul>
- * <li><em>codesource</em>'s location protocol, port, and ref (aka,
- * anchor) must equal this objects</li>
- * <li><em>codesource</em>'s location host must imply this object's
- * location host, as determined by contructing
- * <code>SocketPermission</code> objects from each with no
- * action list and using that classes's <code>implies</code>
- * method</li>
- * <li>If this object's location file ends with a '/', then the
- * specified object's location file must start with this
- * object's location file. Otherwise, the specified object's
- * location file must start with this object's location file
- * with the '/' character appended to it.</li>
- * </ul></li>
- * </ol></li>
- * </ol>
- *
- * <p>For example, each of these locations imply the location
- * "http://java.sun.com/classes/foo.jar":</p>
- *
- * <pre>
- * http:
- * http://*.sun.com/classes/*
- * http://java.sun.com/classes/-
- * http://java.sun.com/classes/foo.jar
- * </pre>
- *
- * <p>Note that the code source with null location and null certificates implies
- * all other code sources.</p>
- *
- * @param cs the <code>CodeSource</code> to test against this object
- * @return true if this specified <code>CodeSource</code> is implied
- */
- public boolean implies(CodeSource cs)
- {
- if (cs == null)
- return false;
- // First check the certificate list.
- if (certs != null && (cs.certs == null || ! certs.containsAll(cs.certs)))
- return false;
- // Next check the location.
- if (location == null)
- return true;
- if (cs.location == null
- || ! location.getProtocol().equals(cs.location.getProtocol())
- || (location.getPort() != -1
- && location.getPort() != cs.location.getPort())
- || (location.getRef() != null
- && ! location.getRef().equals(cs.location.getRef())))
- return false;
- if (location.getHost() != null)
- {
- String their_host = cs.location.getHost();
- if (their_host == null)
- return false;
- SocketPermission our_sockperm =
- new SocketPermission(location.getHost(), "accept");
- SocketPermission their_sockperm =
- new SocketPermission(their_host, "accept");
- if (! our_sockperm.implies(their_sockperm))
- return false;
- }
- String our_file = location.getFile();
- if (our_file != null)
- {
- if (! our_file.endsWith("/"))
- our_file += "/";
- String their_file = cs.location.getFile();
- if (their_file == null
- || ! their_file.startsWith(our_file))
- return false;
- }
- return true;
- }
-
- /**
- * This method returns a <code>String</code> that represents this object.
- * The result is in the format <code>"(" + getLocation()</code> followed
- * by a space separated list of certificates (or "<no certificates>"),
- * followed by <code>")"</code>.
- *
- * @return a <code>String</code> for this object
- */
- public String toString()
- {
- StringBuffer sb = new StringBuffer("(").append(location);
- if (certs == null || certs.isEmpty())
- sb.append(" <no certificates>");
- else
- {
- Iterator iter = certs.iterator();
- for (int i = certs.size(); --i >= 0; )
- sb.append(' ').append(iter.next());
- }
- return sb.append(")").toString();
- }
-
- /**
- * Reads this object from a serialization stream.
- *
- * @param s the input stream
- * @throws IOException if reading fails
- * @throws ClassNotFoundException if deserialization fails
- * @serialData this reads the location, then expects an int indicating the
- * number of certificates. Each certificate is a String type
- * followed by an int encoding length, then a byte[] encoding
- */
- private void readObject(ObjectInputStream s)
- throws IOException, ClassNotFoundException
- {
- s.defaultReadObject();
- int count = s.readInt();
- certs = new HashSet();
- while (--count >= 0)
- {
- String type = (String) s.readObject();
- int bytes = s.readInt();
- byte[] encoded = new byte[bytes];
- for (int i = 0; i < bytes; i++)
- encoded[i] = s.readByte();
- ByteArrayInputStream stream = new ByteArrayInputStream(encoded);
- try
- {
- CertificateFactory factory = CertificateFactory.getInstance(type);
- certs.add(factory.generateCertificate(stream));
- }
- catch (CertificateException e)
- {
- // XXX Should we ignore this certificate?
- }
- }
- }
-
- /**
- * Writes this object to a serialization stream.
- *
- * @param s the output stream
- * @throws IOException if writing fails
- * @serialData this writes the location, then writes an int indicating the
- * number of certificates. Each certificate is a String type
- * followed by an int encoding length, then a byte[] encoding
- */
- private void writeObject(ObjectOutputStream s) throws IOException
- {
- s.defaultWriteObject();
- if (certs == null)
- s.writeInt(0);
- else
- {
- int count = certs.size();
- s.writeInt(count);
- Iterator iter = certs.iterator();
- while (--count >= 0)
- {
- Certificate c = (Certificate) iter.next();
- s.writeObject(c.getType());
- byte[] encoded;
- try
- {
- encoded = c.getEncoded();
- }
- catch (CertificateEncodingException e)
- {
- // XXX Should we ignore this certificate?
- encoded = null;
- }
- if (encoded == null)
- s.writeInt(0);
- else
- {
- s.writeInt(encoded.length);
- for (int i = 0; i < encoded.length; i++)
- s.writeByte(encoded[i]);
- }
- }
- }
- }
-
- //jnode openjdk
- /**
- * Constructs a CodeSource and associates it with the specified
- * location and set of code signers.
- *
- * @param url the location (URL).
