Shuyi Chen | d7955ce | 2013-05-22 14:51:55 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Licensed to the Apache Software Foundation (ASF) under one or more |
| 3 | * contributor license agreements. See the NOTICE file distributed with |
| 4 | * this work for additional information regarding copyright ownership. |
| 5 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
| 6 | * (the "License"); you may not use this file except in compliance with |
| 7 | * the License. You may obtain a copy of the License at |
| 8 | * |
| 9 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | * |
| 11 | * Unless required by applicable law or agreed to in writing, software |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | * See the License for the specific language governing permissions and |
| 15 | * limitations under the License. |
| 16 | */ |
| 17 | |
| 18 | package org.apache.harmony.javax.security.auth; |
| 19 | |
| 20 | import java.io.IOException; |
| 21 | import java.io.ObjectInputStream; |
| 22 | import java.io.ObjectOutputStream; |
| 23 | import java.io.Serializable; |
| 24 | import java.security.AccessControlContext; |
| 25 | import java.security.AccessController; |
| 26 | import java.security.DomainCombiner; |
| 27 | import java.security.Permission; |
| 28 | import java.security.Principal; |
| 29 | import java.security.PrivilegedAction; |
| 30 | import java.security.PrivilegedActionException; |
| 31 | import java.security.PrivilegedExceptionAction; |
| 32 | import java.security.ProtectionDomain; |
| 33 | import java.util.AbstractSet; |
| 34 | import java.util.Collection; |
| 35 | import java.util.Iterator; |
| 36 | import java.util.LinkedList; |
| 37 | import java.util.Set; |
| 38 | |
| 39 | |
| 40 | |
| 41 | /** |
| 42 | * The central class of the {@code javax.security.auth} package representing an |
| 43 | * authenticated user or entity (both referred to as "subject"). IT defines also |
| 44 | * the static methods that allow code to be run, and do modifications according |
| 45 | * to the subject's permissions. |
| 46 | * <p> |
| 47 | * A subject has the following features: |
| 48 | * <ul> |
| 49 | * <li>A set of {@code Principal} objects specifying the identities bound to a |
| 50 | * {@code Subject} that distinguish it.</li> |
| 51 | * <li>Credentials (public and private) such as certificates, keys, or |
| 52 | * authentication proofs such as tickets</li> |
| 53 | * </ul> |
| 54 | */ |
| 55 | public final class Subject implements Serializable { |
| 56 | |
| 57 | private static final long serialVersionUID = -8308522755600156056L; |
| 58 | |
| 59 | private static final AuthPermission _AS = new AuthPermission("doAs"); //$NON-NLS-1$ |
| 60 | |
| 61 | private static final AuthPermission _AS_PRIVILEGED = new AuthPermission( |
| 62 | "doAsPrivileged"); //$NON-NLS-1$ |
| 63 | |
| 64 | private static final AuthPermission _SUBJECT = new AuthPermission( |
| 65 | "getSubject"); //$NON-NLS-1$ |
| 66 | |
| 67 | private static final AuthPermission _PRINCIPALS = new AuthPermission( |
| 68 | "modifyPrincipals"); //$NON-NLS-1$ |
| 69 | |
| 70 | private static final AuthPermission _PRIVATE_CREDENTIALS = new AuthPermission( |
| 71 | "modifyPrivateCredentials"); //$NON-NLS-1$ |
| 72 | |
| 73 | private static final AuthPermission _PUBLIC_CREDENTIALS = new AuthPermission( |
| 74 | "modifyPublicCredentials"); //$NON-NLS-1$ |
| 75 | |
| 76 | private static final AuthPermission _READ_ONLY = new AuthPermission( |
| 77 | "setReadOnly"); //$NON-NLS-1$ |
| 78 | |
| 79 | private final Set<Principal> principals; |
