1 /*
   2  * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
   3  * @LastModified: Oct 2017
   4  */
   5 /*
   6  * Licensed to the Apache Software Foundation (ASF) under one or more
   7  * contributor license agreements.  See the NOTICE file distributed with
   8  * this work for additional information regarding copyright ownership.
   9  * The ASF licenses this file to You under the Apache License, Version 2.0
  10  * (the "License"); you may not use this file except in compliance with
  11  * the License.  You may obtain a copy of the License at
  12  *
  13  *      http://www.apache.org/licenses/LICENSE-2.0
  14  *
  15  * Unless required by applicable law or agreed to in writing, software
  16  * distributed under the License is distributed on an "AS IS" BASIS,
  17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  18  * See the License for the specific language governing permissions and
  19  * limitations under the License.
  20  */
  21 
  22 package com.sun.org.apache.xerces.internal.utils;
  23 
  24 import java.util.function.Supplier;
  25 import jdk.xml.internal.SecuritySupport;
  26 
  27 /**
  28  * This class is duplicated for each JAXP subpackage so keep it in sync.
  29  * It is package private and therefore is not exposed as part of the JAXP
  30  * API.
  31  * <p>
  32  * This code is designed to implement the JAXP 1.1 spec pluggability
  33  * feature and is designed to run on JDK version 1.1 and
  34  * later, and to compile on JDK 1.2 and onward.
  35  * The code also runs both as part of an unbundled jar file and
  36  * when bundled as part of the JDK.
  37  * <p>
  38  *
  39  */
  40 public final class ObjectFactory {
  41 
  42     //
  43     // Constants
  44     //
  45     private static final String JAXP_INTERNAL = "com.sun.org.apache";
  46     private static final String STAX_INTERNAL = "com.sun.xml.internal";
  47 
  48     /** Set to true for debugging */
  49     private static final boolean DEBUG = isDebugEnabled();
  50 
  51 
  52     //
  53     // Private static methods
  54     //
  55 
  56     /** Returns true if debug has been enabled. */
  57     private static boolean isDebugEnabled() {
  58         try {
  59             String val = SecuritySupport.getSystemProperty("xerces.debug");
  60             // Allow simply setting the prop to turn on debug
  61             return (val != null && (!"false".equals(val)));
  62         }
  63         catch (SecurityException se) {}
  64         return false;
  65     } // isDebugEnabled()
  66 
  67     /** Prints a message to standard error if debugging is enabled. */
  68     private static void debugPrintln(Supplier<String> msgGen) {
  69         if (DEBUG) {
  70             System.err.println("XERCES: " + msgGen.get());
  71         }
  72     } // debugPrintln(String)
  73 
  74     /**
  75      * Figure out which ClassLoader to use.  For JDK 1.2 and later use
  76      * the context ClassLoader.
  77      */
  78     public static ClassLoader findClassLoader()
  79         throws ConfigurationError
  80     {
  81         if (System.getSecurityManager()!=null) {
  82             //this will ensure bootclassloader is used
  83             return null;
  84         }
  85         // Figure out which ClassLoader to use for loading the provider
  86         // class.  If there is a Context ClassLoader then use it.