- * @param signers the code signers. It may be null. The contents of the
- * array are copied to protect against subsequent modification.
- *
- * @since 1.5
- */
- public CodeSource(URL url, CodeSigner[] signers) {
- this.location = url;
-
- // Copy the supplied signers
- if (signers != null) {
- this.signers = signers.clone();
- }
- }
- /*
- * The code signers.
- */
- private transient CodeSigner[] signers = null;
-} // class CodeSource
Deleted: trunk/core/src/classpath/java/java/security/Policy.java
===================================================================
--- trunk/core/src/classpath/java/java/security/Policy.java 2009-03-29 07:49:07 UTC (rev 5176)
+++ trunk/core/src/classpath/java/java/security/Policy.java 2009-03-29 07:55:25 UTC (rev 5177)
@@ -1,406 +0,0 @@
-/* Policy.java --- Policy Manager Class
- Copyright (C) 1999, 2003, 2004 Free Software Foundation, Inc.
-
-This file is part of GNU Classpath.
-
-GNU Classpath is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2, or (at your option)
-any later version.
-
-GNU Classpath is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with GNU Classpath; see the file COPYING. If not, write to the
-Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-02110-1301 USA.
-
-Linking this library statically or dynamically with other modules is
-making a combined work based on this library. Thus, the terms and
-conditions of the GNU General Public License cover the whole
-combination.
-
-As a special exception, the copyright holders of this library give you
-permission to link this library with independent modules to produce an
-executable, regardless of the license terms of these independent
-modules, and to copy and distribute the resulting executable under
-terms of your choice, provided that you also meet, for each linked
-independent module, the terms and conditions of the license of that
-module. An independent module is a module which is not derived from
-or based on this library. If you modify this library, you may extend
-this exception to your version of the library, but you are not
-obligated to do so. If you do not wish to do so, delete this
-exception statement from your version. */
-
-package java.security;
-
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.LinkedHashMap;
-import java.util.Map;
-
-/**
- * <code>Policy</code> is an abstract class for managing the system security
- * policy for the Java application environment. It specifies which permissions
- * are available for code from various sources. The security policy is
- * represented through a subclass of <code>Policy</code>.
- *
- * <p>Only one <code>Policy</code> is in effect at any time. A
- * {@link ProtectionDomain} initializes itself with information from this class
- * on the set of permssions to grant.</p>
- *
- * <p>The location for the actual <code>Policy</code> could be anywhere in any
- * form because it depends on the Policy implementation. The default system is
- * in a flat ASCII file or it could be in a database.</p>
- *
- * <p>The current installed <code>Policy</code> can be accessed with
- * {@link #getPolicy()} and changed with {@link #setPolicy(Policy)} if the code
- * has the correct permissions.</p>
- *
- * <p>The {@link #refresh()} method causes the <code>Policy</code> instance to
- * refresh/reload its configuration. The method used to refresh depends on the
- * <code>Policy</code> implementation.</p>
- *
- * <p>When a protection domain initializes its permissions, it uses code like
- * the following:</p>
- *
- * <code>
- * policy = Policy.getPolicy();
- * PermissionCollection perms = policy.getPermissions(myCodeSource);
- * </code>
- *
- * <p>The protection domain passes the <code>Policy</code> handler a
- * {@link CodeSource} instance which contains the codebase URL and a public key.
- * The <code>Policy</code> implementation then returns the proper set of
- * permissions for that {@link CodeSource}.</p>
- *
- * <p>The default <code>Policy</code> implementation can be changed by setting
- * the "policy.provider" security provider in the "java.security" file to the
- * correct <code>Policy</code> implementation class.</p>
- *
- * @author Mark Benvenuto
- * @see CodeSource
- * @see PermissionCollection
- * @see SecureClassLoader
- * @since 1.2
- */
-public abstract class Policy
-{
- private static Policy currentPolicy;
-
- /** Map of ProtectionDomains to PermissionCollections for this instance. */
- private Map pd2pc = null;
-
- /**
- * A read-only empty PermissionCollection instance.
- * @since 1.6
- */
- public static final PermissionCollection UNSUPPORTED_EMPTY_COLLECTION =
- new UnsupportedEmptyCollection();
-
- public Policy()
- {
- }
-
- /**
- * Returns the currently installed <code>Policy</code> handler. The value
- * should not be cached as it can be changed any time by
- * {@link #setPolicy(Policy)}.
- *
- * @return the current <code>Policy</code>.
- * @throws SecurityException
- * if a {@link SecurityManager} is installed which disallows this
- * operation.
- */
- public static Policy getPolicy()
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(new SecurityPermission("getPolicy"));
-
- return getCurrentPolicy();
- }
-
- /**
- * Sets the <code>Policy</code> handler to a new value.
- *
- * @param policy
- * the new <code>Policy</code> to use.
- * @throws SecurityException
- * if a {@link SecurityManager} is installed which disallows this
- * operation.
