rev 51958 : 8211122: Reduce the number of internal classes made accessible to jdk.unsupported
Reviewed-by: alanb, dfuchs, kvn

   1 /*
   2  * Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.provider;
  27 
  28 import java.io.*;
  29 import java.lang.reflect.*;
  30 import java.net.MalformedURLException;
  31 import java.net.URL;
  32 import java.net.URI;
  33 import java.nio.file.Files;
  34 import java.nio.file.Path;
  35 import java.util.*;
  36 import java.security.*;
  37 import java.security.cert.Certificate;
  38 import java.security.cert.X509Certificate;
  39 import javax.security.auth.Subject;
  40 import javax.security.auth.x500.X500Principal;
  41 import java.net.SocketPermission;
  42 import java.net.NetPermission;
  43 import java.util.concurrent.ConcurrentHashMap;
  44 import jdk.internal.misc.JavaSecurityAccess;
  45 import static jdk.internal.misc.JavaSecurityAccess.ProtectionDomainCache;
  46 import jdk.internal.misc.SharedSecrets;
  47 import jdk.internal.util.StaticProperty;
  48 import sun.security.util.*;
  49 import sun.net.www.ParseUtil;
  50 
  51 /**
  52  * This class represents a default Policy implementation for the
  53  * "JavaPolicy" type.
  54  *
  55  * <p> This object stores the policy for the entire Java runtime,
  56  * and is the amalgamation of multiple static policy
  57  * configurations that resides in files.
  58  * The algorithm for locating the policy file(s) and reading their
  59  * information into this <code>Policy</code> object is:
  60  *
  61  * <ol>
  62  * <li>
  63  *   Read in and load the default policy file named
  64  *   &lt;JAVA_HOME&gt;/lib/security/default.policy. &lt;JAVA_HOME&gt; refers
  65  *   to the value of the java.home system property, and specifies the directory
  66  *   where the JRE is installed. This policy file grants permissions to the
  67  *   modules loaded by the platform class loader. If the default policy file
  68  *   cannot be loaded, a fatal InternalError is thrown as these permissions
  69  *   are needed in order for the runtime to operate correctly.
  70  * <li>
  71  *   Loop through the <code>java.security.Security</code> properties,
  72  *   and <i>policy.url.1</i>, <i>policy.url.2</i>, ...,
  73  *   <i>policy.url.X</i>".  These properties are set
  74  *   in the Java security properties file, which is located in the file named
  75  *   &lt;JAVA_HOME&gt;/conf/security/java.security.
  76  *   Each property value specifies a <code>URL</code> pointing to a
  77  *   policy file to be loaded.  Read in and load each policy.
  78  *
  79  *   If none of these could be loaded, use a builtin static policy
  80  *   equivalent to the conf/security/java.policy file.
  81  *
  82  * <li>
  83  *   The <code>java.lang.System</code> property <i>java.security.policy</i>
  84  *   may also be set to a <code>URL</code> pointing to another policy file
  85  *   (which is the case when a user uses the -D switch at runtime).
  86  *   If this property is defined, and its use is allowed by the
  87  *   security property file (the Security property,
  88  *   <i>policy.allowSystemProperty</i> is set to <i>true</i>),
  89  *   also load that policy.
  90  *
  91  *   If the <i>java.security.policy</i> property is defined using
  92  *   "==" (rather than "="), then load the specified policy file and ignore
  93  *   all other configured policies. Note, that the default.policy file is
  94  *   also loaded, as specified in the first step of the algorithm above.
  95  *   If the specified policy file cannot be loaded, use a builtin static policy
  96  *   equivalent to the default conf/security/java.policy file.
  97  * </ol>
  98  *
  99  * Each policy file consists of one or more grant entries, each of
 100  * which consists of a number of permission entries.
 101  *
 102  * <pre>
 103  *   grant signedBy "<b>alias</b>", codeBase "<b>URL</b>",
 104  *         principal <b>principalClass</b> "<b>principalName</b>",
 105  *         principal <b>principalClass</b> "<b>principalName</b>",
 106  *         ... {
 107  *
 108  *     permission <b>Type</b> "<b>name</b> "<b>action</b>",
 109  *         signedBy "<b>alias</b>";
 110  *     permission <b>Type</b> "<b>name</b> "<b>action</b>",
 111  *         signedBy "<b>alias</b>";
 112  *     ....
 113  *   };
 114  * </pre>
 115  *
 116  * All non-bold items above must appear as is (although case
 117  * doesn't matter and some are optional, as noted below).
 118  * principal entries are optional and need not be present.
 119  * Italicized items represent variable values.
 120  *
 121  * <p> A grant entry must begin with the word <code>grant</code>.
 122  * The <code>signedBy</code>,<code>codeBase</code> and <code>principal</code>
 123  * name/value pairs are optional.
 124  * If they are not present, then any signer (including unsigned code)
 125  * will match, and any codeBase will match.
 126  * Note that the <i>principalClass</i>
 127  * may be set to the wildcard value, *, which allows it to match
 128  * any <code>Principal</code> class.  In addition, the <i>principalName</i>
 129  * may also be set to the wildcard value, *, allowing it to match
 130  * any <code>Principal</code> name.  When setting the <i>principalName</i>
 131  * to the *, do not surround the * with quotes.
 132  *
 133  * <p> A permission entry must begin with the word <code>permission</code>.
 134  * The word <code><i>Type</i></code> in the template above is
 135  * a specific permission type, such as <code>java.io.FilePermission</code>
 136  * or <code>java.lang.RuntimePermission</code>.
 137  *
 138  * <p> The "<i>action</i>" is required for
 139  * many permission types, such as <code>java.io.FilePermission</code>
 140  * (where it specifies what type of file access that is permitted).
 141  * It is not required for categories such as
 142  * <code>java.lang.RuntimePermission</code>
 143  * where it is not necessary - you either have the
 144  * permission specified by the <code>"<i>name</i>"</code>
 145  * value following the type name or you don't.
 146  *
 147  * <p> The <code>signedBy</code> name/value pair for a permission entry
 148  * is optional. If present, it indicates a signed permission. That is,
 149  * the permission class itself must be signed by the given alias in
 150  * order for it to be granted. For example,
 151  * suppose you have the following grant entry:
 152  *
 153  * <pre>
 154  *   grant principal foo.com.Principal "Duke" {
 155  *     permission Foo "foobar", signedBy "FooSoft";
 156  *   }
 157  * </pre>
 158  *
 159  * <p> Then this permission of type <i>Foo</i> is granted if the
 160  * <code>Foo.class</code> permission has been signed by the
 161  * "FooSoft" alias, or if XXX <code>Foo.class</code> is a
 162  * system class (i.e., is found on the CLASSPATH).
 163  *
 164  * <p> Items that appear in an entry must appear in the specified order
 165  * (<code>permission</code>, <i>Type</i>, "<i>name</i>", and
 166  * "<i>action</i>"). An entry is terminated with a semicolon.
 167  *
 168  * <p> Case is unimportant for the identifiers (<code>permission</code>,
 169  * <code>signedBy</code>, <code>codeBase</code>, etc.) but is
 170  * significant for the <i>Type</i>
 171  * or for any string that is passed in as a value.
 172  *
 173  * <p> An example of two entries in a policy configuration file is
 174  * <pre>
 175  *   // if the code is comes from "foo.com" and is running as "Duke",
 176  *   // grant it read/write to all files in /tmp.
 177  *
 178  *   grant codeBase "foo.com", principal foo.com.Principal "Duke" {
 179  *              permission java.io.FilePermission "/tmp/*", "read,write";
 180  *   };
 181  *
 182  *   // grant any code running as "Duke" permission to read
 183  *   // the "java.vendor" Property.
 184  *
 185  *   grant principal foo.com.Principal "Duke" {
 186  *         permission java.util.PropertyPermission "java.vendor";
 187  *
 188  *
 189  * </pre>
 190  *  This Policy implementation supports special handling of any
 191  *  permission that contains the string, "<b>${{self}}</b>", as part of
 192  *  its target name.  When such a permission is evaluated
 193  *  (such as during a security check), <b>${{self}}</b> is replaced
 194  *  with one or more Principal class/name pairs.  The exact
 195  *  replacement performed depends upon the contents of the
 196  *  grant clause to which the permission belongs.
 197  * <p>
 198  *
 199  *  If the grant clause does not contain any principal information,
 200  *  the permission will be ignored (permissions containing
 201  *  <b>${{self}}</b> in their target names are only valid in the context
 202  *  of a principal-based grant clause).  For example, BarPermission
 203  *  will always be ignored in the following grant clause:
 204  *
 205  * <pre>
 206  *    grant codebase "www.foo.com", signedby "duke" {
 207  *      permission BarPermission "... ${{self}} ...";
 208  *    };
 209  * </pre>
 210  *
 211  *  If the grant clause contains principal information, <b>${{self}}</b>
 212  *  will be replaced with that same principal information.
 213  *  For example, <b>${{self}}</b> in BarPermission will be replaced by
 214  *  <b>javax.security.auth.x500.X500Principal "cn=Duke"</b>
 215  *  in the following grant clause:
 216  *
 217  *  <pre>
 218  *    grant principal javax.security.auth.x500.X500Principal "cn=Duke" {
 219  *      permission BarPermission "... ${{self}} ...";
 220  *    };
 221  *  </pre>
 222  *
 223  *  If there is a comma-separated list of principals in the grant
 224  *  clause, then <b>${{self}}</b> will be replaced by the same
 225  *  comma-separated list or principals.
 226  *  In the case where both the principal class and name are
 227  *  wildcarded in the grant clause, <b>${{self}}</b> is replaced
 228  *  with all the principals associated with the <code>Subject</code>
 229  *  in the current <code>AccessControlContext</code>.
 230  *
 231  * <p> For PrivateCredentialPermissions, you can also use "<b>self</b>"
 232  * instead of "<b>${{self}}</b>". However the use of "<b>self</b>" is
 233  * deprecated in favour of "<b>${{self}}</b>".
