1 /*
   2  * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.provider;
  27 
  28 import java.io.*;
  29 import java.lang.reflect.*;
  30 import java.net.MalformedURLException;
  31 import java.net.URL;
  32 import java.net.URI;
  33 import java.nio.file.Paths;
  34 import java.util.*;
  35 import java.security.*;
  36 import java.security.cert.Certificate;
  37 import java.security.cert.X509Certificate;
  38 import javax.security.auth.Subject;
  39 import javax.security.auth.x500.X500Principal;
  40 import java.io.FilePermission;
  41 import java.net.SocketPermission;
  42 import java.net.NetPermission;
  43 import java.util.concurrent.atomic.AtomicReference;
  44 import jdk.internal.misc.JavaSecurityProtectionDomainAccess;
  45 import static jdk.internal.misc.JavaSecurityProtectionDomainAccess.ProtectionDomainCache;
  46 import jdk.internal.misc.SharedSecrets;
  47 import sun.security.util.*;
  48 import sun.net.www.ParseUtil;
  49 
  50 /**
  51  * This class represents a default Policy implementation for the
  52  * "JavaPolicy" type.
  53  *
  54  * Note:
  55  * For backward compatibility with JAAS 1.0 it loads
  56  * both java.auth.policy and java.policy. However, it
  57  * is recommended that java.auth.policy not be used
  58  * and that java.policy contain all grant entries including
  59  * those that contain principal-based entries.
  60  *
  61  * <p> This object stores the policy for the entire Java runtime,
  62  * and is the amalgamation of multiple static policy
  63  * configurations that resides in files.
  64  * The algorithm for locating the policy file(s) and reading their
  65  * information into this <code>Policy</code> object is:
  66  *
  67  * <ol>
  68  * <li>
  69  *   Read in and load the default policy file named
  70  *   &lt;JAVA_HOME&gt;/lib/security/default.policy. &lt;JAVA_HOME&gt; refers
  71  *   to the value of the java.home system property, and specifies the directory
  72  *   where the JRE is installed. This policy file grants permissions to the
  73  *   modules loaded by the platform class loader. If the default policy file
  74  *   cannot be loaded, a fatal InternalError is thrown as these permissions
  75  *   are needed in order for the runtime to operate correctly.
  76  * <li>
  77  *   Loop through the <code>java.security.Security</code> properties,
  78  *   <i>policy.url.1</i>, <i>policy.url.2</i>, ...,
  79  *   <i>policy.url.X</i>" and
  80  *   <i>auth.policy.url.1</i>, <i>auth.policy.url.2</i>, ...,
  81  *   <i>auth.policy.url.X</i>".  These properties are set
  82  *   in the Java security properties file, which is located in the file named
  83  *   &lt;JAVA_HOME&gt;/conf/security/java.security.
  84  *   Each property value specifies a <code>URL</code> pointing to a
  85  *   policy file to be loaded.  Read in and load each policy.
  86  *
  87  *   <i>auth.policy.url</i> is supported only for backward compatibility.
  88  *
  89  *   If none of these could be loaded, use a builtin static policy
  90  *   equivalent to the conf/security/java.policy file.
  91  *
  92  * <li>
  93  *   The <code>java.lang.System</code> property <i>java.security.policy</i>
  94  *   may also be set to a <code>URL</code> pointing to another policy file
  95  *   (which is the case when a user uses the -D switch at runtime).
  96  *   If this property is defined, and its use is allowed by the
  97  *   security property file (the Security property,
  98  *   <i>policy.allowSystemProperty</i> is set to <i>true</i>),
  99  *   also load that policy.
 100  *
 101  * <li>
 102  *   The <code>java.lang.System</code> property
 103  *   <i>java.security.auth.policy</i> may also be set to a
 104  *   <code>URL</code> pointing to another policy file
 105  *   (which is the case when a user uses the -D switch at runtime).
 106  *   If this property is defined, and its use is allowed by the
 107  *   security property file (the Security property,
 108  *   <i>policy.allowSystemProperty</i> is set to <i>true</i>),
 109  *   also load that policy.
 110  *
 111  *   <i>java.security.auth.policy</i> is supported only for backward
 112  *   compatibility.
 113  *
 114  *   If the <i>java.security.policy</i> or
 115  *   <i>java.security.auth.policy</i> property is defined using
 116  *   "==" (rather than "="), then load the specified policy file and ignore
 117  *   all other configured policies. Note, that the default.policy file is
 118  *   also loaded, as specified in the first step of the algorithm above.
 119  *   If the specified policy file cannot be loaded, use a builtin static policy
 120  *   equivalent to the default conf/security/java.policy file.
 121  * </ol>
 122  *
 123  * Each policy file consists of one or more grant entries, each of
 124  * which consists of a number of permission entries.
 125  *
 126  * <pre>
 127  *   grant signedBy "<b>alias</b>", codeBase "<b>URL</b>",
 128  *         principal <b>principalClass</b> "<b>principalName</b>",
 129  *         principal <b>principalClass</b> "<b>principalName</b>",
 130  *         ... {
 131  *
 132  *     permission <b>Type</b> "<b>name</b> "<b>action</b>",
 133  *         signedBy "<b>alias</b>";
 134  *     permission <b>Type</b> "<b>name</b> "<b>action</b>",
 135  *         signedBy "<b>alias</b>";
 136  *     ....
 137  *   };
 138  * </pre>
 139  *
 140  * All non-bold items above must appear as is (although case
 141  * doesn't matter and some are optional, as noted below).
 142  * principal entries are optional and need not be present.
 143  * Italicized items represent variable values.
 144  *
 145  * <p> A grant entry must begin with the word <code>grant</code>.
 146  * The <code>signedBy</code>,<code>codeBase</code> and <code>principal</code>
 147  * name/value pairs are optional.
 148  * If they are not present, then any signer (including unsigned code)
 149  * will match, and any codeBase will match.
 150  * Note that the <i>principalClass</i>
 151  * may be set to the wildcard value, *, which allows it to match
 152  * any <code>Principal</code> class.  In addition, the <i>principalName</i>
 153  * may also be set to the wildcard value, *, allowing it to match
 154  * any <code>Principal</code> name.  When setting the <i>principalName</i>
 155  * to the *, do not surround the * with quotes.
 156  *
 157  * <p> A permission entry must begin with the word <code>permission</code>.
 158  * The word <code><i>Type</i></code> in the template above is
 159  * a specific permission type, such as <code>java.io.FilePermission</code>
 160  * or <code>java.lang.RuntimePermission</code>.
 161  *
 162  * <p> The "<i>action</i>" is required for
 163  * many permission types, such as <code>java.io.FilePermission</code>
 164  * (where it specifies what type of file access that is permitted).
 165  * It is not required for categories such as
 166  * <code>java.lang.RuntimePermission</code>
 167  * where it is not necessary - you either have the
 168  * permission specified by the <code>"<i>name</i>"</code>
 169  * value following the type name or you don't.
 170  *
 171  * <p> The <code>signedBy</code> name/value pair for a permission entry
 172  * is optional. If present, it indicates a signed permission. That is,
 173  * the permission class itself must be signed by the given alias in
 174  * order for it to be granted. For example,
 175  * suppose you have the following grant entry:
 176  *
 177  * <pre>
 178  *   grant principal foo.com.Principal "Duke" {
 179  *     permission Foo "foobar", signedBy "FooSoft";
 180  *   }
 181  * </pre>
 182  *
 183  * <p> Then this permission of type <i>Foo</i> is granted if the
 184  * <code>Foo.class</code> permission has been signed by the
 185  * "FooSoft" alias, or if XXX <code>Foo.class</code> is a
 186  * system class (i.e., is found on the CLASSPATH).
 187  *
 188  * <p> Items that appear in an entry must appear in the specified order
 189  * (<code>permission</code>, <i>Type</i>, "<i>name</i>", and
 190  * "<i>action</i>"). An entry is terminated with a semicolon.
 191  *
 192  * <p> Case is unimportant for the identifiers (<code>permission</code>,
 193  * <code>signedBy</code>, <code>codeBase</code>, etc.) but is
 194  * significant for the <i>Type</i>
 195  * or for any string that is passed in as a value.
 196  *
 197  * <p> An example of two entries in a policy configuration file is
 198  * <pre>
 199  *   // if the code is comes from "foo.com" and is running as "Duke",
 200  *   // grant it read/write to all files in /tmp.
 201  *
 202  *   grant codeBase "foo.com", principal foo.com.Principal "Duke" {
 203  *              permission java.io.FilePermission "/tmp/*", "read,write";
 204  *   };
 205  *
 206  *   // grant any code running as "Duke" permission to read
 207  *   // the "java.vendor" Property.
 208  *
 209  *   grant principal foo.com.Principal "Duke" {
 210  *         permission java.util.PropertyPermission "java.vendor";
 211  *
 212  *
 213  * </pre>
 214  *  This Policy implementation supports special handling of any
 215  *  permission that contains the string, "<b>${{self}}</b>", as part of
 216  *  its target name.  When such a permission is evaluated
 217  *  (such as during a security check), <b>${{self}}</b> is replaced
 218  *  with one or more Principal class/name pairs.  The exact
 219  *  replacement performed depends upon the contents of the
 220  *  grant clause to which the permission belongs.
 221  * <p>
 222  *
 223  *  If the grant clause does not contain any principal information,
 224  *  the permission will be ignored (permissions containing
 225  *  <b>${{self}}</b> in their target names are only valid in the context
 226  *  of a principal-based grant clause).  For example, BarPermission
 227  *  will always be ignored in the following grant clause:
 228  *
 229  * <pre>
 230  *    grant codebase "www.foo.com", signedby "duke" {
 231  *      permission BarPermission "... ${{self}} ...";
 232  *    };
 233  * </pre>
 234  *
 235  *  If the grant clause contains principal information, <b>${{self}}</b>
 236  *  will be replaced with that same principal information.
 237  *  For example, <b>${{self}}</b> in BarPermission will be replaced by
 238  *  <b>javax.security.auth.x500.X500Principal "cn=Duke"</b>
 239  *  in the following grant clause:
 240  *
 241  *  <pre>
 242  *    grant principal javax.security.auth.x500.X500Principal "cn=Duke" {
 243  *      permission BarPermission "... ${{self}} ...";
 244  *    };
 245  *  </pre>
 246  *
 247  *  If there is a comma-separated list of principals in the grant
 248  *  clause, then <b>${{self}}</b> will be replaced by the same
 249  *  comma-separated list or principals.