| 80 | |
| 81 | private boolean readOnly; |
| 82 | |
| 83 | // set of private credentials |
| 84 | private transient SecureSet<Object> privateCredentials; |
| 85 | |
| 86 | // set of public credentials |
| 87 | private transient SecureSet<Object> publicCredentials; |
| 88 | |
| 89 | /** |
| 90 | * The default constructor initializing the sets of public and private |
| 91 | * credentials and principals with the empty set. |
| 92 | */ |
| 93 | public Subject() { |
| 94 | super(); |
| 95 | principals = new SecureSet<Principal>(_PRINCIPALS); |
| 96 | publicCredentials = new SecureSet<Object>(_PUBLIC_CREDENTIALS); |
| 97 | privateCredentials = new SecureSet<Object>(_PRIVATE_CREDENTIALS); |
| 98 | |
| 99 | readOnly = false; |
| 100 | } |
| 101 | |
| 102 | /** |
| 103 | * The constructor for the subject, setting its public and private |
| 104 | * credentials and principals according to the arguments. |
| 105 | * |
| 106 | * @param readOnly |
| 107 | * {@code true} if this {@code Subject} is read-only, thus |
| 108 | * preventing any modifications to be done. |
| 109 | * @param subjPrincipals |
| 110 | * the set of Principals that are attributed to this {@code |
| 111 | * Subject}. |
| 112 | * @param pubCredentials |
| 113 | * the set of public credentials that distinguish this {@code |
| 114 | * Subject}. |
| 115 | * @param privCredentials |
| 116 | * the set of private credentials that distinguish this {@code |
| 117 | * Subject}. |
| 118 | */ |
| 119 | public Subject(boolean readOnly, Set<? extends Principal> subjPrincipals, |
| 120 | Set<?> pubCredentials, Set<?> privCredentials) { |
| 121 | |
| 122 | if (subjPrincipals == null || pubCredentials == null || privCredentials == null) { |
| 123 | throw new NullPointerException(); |
| 124 | } |
| 125 | |
| 126 | principals = new SecureSet<Principal>(_PRINCIPALS, subjPrincipals); |
| 127 | publicCredentials = new SecureSet<Object>(_PUBLIC_CREDENTIALS, pubCredentials); |
| 128 | privateCredentials = new SecureSet<Object>(_PRIVATE_CREDENTIALS, privCredentials); |
| 129 | |
| 130 | this.readOnly = readOnly; |
| 131 | } |
| 132 | |
| 133 | /** |
| 134 | * Runs the code defined by {@code action} using the permissions granted to |
| 135 | * the {@code Subject} itself and to the code as well. |
| 136 | * |
| 137 | * @param subject |
| 138 | * the distinguished {@code Subject}. |
| 139 | * @param action |
| 140 | * the code to be run. |
| 141 | * @return the {@code Object} returned when running the {@code action}. |
| 142 | */ |
| 143 | @SuppressWarnings("unchecked") |
| 144 | public static Object doAs(Subject subject, PrivilegedAction action) { |
| 145 | |
| 146 | checkPermission(_AS); |
| 147 | |
| 148 | return doAs_PrivilegedAction(subject, action, AccessController.getContext()); |
| 149 | } |
| 150 | |
| 151 | /** |
| 152 | * Run the code defined by {@code action} using the permissions granted to |
| 153 | * the {@code Subject} and to the code itself, additionally providing a more |
| 154 | * specific context. |
| 155 | * |
| 156 | * @param subject |
| 157 | * the distinguished {@code Subject}. |
| 158 | * @param action |
| 159 | * the code to be run. |
| 160 | * @param context |
| 161 | * the specific context in which the {@code action} is invoked. |
| 162 | * if {@code null} a new {@link AccessControlContext} is |
| 163 | * instantiated. |
| 164 | * @return the {@code Object} returned when running the {@code action}. |
| 165 | */ |
| 166 | @SuppressWarnings("unchecked") |
| 167 | public static Object doAsPrivileged(Subject subject, PrivilegedAction action, |