 234  *
 235  * @see java.security.CodeSource
 236  * @see java.security.Permissions
 237  * @see java.security.ProtectionDomain
 238  */
 239 public class PolicyFile extends java.security.Policy {
 240 
 241     private static final Debug debug = Debug.getInstance("policy");
 242 
 243     private static final String SELF = "${{self}}";
 244     private static final String X500PRINCIPAL =
 245                         "javax.security.auth.x500.X500Principal";
 246     private static final String POLICY = "java.security.policy";
 247     private static final String POLICY_URL = "policy.url.";
 248 
 249     private static final int DEFAULT_CACHE_SIZE = 1;
 250 
 251     // contains the policy grant entries, PD cache, and alias mapping
 252     // can be updated if refresh() is called
 253     private volatile PolicyInfo policyInfo;
 254 
 255     private boolean expandProperties = true;
 256     private boolean allowSystemProperties = true;
 257     private boolean notUtf8 = false;
 258     private URL url;
 259 
 260     // for use with the reflection API
 261     private static final Class<?>[] PARAMS0 = { };
 262     private static final Class<?>[] PARAMS1 = { String.class };
 263     private static final Class<?>[] PARAMS2 = { String.class, String.class };
 264 
 265     /**
 266      * When a policy file has a syntax error, the exception code may generate
 267      * another permission check and this can cause the policy file to be parsed
 268      * repeatedly, leading to a StackOverflowError or ClassCircularityError.
 269      * To avoid this, this set is populated with policy files that have been
 270      * previously parsed and have syntax errors, so that they can be
 271      * subsequently ignored.
 272      */
 273     private static Set<URL> badPolicyURLs =
 274         Collections.newSetFromMap(new ConcurrentHashMap<URL,Boolean>());
 275 
 276     /**
 277      * Initializes the Policy object and reads the default policy
 278      * configuration file(s) into the Policy object.
 279      */
 280     public PolicyFile() {
 281         init((URL)null);
 282     }
 283 
 284     /**
 285      * Initializes the Policy object and reads the default policy
 286      * from the specified URL only.
 287      */
 288     public PolicyFile(URL url) {
 289         this.url = url;
 290         init(url);
 291     }
 292 
 293     /**
 294      * Initializes the Policy object and reads the default policy
 295      * configuration file(s) into the Policy object.
 296      *
 297      * See the class description for details on the algorithm used to
 298      * initialize the Policy object.
 299      */
 300     private void init(URL url) {
 301         // Properties are set once for each init(); ignore changes between
 302         // between diff invocations of initPolicyFile(policy, url, info).
 303         String numCacheStr =
 304           AccessController.doPrivileged(new PrivilegedAction<>() {
 305             @Override
 306             public String run() {
 307                 expandProperties = "true".equalsIgnoreCase
 308                     (Security.getProperty("policy.expandProperties"));
 309                 allowSystemProperties = "true".equalsIgnoreCase
 310                     (Security.getProperty("policy.allowSystemProperty"));
 311                 notUtf8 = "false".equalsIgnoreCase
 312                     (System.getProperty("sun.security.policy.utf8"));
 313                 return System.getProperty("sun.security.policy.numcaches");
 314             }});
 315 
 316         int numCaches;
 317         if (numCacheStr != null) {
 318             try {
 319                 numCaches = Integer.parseInt(numCacheStr);
 320             } catch (NumberFormatException e) {
 321                 numCaches = DEFAULT_CACHE_SIZE;
 322             }
 323         } else {
 324             numCaches = DEFAULT_CACHE_SIZE;
 325         }
 326         // System.out.println("number caches=" + numCaches);
 327         PolicyInfo newInfo = new PolicyInfo(numCaches);
 328         initPolicyFile(newInfo, url);
 329         policyInfo = newInfo;
 330     }
 331 
 332     private void initPolicyFile(final PolicyInfo newInfo, final URL url) {
 333 
 334         // always load default.policy
 335         AccessController.doPrivileged(new PrivilegedAction<>() {
 336             @Override
 337             public Void run() {
 338                 initDefaultPolicy(newInfo);
 339                 return null;
 340             }
 341         });
 342 
 343         if (url != null) {
 344 
 345             /**
 346              * If the caller specified a URL via Policy.getInstance,
 347              * we only read from default.policy and that URL.
 348              */
 349 
 350             if (debug != null) {
 351                 debug.println("reading " + url);
 352             }
 353             AccessController.doPrivileged(new PrivilegedAction<>() {
 354                 @Override
 355                 public Void run() {
 356                     if (init(url, newInfo) == false) {
 357                         // use static policy if all else fails
 358                         initStaticPolicy(newInfo);
 359                     }
 360                     return null;
 361                 }
 362             });
 363 
 364         } else {
 365 
 366             /**
 367              * Caller did not specify URL via Policy.getInstance.
 368              * Read from URLs listed in the java.security properties file.
 369              */
 370 
 371             boolean loaded_one = initPolicyFile(POLICY, POLICY_URL, newInfo);
 372             // To maintain strict backward compatibility
 373             // we load the static policy only if POLICY load failed
 374             if (!loaded_one) {
 375                 // use static policy if all else fails
 376                 initStaticPolicy(newInfo);
 377             }
 378         }
 379     }
 380 
 381     private boolean initPolicyFile(final String propname, final String urlname,
 382                                    final PolicyInfo newInfo) {
 383         boolean loadedPolicy =
 384             AccessController.doPrivileged(new PrivilegedAction<>() {
 385             @Override
 386             public Boolean run() {
 387                 boolean loaded_policy = false;
 388 
 389                 if (allowSystemProperties) {
 390                     String extra_policy = System.getProperty(propname);
 391                     if (extra_policy != null) {
 392                         boolean overrideAll = false;
 393                         if (extra_policy.startsWith("=")) {
 394                             overrideAll = true;
 395                             extra_policy = extra_policy.substring(1);
 396                         }
 397                         try {
 398                             extra_policy =
 399                                 PropertyExpander.expand(extra_policy);
 400                             URL policyURL;
 401 
 402                             File policyFile = new File(extra_policy);
 403                             if (policyFile.exists()) {
 404                                 policyURL = ParseUtil.fileToEncodedURL
 405                                     (new File(policyFile.getCanonicalPath()));
 406                             } else {
 407                                 policyURL = new URL(extra_policy);
 408                             }
 409                             if (debug != null) {
 410                                 debug.println("reading "+policyURL);
 411                             }
 412                             if (init(policyURL, newInfo)) {
 413                                 loaded_policy = true;
 414                             }
 415                         } catch (Exception e) {
 416                             // ignore.
 417                             if (debug != null) {
 418                                 debug.println("caught exception: "+e);
 419                             }
 420                         }
 421                         if (overrideAll) {
 422                             if (debug != null) {
 423                                 debug.println("overriding other policies!");
 424                             }
 425                             return Boolean.valueOf(loaded_policy);
 426                         }
 427                     }
 428                 }
 429 
 430                 int n = 1;
 431                 String policy_uri;
 432 
 433                 while ((policy_uri = Security.getProperty(urlname+n)) != null) {
 434                     try {
 435                         URL policy_url = null;
 436                         String expanded_uri = PropertyExpander.expand
 437                                 (policy_uri).replace(File.separatorChar, '/');
 438 
 439                         if (policy_uri.startsWith("file:${java.home}/") ||
 440                             policy_uri.startsWith("file:${user.home}/")) {
 441 
 442                             // this special case accommodates
 443                             // the situation java.home/user.home
 444                             // expand to a single slash, resulting in
 445                             // a file://foo URI
 446                             policy_url = new File
 447                                 (expanded_uri.substring(5)).toURI().toURL();
 448                         } else {
 449                             policy_url = new URI(expanded_uri).toURL();
 450                         }
 451 
 452                         if (debug != null) {
 453                             debug.println("reading " + policy_url);
 454                         }
 455                         if (init(policy_url, newInfo)) {
 456                             loaded_policy = true;
 457                         }
 458                     } catch (Exception e) {
 459                         if (debug != null) {
 460                             debug.println(
 461                                 "Debug info only. Error reading policy " +e);
 462                             e.printStackTrace();
 463                         }
 464                         // ignore that policy
 465                     }
 466                     n++;
 467                 }
 468                 return Boolean.valueOf(loaded_policy);
 469             }
 470         });
 471 
 472         return loadedPolicy;
 473     }
 474 
 475     private void initDefaultPolicy(PolicyInfo newInfo) {
 476         Path defaultPolicy = Path.of(StaticProperty.javaHome(),
 477                                      "lib",
 478                                      "security",
 479                                      "default.policy");
 480         if (debug != null) {
 481             debug.println("reading " + defaultPolicy);
 482         }
 483         try (BufferedReader br = Files.newBufferedReader(defaultPolicy)) {
 484 
 485             PolicyParser pp = new PolicyParser(expandProperties);
 486             pp.read(br);
 487 
 488             Enumeration<PolicyParser.GrantEntry> enum_ = pp.grantElements();
 489             while (enum_.hasMoreElements()) {
 490                 PolicyParser.GrantEntry ge = enum_.nextElement();
 491                 addGrantEntry(ge, null, newInfo);
 492             }
 493         } catch (Exception e) {
 494             throw new InternalError("Failed to load default.policy", e);
 495         }
 496     }
 497 
 498     /**
 499      * Reads a policy configuration into the Policy object using a
 500      * Reader object.
