1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 /** 19 * @author Alexey V. Varlamov 20 * @version $Revision$ 21 */ 22 23 package org.apache.harmony.security; 24 25 import java.net.URL; 26 import java.security.CodeSigner; 27 import java.security.CodeSource; 28 import java.security.Permission; 29 import java.security.Principal; 30 import java.util.Collection; 31 import java.util.Collections; 32 import org.apache.harmony.security.fortress.PolicyUtils; 33 34 /** 35 * This class represents an elementary block of a security policy. It associates 36 * a CodeSource of an executable code, Principals allowed to execute the code, 37 * and a set of granted Permissions. 38 * 39 * @see org.apache.harmony.security.fortress.DefaultPolicy 40 */ 41 public class PolicyEntry { 42 43 // Store CodeSource 44 private final CodeSource cs; 45 46 // Array of principals 47 private final Principal[] principals; 48 49 // Permissions collection 50 private final Collection<Permission> permissions; 51 52 /** 53 * Constructor with initialization parameters. Passed collections are not 54 * referenced directly, but copied. 55 */ 56 public PolicyEntry(CodeSource cs, Collection<? extends Principal> prs, 57 Collection<? extends Permission> permissions) { 58 this.cs = (cs != null) ? normalizeCodeSource(cs) : null; 59 this.principals = (prs == null || prs.isEmpty()) ? null 60 : (Principal[]) prs.toArray(new Principal[prs.size()]); 61 this.permissions = (permissions == null || permissions.isEmpty()) ? null 62 : Collections.unmodifiableCollection(permissions); 63 } 64 65 /** 66 * Checks if passed CodeSource matches this PolicyEntry. Null CodeSource of 67 * PolicyEntry implies any CodeSource; non-null CodeSource forwards to its 68 * imply() method. 69 */ 70 public boolean impliesCodeSource(CodeSource codeSource) { 71 if (cs == null) { 72 return true; 73 } 74 75 if (codeSource == null) { 76 return false; 77 } 78 return cs.implies(normalizeCodeSource(codeSource)); 79 } 80 81 private CodeSource normalizeCodeSource(CodeSource codeSource) { 82 URL codeSourceURL = PolicyUtils.normalizeURL(codeSource.getLocation()); 83 CodeSource result = codeSource; 84 85 if (codeSourceURL != codeSource.getLocation()) { 86 // URL was normalized - recreate codeSource with new URL 87 CodeSigner[] signers = codeSource.getCodeSigners(); 88 if (signers == null) { 89 result = new CodeSource(codeSourceURL, codeSource 90 .getCertificates()); 91 } else { 92 result = new CodeSource(codeSourceURL, signers); 93 } 94 } 95 return result; 96 } 97 98 /** 99 * Checks if specified Principals match this PolicyEntry. Null or empty set 100 * of Principals of PolicyEntry implies any Principals; otherwise specified 101 * array must contain all Principals of this PolicyEntry. 102 */ 103 public boolean impliesPrincipals(Principal[] prs) { 104 return PolicyUtils.matchSubset(principals, prs); 105 } 106 107 /** 108 * Returns unmodifiable collection of permissions defined by this 109 * PolicyEntry, may be <code>null</code>. 110 */ 111 public Collection<Permission> getPermissions() { 112 return permissions; 113 } 114 115 /** 116 * Returns true if this PolicyEntry defines no Permissions, false otherwise. 117 */ 118 public boolean isVoid() { 119 return permissions == null || permissions.size() == 0; 120 } 121 } 122