| 168 | AccessControlContext context) { |
| 169 | |
| 170 | checkPermission(_AS_PRIVILEGED); |
| 171 | |
| 172 | if (context == null) { |
| 173 | return doAs_PrivilegedAction(subject, action, new AccessControlContext( |
| 174 | new ProtectionDomain[0])); |
| 175 | } |
| 176 | return doAs_PrivilegedAction(subject, action, context); |
| 177 | } |
| 178 | |
| 179 | // instantiates a new context and passes it to AccessController |
| 180 | @SuppressWarnings("unchecked") |
| 181 | private static Object doAs_PrivilegedAction(Subject subject, PrivilegedAction action, |
| 182 | final AccessControlContext context) { |
| 183 | |
| 184 | AccessControlContext newContext; |
| 185 | |
| 186 | final SubjectDomainCombiner combiner; |
| 187 | if (subject == null) { |
| 188 | // performance optimization |
| 189 | // if subject is null there is nothing to combine |
| 190 | combiner = null; |
| 191 | } else { |
| 192 | combiner = new SubjectDomainCombiner(subject); |
| 193 | } |
| 194 | |
| 195 | PrivilegedAction dccAction = new PrivilegedAction() { |
| 196 | public Object run() { |
| 197 | |
| 198 | return new AccessControlContext(context, combiner); |
| 199 | } |
| 200 | }; |
| 201 | |
| 202 | newContext = (AccessControlContext) AccessController.doPrivileged(dccAction); |
| 203 | |
| 204 | return AccessController.doPrivileged(action, newContext); |
| 205 | } |
| 206 | |
| 207 | /** |
| 208 | * Runs the code defined by {@code action} using the permissions granted to |
| 209 | * the subject and to the code itself. |
| 210 | * |
| 211 | * @param subject |
| 212 | * the distinguished {@code Subject}. |
| 213 | * @param action |
| 214 | * the code to be run. |
| 215 | * @return the {@code Object} returned when running the {@code action}. |
| 216 | * @throws PrivilegedActionException |
| 217 | * if running the {@code action} throws an exception. |
| 218 | */ |
| 219 | @SuppressWarnings("unchecked") |
| 220 | public static Object doAs(Subject subject, PrivilegedExceptionAction action) |
| 221 | throws PrivilegedActionException { |
| 222 | |
| 223 | checkPermission(_AS); |
| 224 | |
| 225 | return doAs_PrivilegedExceptionAction(subject, action, AccessController.getContext()); |
| 226 | } |
| 227 | |
| 228 | /** |
| 229 | * Runs the code defined by {@code action} using the permissions granted to |
| 230 | * the subject and to the code itself, additionally providing a more |
| 231 | * specific context. |
| 232 | * |
| 233 | * @param subject |
| 234 | * the distinguished {@code Subject}. |
| 235 | * @param action |
| 236 | * the code to be run. |
| 237 | * @param context |
| 238 | * the specific context in which the {@code action} is invoked. |
| 239 | * if {@code null} a new {@link AccessControlContext} is |
| 240 | * instantiated. |
| 241 | * @return the {@code Object} returned when running the {@code action}. |
| 242 | * @throws PrivilegedActionException |
| 243 | * if running the {@code action} throws an exception. |
| 244 | */ |
| 245 | @SuppressWarnings("unchecked") |
| 246 | public static Object doAsPrivileged(Subject subject, |
| 247 | PrivilegedExceptionAction action, AccessControlContext context) |
| 248 | throws PrivilegedActionException { |
| 249 | |
| 250 | checkPermission(_AS_PRIVILEGED); |
| 251 | |
| 252 | if (context == null) { |
| 253 | return doAs_PrivilegedExceptionAction(subject, action, |
| 254 | new AccessControlContext(new ProtectionDomain[0])); |
| 255 | } |
| 256 | return doAs_PrivilegedExceptionAction(subject, action, context); |
| 257 | } |
| 258 | |