 501      */
 502     private boolean init(URL policy, PolicyInfo newInfo) {
 503 
 504         // skip parsing policy file if it has been previously parsed and
 505         // has syntax errors
 506         if (badPolicyURLs.contains(policy)) {
 507             if (debug != null) {
 508                 debug.println("skipping bad policy file: " + policy);
 509             }
 510             return false;
 511         }
 512 
 513         try (InputStreamReader isr =
 514                  getInputStreamReader(PolicyUtil.getInputStream(policy))) {
 515 
 516             PolicyParser pp = new PolicyParser(expandProperties);
 517             pp.read(isr);
 518 
 519             KeyStore keyStore = null;
 520             try {
 521                 keyStore = PolicyUtil.getKeyStore
 522                                 (policy,
 523                                 pp.getKeyStoreUrl(),
 524                                 pp.getKeyStoreType(),
 525                                 pp.getKeyStoreProvider(),
 526                                 pp.getStorePassURL(),
 527                                 debug);
 528             } catch (Exception e) {
 529                 // ignore, treat it like we have no keystore
 530                 if (debug != null) {
 531                     debug.println("Debug info only. Ignoring exception.");
 532                     e.printStackTrace();
 533                 }
 534             }
 535 
 536             Enumeration<PolicyParser.GrantEntry> enum_ = pp.grantElements();
 537             while (enum_.hasMoreElements()) {
 538                 PolicyParser.GrantEntry ge = enum_.nextElement();
 539                 addGrantEntry(ge, keyStore, newInfo);
 540             }
 541             return true;
 542         } catch (PolicyParser.ParsingException pe) {
 543             // record bad policy file to avoid later reparsing it
 544             badPolicyURLs.add(policy);
 545             Object[] source = {policy, pe.getNonlocalizedMessage()};
 546             System.err.println(LocalizedMessage.getNonlocalized
 547                 (POLICY + ".error.parsing.policy.message", source));
 548             if (debug != null) {
 549                 pe.printStackTrace();
 550             }
 551         } catch (Exception e) {
 552             if (debug != null) {
 553                 debug.println("error parsing "+policy);
 554                 debug.println(e.toString());
 555                 e.printStackTrace();
 556             }
 557         }
 558 
 559         return false;
 560     }
 561 
 562     private InputStreamReader getInputStreamReader(InputStream is)
 563                               throws IOException {
 564         /*
 565          * Read in policy using UTF-8 by default.
 566          *
 567          * Check non-standard system property to see if the default encoding
 568          * should be used instead.
 569          */
 570         return (notUtf8)
 571             ? new InputStreamReader(is)
 572             : new InputStreamReader(is, "UTF-8");
 573     }
 574 
 575     private void initStaticPolicy(final PolicyInfo newInfo) {
 576         if (debug != null) {
 577             debug.println("Initializing with static permissions");
 578         }
 579         AccessController.doPrivileged(new PrivilegedAction<>() {
 580             @Override
 581             public Void run() {
 582                 PolicyEntry pe = new PolicyEntry(new CodeSource(null,
 583                     (Certificate[]) null));
 584                 pe.add(SecurityConstants.LOCAL_LISTEN_PERMISSION);
 585                 pe.add(new PropertyPermission("java.version",
 586                     SecurityConstants.PROPERTY_READ_ACTION));
 587                 pe.add(new PropertyPermission("java.vendor",
 588                     SecurityConstants.PROPERTY_READ_ACTION));
 589                 pe.add(new PropertyPermission("java.vendor.url",
 590                     SecurityConstants.PROPERTY_READ_ACTION));
 591                 pe.add(new PropertyPermission("java.class.version",
 592                     SecurityConstants.PROPERTY_READ_ACTION));
 593                 pe.add(new PropertyPermission("os.name",
 594                     SecurityConstants.PROPERTY_READ_ACTION));
 595                 pe.add(new PropertyPermission("os.version",
 596                     SecurityConstants.PROPERTY_READ_ACTION));
 597                 pe.add(new PropertyPermission("os.arch",
 598                     SecurityConstants.PROPERTY_READ_ACTION));
 599                 pe.add(new PropertyPermission("file.separator",
 600                     SecurityConstants.PROPERTY_READ_ACTION));
 601                 pe.add(new PropertyPermission("path.separator",
 602                     SecurityConstants.PROPERTY_READ_ACTION));
 603                 pe.add(new PropertyPermission("line.separator",
 604                     SecurityConstants.PROPERTY_READ_ACTION));
 605                 pe.add(new PropertyPermission
 606                                 ("java.specification.version",
 607                                     SecurityConstants.PROPERTY_READ_ACTION));
 608                 pe.add(new PropertyPermission
 609                                 ("java.specification.vendor",
 610                                     SecurityConstants.PROPERTY_READ_ACTION));
 611                 pe.add(new PropertyPermission
 612                                 ("java.specification.name",
 613                                     SecurityConstants.PROPERTY_READ_ACTION));
 614                 pe.add(new PropertyPermission
 615                                 ("java.vm.specification.version",
 616                                     SecurityConstants.PROPERTY_READ_ACTION));
 617                 pe.add(new PropertyPermission
 618                                 ("java.vm.specification.vendor",
 619                                     SecurityConstants.PROPERTY_READ_ACTION));
 620                 pe.add(new PropertyPermission
 621                                 ("java.vm.specification.name",
 622                                     SecurityConstants.PROPERTY_READ_ACTION));
 623                 pe.add(new PropertyPermission("java.vm.version",
 624                     SecurityConstants.PROPERTY_READ_ACTION));
 625                 pe.add(new PropertyPermission("java.vm.vendor",
 626                     SecurityConstants.PROPERTY_READ_ACTION));
 627                 pe.add(new PropertyPermission("java.vm.name",
 628                     SecurityConstants.PROPERTY_READ_ACTION));
 629 
 630                 // No need to sync because noone has access to newInfo yet
 631                 newInfo.policyEntries.add(pe);
 632 
 633                 return null;
 634             }
 635         });
 636     }
 637 
 638     /**
 639      * Given a GrantEntry, create a codeSource.
 640      *
 641      * @return null if signedBy alias is not recognized
 642      */
 643     private CodeSource getCodeSource(PolicyParser.GrantEntry ge, KeyStore keyStore,
 644         PolicyInfo newInfo) throws java.net.MalformedURLException
 645     {
 646         Certificate[] certs = null;
 647         if (ge.signedBy != null) {
 648             certs = getCertificates(keyStore, ge.signedBy, newInfo);
 649             if (certs == null) {
 650                 // we don't have a key for this alias,
 651                 // just return
 652                 if (debug != null) {
 653                     debug.println("  -- No certs for alias '" +
 654                                        ge.signedBy + "' - ignoring entry");
 655                 }
 656                 return null;
 657             }
 658         }
 659 
 660         URL location;
 661 
 662         if (ge.codeBase != null)
 663             location = new URL(ge.codeBase);
 664         else
 665             location = null;
 666 
 667         return (canonicalizeCodebase(new CodeSource(location, certs),false));
 668     }
 669 
 670     /**
 671      * Add one policy entry to the list.
 672      */
 673     private void addGrantEntry(PolicyParser.GrantEntry ge,
 674                                KeyStore keyStore, PolicyInfo newInfo) {
 675 
 676         if (debug != null) {
 677             debug.println("Adding policy entry: ");
 678             debug.println("  signedBy " + ge.signedBy);
 679             debug.println("  codeBase " + ge.codeBase);
 680             if (ge.principals != null) {
 681                 for (PolicyParser.PrincipalEntry pppe : ge.principals) {
 682                     debug.println("  " + pppe.toString());
 683                 }
 684             }
 685         }
 686 
 687         try {
 688             CodeSource codesource = getCodeSource(ge, keyStore, newInfo);
 689             // skip if signedBy alias was unknown...
 690             if (codesource == null) return;
 691 
 692             // perform keystore alias principal replacement.
 693             // for example, if alias resolves to X509 certificate,
 694             // replace principal with:  <X500Principal class>  <SubjectDN>
 695             // -- skip if alias is unknown
 696             if (replacePrincipals(ge.principals, keyStore) == false)
 697                 return;
 698             PolicyEntry entry = new PolicyEntry(codesource, ge.principals);
 699             Enumeration<PolicyParser.PermissionEntry> enum_ =
 700                                                 ge.permissionElements();
 701             while (enum_.hasMoreElements()) {
 702                 PolicyParser.PermissionEntry pe = enum_.nextElement();
 703 
 704                 try {
 705                     // perform ${{ ... }} expansions within permission name
 706                     expandPermissionName(pe, keyStore);
 707 
 708                     // XXX special case PrivateCredentialPermission-SELF
 709                     Permission perm;
 710                     if (pe.permission.equals
 711                         ("javax.security.auth.PrivateCredentialPermission") &&
 712                         pe.name.endsWith(" self")) {
 713                         pe.name = pe.name.substring(0, pe.name.indexOf("self"))
 714                                 + SELF;
 715                     }
 716                     // check for self
 717                     if (pe.name != null && pe.name.indexOf(SELF) != -1) {
 718                         // Create a "SelfPermission" , it could be an
 719                         // an unresolved permission which will be resolved
 720                         // when implies is called
 721                         // Add it to entry
 722                         Certificate[] certs;
 723                         if (pe.signedBy != null) {
 724                             certs = getCertificates(keyStore,
 725                                                     pe.signedBy,
 726                                                     newInfo);
 727                         } else {
 728                             certs = null;
 729                         }
 730                         perm = new SelfPermission(pe.permission,
 731                                                   pe.name,
 732                                                   pe.action,
 733                                                   certs);
 734                     } else {
 735                         perm = getInstance(pe.permission,
 736                                            pe.name,
 737                                            pe.action);
 738                     }
 739                     entry.add(perm);
 740                     if (debug != null) {
 741                         debug.println("  "+perm);
 742                     }
 743                 } catch (ClassNotFoundException cnfe) {
 744                     Certificate[] certs;
 745                     if (pe.signedBy != null) {
 746                         certs = getCertificates(keyStore,
 747                                                 pe.signedBy,
 748                                                 newInfo);
 749                     } else {
 750                         certs = null;
 751                     }
 752 
 753                     // only add if we had no signer or we had
 754                     // a signer and found the keys for it.