 250  *  In the case where both the principal class and name are
 251  *  wildcarded in the grant clause, <b>${{self}}</b> is replaced
 252  *  with all the principals associated with the <code>Subject</code>
 253  *  in the current <code>AccessControlContext</code>.
 254  *
 255  * <p> For PrivateCredentialPermissions, you can also use "<b>self</b>"
 256  * instead of "<b>${{self}}</b>". However the use of "<b>self</b>" is
 257  * deprecated in favour of "<b>${{self}}</b>".
 258  *
 259  * @see java.security.CodeSource
 260  * @see java.security.Permissions
 261  * @see java.security.ProtectionDomain
 262  */
 263 public class PolicyFile extends java.security.Policy {
 264 
 265     private static final Debug debug = Debug.getInstance("policy");
 266 
 267     private static final String SELF = "${{self}}";
 268     private static final String X500PRINCIPAL =
 269                         "javax.security.auth.x500.X500Principal";
 270     private static final String POLICY = "java.security.policy";
 271     private static final String POLICY_URL = "policy.url.";
 272     private static final String AUTH_POLICY = "java.security.auth.policy";
 273     private static final String AUTH_POLICY_URL = "auth.policy.url.";
 274 
 275     private static final int DEFAULT_CACHE_SIZE = 1;
 276 
 277     // contains the policy grant entries, PD cache, and alias mapping
 278     private AtomicReference<PolicyInfo> policyInfo = new AtomicReference<>();
 279 
 280     private boolean expandProperties = true;
 281     private boolean allowSystemProperties = true;
 282     private boolean notUtf8 = false;
 283     private URL url;
 284 
 285     // for use with the reflection API
 286     private static final Class<?>[] PARAMS0 = { };
 287     private static final Class<?>[] PARAMS1 = { String.class };
 288     private static final Class<?>[] PARAMS2 = { String.class, String.class };
 289 
 290     /**
 291      * When a policy file has a syntax error, the exception code may generate
 292      * another permission check and this can cause the policy file to be parsed
 293      * repeatedly, leading to a StackOverflowError or ClassCircularityError.
 294      * To avoid this, this set is populated with policy files that have been
 295      * previously parsed and have syntax errors, so that they can be
 296      * subsequently ignored.
 297      */
 298     private static AtomicReference<Set<URL>> badPolicyURLs =
 299         new AtomicReference<>(new HashSet<>());
 300 
 301     // The default.policy file
 302     private static final URL DEFAULT_POLICY_URL =
 303         AccessController.doPrivileged(new PrivilegedAction<>() {
 304             @Override
 305             public URL run() {
 306                 String sep = File.separator;
 307                 try {
 308                     return Paths.get(System.getProperty("java.home"),
 309                                      "lib", "security",
 310                                      "default.policy").toUri().toURL();
 311                 } catch (MalformedURLException mue) {
 312                     // should not happen
 313                     throw new Error("Malformed default.policy URL: " + mue);
 314                 }
 315             }
 316         });
 317 
 318     /**
 319      * Initializes the Policy object and reads the default policy
 320      * configuration file(s) into the Policy object.
 321      */
 322     public PolicyFile() {
 323         init((URL)null);
 324     }
 325 
 326     /**
 327      * Initializes the Policy object and reads the default policy
 328      * from the specified URL only.
 329      */
 330     public PolicyFile(URL url) {
 331         this.url = url;
 332         init(url);
 333     }
 334 
 335     /**
 336      * Initializes the Policy object and reads the default policy
 337      * configuration file(s) into the Policy object.
 338      *
 339      * See the class description for details on the algorithm used to
 340      * initialize the Policy object.
 341      */
 342     private void init(URL url) {
 343         // Properties are set once for each init(); ignore changes between
 344         // between diff invocations of initPolicyFile(policy, url, info).
 345         String numCacheStr =
 346           AccessController.doPrivileged(new PrivilegedAction<>() {
 347             @Override
 348             public String run() {
 349                 expandProperties = "true".equalsIgnoreCase
 350                     (Security.getProperty("policy.expandProperties"));
 351                 allowSystemProperties = "true".equalsIgnoreCase
 352                     (Security.getProperty("policy.allowSystemProperty"));
 353                 notUtf8 = "false".equalsIgnoreCase
 354                     (System.getProperty("sun.security.policy.utf8"));
 355                 return System.getProperty("sun.security.policy.numcaches");
 356             }});
 357 
 358         int numCaches;
 359         if (numCacheStr != null) {
 360             try {
 361                 numCaches = Integer.parseInt(numCacheStr);
 362             } catch (NumberFormatException e) {
 363                 numCaches = DEFAULT_CACHE_SIZE;
 364             }
 365         } else {
 366             numCaches = DEFAULT_CACHE_SIZE;
 367         }
 368         // System.out.println("number caches=" + numCaches);
 369         PolicyInfo newInfo = new PolicyInfo(numCaches);
 370         initPolicyFile(newInfo, url);
 371         policyInfo.set(newInfo);
 372     }
 373 
 374     private void initPolicyFile(final PolicyInfo newInfo, final URL url) {
 375 
 376         // always load default.policy
 377         if (debug != null) {
 378             debug.println("reading " + DEFAULT_POLICY_URL);
 379         }
 380         AccessController.doPrivileged(new PrivilegedAction<>() {
 381             @Override
 382             public Void run() {
 383                 init(DEFAULT_POLICY_URL, newInfo, true);
 384                 return null;
 385             }
 386         });
 387 
 388         if (url != null) {
 389 
 390             /**
 391              * If the caller specified a URL via Policy.getInstance,
 392              * we only read from default.policy and that URL.
 393              */
 394 
 395             if (debug != null) {
 396                 debug.println("reading " + url);
 397             }
 398             AccessController.doPrivileged(new PrivilegedAction<>() {
 399                 @Override
 400                 public Void run() {
 401                     if (init(url, newInfo, false) == false) {
 402                         // use static policy if all else fails
 403                         initStaticPolicy(newInfo);
 404                     }
 405                     return null;
 406                 }
 407             });
 408 
 409         } else {
 410 
 411             /**
 412              * Caller did not specify URL via Policy.getInstance.
 413              * Read from URLs listed in the java.security properties file.
 414              *
 415              * We call initPolicyFile with POLICY, POLICY_URL and then
 416              * call it with AUTH_POLICY and AUTH_POLICY_URL.
 417              * So first we will process the JAVA standard policy
 418              * and then process the JAVA AUTH Policy.
 419              * This is for backward compatibility as well as to handle
 420              * cases where the user has a single unified policyfile
 421              * with both java policy entries and auth entries
 422              */
 423 
 424             boolean loaded_one = initPolicyFile(POLICY, POLICY_URL, newInfo);
 425             // To maintain strict backward compatibility
 426             // we load the static policy only if POLICY load failed
 427             if (!loaded_one) {
 428                 // use static policy if all else fails
 429                 initStaticPolicy(newInfo);
 430             }
 431 
 432             initPolicyFile(AUTH_POLICY, AUTH_POLICY_URL, newInfo);
 433         }
 434     }
 435 
 436     private boolean initPolicyFile(final String propname, final String urlname,
 437                                    final PolicyInfo newInfo) {
 438         boolean loadedPolicy =
 439             AccessController.doPrivileged(new PrivilegedAction<>() {
 440             @Override
 441             public Boolean run() {
 442                 boolean loaded_policy = false;
 443 
 444                 if (allowSystemProperties) {
 445                     String extra_policy = System.getProperty(propname);
 446                     if (extra_policy != null) {
 447                         boolean overrideAll = false;
 448                         if (extra_policy.startsWith("=")) {
 449                             overrideAll = true;
 450                             extra_policy = extra_policy.substring(1);
 451                         }
 452                         try {
 453                             extra_policy =
 454                                 PropertyExpander.expand(extra_policy);
 455                             URL policyURL;
 456 
 457                             File policyFile = new File(extra_policy);
 458                             if (policyFile.exists()) {
 459                                 policyURL = ParseUtil.fileToEncodedURL
 460                                     (new File(policyFile.getCanonicalPath()));
 461                             } else {
 462                                 policyURL = new URL(extra_policy);
 463                             }
 464                             if (debug != null) {
 465                                 debug.println("reading "+policyURL);
 466                             }
 467                             if (init(policyURL, newInfo, false)) {
 468                                 loaded_policy = true;
 469                             }
 470                         } catch (Exception e) {
 471                             // ignore.
 472                             if (debug != null) {
 473                                 debug.println("caught exception: "+e);
 474                             }
 475                         }
 476                         if (overrideAll) {
 477                             if (debug != null) {
 478                                 debug.println("overriding other policies!");
 479                             }
 480                             return Boolean.valueOf(loaded_policy);
 481                         }
 482                     }
 483                 }
 484 
 485                 int n = 1;
 486                 String policy_uri;
 487 
 488                 while ((policy_uri = Security.getProperty(urlname+n)) != null) {
 489                     try {
 490                         URL policy_url = null;
 491                         String expanded_uri = PropertyExpander.expand
 492                                 (policy_uri).replace(File.separatorChar, '/');
 493 
 494                         if (policy_uri.startsWith("file:${java.home}/") ||
 495                             policy_uri.startsWith("file:${user.home}/")) {
 496 
 497                             // this special case accommodates
 498                             // the situation java.home/user.home
 499                             // expand to a single slash, resulting in
 500                             // a file://foo URI
 501                             policy_url = new File
 502                                 (expanded_uri.substring(5)).toURI().toURL();
 503                         } else {
 504                             policy_url = new URI(expanded_uri).toURL();
 505                         }
 506 
 507                         if (debug != null) {
 508                             debug.println("reading " + policy_url);
 509                         }
 510                         if (init(policy_url, newInfo, false)) {
 511                             loaded_policy = true;
 512                         }
 513                     } catch (Exception e) {
 514                         if (debug != null) {
 515                             debug.println(
 516                                 "Debug info only. Error reading policy " +e);
 517                             e.printStackTrace();
 518                         }
 519                         // ignore that policy
 520                     }
 521                     n++;
 522                 }
 523                 return Boolean.valueOf(loaded_policy);
 524             }
 525         });
 526 
 527         return loadedPolicy;
 528     }
 529 
 530     /**
 531      * Reads a policy configuration into the Policy object using a
 532      * Reader object.