| 259 | // instantiates a new context and passes it to AccessController |
| 260 | @SuppressWarnings("unchecked") |
| 261 | private static Object doAs_PrivilegedExceptionAction(Subject subject, |
| 262 | PrivilegedExceptionAction action, final AccessControlContext context) |
| 263 | throws PrivilegedActionException { |
| 264 | |
| 265 | AccessControlContext newContext; |
| 266 | |
| 267 | final SubjectDomainCombiner combiner; |
| 268 | if (subject == null) { |
| 269 | // performance optimization |
| 270 | // if subject is null there is nothing to combine |
| 271 | combiner = null; |
| 272 | } else { |
| 273 | combiner = new SubjectDomainCombiner(subject); |
| 274 | } |
| 275 | |
| 276 | PrivilegedAction<AccessControlContext> dccAction = new PrivilegedAction<AccessControlContext>() { |
| 277 | public AccessControlContext run() { |
| 278 | return new AccessControlContext(context, combiner); |
| 279 | } |
| 280 | }; |
| 281 | |
| 282 | newContext = AccessController.doPrivileged(dccAction); |
| 283 | |
| 284 | return AccessController.doPrivileged(action, newContext); |
| 285 | } |
| 286 | |
| 287 | /** |
| 288 | * Checks two Subjects for equality. More specifically if the principals, |
| 289 | * public and private credentials are equal, equality for two {@code |
| 290 | * Subjects} is implied. |
| 291 | * |
| 292 | * @param obj |
| 293 | * the {@code Object} checked for equality with this {@code |
| 294 | * Subject}. |
| 295 | * @return {@code true} if the specified {@code Subject} is equal to this |
| 296 | * one. |
| 297 | */ |
| 298 | @Override |
| 299 | public boolean equals(Object obj) { |
| 300 | |
| 301 | if (this == obj) { |
| 302 | return true; |
| 303 | } |
| 304 | |
| 305 | if (obj == null || this.getClass() != obj.getClass()) { |
| 306 | return false; |
| 307 | } |
| 308 | |
| 309 | Subject that = (Subject) obj; |
| 310 | |
| 311 | if (principals.equals(that.principals) |
| 312 | && publicCredentials.equals(that.publicCredentials) |
| 313 | && privateCredentials.equals(that.privateCredentials)) { |
| 314 | return true; |
| 315 | } |
| 316 | return false; |
| 317 | } |
| 318 | |
| 319 | /** |
| 320 | * Returns this {@code Subject}'s {@link Principal}. |
| 321 | * |
| 322 | * @return this {@code Subject}'s {@link Principal}. |
| 323 | */ |
| 324 | public Set<Principal> getPrincipals() { |
| 325 | return principals; |
| 326 | } |
| 327 | |
| 328 | |
| 329 | /** |
| 330 | * Returns this {@code Subject}'s {@link Principal} which is a subclass of |
| 331 | * the {@code Class} provided. |
| 332 | * |
| 333 | * @param c |
| 334 | * the {@code Class} as a criteria which the {@code Principal} |
| 335 | * returned must satisfy. |
| 336 | * @return this {@code Subject}'s {@link Principal}. Modifications to the |
| 337 | * returned set of {@code Principal}s do not affect this {@code |
| 338 | * Subject}'s set. |
| 339 | */ |
| 340 | public <T extends Principal> Set<T> getPrincipals(Class<T> c) { |
| 341 | return ((SecureSet<Principal>) principals).get(c); |
| 342 | } |
| 343 | |
| 344 | /** |
| 345 | * Returns the private credentials associated with this {@code Subject}. |
| 346 | * |
| 347 | * @return the private credentials associated with this {@code Subject}. |
| 348 | */ |
| 349 | public Set<Object> getPrivateCredentials() { |
| 350 | return privateCredentials; |
| 351 | } |
| 352 | |
| 353 | /** |
| 354 | * Returns this {@code Subject}'s private credentials which are a subclass |
| 355 | * of the {@code Class} provided. |
| 356 | * |
| 357 | * @param c |
| 358 | * the {@code Class} as a criteria which the private credentials |