 755                     if (certs != null || pe.signedBy == null) {
 756                         Permission perm = new UnresolvedPermission(
 757                                                   pe.permission,
 758                                                   pe.name,
 759                                                   pe.action,
 760                                                   certs);
 761                         entry.add(perm);
 762                         if (debug != null) {
 763                             debug.println("  "+perm);
 764                         }
 765                     }
 766                 } catch (java.lang.reflect.InvocationTargetException ite) {
 767                     Object[] source = {pe.permission,
 768                                        ite.getTargetException().toString()};
 769                     System.err.println(
 770                         LocalizedMessage.getNonlocalized(
 771                             POLICY + ".error.adding.Permission.perm.message",
 772                             source));
 773                 } catch (Exception e) {
 774                     Object[] source = {pe.permission,
 775                                        e.toString()};
 776                     System.err.println(
 777                         LocalizedMessage.getNonlocalized(
 778                             POLICY + ".error.adding.Permission.perm.message",
 779                             source));
 780                 }
 781             }
 782 
 783             // No need to sync because noone has access to newInfo yet
 784             newInfo.policyEntries.add(entry);
 785         } catch (Exception e) {
 786             Object[] source = {e.toString()};
 787             System.err.println(
 788                 LocalizedMessage.getNonlocalized(
 789                     POLICY + ".error.adding.Entry.message",
 790                     source));
 791         }
 792         if (debug != null)
 793             debug.println();
 794     }
 795 
 796     /**
 797      * Returns a new Permission object of the given Type. The Permission is
 798      * created by getting the
 799      * Class object using the <code>Class.forName</code> method, and using
 800      * the reflection API to invoke the (String name, String actions)
 801      * constructor on the
 802      * object.
 803      *
 804      * @param type the type of Permission being created.
 805      * @param name the name of the Permission being created.
 806      * @param actions the actions of the Permission being created.
 807      *
 808      * @exception  ClassNotFoundException  if the particular Permission
 809      *             class could not be found.
 810      *
 811      * @exception  IllegalAccessException  if the class or initializer is
 812      *               not accessible.
 813      *
 814      * @exception  InstantiationException  if getInstance tries to
 815      *               instantiate an abstract class or an interface, or if the
 816      *               instantiation fails for some other reason.
 817      *
 818      * @exception  NoSuchMethodException if the (String, String) constructor
 819      *               is not found.
 820      *
 821      * @exception  InvocationTargetException if the underlying Permission
 822      *               constructor throws an exception.
 823      *
 824      */
 825 
 826     private static final Permission getInstance(String type,
 827                                     String name,
 828                                     String actions)
 829         throws ClassNotFoundException,
 830                InstantiationException,
 831                IllegalAccessException,
 832                NoSuchMethodException,
 833                InvocationTargetException
 834     {
 835         Class<?> pc = Class.forName(type, false, null);
 836         Permission answer = getKnownPermission(pc, name, actions);
 837         if (answer != null) {
 838             return answer;
 839         }
 840         if (!Permission.class.isAssignableFrom(pc)) {
 841             // not the right subtype
 842             throw new ClassCastException(type + " is not a Permission");
 843         }
 844 
 845         if (name == null && actions == null) {
 846             try {
 847                 Constructor<?> c = pc.getConstructor(PARAMS0);
 848                 return (Permission) c.newInstance(new Object[] {});
 849             } catch (NoSuchMethodException ne) {
 850                 try {
 851                     Constructor<?> c = pc.getConstructor(PARAMS1);
 852                     return (Permission) c.newInstance(
 853                               new Object[] { name});
 854                 } catch (NoSuchMethodException ne1 ) {
 855                     Constructor<?> c = pc.getConstructor(PARAMS2);
 856                     return (Permission) c.newInstance(
 857                         new Object[] { name, actions });
 858                 }
 859             }
 860         } else {
 861             if (name != null && actions == null) {
 862                 try {
 863                     Constructor<?> c = pc.getConstructor(PARAMS1);
 864                     return (Permission) c.newInstance(new Object[] { name});
 865                 } catch (NoSuchMethodException ne) {
 866                     Constructor<?> c = pc.getConstructor(PARAMS2);
 867                     return (Permission) c.newInstance(
 868                           new Object[] { name, actions });
 869                 }
 870             } else {
 871                 Constructor<?> c = pc.getConstructor(PARAMS2);
 872                 return (Permission) c.newInstance(
 873                       new Object[] { name, actions });
 874              }
 875         }
 876     }
 877 
 878     /**
 879      * Creates one of the well-known permissions in the java.base module
 880      * directly instead of via reflection. Keep list short to not penalize
 881      * permissions from other modules.
 882      */
 883     private static Permission getKnownPermission(Class<?> claz, String name,
 884                                                  String actions) {
 885         if (claz.equals(FilePermission.class)) {
 886             return new FilePermission(name, actions);
 887         } else if (claz.equals(SocketPermission.class)) {
 888             return new SocketPermission(name, actions);
 889         } else if (claz.equals(RuntimePermission.class)) {
 890             return new RuntimePermission(name, actions);
 891         } else if (claz.equals(PropertyPermission.class)) {
 892             return new PropertyPermission(name, actions);
 893         } else if (claz.equals(NetPermission.class)) {
 894             return new NetPermission(name, actions);
 895         } else if (claz.equals(AllPermission.class)) {
 896             return SecurityConstants.ALL_PERMISSION;
 897         } else if (claz.equals(SecurityPermission.class)) {
 898             return new SecurityPermission(name, actions);
 899         } else {
 900             return null;
 901         }
 902     }
 903 
 904     /**
 905      * Creates one of the well-known principals in the java.base module
 906      * directly instead of via reflection. Keep list short to not penalize
 907      * principals from other modules.
 908      */
 909     private static Principal getKnownPrincipal(Class<?> claz, String name) {
 910         if (claz.equals(X500Principal.class)) {
 911             return new X500Principal(name);
 912         } else {
 913             return null;
 914         }
 915     }
 916 
 917     /**
 918      * Fetch all certs associated with this alias.
 919      */
 920     private Certificate[] getCertificates
 921                 (KeyStore keyStore, String aliases, PolicyInfo newInfo) {
 922 
 923         List<Certificate> vcerts = null;
 924 
 925         StringTokenizer st = new StringTokenizer(aliases, ",");
 926         int n = 0;
 927 
 928         while (st.hasMoreTokens()) {
 929             String alias = st.nextToken().trim();
 930             n++;
 931             Certificate cert = null;
 932             // See if this alias's cert has already been cached
 933             synchronized (newInfo.aliasMapping) {
 934                 cert = (Certificate)newInfo.aliasMapping.get(alias);
 935 
 936                 if (cert == null && keyStore != null) {
 937 
 938                     try {
 939                         cert = keyStore.getCertificate(alias);
 940                     } catch (KeyStoreException kse) {
 941                         // never happens, because keystore has already been loaded
 942                         // when we call this
 943                     }
 944                     if (cert != null) {
 945                         newInfo.aliasMapping.put(alias, cert);
 946                         newInfo.aliasMapping.put(cert, alias);
 947                     }
 948                 }
 949             }
 950 
 951             if (cert != null) {
 952                 if (vcerts == null)
 953                     vcerts = new ArrayList<>();
 954                 vcerts.add(cert);
 955             }
 956         }
 957 
 958         // make sure n == vcerts.size, since we are doing a logical *and*
 959         if (vcerts != null && n == vcerts.size()) {
 960             Certificate[] certs = new Certificate[vcerts.size()];
 961             vcerts.toArray(certs);
 962             return certs;
 963         } else {
 964             return null;
 965         }
 966     }
 967 
 968     /**
 969      * Refreshes the policy object by re-reading all the policy files.
 970      */
 971     @Override public void refresh() {
 972         init(url);
 973     }
 974 
 975     /**
 976      * Evaluates the global policy for the permissions granted to
 977      * the ProtectionDomain and tests whether the permission is
 978      * granted.
 979      *
 980      * @param pd the ProtectionDomain to test
 981      * @param p the Permission object to be tested for implication.
 982      *
 983      * @return true if "permission" is a proper subset of a permission
 984      * granted to this ProtectionDomain.
 985      *
 986      * @see java.security.ProtectionDomain
 987      */
 988     @Override
 989     public boolean implies(ProtectionDomain pd, Permission p) {
 990         ProtectionDomainCache pdMap = policyInfo.getPdMapping();
 991         PermissionCollection pc = pdMap.get(pd);
 992 
 993         if (pc != null) {
 994             return pc.implies(p);
 995         }
 996 
 997         pc = getPermissions(pd);
 998         if (pc == null) {
 999             return false;
1000         }
1001 
1002         // cache mapping of protection domain to its PermissionCollection
1003         pdMap.put(pd, pc);
1004         return pc.implies(p);
1005     }
1006 
1007     /**
1008      * Examines this <code>Policy</code> and returns the permissions granted
1009      * to the specified <code>ProtectionDomain</code>.  This includes
1010      * the permissions currently associated with the domain as well
1011      * as the policy permissions granted to the domain's
1012      * CodeSource, ClassLoader, and Principals.
1013      *
1014      * <p> Note that this <code>Policy</code> implementation has
1015      * special handling for PrivateCredentialPermissions.
1016      * When this method encounters a <code>PrivateCredentialPermission</code>
1017      * which specifies "self" as the <code>Principal</code> class and name,
1018      * it does not add that <code>Permission</code> to the returned
1019      * <code>PermissionCollection</code>.  Instead, it builds
1020      * a new <code>PrivateCredentialPermission</code>
1021      * for each <code>Principal</code> associated with the provided
1022      * <code>Subject</code>.  Each new <code>PrivateCredentialPermission</code>
1023      * contains the same Credential class as specified in the
1024      * originally granted permission, as well as the Class and name
1025      * for the respective <code>Principal</code>.
1026      *
1027      * @param domain the Permissions granted to this
1028      *          <code>ProtectionDomain</code> are returned.
1029      *
1030      * @return the Permissions granted to the provided
1031      *          <code>ProtectionDomain</code>.