- */
- public static void setPolicy(Policy policy)
- {
- SecurityManager sm = System.getSecurityManager();
- if (sm != null)
- sm.checkPermission(new SecurityPermission("setPolicy"));
-
- setup(policy);
- currentPolicy = policy;
- }
-
- private static void setup(final Policy policy)
- {
- if (policy.pd2pc == null)
- policy.pd2pc = Collections.synchronizedMap(new LinkedHashMap());
-
- ProtectionDomain pd = policy.getClass().getProtectionDomain();
- if (pd.getCodeSource() != null)
- {
- PermissionCollection pc = null;
- if (currentPolicy != null)
- pc = currentPolicy.getPermissions(pd);
-
- if (pc == null) // assume it has all
- {
- pc = new Permissions();
- pc.add(new AllPermission());
- }
-
- policy.pd2pc.put(pd, pc); // add the mapping pd -> pc
- }
- }
-
- /**
- * Ensures/forces loading of the configured policy provider, while bypassing
- * the {@link SecurityManager} checks for <code>"getPolicy"</code> security
- * permission. Needed by {@link ProtectionDomain}.
- */
- static Policy getCurrentPolicy()
- {
- // FIXME: The class name of the Policy provider should really be sourced
- // from the "java.security" configuration file. For now, just hard-code
- // a stub implementation.
- if (currentPolicy == null)
- {
- String pp = System.getProperty ("policy.provider");
- if (pp != null)
- try
- {
- currentPolicy = (Policy) Class.forName(pp).newInstance();
- }
- catch (Exception e)
- {
- // Ignored.
- }
-
- if (currentPolicy == null)
- currentPolicy = new gnu.java.security.provider.DefaultPolicy();
- }
- return currentPolicy;
- }
-
- /**
- * Tests if <code>currentPolicy</code> is not <code>null</code>,
- * thus allowing clients to not force loading of any policy
- * provider; needed by {@link ProtectionDomain}.
- */
- static boolean isSet()
- {
- return currentPolicy != null;
- }
-
- /**
- * Returns the set of Permissions allowed for a given {@link CodeSource}.
- *
- * @param codesource
- * the {@link CodeSource} for which, the caller needs to find the
- * set of granted permissions.
- * @return a set of permissions for {@link CodeSource} specified by the
- * current <code>Policy</code>.
- * @throws SecurityException
- * if a {@link SecurityManager} is installed which disallows this
- * operation.
- */
- public abstract PermissionCollection getPermissions(CodeSource codesource);
-
- /**
- * Returns the set of Permissions allowed for a given {@link ProtectionDomain}.
- *
- * @param domain
- * the {@link ProtectionDomain} for which, the caller needs to find
- * the set of granted permissions.
- * @return a set of permissions for {@link ProtectionDomain} specified by the
- * current <code>Policy.</code>.
- * @since 1.4
- * @see ProtectionDomain
- * @see SecureClassLoader
- */
- public PermissionCollection getPermissions(ProtectionDomain domain)
- {
- if (domain == null)
- return new Permissions();
-
- if (pd2pc == null)
- setup(this);
-
- PermissionCollection result = (PermissionCollection) pd2pc.get(domain);
- if (result != null)
- {
- Permissions realResult = new Permissions();
- for (Enumeration e = result.elements(); e.hasMoreElements(); )
- realResult.add((Permission) e.nextElement());
-
- return realResult;
- }
-
- result = getPermissions(domain.getCodeSource());
- if (result == null)
- result = new Permissions();
-
- PermissionCollection pc = domain.getPermissions();
- if (pc != null)
- for (Enumeration e = pc.elements(); e.hasMoreElements(); )
- result.add((Permission) e.nextElement());
-
- return result;
- }
-
- /**
- * Checks if the designated {@link Permission} is granted to a designated
- * {@link ProtectionDomain}.
- *
- * @param domain
- * the {@link ProtectionDomain} to test.
- * @param permission
- * the {@link Permission} to check.
- * @return <code>true</code> if <code>permission</code> is implied by a
- * permission granted to this {@link ProtectionDomain}. Returns
- * <code>false</code> otherwise.
- * @since 1.4
- * @see ProtectionDomain
- */
- public boolean implies(ProtectionDomain domain, Permission permission)
- {
- if (pd2pc == null)
- setup(this);
-
- PermissionCollection pc = (PermissionCollection) pd2pc.get(domain);
- if (pc != null)
- return pc.implies(permission);
-
- boolean result = false;
- pc = getPermissions(domain);
- if (pc != null)
- {
- result = pc.implies(permission);
- pd2pc.put(domain, pc);
- }
-
- return result;
- }
-
- /**
- * Causes this <code>Policy</code> instance to refresh / reload its
- * configuration. The method used to refresh depends on the concrete
- * implementation.
- */
- public abstract void refresh();
-
- /**
- * This subclass is returned by the getInstance calls. All Policy calls
- * are delegated to the underlying PolicySpi.
- */
- private static class PolicyDelegate extends Policy {
-
- private PolicySpi spi;
- private Provider p;
- private String type;
- private Policy.Parameters params;
-
- private PolicyDelegate(PolicySpi spi, Provider p,
- String type, Policy.Parameters params) {
- this.spi = spi;
- this.p = p;
- this.type = type;
- this.params = params;
-}
-
- public String getType() { return type; }
-
- public Policy.Parameters getParameters() { return params; }
-
- public Provider getProvider() { return p; }
-
- public PermissionCollection getPermissions(CodeSource codesource) {
- return spi.engineGetPermissions(codesource);
- }
- public PermissionCollection getPermissions(ProtectionDomain domain) {
- return spi.engineGetPermissions(domain);
- }
- public boolean implies(ProtectionDomain domain, Permission perm) {
- return spi.engineImplies(domain, perm);
- }
- public void refresh() {
- spi.engineRefresh();
- }
- }
-
- /**
- * This represents a marker interface for Policy parameters.