| 359 | * returned must satisfy. |
| 360 | * @return this {@code Subject}'s private credentials. Modifications to the |
| 361 | * returned set of credentials do not affect this {@code Subject}'s |
| 362 | * credentials. |
| 363 | */ |
| 364 | public <T> Set<T> getPrivateCredentials(Class<T> c) { |
| 365 | return privateCredentials.get(c); |
| 366 | } |
| 367 | |
| 368 | /** |
| 369 | * Returns the public credentials associated with this {@code Subject}. |
| 370 | * |
| 371 | * @return the public credentials associated with this {@code Subject}. |
| 372 | */ |
| 373 | public Set<Object> getPublicCredentials() { |
| 374 | return publicCredentials; |
| 375 | } |
| 376 | |
| 377 | |
| 378 | /** |
| 379 | * Returns this {@code Subject}'s public credentials which are a subclass of |
| 380 | * the {@code Class} provided. |
| 381 | * |
| 382 | * @param c |
| 383 | * the {@code Class} as a criteria which the public credentials |
| 384 | * returned must satisfy. |
| 385 | * @return this {@code Subject}'s public credentials. Modifications to the |
| 386 | * returned set of credentials do not affect this {@code Subject}'s |
| 387 | * credentials. |
| 388 | */ |
| 389 | public <T> Set<T> getPublicCredentials(Class<T> c) { |
| 390 | return publicCredentials.get(c); |
| 391 | } |
| 392 | |
| 393 | /** |
| 394 | * Returns a hash code of this {@code Subject}. |
| 395 | * |
| 396 | * @return a hash code of this {@code Subject}. |
| 397 | */ |
| 398 | @Override |
| 399 | public int hashCode() { |
| 400 | return principals.hashCode() + privateCredentials.hashCode() |
| 401 | + publicCredentials.hashCode(); |
| 402 | } |
| 403 | |
| 404 | /** |
| 405 | * Prevents from modifications being done to the credentials and {@link |
| 406 | * Principal} sets. After setting it to read-only this {@code Subject} can |
| 407 | * not be made writable again. The destroy method on the credentials still |
| 408 | * works though. |
| 409 | */ |
| 410 | public void setReadOnly() { |
| 411 | checkPermission(_READ_ONLY); |
| 412 | |
| 413 | readOnly = true; |
| 414 | } |
| 415 | |
| 416 | /** |
| 417 | * Returns whether this {@code Subject} is read-only or not. |
| 418 | * |
| 419 | * @return whether this {@code Subject} is read-only or not. |
| 420 | */ |
| 421 | public boolean isReadOnly() { |
| 422 | return readOnly; |
| 423 | } |
| 424 | |
| 425 | /** |
| 426 | * Returns a {@code String} representation of this {@code Subject}. |
| 427 | * |
| 428 | * @return a {@code String} representation of this {@code Subject}. |
| 429 | */ |
| 430 | @Override |
| 431 | public String toString() { |
| 432 | |
| 433 | StringBuilder buf = new StringBuilder("Subject:\n"); //$NON-NLS-1$ |
| 434 | |
| 435 | Iterator<?> it = principals.iterator(); |
| 436 | while (it.hasNext()) { |
| 437 | buf.append("\tPrincipal: "); //$NON-NLS-1$ |
| 438 | buf.append(it.next()); |
| 439 | buf.append('\n'); |
| 440 | } |
| 441 | |
| 442 | it = publicCredentials.iterator(); |
| 443 | while (it.hasNext()) { |
| 444 | buf.append("\tPublic Credential: "); //$NON-NLS-1$ |
| 445 | buf.append(it.next()); |
| 446 | buf.append('\n'); |
| 447 | } |
| 448 | |
| 449 | int offset = buf.length() - 1; |
| 450 | it = privateCredentials.iterator(); |
| 451 | try { |
| 452 | while (it.hasNext()) { |
| 453 | buf.append("\tPrivate Credential: "); //$NON-NLS-1$ |
| 454 | buf.append(it.next()); |
| 455 | buf.append('\n'); |
| 456 | } |
| 457 | } catch (SecurityException e) { |
| 458 | buf.delete(offset, buf.length()); |