1032      */
1033     @Override
1034     public PermissionCollection getPermissions(ProtectionDomain domain) {
1035         Permissions perms = new Permissions();
1036 
1037         if (domain == null)
1038            return perms;
1039 
1040         // first get policy perms
1041         getPermissions(perms, domain);
1042 
1043         // add static perms
1044         //      - adding static perms after policy perms is necessary
1045         //        to avoid a regression for 4301064
1046         PermissionCollection pc = domain.getPermissions();
1047         if (pc != null) {
1048             synchronized (pc) {
1049                 Enumeration<Permission> e = pc.elements();
1050                 while (e.hasMoreElements()) {
1051                     perms.add(FilePermCompat.newPermPlusAltPath(e.nextElement()));
1052                 }
1053             }
1054         }
1055 
1056         return perms;
1057     }
1058 
1059     /**
1060      * Examines this Policy and creates a PermissionCollection object with
1061      * the set of permissions for the specified CodeSource.
1062      *
1063      * @param codesource the CodeSource associated with the caller.
1064      * This encapsulates the original location of the code (where the code
1065      * came from) and the public key(s) of its signer.
1066      *
1067      * @return the set of permissions according to the policy.
1068      */
1069     @Override
1070     public PermissionCollection getPermissions(CodeSource codesource) {
1071         return getPermissions(new Permissions(), codesource);
1072     }
1073 
1074     /**
1075      * Examines the global policy and returns the provided Permissions
1076      * object with additional permissions granted to the specified
1077      * ProtectionDomain.
1078      *
1079      * @param perms the Permissions to populate
1080      * @param pd the ProtectionDomain associated with the caller.
1081      *
1082      * @return the set of Permissions according to the policy.
1083      */
1084     private PermissionCollection getPermissions(Permissions perms,
1085                                         ProtectionDomain pd ) {
1086         if (debug != null) {
1087             debug.println("getPermissions:\n\t" + printPD(pd));
1088         }
1089 
1090         final CodeSource cs = pd.getCodeSource();
1091         if (cs == null)
1092             return perms;
1093 
1094         CodeSource canonCodeSource = AccessController.doPrivileged(
1095             new java.security.PrivilegedAction<>(){
1096                 @Override
1097                 public CodeSource run() {
1098                     return canonicalizeCodebase(cs, true);
1099                 }
1100             });
1101         return getPermissions(perms, canonCodeSource, pd.getPrincipals());
1102     }
1103 
1104     /**
1105      * Examines the global policy and returns the provided Permissions
1106      * object with additional permissions granted to the specified
1107      * CodeSource.
1108      *
1109      * @param perms the permissions to populate
1110      * @param cs the codesource associated with the caller.
1111      * This encapsulates the original location of the code (where the code
1112      * came from) and the public key(s) of its signer.
1113      *
1114      * @return the set of permissions according to the policy.
1115      */
1116     private PermissionCollection getPermissions(Permissions perms,
1117                                                 final CodeSource cs) {
1118 
1119         if (cs == null)
1120             return perms;
1121 
1122         CodeSource canonCodeSource = AccessController.doPrivileged(
1123             new PrivilegedAction<>(){
1124                 @Override
1125                 public CodeSource run() {
1126                     return canonicalizeCodebase(cs, true);
1127                 }
1128             });
1129 
1130         return getPermissions(perms, canonCodeSource, null);
1131     }
1132 
1133     private Permissions getPermissions(Permissions perms,
1134                                        final CodeSource cs,
1135                                        Principal[] principals) {
1136         for (PolicyEntry entry : policyInfo.policyEntries) {
1137             addPermissions(perms, cs, principals, entry);
1138         }
1139 
1140         return perms;
1141     }
1142 
1143     private void addPermissions(Permissions perms,
1144         final CodeSource cs,
1145         Principal[] principals,
1146         final PolicyEntry entry) {
1147 
1148         if (debug != null) {
1149             debug.println("evaluate codesources:\n" +
1150                 "\tPolicy CodeSource: " + entry.getCodeSource() + "\n" +
1151                 "\tActive CodeSource: " + cs);
1152         }
1153 
1154         // check to see if the CodeSource implies
1155         Boolean imp = AccessController.doPrivileged
1156             (new PrivilegedAction<>() {
1157             @Override
1158             public Boolean run() {
1159                 return entry.getCodeSource().implies(cs);
1160             }
1161         });
1162         if (!imp.booleanValue()) {
1163             if (debug != null) {
1164                 debug.println("evaluation (codesource) failed");
1165             }
1166 
1167             // CodeSource does not imply - return and try next policy entry
1168             return;
1169         }
1170 
1171         // check to see if the Principals imply
1172 
1173         List<PolicyParser.PrincipalEntry> entryPs = entry.getPrincipals();
1174         if (debug != null) {
1175             List<PolicyParser.PrincipalEntry> accPs = new ArrayList<>();
1176             if (principals != null) {
1177                 for (int i = 0; i < principals.length; i++) {
1178                     accPs.add(new PolicyParser.PrincipalEntry
1179                                         (principals[i].getClass().getName(),
1180                                         principals[i].getName()));
1181                 }
1182             }
1183             debug.println("evaluate principals:\n" +
1184                 "\tPolicy Principals: " + entryPs + "\n" +
1185                 "\tActive Principals: " + accPs);
1186         }
1187 
1188         if (entryPs == null || entryPs.isEmpty()) {
1189 
1190             // policy entry has no principals -
1191             // add perms regardless of principals in current ACC
1192 
1193             addPerms(perms, principals, entry);
1194             if (debug != null) {
1195                 debug.println("evaluation (codesource/principals) passed");
1196             }
1197             return;
1198 
1199         } else if (principals == null || principals.length == 0) {
1200 
1201             // current thread has no principals but this policy entry
1202             // has principals - perms are not added
1203 
1204             if (debug != null) {
1205                 debug.println("evaluation (principals) failed");
1206             }
1207             return;
1208         }
1209 
1210         // current thread has principals and this policy entry
1211         // has principals.  see if policy entry principals match
1212         // principals in current ACC
1213 
1214         for (PolicyParser.PrincipalEntry pppe : entryPs) {
1215 
1216             // Check for wildcards
1217             if (pppe.isWildcardClass()) {
1218                 // a wildcard class matches all principals in current ACC
1219                 continue;
1220             }
1221 
1222             if (pppe.isWildcardName()) {
1223                 // a wildcard name matches any principal with the same class
1224                 if (wildcardPrincipalNameImplies(pppe.principalClass,
1225                                                  principals)) {
1226                     continue;
1227                 }
1228                 if (debug != null) {
1229                     debug.println("evaluation (principal name wildcard) failed");
1230                 }
1231                 // policy entry principal not in current ACC -
1232                 // immediately return and go to next policy entry
1233                 return;
1234             }
1235 
1236             Set<Principal> pSet = new HashSet<>(Arrays.asList(principals));
1237             Subject subject = new Subject(true, pSet,
1238                                           Collections.EMPTY_SET,
1239                                           Collections.EMPTY_SET);
1240             try {
1241                 ClassLoader cl = Thread.currentThread().getContextClassLoader();
1242                 Class<?> pClass = Class.forName(pppe.principalClass, false, cl);
1243                 Principal p = getKnownPrincipal(pClass, pppe.principalName);
1244                 if (p == null) {
1245                     if (!Principal.class.isAssignableFrom(pClass)) {
1246                         // not the right subtype
1247                         throw new ClassCastException(pppe.principalClass +
1248                                                      " is not a Principal");
1249                     }
1250 
1251                     Constructor<?> c = pClass.getConstructor(PARAMS1);
1252                     p = (Principal)c.newInstance(new Object[] {
1253                                                  pppe.principalName });
1254 
1255                 }
1256 
1257                 if (debug != null) {
1258                     debug.println("found Principal " + p.getClass().getName());
1259                 }
1260 
1261                 // check if the Principal implies the current
1262                 // thread's principals
1263                 if (!p.implies(subject)) {
1264                     if (debug != null) {
1265                         debug.println("evaluation (principal implies) failed");
1266                     }
1267 
1268                     // policy principal does not imply the current Subject -
1269                     // immediately return and go to next policy entry
1270                     return;
1271                 }
1272             } catch (Exception e) {
1273                 // fall back to default principal comparison.
1274                 // see if policy entry principal is in current ACC
1275 
1276                 if (debug != null) {
1277                     e.printStackTrace();
1278                 }
1279 
1280                 if (!pppe.implies(subject)) {
1281                     if (debug != null) {
1282                         debug.println("evaluation (default principal implies) failed");
1283                     }
1284 
1285                     // policy entry principal not in current ACC -
1286                     // immediately return and go to next policy entry
1287                     return;
1288                 }
1289             }
1290 
1291             // either the principal information matched,
1292             // or the Principal.implies succeeded.
1293             // continue loop and test the next policy principal
1294         }
1295 
1296         // all policy entry principals were found in the current ACC -
1297         // grant the policy permissions
1298 
1299         if (debug != null) {
1300             debug.println("evaluation (codesource/principals) passed");
1301         }
1302         addPerms(perms, principals, entry);
1303     }
1304 
1305     /**
1306      * Returns true if the array of principals contains at least one
1307      * principal of the specified class.
1308      */
1309     private static boolean wildcardPrincipalNameImplies(String principalClass,
1310                                                         Principal[] principals)
1311     {
1312         for (Principal p : principals) {
1313             if (principalClass.equals(p.getClass().getName())) {
1314                 return true;
1315             }
1316         }
1317         return false;
1318     }
1319 
1320     private void addPerms(Permissions perms,
1321                         Principal[] accPs,
1322                         PolicyEntry entry) {
1323         for (int i = 0; i < entry.permissions.size(); i++) {
1324             Permission p = entry.permissions.get(i);
1325             if (debug != null) {
1326                 debug.println("  granting " + p);
1327             }
1328 
1329             if (p instanceof SelfPermission) {
1330                 // handle "SELF" permissions
1331                 expandSelf((SelfPermission)p,
1332                         entry.getPrincipals(),
1333                         accPs,
1334                         perms);
1335             } else {
1336                 perms.add(FilePermCompat.newPermPlusAltPath(p));
1337             }
1338         }
1339     }
1340 
1341     /**
1342      * @param sp the SelfPermission that needs to be expanded.