  87         ClassLoader context = SecuritySupport.getContextClassLoader();
  88         ClassLoader system = SecuritySupport.getSystemClassLoader();
  89 
  90         ClassLoader chain = system;
  91         while (true) {
  92             if (context == chain) {
  93                 // Assert: we are on JDK 1.1 or we have no Context ClassLoader
  94                 // or any Context ClassLoader in chain of system classloader
  95                 // (including extension ClassLoader) so extend to widest
  96                 // ClassLoader (always look in system ClassLoader if Xerces
  97                 // is in boot/extension/system classpath and in current
  98                 // ClassLoader otherwise); normal classloaders delegate
  99                 // back to system ClassLoader first so this widening doesn't
 100                 // change the fact that context ClassLoader will be consulted
 101                 ClassLoader current = ObjectFactory.class.getClassLoader();
 102 
 103                 chain = system;
 104                 while (true) {
 105                     if (current == chain) {
 106                         // Assert: Current ClassLoader in chain of
 107                         // boot/extension/system ClassLoaders
 108                         return system;
 109                     }
 110                     if (chain == null) {
 111                         break;
 112                     }
 113                     chain = SecuritySupport.getParentClassLoader(chain);
 114                 }
 115 
 116                 // Assert: Current ClassLoader not in chain of
 117                 // boot/extension/system ClassLoaders
 118                 return current;
 119             }
 120 
 121             if (chain == null) {
 122                 // boot ClassLoader reached
 123                 break;
 124             }
 125 
 126             // Check for any extension ClassLoaders in chain up to
 127             // boot ClassLoader
 128             chain = SecuritySupport.getParentClassLoader(chain);
 129         }
 130 
 131         // Assert: Context ClassLoader not in chain of
 132         // boot/extension/system ClassLoaders
 133         return context;
 134     } // findClassLoader():ClassLoader
 135 
 136     /**
 137      * Create an instance of a class using the same classloader for the ObjectFactory by default
 138      * or bootclassloader when Security Manager is in place
 139      */
 140     public static Object newInstance(String className, boolean doFallback)
 141         throws ConfigurationError
 142     {
 143         if (System.getSecurityManager()!=null) {
 144             return newInstance(className, null, doFallback);
 145         } else {
 146             return newInstance(className,
 147                 findClassLoader (), doFallback);
 148         }
 149     }
 150 
 151     /**
 152      * Create an instance of a class using the specified ClassLoader
 153      */
 154     public static Object newInstance(String className, ClassLoader cl,
 155                                       boolean doFallback)
 156         throws ConfigurationError
 157     {
 158         // assert(className != null);
 159         try{
 160             Class<?> providerClass = findProviderClass(className, cl, doFallback);
 161             Object instance = providerClass.getConstructor().newInstance();
 162             debugPrintln(()->"created new instance of " + providerClass +
 163                              " using ClassLoader: " + cl);
 164             return instance;
 165         } catch (ClassNotFoundException x) {
 166             throw new ConfigurationError(
 167                 "Provider " + className + " not found", x);
 168         } catch (Exception x) {
 169             throw new ConfigurationError(
 170                 "Provider " + className + " could not be instantiated: " + x,
 171                 x);
 172         }
 173     }
 174 
 175     /**
 176      * Find a Class using the same classloader for the ObjectFactory by default
 177      * or bootclassloader when Security Manager is in place
 178      */
 179     public static Class<?> findProviderClass(String className, boolean doFallback)
 180         throws ClassNotFoundException, ConfigurationError
 181     {
 182         return findProviderClass (className,
 183                 findClassLoader (), doFallback);
 184     }
 185     /**
 186      * Find a Class using the specified ClassLoader
 187      */
 188     public static Class<?> findProviderClass(String className, ClassLoader cl,
 189                                       boolean doFallback)
 190         throws ClassNotFoundException, ConfigurationError
 191     {
 192         //throw security exception if the calling thread is not allowed to access the package
 193         //restrict the access to package as speicified in java.security policy
 194         SecurityManager security = System.getSecurityManager();
 195         if (security != null) {
 196             if (className.startsWith(JAXP_INTERNAL) ||
 197                     className.startsWith(STAX_INTERNAL)) {
 198                 cl = null;
 199             } else {
 200                 final int lastDot = className.lastIndexOf(".");
 201                 String packageName = className;
 202                 if (lastDot != -1) packageName = className.substring(0, lastDot);
 203                 security.checkPackageAccess(packageName);
 204             }
 205         }
 206         Class<?> providerClass;
 207         if (cl == null) {
 208             //use the bootstrap ClassLoader.
 209             providerClass = Class.forName(className, false, ObjectFactory.class.getClassLoader());
 210         } else {
 211             try {
 212                 providerClass = cl.loadClass(className);
 213             } catch (ClassNotFoundException x) {
 214                 if (doFallback) {
 215                     // Fall back to current classloader
 216                     ClassLoader current = ObjectFactory.class.getClassLoader();
 217                     if (current == null) {
 218                         providerClass = Class.forName(className);
 219                     } else if (cl != current) {
 220                         cl = current;
 221                         providerClass = cl.loadClass(className);
 222                     } else {
 223                         throw x;
 224                     }
 225                 } else {
 226                     throw x;
 227                 }
 228             }
 229         }
 230 
 231         return providerClass;
 232     }
 233 
 234 } // class ObjectFactory