- *
- * @since 1.6
- */
- public static interface Parameters { }
-
- /**
- * This class represents a read-only empty PermissionCollection object that
- * is returned from the <code>getPermissions(CodeSource)</code> and
- * <code>getPermissions(ProtectionDomain)</code>
- * methods in the Policy class when those operations are not
- * supported by the Policy implementation.
- */
- private static class UnsupportedEmptyCollection
- extends PermissionCollection {
-
- private Permissions perms;
-
- /**
- * Create a read-only empty PermissionCollection object.
- */
- public UnsupportedEmptyCollection() {
- this.perms = new Permissions();
- perms.setReadOnly();
- }
-
- /**
- * Adds a permission object to the current collection of permission
- * objects.
- *
- * @param permission the Permission object to add.
- *
- * @exception SecurityException - if this PermissionCollection object
- * has been marked readonly
- */
- public void add(Permission permission) {
- perms.add(permission);
- }
-
- /**
- * Checks to see if the specified permission is implied by the
- * collection of Permission objects held in this PermissionCollection.
- *
- * @param permission the Permission object to compare.
- *
- * @return true if "permission" is implied by the permissions in
- * the collection, false if not.
- */
- public boolean implies(Permission permission) {
- return perms.implies(permission);
- }
-
- /**
- * Returns an enumeration of all the Permission objects in the
- * collection.
- *
- * @return an enumeration of all the Permissions.
- */
- public Enumeration<Permission> elements() {
- return perms.elements();
- }
- }
-}
Deleted: trunk/core/src/classpath/java/java/security/ProtectionDomain.java
===================================================================
--- trunk/core/src/classpath/java/java/security/ProtectionDomain.java 2009-03-29 07:49:07 UTC (rev 5176)
+++ trunk/core/src/classpath/java/java/security/ProtectionDomain.java 2009-03-29 07:55:25 UTC (rev 5177)
@@ -1,250 +0,0 @@
-/* ProtectionDomain.java -- A security domain
- Copyright (C) 1998, 2003, 2004 Free Software Foundation, Inc.
-
-This file is part of GNU Classpath.
-
-GNU Classpath is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2, or (at your option)
-any later version.
-
-GNU Classpath is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with GNU Classpath; see the file COPYING. If not, write to the
-Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-02110-1301 USA.
-
-Linking this library statically or dynamically with other modules is
-making a combined work based on this library. Thus, the terms and
-conditions of the GNU General Public License cover the whole
-combination.
-
-As a special exception, the copyright holders of this library give you
-permission to link this library with independent modules to produce an
-executable, regardless of the license terms of these independent
-modules, and to copy and distribute the resulting executable under
-terms of your choice, provided that you also meet, for each linked
-independent module, the terms and conditions of the license of that
-module. An independent module is a module which is not derived from
-or based on this library. If you modify this library, you may extend
-this exception to your version of the library, but you are not
-obligated to do so. If you do not wish to do so, delete this
-exception statement from your version. */
-
-package java.security;
-
-import gnu.classpath.SystemProperties;
-
-/**
- * This class represents a group of classes, along with their granted
- * permissions. The classes are identified by a {@link CodeSource}. Thus, any
- * class loaded from the specified {@link CodeSource} is treated as part of
- * this domain. The set of permissions is represented by an instance of
- * {@link PermissionCollection}.
- *
- * <p>Every class in the system will belong to one and only one
- * <code>ProtectionDomain</code>.</p>
- *
- * @author Aaron M. Renn (ar...@ur...)
- * @version 0.0
- */
-public class ProtectionDomain
-{
- /** This is the <code>CodeSource</code> for this protection domain. */
- private CodeSource code_source;
-
- /** This is the set of permissions granted to this domain. */
- private PermissionCollection perms;
-
- /** The {@link ClassLoader} associated with this domain. */
- private ClassLoader classloader;
-
- /** The array of Principals associated with this domain.. */
- private Principal[] principals;
-
- /** Post 1.4 the policy may be refreshed! use false for pre 1.4. */
- private boolean staticBinding;
-
- /**
- * Initializes a new instance of <code>ProtectionDomain</code> representing
- * the specified {@link CodeSource} and set of permissions. No permissions
- * can be added later to the {@link PermissionCollection} and this contructor
- * will call the <code>setReadOnly</code> method on the specified set of
- * permissions.
- *
- * @param codesource
- * The {@link CodeSource} for this domain.
- * @param permissions
- * The set of permissions for this domain.
- * @see PermissionCollection#setReadOnly()
- */
- public ProtectionDomain(CodeSource codesource, PermissionCollection permissions)
- {
- this(codesource, permissions, null, null, true);
- }
-
- /**
- * This method initializes a new instance of <code>ProtectionDomain</code>
- * given its {@link CodeSource}, granted permissions, associated
- * {@link ClassLoader} and {@link Principal}s.
- *
- * <p>Similar to the previous constructor, if the designated set of
- * permissions is not <code>null</code>, the <code>setReadOnly</code> method
- * is called on that set.</p>
- *
- * @param codesource
- * The {@link CodeSource} for this domain.
- * @param permissions
- * The permission set for this domain.