1343      *
1344      * @param entryPs list of principals for the Policy entry.
1345      *
1346      * @param pdp Principal array from the current ProtectionDomain.
1347      *
1348      * @param perms the PermissionCollection where the individual
1349      *                  Permissions will be added after expansion.
1350      */
1351 
1352     private void expandSelf(SelfPermission sp,
1353                             List<PolicyParser.PrincipalEntry> entryPs,
1354                             Principal[] pdp,
1355                             Permissions perms) {
1356 
1357         if (entryPs == null || entryPs.isEmpty()) {
1358             // No principals in the grant to substitute
1359             if (debug != null) {
1360                 debug.println("Ignoring permission "
1361                                 + sp.getSelfType()
1362                                 + " with target name ("
1363                                 + sp.getSelfName() + ").  "
1364                                 + "No Principal(s) specified "
1365                                 + "in the grant clause.  "
1366                                 + "SELF-based target names are "
1367                                 + "only valid in the context "
1368                                 + "of a Principal-based grant entry."
1369                              );
1370             }
1371             return;
1372         }
1373         int startIndex = 0;
1374         int v;
1375         StringBuilder sb = new StringBuilder();
1376         while ((v = sp.getSelfName().indexOf(SELF, startIndex)) != -1) {
1377 
1378             // add non-SELF string
1379             sb.append(sp.getSelfName().substring(startIndex, v));
1380 
1381             // expand SELF
1382             Iterator<PolicyParser.PrincipalEntry> pli = entryPs.iterator();
1383             while (pli.hasNext()) {
1384                 PolicyParser.PrincipalEntry pppe = pli.next();
1385                 String[][] principalInfo = getPrincipalInfo(pppe,pdp);
1386                 for (int i = 0; i < principalInfo.length; i++) {
1387                     if (i != 0) {
1388                         sb.append(", ");
1389                     }
1390                     sb.append(principalInfo[i][0] + " " +
1391                         "\"" + principalInfo[i][1] + "\"");
1392                 }
1393                 if (pli.hasNext()) {
1394                     sb.append(", ");
1395                 }
1396             }
1397             startIndex = v + SELF.length();
1398         }
1399         // add remaining string (might be the entire string)
1400         sb.append(sp.getSelfName().substring(startIndex));
1401 
1402         if (debug != null) {
1403             debug.println("  expanded:\n\t" + sp.getSelfName()
1404                         + "\n  into:\n\t" + sb.toString());
1405         }
1406         try {
1407             // first try to instantiate the permission
1408             perms.add(FilePermCompat.newPermPlusAltPath(getInstance(sp.getSelfType(),
1409                                   sb.toString(),
1410                                   sp.getSelfActions())));
1411         } catch (ClassNotFoundException cnfe) {
1412             // ok, the permission is not in the bootclasspath.
1413             // before we add an UnresolvedPermission, check to see
1414             // whether this perm already belongs to the collection.
1415             // if so, use that perm's ClassLoader to create a new
1416             // one.
1417             Class<?> pc = null;
1418             synchronized (perms) {
1419                 Enumeration<Permission> e = perms.elements();
1420                 while (e.hasMoreElements()) {
1421                     Permission pElement = e.nextElement();
1422                     if (pElement.getClass().getName().equals(sp.getSelfType())) {
1423                         pc = pElement.getClass();
1424                         break;
1425                     }
1426                 }
1427             }
1428             if (pc == null) {
1429                 // create an UnresolvedPermission
1430                 perms.add(new UnresolvedPermission(sp.getSelfType(),
1431                                                         sb.toString(),
1432                                                         sp.getSelfActions(),
1433                                                         sp.getCerts()));
1434             } else {
1435                 try {
1436                     // we found an instantiated permission.
1437                     // use its class loader to instantiate a new permission.
1438                     Constructor<?> c;
1439                     // name parameter can not be null
1440                     if (sp.getSelfActions() == null) {
1441                         try {
1442                             c = pc.getConstructor(PARAMS1);
1443                             perms.add((Permission)c.newInstance
1444                                  (new Object[] {sb.toString()}));
1445                         } catch (NoSuchMethodException ne) {
1446                             c = pc.getConstructor(PARAMS2);
1447                             perms.add((Permission)c.newInstance
1448                                  (new Object[] {sb.toString(),
1449                                                 sp.getSelfActions() }));
1450                         }
1451                     } else {
1452                         c = pc.getConstructor(PARAMS2);
1453                         perms.add((Permission)c.newInstance
1454                            (new Object[] {sb.toString(),
1455                                           sp.getSelfActions()}));
1456                     }
1457                 } catch (Exception nme) {
1458                     if (debug != null) {
1459                         debug.println("self entry expansion " +
1460                         " instantiation failed: "
1461                         +  nme.toString());
1462                     }
1463                 }
1464             }
1465         } catch (Exception e) {
1466             if (debug != null) {
1467                 debug.println(e.toString());
1468             }
1469         }
1470     }
1471 
1472     /**
1473      * return the principal class/name pair in the 2D array.
1474      * array[x][y]:     x corresponds to the array length.
1475      *                  if (y == 0), it's the principal class.
1476      *                  if (y == 1), it's the principal name.
1477      */
1478     private String[][] getPrincipalInfo
1479         (PolicyParser.PrincipalEntry pe, Principal[] pdp) {
1480 
1481         // there are 3 possibilities:
1482         // 1) the entry's Principal class and name are not wildcarded
1483         // 2) the entry's Principal name is wildcarded only
1484         // 3) the entry's Principal class and name are wildcarded
1485 
1486         if (!pe.isWildcardClass() && !pe.isWildcardName()) {
1487 
1488             // build an info array for the principal
1489             // from the Policy entry
1490             String[][] info = new String[1][2];
1491             info[0][0] = pe.principalClass;
1492             info[0][1] = pe.principalName;
1493             return info;
1494 
1495         } else if (!pe.isWildcardClass() && pe.isWildcardName()) {
1496 
1497             // build an info array for every principal
1498             // in the current domain which has a principal class
1499             // that is equal to policy entry principal class name
1500             List<Principal> plist = new ArrayList<>();
1501             for (int i = 0; i < pdp.length; i++) {
1502                 if (pe.principalClass.equals(pdp[i].getClass().getName()))
1503                     plist.add(pdp[i]);
1504             }
1505             String[][] info = new String[plist.size()][2];
1506             int i = 0;
1507             for (Principal p : plist) {
1508                 info[i][0] = p.getClass().getName();
1509                 info[i][1] = p.getName();
1510                 i++;
1511             }
1512             return info;
1513 
1514         } else {
1515 
1516             // build an info array for every
1517             // one of the current Domain's principals
1518 
1519             String[][] info = new String[pdp.length][2];
1520 
1521             for (int i = 0; i < pdp.length; i++) {
1522                 info[i][0] = pdp[i].getClass().getName();
1523                 info[i][1] = pdp[i].getName();
1524             }
1525             return info;
1526         }
1527     }
1528 
1529     /*
1530      * Returns the signer certificates from the list of certificates
1531      * associated with the given code source.
1532      *
1533      * The signer certificates are those certificates that were used
1534      * to verify signed code originating from the codesource location.
1535      *
1536      * This method assumes that in the given code source, each signer
1537      * certificate is followed by its supporting certificate chain
1538      * (which may be empty), and that the signer certificate and its
1539      * supporting certificate chain are ordered bottom-to-top
1540      * (i.e., with the signer certificate first and the (root) certificate
1541      * authority last).
1542      */
1543     protected Certificate[] getSignerCertificates(CodeSource cs) {
1544         Certificate[] certs = null;
1545         if ((certs = cs.getCertificates()) == null)
1546             return null;
1547         for (int i=0; i<certs.length; i++) {
1548             if (!(certs[i] instanceof X509Certificate))
1549                 return cs.getCertificates();
1550         }
1551 
1552         // Do we have to do anything?