 533      */
 534     private boolean init(URL policy, PolicyInfo newInfo, boolean defPolicy) {
 535 
 536         // skip parsing policy file if it has been previously parsed and
 537         // has syntax errors
 538         if (badPolicyURLs.get().contains(policy)) {
 539             if (debug != null) {
 540                 debug.println("skipping bad policy file: " + policy);
 541             }
 542             return false;
 543         }
 544 
 545         try (InputStreamReader isr =
 546                  getInputStreamReader(PolicyUtil.getInputStream(policy))) {
 547 
 548             PolicyParser pp = new PolicyParser(expandProperties);
 549             pp.read(isr);
 550 
 551             KeyStore keyStore = null;
 552             try {
 553                 keyStore = PolicyUtil.getKeyStore
 554                                 (policy,
 555                                 pp.getKeyStoreUrl(),
 556                                 pp.getKeyStoreType(),
 557                                 pp.getKeyStoreProvider(),
 558                                 pp.getStorePassURL(),
 559                                 debug);
 560             } catch (Exception e) {
 561                 // ignore, treat it like we have no keystore
 562                 if (debug != null) {
 563                     debug.println("Debug info only. Ignoring exception.");
 564                     e.printStackTrace();
 565                 }
 566             }
 567 
 568             Enumeration<PolicyParser.GrantEntry> enum_ = pp.grantElements();
 569             while (enum_.hasMoreElements()) {
 570                 PolicyParser.GrantEntry ge = enum_.nextElement();
 571                 addGrantEntry(ge, keyStore, newInfo);
 572             }
 573             return true;
 574         } catch (PolicyParser.ParsingException pe) {
 575             if (defPolicy) {
 576                 throw new InternalError("Failed to load default.policy", pe);
 577             }
 578             // record bad policy file to avoid later reparsing it
 579             badPolicyURLs.updateAndGet(k -> {
 580                 k.add(policy);
 581                 return k;
 582             });
 583             Object[] source = {policy, pe.getNonlocalizedMessage()};
 584             System.err.println(LocalizedMessage.getNonlocalized
 585                 (POLICY + ".error.parsing.policy.message", source));
 586             if (debug != null) {
 587                 pe.printStackTrace();
 588             }
 589         } catch (Exception e) {
 590             if (defPolicy) {
 591                 throw new InternalError("Failed to load default.policy", e);
 592             }
 593             if (debug != null) {
 594                 debug.println("error parsing "+policy);
 595                 debug.println(e.toString());
 596                 e.printStackTrace();
 597             }
 598         }
 599 
 600         return false;
 601     }
 602 
 603     private InputStreamReader getInputStreamReader(InputStream is)
 604                               throws IOException {
 605         /*
 606          * Read in policy using UTF-8 by default.
 607          *
 608          * Check non-standard system property to see if the default encoding
 609          * should be used instead.
 610          */
 611         return (notUtf8)
 612             ? new InputStreamReader(is)
 613             : new InputStreamReader(is, "UTF-8");
 614     }
 615 
 616     private void initStaticPolicy(final PolicyInfo newInfo) {
 617         if (debug != null) {
 618             debug.println("Initializing with static permissions");
 619         }
 620         AccessController.doPrivileged(new PrivilegedAction<>() {
 621             @Override
 622             public Void run() {
 623                 PolicyEntry pe = new PolicyEntry(new CodeSource(null,
 624                     (Certificate[]) null));
 625                 pe.add(SecurityConstants.LOCAL_LISTEN_PERMISSION);
 626                 pe.add(new PropertyPermission("java.version",
 627                     SecurityConstants.PROPERTY_READ_ACTION));
 628                 pe.add(new PropertyPermission("java.vendor",
 629                     SecurityConstants.PROPERTY_READ_ACTION));
 630                 pe.add(new PropertyPermission("java.vendor.url",
 631                     SecurityConstants.PROPERTY_READ_ACTION));
 632                 pe.add(new PropertyPermission("java.class.version",
 633                     SecurityConstants.PROPERTY_READ_ACTION));
 634                 pe.add(new PropertyPermission("os.name",
 635                     SecurityConstants.PROPERTY_READ_ACTION));
 636                 pe.add(new PropertyPermission("os.version",
 637                     SecurityConstants.PROPERTY_READ_ACTION));
 638                 pe.add(new PropertyPermission("os.arch",
 639                     SecurityConstants.PROPERTY_READ_ACTION));
 640                 pe.add(new PropertyPermission("file.separator",
 641                     SecurityConstants.PROPERTY_READ_ACTION));
 642                 pe.add(new PropertyPermission("path.separator",
 643                     SecurityConstants.PROPERTY_READ_ACTION));
 644                 pe.add(new PropertyPermission("line.separator",
 645                     SecurityConstants.PROPERTY_READ_ACTION));
 646                 pe.add(new PropertyPermission
 647                                 ("java.specification.version",
 648                                     SecurityConstants.PROPERTY_READ_ACTION));
 649                 pe.add(new PropertyPermission
 650                                 ("java.specification.vendor",
 651                                     SecurityConstants.PROPERTY_READ_ACTION));
 652                 pe.add(new PropertyPermission
 653                                 ("java.specification.name",
 654                                     SecurityConstants.PROPERTY_READ_ACTION));
 655                 pe.add(new PropertyPermission
 656                                 ("java.vm.specification.version",
 657                                     SecurityConstants.PROPERTY_READ_ACTION));
 658                 pe.add(new PropertyPermission
 659                                 ("java.vm.specification.vendor",
 660                                     SecurityConstants.PROPERTY_READ_ACTION));
 661                 pe.add(new PropertyPermission
 662                                 ("java.vm.specification.name",
 663                                     SecurityConstants.PROPERTY_READ_ACTION));
 664                 pe.add(new PropertyPermission("java.vm.version",
 665                     SecurityConstants.PROPERTY_READ_ACTION));
 666                 pe.add(new PropertyPermission("java.vm.vendor",
 667                     SecurityConstants.PROPERTY_READ_ACTION));
 668                 pe.add(new PropertyPermission("java.vm.name",
 669                     SecurityConstants.PROPERTY_READ_ACTION));
 670 
 671                 // No need to sync because noone has access to newInfo yet
 672                 newInfo.policyEntries.add(pe);
 673 
 674                 return null;
 675             }
 676         });
 677     }
 678 
 679     /**
 680      * Given a GrantEntry, create a codeSource.
 681      *
 682      * @return null if signedBy alias is not recognized
 683      */
 684     private CodeSource getCodeSource(PolicyParser.GrantEntry ge, KeyStore keyStore,
 685         PolicyInfo newInfo) throws java.net.MalformedURLException
 686     {
 687         Certificate[] certs = null;
 688         if (ge.signedBy != null) {
 689             certs = getCertificates(keyStore, ge.signedBy, newInfo);
 690             if (certs == null) {
 691                 // we don't have a key for this alias,
 692                 // just return
 693                 if (debug != null) {
 694                     debug.println("  -- No certs for alias '" +
 695                                        ge.signedBy + "' - ignoring entry");
 696                 }
 697                 return null;
 698             }
 699         }
 700 
 701         URL location;
 702 
 703         if (ge.codeBase != null)
 704             location = new URL(ge.codeBase);
 705         else
 706             location = null;
 707 
 708         return (canonicalizeCodebase(new CodeSource(location, certs),false));
 709     }
 710 
 711     /**
 712      * Add one policy entry to the list.
 713      */
 714     private void addGrantEntry(PolicyParser.GrantEntry ge,
 715                                KeyStore keyStore, PolicyInfo newInfo) {
 716 
 717         if (debug != null) {
 718             debug.println("Adding policy entry: ");
 719             debug.println("  signedBy " + ge.signedBy);
 720             debug.println("  codeBase " + ge.codeBase);
 721             if (ge.principals != null) {
 722                 for (PolicyParser.PrincipalEntry pppe : ge.principals) {
 723                     debug.println("  " + pppe.toString());
 724                 }
 725             }
 726         }
 727 
 728         try {
 729             CodeSource codesource = getCodeSource(ge, keyStore, newInfo);
 730             // skip if signedBy alias was unknown...
 731             if (codesource == null) return;
 732 
 733             // perform keystore alias principal replacement.
 734             // for example, if alias resolves to X509 certificate,
 735             // replace principal with:  <X500Principal class>  <SubjectDN>
 736             // -- skip if alias is unknown
 737             if (replacePrincipals(ge.principals, keyStore) == false)
 738                 return;
 739             PolicyEntry entry = new PolicyEntry(codesource, ge.principals);
 740             Enumeration<PolicyParser.PermissionEntry> enum_ =
 741                                                 ge.permissionElements();
 742             while (enum_.hasMoreElements()) {
 743                 PolicyParser.PermissionEntry pe = enum_.nextElement();
 744 
 745                 try {
 746                     // perform ${{ ... }} expansions within permission name
 747                     expandPermissionName(pe, keyStore);
 748 
 749                     // XXX special case PrivateCredentialPermission-SELF
 750                     Permission perm;
 751                     if (pe.permission.equals
 752                         ("javax.security.auth.PrivateCredentialPermission") &&
 753                         pe.name.endsWith(" self")) {
 754                         pe.name = pe.name.substring(0, pe.name.indexOf("self"))
 755                                 + SELF;
 756                     }
 757                     // check for self
 758                     if (pe.name != null && pe.name.indexOf(SELF) != -1) {
 759                         // Create a "SelfPermission" , it could be an
 760                         // an unresolved permission which will be resolved
 761                         // when implies is called
 762                         // Add it to entry
 763                         Certificate[] certs;
 764                         if (pe.signedBy != null) {
 765                             certs = getCertificates(keyStore,
 766                                                     pe.signedBy,
 767                                                     newInfo);
 768                         } else {
 769                             certs = null;
 770                         }
 771                         perm = new SelfPermission(pe.permission,
 772                                                   pe.name,
 773                                                   pe.action,
 774                                                   certs);
 775                     } else {
 776                         perm = getInstance(pe.permission,
 777                                            pe.name,
 778                                            pe.action);
 779                     }
 780                     entry.add(perm);
 781                     if (debug != null) {
 782                         debug.println("  "+perm);
 783                     }
 784                 } catch (ClassNotFoundException cnfe) {
 785                     Certificate[] certs;
 786                     if (pe.signedBy != null) {
 787                         certs = getCertificates(keyStore,
 788                                                 pe.signedBy,
 789                                                 newInfo);
 790                     } else {
 791                         certs = null;
 792                     }
 793 
 794                     // only add if we had no signer or we had
 795                     // a signer and found the keys for it.