| 459 | buf.append("\tPrivate Credentials: no accessible information\n"); //$NON-NLS-1$ |
| 460 | } |
| 461 | return buf.toString(); |
| 462 | } |
| 463 | |
| 464 | private void readObject(ObjectInputStream in) throws IOException, |
| 465 | ClassNotFoundException { |
| 466 | |
| 467 | in.defaultReadObject(); |
| 468 | |
| 469 | publicCredentials = new SecureSet<Object>(_PUBLIC_CREDENTIALS); |
| 470 | privateCredentials = new SecureSet<Object>(_PRIVATE_CREDENTIALS); |
| 471 | } |
| 472 | |
| 473 | private void writeObject(ObjectOutputStream out) throws IOException { |
| 474 | out.defaultWriteObject(); |
| 475 | } |
| 476 | |
| 477 | /** |
| 478 | * Returns the {@code Subject} that was last associated with the {@code |
| 479 | * context} provided as argument. |
| 480 | * |
| 481 | * @param context |
| 482 | * the {@code context} that was associated with the |
| 483 | * {@code Subject}. |
| 484 | * @return the {@code Subject} that was last associated with the {@code |
| 485 | * context} provided as argument. |
| 486 | */ |
| 487 | public static Subject getSubject(final AccessControlContext context) { |
| 488 | checkPermission(_SUBJECT); |
| 489 | if (context == null) { |
| 490 | throw new NullPointerException("auth.09"); //$NON-NLS-1$ |
| 491 | } |
| 492 | PrivilegedAction<DomainCombiner> action = new PrivilegedAction<DomainCombiner>() { |
| 493 | public DomainCombiner run() { |
| 494 | return context.getDomainCombiner(); |
| 495 | } |
| 496 | }; |
| 497 | DomainCombiner combiner = AccessController.doPrivileged(action); |
| 498 | |
| 499 | if ((combiner == null) || !(combiner instanceof SubjectDomainCombiner)) { |
| 500 | return null; |
| 501 | } |
| 502 | return ((SubjectDomainCombiner) combiner).getSubject(); |
| 503 | } |
| 504 | |
| 505 | // checks passed permission |
| 506 | private static void checkPermission(Permission p) { |
| 507 | SecurityManager sm = System.getSecurityManager(); |
| 508 | if (sm != null) { |
| 509 | sm.checkPermission(p); |
| 510 | } |
| 511 | } |
| 512 | |
| 513 | // FIXME is used only in two places. remove? |
| 514 | private void checkState() { |
| 515 | if (readOnly) { |
| 516 | throw new IllegalStateException("auth.0A"); //$NON-NLS-1$ |
| 517 | } |
| 518 | } |
| 519 | |
| 520 | private final class SecureSet<SST> extends AbstractSet<SST> implements Serializable { |
| 521 | |
| 522 | /** |
| 523 | * Compatibility issue: see comments for setType variable |
| 524 | */ |
| 525 | private static final long serialVersionUID = 7911754171111800359L; |
| 526 | |
| 527 | private LinkedList<SST> elements; |
| 528 | |
| 529 | /* |
| 530 | * Is used to define a set type for serialization. |
| 531 | * |
| 532 | * A type can be principal, priv. or pub. credential set. The spec. |
| 533 | * doesn't clearly says that priv. and pub. credential sets can be |
| 534 | * serialized and what classes they are. It is only possible to figure |
| 535 | * out from writeObject method comments that priv. credential set is |
| 536 | * serializable and it is an instance of SecureSet class. So pub. |
| 537 | * credential was implemented by analogy |
| 538 | * |
| 539 | * Compatibility issue: the class follows its specified serial form. |
| 540 | * Also according to the serialization spec. adding new field is a |
| 541 | * compatible change. So is ok for principal set (because the default |
| 542 | * value for integer is zero). But priv. or pub. credential set it is |
| 543 | * not compatible because most probably other implementations resolve |
| 544 | * this issue in other way |
| 545 | */ |
| 546 | private int setType; |
| 547 | |
