From 28f7d9d05ad70afad626d4bc54c633d31eb7430a Mon Sep 17 00:00:00 2001 From: Bryce McKinlay Date: Wed, 25 Apr 2001 16:45:15 +0100 Subject: decl.c (init_decl_processing): Add new class "protectionDomain" field. gcc/java: 2001-04-25 Bryce McKinlay * decl.c (init_decl_processing): Add new class "protectionDomain" field. * class.c (make_class_data): Set initial value for "protectionDomain". libjava: 2001-04-25 Bryce McKinlay java.security merge and ClassLoader compliance fixes. * java/lang/Class.h (Class): Include ProtectionDomain.h. New protectionDomain field. (forName): Add initialize parameter. Fixes declaration to comply with JDK spec. * java/lang/natClass.cc (forName): Correct declaration of the three-arg variant. Honour "initialize" flag. (getProtectionDomain0): New method. * java/lang/Class.java: Fix forName() declaration. (getPackage): New method based on Classpath implementation. (getProtectionDomain0): New native method decl. (getProtectionDomain): New method. * java/lang/ClassLoader.java (getParent): Now final. (definedPackages): New field. (getPackage): New. (defineClass): New variant with protectionDomain argument. (definePackage): New. (getPackages): New. (findSystemClass): Now final. (getSystemResourceAsStream): Remove redundant "final" modifier. (getSystemResource): Remove redundant "final" modifier. (getResources): Now final. (protectionDomainPermission): New static field. (unknownProtectionDomain): Ditto. (defaultProtectionDomain): Ditto. (getSystemClassLoader): Now non-native. * java/util/ResourceBundle.java (tryGetSomeBundle): Use the correct arguments for Class.forName(). * java/lang/Package.java: New file. * gnu/gcj/runtime/VMClassLoader.java (getVMClassLoader): Removed. (instance): Static initialize singleton. (findClass): Override this, not findSystemClass. * java/lang/natClassLoader.cc (defineClass0): Set class's protectionDomain field as specified. (getSystemClassLoader): Removed. (findClass): Renamed from findSystemClass. Call the interpreter via URLClassLoader.findClass if loading class via dlopen fails. * java/security/*.java: java.security import/merge with Classpath. * java/security/acl/*.java: Likewise. * java/security/interfaces/*.java: Likewise. * java/security/spec/*.java: Likewise. * java/net/NetPermission.java: Likewise. * java/net/SocketPermission.java: Likewise. * gnu/java/security/provider/DefaultPolicy.java: Likewise. * Makefile.am: Add new classes. * Makefile.in: Rebuilt. * gcj/javaprims.h: CNI namespace rebuild. From-SVN: r41543 --- libjava/java/security/CodeSource.java | 316 ++++++++++++++++++++++++++++++++++ 1 file changed, 316 insertions(+) create mode 100644 libjava/java/security/CodeSource.java (limited to 'libjava/java/security/CodeSource.java') diff --git a/libjava/java/security/CodeSource.java b/libjava/java/security/CodeSource.java new file mode 100644 index 0000000..3ee6795 --- /dev/null +++ b/libjava/java/security/CodeSource.java @@ -0,0 +1,316 @@ +/* CodeSource.java -- Code location and certifcates + Copyright (C) 1998 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA +02111-1307 USA. + +As a special exception, if you link this library with other files to +produce an executable, this library does not by itself cause the +resulting executable to be covered by the GNU General Public License. +This exception does not however invalidate any other reasons why the +executable file might be covered by the GNU General Public License. */ + +package java.security; + +import java.io.Serializable; +import java.net.URL; +import java.net.SocketPermission; + +/** + * This class represents a location from which code is loaded (as + * represented by a URL) and the list of certificates that are used to + * check the signatures of signed code loaded from this source. + * + * @version 0.0 + * + * @author Aaron M. Renn (arenn@urbanophile.com) + */ +public class CodeSource implements Serializable +{ + private static final String linesep = System.getProperty("line.separator"); + + /** + * This is the URL that represents the code base from which code will + * be loaded. + */ + private URL location; + + /** + * This is the list of certificates for this code base + */ + // What is the serialized form of this? + private java.security.cert.Certificate[] certs; + + /** + * This method initializes a new instance of CodeSource that + * loads code from the specified URL location and which uses the + * specified certificates for verifying signatures. + * + * @param location The location from which code will be loaded + * @param certs The list of certificates used for verifying signatures on code from this source + */ + public CodeSource(URL location, java.security.cert.Certificate[] certs) + { + this.location = location; + this.certs = certs; + } + + /** + * This method returns the URL specifying the location from which code + * will be loaded under this CodeSource. + * + * @return The code location for this CodeSource. + */ + public final URL getLocation() + { + return location; + } + + /** + * This method returns the list of digital certificates that can be used + * to verify the signatures of code loaded under this CodeSource. + * + * @return The certifcate list for this CodeSource. + */ + public final java.security.cert.Certificate[] getCertificates() + { + return certs; + } + + /** + * This method tests to see if a specified CodeSource is + * implied by this object. Effectively, to meet this test, the specified + * object must have all the certifcates this object has (but may have + * more) and must have a location that is a subset of this object's. In order + * for this object to imply the specified object, the following must be + * true: + *