 796                     if (certs != null || pe.signedBy == null) {
 797                         Permission perm = new UnresolvedPermission(
 798                                                   pe.permission,
 799                                                   pe.name,
 800                                                   pe.action,
 801                                                   certs);
 802                         entry.add(perm);
 803                         if (debug != null) {
 804                             debug.println("  "+perm);
 805                         }
 806                     }
 807                 } catch (java.lang.reflect.InvocationTargetException ite) {
 808                     Object[] source = {pe.permission,
 809                                        ite.getTargetException().toString()};
 810                     System.err.println(
 811                         LocalizedMessage.getNonlocalized(
 812                             POLICY + ".error.adding.Permission.perm.message",
 813                             source));
 814                 } catch (Exception e) {
 815                     Object[] source = {pe.permission,
 816                                        e.toString()};
 817                     System.err.println(
 818                         LocalizedMessage.getNonlocalized(
 819                             POLICY + ".error.adding.Permission.perm.message",
 820                             source));
 821                 }
 822             }
 823 
 824             // No need to sync because noone has access to newInfo yet
 825             newInfo.policyEntries.add(entry);
 826         } catch (Exception e) {
 827             Object[] source = {e.toString()};
 828             System.err.println(
 829                 LocalizedMessage.getNonlocalized(
 830                     POLICY + ".error.adding.Entry.message",
 831                     source));
 832         }
 833         if (debug != null)
 834             debug.println();
 835     }
 836 
 837     /**
 838      * Returns a new Permission object of the given Type. The Permission is
 839      * created by getting the
 840      * Class object using the <code>Class.forName</code> method, and using
 841      * the reflection API to invoke the (String name, String actions)
 842      * constructor on the
 843      * object.
 844      *
 845      * @param type the type of Permission being created.
 846      * @param name the name of the Permission being created.
 847      * @param actions the actions of the Permission being created.
 848      *
 849      * @exception  ClassNotFoundException  if the particular Permission
 850      *             class could not be found.
 851      *
 852      * @exception  IllegalAccessException  if the class or initializer is
 853      *               not accessible.
 854      *
 855      * @exception  InstantiationException  if getInstance tries to
 856      *               instantiate an abstract class or an interface, or if the
 857      *               instantiation fails for some other reason.
 858      *
 859      * @exception  NoSuchMethodException if the (String, String) constructor
 860      *               is not found.
 861      *
 862      * @exception  InvocationTargetException if the underlying Permission
 863      *               constructor throws an exception.
 864      *
 865      */
 866 
 867     private static final Permission getInstance(String type,
 868                                     String name,
 869                                     String actions)
 870         throws ClassNotFoundException,
 871                InstantiationException,
 872                IllegalAccessException,
 873                NoSuchMethodException,
 874                InvocationTargetException
 875     {
 876         Class<?> pc = Class.forName(type, false, null);
 877         Permission answer = getKnownPermission(pc, name, actions);
 878         if (answer != null) {
 879             return answer;
 880         }
 881         if (!Permission.class.isAssignableFrom(pc)) {
 882             // not the right subtype
 883             throw new ClassCastException(type + " is not a Permission");
 884         }
 885 
 886         if (name == null && actions == null) {
 887             try {
 888                 Constructor<?> c = pc.getConstructor(PARAMS0);
 889                 return (Permission) c.newInstance(new Object[] {});
 890             } catch (NoSuchMethodException ne) {
 891                 try {
 892                     Constructor<?> c = pc.getConstructor(PARAMS1);
 893                     return (Permission) c.newInstance(
 894                               new Object[] { name});
 895                 } catch (NoSuchMethodException ne1 ) {
 896                     Constructor<?> c = pc.getConstructor(PARAMS2);
 897                     return (Permission) c.newInstance(
 898                         new Object[] { name, actions });
 899                 }
 900             }
 901         } else {
 902             if (name != null && actions == null) {
 903                 try {
 904                     Constructor<?> c = pc.getConstructor(PARAMS1);
 905                     return (Permission) c.newInstance(new Object[] { name});
 906                 } catch (NoSuchMethodException ne) {
 907                     Constructor<?> c = pc.getConstructor(PARAMS2);
 908                     return (Permission) c.newInstance(
 909                           new Object[] { name, actions });
 910                 }
 911             } else {
 912                 Constructor<?> c = pc.getConstructor(PARAMS2);
 913                 return (Permission) c.newInstance(
 914                       new Object[] { name, actions });
 915              }
 916         }
 917     }
 918 
 919     /**
 920      * Creates one of the well-known permissions in the java.base module
 921      * directly instead of via reflection. Keep list short to not penalize
 922      * permissions from other modules.
 923      */
 924     private static Permission getKnownPermission(Class<?> claz, String name,
 925                                                  String actions) {
 926         if (claz.equals(FilePermission.class)) {
 927             return new FilePermission(name, actions);
 928         } else if (claz.equals(SocketPermission.class)) {
 929             return new SocketPermission(name, actions);
 930         } else if (claz.equals(RuntimePermission.class)) {
 931             return new RuntimePermission(name, actions);
 932         } else if (claz.equals(PropertyPermission.class)) {
 933             return new PropertyPermission(name, actions);
 934         } else if (claz.equals(NetPermission.class)) {
 935             return new NetPermission(name, actions);
 936         } else if (claz.equals(AllPermission.class)) {
 937             return SecurityConstants.ALL_PERMISSION;
 938         } else if (claz.equals(SecurityPermission.class)) {
 939             return new SecurityPermission(name, actions);
 940         } else {
 941             return null;
 942         }
 943     }
 944 
 945     /**
 946      * Creates one of the well-known principals in the java.base module
 947      * directly instead of via reflection. Keep list short to not penalize
 948      * principals from other modules.
 949      */
 950     private static Principal getKnownPrincipal(Class<?> claz, String name) {
 951         if (claz.equals(X500Principal.class)) {
 952             return new X500Principal(name);
 953         } else {
 954             return null;
 955         }
 956     }
 957 
 958     /**
 959      * Fetch all certs associated with this alias.
 960      */
 961     private Certificate[] getCertificates
 962                 (KeyStore keyStore, String aliases, PolicyInfo newInfo) {
 963 
 964         List<Certificate> vcerts = null;
 965 
 966         StringTokenizer st = new StringTokenizer(aliases, ",");
 967         int n = 0;
 968 
 969         while (st.hasMoreTokens()) {
 970             String alias = st.nextToken().trim();
 971             n++;
 972             Certificate cert = null;
 973             // See if this alias's cert has already been cached
 974             synchronized (newInfo.aliasMapping) {
 975                 cert = (Certificate)newInfo.aliasMapping.get(alias);
 976 
 977                 if (cert == null && keyStore != null) {
 978 
 979                     try {
 980                         cert = keyStore.getCertificate(alias);
 981                     } catch (KeyStoreException kse) {
 982                         // never happens, because keystore has already been loaded
 983                         // when we call this
 984                     }
 985                     if (cert != null) {
 986                         newInfo.aliasMapping.put(alias, cert);
 987                         newInfo.aliasMapping.put(cert, alias);
 988                     }
 989                 }
 990             }
 991 
 992             if (cert != null) {
 993                 if (vcerts == null)
 994                     vcerts = new ArrayList<>();
 995                 vcerts.add(cert);
 996             }
 997         }
 998 
 999         // make sure n == vcerts.size, since we are doing a logical *and*
1000         if (vcerts != null && n == vcerts.size()) {
1001             Certificate[] certs = new Certificate[vcerts.size()];
1002             vcerts.toArray(certs);
1003             return certs;
1004         } else {
1005             return null;
1006         }
1007     }
1008 
1009     /**
1010      * Refreshes the policy object by re-reading all the policy files.
1011      */
1012     @Override public void refresh() {
1013         init(url);
1014     }
1015 
1016     /**
1017      * Evaluates the global policy for the permissions granted to
1018      * the ProtectionDomain and tests whether the permission is
1019      * granted.
1020      *
1021      * @param pd the ProtectionDomain to test
1022      * @param p the Permission object to be tested for implication.
1023      *
1024      * @return true if "permission" is a proper subset of a permission
1025      * granted to this ProtectionDomain.
1026      *
1027      * @see java.security.ProtectionDomain
1028      */
1029     @Override
1030     public boolean implies(ProtectionDomain pd, Permission p) {
1031         PolicyInfo pi = policyInfo.get();
1032         ProtectionDomainCache pdMap = pi.getPdMapping();
1033 
1034         PermissionCollection pc = pdMap.get(pd);
1035 
1036         if (pc != null) {
1037             return pc.implies(p);
1038         }
1039 
1040         pc = getPermissions(pd);
1041         if (pc == null) {
1042             return false;
1043         }
1044 
1045         // cache mapping of protection domain to its PermissionCollection
1046         pdMap.put(pd, pc);
1047         return pc.implies(p);
1048     }
1049 
1050     /**
1051      * Examines this <code>Policy</code> and returns the permissions granted
1052      * to the specified <code>ProtectionDomain</code>.  This includes
1053      * the permissions currently associated with the domain as well
1054      * as the policy permissions granted to the domain's
1055      * CodeSource, ClassLoader, and Principals.
1056      *
1057      * <p> Note that this <code>Policy</code> implementation has
1058      * special handling for PrivateCredentialPermissions.