1553         int i = 0;
1554         int count = 0;
1555         while (i < certs.length) {
1556             count++;
1557             while (((i+1) < certs.length)
1558                    && ((X509Certificate)certs[i]).getIssuerDN().equals(
1559                            ((X509Certificate)certs[i+1]).getSubjectDN())) {
1560                 i++;
1561             }
1562             i++;
1563         }
1564         if (count == certs.length)
1565             // Done
1566             return certs;
1567 
1568         List<Certificate> userCertList = new ArrayList<>();
1569         i = 0;
1570         while (i < certs.length) {
1571             userCertList.add(certs[i]);
1572             while (((i+1) < certs.length)
1573                    && ((X509Certificate)certs[i]).getIssuerDN().equals(
1574                            ((X509Certificate)certs[i+1]).getSubjectDN())) {
1575                 i++;
1576             }
1577             i++;
1578         }
1579         Certificate[] userCerts = new Certificate[userCertList.size()];
1580         userCertList.toArray(userCerts);
1581         return userCerts;
1582     }
1583 
1584     private CodeSource canonicalizeCodebase(CodeSource cs,
1585                                             boolean extractSignerCerts) {
1586 
1587         String path = null;
1588 
1589         CodeSource canonCs = cs;
1590         URL u = cs.getLocation();
1591         if (u != null) {
1592             if (u.getProtocol().equals("jar")) {
1593                 // unwrap url embedded inside jar url
1594                 String spec = u.getFile();
1595                 int separator = spec.indexOf("!/");
1596                 if (separator != -1) {
1597                     try {
1598                         u = new URL(spec.substring(0, separator));
1599                     } catch (MalformedURLException e) {
1600                         // Fail silently. In this case, url stays what
1601                         // it was above
1602                     }
1603                 }
1604             }
1605             if (u.getProtocol().equals("file")) {
1606                 boolean isLocalFile = false;
1607                 String host = u.getHost();
1608                 isLocalFile = (host == null || host.equals("") ||
1609                     host.equals("~") || host.equalsIgnoreCase("localhost"));
1610 
1611                 if (isLocalFile) {
1612                     path = u.getFile().replace('/', File.separatorChar);
1613                     path = ParseUtil.decode(path);
1614                 }
1615             }
1616         }
1617 
1618         if (path != null) {
1619             try {
1620                 URL csUrl = null;
1621                 path = canonPath(path);
1622                 csUrl = ParseUtil.fileToEncodedURL(new File(path));
1623 
1624                 if (extractSignerCerts) {
1625                     canonCs = new CodeSource(csUrl,
1626                                              getSignerCertificates(cs));
1627                 } else {
1628                     canonCs = new CodeSource(csUrl,
1629                                              cs.getCertificates());
1630                 }
1631             } catch (IOException ioe) {
1632                 // leave codesource as it is, unless we have to extract its
1633                 // signer certificates
1634                 if (extractSignerCerts) {
1635                     canonCs = new CodeSource(cs.getLocation(),
1636                                              getSignerCertificates(cs));
1637                 }
1638             }
1639         } else {
1640             if (extractSignerCerts) {
1641                 canonCs = new CodeSource(cs.getLocation(),
1642                                          getSignerCertificates(cs));
1643             }
1644         }
1645         return canonCs;
1646     }
1647 
1648     // Wrapper to return a canonical path that avoids calling getCanonicalPath()
1649     // with paths that are intended to match all entries in the directory
1650     private static String canonPath(String path) throws IOException {
1651         if (path.endsWith("*")) {
1652             path = path.substring(0, path.length()-1) + "-";
1653             path = new File(path).getCanonicalPath();
1654             return path.substring(0, path.length()-1) + "*";
1655         } else {
1656             return new File(path).getCanonicalPath();
1657         }
1658     }
1659 
1660     private String printPD(ProtectionDomain pd) {
1661         Principal[] principals = pd.getPrincipals();
1662         String pals = "<no principals>";
1663         if (principals != null && principals.length > 0) {
1664             StringBuilder palBuf = new StringBuilder("(principals ");
1665             for (int i = 0; i < principals.length; i++) {
1666                 palBuf.append(principals[i].getClass().getName() +
1667                               " \"" + principals[i].getName() +
1668                               "\"");
1669                 if (i < principals.length-1)
1670                     palBuf.append(", ");
1671                 else
1672                     palBuf.append(")");
1673             }
1674             pals = palBuf.toString();
1675         }
1676         return "PD CodeSource: "
1677                 + pd.getCodeSource()
1678                 +"\n\t" + "PD ClassLoader: "
1679                 + pd.getClassLoader()
1680                 +"\n\t" + "PD Principals: "
1681                 + pals;
1682     }
1683 
1684     /**
1685      * return true if no replacement was performed,
1686      * or if replacement succeeded.
1687      */
1688     private boolean replacePrincipals(
1689         List<PolicyParser.PrincipalEntry> principals, KeyStore keystore) {
1690 
1691         if (principals == null || principals.isEmpty() || keystore == null)
1692             return true;
1693 
1694         for (PolicyParser.PrincipalEntry pppe : principals) {
1695             if (pppe.isReplaceName()) {
1696 
1697                 // perform replacement
1698                 // (only X509 replacement is possible now)
1699                 String name;
1700                 if ((name = getDN(pppe.principalName, keystore)) == null) {
1701                     return false;
1702                 }
1703 
1704                 if (debug != null) {
1705                     debug.println("  Replacing \"" +
1706                         pppe.principalName +
1707                         "\" with " +
1708                         X500PRINCIPAL + "/\"" +
1709                         name +
1710                         "\"");
1711                 }
1712 
1713                 pppe.principalClass = X500PRINCIPAL;
1714                 pppe.principalName = name;
1715             }
1716         }
1717         // return true if no replacement was performed,
1718         // or if replacement succeeded
1719         return true;
1720     }
1721 
1722     private void expandPermissionName(PolicyParser.PermissionEntry pe,
1723                                         KeyStore keystore) throws Exception {
1724         // short cut the common case
1725         if (pe.name == null || pe.name.indexOf("${{", 0) == -1) {
1726             return;
1727         }
1728 
1729         int startIndex = 0;
1730         int b, e;
1731         StringBuilder sb = new StringBuilder();
1732         while ((b = pe.name.indexOf("${{", startIndex)) != -1) {
1733             e = pe.name.indexOf("}}", b);
1734             if (e < 1) {
1735                 break;
1736             }
1737             sb.append(pe.name.substring(startIndex, b));
1738 
1739             // get the value in ${{...}}
1740             String value = pe.name.substring(b+3, e);
1741 
1742             // parse up to the first ':'
1743             int colonIndex;
1744             String prefix = value;
1745             String suffix;
1746             if ((colonIndex = value.indexOf(':')) != -1) {
1747                 prefix = value.substring(0, colonIndex);
1748             }
1749 
1750             // handle different prefix possibilities
1751             if (prefix.equalsIgnoreCase("self")) {
1752                 // do nothing - handled later
1753                 sb.append(pe.name.substring(b, e+2));
1754                 startIndex = e+2;
1755                 continue;
1756             } else if (prefix.equalsIgnoreCase("alias")) {
1757                 // get the suffix and perform keystore alias replacement
1758                 if (colonIndex == -1) {
1759                     Object[] source = {pe.name};
1760                     throw new Exception(
1761                         LocalizedMessage.getNonlocalized(
1762                             "alias.name.not.provided.pe.name.",
1763                             source));
1764                 }
1765                 suffix = value.substring(colonIndex+1);
1766                 if ((suffix = getDN(suffix, keystore)) == null) {
1767                     Object[] source = {value.substring(colonIndex+1)};
1768                     throw new Exception(
1769                         LocalizedMessage.getNonlocalized(
1770                             "unable.to.perform.substitution.on.alias.suffix",
1771                             source));
1772                 }
1773 
1774                 sb.append(X500PRINCIPAL + " \"" + suffix + "\"");
1775                 startIndex = e+2;
1776             } else {
1777                 Object[] source = {prefix};
1778                 throw new Exception(
1779                     LocalizedMessage.getNonlocalized(
1780                         "substitution.value.prefix.unsupported",
1781                         source));
1782             }
1783         }
1784 
1785         // copy the rest of the value
1786         sb.append(pe.name.substring(startIndex));
1787 
1788         // replace the name with expanded value
1789         if (debug != null) {
1790             debug.println("  Permission name expanded from:\n\t" +
1791                         pe.name + "\nto\n\t" + sb.toString());
1792         }
1793         pe.name = sb.toString();
1794     }
1795 
1796     private String getDN(String alias, KeyStore keystore) {
1797         Certificate cert = null;
1798         try {
1799             cert = keystore.getCertificate(alias);
1800         } catch (Exception e) {
1801             if (debug != null) {
1802                 debug.println("  Error retrieving certificate for '" +
1803                                 alias +
1804                                 "': " +
1805                                 e.toString());
1806             }
1807             return null;
1808         }
1809 
1810         if (cert == null || !(cert instanceof X509Certificate)) {
1811             if (debug != null) {
1812                 debug.println("  -- No certificate for '" +
1813                                 alias +
1814                                 "' - ignoring entry");
1815             }
1816             return null;
1817         } else {
1818             X509Certificate x509Cert = (X509Certificate)cert;
1819 
1820             // 4702543:  X500 names with an EmailAddress
1821             // were encoded incorrectly.  create new
1822             // X500Principal name with correct encoding
1823 
1824             X500Principal p = new X500Principal
1825                 (x509Cert.getSubjectX500Principal().toString());
1826             return p.getName();
1827         }
1828     }
1829 
1830     /**
1831      * Each entry in the policy configuration file is represented by a
1832      * PolicyEntry object.  <p>
1833      *
1834      * A PolicyEntry is a (CodeSource,Permission) pair.  The
1835      * CodeSource contains the (URL, PublicKey) that together identify
1836      * where the Java bytecodes come from and who (if anyone) signed
1837      * them.  The URL could refer to localhost.  The URL could also be
1838      * null, meaning that this policy entry is given to all comers, as
1839      * long as they match the signer field.  The signer could be null,
1840      * meaning the code is not signed. <p>
1841      *
1842      * The Permission contains the (Type, Name, Action) triplet. <p>
1843      *
1844      * For now, the Policy object retrieves the public key from the
1845      * X.509 certificate on disk that corresponds to the signedBy
1846      * alias specified in the Policy config file.  For reasons of
1847      * efficiency, the Policy object keeps a hashtable of certs already
1848      * read in.  This could be replaced by a secure internal key
1849      * store.
1850      *
1851      * <p>
1852      * For example, the entry
1853      * <pre>
1854      *          permission java.io.File "/tmp", "read,write",
1855      *          signedBy "Duke";
1856      * </pre>
1857      * is represented internally
1858      * <pre>
1859      *
1860      * FilePermission f = new FilePermission("/tmp", "read,write");
1861      * PublicKey p = publickeys.get("Duke");
1862      * URL u = InetAddress.getLocalHost();
1863      * CodeBase c = new CodeBase( p, u );
1864      * pe = new PolicyEntry(f, c);
1865      * </pre>
1866      *
1867      * @author Marianne Mueller
1868      * @author Roland Schemers
1869      * @see java.security.CodeSource
1870      * @see java.security.Policy
1871      * @see java.security.Permissions
1872      * @see java.security.ProtectionDomain
1873      */
1874     private static class PolicyEntry {
1875 
1876         private final CodeSource codesource;
1877         final List<Permission> permissions;
1878         private final List<PolicyParser.PrincipalEntry> principals;
1879 
1880         /**
1881          * Given a Permission and a CodeSource, create a policy entry.
1882          *
1883          * XXX Decide if/how to add validity fields and "purpose" fields to
1884          * XXX policy entries
1885          *
1886          * @param cs the CodeSource, which encapsulates the URL and the
1887          *        public key
1888          *        attributes from the policy config file. Validity checks
1889          *        are performed on the public key before PolicyEntry is
1890          *        called.