+ *

    + *
  1. The specified CodeSource must not be null. + *
  2. If the specified CodeSource has a certificate list, + * all of that object's certificates must be present in the certificate + * list of this object. + *
  3. If this object does not have a null location, then + * the following addtional tests must be passed. + *
      + *
    1. The specified CodeSource must not have a null location. + *
    2. The specified CodeSource's location must be equal to + * this object's location, or
      + *
        + *
      • The specifiec CodeSource's location protocol, port, + * and ref (aka, anchor) must equal this objects, and + *
      • The specified CodeSource's location host must imply this + * object's location host, as determined by contructing + * SocketPermission objects from each with no action list and + * using that classes's implies method. And, + *
      • If this object's location file ends with a '/', then the specified + * object's location file must start with this object's location file. + * Otherwise, the specified object's location file must start with this + * object's location file with the '/' character appended to it. + *
      + *
    + *
+ * + * @param cs The CodeSource to test against this object + * + * @return true if this specified CodeSource is specified by this object, false otherwise. + */ + public boolean implies(CodeSource cs) + { + if (cs == null) + return false; + + // First check the certificate list + java.security.cert.Certificate[] their_certs = cs.getCertificates(); + java.security.cert.Certificate[] our_certs = getCertificates(); + + if (our_certs != null) + { + if (their_certs == null) + return false; + + for (int i = 0; i < our_certs.length; i++) + { + int j; + for (j = 0; j < their_certs.length; j++) + if (our_certs[i].equals(their_certs[j])) + break; + + if (j == their_certs.length) + return false; + } + } + + // Next check the location + URL their_loc = getLocation(); + URL our_loc = getLocation(); + + if (our_loc == null) + return true; + else if (their_loc == null) + return false; + + if (!our_loc.getProtocol().equals(their_loc.getProtocol())) + return false; + + if (our_loc.getPort() != -1) + if (our_loc.getPort() != their_loc.getPort()) + return false; + + if (our_loc.getRef() != null) + if (!our_loc.getRef().equals(their_loc.getRef())) + return false; + + // See javadoc comments for what we are doing here. + if (our_loc.getHost() != null) + { + String their_host = their_loc.getHost(); + if (their_host == null) + return false; + + SocketPermission our_sockperm = + new SocketPermission(our_loc.getHost(), "accept"); + SocketPermission their_sockperm = + new SocketPermission(their_host, "accept"); + + if (!our_sockperm.implies(their_sockperm)) + return false; + } + + String our_file = our_loc.getFile(); + if (our_file != null) + { + if (!our_file.endsWith("/")) + our_file = our_file + "/"; + + String their_file = their_loc.getFile(); + if (their_file == null) + return false; + + if (!their_file.startsWith(our_file)) + return false; + } + + return true; + } + + /** + * This method tests the specified Object for equality with + * this object. This will be true if and only if: + *

+ *

    + *
  • The specified object is not null. + *
  • The specified object is an instance of CodeSource. + *
  • The specified object's location is the same as this object's. + *
  • The specified object's certificate list contains the exact same + * entries as the object's. Note that the order of the certificate lists + * is not significant. + *
+ * + * @param obj The Object to test against. + * + * @return true if the specified object is equal to this one, false otherwise. + */ + public boolean equals(Object obj) + { + if (obj == null) + return false; + + if (!(obj instanceof CodeSource)) + return false; + + CodeSource cs = (CodeSource) obj; + + // First check the certificate list + java.security.cert.Certificate[] their_certs = cs.getCertificates(); + java.security.cert.Certificate[] our_certs = getCertificates(); + + if ((our_certs == null) && (their_certs != null)) + return false; + else if ((our_certs != null) && (their_certs == null)) + return false; + + if (our_certs != null) + { + if (our_certs.length != their_certs.length) + return false; + + for (int i = 0; i < our_certs.length; i++) + { + int j; + for (j = 0; j < their_certs.length; j++) + if (our_certs[i].equals(their_certs[j])) + break; + + if (j == their_certs.length) + return false; + } + } + + // Now the location + URL their_loc = cs.getLocation(); + URL our_loc = getLocation(); + + if ((our_loc == null) && (their_loc != null)) + return false; + + if (!our_loc.equals(their_loc)) + return false; + + return true; + } + + /** + * This method returns a hash value for this object. + * + * @return A hash value for this object. + */ + public int hashCode() + { + URL location = getLocation(); + if (location == null) + return System.identityHashCode(this); + + return location.hashCode(); + } + + /** + * This method returns a String that represents this object. + * This String will contain the object's hash code, location, + * and certificate list. + * + * @return A String for this object + */ + public String toString() + { + StringBuffer sb = new StringBuffer(""); + + sb.append(super.toString() + " (" + linesep); + sb.append("Location: " + getLocation() + linesep); + + java.security.cert.Certificate[] certs = getCertificates(); + if (certs == null) + sb.append("" + linesep); + else + for (int i = 0; i < certs.length; i++) + sb.append(certs[i] + linesep); + + sb.append(")" + linesep); + + return sb.toString(); + } +} -- cgit v1.1