1059      * When this method encounters a <code>PrivateCredentialPermission</code>
1060      * which specifies "self" as the <code>Principal</code> class and name,
1061      * it does not add that <code>Permission</code> to the returned
1062      * <code>PermissionCollection</code>.  Instead, it builds
1063      * a new <code>PrivateCredentialPermission</code>
1064      * for each <code>Principal</code> associated with the provided
1065      * <code>Subject</code>.  Each new <code>PrivateCredentialPermission</code>
1066      * contains the same Credential class as specified in the
1067      * originally granted permission, as well as the Class and name
1068      * for the respective <code>Principal</code>.
1069      *
1070      * @param domain the Permissions granted to this
1071      *          <code>ProtectionDomain</code> are returned.
1072      *
1073      * @return the Permissions granted to the provided
1074      *          <code>ProtectionDomain</code>.
1075      */
1076     @Override
1077     public PermissionCollection getPermissions(ProtectionDomain domain) {
1078         Permissions perms = new Permissions();
1079 
1080         if (domain == null)
1081            return perms;
1082 
1083         // first get policy perms
1084         getPermissions(perms, domain);
1085 
1086         // add static perms
1087         //      - adding static perms after policy perms is necessary
1088         //        to avoid a regression for 4301064
1089         PermissionCollection pc = domain.getPermissions();
1090         if (pc != null) {
1091             synchronized (pc) {
1092                 Enumeration<Permission> e = pc.elements();
1093                 while (e.hasMoreElements()) {
1094                     perms.add(FilePermCompat.newPermPlusAltPath(e.nextElement()));
1095                 }
1096             }
1097         }
1098 
1099         return perms;
1100     }
1101 
1102     /**
1103      * Examines this Policy and creates a PermissionCollection object with
1104      * the set of permissions for the specified CodeSource.
1105      *
1106      * @param codesource the CodeSource associated with the caller.
1107      * This encapsulates the original location of the code (where the code
1108      * came from) and the public key(s) of its signer.
1109      *
1110      * @return the set of permissions according to the policy.
1111      */
1112     @Override
1113     public PermissionCollection getPermissions(CodeSource codesource) {
1114         return getPermissions(new Permissions(), codesource);
1115     }
1116 
1117     /**
1118      * Examines the global policy and returns the provided Permissions
1119      * object with additional permissions granted to the specified
1120      * ProtectionDomain.
1121      *
1122      * @param perms the Permissions to populate
1123      * @param pd the ProtectionDomain associated with the caller.
1124      *
1125      * @return the set of Permissions according to the policy.
1126      */
1127     private PermissionCollection getPermissions(Permissions perms,
1128                                         ProtectionDomain pd ) {
1129         if (debug != null) {
1130             debug.println("getPermissions:\n\t" + printPD(pd));
1131         }
1132 
1133         final CodeSource cs = pd.getCodeSource();
1134         if (cs == null)
1135             return perms;
1136 
1137         CodeSource canonCodeSource = AccessController.doPrivileged(
1138             new java.security.PrivilegedAction<>(){
1139                 @Override
1140                 public CodeSource run() {
1141                     return canonicalizeCodebase(cs, true);
1142                 }
1143             });
1144         return getPermissions(perms, canonCodeSource, pd.getPrincipals());
1145     }
1146 
1147     /**
1148      * Examines the global policy and returns the provided Permissions
1149      * object with additional permissions granted to the specified
1150      * CodeSource.
1151      *
1152      * @param perms the permissions to populate
1153      * @param cs the codesource associated with the caller.
1154      * This encapsulates the original location of the code (where the code
1155      * came from) and the public key(s) of its signer.
1156      *
1157      * @return the set of permissions according to the policy.
1158      */
1159     private PermissionCollection getPermissions(Permissions perms,
1160                                                 final CodeSource cs) {
1161 
1162         if (cs == null)
1163             return perms;
1164 
1165         CodeSource canonCodeSource = AccessController.doPrivileged(
1166             new PrivilegedAction<>(){
1167                 @Override
1168                 public CodeSource run() {
1169                     return canonicalizeCodebase(cs, true);
1170                 }
1171             });
1172 
1173         return getPermissions(perms, canonCodeSource, null);
1174     }
1175 
1176     private Permissions getPermissions(Permissions perms,
1177                                        final CodeSource cs,
1178                                        Principal[] principals) {
1179         PolicyInfo pi = policyInfo.get();
1180 
1181         for (PolicyEntry entry : pi.policyEntries) {
1182             addPermissions(perms, cs, principals, entry);
1183         }
1184 
1185         return perms;
1186     }
1187 
1188     private void addPermissions(Permissions perms,
1189         final CodeSource cs,
1190         Principal[] principals,
1191         final PolicyEntry entry) {
1192 
1193         if (debug != null) {
1194             debug.println("evaluate codesources:\n" +
1195                 "\tPolicy CodeSource: " + entry.getCodeSource() + "\n" +
1196                 "\tActive CodeSource: " + cs);
1197         }
1198 
1199         // check to see if the CodeSource implies
1200         Boolean imp = AccessController.doPrivileged
1201             (new PrivilegedAction<>() {
1202             @Override
1203             public Boolean run() {
1204                 return entry.getCodeSource().implies(cs);
1205             }
1206         });
1207         if (!imp.booleanValue()) {
1208             if (debug != null) {
1209                 debug.println("evaluation (codesource) failed");
1210             }
1211 
1212             // CodeSource does not imply - return and try next policy entry
1213             return;
1214         }
1215 
1216         // check to see if the Principals imply
1217 
1218         List<PolicyParser.PrincipalEntry> entryPs = entry.getPrincipals();
1219         if (debug != null) {
1220             List<PolicyParser.PrincipalEntry> accPs = new ArrayList<>();
1221             if (principals != null) {
1222                 for (int i = 0; i < principals.length; i++) {
1223                     accPs.add(new PolicyParser.PrincipalEntry
1224                                         (principals[i].getClass().getName(),
1225                                         principals[i].getName()));
1226                 }
1227             }
1228             debug.println("evaluate principals:\n" +
1229                 "\tPolicy Principals: " + entryPs + "\n" +
1230                 "\tActive Principals: " + accPs);
1231         }
1232 
1233         if (entryPs == null || entryPs.isEmpty()) {
1234 
1235             // policy entry has no principals -
1236             // add perms regardless of principals in current ACC
1237 
1238             addPerms(perms, principals, entry);
1239             if (debug != null) {
1240                 debug.println("evaluation (codesource/principals) passed");
1241             }
1242             return;
1243 
1244         } else if (principals == null || principals.length == 0) {
1245 
1246             // current thread has no principals but this policy entry
1247             // has principals - perms are not added
1248 
1249             if (debug != null) {
1250                 debug.println("evaluation (principals) failed");
1251             }
1252             return;
1253         }
1254 
1255         // current thread has principals and this policy entry
1256         // has principals.  see if policy entry principals match
1257         // principals in current ACC
1258 
1259         for (PolicyParser.PrincipalEntry pppe : entryPs) {
1260 
1261             // Check for wildcards
1262             if (pppe.isWildcardClass()) {
1263                 // a wildcard class matches all principals in current ACC
1264                 continue;
1265             }
1266 
1267             if (pppe.isWildcardName()) {
1268                 // a wildcard name matches any principal with the same class
1269                 if (wildcardPrincipalNameImplies(pppe.principalClass,
1270                                                  principals)) {
1271                     continue;
1272                 }
1273                 if (debug != null) {
1274                     debug.println("evaluation (principal name wildcard) failed");
1275                 }
1276                 // policy entry principal not in current ACC -
1277                 // immediately return and go to next policy entry
1278                 return;
1279             }
1280 
1281             Set<Principal> pSet = new HashSet<>(Arrays.asList(principals));
1282             Subject subject = new Subject(true, pSet,
1283                                           Collections.EMPTY_SET,
1284                                           Collections.EMPTY_SET);
1285             try {
1286                 ClassLoader cl = Thread.currentThread().getContextClassLoader();
1287                 Class<?> pClass = Class.forName(pppe.principalClass, false, cl);
1288                 Principal p = getKnownPrincipal(pClass, pppe.principalName);
1289                 if (p == null) {
1290                     if (!Principal.class.isAssignableFrom(pClass)) {
1291                         // not the right subtype
1292                         throw new ClassCastException(pppe.principalClass +
1293                                                      " is not a Principal");
1294                     }
1295 
1296                     Constructor<?> c = pClass.getConstructor(PARAMS1);
1297                     p = (Principal)c.newInstance(new Object[] {
1298                                                  pppe.principalName });
1299 
1300                 }
1301 
1302                 if (debug != null) {
1303                     debug.println("found Principal " + p.getClass().getName());
1304                 }
1305 
1306                 // check if the Principal implies the current
1307                 // thread's principals
1308                 if (!p.implies(subject)) {
1309                     if (debug != null) {
1310                         debug.println("evaluation (principal implies) failed");
1311                     }
1312 
1313                     // policy principal does not imply the current Subject -
1314                     // immediately return and go to next policy entry
1315                     return;
1316                 }
1317             } catch (Exception e) {
1318                 // fall back to default principal comparison.
1319                 // see if policy entry principal is in current ACC
1320 
1321                 if (debug != null) {
1322                     e.printStackTrace();
1323                 }
1324 
1325                 if (!pppe.implies(subject)) {
1326                     if (debug != null) {
1327                         debug.println("evaluation (default principal implies) failed");
1328                     }
1329 
1330                     // policy entry principal not in current ACC -
1331                     // immediately return and go to next policy entry
1332                     return;
1333                 }
1334             }
1335 
1336             // either the principal information matched,
1337             // or the Principal.implies succeeded.
1338             // continue loop and test the next policy principal
1339         }
1340 
1341         // all policy entry principals were found in the current ACC -
1342         // grant the policy permissions
1343 
1344         if (debug != null) {
1345             debug.println("evaluation (codesource/principals) passed");
1346         }
1347         addPerms(perms, principals, entry);
1348     }
1349 
1350     /**
1351      * Returns true if the array of principals contains at least one
1352      * principal of the specified class.