- * @param classloader
- * the ClassLoader associated with this domain.
- * @param principals
- * the array of {@link Principal}s associated with this domain.
- * @since 1.4
- * @see PermissionCollection#setReadOnly()
- */
- public ProtectionDomain(CodeSource codesource,
- PermissionCollection permissions,
- ClassLoader classloader, Principal[] principals)
- {
- this(codesource, permissions, classloader, principals, false);
- }
-
- private ProtectionDomain(CodeSource codesource,
- PermissionCollection permissions,
- ClassLoader classloader, Principal[] principals,
- boolean staticBinding)
- {
- super();
-
- code_source = codesource;
- if (permissions != null)
- {
- perms = permissions;
- perms.setReadOnly();
- }
-
- this.classloader = classloader;
- this.principals =
- (principals != null ? (Principal[]) principals.clone() : new Principal[0]);
- this.staticBinding = staticBinding;
- }
-
- /**
- * Returns the {@link CodeSource} of this domain.
- *
- * @return the {@link CodeSource} of this domain.
- * @since 1.2
- */
- public final CodeSource getCodeSource()
- {
- return code_source;
- }
-
- /**
- * Returns the {@link ClassLoader} of this domain.
- *
- * @return the {@link ClassLoader} of this domain.
- * @since 1.4
- */
- public final ClassLoader getClassLoader()
- {
- return this.classloader;
- }
-
- /**
- * Returns a clone of the {@link Principal}s of this domain.
- *
- * @return a clone of the {@link Principal}s of this domain.
- * @since 1.4
- */
- public final Principal[] getPrincipals()
- {
- return (Principal[]) principals.clone();
- }
-
- /**
- * Returns the {@link PermissionCollection} of this domain.
- *
- * @return The {@link PermissionCollection} of this domain.
- */
- public final PermissionCollection getPermissions()
- {
- return perms;
- }
-
- /**
- * Tests whether or not the specified {@link Permission} is implied by the
- * set of permissions granted to this domain.
- *
- * @param permission
- * the {@link Permission} to test.
- * @return <code>true</code> if the specified {@link Permission} is implied
- * for this domain, <code>false</code> otherwise.
- */
- public boolean implies(Permission permission)
- {
- if (staticBinding)
- return (perms == null ? false : perms.implies(permission));
- // Else dynamically bound. Do we have it?
- // NOTE: this will force loading of Policy.currentPolicy
- return Policy.getCurrentPolicy().implies(this, permission);
- }
-
- /**
- * Returns a string representation of this object. It will include the
- * {@link CodeSource} and set of permissions associated with this domain.
- *
- * @return A string representation of this object.
- */
- public String toString()
- {
- String linesep = SystemProperties.getProperty("line.separator");
- StringBuffer sb = new StringBuffer("ProtectionDomain (").append(linesep);
-
- if (code_source == null)
- sb.append("CodeSource:null");
- else
- sb.append(code_source);
-
- sb.append(linesep);
- if (classloader == null)
- sb.append("ClassLoader:null");
- else
- sb.append(classloader);
-
- sb.append(linesep);
- sb.append("Principals:");
- if (principals != null && principals.length > 0)
- {
- sb.append("[");
- Principal pal;
- for (int i = 0; i < principals.length; i++)
- {
- pal = principals[i];
- sb.append("'").append(pal.getName())
- .append("' of type ").append(pal.getClass().getName());
- if (i < principals.length-1)
- sb.append(", ");
- }
- sb.append("]");
- }
- else
- sb.append("none");
-
- sb.append(linesep);
- if (!staticBinding) // include all but dont force loading Policy.currentPolicy
- if (Policy.isSet())
- sb.append(Policy.getCurrentPolicy().getPermissions(this));
- else // fallback on this one's permissions
- sb.append(perms);
- else
- sb.append(perms);
-
- return sb.append(linesep).append(")").append(linesep).toString();
- }
-}
Deleted: trunk/core/src/classpath/java/java/security/SecureClassLoader.java
===================================================================
--- trunk/core/src/classpath/java/java/security/SecureClassLoader.java 2009-03-29 07:49:07 UTC (rev 5176)
+++ trunk/core/src/classpath/java/java/security/SecureClassLoader.java 2009-03-29 07:55:25 UTC (rev 5177)
@@ -1,200 +0,0 @@
-/* SecureClassLoader.java --- A Secure Class Loader
- Copyright (C) 1999, 2004 Free Software Foundation, Inc.
-
-This file is part of GNU Classpath.
-
-GNU Classpath is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2, or (at your option)
-any later version.
-
-GNU Classpath is distributed in the hope that it will be useful, but
-WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with GNU Classpath; see the file COPYING. If not, write to the
-Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-02110-1301 USA.
-
-Linking this library statically or dynamically with other modules is
-making a combined work based on this library. Thus, the terms and
-conditions of the GNU General Public License cover the whole
-combination.
-
-As a special exception, the copyright holders of this library give you
-permission to link this library with independent modules to produce an
-executable, regardless of the license terms of these independent
-modules, and to copy and distribute the resulting executable under
-terms of your choice, provided that you also meet, for each linked
-independent module, the terms and conditions of the license of that
-module. An independent module is a module which is not derived from
-or based on this library. If you modify this library, you may extend
-this exception to your version of the library, but you are not
-obligated to do so. If you do not wish to do so, delete this
-exception statement from your version. */
-
-package java.security;
-
-import java.util.HashMap;
-import sun.security.util.Debug;
-
-/**
- * A Secure Class Loader for loading classes with additional
- * support for specifying code source and permissions when
- * they are retrieved by the system policy handler.