| 548 | // Defines principal set for serialization. |
| 549 | private static final int SET_Principal = 0; |
| 550 | |
| 551 | // Defines private credential set for serialization. |
| 552 | private static final int SET_PrivCred = 1; |
| 553 | |
| 554 | // Defines public credential set for serialization. |
| 555 | private static final int SET_PubCred = 2; |
| 556 | |
| 557 | // permission required to modify set |
| 558 | private transient AuthPermission permission; |
| 559 | |
| 560 | protected SecureSet(AuthPermission perm) { |
| 561 | permission = perm; |
| 562 | elements = new LinkedList<SST>(); |
| 563 | } |
| 564 | |
| 565 | // creates set from specified collection with specified permission |
| 566 | // all collection elements are verified before adding |
| 567 | protected SecureSet(AuthPermission perm, Collection<? extends SST> s) { |
| 568 | this(perm); |
| 569 | |
| 570 | // Subject's constructor receives a Set, we can trusts if a set is from bootclasspath, |
| 571 | // and not to check whether it contains duplicates or not |
| 572 | boolean trust = s.getClass().getClassLoader() == null; |
| 573 | |
| 574 | Iterator<? extends SST> it = s.iterator(); |
| 575 | while (it.hasNext()) { |
| 576 | SST o = it.next(); |
| 577 | verifyElement(o); |
| 578 | if (trust || !elements.contains(o)) { |
| 579 | elements.add(o); |
| 580 | } |
| 581 | } |
| 582 | } |
| 583 | |
| 584 | // verifies new set element |
| 585 | private void verifyElement(Object o) { |
| 586 | |
| 587 | if (o == null) { |
| 588 | throw new NullPointerException(); |
| 589 | } |
| 590 | if (permission == _PRINCIPALS && !(Principal.class.isAssignableFrom(o.getClass()))) { |
| 591 | throw new IllegalArgumentException("auth.0B"); //$NON-NLS-1$ |
| 592 | } |
| 593 | } |
| 594 | |
| 595 | /* |
| 596 | * verifies specified element, checks set state, and security permission |
| 597 | * to modify set before adding new element |
| 598 | */ |
| 599 | @Override |
| 600 | public boolean add(SST o) { |
| 601 | |
| 602 | verifyElement(o); |
| 603 | |
| 604 | checkState(); |
| 605 | checkPermission(permission); |
| 606 | |
| 607 | if (!elements.contains(o)) { |
| 608 | elements.add(o); |
| 609 | return true; |
| 610 | } |
| 611 | return false; |
| 612 | } |
| 613 | |
| 614 | // returns an instance of SecureIterator |
| 615 | @Override |
| 616 | public Iterator<SST> iterator() { |
| 617 | |
| 618 | if (permission == _PRIVATE_CREDENTIALS) { |
| 619 | /* |
| 620 | * private credential set requires iterator with additional |
| 621 | * security check (PrivateCredentialPermission) |
| 622 | */ |
| 623 | return new SecureIterator(elements.iterator()) { |
| 624 | /* |
| 625 | * checks permission to access next private credential moves |
| 626 | * to the next element even SecurityException was thrown |
| 627 | */ |
| 628 | @Override |
| 629 | public SST next() { |
| 630 | SST obj = iterator.next(); |
| 631 | checkPermission(new PrivateCredentialPermission(obj |
| 632 | .getClass().getName(), principals)); |
| 633 | return obj; |
| 634 | } |
| 635 | }; |
| 636 | } |
| 637 | return new SecureIterator(elements.iterator()); |
| 638 | } |
| 639 | |
| 640 | @Override |
| 641 | public boolean retainAll(Collection<?> c) { |
| 642 | |
| 643 | if (c == null) { |
| 644 | throw new NullPointerException(); |
| 645 | } |
| 646 | return super.retainAll(c); |
| 647 | } |
| 648 | |
| 649 | @Override |
| 650 | public int size() { |
| 651 | return elements.size(); |
| 652 | } |
| 653 | |
| 654 | /** |
| 655 | * return set with elements that are instances or subclasses of the |