1353      */
1354     private static boolean wildcardPrincipalNameImplies(String principalClass,
1355                                                         Principal[] principals)
1356     {
1357         for (Principal p : principals) {
1358             if (principalClass.equals(p.getClass().getName())) {
1359                 return true;
1360             }
1361         }
1362         return false;
1363     }
1364 
1365     private void addPerms(Permissions perms,
1366                         Principal[] accPs,
1367                         PolicyEntry entry) {
1368         for (int i = 0; i < entry.permissions.size(); i++) {
1369             Permission p = entry.permissions.get(i);
1370             if (debug != null) {
1371                 debug.println("  granting " + p);
1372             }
1373 
1374             if (p instanceof SelfPermission) {
1375                 // handle "SELF" permissions
1376                 expandSelf((SelfPermission)p,
1377                         entry.getPrincipals(),
1378                         accPs,
1379                         perms);
1380             } else {
1381                 perms.add(FilePermCompat.newPermPlusAltPath(p));
1382             }
1383         }
1384     }
1385 
1386     /**
1387      * @param sp the SelfPermission that needs to be expanded.
1388      *
1389      * @param entryPs list of principals for the Policy entry.
1390      *
1391      * @param pdp Principal array from the current ProtectionDomain.
1392      *
1393      * @param perms the PermissionCollection where the individual
1394      *                  Permissions will be added after expansion.
1395      */
1396 
1397     private void expandSelf(SelfPermission sp,
1398                             List<PolicyParser.PrincipalEntry> entryPs,
1399                             Principal[] pdp,
1400                             Permissions perms) {
1401 
1402         if (entryPs == null || entryPs.isEmpty()) {
1403             // No principals in the grant to substitute
1404             if (debug != null) {
1405                 debug.println("Ignoring permission "
1406                                 + sp.getSelfType()
1407                                 + " with target name ("
1408                                 + sp.getSelfName() + ").  "
1409                                 + "No Principal(s) specified "
1410                                 + "in the grant clause.  "
1411                                 + "SELF-based target names are "
1412                                 + "only valid in the context "
1413                                 + "of a Principal-based grant entry."
1414                              );
1415             }
1416             return;
1417         }
1418         int startIndex = 0;
1419         int v;
1420         StringBuilder sb = new StringBuilder();
1421         while ((v = sp.getSelfName().indexOf(SELF, startIndex)) != -1) {
1422 
1423             // add non-SELF string
1424             sb.append(sp.getSelfName().substring(startIndex, v));
1425 
1426             // expand SELF
1427             Iterator<PolicyParser.PrincipalEntry> pli = entryPs.iterator();
1428             while (pli.hasNext()) {
1429                 PolicyParser.PrincipalEntry pppe = pli.next();
1430                 String[][] principalInfo = getPrincipalInfo(pppe,pdp);
1431                 for (int i = 0; i < principalInfo.length; i++) {
1432                     if (i != 0) {
1433                         sb.append(", ");
1434                     }
1435                     sb.append(principalInfo[i][0] + " " +
1436                         "\"" + principalInfo[i][1] + "\"");
1437                 }
1438                 if (pli.hasNext()) {
1439                     sb.append(", ");
1440                 }
1441             }
1442             startIndex = v + SELF.length();
1443         }
1444         // add remaining string (might be the entire string)
1445         sb.append(sp.getSelfName().substring(startIndex));
1446 
1447         if (debug != null) {
1448             debug.println("  expanded:\n\t" + sp.getSelfName()
1449                         + "\n  into:\n\t" + sb.toString());
1450         }
1451         try {
1452             // first try to instantiate the permission
1453             perms.add(FilePermCompat.newPermPlusAltPath(getInstance(sp.getSelfType(),
1454                                   sb.toString(),
1455                                   sp.getSelfActions())));
1456         } catch (ClassNotFoundException cnfe) {
1457             // ok, the permission is not in the bootclasspath.
1458             // before we add an UnresolvedPermission, check to see
1459             // whether this perm already belongs to the collection.
1460             // if so, use that perm's ClassLoader to create a new
1461             // one.
1462             Class<?> pc = null;
1463             synchronized (perms) {
1464                 Enumeration<Permission> e = perms.elements();
1465                 while (e.hasMoreElements()) {
1466                     Permission pElement = e.nextElement();
1467                     if (pElement.getClass().getName().equals(sp.getSelfType())) {
1468                         pc = pElement.getClass();
1469                         break;
1470                     }
1471                 }
1472             }
1473             if (pc == null) {
1474                 // create an UnresolvedPermission
1475                 perms.add(new UnresolvedPermission(sp.getSelfType(),
1476                                                         sb.toString(),
1477                                                         sp.getSelfActions(),
1478                                                         sp.getCerts()));
1479             } else {
1480                 try {
1481                     // we found an instantiated permission.
1482                     // use its class loader to instantiate a new permission.
1483                     Constructor<?> c;
1484                     // name parameter can not be null
1485                     if (sp.getSelfActions() == null) {
1486                         try {
1487                             c = pc.getConstructor(PARAMS1);
1488                             perms.add((Permission)c.newInstance
1489                                  (new Object[] {sb.toString()}));
1490                         } catch (NoSuchMethodException ne) {
1491                             c = pc.getConstructor(PARAMS2);
1492                             perms.add((Permission)c.newInstance
1493                                  (new Object[] {sb.toString(),
1494                                                 sp.getSelfActions() }));
1495                         }
1496                     } else {
1497                         c = pc.getConstructor(PARAMS2);
1498                         perms.add((Permission)c.newInstance
1499                            (new Object[] {sb.toString(),
1500                                           sp.getSelfActions()}));
1501                     }
1502                 } catch (Exception nme) {
1503                     if (debug != null) {
1504                         debug.println("self entry expansion " +
1505                         " instantiation failed: "
1506                         +  nme.toString());
1507                     }
1508                 }
1509             }
1510         } catch (Exception e) {
1511             if (debug != null) {
1512                 debug.println(e.toString());
1513             }
1514         }
1515     }
1516 
1517     /**
1518      * return the principal class/name pair in the 2D array.
1519      * array[x][y]:     x corresponds to the array length.
1520      *                  if (y == 0), it's the principal class.
1521      *                  if (y == 1), it's the principal name.
1522      */
1523     private String[][] getPrincipalInfo
1524         (PolicyParser.PrincipalEntry pe, Principal[] pdp) {
1525 
1526         // there are 3 possibilities:
1527         // 1) the entry's Principal class and name are not wildcarded
1528         // 2) the entry's Principal name is wildcarded only
1529         // 3) the entry's Principal class and name are wildcarded
1530 
1531         if (!pe.isWildcardClass() && !pe.isWildcardName()) {
1532 
1533             // build an info array for the principal
1534             // from the Policy entry
1535             String[][] info = new String[1][2];
1536             info[0][0] = pe.principalClass;
1537             info[0][1] = pe.principalName;
1538             return info;
1539 
1540         } else if (!pe.isWildcardClass() && pe.isWildcardName()) {
1541 
1542             // build an info array for every principal
1543             // in the current domain which has a principal class
1544             // that is equal to policy entry principal class name
1545             List<Principal> plist = new ArrayList<>();
1546             for (int i = 0; i < pdp.length; i++) {
1547                 if (pe.principalClass.equals(pdp[i].getClass().getName()))
1548                     plist.add(pdp[i]);
1549             }
1550             String[][] info = new String[plist.size()][2];
1551             int i = 0;
1552             for (Principal p : plist) {
1553                 info[i][0] = p.getClass().getName();
1554                 info[i][1] = p.getName();
1555                 i++;
1556             }
1557             return info;
1558 
1559         } else {
1560 
1561             // build an info array for every
1562             // one of the current Domain's principals
1563 
1564             String[][] info = new String[pdp.length][2];
1565 
1566             for (int i = 0; i < pdp.length; i++) {
1567                 info[i][0] = pdp[i].getClass().getName();
1568                 info[i][1] = pdp[i].getName();
1569             }
1570             return info;
1571         }
1572     }
1573 
1574     /*
1575      * Returns the signer certificates from the list of certificates
1576      * associated with the given code source.
1577      *
1578      * The signer certificates are those certificates that were used
1579      * to verify signed code originating from the codesource location.
1580      *
1581      * This method assumes that in the given code source, each signer
1582      * certificate is followed by its supporting certificate chain
1583      * (which may be empty), and that the signer certificate and its
1584      * supporting certificate chain are ordered bottom-to-top
1585      * (i.e., with the signer certificate first and the (root) certificate
1586      * authority last).
1587      */
1588     protected Certificate[] getSignerCertificates(CodeSource cs) {
1589         Certificate[] certs = null;
1590         if ((certs = cs.getCertificates()) == null)
1591             return null;
1592         for (int i=0; i<certs.length; i++) {
1593             if (!(certs[i] instanceof X509Certificate))
1594                 return cs.getCertificates();
1595         }
1596 
1597         // Do we have to do anything?