- *
- * @since 1.2
- *
- * @author Mark Benvenuto
- */
-public class SecureClassLoader extends ClassLoader
-{
- java.util.WeakHashMap protectionDomainCache = new java.util.WeakHashMap();
-
- protected SecureClassLoader(ClassLoader parent)
- {
- super(parent);
- SecurityManager sm = System.getSecurityManager();
- if(sm != null)
- sm.checkCreateClassLoader();
- }
-
- protected SecureClassLoader()
- {
- SecurityManager sm = System.getSecurityManager();
- if(sm != null)
- sm.checkCreateClassLoader();
- }
-
- /**
- * Creates a class using an array of bytes and a
- * CodeSource.
- *
- * @param name the name to give the class. null if unknown.
- * @param b the data representing the classfile, in classfile format.
- * @param off the offset into the data where the classfile starts.
- * @param len the length of the classfile data in the array.
- * @param cs the CodeSource for the class or null when unknown.
- *
- * @return the class that was defined and optional CodeSource.
- *
- * @exception ClassFormatError if the byte array is not in proper classfile format.
- */
- protected final Class defineClass(String name, byte[] b, int off, int len,
- CodeSource cs)
- {
- if (cs != null)
- {
- ProtectionDomain protectionDomain;
-
- synchronized (protectionDomainCache)
- {
- protectionDomain = (ProtectionDomain)protectionDomainCache.get(cs);
- }
-
- if (protectionDomain == null)
- {
- protectionDomain
- = new ProtectionDomain(cs, getPermissions(cs), this, null);
- synchronized (protectionDomainCache)
- {
- ProtectionDomain domain
- = (ProtectionDomain)protectionDomainCache.get(cs);
- if (domain == null)
- protectionDomainCache.put(cs, protectionDomain);
- else
- protectionDomain = domain;
- }
- }
- return super.defineClass(name, b, off, len, protectionDomain);
- }
- else
- return super.defineClass(name, b, off, len);
- }
-
- /**
- * Returns a PermissionCollection for the specified CodeSource.
- * The default implementation invokes
- * java.security.Policy.getPermissions.
- *
- * This method is called by defineClass that takes a CodeSource
- * arguement to build a proper ProtectionDomain for the class
- * being defined.
- */
- protected PermissionCollection getPermissions(CodeSource cs)
- {
- Policy policy = Policy.getCurrentPolicy();
- return policy.getPermissions(cs);
- }
-
- //jnode + openjdk
-/**
- * Converts a {@link java.nio.ByteBuffer <tt>ByteBuffer</tt>}
- * into an instance of class <tt>Class</tt>, with an optional CodeSource.
- * Before the class can be used it must be resolved.
- * <p>
- * If a non-null CodeSource is supplied a ProtectionDomain is
- * constructed and associated with the class being defined.
- * <p>
- * @param name the expected name of the class, or <code>null</code>
- * if not known, using '.' and not '/' as the separator
- * and without a trailing ".class" suffix.
- * @param b the bytes that make up the class data. The bytes from positions
- * <tt>b.position()</tt> through <tt>b.position() + b.limit() -1</tt>
- * should have the format of a valid class file as defined by the
- * <a href="http://java.sun.com/docs/books/vmspec/">Java Virtual
- * Machine Specification</a>.
- * @param cs the associated CodeSource, or <code>null</code> if none
- * @return the <code>Class</code> object created from the data,
- * and optional CodeSource.
- * @exception ClassFormatError if the data did not contain a valid class
- * @exception SecurityException if an attempt is made to add this class
- * to a package that contains classes that were signed by
- * a different set of certificates than this class, or if
- * the class name begins with "java.".
- *
- * @since 1.5
- */
- protected final Class<?> defineClass(String name, java.nio.ByteBuffer b,
- CodeSource cs)
- {
- if (cs == null)
- return defineClass(name, b, (ProtectionDomain)null);
- else
- return defineClass(name, b, getProtectionDomain(cs));
- }
-
-
- // HashMap that maps CodeSource to ProtectionDomain
- private HashMap<CodeSource, ProtectionDomain> pdcache =
- new HashMap<CodeSource, ProtectionDomain>(11);
-
- private static final Debug debug = Debug.getInstance("scl");
- /*
- * Returned cached ProtectionDomain for the specified CodeSource.