| 656 | * specified class |
| 657 | */ |
| 658 | protected final <E> Set<E> get(final Class<E> c) { |
| 659 | |
| 660 | if (c == null) { |
| 661 | throw new NullPointerException(); |
| 662 | } |
| 663 | |
| 664 | AbstractSet<E> s = new AbstractSet<E>() { |
| 665 | private LinkedList<E> elements = new LinkedList<E>(); |
| 666 | |
| 667 | @Override |
| 668 | public boolean add(E o) { |
| 669 | |
| 670 | if (!c.isAssignableFrom(o.getClass())) { |
| 671 | throw new IllegalArgumentException( |
| 672 | "auth.0C " + c.getName()); //$NON-NLS-1$ |
| 673 | } |
| 674 | |
| 675 | if (elements.contains(o)) { |
| 676 | return false; |
| 677 | } |
| 678 | elements.add(o); |
| 679 | return true; |
| 680 | } |
| 681 | |
| 682 | @Override |
| 683 | public Iterator<E> iterator() { |
| 684 | return elements.iterator(); |
| 685 | } |
| 686 | |
| 687 | @Override |
| 688 | public boolean retainAll(Collection<?> c) { |
| 689 | |
| 690 | if (c == null) { |
| 691 | throw new NullPointerException(); |
| 692 | } |
| 693 | return super.retainAll(c); |
| 694 | } |
| 695 | |
| 696 | @Override |
| 697 | public int size() { |
| 698 | return elements.size(); |
| 699 | } |
| 700 | }; |
| 701 | |
| 702 | // FIXME must have permissions for requested priv. credentials |
| 703 | for (Iterator<SST> it = iterator(); it.hasNext();) { |
| 704 | SST o = it.next(); |
| 705 | if (c.isAssignableFrom(o.getClass())) { |
| 706 | s.add(c.cast(o)); |
| 707 | } |
| 708 | } |
| 709 | return s; |
| 710 | } |
| 711 | |
| 712 | private void readObject(ObjectInputStream in) throws IOException, |
| 713 | ClassNotFoundException { |
| 714 | in.defaultReadObject(); |
| 715 | |
| 716 | switch (setType) { |
| 717 | case SET_Principal: |
| 718 | permission = _PRINCIPALS; |
| 719 | break; |
| 720 | case SET_PrivCred: |
| 721 | permission = _PRIVATE_CREDENTIALS; |
| 722 | break; |
| 723 | case SET_PubCred: |
| 724 | permission = _PUBLIC_CREDENTIALS; |
| 725 | break; |
| 726 | default: |
| 727 | throw new IllegalArgumentException(); |
| 728 | } |
| 729 | |
| 730 | Iterator<SST> it = elements.iterator(); |
| 731 | while (it.hasNext()) { |
| 732 | verifyElement(it.next()); |
| 733 | } |
| 734 | } |
| 735 | |
| 736 | private void writeObject(ObjectOutputStream out) throws IOException { |
| 737 | |
| 738 | if (permission == _PRIVATE_CREDENTIALS) { |
| 739 | // does security check for each private credential |
| 740 | for (Iterator<SST> it = iterator(); it.hasNext();) { |
| 741 | it.next(); |
| 742 | } |
| 743 | setType = SET_PrivCred; |
| 744 | } else if (permission == _PRINCIPALS) { |
| 745 | setType = SET_Principal; |
| 746 | } else { |
| 747 | setType = SET_PubCred; |
| 748 | } |
| 749 | |
| 750 | out.defaultWriteObject(); |
| 751 | } |
| 752 | |
| 753 | /** |
| 754 | * Represents iterator for subject's secure set |
| 755 | */ |
| 756 | private class SecureIterator implements Iterator<SST> { |
| 757 | protected Iterator<SST> iterator; |
| 758 | |
| 759 | protected SecureIterator(Iterator<SST> iterator) { |
| 760 | this.iterator = iterator; |
| 761 | } |
| 762 | |
| 763 | public boolean hasNext() { |
| 764 | return iterator.hasNext(); |
| 765 | } |
| 766 | |
| 767 | public SST next() { |
| 768 | return iterator.next(); |
| 769 | } |
| 770 | |
| 771 | /** |
| 772 | * checks set state, and security permission to modify set before |
| 773 | * removing current element |
| 774 | */ |
| 775 | public void remove() { |
| 776 | checkState(); |
| 777 | checkPermission(permission); |
| 778 | iterator.remove(); |
| 779 | } |
| 780 | } |
| 781 | } |
| 782 | } |