1598         int i = 0;
1599         int count = 0;
1600         while (i < certs.length) {
1601             count++;
1602             while (((i+1) < certs.length)
1603                    && ((X509Certificate)certs[i]).getIssuerDN().equals(
1604                            ((X509Certificate)certs[i+1]).getSubjectDN())) {
1605                 i++;
1606             }
1607             i++;
1608         }
1609         if (count == certs.length)
1610             // Done
1611             return certs;
1612 
1613         List<Certificate> userCertList = new ArrayList<>();
1614         i = 0;
1615         while (i < certs.length) {
1616             userCertList.add(certs[i]);
1617             while (((i+1) < certs.length)
1618                    && ((X509Certificate)certs[i]).getIssuerDN().equals(
1619                            ((X509Certificate)certs[i+1]).getSubjectDN())) {
1620                 i++;
1621             }
1622             i++;
1623         }
1624         Certificate[] userCerts = new Certificate[userCertList.size()];
1625         userCertList.toArray(userCerts);
1626         return userCerts;
1627     }
1628 
1629     private CodeSource canonicalizeCodebase(CodeSource cs,
1630                                             boolean extractSignerCerts) {
1631 
1632         String path = null;
1633 
1634         CodeSource canonCs = cs;
1635         URL u = cs.getLocation();
1636         if (u != null) {
1637             if (u.getProtocol().equals("jar")) {
1638                 // unwrap url embedded inside jar url
1639                 String spec = u.getFile();
1640                 int separator = spec.indexOf("!/");
1641                 if (separator != -1) {
1642                     try {
1643                         u = new URL(spec.substring(0, separator));
1644                     } catch (MalformedURLException e) {
1645                         // Fail silently. In this case, url stays what
1646                         // it was above
1647                     }
1648                 }
1649             }
1650             if (u.getProtocol().equals("file")) {
1651                 boolean isLocalFile = false;
1652                 String host = u.getHost();
1653                 isLocalFile = (host == null || host.equals("") ||
1654                     host.equals("~") || host.equalsIgnoreCase("localhost"));
1655 
1656                 if (isLocalFile) {
1657                     path = u.getFile().replace('/', File.separatorChar);
1658                     path = ParseUtil.decode(path);
1659                 }
1660             }
1661         }
1662 
1663         if (path != null) {
1664             try {
1665                 URL csUrl = null;
1666                 path = canonPath(path);
1667                 csUrl = ParseUtil.fileToEncodedURL(new File(path));
1668 
1669                 if (extractSignerCerts) {
1670                     canonCs = new CodeSource(csUrl,
1671                                              getSignerCertificates(cs));
1672                 } else {
1673                     canonCs = new CodeSource(csUrl,
1674                                              cs.getCertificates());
1675                 }
1676             } catch (IOException ioe) {
1677                 // leave codesource as it is, unless we have to extract its
1678                 // signer certificates
1679                 if (extractSignerCerts) {
1680                     canonCs = new CodeSource(cs.getLocation(),
1681                                              getSignerCertificates(cs));
1682                 }
1683             }
1684         } else {
1685             if (extractSignerCerts) {
1686                 canonCs = new CodeSource(cs.getLocation(),
1687                                          getSignerCertificates(cs));
1688             }
1689         }
1690         return canonCs;
1691     }
1692 
1693     // Wrapper to return a canonical path that avoids calling getCanonicalPath()
1694     // with paths that are intended to match all entries in the directory
1695     private static String canonPath(String path) throws IOException {
1696         if (path.endsWith("*")) {
1697             path = path.substring(0, path.length()-1) + "-";
1698             path = new File(path).getCanonicalPath();
1699             return path.substring(0, path.length()-1) + "*";
1700         } else {
1701             return new File(path).getCanonicalPath();
1702         }
1703     }
1704 
1705     private String printPD(ProtectionDomain pd) {
1706         Principal[] principals = pd.getPrincipals();
1707         String pals = "<no principals>";
1708         if (principals != null && principals.length > 0) {
1709             StringBuilder palBuf = new StringBuilder("(principals ");
1710             for (int i = 0; i < principals.length; i++) {
1711                 palBuf.append(principals[i].getClass().getName() +
1712                               " \"" + principals[i].getName() +
1713                               "\"");
1714                 if (i < principals.length-1)
1715                     palBuf.append(", ");
1716                 else
1717                     palBuf.append(")");
1718             }
1719             pals = palBuf.toString();
1720         }
1721         return "PD CodeSource: "
1722                 + pd.getCodeSource()
1723                 +"\n\t" + "PD ClassLoader: "
1724                 + pd.getClassLoader()
1725                 +"\n\t" + "PD Principals: "
1726                 + pals;
1727     }
1728 
1729     /**
1730      * return true if no replacement was performed,
1731      * or if replacement succeeded.
1732      */
1733     private boolean replacePrincipals(
1734         List<PolicyParser.PrincipalEntry> principals, KeyStore keystore) {
1735 
1736         if (principals == null || principals.isEmpty() || keystore == null)
1737             return true;
1738 
1739         for (PolicyParser.PrincipalEntry pppe : principals) {
1740             if (pppe.isReplaceName()) {
1741 
1742                 // perform replacement
1743                 // (only X509 replacement is possible now)
1744                 String name;
1745                 if ((name = getDN(pppe.principalName, keystore)) == null) {
1746                     return false;
1747                 }
1748 
1749                 if (debug != null) {
1750                     debug.println("  Replacing \"" +
1751                         pppe.principalName +
1752                         "\" with " +
1753                         X500PRINCIPAL + "/\"" +
1754                         name +
1755                         "\"");
1756                 }
1757 
1758                 pppe.principalClass = X500PRINCIPAL;
1759                 pppe.principalName = name;
1760             }
1761         }
1762         // return true if no replacement was performed,
1763         // or if replacement succeeded
1764         return true;
1765     }
1766 
1767     private void expandPermissionName(PolicyParser.PermissionEntry pe,
1768                                         KeyStore keystore) throws Exception {
1769         // short cut the common case
1770         if (pe.name == null || pe.name.indexOf("${{", 0) == -1) {
1771             return;
1772         }
1773 
1774         int startIndex = 0;
1775         int b, e;
1776         StringBuilder sb = new StringBuilder();
1777         while ((b = pe.name.indexOf("${{", startIndex)) != -1) {
1778             e = pe.name.indexOf("}}", b);
1779             if (e < 1) {
1780                 break;
1781             }
1782             sb.append(pe.name.substring(startIndex, b));
1783 
1784             // get the value in ${{...}}
1785             String value = pe.name.substring(b+3, e);
1786 
1787             // parse up to the first ':'
1788             int colonIndex;
1789             String prefix = value;
1790             String suffix;
1791             if ((colonIndex = value.indexOf(':')) != -1) {
1792                 prefix = value.substring(0, colonIndex);
1793             }
1794 
1795             // handle different prefix possibilities
1796             if (prefix.equalsIgnoreCase("self")) {
1797                 // do nothing - handled later
1798                 sb.append(pe.name.substring(b, e+2));
1799                 startIndex = e+2;
1800                 continue;
1801             } else if (prefix.equalsIgnoreCase("alias")) {
1802                 // get the suffix and perform keystore alias replacement
1803                 if (colonIndex == -1) {
1804                     Object[] source = {pe.name};
1805                     throw new Exception(
1806                         LocalizedMessage.getNonlocalized(
1807                             "alias.name.not.provided.pe.name.",
1808                             source));
1809                 }
1810                 suffix = value.substring(colonIndex+1);
1811                 if ((suffix = getDN(suffix, keystore)) == null) {
1812                     Object[] source = {value.substring(colonIndex+1)};
1813                     throw new Exception(
1814                         LocalizedMessage.getNonlocalized(
1815                             "unable.to.perform.substitution.on.alias.suffix",
1816                             source));
1817                 }
1818 
1819                 sb.append(X500PRINCIPAL + " \"" + suffix + "\"");
1820                 startIndex = e+2;
1821             } else {
1822                 Object[] source = {prefix};
1823                 throw new Exception(
1824                     LocalizedMessage.getNonlocalized(
1825                         "substitution.value.prefix.unsupported",
1826                         source));
1827             }
1828         }
1829 
1830         // copy the rest of the value
1831         sb.append(pe.name.substring(startIndex));
1832 
1833         // replace the name with expanded value
1834         if (debug != null) {
1835             debug.println("  Permission name expanded from:\n\t" +
1836                         pe.name + "\nto\n\t" + sb.toString());
1837         }
1838         pe.name = sb.toString();
1839     }
1840 
1841     private String getDN(String alias, KeyStore keystore) {
1842         Certificate cert = null;
1843         try {
1844             cert = keystore.getCertificate(alias);
1845         } catch (Exception e) {
1846             if (debug != null) {
1847                 debug.println("  Error retrieving certificate for '" +
1848                                 alias +
1849                                 "': " +
1850                                 e.toString());
1851             }
1852             return null;
1853         }
1854 
1855         if (cert == null || !(cert instanceof X509Certificate)) {
1856             if (debug != null) {
1857                 debug.println("  -- No certificate for '" +
1858                                 alias +
1859                                 "' - ignoring entry");
1860             }
1861             return null;
1862         } else {
1863             X509Certificate x509Cert = (X509Certificate)cert;
1864 
1865             // 4702543:  X500 names with an EmailAddress
1866             // were encoded incorrectly.  create new
1867             // X500Principal name with correct encoding
1868 
1869             X500Principal p = new X500Principal
1870                 (x509Cert.getSubjectX500Principal().toString());
1871             return p.getName();
1872         }
1873     }
1874 
1875     /**
1876      * Each entry in the policy configuration file is represented by a
1877      * PolicyEntry object.  <p>
1878      *
1879      * A PolicyEntry is a (CodeSource,Permission) pair.  The
1880      * CodeSource contains the (URL, PublicKey) that together identify
1881      * where the Java bytecodes come from and who (if anyone) signed
1882      * them.  The URL could refer to localhost.  The URL could also be
1883      * null, meaning that this policy entry is given to all comers, as
1884      * long as they match the signer field.  The signer could be null,
1885      * meaning the code is not signed. <p>
1886      *
1887      * The Permission contains the (Type, Name, Action) triplet. <p>
1888      *
1889      * For now, the Policy object retrieves the public key from the
1890      * X.509 certificate on disk that corresponds to the signedBy
1891      * alias specified in the Policy config file.  For reasons of
1892      * efficiency, the Policy object keeps a hashtable of certs already
1893      * read in.  This could be replaced by a secure internal key
1894      * store.
1895      *
1896      * <p>
1897      * For example, the entry
1898      * <pre>
1899      *          permission java.io.File "/tmp", "read,write",
1900      *          signedBy "Duke";
1901      * </pre>
1902      * is represented internally
1903      * <pre>
1904      *
1905      * FilePermission f = new FilePermission("/tmp", "read,write");
1906      * PublicKey p = publickeys.get("Duke");
1907      * URL u = InetAddress.getLocalHost();
1908      * CodeBase c = new CodeBase( p, u );
1909      * pe = new PolicyEntry(f, c);
1910      * </pre>
1911      *
1912      * @author Marianne Mueller
1913      * @author Roland Schemers
1914      * @see java.security.CodeSource
1915      * @see java.security.Policy
1916      * @see java.security.Permissions
1917      * @see java.security.ProtectionDomain
1918      */
1919     private static class PolicyEntry {
1920 
1921         private final CodeSource codesource;
1922         final List<Permission> permissions;
1923         private final List<PolicyParser.PrincipalEntry> principals;
1924 
1925         /**
1926          * Given a Permission and a CodeSource, create a policy entry.
1927          *
1928          * XXX Decide if/how to add validity fields and "purpose" fields to
1929          * XXX policy entries
1930          *
1931          * @param cs the CodeSource, which encapsulates the URL and the
1932          *        public key
1933          *        attributes from the policy config file. Validity checks
1934          *        are performed on the public key before PolicyEntry is
1935          *        called.