1891          *
1892          */
1893         PolicyEntry(CodeSource cs, List<PolicyParser.PrincipalEntry> principals)
1894         {
1895             this.codesource = cs;
1896             this.permissions = new ArrayList<Permission>();
1897             this.principals = principals; // can be null
1898         }
1899 
1900         PolicyEntry(CodeSource cs)
1901         {
1902             this(cs, null);
1903         }
1904 
1905         List<PolicyParser.PrincipalEntry> getPrincipals() {
1906             return principals; // can be null
1907         }
1908 
1909         /**
1910          * add a Permission object to this entry.
1911          * No need to sync add op because perms are added to entry only
1912          * while entry is being initialized
1913          */
1914         void add(Permission p) {
1915             permissions.add(p);
1916         }
1917 
1918         /**
1919          * Return the CodeSource for this policy entry
1920          */
1921         CodeSource getCodeSource() {
1922             return codesource;
1923         }
1924 
1925         @Override public String toString(){
1926             StringBuilder sb = new StringBuilder();
1927             sb.append(ResourcesMgr.getString("LPARAM"));
1928             sb.append(getCodeSource());
1929             sb.append("\n");
1930             for (int j = 0; j < permissions.size(); j++) {
1931                 Permission p = permissions.get(j);
1932                 sb.append(ResourcesMgr.getString("SPACE"));
1933                 sb.append(ResourcesMgr.getString("SPACE"));
1934                 sb.append(p);
1935                 sb.append(ResourcesMgr.getString("NEWLINE"));
1936             }
1937             sb.append(ResourcesMgr.getString("RPARAM"));
1938             sb.append(ResourcesMgr.getString("NEWLINE"));
1939             return sb.toString();
1940         }
1941     }
1942 
1943     private static class SelfPermission extends Permission {
1944 
1945         private static final long serialVersionUID = -8315562579967246806L;
1946 
1947         /**
1948          * The class name of the Permission class that will be
1949          * created when this self permission is expanded .
1950          *
1951          * @serial
1952          */
1953         private String type;
1954 
1955         /**
1956          * The permission name.
1957          *
1958          * @serial
1959          */
1960         private String name;
1961 
1962         /**
1963          * The actions of the permission.
1964          *
1965          * @serial
1966          */
1967         private String actions;
1968 
1969         /**
1970          * The certs of the permission.
1971          *
1972          * @serial
1973          */
1974         private Certificate[] certs;
1975 
1976         /**
1977          * Creates a new SelfPermission containing the permission
1978          * information needed later to expand the self
1979          * @param type the class name of the Permission class that will be
1980          * created when this permission is expanded and if necessary resolved.
1981          * @param name the name of the permission.
1982          * @param actions the actions of the permission.
1983          * @param certs the certificates the permission's class was signed with.
1984          * This is a list of certificate chains, where each chain is composed of
1985          * a signer certificate and optionally its supporting certificate chain.
1986          * Each chain is ordered bottom-to-top (i.e., with the signer
1987          * certificate first and the (root) certificate authority last).
1988          */
1989         public SelfPermission(String type, String name, String actions,
1990                               Certificate[] certs)
1991         {
1992             super(type);
1993             if (type == null) {
1994                 throw new NullPointerException
1995                     (LocalizedMessage.getNonlocalized("type.can.t.be.null"));
1996             }
1997             this.type = type;
1998             this.name = name;
1999             this.actions = actions;
2000             if (certs != null) {
2001                 // Extract the signer certs from the list of certificates.
2002                 for (int i=0; i<certs.length; i++) {
2003                     if (!(certs[i] instanceof X509Certificate)) {
2004                         // there is no concept of signer certs, so we store the
2005                         // entire cert array
2006                         this.certs = certs.clone();
2007                         break;
2008                     }
2009                 }
2010 
2011                 if (this.certs == null) {
2012                     // Go through the list of certs and see if all the certs are
2013                     // signer certs.
2014                     int i = 0;
2015                     int count = 0;
2016                     while (i < certs.length) {
2017                         count++;
2018                         while (((i+1) < certs.length) &&
2019                             ((X509Certificate)certs[i]).getIssuerDN().equals(
2020                             ((X509Certificate)certs[i+1]).getSubjectDN())) {
2021                             i++;
2022                         }
2023                         i++;
2024                     }
2025                     if (count == certs.length) {
2026                         // All the certs are signer certs, so we store the
2027                         // entire array
2028                         this.certs = certs.clone();
2029                     }
2030 
2031                     if (this.certs == null) {
2032                         // extract the signer certs
2033                         List<Certificate> signerCerts = new ArrayList<>();
2034                         i = 0;
2035                         while (i < certs.length) {
2036                             signerCerts.add(certs[i]);
2037                             while (((i+1) < certs.length) &&
2038                                 ((X509Certificate)certs[i]).getIssuerDN().equals(
2039                                 ((X509Certificate)certs[i+1]).getSubjectDN())) {
2040                                 i++;
2041                             }
2042                             i++;
2043                         }
2044                         this.certs = new Certificate[signerCerts.size()];
2045                         signerCerts.toArray(this.certs);
2046                     }
2047                 }
2048             }
2049         }
2050 
2051         /**
2052          * This method always returns false for SelfPermission permissions.
2053          * That is, an SelfPermission never considered to
2054          * imply another permission.
2055          *
2056          * @param p the permission to check against.
2057          *
2058          * @return false.
2059          */
2060         @Override public boolean implies(Permission p) {
2061             return false;
2062         }
2063 
2064         /**
2065          * Checks two SelfPermission objects for equality.
2066          *
2067          * Checks that <i>obj</i> is an SelfPermission, and has
2068          * the same type (class) name, permission name, actions, and
2069          * certificates as this object.
2070          *
2071          * @param obj the object we are testing for equality with this object.
2072          *
2073          * @return true if obj is an SelfPermission, and has the same
2074          * type (class) name, permission name, actions, and
2075          * certificates as this object.
2076          */
2077         @Override public boolean equals(Object obj) {
2078             if (obj == this)
2079                 return true;
2080 
2081             if (! (obj instanceof SelfPermission))
2082                 return false;
2083             SelfPermission that = (SelfPermission) obj;
2084 
2085             if (!(this.type.equals(that.type) &&
2086                 this.name.equals(that.name) &&
2087                 this.actions.equals(that.actions)))
2088                 return false;
2089 
2090             if (this.certs.length != that.certs.length)
2091                 return false;
2092 
2093             int i,j;
2094             boolean match;
2095 
2096             for (i = 0; i < this.certs.length; i++) {
2097                 match = false;
2098                 for (j = 0; j < that.certs.length; j++) {
2099                     if (this.certs[i].equals(that.certs[j])) {
2100                         match = true;
2101                         break;
2102                     }
2103                 }
2104                 if (!match) return false;
2105             }
2106 
2107             for (i = 0; i < that.certs.length; i++) {
2108                 match = false;
2109                 for (j = 0; j < this.certs.length; j++) {
2110                     if (that.certs[i].equals(this.certs[j])) {
2111                         match = true;
2112                         break;
2113                     }
2114                 }
2115                 if (!match) return false;
2116             }
2117             return true;
2118         }
2119 
2120         /**
2121          * Returns the hash code value for this object.
2122          *
2123          * @return a hash code value for this object.
2124          */
2125         @Override public int hashCode() {
2126             int hash = type.hashCode();
2127             if (name != null)
2128                 hash ^= name.hashCode();
2129             if (actions != null)
2130                 hash ^= actions.hashCode();
2131             return hash;
2132         }
2133 
2134         /**
2135          * Returns the canonical string representation of the actions,
2136          * which currently is the empty string "", since there are no actions
2137          * for an SelfPermission. That is, the actions for the
2138          * permission that will be created when this SelfPermission
2139          * is resolved may be non-null, but an SelfPermission
2140          * itself is never considered to have any actions.
2141          *
2142          * @return the empty string "".
2143          */
2144         @Override public String getActions() {
2145             return "";
2146         }
2147 
2148         public String getSelfType() {
2149             return type;
2150         }
2151 
2152         public String getSelfName() {
2153             return name;
2154         }
2155 
2156         public String getSelfActions() {
2157             return actions;
2158         }
2159 
2160         public Certificate[] getCerts() {
2161             return certs;
2162         }
2163 
2164         /**
2165          * Returns a string describing this SelfPermission.  The convention
2166          * is to specify the class name, the permission name, and the actions,
2167          * in the following format: '(unresolved "ClassName" "name" "actions")'.
2168          *
2169          * @return information about this SelfPermission.
2170          */
2171         @Override public String toString() {
2172             return "(SelfPermission " + type + " " + name + " " + actions + ")";
2173         }
2174     }
2175 
2176     /**
2177      * holds policy information that we need to synch on
2178      */
2179     private static class PolicyInfo {
2180         private static final boolean verbose = false;
2181 
2182         // Stores grant entries in the policy
2183         final List<PolicyEntry> policyEntries;
2184 
2185         // Maps aliases to certs
2186         final Map<Object, Object> aliasMapping;
2187 
2188         // Maps ProtectionDomain to PermissionCollection
2189         private final ProtectionDomainCache[] pdMapping;
2190         private java.util.Random random;
2191 
2192         PolicyInfo(int numCaches) {
2193             policyEntries = new ArrayList<>();
2194             aliasMapping = Collections.synchronizedMap(new HashMap<>(11));
2195 
2196             pdMapping = new ProtectionDomainCache[numCaches];
2197             JavaSecurityAccess jspda
2198                 = SharedSecrets.getJavaSecurityAccess();
2199             for (int i = 0; i < numCaches; i++) {
2200                 pdMapping[i] = jspda.getProtectionDomainCache();
2201             }
2202             if (numCaches > 1) {
2203                 random = new java.util.Random();
2204             }
2205         }
2206         ProtectionDomainCache getPdMapping() {
2207             if (pdMapping.length == 1) {
2208                 return pdMapping[0];
2209             } else {
2210                 int i = java.lang.Math.abs(random.nextInt() % pdMapping.length);
2211                 return pdMapping[i];
2212             }
2213         }
2214     }
2215 }
--- EOF ---