- */
- private ProtectionDomain getProtectionDomain(CodeSource cs) {
- if (cs == null)
- return null;
-
-
- ProtectionDomain pd = null;
- synchronized (pdcache) {
- pd = pdcache.get(cs);
- if (pd == null) {
- PermissionCollection perms = getPermissions(cs);
- pd = new ProtectionDomain(cs, perms, this, null);
- if (pd != null) {
- pdcache.put(cs, pd);
- if (debug != null) {
- debug.println(" getPermissions "+ pd);
- debug.println("");
- }
- }
- }
- }
- return pd;
- }
-}
Modified: trunk/core/src/core/org/jnode/security/JNodePolicy.java
===================================================================
--- trunk/core/src/core/org/jnode/security/JNodePolicy.java 2009-03-29 07:49:07 UTC (rev 5176)
+++ trunk/core/src/core/org/jnode/security/JNodePolicy.java 2009-03-29 07:55:25 UTC (rev 5177)
@@ -140,7 +140,8 @@
final String id = ext.getDeclaringPluginDescriptor().getId();
final URL url;
try {
- url = new URL("plugin:" + id + "!/");
+ //note: ".../-" match everything starting with "plugin:" + id + "!/"
+ url = new URL("plugin:" + id + "!/-");
final ClassLoader cl = ext.getDeclaringPluginDescriptor()
.getPluginClassLoader();
final CodeSource cs = new CodeSource(url, (Certificate[]) null);
Added: trunk/core/src/openjdk/java/java/security/CodeSource.java
===================================================================
--- trunk/core/src/openjdk/java/java/security/CodeSource.java (rev 0)
+++ trunk/core/src/openjdk/java/java/security/CodeSource.java 2009-03-29 07:55:25 UTC (rev 5177)
@@ -0,0 +1,639 @@
+/*
+ * Copyright 1997-2006 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package java.security;
+
+
+import java.net.URL;
+import java.net.SocketPermission;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Hashtable;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.security.cert.*;
+
+/**
+ *
+ * <p>This class extends the concept of a codebase to
+ * encapsulate not only the location (URL) but also the certificate chains
+ * that were used to verify signed code originating from that location.
+ *
+ * @author Li Gong
+ * @author Roland Schemers
+ */
+
+public class CodeSource implements java.io.Serializable {
+
+ private static final long serialVersionUID = 4977541819976013951L;
+
+ /**
+ * The code location.
+ *
+ * @serial
+ */
+ private URL location;
+
+ /*
+ * The code signers.
+ */
+ private transient CodeSigner[] signers = null;
+
+ /*
+ * The code signers. Certificate chains are concatenated.
+ */
+ private transient java.security.cert.Certificate certs[] = null;
+
+ // cached SocketPermission used for matchLocation
+ private transient SocketPermission sp;
+
+ // for generating cert paths
+ private transient CertificateFactory factory = null;
+
+ /**
+ * Constructs a CodeSource and associates it with the specified
+ * location and set of certificates.
+ *
+ * @param url the location (URL).
+ *
+ * @param certs the certificate(s). It may be null. The contents of the
+ * array are copied to protect against subsequent modification.
+ */
+ public CodeSource(URL url, java.security.cert.Certificate certs[]) {
+ this.location = url;
+
+ // Copy the supplied certs
+ if (certs != null) {
+ this.certs = certs.clone();
+ }
+ }
+
+ /**
+ * Constructs a CodeSource and associates it with the specified
+ * location and set of code signers.
+ *
+ * @param url the location (URL).
+ * @param signers the code signers. It may be null. The contents of the
+ * array are copied to protect against subsequent modification.
+ *
+ * @since 1.5
+ */
+ public CodeSource(URL url, CodeSigner[] signers) {
+ this.location = url;
+
+ // Copy the supplied signers
+ if (signers != null) {
+ this.signers = signers.clone();
+ }
+ }
+
+ /**
+ * Returns the hash code value for this object.
+ *
+ * @return a hash code value for this object.
+ */
+
+ public int hashCode() {
+ if (location != null)
+ return location.hashCode();
+ else
+ return 0;
+ }
+
+ /**
+ * Tests for equality between the specified object and this
+ * object. Two CodeSource objects are considered equal if their
+ * locations are of identical value and if their signer certificate
+ * chains are of identical value. It is not required that
+ * the certificate chains be in the same order.
+ *
+ * @param obj the object to test for equality with this object.
+ *
+ * @return true if the objects are considered equal, false otherwise.
+ */
+ public boolean equals(Object obj) {
+ if (obj == this)
+ return true;
+
+ // objects types must be equal
+ if (!(obj instanceof CodeSource))
+ return false;
+
+ CodeSource cs = (CodeSource) obj;
+
+ // URLs must match
+ if (location == null) {
+ // if location is null, then cs.location must be null as well
+ if (cs.location != null) return false;
+ } else {
+ // if location is not null, then it must equal cs.location
+ if (!location.equals(cs.location)) return false;
+ }
+
+ // certs must match
+ return matchCerts(cs, true);
+ }
+
+ /**
+ * Returns the location associated with this CodeSource.
+ *
+ * @return the location (URL).
+ */
+ public final URL getLocation() {
+ /* since URL is practically immutable, returning itself is not
+ a security problem */
+ return this.location;
+ }
+
+ /**
+ * Returns the certificates associated with this CodeSource.
+ * <p>
+ * If this CodeSource object was created using the
+ * {@link #CodeSource(URL url, CodeSigner[] signers)}
+ * constructor then its certificate chains are extracted and used to
+ * create an array of Certificate objects. Each signer certificate is
+ * followed by its supporting certificate chain (which may be empty).
+ * Each signer certificate and its supporting certificate chain is ordered
+ * bottom-to-top (i.e., with the signer certificate first and the (root)
+ * certificate authority last).
+ *
+ * @return A copy of the certificates array, or null if there is none.