1936          *
1937          */
1938         PolicyEntry(CodeSource cs, List<PolicyParser.PrincipalEntry> principals)
1939         {
1940             this.codesource = cs;
1941             this.permissions = new ArrayList<Permission>();
1942             this.principals = principals; // can be null
1943         }
1944 
1945         PolicyEntry(CodeSource cs)
1946         {
1947             this(cs, null);
1948         }
1949 
1950         List<PolicyParser.PrincipalEntry> getPrincipals() {
1951             return principals; // can be null
1952         }
1953 
1954         /**
1955          * add a Permission object to this entry.
1956          * No need to sync add op because perms are added to entry only
1957          * while entry is being initialized
1958          */
1959         void add(Permission p) {
1960             permissions.add(p);
1961         }
1962 
1963         /**
1964          * Return the CodeSource for this policy entry
1965          */
1966         CodeSource getCodeSource() {
1967             return codesource;
1968         }
1969 
1970         @Override public String toString(){
1971             StringBuilder sb = new StringBuilder();
1972             sb.append(ResourcesMgr.getString("LPARAM"));
1973             sb.append(getCodeSource());
1974             sb.append("\n");
1975             for (int j = 0; j < permissions.size(); j++) {
1976                 Permission p = permissions.get(j);
1977                 sb.append(ResourcesMgr.getString("SPACE"));
1978                 sb.append(ResourcesMgr.getString("SPACE"));
1979                 sb.append(p);
1980                 sb.append(ResourcesMgr.getString("NEWLINE"));
1981             }
1982             sb.append(ResourcesMgr.getString("RPARAM"));
1983             sb.append(ResourcesMgr.getString("NEWLINE"));
1984             return sb.toString();
1985         }
1986     }
1987 
1988     private static class SelfPermission extends Permission {
1989 
1990         private static final long serialVersionUID = -8315562579967246806L;
1991 
1992         /**
1993          * The class name of the Permission class that will be
1994          * created when this self permission is expanded .
1995          *
1996          * @serial
1997          */
1998         private String type;
1999 
2000         /**
2001          * The permission name.
2002          *
2003          * @serial
2004          */
2005         private String name;
2006 
2007         /**
2008          * The actions of the permission.
2009          *
2010          * @serial
2011          */
2012         private String actions;
2013 
2014         /**
2015          * The certs of the permission.
2016          *
2017          * @serial
2018          */
2019         private Certificate[] certs;
2020 
2021         /**
2022          * Creates a new SelfPermission containing the permission
2023          * information needed later to expand the self
2024          * @param type the class name of the Permission class that will be
2025          * created when this permission is expanded and if necessary resolved.
2026          * @param name the name of the permission.
2027          * @param actions the actions of the permission.
2028          * @param certs the certificates the permission's class was signed with.
2029          * This is a list of certificate chains, where each chain is composed of
2030          * a signer certificate and optionally its supporting certificate chain.
2031          * Each chain is ordered bottom-to-top (i.e., with the signer
2032          * certificate first and the (root) certificate authority last).
2033          */
2034         public SelfPermission(String type, String name, String actions,
2035                               Certificate[] certs)
2036         {
2037             super(type);
2038             if (type == null) {
2039                 throw new NullPointerException
2040                     (LocalizedMessage.getNonlocalized("type.can.t.be.null"));
2041             }
2042             this.type = type;
2043             this.name = name;
2044             this.actions = actions;
2045             if (certs != null) {
2046                 // Extract the signer certs from the list of certificates.
2047                 for (int i=0; i<certs.length; i++) {
2048                     if (!(certs[i] instanceof X509Certificate)) {
2049                         // there is no concept of signer certs, so we store the
2050                         // entire cert array
2051                         this.certs = certs.clone();
2052                         break;
2053                     }
2054                 }
2055 
2056                 if (this.certs == null) {
2057                     // Go through the list of certs and see if all the certs are
2058                     // signer certs.
2059                     int i = 0;
2060                     int count = 0;
2061                     while (i < certs.length) {
2062                         count++;
2063                         while (((i+1) < certs.length) &&
2064                             ((X509Certificate)certs[i]).getIssuerDN().equals(
2065                             ((X509Certificate)certs[i+1]).getSubjectDN())) {
2066                             i++;
2067                         }
2068                         i++;
2069                     }
2070                     if (count == certs.length) {
2071                         // All the certs are signer certs, so we store the
2072                         // entire array
2073                         this.certs = certs.clone();
2074                     }
2075 
2076                     if (this.certs == null) {
2077                         // extract the signer certs
2078                         List<Certificate> signerCerts = new ArrayList<>();
2079                         i = 0;
2080                         while (i < certs.length) {
2081                             signerCerts.add(certs[i]);
2082                             while (((i+1) < certs.length) &&
2083                                 ((X509Certificate)certs[i]).getIssuerDN().equals(
2084                                 ((X509Certificate)certs[i+1]).getSubjectDN())) {
2085                                 i++;
2086                             }
2087                             i++;
2088                         }
2089                         this.certs = new Certificate[signerCerts.size()];
2090                         signerCerts.toArray(this.certs);
2091                     }
2092                 }
2093             }
2094         }
2095 
2096         /**
2097          * This method always returns false for SelfPermission permissions.
2098          * That is, an SelfPermission never considered to
2099          * imply another permission.
2100          *
2101          * @param p the permission to check against.
2102          *
2103          * @return false.
2104          */
2105         @Override public boolean implies(Permission p) {
2106             return false;
2107         }
2108 
2109         /**
2110          * Checks two SelfPermission objects for equality.
2111          *
2112          * Checks that <i>obj</i> is an SelfPermission, and has
2113          * the same type (class) name, permission name, actions, and
2114          * certificates as this object.
2115          *
2116          * @param obj the object we are testing for equality with this object.
2117          *
2118          * @return true if obj is an SelfPermission, and has the same
2119          * type (class) name, permission name, actions, and
2120          * certificates as this object.
2121          */
2122         @Override public boolean equals(Object obj) {
2123             if (obj == this)
2124                 return true;
2125 
2126             if (! (obj instanceof SelfPermission))
2127                 return false;
2128             SelfPermission that = (SelfPermission) obj;
2129 
2130             if (!(this.type.equals(that.type) &&
2131                 this.name.equals(that.name) &&
2132                 this.actions.equals(that.actions)))
2133                 return false;
2134 
2135             if (this.certs.length != that.certs.length)
2136                 return false;
2137 
2138             int i,j;
2139             boolean match;
2140 
2141             for (i = 0; i < this.certs.length; i++) {
2142                 match = false;
2143                 for (j = 0; j < that.certs.length; j++) {
2144                     if (this.certs[i].equals(that.certs[j])) {
2145                         match = true;
2146                         break;
2147                     }
2148                 }
2149                 if (!match) return false;
2150             }
2151 
2152             for (i = 0; i < that.certs.length; i++) {
2153                 match = false;
2154                 for (j = 0; j < this.certs.length; j++) {
2155                     if (that.certs[i].equals(this.certs[j])) {
2156                         match = true;
2157                         break;
2158                     }
2159                 }
2160                 if (!match) return false;
2161             }
2162             return true;
2163         }
2164 
2165         /**
2166          * Returns the hash code value for this object.
2167          *
2168          * @return a hash code value for this object.
2169          */
2170         @Override public int hashCode() {
2171             int hash = type.hashCode();
2172             if (name != null)
2173                 hash ^= name.hashCode();
2174             if (actions != null)
2175                 hash ^= actions.hashCode();
2176             return hash;
2177         }
2178 
2179         /**
2180          * Returns the canonical string representation of the actions,
2181          * which currently is the empty string "", since there are no actions
2182          * for an SelfPermission. That is, the actions for the
2183          * permission that will be created when this SelfPermission
2184          * is resolved may be non-null, but an SelfPermission
2185          * itself is never considered to have any actions.
2186          *
2187          * @return the empty string "".
2188          */
2189         @Override public String getActions() {
2190             return "";
2191         }
2192 
2193         public String getSelfType() {
2194             return type;
2195         }
2196 
2197         public String getSelfName() {
2198             return name;
2199         }
2200 
2201         public String getSelfActions() {
2202             return actions;
2203         }
2204 
2205         public Certificate[] getCerts() {
2206             return certs;
2207         }
2208 
2209         /**
2210          * Returns a string describing this SelfPermission.  The convention
2211          * is to specify the class name, the permission name, and the actions,
2212          * in the following format: '(unresolved "ClassName" "name" "actions")'.
2213          *
2214          * @return information about this SelfPermission.
2215          */
2216         @Override public String toString() {
2217             return "(SelfPermission " + type + " " + name + " " + actions + ")";
2218         }
2219     }
2220 
2221     /**
2222      * holds policy information that we need to synch on
2223      */
2224     private static class PolicyInfo {
2225         private static final boolean verbose = false;
2226 
2227         // Stores grant entries in the policy
2228         final List<PolicyEntry> policyEntries;
2229 
2230         // Maps aliases to certs
2231         final Map<Object, Object> aliasMapping;
2232 
2233         // Maps ProtectionDomain to PermissionCollection
2234         private final ProtectionDomainCache[] pdMapping;
2235         private java.util.Random random;
2236 
2237         PolicyInfo(int numCaches) {
2238             policyEntries = new ArrayList<>();
2239             aliasMapping = Collections.synchronizedMap(new HashMap<>(11));
2240 
2241             pdMapping = new ProtectionDomainCache[numCaches];
2242             JavaSecurityProtectionDomainAccess jspda
2243                 = SharedSecrets.getJavaSecurityProtectionDomainAccess();
2244             for (int i = 0; i < numCaches; i++) {
2245                 pdMapping[i] = jspda.getProtectionDomainCache();
2246             }
2247             if (numCaches > 1) {
2248                 random = new java.util.Random();
2249             }
2250         }
2251         ProtectionDomainCache getPdMapping() {
2252             if (pdMapping.length == 1) {
2253                 return pdMapping[0];
2254             } else {
2255                 int i = java.lang.Math.abs(random.nextInt() % pdMapping.length);
2256                 return pdMapping[i];
2257             }
2258         }
2259     }
2260 }