+ */
+ public final java.security.cert.Certificate[] getCertificates() {
+ if (certs != null) {
+ return certs.clone();
+
+ } else if (signers != null) {
+ // Convert the code signers to certs
+ ArrayList<java.security.cert.Certificate> certChains =
+ new ArrayList<java.security.cert.Certificate>();
+ for (int i = 0; i < signers.length; i++) {
+ certChains.addAll(
+ signers[i].getSignerCertPath().getCertificates());
+ }
+ certs = certChains.toArray(
+ new java.security.cert.Certificate[certChains.size()]);
+ return certs.clone();
+
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Returns the code signers associated with this CodeSource.
+ * <p>
+ * If this CodeSource object was created using the
+ * {@link #CodeSource(URL url, Certificate[] certs)}
+ * constructor then its certificate chains are extracted and used to
+ * create an array of CodeSigner objects. Note that only X.509 certificates
+ * are examined - all other certificate types are ignored.
+ *
+ * @return A copy of the code signer array, or null if there is none.
+ *
+ * @since 1.5
+ */
+ public final CodeSigner[] getCodeSigners() {
+ if (signers != null) {
+ return signers.clone();
+
+ } else if (certs != null) {
+ // Convert the certs to code signers
+ signers = convertCertArrayToSignerArray(certs);
+ return signers.clone();
+
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Returns true if this CodeSource object "implies" the specified CodeSource.
+ * <P>
+ * More specifically, this method makes the following checks, in order.
+ * If any fail, it returns false. If they all succeed, it returns true.<p>
+ * <ol>
+ * <li> <i>codesource</i> must not be null.
+ * <li> If this object's certificates are not null, then all
+ * of this object's certificates must be present in <i>codesource</i>'s
+ * certificates.
+ * <li> If this object's location (getLocation()) is not null, then the
+ * following checks are made against this object's location and
+ * <i>codesource</i>'s:<p>
+ * <ol>
+ * <li> <i>codesource</i>'s location must not be null.
+ *
+ * <li> If this object's location
+ * equals <i>codesource</i>'s location, then return true.
+ *
+ * <li> This object's protocol (getLocation().getProtocol()) must be
+ * equal to <i>codesource</i>'s protocol.
+ *
+ * <li> If this object's host (getLocation().getHost()) is not null,
+ * then the SocketPermission
+ * constructed with this object's host must imply the
+ * SocketPermission constructed with <i>codesource</i>'s host.
+ *
+ * <li> If this object's port (getLocation().getPort()) is not
+ * equal to -1 (that is, if a port is specified), it must equal
+ * <i>codesource</i>'s port.
+ *
+ * <li> If this object's file (getLocation().getFile()) doesn't equal
+ * <i>codesource</i>'s file, then the following checks are made:
+ * If this object's file ends with "/-",
+ * then <i>codesource</i>'s file must start with this object's
+ * file (exclusive the trailing "-").
+ * If this object's file ends with a "/*",
+ * then <i>codesource</i>'s file must start with this object's
+ * file and must not have any further "/" separators.
+ * If this object's file doesn't end with a "/",
+ * then <i>codesource</i>'s file must match this object's
+ * file with a '/' appended.
+ *
+ * <li> If this object's reference (getLocation().getRef()) is
+ * not null, it must equal <i>codesource</i>'s reference.
+ *
+ * </ol>
+ * </ol>
+ * <p>
+ * For example, the codesource objects with the following locations
+ * and null certificates all imply
+ * the codesource with the location "http://java.sun.com/classes/foo.jar"
+ * and null certificates:
+ * <pre>
+ * http:
+ * http://*.sun.com/classes/*
+ * http://java.sun.com/classes/-
+ * http://java.sun.com/classes/foo.jar
+ * </pre>
+ *
+ * Note that if this CodeSource has a null location and a null
+ * certificate chain, then it implies every other CodeSource.
+ *
+ * @param codesource CodeSource to compare against.
+ *
+ * @return true if the specified codesource is implied by this codesource,
+ * false if not.
+ */
+
+ public boolean implies(CodeSource codesource)
+ {
+ if (codesource == null)
+ return false;
+
+ return matchCerts(codesource, false) && matchLocation(codesource);
+ }
+
+ /**
+ * Returns true if all the certs in this
+ * CodeSource are also in <i>that</i>.
+ *
+ * @param that the CodeSource to check against.
+ * @param strict If true then a strict equality match is performed.
+ * Otherwise a subset match is performed.
+ */
+ private boolean matchCerts(CodeSource that, boolean strict)
+ {
+ boolean match;
+
+ // match any key
+ if (certs == null && signers == null) {
+ if (strict) {
+ return (that.certs == null && that.signers == null);
+ } else {
+ return true;
+ }
+ // both have signers
+ } else if (signers != null && that.signers != null) {
+ if (strict && signers.length != that.signers.length) {
+ return false;
+ }
+ for (int i = 0; i < signers.length; i++) {
+ match = false;
+ for (int j = 0; j < that.signers.length; j++) {
+ if (signers[i].equals(that.signers[j])) {
+ match = true;
+ break;
+ }
+ }
+ if (!match) return false;
+ }
+ return true;
+
+ // both have certs
+ } else if (certs != null && that.certs != null) {
+ if (strict && certs.length != that.certs.length) {
+ return false;
+ }
+ for (int i = 0; i < certs.length; i++) {
+ match = false;
+ for (int j = 0; j < that.certs.length; j++) {
+ if (certs[i].equals(that.certs[j])) ...
[truncated message content] |
